Identity Trust Framework for iGaming

The online gambling community, or the iGaming industry in the United States has individual solutions and a mix of classic processes to manage universal customer identity but it lacks a standard identity management framework in which to enroll new iGaming users, monitor those users and ensure secure transactions, which leaves it open to identity theft and financial fraud. The iGaming industry offers online poker, sports betting and casino table games. iGaming providers (provider/providers) include companies such as PartyPoker.com, Pokerstars.com, Bovada.com, BetOnline.com among others. An iGaming player (player/players) is anyone who plays to gamble on games through the Internet. This report focuses on the requirements and specification for an Identity Trust Framework to enhance security and privacy in the United States iGaming industry and players.Informatio

The Review of Non-Technical Assumptions in Digital Identity Architectures

The literature on digital identity management systems (IdM) is abundant and solutions vary by technology components and non-technical requirements. In the long run, however, there is a need for exchanging identities across domains or even borders, which requires interoperable solutions and flexible architectures. This article aims to give an overview of the current research on digital identity management. We conduct a systematic literature review of digital identity solution architectures and extract their inherent non-technical assumptions. The findings show that solution designs can be based on organizational, business and trust assumptions as well as human-user assumptions. Namely, establishing the trust relationships and collaborations among participating organizations; human-users capability for maintaining private cryptographic material or the assumptions that win-win business models could be easily identified. By reviewing the key findings of solutions proposed and looking at the differences and commonalities of their technical, organizational and social requirements, we discuss their potential real-life inhibitors and identify opportunities for future research in IdM

Improving the Security Levels of E-government Processes within Public Administration through the Establishment of Improved Security Systems

Processes that are related to the identification and the authentication of persons and other legal entities have been necessarily existing and functioning for a while in public administration and business. Information Society offers new e-services for citizens and businesses, which dramatically change the administration and results additional challenges, risks and opportunities. Citizen’s confidence and trust to services has to be improved, meanwhile several requirements, like data protection, privacy and legal requirements has to be satisfied. The usual business process of identification of the corresponding entity is generally based on some trivial control mechanism, typically password identification. In order to keep up the trust of the public in the public administration activities, the process for entity identification (both person and legal entity) should be amended taken in account the business and security consideration. Identity management solutions show intriguing variation of approaches in Europe, they are at a different maturity level of services. Our paper gives an overview about the most frequently cited identity management architectures (namely: Liberty Alliance Architecture, IDABC, Sibboleth, Government Gateway Model and Austrian Model) and presents an identity management framework (based on the PKI, but improved it), customized for the Hun-garian specialities, which offer possibilities to improve the related services quality. The goal of this paper is to show a solution for the improvement of the identity management solution for e-government processes through the development of security mechanisms making use of the readily avail-able technologies

Patterns of Federated Identity Management Systems as Architectural Reconfigurations

This paper proposes a formal model of Federated Identity Management systems (FIMs) in terms of architectural design rewriting. FIMs allow cross-domain user authentication to enable access control across the organisations under the concept known as Circle of Trust (CoT). Patterns of FIMs emerged as recurring CoT scenarios due to the fact that each of the pattern has different security and trust requirements. This paper proposes a formal model for FIMs to characterise their patterns as architectural styles. More precisely, an architectural style is given to precisely pinpoint all possible legal configurations of the CoT in terms of the patterns. The proposed model is specified through style-consistent (graphical) designs in terms of architectural design rewriting (ADR)

Trust, Identity, Privacy, and Security Considerations For Designing a Peer Data Sharing Platform Between People Living With HIV

Resulting from treatment advances, the Human Immunodeficiency Virus(HIV) is now a long-term condition, and digital solutions are being developed to support people living with HIV in self-management. Sharing their health data with their peers may support self-management, but the trust, identity, privacy and security (TIPS) considerations of people living with HIV remain underexplored. Working with a peer researcher who is expert in the lived experience of HIV, we interviewed 26 people living with HIV in the United Kingdom (UK) to investigate how to design a peer data sharing platform. We also conducted rating activities with participants to capture their atitudes towards sharing personal data. Our mixed methods study showed that participants were highly sophisticated in their understanding of trust and in their requirements for robust privacy and security. Tey indicated willingness to share digital identity atributes, including gender, age, medical history, health and well-being data, but not details that could reveal their personal identity. Participants called for TIPS measures to foster and to sustain responsible data sharing within their community. Tese findings can inform the development of trustworthy and secure digital platforms that enable people living with HIV to share data with their peers and provide insights for researchers who wish to facilitate data sharing in other communities with stigmatised health conditions

Trust, Identity, Privacy, and Security Considerations for Designing a Peer Data Sharing Platform Between People Living With HIV

Resulting from treatment advances, the Human Immunodeficiency Virus (HIV) is now a long-term condition, and digital solutions are being developed to support people living with HIV in self-management. Sharing their health data with their peers may support self-management, but the trust, identity, privacy and security (TIPS) considerations of people living with HIV remain underexplored. Working with a peer researcher who is expert in the lived experience of HIV, we interviewed 26 people living with HIV in the United Kingdom (UK) to investigate how to design a peer data sharing platform. We also conducted rating activities with participants to capture their attitudes towards sharing personal data. Our mixed methods study showed that participants were highly sophisticated in their understanding of trust and in their requirements for robust privacy and security. They indicated willingness to share digital identity attributes, including gender, age, medical history, health and well-being data, but not details that could reveal their personal identity. Participants called for TIPS measures to foster and to sustain responsible data sharing within their community. These findings can inform the development of trustworthy and secure digital platforms that enable people living with HIV to share data with their peers and provide insights for researchers who wish to facilitate data sharing in other communities with stigmatised health conditions

