Supporting Market Transaction through XML Contracting Containers

Based on a Business Media Framework (BMF), this paper proposes an architecture for secure electronic contracts, which adhere to legal requirements and can be applied for an integrated management of market transactions. We propose the use of XML, digital signatures, and Java technology for secure electronic contracting. The resulting contract container can be applied for the support of an integrated information flow through the different services of an electronic market. In addition the container holds a control logic, that supports the management of the contract negotiation and the contract settlement. The concept provided in this paper was developed in the Secure Electronic Contracts (SeCo) project of the =mcminstitute of the University of St. Gallen and the University of Zurich, Switzerland, in cooperation with several business partners

Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15

Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville

SecAdvise : un aviseur de mécanismes de sécurité

Mémoire numérisé par la Direction des bibliothèques de l'Université de Montréal

CROO: A universal infrastructure and protocol to detect identity fraud

Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose CROO, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction’s purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes CROO a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTP-keyed MACs) correspond to claimed hashed transaction details. Hashing transaction details increases user privacy. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users’ devices resilient to off-line PIN-guessing attacks. CROO’s credentials can be formatted as existing user credentials (e.g. credit cards or driver’s licenses)

SIDVI: a model for secure distributed data integration

The new millennium has brought about an increase in the use of business intelligence and knowledge management systems. The very foundations of these systems are the multitude of source databases that store the data. The ability to derive information from these databases is brought about by means of data integration. With the current emphasis on security in all walks of information and communication technology, a renewed interest must be placed in the systems that provide us with information; data integration systems. This dissertation investigates security issues at specific stages in the data integration cycle, with special reference to problems when performing data integration in a peer-topeer environment, as in distributed data integration. In the database environment we are concerned with the database itself and the media used to connect to and from the database. In distributed data integration, the concept of the database is redefined to the source database, from which we extract data and the storage database in which the integrated data is stored. This postulates three distinct areas in which to apply security, the data source, the network medium and the data store. All of these areas encompass data integration and must be considered holistically when implementing security. Data integration is never only one server or one database; it is various geographically dispersed components working together towards a common goal. It is important then that we consider all aspects involved when attempting to provide security for data integration. This dissertation will focus on the areas of security threats and investigates a model to ensure the integrity and security of data during the entire integration process. In order to ensure effective security in a data integration environment, that security, should be present at all stages, it should provide for end-to-end protection

IS standards in designing business-to-government collaborations.

IS STANDARDS IN DESIGNING BUSINESS-TO-GOVERNMENT COLLABORATIONS. Elaborating the impact of standards on inter-organizational collaborations, inter-organizational studies demonstrated a standard’s positive impact on the collaboration between governmental and business partners. How and under which conditions information systems (IS) standards contribute to the effectiveness of business-to-government (B2G) collaborations in customs management is the topic of this thesis. Chapter 2 provides the theoretical and methodological background of the thesis. It illustrates how standards research emerged under institutional conditions such as actor types, linkages and social structures. With the case study in Chapter 3, the thesis introduces a reference framework that gathers different aspects in three pre-selected international business-to-government collaborations. Describing the cases that are subject to the export from EU to non-EU countries a diagnosis of B2G collaborations and relevant elements for the design of the artifact is conducted. A diagnosis of related work in the field of B2G collaborations is provided in Chapter 4. The assessment of collaboration forms revealed necessary constructs of a procedure model and institutional steps necessary to form B2G collaboration as such. Chapter 5 distils related work of IS standards research. In Chapters 6 and 7 considerations from the previous chapters lead to the core part of the thesis, the design and build of a procedure model to institutionalize B2G collaborations, the B2G Procedure Model (B2GPM). The results from the first round of design, the building blocks for B2G collaborations, are subject to Chapter 6. They conclude in a set of design principles of the B2GPM that are being introduced in the chapter. Chapter 7 covers the second round of design by refining the elements of B2G collaboration and the design principles. It continues with the design of the B2GPM. The composition, description, and documentation of the procedure model are the core part of this chapter. Chapter 8 is dedicated to the question of required organizational adoption to deploy the B2GPM. The model is seen as a procedural innovation by which B2G collaboration in customs management can be further improved. The applicability of the B2GPM is based on a series of evaluation cycles and results in the provision of influencing factors of organizational adoption.