Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

Checks and Balances: Measuring Checking Accounts' Safety and Transparency

Consumers need safe and transparent checking accounts. "Access to mainstream financial services at an insured institution," notes the Federal Deposit Insurance Corp., "provides consumers with a safe place to save, conduct basic financial transactions, build a credit history and access credit on favorable terms, and achieve financial security."Previous research from The Pew Charitable Trusts' financial security portfolio also shows that having a checking account allows consumers to better weather economic storms. In addition, these accounts offer consumers the opportunity to enter the financial mainstream by providing access to a savings account and the potential to apply for and manage more sophisticated products such as credit to purchase a car or home.This report reviews the checking accounts offered by 36 of the nation's 50 largest banks according to their practices in three areas: disclosures, overdrafts, and dispute resolution. The study builds on two previous Pew reports. "Hidden Risks: The Case for Safe and Transparent Checking Accounts," released in April 2011, analyzed more than 250 distinct checking accounts offered by the retail subsidiaries of the 10 largest bank holding companies."Still Risky: An Update on the Safety and Transparency of Checking Accounts," released in May 2012, expanded the research of the April 2011 report to include the 12 largest banks and 12 largest credit unions as determined by domestic deposit volume.This study examines and analyzes the data differently from the first two reports. First, Pew collected the checking account disclosures of the most basic account offered by 36 of the 50 largest U.S. banks based on deposit volume as reported by the Federal Deposit Insurance Corp. These 36 banks comprise almost 56 percent of domestic deposit volume. Account data from the other 14 banks in the top 50 could not be collected because the information was not available online or by mail. For this report, Pew defined bank "best" and "good" checking account practices based on its previous research in the areas of disclosures, overdraft, and dispute resolution policies and practices

PKI Interoperability: Still an Issue? A Solution in the X. 509 Realm

There exist many obstacles that slow the global adoption of public key infrastructure (PKI) technology. The PKI interoperability problem, being poorly understood, is one of the most confusing. In this paper, we clarify the PKI interoperability issue by exploring both the juridical and technical domains. We demonstrate the origin of the PKI interoperability problem by determining its root causes, the latter being legal, organizational and technical differences between countries, which mean that relying parties have no one to rely on. We explain how difficult it is to harmonize them. Finally, we propose to handle the interoperability problem from the trust management point of view, by introducing the role of a trust broker which is in charge of helping relying parties make informed decisions about X.509 certificates

THE ELECTRONIC SIGNATURE (E-SIGN) IN THE INFORMATION SOCIETY

This paper deals with the legislative and technical aspects, concerning the electronic signature and examples regarding the implementation of the e-sign software security solutions in the information society. One of the major problems the IT developers for complex systems have to deal with, is to provide the security of data and the information administered by these systems, as well as to certify their authentication by the electronic signature. The certification procedures and the encryption algorithms, used for the electronic signature are needed in today’s information society.e-sign, software security, information security, Decision Support System(DSS)

The laws, regulations, and industry practices that protect consumers who use electronic payment systems: credit and debit cards

Summary: This is the first in a series of three papers that examines the protections available to users of various electronic payment vehicles who fall victim to fraud, discover an error on their statement, or have a dispute with a merchant after making a purchase. Specifically, it examines in detail the federal and state laws that protect consumers in the three situations described above as well as the relevant association, network, and bank policies that may apply. The protection information included in this paper is derived from a wide range of public and non-public sources, including federal and state statutes, consumer-issuer contracts, and interviews with scores of payments industry experts. This first paper focuses on the two most widely used electronic payment methods: credit cards and debit cards. The second paper in the series will examine two newer electronic payment vehicles: ACH debits and prepaid cards. The third paper will discuss the broader industry and policy implications of the authors’ findings.Regulation E: Electronic Fund Transfers ; Regulation Z: Truth in Lending ; Consumer protection ; Fraud

Consumers Continue to Load Up on Prepaid Cards

The general purpose reloadable prepaid card is a relatively new consumer financial product that is growing in popularity. This report finds that prepaid cards became increasingly accessible in 2013, and in many instances are now more affordable than basic checking accounts. But, while prepaid cards offer many benefits, consumer protections lag far behind other banking products