Mobile qualified electronic signatures and certification on demand

Despite a legal framework being in place for several years, the market share of qualified electronic signatures is disappointingly low. Mobile Signatures provide a new and promising opportunity for the deployment of an infrastructure for qualified electronic signatures. We analyzed two possible signing approaches (server based and client based signatures) and conclude that SIM-based signatures are the most secure and convenient solution. However, using the SIM-card as a secure signature creation device (SSCD) raises new challenges, because it would contain the user’s private key as well as the subscriber identification. Combining both functions in one card raises the question who will have the control over the keys and certificates. We propose a protocol called Certification on Demand (COD) that separates certification services from subscriber identification information and allows consumers to choose their appropriate certification services and service providers based on their needs. We also present some of the constraints that still have to be addressed before qualified mobile signatures are possible

Mobile qualified electronic signatures for secure mobile brokerage

Despite a legal framework being in place for several years, the market share of qualified electronic signatures is disappointingly low. Mobile Signatures provide a new and promising opportunity for the deployment of an infrastructure for qualified electronic signatures. We that SIM-based signatures are the most secure and convenient solution. However, using the SIM-card as a secure signature creation device (SSCD) raises new challenges, because it would contain the user’s private key as well as the subscriber identification. Combining both functions in one card raises the question who will have the control over the keys and certificates. We propose a protocol called Certification on Demand (COD) that separates certification services from subscriber identification information and allows consumers to choose their appropriate certification services and service providers based on their needs. This infrastructure could be used to enable secure mobile brokerage services that can ommit the necessity of TAN lists and therefore allow a better integration of information and transaction services

The Anonymous Poster: How to Protect Internet Users’ Privacy and Prevent Abuse

The threat of anonymous Internet posting to individual privacy has been met with congressional and judicial indecisiveness. Part of the problem stems from the inherent conflict between punishing those who disrespect one\u27s privacy by placing a burden on the individual websites and continuing to support the Internet\u27s development. Additionally, assigning traditional tort liability is problematic as the defendant enjoys an expectation of privacy as well, creating difficulty in securing the necessary information to proceed with legal action. One solution to resolving invasion of privacy disputes involves a uniform identification verification program that ensures user confidentiality while promoting accountability for malicious behavior

A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Identity theft: a pernicious and costly fraud

On October 3, 2003, the Payment Cards Center of the Federal Reserve Bank of Philadelphia sponsored a workshop on identity theft to examine its growing impact on participants in our payments system. Avivah Litan, vice president and research director of financial services for Gartner Inc., led the workshop. The discussion began and this paper follows with a broad study of identity theft, at times compared with traditional payment fraud, and continues with an evaluation of its overall risk to consumers, merchants, and credit providers. The paper compares the incentives each such party has to address identity theft in concert with current market response to the crime. Finally, the paper concludes by posing several questions for further study. This paper supplements material from Litan’s presentation with additional research on the crime of identity theft.Fraud ; Identity theft

Identity theft: do definitions still matter?

Despite a statutory definition of identity theft, there is a continuing debate on whether differences among the financial frauds associated with identity theft warrant further distinction and treatment, not only by lenders and financial institutions but also by consumers and regulatory and law enforcement agencies. In this Discussion Paper, Julia S. Cheney examines four types of financial fraud – fictitious identity fraud, payment card fraud, account takeover fraud, and true name fraud – that fall under the legal term identity theft to better understand how criminal behavior patterns, risks for consumers and lenders, and mitigation strategies vary depending upon the sort of data stolen, the type of account compromised, and the opportunity for financial gain. Three areas key to developing effective solutions that, in the view of the author, would benefit from further definitional delineations are identified: measuring the success (or failure) of efforts to fight this crime, educating consumers about the risks and responses to this crime, and coordinating mitigation strategies across stakeholders and geographies.Identity theft ; Fraud ; Credit cards