55 research outputs found
State of the art of electronic signatures
Die Sicherheit von elektronischer Kommunikation und von Transaktionen ist ein kritisches Thema heutzutage. Um VertrĂ€ge online abzuschlieĂen ist ein hoher Sicherheitsstandard notwendig und das Thema âDigitale Signatur" damit ein integrativer Bestandteil jeder digitalen GeschĂ€ftsdurchfĂŒhrung.
In diesem Zusammenhang wurden 44 LÀnder untersucht, darunter alle 27 EU-Mitgliedsstaaten, 3 BewerberlÀnder und 14 weitere europÀische Staaten und in einer strukturierten Zusammenschau in den Dimensionen rechtliche Rahmenbedingungen, technische Standards und Marktdurchdringung zusammengefasst.
Um einen allgemeinen Eindruck ĂŒber die aktuelle Situation in jedem Land zu gewinnen, wurde eine erste Internetrecherche gestartet, ein Fragenkatalog zusammengestellt und per e-Mail ausgesandt, sowie Kontakte mit verschiedenen Institutionen und Unternehmen aufgebaut.
Die eingeholten Informationen wurden in der Studie zusammengefasst. Zum Zweck der Ăbersichtlichkeit wurde die Studie stark strukturiert und subjektive Interpretationen bewusst ausgelassen um die Fakten fĂŒr sich sprechen zu lassen.
Die VollstÀndigkeit der gesammelten Daten wird reflektiert in der LÀnderklassifikation.
Um einen raschen Ăberblick zu erlangen wurde am Ende jeder LĂ€nderanalyse eine Tabelle erstellt, welche die Entwicklung des Landes in Bezug auf digitale Signaturstandards zusammenfasst, sowie eine Bewertung in Hinblick auf verfĂŒgbare Information und Entwicklungsstand enthĂ€lt.
Die aktuelle Studie demonstriert auf deutliche Art und Weise, dass es keine globale Implementierung von digitaler Signatur bis jetzt erreicht wurde, hauptsĂ€chlich durch eine technische InteroperabilitĂ€t der Systeme, Prozesse und Konfigurationen, wobei die rechtlichen Rahmenbedingungen nicht das Hindernis sind. Es ist nicht schwer zu verstehen, dass eine grenzĂŒberschreitende Adoption der digitalen Signatur nicht auf dies Art und Weise realisierbar ist.Today we live in an e-era, where the topic of Internet security and safety is inevitable. To realize a secure transaction and contract signing via Internet, it is necessary to give a great attention to the subject of digital signatures.
In this context, 44 countries have been surveyed (27 EU member countries, 3 EU-member candidates, 14 other European countries) and a structured synopsis has been compiled in the dimensions legal framework, technical standards and market penetration.
To obtain a general idea about the current state in the country, an Internet research was started. Furthermore, a list of questions was sent out via e-mail to different companies and agencies and a lot of contacts were established.
The collected information was pulled together and compiled in the following study.
For purpose of clarity, the study is structured in-depth and subjective interpretations are left out to let the facts speak for themselves.
To gain a fast overview, tables sum up the countries development concerning electronic signature standards and rating them in regard of available information and development in different categories.
