Maintaining consumer confidence in electronic payment mechanisms

Credit card fraud is already a significant factor inhibiting consumer confidence in e-commerce. As more advanced payment systems become common, what legal and technological mechanisms are required to ensure that fraud does not do long-term damage to consumers' willingness to use electronic payment mechanisms

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

A Novel Consumer-Centric Card Management Architecture and Potential Security Issues

International audienceMulti-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture

Internet Based Self Service Systems for Customer Oriented Processes in Public Administration

Self service systems in public administration can lead to a more efficient organization as well as to an improved customer orientation. The objective is to offer high-quality services and to involve the service recipient in the administrative process to a greater extent. Re-engineering public service processes is necessary to promote a shift from the supplier-dominated push principle to a demand-oriented pull principle. A self service infrastructure allows direct access to IT supported public services. The transactions between service suppliers and service recipients are based on Internet communication. A smartcard represents a powerful element to identify and authenticate the user and offers value-added functions such as data storage, data encryption or electronic payment

Cooperating broadcast and cellular conditional access system for digital television

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.The lack of interoperability between Pay‐TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay‐TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay‐TV systems. This paper presents a novel end‐to‐end system architecture for Pay‐TV systems cooperating mobile and broadcasting technologies. It provides a cost‐effective, scalable, dynamic and secure access control mechanism supporting converged services and new business opportunities in Pay‐TV systems. It enhances interactivity, security and potentially reduces customer attrition and operational cost. In this platform, service providers can effectively interact with their customers, personalise their services and adopt appropriate security measures. It breaks up the rigid relationship between a viewer and set‐top box as imposed by traditional conditional access systems, thus, a viewer can fully enjoy his entitlements via an arbitrary set‐top box. Having thoroughly considered state‐of‐the‐art technologies currently being used across the world, the thesis highlights novel use cases and presents the full design and implementation aspects of the system. The design section is enriched by providing possible security structures supported thereby. A business collaboration structure is proposed, followed by a reference model for implementing the system. Finally, the security architectures are analysed to propose the best architecture on the basis of security, complexity and set‐top box production cost criteria

A Simple and Efficient Way to Combine Microcontrollers with RSA Cryptography

Microcontroller can be easily adopted in various applications with a variety of peripherals due to its merits of small size, simple architecture and etc. However, the limited computing power restricts its application in cryptography. In this paper, we try to integrate microcontroller with different peripheral devices to support more powerful cryptography computation in a simple and efficient way. Based on the most popular open source microcontroller development platform, Arduino, we design and develop a cryptographic hardware device for a real-life application which provides data protection functions for authority and integrity with RSA cryptography supported. With the peripherals Java card, our Arduino-cored solution is able to efficiently generate digital signature of photos taken by smart phone using the asymmetric cryptographic algorithm, RSA, which has a poor performance if it is directly implemented on microcontroller. The experimental results show that the device can finish a RSA 1024-bit encryption in 82.2 microseconds, which is reasonable in real application scenario and illustrates the feasibility of implementing more complicated cryptographic system using microcontroller.published_or_final_versio

Personal Identification in the Information Age: The Case of the National Identity Card in the UK

The informatics infrastructure supporting the Information Society requires the aggregation of data about individuals in electronic records. Such data structures demand that individuals be uniquely identified and this is critical to the necessary processes of authentication, identification and enrolment associated with the use of e-Business, e-Government and potentially e-Democracy systems. It is also necessary to the representation of human interactions as data transactions supporting various forms of governance structure: hierarchies, markets and networks. In this paper we use the agenda surrounding the proposed introduction of a national identity card in the UK as an empirical backbone for considering the issue of identity management. Currently, the UK government is attempting to relate the rights and entitlements of citizenship in the UK with a standard electronic identifier for British citizens and its instantiation in an ‘entitlements card’. This attempt to define legitimising identity seems to us a potentially fruitful empirical source for examining the conceptual and pragmatic issues associated with identity management in the information age. Such a card offers numerous potential benefits for individuals and organisations but its introduction raises major challenges to data protection, data privacy and public trust in the information governance of the UK