The Implementation of Electronic Document in Transaction Execution

Part 7: Various Aspects of Computer SecurityInternational audienceThe article presents the implementation of an electronic document in the form of electronic forms that can be used in legally binding way in transactions execution regardless of the field of application, the type of entity involved in the transaction or their local information systems. Paper also presents the concept of the form in which the data layer, the presentation and the logic is encapsulated in a one single XML file, whose syntax is described using XML schema (XSD). Presentation of the document is done on the background of the discussion about the general concept of the document and the transaction. Authors present also the ways of implementation a few basic types of transactions, from which more complex solutions can be composed. The vision of the further research and development of the electronic document towards the use of crypto - currency, smart contracts, block chains and distributed autonomous organization is outlined in this paper

Modifications of the Formal Risk Analysis and Assessment for the Information System Security

In the article, a modification of Formal Model of Risk Analysis FoMRA was proposed. The Modified FoMRA (1) method takes into account the guidelines of ISO/IEC 27001 and ISO/IEC 27005 standards. The applied modification and abstraction by resources and security controls (also called countermeasures) significantly shortened the time of risk weight calculation in comparison with the MEHARI method. An attempt was also made to further reduce the time of risk analysis using agents collecting information and data from various network nodes, from operating systems and devices, and additional agents containing information on reports on security procedures, security services, security management and organizational activities related to the information systems (maintenance, insurance, outsourcing contracts, etc.) and transfer it to the local FoMRA1 database. The obtained results indicate that the proposed method together with agents installed in various nodes enable a quick reaction to the system threats and prevention of their impacts (quasi-real-time security monitoring system)

A new approach to the NFC payment authorization performed on the user\u27s application side

The evolution of consumer payment methods continues to unfold, decisively reshaping payments around the world. In order to simplify the payment process, the evolution of payment methods has accelerated; for example, a few European countries have doubled the limits for payments without PIN confirmation, and certain services, such as Google Pay and Apple Pay, have completely abolished limits for transactions without providing a PIN. Despite providing convenience, mobile payments also yield a multitude of payment security issues. The possible risks and inconveniences associated with mobile payment applications are analyzed in this paper based on a survey of 500 respondents. To mitigate these risks and inconveniences, an extension of the existing vulnerable payment protocol is described to complete secure Google Pay transactions using strong authentication methods. The proposed payment authentication protocol also allows users who have phones without NFC to authorize payment transactions on their smartphones

Concept of an electronic form based on XML that ensures a high level of interoperability and security

Modern implementations of solutions supporting transaction execution must meet many sophisticated requirements. This also applies to the area of support of the exchange of information accompanying the execution of transactions. This information, regardless of its technical form, must ensure an adequate level of security understood, for example, as legal effectiveness. The use of XML format as the basic format for exchanging data secured by XMLdSig electronic signature gives wide possibilities of flexible adaptation of both the document and the signatures in this document to the requirements of a specific transaction. However, this flexibility which is a great benefit is also a source of certain vulnerabilities. This article presents the concept of an electronic form which, while providing a high level of interoperability and great possibilities to adapt the form to the transaction, ensures a high level of security by eliminating the aforementioned vulnerabilities

Towards Most Efficient Method for Untimed Security Protocols Verification

Security protocols are a crucial point of more complicated communication protocols that are responsible for keeping security during data transmission in computer networks. From a security point of view, proper verification of such protocols properties is a significant challenge. In the last decades, many concepts and connected with them verification tools were developed and successfully used for checking protocols correctness conditions. In this area of research, much attention is paid for suitable methods of protocols modelling and a low as possible a computational complexity of algorithms used. The last property is important because it allows practical use of such structures and algorithms for automatic verification. Adding timestamps for protocols schemes caused a need for time modelling in solutions of security protocols verification. Time models added into considerations introduce more complicated structures and increase the complexity of structures and algorithms used in the verification process. According to this, there is still a need of looking for more and more efficient ways for modelling of untimed versions of the protocols, for which adding time will be effective from the verification process point of view. In this paper, we propose a new method for modelling and verification of untimed security protocols properties. We present an idea, examples, an algorithm and experimental results for several protocols. We also compare our results with the best, well-known verification tools