Maintaining consumer confidence in electronic payment mechanisms

Credit card fraud is already a significant factor inhibiting consumer confidence in e-commerce. As more advanced payment systems become common, what legal and technological mechanisms are required to ensure that fraud does not do long-term damage to consumers' willingness to use electronic payment mechanisms

NFC Security Solution for Web Applications

Töö eesmärgiks on võrrelda erinevaid eksisteerivaid veebirakenduste turvalahendusi, analüüsida NFC sobivust turvalahenduste loomiseks ning pakkuda välja uus NFC autentimise ja signeerimise lahendus läbi Google Cloud Messaging teenuse ja NFC Java Card’i. Autori pakutud lahendus võimaldab kasutajal ennast autentida ja signeerida läbi NFC mobiiliseadme ja NFC Java Card’i, nõudmata kasutajalt eraldi kaardilugejat. Antud lahendust on võimalik kasutada kui ühtset kasutajatuvastamise viisi erinevatele rakendustele, ilma lisaarenduseta.This thesis compares existing and possible security solutions for web applications, analyses NFC compatibility for security solutions and proposes a new NFC authentication and signing solution using Google Cloud Messaging service and NFC Java Card. This new proposed solution enables authentication and signing via NFC enabled mobile phone and NFC Java Card without any additional readers or efforts to be made. This smart card solution can be used within multiple applications and gives the possibility to use same authentication solution within different applications

A Survey of Elliptic Curve Cryptography Implementation Approaches for Efficient Smart Card Processing

Smart cards have been used for many different purposes over the last two decades, from simple prepaid credit counter cards used in parking meters, to high security identity cards intended for national ID programs. This has increased data privacy and security requirements. Data protection and authentication is now demanded for performing Electronic payment and allow secure multi-level access to private information. ECC uses smaller key sizes compared to traditionally used RSA based cryptosystems. Elliptic Curve Cryptography is especially suited to smart card based message authentication because of its smaller memory and computational power requirements than public key cryptosystems. It is observed that the performance of ECC based approach is significantly better than RSA and DSA/DH based approaches because of the low memory and computational requirements, smaller key size, low power and timing consumptions

Strong authentication based on mobile application

The user authentication in online services has evolved over time from the old username and password-based approaches to current strong authentication methodologies. Especially, the smartphone app has become one of the most important forms to perform the authentication. This thesis describes various authentication methods used previously and discusses about possible factors that generated the demand for the current strong authentication approach. We present the concepts and architectures of mobile application based authentication systems. Furthermore, we take closer look into the security of the mobile application based authentication approach. Mobile apps have various attack vectors that need to be taken under consideration when designing an authentication system. Fortunately, various generic software protection mechanisms have been developed during the last decades. We discuss how these mechanisms can be utilized in mobile app environment and in the authentication context. The main idea of this thesis is to gather relevant information about the authentication history and to be able to build a view of strong authentication evolution. This history and the aspects of the evolution are used to state hypothesis about the future research and development. We predict that the authentication systems in the future may be based on a holistic view of the behavioral patterns and physical properties of the user. Machine learning may be used in the future to implement an autonomous authentication concept that enables users to be authenticated with minimal physical or cognitive effort

Identificação eletrónica, assinatura e serviço de confiança

A generalização do uso de comunicações eletrónicas em todas as esferas das atividades humanas traz a necessidade de uma nova perspetiva legal. Esta necessidade é particularmente sentida a nível da União Europeia com o objetivo assumido de construir um mercado digital único e fiável. O Regulamento 910/2014 foi estabelecido como o principal quadro jurídico europeu destinado a harmonizar o entendimento de instrumentos como identificação eletrónica, autenticação eletrónica, serviços eletrónicos e também outros serviços de confiança da sociedade de informação, como selos eletrónicos, carimbos, serviços de entrega registrada eletrónica e autenticação de sites. No seu conjunto, o Regulamento 910/2014 visa estabelecer um quadro jurídico comum que permitisse aos cidadãos europeus tirarem pleno partido dos serviços digitais num ambiente técnica e juridicamente seguro.The generalization of the use of electronic communications in all spheres of human activities brings along a need for a new legal perspective. This need is particularly felt at European Union level with the assumed aim of building a trustable Digital Single Market. Regulation 910/2014 was set as the main European legal framework aimed at harmonizing the understanding of instruments such as electronic identification, electronic authentication, electronic services, and other trust services of information society, such as electronic seals, electronic time stamps, electronic registered delivery services and website authentication. In the whole, Regulation 910/2014 is intended to establish a common legal framework allowing European citizens to take full advantage of digital services in a technically and legally secure environment

The State of the Electronic Identity Market: Technologies, Infrastructure, Services and Policies

Authenticating onto systems, connecting to mobile networks and providing identity data to access services is common ground for most EU citizens, however what is disruptive is that digital technologies fundamentally alter and upset the ways identity is managed, by people, companies and governments. Technological progress in cryptography, identity systems design, smart card design and mobile phone authentication have been developed as a convenient and reliable answer to the need for authentication. Yet, these advances ar enot sufficient to satisfy the needs across people's many spheres of activity: work, leisure, health, social activities nor have they been used to enable cross-border service implementation in the Single Digital Market, or to ensure trust in cross border eCommerce. The study findings assert that the potentially great added value of eID technologies in enabling the Digital Economy has not yet been fulfilled, and fresh efforts are needed to build identification and authentication systems that people can live with, trust and use. The study finds that usability, minimum disclosure and portability, essential features of future systems, are at the margin of the market and cross-country, cross-sector eID systems for business and public service are only in their infancy. This report joins up the dots, and provides significant exploratory evidence of the potential of eID for the Single Digital Market. A clear understanding of this market is crucial for policy action on identification and authentication, eSignature and interoperability.JRC.DDG.J.4-Information Societ