Efficient and complete remote authentication scheme with smart cards

99學年度洪文斌升等參考著作[[abstract]]A complete remote authentication scheme should provide the following security properties: (1) mutual authentication, (2) session key exchange, (3) protection of user anonymity, (4) support of immediate revocation capability, (5) low communication and computation cost, (6) resistance to various kinds of attacks, (7) freely choosing and securely changing passwords by users, and (8) without storing password or verification tables in servers. However, none of the existing schemes meets all the requirements. In this paper, along the line of cost effective approach using hash functions for authentication, we propose an efficient and practical remote user authentication scheme with smart cards to support the above complete security properties.[[conferencetype]]國際[[conferencedate]]20080617~20080620[[booktype]]紙本[[booktype]]電子版[[conferencelocation]]Taipei, Taiwa

Building Relationships That Last: Integrating Public Relations Into Web Design

This paper explores the relationship between web site design, public relations strategy, and a consumer\u27s intention to return to a web site. This relationship is defined through a model that explores the influence of information satisfaction, particularly when the web site design is congruent with the consumer\u27s expectations. The public relations dimension extends the consumer web site design model by interjecting a long-term focus on relationship building that organizations will need to make electronic commerce a viable investment in information technology resources. This is significant because it recognizes the importance of developing loyalty and trust online

Privacy on the internet : Investigation into corporate privacy policy of Australian large private sector organisations on the internet

The popularity of the Internet has been dramatically increased over recent years. The rapid growth of this technology and its international use has made it almost impossible to regulate the internet. As a result, the Internet has certainly provided freedoms to people and it has led to some abusing systems. Privacy is one of the major issues in the development of Electronic Commerce using the Internet. As an enormous amount of personal information is transmitted to several hosts connecting to the Internet, the information can be accessed by both authorised and unauthorised people. Although it is certain that there are several existing problems of using the Internet for business activities, many organisations have already started using it. It is believed that the Internet provides efficiency and effectiveness for various activities Although much research has been described the business use of the Internet in many countries, these studies have not specifically investigated Australian organisations. Therefore, this research investigates the current use of the Internet by Australian organisations and their associated privacy policies, as a means of seeking their privacy concerns. Using a benchmark provided by Australian privacy commissioners, it evaluates their privacy policies to see how well they are established to protect privacy of users. The study utilises the top 100 Australian large private sector organisations as the sample. The current practice of the sample organisations on the Internet was observed by exploring their Web sites. Privacy policies were also collected from their Web sites. Moreover, a letter requesting corporate privacy policy was sent to each organisation that collects personal information on the Internet. The result showed that the majority of Australian organisations were using the Internet today, but a surprisingly few organisations showed their privacy policy on the Internet. Also, this research showed that many organisations did not actually have a corporate privacy policy. Many organisations are using the Internet without apparent concern for customers\u27 privacy. The organisations proactively involved in the Internet Commerce are more concerned about security side of the Internet. Hence, they appear to believe that the technology itself protects information sent on the Internet. It has become clear that technology by itself does not provide the security needed for users of the Internet as unethical act of authorised parties could harm privacy of individuals. There is an argument that the Internet needs to be regulated. However, the process of international regulation on the Internet has not been started. Thus, it is ideal that organisations proactively protect clients\u27 personal information accessible by the use of the Internet technology. This study looks at the methods of obtaining privacy of individuals and suggests the ideal conduct of organisations

Oportunidades e tecnologias para a criação de valor nos serviços de Smart Vending

Mestrado em Engenharia e Gestão IndustrialO presente trabalho insere-se no âmbito da dissertação do Mestrado em Engenharia e Gestão Industrial. O objetivo geral deste é analisar e compreender a importância dos atributos determinantes da qualidade do serviço no contexto do vending e entender em que medida a implementação de serviços inteligentes, no contexto da venda automática, i.e. smart vending com recurso a um sistema smart card, poderia aportar benefícios ao negócio no contexto das empresas existentes em Portugal. Inicialmente realizou-se uma revisão de literatura associada aos conceitos de vending machines, smart vending, smart card e cashless. Procurou-se investigar qual a perceção de utilidade que o uso deste tipo de sistemas, i.e. o uso de cashless no vending, objetivando assim contribuir para aferir a viabilidade de implementação de novas soluções para um melhor escoamento e abastecimento dos produtos através do smart vending. Posteriormente é investigado o impacto potencial da introdução do smart vending através um estudo de mercado de modo avaliar a integração deste num modelo convencional, e perceber quais as consequências da alteração do vending convencional para o smart vending. Para tal desenvolveu-se um questionário, acompanharam-se empresas e por fim realizou-se uma análise de toda a informação recolhida. Finalizando demostra-se as vantagens da utilização cashless e a sua aceitação por parte da sociedade.This article is part of the dissertation of the Master in Industrial Engineering and Management. The general objective of this paper is to analyze and understand the importance of attributes that determine the quality of service in the context of vending, and to understand to what extent the implementation of intelligent services in the context of vending, smart vending using a smart card system, could business benefits in the context of existing companies in Portugal. Initially, a review of the literature associated with the vending machines, smart vending, smart card and cashless concepts was carried out. We sought to investigate the utility perception that the use of this type of systems, the use of cashless in the vending, in order to contribute to assess the viability of implementing new solutions for a better disposal and supply of products through smart vending. Later, the potential impact of the introduction of smart vending through a market study is investigated in order to evaluate its integration into a conventional model and understand the consequences of changing from conventional vending to smart vending. For this purpose, a questionnaire was developed, followed by companies and finally an analysis of all the information collected. Finally, we conclude the advantages of cashless and their acceptance by society

