Erfolgsfaktoren technologischer Nutzungsinnovationen am Beispiel mobiler Bezahlverfahren : eine Delphi-Studie /

Hans, Gudrun G. B.

January 2009

Universiẗat, Diss--Köln, 2007.

Исследование и разработка аппаратно-программного комплекса "e-check" : магистерская диссертация / Research and development hardware-software complex “E-chek”

Губа, Г. А., Guba, G. A.

January 2022

Тема данной магистерской диссертации - "Исследование и разработка аппаратно-программного комплекса "e-check"", - в рамках которой была рассмотрена реализация технологии получения и передачи электронного кассового чека, разработано программное обеспечение, проведено имитационное моделирование системы, произведен анализ правового статуса исследования. Объектом исследования является кассовый чек. Предметом исследования является создание и передача электронного кассового чека. Методами проектного исследования данной работы являются теоретический анализ, изучение соответствующей литературы, сравнение, проектирование. Практическая значимость работы заключается в создании программного обеспечения, которое позволит облегчить ведение онлайн бизнеса. Результаты работы: разработанная технология создания и передачи электронного кассового чека, программно-аппаратный комплекс и мобильные приложения, выступление на конференции, подготовка к интеграции в проекты. / The topic of this master's thesis is "Research and development of the hardware-software complex "e-check"", within which the implementation of the technology for receiving and transmitting an electronic cash receipt was considered, software was developed, simulation modeling of the system was carried out, an analysis of the legal status was made. The object of the study is a cashier's check. The subject of the study is the creation and transfer of an electronic cash receipt. Methods of design research of this work are theoretical analysis, study of relevant literature, comparison, design. The practical significance of the work lies in the creation of software that will facilitate the conduct of online business. Results of the work: developed technology for creating and transmitting an electronic cash receipt, software and hardware complex and mobile applications, presentation at the conference, preparation for integration into projects.

МОБИЛЬНОЕ ПРИЛОЖЕНИЕ

MASTER'S THESIS

ELECTRONIC CASH RECEIPT

HARDWARE-SOFTWARE COMPLEX

MOBILE APPLICATION

A tecnologia da informa??o e o cliente banc?rio como recurso humano: um estudo de caso dos usu?rios dos caixas eletr?nicos nos postos banc?rios da UFRRJ. / The technology of the on line information and it s relationship with the costumer: a study of the users of the electronic cash dispenser in the advanced bank positions of UFRRJ.

Silva, Nic?as Alencar da

16 April 2004

Made available in DSpace on 2016-04-28T20:19:19Z (GMT). No. of bitstreams: 1 2004 - Niceas Alencar da Silva.pdf: 808443 bytes, checksum: cd2525ca100feaf8969ca78945565665 (MD5) Previous issue date: 2004-04-16 / The study has focus in the bank user s behavior, presents in the electronic cash dispenser of the advanced positions of services of the Bank of Brazil and of the Real Bank, located in the campus of the Rural Federal University of Rio de Janeiro. It is centered in their perceptions of use of the Internet Banking, what generated the theme for the report of the evolution of the inclusion of the Technology Information in the banking sector. A questionnaire was distributed among the users of the electronic cash dispenser, after use, asking them on some personal characteristics - in order to identify statistical correlations - and also on their perceptions in the use of electronic cash dispenser and internet banking services, supplying data to the Bank Institutions, for a better strategic administration of their physical and human resources. The Study of the Case was the applied methodology, taking advantage of the natural atmosphere and giving emphasis to the present time, with access to the people and observation of the process in focus. The sampling is not probabilistic, consists of selecting the elements in function of it s presence at a specific moment (03-07/03/2003). The approach was in a driven way, through questionnaire with open and closed subjects and of multiple-choice. The banks has a relevant participation in the technological development of the country, when integrating, through the communication nets, the bank agencies, allowing transactions in real time. The study identified a high level of acceptance of Home Banking, in spite of being little used, what was justified mainly by the computer lack, as well as also the inaccessibility of the Internet. The ignorance and the resistance to the new technology were also mentioned, what implicates in another type of investment, in education, to be implemented for the customers to have capacity to execute the operations on line, including them to the digital access. A point of view to be considered is the cost of a customer not getting to accomplish his/her role, implicating in the loss of his/her self-esteem, need that if will not be taken care of, will be able to generate as result for the bank, the loss of the customer. For the company positioned in a competitive atmosphere, the ability to offer information, help in the construction of the image to the consuming public. / O estudo est? voltado para o comportamento dos usu?rios banc?rios, presentes nos Caixas Eletr?nicos dos Postos de Servi?os do Banco do Brasil e do Banco Real, localizados no campus da Universidade Federal Rural do Rio de Janeiro. Ele ? centrado nas suas percep??es de utiliza??o do Internet Banking, o que gerou o tema para o relato da evolu??o da inclus?o da Tecnologia da Informa??o no setor banc?rio. Um question?rio foi distribu?do entre os usu?rios dos Caixas Eletr?nicos, ap?s o uso, perguntando-os sobre algumas caracter?sticas pessoais de forma a identificar correla??es estat?sticas bem como, sobre suas percep??es no uso de Caixas Eletr?nicos e servi?os de Home banking, fornecendo subs?dios ?s Institui??es Banc?rias, para um melhor gerenciamento estrat?gico de seus recursos f?sicos e humanos. O Estudo de Caso foi a metodologia aplicada, por se tratar de um ambiente natural, dando ?nfase ? contemporaneidade, com acesso ?s pessoas e observa??o do processo em foco. A amostragem ? n?o probabil?stica, consiste em selecionar os elementos em fun??o de sua presen?a em um momento preciso (03-07/03/2003). A abordagem foi de forma dirigida, por meio de question?rio com quest?es abertas e fechadas e de m?ltipla-escolha. Os bancos representam um importante papel no desenvolvimento tecnol?gico do pa?s, ao integrar, atrav?s das redes de comunica??o, as ag?ncias banc?rias, permitindo transa??es em tempo real. O estudo identificou um n?vel elevado de aceita??o do Home Banking, apesar de ser pouco utilizado, o que foi justificado principalmente pela falta de computador, assim como tamb?m, a inacessibilidade da Internet. O desconhecimento e a resist?ncia ? nova tecnologia tamb?m foram citados, o que implica em outro tipo de investimento, em educa??o, a ser implementado para que os clientes tenham capacidade para executar as opera??es on line, incluindo-os no acesso digital. Um ponto de vista a ser considerado ? o do custo de um cliente n?o conseguir realizar o seu papel, implicando na perda de sua auto-estima, necessidade que se n?o atendida, poder? gerar como resultado para o banco, a perda do cliente. Para a empresa posicionada em um ambiente competitivo, a habilidade de oferecer informa??o, facilita a constru??o da imagem junto ao p?blico consumidor.

