Data Science Solution for User Authentication

User authentication is considered a key factor in almost any software system and is often the first layer of security in the digital world. Authentication methods utilize one, or a combination of up to two, of the following factors: something you know, something you have and something you are. To prevent serious data breaches that have occurred using the traditional authentication methods, a fourth factor, something you do, that is being discussed among researchers; unfortunately, methods that rely on this fourth factor have problems of their own. This thesis addresses the issues of the fourth authentication factor and proposes a data science solution for user authentication. The new solution is based on something you do and relies on analytic techniques to transfer Big data characteristics (volume, velocity and variety) into relevant security user profiles. Users’ information will be analyzed to create behavioral profiles. Just-in-time challenging questions are generated by these behavioral profiles, allowing an authentication on demand feature to be obtained. The proposed model assumes that the data is received from different sources. This data is analyzed using collaborative filtering (CF), a learning technique, that builds up knowledge by aggregating the collected users’ transaction data to identify information of security potential. Four use case scenarios were evaluated regarding the proposed model’s proof of concept. Additionally, a web based case study using MovieLens public dataset was implemented. Results show that the proposed model is successful as a proof of concept. The experiment confirms the potential of applying the proposed approach in real life as a new authentication method, leveraging the characteristics of Big data: volume, velocity and variety

Nexus Crystals: Crystallizing Limits on Constractual Control of Virtual Worlds

Can a video game developer or publisher successfully sue a video game player for copyright infringement for not “playing a game nicely,” “cheating,” or “buying software from a third party”? This article suggests a new reason why it cannot. The founding social contract of the new millennium is the End User License Agreement (EULA), not the U.S. Constitution. Website terms of use (TOU) and software EULAs now have an enormous impact on how citizens must act and how their rights and redresses are defined. EULAs contain not only traditional intellectual property licensing conditions but complicated directives regarding what members of online communities can say, how they must act, what they can do, with whom they can transact business, and whether they can own the fruits of their own labor. The question that has been before academics for a long time, and before courts for a shorter time, is how far these contracts can go in controlling the property and dignitary interests of contractual communities. The consequences of this legal debate are immediate and personal, although the law governing these rules is always in flux and sometimes incoherent. You may “jailbreak” your iPhone or “root” your droid without implicating copyright issues no matter what your license says. But if you “mod” your PlayStation 3 (PS3) in violation of your software license agreement (or, worse, show others how to do so), then you risk a major lawsuit. The only way to understand this area of law is to identify the legal questions at the center of the debate because, while the answers courts give to these questions are not stable, the questions themselves have been. The center of the debate is the interaction between the grant of exclusive rights in the core provisions of the Copyright Act and the later additions by the Digital Millennium Copyright Act (DMCA) — the statute that protects technological locks against technological circumvention. The connection between contracts and technological measures is direct but not immediately clear. Contracts that restrict access to software are legally enforceable documents, but also technological protective measures that control access to copyrighted material. This creates a catch-22 for the end user: either the end user clicks through the EULA and gives up a panoply of rights, often including fair use, or the end user circumvents the contract and is liable for that circumvention under the DMCA. The question is whether corporations can use EULAs to control consumer behavior that has little or nothing to do with copyright. It is clear that a copyright license that restricts a licensee from making copies makes use of a power that Congress intended to give to copyright holders. It is less clear that Congress intended to permit companies to turn actions such as “being rude while playing a video game,” “criticizing the game company while commenting on game message boards,” or “cheating while playing a game” into copyright infringements. Companies can, of course, contract with users to use the software in certain ways, but it is not at all certain that any resulting breach of contract claims should be transformed into copyright infringements and/or DMCA violations. A number of courts have therefore held that there must be a “nexus” between a license restriction that a corporation seeks to enforce on penalty of DMCA violation and some right granted by the Copyright Act. The Ninth Circuit has held otherwise: a clause unconnected to any core right granted by the Act would be enforceable as a copyright infringement if the user violated the EULA and as a DMCA violation if the user either circumvented the EULA or sought to avoid surveillance programs, such as Blizzard’s Warden, intended to enforce these contractual clauses. Yet the Ninth Circuit has now recently recognized the dissonance caused by permitting corporations to turn every breach of contract into a claim for copyright infringement, an infringement of the DMCA, or even a criminal hacking claim. In a recent case, MDY Industries, LLC v. Blizzard Entertainment, Inc., the Ninth Circuit adopted a novel approach to contractual construction that may serve to separate “play nice” contract clauses from “don’t illegally copy” core copyright license terms. This article argues that such an approach might serve as a “nexus crystal”; a doctrinal catalyst around which doctrines that take seriously these important issues of consumer control could crystallize. MDY does not adopt a nexus test for DMCA claims in the Ninth Circuit. But it nevertheless succeeds in separating social control from copyright licensing through a closer examination of the contractual clauses themselves; it does so by arguing that a mere rule of social control (“play nice”) is a contractual condition and not a condition of the intellectual property license. This article proceeds in three parts. The first part discusses some pertinent legal literature and case law concerning the contractual control of online communities. The second part discusses case law that I believe describes coalescing limits on contractual control. One limit is familiar: some circuits require a nexus between a DMCA-protected technological lock and the exercise of some right granted by the Copyright Act to the copyright holder with respect to the locked-up material. But a second limit is potentially significantly more far-reaching: a contractual construction that limits the kinds of social control a copyright holder can exercise via mass-market consumer contracts of adhesion. Simply put, can software providers require their mass-market consumers to not criticize the company on public forums or to not do business with an aftermarket software provider, as conditions of the intellectual property license? This article argues that they cannot and that the MDY decision is one of the first cases to confront this issue head-on and resolve it correctly. The third part examines the district and appellate decisions in MDY v. Blizzard and discusses how the court navigates the labyrinth between copyright holders’ rights and their ability to dictate patterns of social behavior to online communities under threat of copyright infringement. I then offer some conclusions

