Teoretiko-methodical aspects of account of production and realization of products on enterprises

Розглянуто економічну сутність «готової продукції»; визначено, що правильний облік виробництва і реалізації готової продукції – це необхідний елемент управління підприємств різних форм власностіEconomic essence of the «prepared products is considered»; certainly, that a correct account of production and realization of the prepared products is necessary custom of enterprises of different patterns of ownership contro

Web Authentication using Third-Parties in Untrusted Environments

With the increasing personalization of the Web, many websites allow users to create their own personal accounts. This has resulted in Web users often having many accounts on different websites, to which they need to authenticate in order to gain access. Unfortunately, there are several security problems connected to the use and re-use of passwords, the most prevalent authentication method currently in use, including eavesdropping and replay attacks. Several alternative methods have been proposed to address these shortcomings, including the use of hardware authentication devices. However, these more secure authentication methods are often not adapted for mobile Web users who use different devices in different places and in untrusted environments, such as public Wi-Fi networks, to access their accounts. We have designed a method for comparing, evaluating and designing authentication solutions suitable for mobile users and untrusted environments. Our method leverages the fact that mobile users often bring their own cell phones, and also takes into account different levels of security adapted for different services on the Web. Another important trend in the authentication landscape is that an increasing number of websites use third-party authentication. This is a solution where users have an account on a single system, the identity provider, and this one account can then be used with multiple other websites. In addition to requiring fewer passwords, these services can also in some cases implement authentication with higher security than passwords can provide. How websites select their third-party identity providers has privacy and security implications for end users. To better understand the security and privacy risks with these services, we present a data collection methodology that we have used to identify and capture third-party authentication usage on the Web. We have also characterized the third-party authentication landscape based on our collected data, outlining which types of third-parties are used by which types of sites, and how usage differs across the world. Using a combination of large-scale crawling, longitudinal manual testing, and in-depth login tests, our characterization and analysis has also allowed us to discover interesting structural properties of the landscape, differences in the cross-site relationships, and how the use of third-party authentication is changing over time. Finally, we have also outlined what information is shared between websites in third-party authentication, dened risk classes based on shared data, and proled privacy leakage risks associated with websites and their identity providers sharing data with each other. Our ndings show how websites can strengthen the privacy of their users based on how these websites select and combine their third-parties and the data they allow to be shared

Contributions to Web Authentication for Untrusted Computers

Authentication methods offer varying levels of security. Methods with one-time credentials generated by dedicated hardware tokens can reach a high level of security, whereas password-based authentication methods have a low level of security since passwords can be eavesdropped and stolen by an attacker. Password-based methods are dominant in web authentication since they are both easy to implement and easy to use. Dedicated hardware, on the other hand, is not always available to the user, usually requires additional equipment and may be more complex to use than password-based authentication. Different services and applications on the web have different requirements for the security of authentication.  Therefore, it is necessary for designers of authentication solutions to address this need for a range of security levels. Another concern is mobile users authenticating from unknown, and therefore untrusted, computers. This in turn raises issues of availability, since users need secure authentication to be available, regardless of where they authenticate or which computer they use. We propose a method for evaluation and design of web authentication solutions that takes into account a number of often overlooked design factors, i.e. availability, usability and economic aspects. Our proposed method uses the concept of security levels from the Electronic Authentication Guideline, provided by NIST. We focus on the use of handheld devices, especially mobile phones, as a flexible, multi-purpose (i.e. non-dedicated) hardware device for web authentication. Mobile phones offer unique advantages for secure authentication, as they are small, flexible and portable, and provide multiple data transfer channels. Phone designs, however, vary and the choice of channels and authentication methods will influence the security level of authentication. It is not trivial to maintain a consistent overview of the strengths and weaknesses of the available alternatives. Our evaluation and design method provides this overview and can help developers and users to compare and choose authentication solutions

Longitudinal Analysis of the Third-party Authentication Landscape

Many modern websites offer single sign-on (SSO) services, which allow the user to use an existing account with a third-party website such as Facebook to authenticate. When using SSO the user must approve an app-rights agreement that specifies what data related to the user can be shared between the two websites and any actions (e.g., posting comments) that the origin website is allowed to perform on behalf of the user on the third-party provider (e.g., Facebook). Both cross-site data sharing and actions performed on behalf of the user can have significant privacy implications. In this paper we present a longitudinal study of the third-party authentication landscape, its structure, and the protocol usage, data sharing, and actions associated with individual third-party relationships. The study captures the current state, changes in the structure, protocol usage, and information leakage risks.DOI does not work: 10.14722/ueop.2016.23008</p