The present study demonstrates quite clearly that no wide-area implementation of digital signatures has been achieved yet, mostly because of lacking technical interoperability of systems, processes and configurations, while the uniform legal framework is certainly not the barrier. It is not very hard to understand that the benefits of a broad adoption of digital signature in the European economic area cannot be realized this way
Mobile payments : what we can learn from the past
Thesis (M.B.A.)--Massachusetts Institute of Technology, Sloan School of Management, 2006.Includes bibliographical references (leaf 74).Over the last decade, there has been a proliferation of mobile payments systems (MPS). Close to 150 MPS currently exist in the world according to the Bank for International Settlement records (BIS). Mobile payments (MP) markets are at different stages of development depending on countries. However, most of them are going through their embryonic or early phases. According to the theory, at this fluid stage, where no dominant design has emerged, it is nearly impossible to predict industry evolution. This paper tests the hypothesis that (i) because the MP industry is a path dependent system rather than a hysteresis system whose state depends on their immediate history, (ii) we can actually rely on accumulated experiences (success and failures) to narrow markets options in terms of dominant players and speed of adoption. In this paper, we elaborate a classification matrix of payment services and using the Weil-Utterback system dynamic model of the diffusion of innovation we analyze the main loops at play in US, Europe and Japan. In the process we provide numerous examples of MPS and several case studies. The key take aways of our analysis are that (i) incumbents are likely to dominate the offering of mobile payments services. (ii) in the next three to five years, US rate of adoption is likely to be faster than the European one.by Gladys Priso.M.B.A
Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15
Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville
Leveraging the Cloud for Software Security Services.
This thesis seeks to leverage the advances in cloud computing in order to address modern
security threats, allowing for completely novel architectures that provide dramatic
improvements and asymmetric gains beyond what is possible using current approaches.
Indeed, many of the critical security problems facing the Internet and its users are inadequately
addressed by current security technologies. Current security measures often are deployed
in an exclusively network-based or host-based model, limiting their efficacy against
modern threats. However, recent advancements in the past decade in cloud computing and
high-speed networking have ushered in a new era of software services. Software services
that were previously deployed on-premise in organizations and enterprises are now being
outsourced to the cloud, leading to fundamentally new models in how software services are
sold, consumed, and managed.
This thesis focuses on how novel software security services can be deployed that leverage
the cloud to scale elegantly in their capabilities, performance, and management. First,
we introduce a novel architecture for malware detection in the cloud. Next, we propose
a cloud service to protect modern mobile devices, an ever-increasing target for malicious
attackers. Then, we discuss and demonstrate the ability for attackers to leverage the same
benefits of cloud-centric services for malicious purposes. Next, we present new techniques
for the large-scale analysis and classification of malicious software. Lastly, to demonstrate
the benefits of cloud-centric architectures outside the realm of malicious software,
we present a threshold signature scheme that leverages the cloud for robustness and resiliency.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/91385/1/jonojono_1.pd
Designing an architecture for secure sharing of personal health records : a case of developing countries
Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: âCan personal health records be stored securely and usefully on mobile phones?â In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access
Nuevo marco de autenticaciĂłn para tarjetas inteligentes en red. AplicaciĂłn al pago electrĂłnico en entornos inalĂĄmbricos
En la actualidad, la importancia de la seguridad de la InformaciĂłn y de las
Comunicaciones resulta incuestionable. En este contexto, la relevancia de la autenticación fiable entre entidades queda también patente en una diversidad de aspectos cotidianos. Por sus cualidades y ventajas como módulo criptogråfico, la tarjeta inteligente ha desarrollado un papel fundamental en la autenticación de usuarios. Esta tesis doctoral estudia el proceso de transformación que estå atravesando actualmente y que la convierte en un equipo con conectividad a la red, dentro de la Nueva Generación de Tarjetas Inteligentes. De esta evolución, resultan una variedad de implicaciones, que se expanden transversalmente desde el momento que dicha tarjeta se integra en la red.
En el presente trabajo se trata dicha integraciĂłn exclusivamente desde la perspectiva de los mecanismos de autenticaciĂłn involucrados. Pero, Âżhacia dĂłnde evoluciona esa red?.
Una diversidad de redes de acceso, entre las que destacan las tecnologĂas inalĂĄmbricas y
los dispositivos multimodo, van a conformar un panorama global del que las tarjetas
inteligentes, actuales y futuras, deberĂĄn participar. ÂżSe pueden hacer mĂĄs robustos y
seguros los esquemas actuales de autenticación remota para éstas?. ¿En qué medida han sido diseñados para ser adaptados a estas nuevas circunstancias?. Esta tesis aborda la problemåtica de una forma conjunta, atendiendo al esquema de autenticación extremo-a-extremo y plantea un nuevo Marco de Autenticación para Tarjetas Inteligentes en
Red bajo cuyo paraguas podemos modelar, analizar e incluso proponer una arquitectura
de protocolos de autenticaciĂłn remota para las tarjetas inteligentes actuales y venideras.
