Interoperable Credentials Management for Wholesale Banking

A gap exists between wholesale-banking business practices and security best practices: wholesale banks operate within the boundaries of contract law, while security best practices often relies upon a benevolent trusted party outside the scope of straightforward contracts. While some business domains may be able to bridge this gap, the ultra-high-value transactions used in business-to-business banking substantially increase the size of the gap. The gap becomes most apparent when regarded from the perspective of interoperability. If a single user applies the same credential to sign high-value transactions at multiple banks, then the trusted-party model becomes overly cumbersome and conflicts with an acceptable concept of liability. This paper outlines the business complexities of wholesale banking and proposes a solution called Partner Key Management (PKM). PKM technology manages the credentials required to authenticate users and sign transactions. This paper presents PKM technology by describing an interoperable protocol, requisite data structures, and an interoperable XML definition. The paper uses formal methods to demonstrate a security equivalence between revocation options within PKM against the security offered by the traditional Public Key Infrastructure (PKI), a technology that features the benevolent trusted party

Real Estate Equity Investments and the Institutional Lender: Nothing Ventured, Nothing Gained

We consider a setup in which the channel from Alice to Bob is less noisy than the channel from Eve to Bob. We show that there exist encoding and decoding which accomplish error correction and authentication simultaneously; that is, Bob is able to correctly decode a message coming from Alice and reject a message coming from Eve with high probability. The system does not require any secret key shared between Alice and Bob, provides information theoretic security, and can safely be composed with other protocols in an arbitrary context

Value-driven Security Agreements in Extended Enterprises

Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example

Holding Up Half the Sky

Through our in-depth research conducted in 2006-2007, we have concluded that the most critical need of women and girls in Fairfield County is economic security for low-income working women, especially single working mothers. Due in part to the high cost of living in our area, economic security was a recurring theme in almost every avenue of our research. As the most economically vulnerable population in our region, low-income working women need jobs with fair wages and benefits that will support high quality child care, stable housing, health care, as well as the education and skills necessary to improve their position over the course of their lives. A position of economic security enables women and children to move beyond a daily struggle of making ends meet and trading one basic need, such as food, medicine or rent, for another

Registration of Stock Spin-Offs Under the Securities Act of 1933

Dermal exposure to chemicals is highly relevant in relation to the use of cosmetic products, both in consumers and in individuals exposed occupationally. Regulatory frameworks exist within the EU to limit the dermal exposure of the general population and workers to chemicals in general, as well as to limit the use of certain substances in cosmetic products. The objective of the study was to investigate and compare toxicological evaluations of dermal exposure performed under current regulatory frameworks. The publicly disseminated hazard information under the respective regulatory frameworks was compiled and compared for the five substances resorcinol, p-phenylenediamine, p-aminophenol, N-phenyl-p-phenylenediamine, and diethylene glycol monoethyl ether. A low consistency between evaluations was observed in respect to data coverage and cited dose descriptors. No systematic differences over all five substances were identified from the viewpoint of dermal hazard assessment. The critical effect and corresponding systemic effect dose descriptor was identical for two substances, differed somewhat for two other (a factor of 2-2.5). For N-phenyl-p-phenylenediamine a critical effect was only identified under REACH.QC 20140310</p

New York Women's Foundation Brooklyn Borough Brief

This brief provides demographic and descriptive data of Brooklyn, provides an overview of NYWF's investments in the borough, and highlights the work of grantee partners based in Brooklyn. The profile includes participant success stories from the field as well as a discussion of ongoing challenges. Information included in this report is generated from regular performance reports provided by grantee partners

UK security breach investigations report: an analysis of data compromise cases

This report, rather than relying on questionnaires and self-reporting, concerns cases that were investigated by the forensic investigation team at 7Safe. Whilst removing any inaccuracies arising from self-reporting, the authors acknowledge that the limitation of the sample size remains. It is hoped that the unbiased reporting by independent investigators has yielded interesting facts about modern security breaches. All data in this study is based on genuine completed breach investigations conducted by the compromise investigation team over the last 18 months

Time for a Change: The Case for LGBT-Inclusive Workplace Leave Laws and Nondiscrimination Protections

When Americans need time off work to recover from illness, bond with a new child, or care for a seriously ill family member, they often discover that their jobs provide little or no support. These important life moments can be especially difficult for lesbian, gay, bisexual, and transgender (LGBT) workers to navigate. LGBT workers who need time off for personal health or family caregiving reasons often find themselves lost in a maze of legal questions:Am I entitled to any leave from work, and if so, is it job-protected and/or paid?Do any federal, state, or local laws provide protection or guarantee paid leave?Are my family relationships recognized under the law or my employer's personnel policies?Can I be fired from my job for disclosing that I am in a same-sex relationship or have an LGBT family?In April 2013, A Better Balance issued a comprehensive report to address these critical questions. Given significant developments in the law regarding LGBT Americans, as well as passage of several new state and local workplace leave laws, A Better Balance released this updated version of the report in November 2013