Designing Usable and Secure Authentication Mechanisms for Public Spaces

Usable and secure authentication is a research field that approaches different challenges related to authentication, including security, from a human-computer interaction perspective. That is, work in this field tries to overcome security, memorability and performance problems that are related to the interaction with an authentication mechanism. More and more services that require authentication, like ticket vending machines or automated teller machines (ATMs), take place in a public setting, in which security threats are more inherent than in other settings. In this work, we approach the problem of usable and secure authentication for public spaces. The key result of the work reported here is a set of well-founded criteria for the systematic evaluation of authentication mechanisms. These criteria are justified by two different types of investigation, which are on the one hand prototypical examples of authentication mechanisms with improved usability and security, and on the other hand empirical studies of security-related behavior in public spaces. So this work can be structured in three steps: Firstly, we present five authentication mechanisms that were designed to overcome the main weaknesses of related work which we identified using a newly created categorization of authentication mechanisms for public spaces. The systems were evaluated in detail and showed encouraging results for future use. This and the negative sides and problems that we encountered with these systems helped us to gain diverse insights on the design and evaluation process of such systems in general. It showed that the development process of authentication mechanisms for public spaces needs to be improved to create better results. Along with this, it provided insights on why related work is difficult to compare to each other. Keeping this in mind, first criteria were identified that can fill these holes and improve design and evaluation of authentication mechanisms, with a focus on the public setting. Furthermore, a series of work was performed to gain insights on factors influencing the quality of authentication mechanisms and to define a catalog of criteria that can be used to support creating such systems. It includes a long-term study of different PIN-entry systems as well as two field studies and field interviews on real world ATM-use. With this, we could refine the previous criteria and define additional criteria, many of them related to human factors. For instance, we showed that social issues, like trust, can highly affect the security of an authentication mechanism. We used these results to define a catalog of seven criteria. Besides their definition, we provide information on how applying them influences the design, implementation and evaluation of a the development process, and more specifically, how adherence improves authentication in general. A comparison of two authentication mechanisms for public spaces shows that a system that fulfills the criteria outperforms a system with less compliance. We could also show that compliance not only improves the authentication mechanisms themselves, it also allows for detailed comparisons between different systems

Assessing Total Cost of Supply Chain Risk : Constructive Study at a Semiconductor Company