Tras el diseño y la implementación acorde con dicha arquitectura y una evaluación de
las funcionalidades previstas, se realiza una aplicaciĂłn sobre un escenario realista de
pago electrĂłnico en entornos inalĂĄmbricos; por un lado demostrando la viabilidad de la
propuesta y, por otro, incidiendo en su versatilidad, que le permite ser robusta ante la transformaciĂłn que les conduce hacia esa nueva generaciĂłn
Identidade digital federada globaliD
Mestrado em Engenharia de Computadores e TelemåticaO presente texto propÔe uma solução para a gestão de identidade digital
online tendo em conta a versatilidade, o anonimato, a privacidade, a
veracidade, a credibilidade e a responsabilidade do utilizador, recorrendo para
isso ao uso do CartĂŁo de CidadĂŁo ElectrĂłnico Nacional PortuguĂȘs e a outros
meios de autenticação pĂșblicos usados diariamente pelos utilizadores. A
dissertação é composta pela apresentação do conceito de identidade e das
suas particularidades, por uma anĂĄlise aos vĂĄrios problemas da gestĂŁo da
informação pessoal online, uma anålise aos vårios modelos, mecanismos e
especificaçÔes existentes para gerir a identidade digital online (gestão de
identidade digital). Uma solução de gestão de identidade digital baseada no
modelo de identidade federada e associada ao CartĂŁo do CidadĂŁo ElectrĂłnico
Nacional PortuguĂȘs Ă© apresentada, descrita, analisada, avaliada e comparada
com outras soluçÔes existentes.
Por fim um protĂłtipo de um provedor de identidades digitais federadas
baseado na solução de gestão de identidade digital proposta é apresentado.The following text provides a solution for the digital identity management on the
Web regarding the usersâ versatility, anonymity, privacy, veracity,
trustworthiness and accountability by using the Portuguese National Electronic
Citizen Identity Card and other publicly available authentication mechanisms
users use daily. The dissertation consists of the presentation of the concept of
identity and its particularities, an analysis to the several problems of managing
personal information online, and an analysis to the several existing models,
mechanisms and specifications for the management of the digital identity online
(digital identity management). A solution for digital identity management based
on the federated identity model and associated to the Portuguese National
Electronic Citizen Identity Card is introduced, described, analyzed, evaluated
and compared to other several existing solutions. Last, a prototype of a
federated digital identity provider based on the purposed solution for digital
identity management is presented
Analysing the behaviour of a smart card based model for secure communication with remote computers over the internet
This dissertation presents the findings of a generic model aimed at providing secure communication with remote computers via the Internet, based on smart cards. The results and findings are analysed and presented in great detail, in particular the behaviour and performance of smart cards when used to provide the cryptographic functionality. Two implemented models are presented. The first model uses SSL to secure the communication channel over the Internet while using smart cards for user authentication and storage of cryptographic keys. The second model presents the SSH for channel security and smart cards for user authentication, key storage and actual encryption and decryption of data. The model presented is modular and generic by nature, meaning that it can easily be modified to accept the newer protocol by simply including the protocols in a library and with a minor or no modification to both server and client application software. For example, any new algorithm for encryption, key exchange, signature, or message digest, can be easily accommodated into the system, which proves that