Nexus Crystals: Crystallizing Limits on Constractual Control of Virtual Worlds

Can a video game developer or publisher successfully sue a video game player for copyright infringement for not “playing a game nicely,” “cheating,” or “buying software from a third party”? This article suggests a new reason why it cannot. The founding social contract of the new millennium is the End User License Agreement (EULA), not the U.S. Constitution. Website terms of use (TOU) and software EULAs now have an enormous impact on how citizens must act and how their rights and redresses are defined. EULAs contain not only traditional intellectual property licensing conditions but complicated directives regarding what members of online communities can say, how they must act, what they can do, with whom they can transact business, and whether they can own the fruits of their own labor. The question that has been before academics for a long time, and before courts for a shorter time, is how far these contracts can go in controlling the property and dignitary interests of contractual communities. The consequences of this legal debate are immediate and personal, although the law governing these rules is always in flux and sometimes incoherent. You may “jailbreak” your iPhone or “root” your droid without implicating copyright issues no matter what your license says. But if you “mod” your PlayStation 3 (PS3) in violation of your software license agreement (or, worse, show others how to do so), then you risk a major lawsuit. The only way to understand this area of law is to identify the legal questions at the center of the debate because, while the answers courts give to these questions are not stable, the questions themselves have been. The center of the debate is the interaction between the grant of exclusive rights in the core provisions of the Copyright Act and the later additions by the Digital Millennium Copyright Act (DMCA) — the statute that protects technological locks against technological circumvention. The connection between contracts and technological measures is direct but not immediately clear. Contracts that restrict access to software are legally enforceable documents, but also technological protective measures that control access to copyrighted material. This creates a catch-22 for the end user: either the end user clicks through the EULA and gives up a panoply of rights, often including fair use, or the end user circumvents the contract and is liable for that circumvention under the DMCA. The question is whether corporations can use EULAs to control consumer behavior that has little or nothing to do with copyright. It is clear that a copyright license that restricts a licensee from making copies makes use of a power that Congress intended to give to copyright holders. It is less clear that Congress intended to permit companies to turn actions such as “being rude while playing a video game,” “criticizing the game company while commenting on game message boards,” or “cheating while playing a game” into copyright infringements. Companies can, of course, contract with users to use the software in certain ways, but it is not at all certain that any resulting breach of contract claims should be transformed into copyright infringements and/or DMCA violations. A number of courts have therefore held that there must be a “nexus” between a license restriction that a corporation seeks to enforce on penalty of DMCA violation and some right granted by the Copyright Act. The Ninth Circuit has held otherwise: a clause unconnected to any core right granted by the Act would be enforceable as a copyright infringement if the user violated the EULA and as a DMCA violation if the user either circumvented the EULA or sought to avoid surveillance programs, such as Blizzard’s Warden, intended to enforce these contractual clauses. Yet the Ninth Circuit has now recently recognized the dissonance caused by permitting corporations to turn every breach of contract into a claim for copyright infringement, an infringement of the DMCA, or even a criminal hacking claim. In a recent case, MDY Industries, LLC v. Blizzard Entertainment, Inc., the Ninth Circuit adopted a novel approach to contractual construction that may serve to separate “play nice” contract clauses from “don’t illegally copy” core copyright license terms. This article argues that such an approach might serve as a “nexus crystal”; a doctrinal catalyst around which doctrines that take seriously these important issues of consumer control could crystallize. MDY does not adopt a nexus test for DMCA claims in the Ninth Circuit. But it nevertheless succeeds in separating social control from copyright licensing through a closer examination of the contractual clauses themselves; it does so by arguing that a mere rule of social control (“play nice”) is a contractual condition and not a condition of the intellectual property license. This article proceeds in three parts. The first part discusses some pertinent legal literature and case law concerning the contractual control of online communities. The second part discusses case law that I believe describes coalescing limits on contractual control. One limit is familiar: some circuits require a nexus between a DMCA-protected technological lock and the exercise of some right granted by the Copyright Act to the copyright holder with respect to the locked-up material. But a second limit is potentially significantly more far-reaching: a contractual construction that limits the kinds of social control a copyright holder can exercise via mass-market consumer contracts of adhesion. Simply put, can software providers require their mass-market consumers to not criticize the company on public forums or to not do business with an aftermarket software provider, as conditions of the intellectual property license? This article argues that they cannot and that the MDY decision is one of the first cases to confront this issue head-on and resolve it correctly. The third part examines the district and appellate decisions in MDY v. Blizzard and discusses how the court navigates the labyrinth between copyright holders’ rights and their ability to dictate patterns of social behavior to online communities under threat of copyright infringement. I then offer some conclusions