This master’s thesis provides tool for supply chain risk impact identification and assessment in monetary terms by combining the total cost of ownership (TCO) approach with a selected toolbox from supply chain risk management (SCRM) literature as one of the very few examples of synthesis from these two literature fields. The research design of the study is based on the constructive research process (CRA) which has not seen extensive usage in SCRM literature. The SCRM construction created via synthesis of literature is tested and further developed in a qualitative and constructive single case study utilizing three supply chains of the Client company, a Finnish semiconductor manufacturer with heavy footprint on the automotive industry. As the main key finding of the study, a SC risk analysis tool combining the TCO approach with the SCRM framework is found possible to be constructed. The tool is discovered to provide broad and relevant insight for decision-making but suffering from lack of novel risk findings, complicatedness, and high usage of time. Furthermore, support is established for the usage of absolute business measures rather than relative scales for monetary prioritization of risk. In addition, the limiting effect of scope-driven approach for comprehensiveness of risk analysis and the difficulties with SCRM tools in the remote working are pondered. The main research contribution for academic audience is created by providing a synthesis of SCRM and TCO frameworks which has been lacking practical applications despite a prominent expectations of the literature. Furthermore, contribution is presented for three other research gaps highlighted by SCRM literature: creation of supporting tools for SCRM cost-benefit analysis, robust and systematic tools for risk identification and assessment, and further empirical validation of theoretical SCRM concepts. The main managerial implications are provided by answering the practical needs of the Client company. In a more general level, the tool could see usage in differing contexts as well thanks to the comprehensive walk-through of the process and the review of limitations for ap-plicability. Furthermore, practical implications can be drawn from the supporting risk classifications of the tool mirroring the risk environment studied – not to forget the explored potential of CRA in finding practical solutions for SCRM-needs. Finally, four future research ideas related to revisiting the Client company, integration of entire SCRM process, testing of the constructions in other industrial settings as well as further research combining SCRM and TCO literatures are proposed.Tämä pro gradu -tutkielma tarjoaa työkalun toimitusketjuriskien tunnistamiseen ja rahalliseen arviointiin yhdistämällä kokonaiskustannusten hallinnan (TCO) lähestymistavan valittuihin työkaluihin toimitusketjujen riskienhallinnan (SCRM) kirjallisuudesta yhtenä harvoista esimerkeistä, jotka yhdistävät nämä kaksi kirjallisuuden suuntausta. Tutkimusstrategia perustuu konstruktiivisen tutkimukseen (CRA), joka ei ole nähnyt laajaa käyttöä SCRM-kirjallisuudessa. Tieteellisen kirjallisuuden synteesin avulla luotu SCRM-konstruktio testataan ja edelleen kehitetään kvalitatiivisessa ja konstruktiivisessa tapaustutkimuksessa, joka hyödyntää kolmea toimeksiantajayrityksen toimitusketjua. Toimeksiantaja on suomalainen puolijohdevalmistaja, jolla on vahva jalansija autoteollisuudessa. Merkittävimpänä tutkimustuloksena toimitusketjuriskien analyysityökalu, joka yhdistää TCO-lähestymistavan SRCM-viitekehykseen, todetaan mahdolliseksi luoda. Työkalu tarjoaa laajaa ja relevanttia tietämystä päätöksenteolle, mutta kärsii uusien riskilöydösten puutteesta, monimutkaisuudesta ja korkeasta ajankäytön tarpeesta. Tukea annetaan myös absoluuttisten liiketoiminnallisten mittarien käytölle riskien priorisointiin suhteellisten skaalamittarien sijasta. Lisäksi pohditaan fokusoituneemman lähestymistavan rajaavaa vaikutusta riskianalyysin holistisuudelle sekä SCRM-työkalujen soveltamisen haasteita etätyöskentelyssä. Pääasiallinen tieteellinen kontribuutio akateemiselle yleisölle luodaan tarjoamalla SCRM- ja TCO-viitekehysten synteesi, joka ei ole kirjallisuuden odotuksista huolimatta tarjonnut juuri käytännön sovellutuksia. Kontribuutiota esitetään myös kolmelle muulle SCRM-kirjallisuudessa korostetulle tutkimuspuutteelle: tukevien työkalujen luomiselle riskienhallinnan kustannus-hyötyanalyysille, kestävien ja systemaattisten työkalujen laatimiselle riskien tunnistamiseen ja arviointiin sekä teoreettisten SCRM-konseptien lisävalidoinnille empiirisesti. Pääasiallinen käytännön kontribuutio tarjotaan vastaamalla toimeksiantajayrityksen käytännön tarpeisiin. Yleisemmällä tasolla, luotu SCRM-työkalu voisi olla käyttökelpoinen jopa toimeksiantajasta eroavissa konteksteissa laajan prosessin läpikäynnin sekä sovellettavuuden rajoitteiden katsauksen ansiosta. Lisäksi käytännön kontribuutiota tarjoaa tutkittua riskiympäristöä heijastelevat ja työkaluun sisältyvät riskien luokittelut. Unohtaa ei sovi myöskään todettua CRA-lähestymistavan potentiaalia käytännön ratkaisujen löytämiseksi SCRM-tarpeisiin. Tutkielmassa tunnistetaan myös neljä jatkotutkimusideaa liittyen toimeksiantajayrityksen seurantaan, koko SCRM-prosessin integraatioon, konstruktion testaamiseen muilla toimialoilla sekä SCRM- ja TCO-kirjallisuudet yhdistävään lisätutkimukseen

Using Unified Personal Information in Workspaces

Knowledge workers (KWers) deal with personal information and use tools like, e.g., desktop workspaces to support their work. But KWer support is hindered by personal information fragmentation, i.e., applications keep a set of personal information while not interconnecting it. This thesis addresses this in the domains personal task management and meeting management by using a common unified personal information model as offered by the semantic desktop personal information management (PIM) system

DHRS 2009 Proceedings of the Ninth Danish Human-Computer Interaction Research Symposium.

