Mobile payments: moving towards a wallet in the cloud?

This article deals with mobile payments in developed countries. Even though it only accounts for a relatively small share of the market (between 10% and 20%), mobile payment merits in-depth analysis in developed countries as there are many economic and technological issues that still need to be addressed.mobile payments, NFC

Hacking Health Care: Authentication Security in the Age of Meaningful Use

The rapid adoption of EHRs (Electronic Health Records), to store and communicate highly personal data, raises serious concerns in terms of privacy, security, and civil and criminal liability. This note will examine the current statutory framework for addressing electronic breaches in the health care context, examine the vulnerabilities of EHRs, and look to the established world of online banking for possible legislative and practical solutions to the challenge of keeping private health information private. Finally, this note will propose key amendments to the Health Insurance Portability and Accountability Act (HIPAA) regulations to enhance authentication security

Hacking Health Care: Authentication Security in the Age of Meaningful Use

The rapid adoption of EHRs (Electronic Health Records), to store and communicate highly personal data, raises serious concerns in terms of privacy, security, and civil and criminal liability. This note will examine the current statutory framework for addressing electronic breaches in the health care context, examine the vulnerabilities of EHRs, and look to the established world of online banking for possible legislative and practical solutions to the challenge of keeping private health information private. Finally, this note will propose key amendments to the Health Insurance Portability and Accountability Act (HIPAA) regulations to enhance authentication security

Security Management of Intelligent Technologies in Business Intelligence Systems

The article discusses the security methods of intelligent technologies in Business Intelligence (BI) systems. Security technologies are considered taking into account BI four-layer architecture which includes: а) transactional systems layer; b) ETL-procedures – extraction, conversions and data loading layer; c) data warehouses and data marts layer; d) OLAP-tools and user interface layer. The characteristic of the general BI systems security technologies, data storage security strategies and intellectual data mining subsystems and OLAP-tools is resulted. For data mining models and to provide them with the analyst, considered the requirements of access rights to the analyzed information, database backups creation necessity, the requirements to hide sensitive data

Design and implementation of the middle-class web-portal for cooperation with students team

he article describes the designing process, implementation and development of the middle-class computer project, accomplished by the students of University of Łódź. The project, which is called SUL, is a WWW-based portal with several set up purposes. Services for students ( news, e-mails or private web pages including secure and reliable communication between the students and Dean's offices) and centralization of information were its the main aim. The project started in 2002/2003 and since year 2004 it has been deployed at the University and proved successful

Security : always too much and never enough. Anthropology of a non-starter market

The security market, based on public Key Infrastructures (PKI) did not succeed because security remains a paradoxical market. We observed security practices and reciprocal expectations, in this study the ones generated by the design of PKI devices. Using the framework of Actor Network Theory, we describe all the mediations required for sustaining a digital security chain... often based on very material stuff. A whole vision of the world should be designed, an ontology, doomed to failure if it formats practices and users by constraint. This vision should retain a variable-geometry, while calling on guarantors that transcend it, and not merely on commercial certification authorities. Will security architecture design be able to integrate the users' demand for "adequate security", which renders security policies bearable as long as users are not aware of them?Le marché de la sécurité basé sur les Public Key Infrastructures (Infrastructure de gestion de clés) n'est pas parvenu à décoller car la sécurité reste un marché paradoxal. Nous avons observé les pratiques de sécurité et les attentes réciproques créées par la conception de ces systèmes, plus spécifiquement ceux à base de PKI pour cette étude, dans les termes de la théorie de l'acteur-réseau, en reconstituant toutes les médiations nécessaires à l'existence d'une chaîne de sécurité informatique... souvent bien matérielle. C'est une vision sécuritaire du monde qui doit être produite, une ontologie, qui échoue quand elle veut trop formater les pratiques et les utilisateurs: elle doit rester « à géométrie variable » tout en mobilisant des garants qui la dépassent et non les seules autorités de certification marchandes. La conception d'architectures de sécurité peut elle admettre cette « sécurité suffisante » qui rend sup- portable les politiques de sécurité dès lors qu'elles disparaissent de la conscience des utilisateurs

Towards a Pervasive Access Control within Video Surveillance Systems

Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2013)International audienceThis paper addresses two emerging challenges that multimedia distributed systems have to deal with: the user’s constant mobility and the information’s sensitivity. The systems have to adapt, in real time, to the user’s context and situation in order to provide him with relevant results without breaking the security and privacy policies. Distributed multimedia systems, such as the oneproposed by the LINDO project, do not generally consider both issues. In this paper, we apply an access control layer on top of the LINDO architecture that takes into consideration the user’s context and situation and recommends alternative resources to the user when he is facing an important situation. The proposed solution was implemented and tested in a video surveillance use case

Integration of information and educational systems in the universal education university electronic environment

The article is devoted to the integration of educational resources and educational and informational systems in a single information and educational environment of the university. Access to the university's information and educational environment is carried out through the additional web-site of the official portal “Information and educational environment” for authorization, which uses technology of the single sign-on point, the main element of which is the creation of a user database. Taking into account the features of the analyzed directory services and the use of the domain structure of the network organization, we have selected to create the Lightweight Directory Access Protocol (LDAP) database using the OpenLDAP open protocol. Were described the implementation of the settings for a single sign-on page using the protocol for the web CAS (Central Authentication Service). To synchronize the University's corporate email and available Google services with the LDAP database, Google Apps developed a Google Apps Directory Sync application that synchronizes the structure and all users in Google Apps. In order to synchronize the e-learning system based on the LMS Moodle, an existing appropriate module was used to authenticate users through the LDAP database. Configuring the module, synchronizing users and groups is presented in the article. Also are listed the settings specified in the LocalSettings.php file that are related to LDAP authentication with the university's wiki portal via the installed and connected LDAP authentication module. Also we described an approach to synchronizing users with the systems of scientific conferences and seminars based on the open conference system engine, which includes a module for LDAP authenticatio