Internet authentication based on personal history - a feasibility test

On the Internet, there is an uneasy tension between the security and usability of authentication mechanisms. An easy three-part classification is: 'something you know' (e.g. password); 'something you hold' (e.g. device holding digital certificate), and 'who you are' (e.g. biometric assessment) [9]. Each of these has well-known problems; passwords are written down, guessable, or forgotten; devices are lost or stolen, and biometric assays alienate users. We have investigated a novel strategy of querying the user based on their personal history (a 'Rip van Winkle' approach.) The sum of this information is large and well-known only to the individual. The volume is too large for impostors to learn; our observation is that, in the emerging environment, it is possible to collate and automatically query such information as an authentication test. We report a proof of concept study based on the automatic generation of questions from electronic 'calendar' information. While users were, surprisingly, unable to answer randomly generated questions any better than impostors, if questions are categorized according to appropriate psychological parameters then significant results can be obtained. We thus demonstrate the potential viability of this concept

Pendekatan konstruktif dalam inovasi pengajaran dan pembelajaran Bahasa Melayu di Kolej Vokasional

Pendekatan konstruktif adalah pendekatan pengajaran dan pembelajaran yang berpusatkan pelajar manakala inovasi pengajaran pula dikaitkan dengan kaedah pengajaran yang terbaru demi mengukuhkan pemahaman pelajar. Pembelajaran berasaskan pendekatan konstruktif merupakan elemen yang penting dan perlu difahami oleh guru-guru bagi memantapkan proses pengajaran dan pembelajaran sesuai dengan peredaran masa dan menjayakan proses tranformasi pendidikan negara. Objektif kajian ini dijalankan untuk mengenal pasti pemahaman guru-guru bahasa Melayu berkaitan inovasi, mengenal pasti perbezaan yang wujud antara guru lelaki dan guru perempuan dalam mengamalkan inovasi, pengkaji juga melihat adakah wujud perbezaan antara guru baru dan guru yang sudah berpengalaman dalam aspek mengaplikasikan inovasi serta mengenal pasti kekangan-kekangan yang dialami oleh para guru untuk mengaplikasikan inovasi di sekolah. Seramai 63 orang guru bahasa Melayu dari lapan buah kolej vokasional telah dipilih sebagai responden dalam kajian ini. Data dianalisis menggunakan perisian Winsteps 3.69.1.11 dengan pendekatan Model Pengukuran Rasch. Hasil analisis menunjukkan bahawa guru�guru bahasa Melayu memahami kepentingan inovasi dalam pengajaran dan pembelajaran. Hasil kajian juga menunjukkan guru-guru perempuan lebih banyak menerapkan unsur inovasi dalam pengajaran berbanding guru lelaki. Walaupun begitu, aspek pengalaman tidak menunjukkan perbezaan dari segi pengamalan inovasi sama ada guru baru ataupun guru yang sudah berpengalaman. Pengkaji juga mengenal pasti beberapa kekangan yang dialami oleh guru-guru untuk mengamalkan inovasi ini. Sebagai langkah untuk menangani masalah berkenaan, beberapa cadangan telah dikemukakan oleh pengkaji bagi memastikan guru-guru dapat merealisasikan proses pengajaran berkesan dengan penerapan inovasi mengikut model pendekatan konstruktif. Pengkaji berharap, kajian ini dapat dijadikan sebagai satu panduan kepada pelaksana kurikulum bagi memastikan budaya inovasi sentiasa menjadi amalan dalam kalangan guru demi mengangkat profesionalisme guru di Malaysia

Evaluation of SCRAN subscription to Scottish public libraries

This report commissioned by the Scottish Library and Information Council evaluates the year-long Scottish Executive-funded project to give all public libraries in Scotland access to the SCRAN service. The implementation of the project was supported by a Project Steering Group with both SLIC and SCRAN representation, and a wider steering group with membership from Heads of Service, Scottish Executive, and SCRAN and chaired by Elaine Fulton of SLIC

Simplifying resource discovery and access in academic libraries : implementing and evaluating Summon at Huddersfield and Northumbria Universities

Facilitating information discovery and maximising value for money from library materials is a key driver for academic libraries, which spend substantial sums of money on journal, database and book purchasing. Users are confused by the complexity of our collections and the multiple platforms to access them and are reluctant to spend time learning about individual resources and how to use them - comparing this unfavourably to popular and intuitive search engines like Google. As a consequence the library may be seen as too complicated and time consuming and many of our most valuable resources remain undiscovered and underused. Federated search tools were the first commercial products to address this problem. They work by using a single search box to interrogate multiple databases (including Library catalogues) and journal platforms. While going some way to address the problem, many users complained that they were still relatively slow, clunky and complicated to use compared to Google or Google Scholar. The emergence of web-scale discovery services in 2009 promised to deal with some of these problems. By harvesting and indexing metadata direct from publishers and local library collections into a single index they facilitate resource discovery and access to multiple library collections (whether in print or electronic form) via a single search box. Users no longer have to negotiate a number of separate platforms to find different types of information and because the data is held in a single unified index searching is fast and easy. In 2009 both Huddersfield and Northumbria Universities purchased Serials Solutions Summon. This case study report describes the selection, implementation and testing of Summon at both Universities drawing out common themes as well as differences; there are suggestions for those who intend to implement Summon in the future and some suggestions for future development

The future of e-commerce payments

On June 19, 2002, the Payment Cards Center of the Federal Reserve Bank of Philadelphia and the Electronic Funds Transfer Association's Electronic Commerce Payments Council (eCPC) sponsored a joint conference. This meeting was part of the regularly scheduled quarterly council meetings that bring together stakeholders interested in developing or enhancing e-commerce payment alternatives. The session included both Federal Reserve staff and industry leaders discussing how electronic payments are becoming an alternative to paper-based payment products and the adoption of electronic payments by consumers and merchants.Electronic commerce

Secure Identification in Social Wireless Networks

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future