the model is generic and can easily be integrated into newer technologies. Similarly, smart cards are used for cryptography. Two options are presented: first the smart cards only store the algorithm keys and user authentication, and secondly, smart cards are used for storing the algorithm keys, user authentication, and actual data encryption or decryption, as the requirement may dictate. This is very useful, for example, if data to be transferred is limited to a few bytes, then actual data encryption and decryption is performed using smart cards. On the other hand, if a great deal of data is to be transferred, then only authentication and key storage are performed with smart cards. The model currently uses 3DES with smart card encryption and decryption, because this is faster and consumes fewer resources when compared to RSA. Once again, the model design is flexible to accommodate new algorithms such as AES or IDEA. Important aspects of the dissertation are the study and analysis of the security attacks on smart card use. Several smart card attack scenarios are presented in CHAPTER 3, and their possible prevention is also discussed in detail. AFRIKAANS : Hierdie verhandeling bied die bevindinge van 'n generiese model wat daarop gemik is om veilige kommunikasie te voorsien met 'n afstandsrekenaar via die Internet en op slimkaarte gebaseer. Die resultate en bevindings word ontleed en breedvoerig aangebied, veral die gedrag en werkverrigting van slimkaarte wanneer hulle gebruik word om die kriptografiese funksionaliteit te voorsien. Daar word twee geĂŻmplementeerde modelle aangebied. Die eerste model gebruik SSL om die kommunikasiekanaal oor die Internet te beveilig terwyl slimkaarte vir gebruikerbekragtiging en stoor van kriptografiese sleutels gebruik word. Die tweede model bied die SSH vir kanaalsekuriteit en slimkaarte vir gebruikergeldigheidvasstelling, sleutelstoor en werklike kodering en dekodering van data. Die model wat aangebied word, is modulĂȘr en generies van aard, wat beteken dat dit maklik gewysig kan word om die jongste protokolle te aanvaar deur bloot die protokolle by 'n programbiblioteek met geringe of geen wysiging van beide die bediener- en kliĂ«nttoepassingsagteware in te sluit. Byvoorbeeld, enige nuwe algoritme vir kodering, sleuteluitruiling, handtekening of boodskapbondeling kan maklik in die stelsel gehuisves word, wat bewys dat die model generies is en maklik in jonger tegnologieĂ« geĂŻntegreer kan word. Slimkaarte word op soortgelyke wyse vir kriptografie gebruik. Daar word twee keuses aangebied: eerstens stoor die slimkaarte slegs die algoritmesleutels en gebruikergeldigheidvasstelling en tweedens word slimkaarte gebruik om die algoritmesleutels, gebruikergeldigheidvasstelling en werklike datakodering en âdekodering te stoor na gelang van wat vereis word. Dit is baie nuttig, byvoorbeeld, wanneer data wat oorgedra moet word, tot 'n paar grepe beperk is, word die eintlike datakodering en â dekodering uitgevoer deur slimkaarte te gebruik. Andersyds, indien 'n groot hoeveelheid data oorgedra moet word, word slegs geldigheidvasstelling en stoor met slimkaarte uitgevoer. Die model gebruik tans 3DES met slimkaartkodering en âdekodering omdat dit vinniger is en minder hulpbronne gebruik vergeleke met RSA. Die modelontwerp is weer eens buigsaam om nuwe algoritmes soos AES of IDEA te huisves. Nog 'n belangrike aspek van die verhandeling is om die sekuriteitaanvalle op slimkaartgebruik te ondersoek en te ontleed. Verskeie slimkaartaanvalscenario's word in Hoofstuk 3 aangebied en die moontlike voorkoming daarvan word ook breedvoerig bespreek.Dissertation (MEng)--University of Pretoria, 2011.Electrical, Electronic and Computer Engineeringunrestricte
Design of smart card enabled protocols for micro-payment and rapid application development builder for e-commerce.
