Design of secure mobile payment protocols for restricted connectivity scenarios

The emergence of mobile and wireless networks made posible the extensión of electronic commerce to a new area of research: mobile commerce called m-commerce, which includes mobile payment), that refers to any e-commerce transaction made from a mobile device using wireless networks. Most of the mobile payment systems found in the literatura are based on the full connectivity scenario where all the entities are directly connected one to another but do not support business models with direct communication restrictions between the entities of the system is not a impediment to perform comercial transactions. It is for this reason that mobile payment systems that consider those situations where direct communications between entities of the system is not posible (temporarily or permanently) basically due to the impossibility of one of the entities connected to the Internet are required. In order to solve the current shortage in the scientific world of previous research works that address the problema of on-line payment from mobile devices in connectivity restricted scenarios, in this thesis we propose a set of secure payment protocols (that use both symmetric and non-traditional asymmetric cryptography), which have low computational power requirements, are fit for scenarios with communications restrictions (where at least two of the entities of the system cannot exchange information in a direct way and must do it through another entity) and offer the same security capabilities as those protocols designed for full connectivity scenarios. The proposed protocols are applicable to other types of networks, such as vehicular ad hoc network (VANETs), where services exist which require on-line payment and scenarios with communication restrictions.On the other hand, the implementation (in a multiplatform programming language) of the designed protocols shows that their performance is suitable for devices with limited computational power.Postprint (published version

Near Field Communication: From theory to practice

This book provides the technical essentials, state-of-the-art knowledge, business ecosystem and standards of Near Field Communication (NFC)by NFC Lab - Istanbul research centre which conducts intense research on NFC technology. In this book, the authors present the contemporary research on all aspects of NFC, addressing related security aspects as well as information on various business models. In addition, the book provides comprehensive information a designer needs to design an NFC project, an analyzer needs to analyze requirements of a new NFC based system, and a programmer needs to implement an application. Furthermore, the authors introduce the technical and administrative issues related to NFC technology, standards, and global stakeholders. It also offers comprehensive information as well as use case studies for each NFC operating mode to give the usage idea behind each operating mode thoroughly. Examples of NFC application development are provided using Java technology, and security considerations are discussed in detail. Key Features: Offers a complete understanding of the NFC technology, including standards, technical essentials, operating modes, application development with Java, security and privacy, business ecosystem analysis Provides analysis, design as well as development guidance for professionals from administrative and technical perspectives Discusses methods, techniques and modelling support including UML are demonstrated with real cases Contains case studies such as payment, ticketing, social networking and remote shopping This book will be an invaluable guide for business and ecosystem analysts, project managers, mobile commerce consultants, system and application developers, mobile developers and practitioners. It will also be of interest to researchers, software engineers, computer scientists, information technology specialists including students and graduates.Publisher's Versio

Clicking into Mortgage Arrears: A Study into Arrears Prediction with Clickstream Data

This research project investigates the predictive capability of clickstream data when used for the purpose of mortgage arrears prediction. With an ever growing number of people switching to digital channels to handle their daily banking requirements, there is a wealth of ever increasing online usage data, otherwise known as clickstream data. If leveraged correctly, this clickstream data can be a powerful data source for organisations as it provides detailed information about how their customers are interacting with their digital channels. Much of the current literature associated with clickstream data relates to organisations employing it within their customer relationship management mechanisms to build better relationships with their customers. There has been little investigation into the use of clickstream data in credit scoring or arrears prediction. Since the financial meltdown of 2008, financial institutions have being obliged to have mechanisms in place to deal with mortgage accounts which are in arrears or have a risk of entering arrears. A potentially crucial step in this process is the ability of an institution to accurately predict which of their mortgage accounts may enter arrears. In addition to traditional demographical and transactional data, this research determines the impact clickstream data can have on an arrears prediction model. A multitude of binary classifiers were reviewed in this arrears prediction problem. Of these classifiers, ensembles models proved to be the highest performing models achieving reasonably high recall accuracies without the inclusion of clickstream data. Once clickstream data was added to the models, it led to marginal increases in accuracy, which was a positive result

Security, Trust and Privacy (STP) Model for Federated Identity and Access Management (FIAM) Systems

The federated identity and access management systems facilitate the home domain organization users to access multiple resources (services) in the foreign domain organization by web single sign-on facility. In federated environment the user’s authentication is performed in the beginning of an authentication session and allowed to access multiple resources (services) until the current session is active. In current federated identity and access management systems the main security concerns are: (1) In home domain organization machine platforms bidirectional integrity measurement is not exist, (2) Integrated authentication (i.e., username/password and home domain machine platforms mutual attestation) is not present and (3) The resource (service) authorization in the foreign domain organization is not via the home domain machine platforms bidirectional attestation

New Concepts for Efficient Consumer Response in Retail Influenced by Emerging Technologies and Innovations