Sistema multiplataforma de proteção de documentos médicos por via de assinaturas digitais

O Sistema Multiplataforma de Proteção de Documentos Médicos por via de Assinaturas Digitais foca-se em querer assegurar transparência a todo o processo de assinatura digital num processamento de um documento médico. Há que garantir que há segurança informática, de modo a que um documento elaborado por um médico não seja violado, garantindo assim a confiança máxima que a assinatura do médico em causa foi realmente efetuada por ele, e que não houve qualquer fraude envolvida no processo. Para que o médico permaneça na sua zona de conforto em termos de conhecimento informático, na ótica do utilizador, é-lhe dada a hipótese de escolher o dispositivo e o sistema operativo em que mais se sente à vontade para interagir com o sistema. O médico, no final de uma transação, assina o documento digital que está a utilizar, inserindo a sua chave digital secreta que irá estar contida e protegida dentro de um Smart Card. Desta forma o documento é assinado e enviado a um sistema central que o valida e guarda numa base de dados. Este sistema, posteriormente, vai ter de verificar e validar o documento cada vez que este for utilizado, de forma a verificar que aquele documento não foi adulterado. Num mundo cada vez mais digitalizado e num mundo com cada vez maior necessidade de garantir que todos os procedimentos na área da saúde são fidedignos, é necessário que qualquer documento que um médico assine seja considerado íntegro e que este não seja invalidado de qualquer forma.O objetivo é então desenvolver uma infraestrutura baseada em criptografia, recorrendo a assinaturas digitais, visto serem os métodos mais eficazes de assegurar, informaticamente, integridade a todo o processo, de modo a garantir com toda a confiança que não há fraudes, nem qualquer tipo de violação dos dados em causa

Primitive-based payment systems for flexible value transfer in the personal router

Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2002.Includes bibliographical references (p. 149-154).This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.The Personal Router is a mobile communication device developed by the Advanced Network Architecture group at the MIT Laboratory for Computer Science. The Personal Router is able to select and negotiate connectivity with local providers for different kinds of services and interfaces. It needs payment procedures to support these services. As this device is designed to be used in many distinct unpredictable contexts, it cannot implement a single payment system. The complexity of existing payment systems has to be mapped into this new environment. A different payment system must be chosen each time, depending on many variables such as costs, environmental constraints, privacy, user and provider's needs and preferences. Privacy is a major issue for this device. In effect, getting wireless and mobile service everywhere will possibly leave an easily traceable trail; moreover, using this device supposes negotiating with many different untrusted providers and paying for the service. This can create huge potential threats for privacy and personal data management if this issue is not included in the early stage of the design. Legal requirements and user preferences and expectations for privacy in electronic transactions are therefore explored. Past attempts to enhance privacy in different environments are examined. Reasons why most of them have failed and some of them are struggling to stay alive are analyzed. New privacy threats faced by the Personal Router are considered. A new approach based on building blocks is made. Payment systems are split into primitive operations; each of them implements one step of a transaction. The combination of these building blocks replicates a payment protocol. The characteristics of a payment system can then be derived from the analysis of the implementation of each of these primitives. Users' preferences are defined by attributes. Payment systems can then be compared through their primitives and even slightly modified to be closer to users' ideal system by altering the primitives. The modular approach makes this easier. This framework is successfully tested on three major electronic payment systems. Several limitations of this approach and open issues related to the Personal Router are exposed.by Xavier F. Brucker.S.M

E-crimes and e-authentication - a legal perspective

E-crimes continue to generate grave challenges to the ICT regulatory agenda. Because e-crimes involve a wrongful appropriation of information online, it is enquired whether information is property which is capable of being stolen. This then requires an investigation to be made of the law of property. The basis for this scrutiny is to establish if information is property for purposes of the law. Following a study of the Roman-Dutch law approach to property, it is argued that the emergence of an information society makes real rights in information possible. This is the position because information is one of the indispensable assets of an information society. Given the fact that information can be the object of property, its position in the law of theft is investigated. This study is followed by an examination of the conventional risks that ICTs generate. For example, a risk exists that ICTs may be used as the object of e-crimes. Furthermore, there is a risk that ICTs may become a tool in order to appropriate information unlawfully. Accordingly, the scale and impact of e-crimes is more than those of the offline crimes, for example theft or fraud. The severe challenges that ICTs pose to an information society are likely to continue if clarity is not sought regarding: whether ICTs can be regulated or not, if ICTs can be regulated, how should an ICT regulatory framework be structured? A study of the law and regulation for regulatory purposes reveals that ICTs are spheres where regulations apply or should apply. However, better regulations are appropriate in dealing with the dynamics of these technologies. Smart-regulations, meta-regulations or reflexive regulations, self-regulations and co-regulations are concepts that support better regulations. Better regulations enjoin the regulatory industries, for example the state, businesses and computer users to be involved in establishing ICT regulations. These ICT regulations should specifically be in keeping with the existing e-authentication measures. Furthermore, the codes-based theory, the Danger or Artificial Immune Systems (the AIS) theory, the Systems theory and the Good Regulator Theorem ought to inform ICT regulations. The basis for all this should be to establish a holistic approach to e-authentication. This approach must conform to the Precautionary Approach to E-Authentication or PAEA. PAEA accepts the importance of legal rules in the ICT regulatory agenda. However, it argues that flexible regulations could provide a suitable framework within which ICTs and the ICT risks are controlled. In addition, PAEA submit that a state should not be the single role-player in ICT regulations. Social norms, the market and nature or architecture of the technology to be regulated are also fundamental to the ICT regulatory agenda.JurisprudenceLL. D