by Tsang Hin Chung.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 118-124).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Authentication and Transaction Protocol --- p.2Chapter 1.2 --- E-Commerce Enabler --- p.3Chapter 2 --- Literature Review --- p.4Chapter 2.1 --- Cryptographic Preliminaries --- p.4Chapter 2.1.1 --- One-Way Hash Function --- p.4Chapter 2.1.2 --- Triple DES --- p.5Chapter 2.1.3 --- RSA --- p.7Chapter 2.1.4 --- Elliptic Curve --- p.8Chapter 2.2 --- Smart Cards --- p.8Chapter 2.2.1 --- Smart Card Operating Systems --- p.11Chapter 2.2.2 --- Java Card --- p.12Chapter 2.3 --- Authentication Protocol --- p.14Chapter 2.3.1 --- Properties --- p.15Chapter 2.3.2 --- Survey --- p.16Chapter 2.4 --- Transaction Protocol --- p.19Chapter 2.5 --- BAN Logic --- p.20Chapter 2.5.1 --- Notation --- p.20Chapter 2.5.2 --- Logical Postulates --- p.22Chapter 2.5.3 --- Protocol Analysis --- p.25Chapter 3 --- Authentication Protocol --- p.26Chapter 3.1 --- Formulation of Problem --- p.26Chapter 3.2 --- The New Idea --- p.27Chapter 3.3 --- Assumptions --- p.29Chapter 3.4 --- Trust Model --- p.29Chapter 3.5 --- Protocol --- p.30Chapter 3.5.1 --- Registration --- p.30Chapter 3.5.2 --- Local Authentication --- p.31Chapter 3.5.3 --- Remote Authentication --- p.33Chapter 3.5.4 --- Silent Key Distribution Scheme --- p.35Chapter 3.5.5 --- Advantages --- p.37Chapter 3.6 --- BAN Logic Analysis --- p.38Chapter 3.7 --- Experimental Evaluation --- p.43Chapter 3.7.1 --- Configuration --- p.44Chapter 3.7.2 --- Performance Analysis --- p.45Chapter 4 --- Transaction Protocol --- p.51Chapter 4.1 --- Assumptions --- p.52Chapter 4.2 --- Protocol --- p.55Chapter 4.3 --- Conflict Resolution Policy --- p.58Chapter 4.4 --- Justifications --- p.58Chapter 4.5 --- Experimental Evaluation --- p.59Chapter 4.5.1 --- Configuration --- p.59Chapter 4.5.2 --- Performance Analysis --- p.60Chapter 5 --- E-Commerce Builder --- p.65Chapter 5.1 --- Overview --- p.66Chapter 5.2 --- Design of Smart RAD --- p.68Chapter 5.2.1 --- Mechanism --- p.68Chapter 5.2.2 --- Java Card Layer --- p.69Chapter 5.2.3 --- Host Layer --- p.71Chapter 5.2.4 --- Server Layer --- p.72Chapter 5.3 --- Implementation --- p.73Chapter 5.3.1 --- Implementation Reflection --- p.73Chapter 5.3.2 --- Implementation Issues --- p.76Chapter 5.4 --- Evaluation --- p.77Chapter 5.5 --- An Application Example: Multi-MAX --- p.79Chapter 5.5.1 --- System Model --- p.79Chapter 5.5.2 --- Design Issues --- p.80Chapter 5.5.3 --- Implementation Issues --- p.80Chapter 5.5.4 --- Evaluation --- p.84Chapter 5.6 --- Future Work --- p.89Chapter 6 --- Conclusion --- p.91Chapter A --- Detail Experimental Result --- p.93Chapter A.1 --- Authentication Time Measurement --- p.94Chapter A.2 --- On-Card and Off-Card Computation Time in Authentication --- p.95Chapter A.3 --- Authentication Time with Different Servers --- p.96Chapter A.4 --- Transaction Time Measurement --- p.97Chapter A.5 --- On-card and Off-card Computation Time in Transaction --- p.97Chapter B --- UML Diagram --- p.99Chapter B.1 --- Package cuhk.cse.demo.applet --- p.99Chapter B.2 --- Package cuhk.cse.demo.client --- p.105Chapter B.3 --- Package server --- p.110Chapter C --- Glossary and Abbreviation --- p.115Bibliography --- p.11
- âŠ