Nonprofit Performance Management: Using Data to Measure and Improve Programs

Tracking and measuring data can give nonprofits a better understanding of the populations they serve and how they serve them. It can also help them identify areas they can improve to boost the reach and effectiveness of their programs. But many organizations struggle with the idea of using data.How do successful nonprofits go about the process of implementing their data practices? What software do they use? What are the obstacles they face, and how do they overcome them? To find out, we reached out to our network of experts and consultants for examples of organizations that were successfully using data to improve and direct their work, and narrowed their list of recommendations down to 10 nonprofits of different sizes, missions, and locations.We talked to staffers at each who were involved with data and analyzed the information we gathered for common themes, best practices, and any patterns that might be useful. We also asked them for advice for other organizations looking to replicate their successes and learn from their mistakes.From those 10 organizations, we chose seven for case studies about the different ways they were using data. This report is built around those case studies and the additional conversations we had

HELIN Task Force on Electronic Archiving Report

Report of the HELIN Electronic Archiving Task Force, appointed from the HELIN Serials Committee and the HELIN Collection Development Committee

Information Outlook, May 1997

Volume 1, Issue 5https://scholarworks.sjsu.edu/sla_io_1997/1004/thumbnail.jp

Strengthening Construction Management in the Rural Rehab Line of Business

The Five Key ObservationsObservation#1: Rural rehab success emanated from positive thinking and persistent implementationObservation #2: Almost every RHRO would benefit from a substantial increase in the per unit funding available, especially in light of the forthcoming HUD HOME requirement to establish written rehab standards in ten subcategories.Observation #3: A smartphone and tablet with 20 to 40 apps is the rehab specialist's Swiss Army knife. They are our, GPS, calculator, spec writer, office lifeline in case of danger, camera, clock, cost estimator calendar and a hundred other single-purpose but very important uses.Observation #4: NeighborWorks® Rural Initiative could provide a clearinghouse for success techniques targeted to rural rehab. Each month it might focus on a specific aspect of rehab management; inspection checklists in January, green specs in February, feasibility checklist in March, contractor qualification questionnaires in April and so on.Observation #5: Even with most components of in-house contractor success formula in place, per the Statistic Research Institute 53% of construction firms go out of business with in the first 4 years. It remains a very risky model that requires significant; funding, staff experience, administrative support and risk tolerance.Three Rehab Production Models And Their AlternativesThis middle section restates the introduction and methodology and offers a detailed review of the Traditional Rehab Specialist, Construction Management Of Subcontractor and the In-House General Contractor production models .for each model the article provides: definition and staffing pattern, design roles and tasks for each major player, benefits and challenges, alternative models and finally recommendations for successful implementationFocus TopicsDuring our interview process, three ideas surfaced that were best served with a mini discussion of the topic rather than being embedded in the already large middle section.The three topics are; software and technology, management of community relations – marketing and quality control, and budget solution

Information Outlook, February 2007

Volume 11, Issue 2https://scholarworks.sjsu.edu/sla_io_2007/1001/thumbnail.jp