Since 2001 the annual Danish Human-Computer Interaction Research Symposium has been a platform for networking, and provided an opportunity to get an overview across the various parts of the Danish HCI research scene. This years symposium was held in Aarhus, Denmark on December 14, 200

Mobile information system adoption and use: beliefs and attitudes in mobile context

During the last decades scholars and practitioners have been interested in the reasons why users either accept or reject Information Systems (IS). Users' perceptions of information technology have mainly been studied from acceptance, success, or usability perspectives. Although these research approaches have provided valuable information, they all have a limited view. Thus, there is a need for an integrated framework that fulfills the gaps between different approaches. In this study the acceptance and use of mobile systems are analyzed by combining the results of different disciplines. The main result of the study is a new model for Mobile IS Adoption and Use (MISAU). It integrates the elements of technology acceptance, information system success, and usability studies into a single model. As information system acceptance must always be analyzed in context of use, MISAU is based on the mobile service supply chain. The main differences between stationary and mobile systems can be found in network performance and usability of mobile devices. MISAU serves as a framework for case studies in which the effects of these special characteristics on users' perceptions are analyzed. The results of the study indicate that the ever-increasing transmission speeds of mobile networks are not alone adequate to increase the use of mobile services. Perceived quality of service is an outcome of multiple factors. The successful implementation of a mobile IS requires high quality in all elements of service supply chain (i.e. end-user devices, networks, and services). The small size of mobile devices is a serious threat to usability - especially to text entry and navigation within an application. Further studies are still needed in these sectors

New media, new citizens: the terms and conditions of online youth civic engagement.

The increasingly salient role of new media in young people's lives has led to a debate about the potential of the internet as a means of political communication and youth participation. While a growing body of scholarship has engaged 'Nith the issue, there is lack of empirical research linking young people's civic motivations to their internet uses, and in particular to their evaluations, as users, of UK civic websites. This thesis brings together the study of youth civic engagement and the practice of user experience in order to explore the civic factors and website elements that motivate young people to participate via the internet. Employing a large survey and a qualitative study of a purposively sampled community of young citizens and internet users, the research explores youth civic needs and how these translate into specific uses of the web. Furthermore, a comprehensive content analysis of twenty civic websites is juxtaposed with a user experience study, in order to facilitate a dialogue between the online text and the users. The core argument of this study is that young people are willing to engage with public affairs via civic websites as long as a series of "terms and conditions" are met that would make this engagement meaningful to them. These include the existence of visible benefits or outcomes from the participation process and the relevance of the issue to the individual's lifeworld. It is argued that the preconditions set by these young people constitute a coherent paradigm of an essentially consumerist approach to civic engagement; a mode of online political communication that is based around convenience, personalisation and emotional engagement. However, a feeling of civic loneliness was also manifest in the participants' narratives and there were strong indications that any sense of alienation should not be attributed to apathy, but to a fundamental scepticism about the ability of the individual to make a difference at the social level. The evidence suggests that, while technology has a role in providing users with accessible and effective online tools, the root cause of the problem may be in the social structures of the civic culture, and particUlarly in the mechanisms of political socialisation that facilitate civic motivation. Hence, the study reaffirms the importance of the affective, symbolic and political dimensions of participation and argues that these need to be integrated along with traditional (technological and psychological) elements of user experience in order to achieve civic usability

COMBINING HUMAN FACTORS AND DATA SCIENCE METHODS TO EVALUATE THE USE OF FREE TEXT COMMUNICATION ORDERS IN ELECTRONIC HEALTH RECORDS

Medication errors are a leading cause of death in the United States. Electronic Health Records (EHR) along with Computerized Provider Order Entry (CPOE) are considered promising ways to reduce these errors. However, EHR systems have not eliminated medication errors. Moreover, in some cases they have facilitated errors due to issues such as poor usability and negative effects on clinical workflows. The use of unexpected free text within a CPOE system can serve as a marker that the system does not adequately support clinical workflow. Prior studies have looked at the use of free text within medication orders, but the inclusion of medication related information in communication for non-medication orders (CNMOs), a type of free text order, has not been adequately studied. This mixed-methods study identified the prevalence, nature and reasons for the inclusion of medication related information in CNMOs using a large sample of CNMOs placed at a mid-Atlantic hospital system in 2017, and via interviews with physicians. The study found that more than 42% of CNMOs contain medication related information. Moreover, the use of CNMOs varied significantly across provider types, hospital locations, patient settings and other factors. The study found 10 themes that might cause providers to adopt such workarounds, including missing functionality and poor usability. The viii study also identified several general challenges in communicating medication information in the EHR, and potential solutions to mitigate these challenges. This dissertation also demonstrates how natural language processing could be used to identify medication related CNMOs