Digital identity modelling and management

University of Technology, Sydney. Faculty of Engineering.User identification and authentication is the first and most important aspect of identity management in maintaining security and privacy of users and their assets. Due to the open nature of the Internet, without reliable identification and authentication, subsequent security and privacy protections become worthless. Amid the increase of the number of online services and users, identity fraud is on the increase. It has been widely reported that identity fraud costs the industry many billions of dollars each year around the world. Perpetrators use false identities to engage in fraudulent activities. False identities can be established in one of two ways: (i) creating fictitious identity by manufacturing, forging or fraudulently obtaining legitimate documentation to satisfy proof of identity (POI) requirements, and (ii) stealing or forging someone else’s identity from an actual person (living or dead) such as passwords, security tokens or biometric information. One of the effective ways to prevent identity fraud is to build defence against the use of false identities. Use of false identities can be prevented by implementing strong authentication, using multi-factor identity proofing (during service enrolment phase) and multifactor identity authentication (during service delivery sessions). To balance convenience and security, the strength of the authentication needs to match the required level of trust. If the implemented strength is lower than the required level of trust, it may introduce risk of fraudulent activities. On the other hand if the implemented strength is higher than the required level of trust, it may introduce inconvenience to the user, preventing the usage. To solve this issue, we propose CaMa (Credential Attribute Mapping) models to calculate the strength of authentication for multi-factor identity proofing and multifactor identity authentication scenarios. The strengths are calculated from the desired properties of identities and presented in two ways, (i) a process of summation of the weighting index of the desirable properties, and (ii) application of information theory. Further, a scheme for constructing digital representations of personal identities from conventional identity documents such as birth certificates, citizenship certificates, passports, driving licences, bank card and photo ID is also proposed. This digital representation of personal identity along with the concept of (i) active credentials, (ii) trusted identity providers, (iii) secure assertion protocol such as SAML and with the (iv) established policies and procedures, enable a user to assert their identity to a remote online service provider that request the proof of identity (POI) requirements. Thus, it will help freeing users from the limitation of personal presence during service enrolment. For example, in this way, it will be possible to open a bank account in the USA by remotely submitting trusted identity credentials online from Australia

Continuous trust management frameworks : concept, design and characteristics

PhD ThesisA Trust Management Framework is a collection of technical components and governing rules and contracts to establish secure, confidential, and Trustworthy transactions among the Trust Stakeholders whether they are Users, Service Providers, or Legal Authorities. Despite the presence of many Trust Frameworks projects, they still fail at presenting a mature Framework that can be Trusted by all its Stakeholders. Particularly speaking, most of the current research focus on the Security aspects that may satisfy some Stakeholders but ignore other vital Trust Properties like Privacy, Legal Authority Enforcement, Practicality, and Customizability. This thesis is all about understanding and utilising the state of the art technologies of Trust Management to come up with a Trust Management Framework that could be Trusted by all its Stakeholders by providing a Continuous Data Control where the exchanged data would be handled in a Trustworthy manner before and after the data release from one party to another. For that we call it: Continuous Trust Management Framework. In this thesis, we present a literature survey where we illustrate the general picture of the current research main categorise as well as the main Trust Stakeholders, Trust Challenges, and Trust Requirements. We picked few samples representing each of the main categorise in the literature of Trust Management Frameworks for detailed comparison to understand the strengths and weaknesses of those categorise. Showing that the current Trust Management Frameworks are focusing on fulfilling most of the Trust Attributes needed by the Trust Stakeholders except for the Continuous Data Control Attribute, we argued for the vitality of our proposed generic design of the Continuous Trust Management Framework. To demonstrate our Design practicality, we present a prototype implementing its basic Stakeholders like the Users, Service Providers, Identity Provider, and Auditor on top of the OpenID Connect protocol. The sample use-case of our prototype is to protect the Users’ email addresses. That is, Users would ask for their emails not to be iii shared with third parties but some Providers would act maliciously and share these emails with third parties who would, in turn, send spam emails to the victim Users. While the prototype Auditor would be able to protect and track data before their release to the Service Providers, it would not be able to enforce the data access policy after release. We later generalise our sample use-case to cover various Mass Active Attacks on Users’ Credentials like, for example, using stolen credit cards or illegally impersonating third-party identity. To protect the Users’ Credentials after release, we introduce a set of theories and building blocks to aid our Continuous Trust Framework’s Auditor that would act as the Trust Enforcement point. These theories rely primarily on analysing the data logs recorded by our prototype prior to releasing the data. To test our theories, we present a Simulation Model of the Auditor to optimise its parameters. During some of our Simulation Stages, we assumed the availability of a Data Governance Unit, DGU, that would provide hardware roots of Trust. This DGU is to be installed in the Service Providers’ server-side to govern how they handle the Users’ data. The final simulation results include a set of different Defensive Strategies’ Flavours that could be utilized by the Auditor depending on the environment where it operates. This thesis concludes with the fact that utilising Hard Trust Measures such as DGU without effective Defensive Strategies may not provide the ultimate Trust solution. That is especially true at the bootstrapping phase where Service Providers would be reluctant to adopt a restrictive technology like our proposed DGU. Nevertheless, even in the absence of the DGU technology now, deploying the developed Defensive Strategies’ Flavours that do not rely on DGU would still provide significant improvements in terms of enforcing Trust even after data release compared to the currently widely deployed Strategy: doing nothing!Public Authority for Applied Education and Training in Kuwait, PAAET

TCG based approach for secure management of virtualized platforms: state-of-the-art

There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms