Homo Datumicus : correcting the market for identity data

Effective digital identity systems offer great economic and civic potential. However, unlocking this potential requires dealing with social, behavioural, and structural challenges to efficient market formation. We propose that a marketplace for identity data can be more efficiently formed with an infrastructure that provides a more adequate representation of individuals online. This paper therefore introduces the ontological concept of Homo Datumicus: individuals as data subjects transformed by HAT Microservers, with the axiomatic computational capabilities to transact with their own data at scale. Adoption of this paradigm would lower the social risks of identity orientation, enable privacy preserving transactions by default and mitigate the risks of power imbalances in digital identity systems and markets

An active, ontology-driven network service for Internet collaboration

Web portals have emerged as an important means of collaboration on the WWW, and the integration of ontologies promises to make them more accurate in how they serve users’ collaboration and information location requirements. However, web portals are essentially a centralised architecture resulting in difficulties supporting seamless roaming between portals and collaboration between groups supported on different portals. This paper proposes an alternative approach to collaboration over the web using ontologies that is de-centralised and exploits content-based networking. We argue that this approach promises a user-centric, timely, secure and location-independent mechanism, which is potentially more scaleable and universal than existing centralised portals

Practical Schemes For Privacy & Security Enhanced RFID

Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient cryptographic primitive, or because they incur a rather costly key search time penalty at the reader. Moreover, they do not allow for dynamic, fine-grained access control to the tag that cater for more complex usage scenarios. In this paper we investigate such scenarios, and propose a model and corresponding privacy friendly protocols for efficient and fine-grained management of access permissions to tags. In particular we propose an efficient mutual authentication protocol between a tag and a reader that achieves a reasonable level of privacy, using only symmetric key cryptography on the tag, while not requiring a costly key-search algorithm at the reader side. Moreover, our protocol is able to recover from stolen readers.Comment: 18 page

e-Government Technical Security Controls Taxonomy for Information Assurance Contractors - A Relational Approach

When project managers consider risks that may affect a project, they rarely consider risks associated with the use of information systems. The Federal Information Security Management Act (FISMA) of 2002 recognizes the importance of information security to the economic and national security of the Unites States. The requirements of FISMA are addressed using the NIST Special Publication 800-53 Rev 3, which has improved the way organizations practice information assurance. The NIST SP 800-53 Rev 3 takes a hierarchical approach to information assurance, which has resulted in the duplication and subsequent withdrawal and merging of fifteen security controls. In addition, the security controls are not associated with the appropriate information systems. The current security assessment model often results in a waste of resources, since controls that are not applicable to an information system have to be addressed. This research developed and tested the value of using an information system breakdown structure (ISBS) model for identification of project information system resources. It also assessed the value of using an e-Government Relational Technical Security Controls Model for mapping the ISBS to the applicable relational technical security controls. A questionnaire containing ninety-five items was developed and emailed to twenty-four information security contractors of which twenty-two efficiently completed questionnaires were received. The questionnaire assessed the value of using the ISBS, and the relationships of the e-Government Relational Technical Security Controls model. Literature review and industry experts opinion was used to triangulate the research results and establish their validity. Cronbach's Alpha coefficient for the four sections of the questionnaire established its reliability. The results of the research indicated that the ISBS model is an invaluable, customizable, living tool that should be used for identification of information system resources on projects. It can also be used for assigning responsibility for the different information systems and for security classification. The study also indicated that using the e-Government Relational Technical Security Controls provides a relational and fully integrated approach to information assurance while reducing the likelihood of duplicating security controls. This study could help project managers identify and mitigate risks associated with the use of information systems on projects