The retail industry is continuously confronted with new challenges and experiences a transformation from a supplier’s market to a buyer's market. It is, thus, essential for the retail industry to consequently focus on, anticipate and fulfil consumer’s demands. Technologies and innovative business solutions can help to support to establish a required customer experience and, thereby, gain a competitive advantage. A multitude of new services and products, channels as well as players can already be identified which drive the transformation. Therefore, retailers need to understand current trends and technologies and identify as well as implement relevant solutions for their transformation since otherwise, new players will dominate the market. Hence, this dissertation aims to review and analyse new technologies which are coupled with innovative business activities in order to provide customer-centric retailing. For this purpose, this dissertation consists of five articles and derives four major contributions which introduce different approaches to establishing consumer satisfaction. Firstly, a core technology for retail is artificial intelligence (AI) which can be meaningful applied along the entire value chain and improve retailers’ positions. Two focus areas have been identified in this context which are (i) the optimisation of the entire retail value chain with the help of AI with the aim to derive transparency and (ii) the improvement of consumer satisfaction and relationship. Secondly, focussing on the consumer-retailer relationship in the digital era, a concept with a data architecture is proposed based on a real use case. The outcome was that a specific customer orientation based on data can increase the brand value and sales volume. Thirdly, the work presents that new shopping concepts, named unmanned store concepts, gain continuous growth. Unmanned store concepts employ a variety of new technologies, are characterised by attributes of speed, ease, as well as comfort, and are deemed to be the new ideal of the expectations of modern buyers. Two different directions have been deeper analysed: (i) walk-in stores and (ii) automated vending machines. The critical success factors for the usage of unmanned store solutions are distance as well as high consumer affinity for innovations. In times of the COVID-19 pandemic, which has a huge impact on retail, a continuous innovation capability still needs to be established. Finally, this work introduces a tool for systematic innovation management considering the current circumstances. Taken as a whole, this dissertation with its five articles deals with significant research questions which have not been approached so far. Thereby, the literature is extended by the introduction of novel insights and the provision of a deeper understanding of how retailers can transform their business into a more consumer-oriented way

Equality in the City

This collection critiques the rhetoric of ‘smart cities’. It seeks to engender a timely debate about what future cities might look like and what their concerns should be. Using a multi-disciplinary perspective, it features acclaimed scholars whose work investigates the proposed networked digital technologies that ostensibly affect planning policies, control infrastructures and deliver and manage city services and systems. The contributors offer insights into how future cities might be envisaged, planned and executed in order to be more ‘equal’.   

Equality in the City

This collection critiques the rhetoric of ‘smart cities’. It seeks to engender a timely debate about what future cities might look like and what their concerns should be. Using a multi-disciplinary perspective, it features acclaimed scholars whose work investigates the proposed networked digital technologies that ostensibly affect planning policies, control infrastructures and deliver and manage city services and systems. The contributors offer insights into how future cities might be envisaged, planned and executed in order to be more ‘equal’

Security, Privacy, Confidentiality and Integrity of Emerging Healthcare Technologies: A Framework for Quality of Life Technologies to be HIPAA/HITECH Compliant, with Emphasis on Health Kiosk Design

This dissertation research focused on the following: 1. Determined possible vulnerabilities that exist in multi-user kiosks and the computer systems that make up multi-user kiosk systems. 2. Developed an evaluation system and audit checklist for multi-user kiosk systems adapted from the Office for Civil Rights (OCR) audit protocols to address the vulnerabilities identified from our research. 3. Improved the design of a multi-user health kiosk to meet the HIPAA/HITECH standards by incorporating P&S policies. 4. Explored the feasibility and preliminary efficacy of an intervention to explore the magnitude of differences in users’ perceived risk of privacy and security (P&S) breaches as well as correlation between perceived risk and their intention to use a multi-user health kiosk. A gap analysis demonstrated that we successfully incorporated 81% of our P&S polices into the current design of our kiosk that is undergoing pilot testing. This is higher than our initial target of 50%. Repeated measures ANOVA was performed to analyze baseline and six-month follow-up of 36 study participants to measure the magnitude of the change in their “perceived risk”. Results from the ANOVA found significant group-by-time interaction (Time*Group) F (2, 33) = .27, P=.77, ηp2=.02, significant time interaction F (1, 33) = 4.73, P=.04, ηp2=.13, and no significant group interaction F (2, 33) =1.27, P=.30 ηp2=.07. The study intervention was able to significantly reduce users’ “perceived risk with time (baseline and six-month follow-up), even though the magnitude of the change was small. We were however, unable to perform the correlation analysis as intended since all the kiosk participants used in the analysis intended to use the kiosk both at baseline and at six-month follow-up. These findings will help in direct research into methods to reduce “perceived risk” as well as using education and communication to affect human behavior to reduce risky behavior on both internal and external use of new health IT applications and technologies. It could then serve as framework to drive policy in P&S of health applications, technologies and health IT systems