Home banking

caixa eletr?nico

tecnologia

comportamento

recurso humano

home banking

electronic cash dispenser

technology

behavior

human resource

Comparison of Current On-line Payment Technologies

Mandadi, Ravi

January 2006

<p>The purpose of this thesis work was to make a survey of current on-line payment technologies and find out which are they and how do they work? Compare and analyze them from a security point of view, as well as a usability point of view. What is good? What is bad? What is lacking?</p><p>To achieve this purpose, an overview of the current on-line payment technologies was acquired through academic books and papers, Internet sites, magazines. Basic cryptographic and security related techniques were studied for the security analysis of current on-line payment systems.</p><p>In this work, various current on-line payment systems were classified into two groups [Macro and Micro on-line payment systems]. This classification was based on the mode of on-line payment transactions. To analyze these on-line payment systems, a set of payment system requirements were formed [Security Issues, Usability Issues, Anonymity, Scalability etc].</p><p>Under the category of Macro payment system, Credit Card payment system, Debit Card payment system, Stored Value Card payment system, Electronic Check payment system, Electronic Cash payment system, Electronic account transfer payment system and mobile payment system transactions were examined.</p><p>Under the category of Micro payment system, Hash Chain based Payment System, Hash Collisions and Hash sequences based Payment Systems, Shared Secrete Keys based Payment Systems and Probability based payment systems were examined.</p><p>Based on the requirements of payment system, these on-line payment systems were analyzed and compared. In the analysis phase, the advantages and drawbacks of these payment systems were figured out.</p><p>It was found from the study that the credit card based payment systems are the most widely used means of conducting on-line payments. It is evident that credit card based payment systems satisfy stakeholder requirements the best, as they offer more flexible payment options, having a large user-base, benefit from familiarity and simplicity of use and also allow international payments. The other on-line payment systems lack this flexibility</p><p>It can also be extracted from the study that users want more simplified, convenient and secure on-line payment systems. Thus the futuristic on-line payment systems will have all secure payment options into one system.</p>

Online Payments

Macro Payments

Micro Payments

Credit Card Payment System

Electronic Cash Payment System

Electronic Check Payment System

Mobile Payment System

Computer science

Datalogi

Comparison of Current On-line Payment Technologies

Mandadi, Ravi

January 2006

The purpose of this thesis work was to make a survey of current on-line payment technologies and find out which are they and how do they work? Compare and analyze them from a security point of view, as well as a usability point of view. What is good? What is bad? What is lacking? To achieve this purpose, an overview of the current on-line payment technologies was acquired through academic books and papers, Internet sites, magazines. Basic cryptographic and security related techniques were studied for the security analysis of current on-line payment systems. In this work, various current on-line payment systems were classified into two groups [Macro and Micro on-line payment systems]. This classification was based on the mode of on-line payment transactions. To analyze these on-line payment systems, a set of payment system requirements were formed [Security Issues, Usability Issues, Anonymity, Scalability etc]. Under the category of Macro payment system, Credit Card payment system, Debit Card payment system, Stored Value Card payment system, Electronic Check payment system, Electronic Cash payment system, Electronic account transfer payment system and mobile payment system transactions were examined. Under the category of Micro payment system, Hash Chain based Payment System, Hash Collisions and Hash sequences based Payment Systems, Shared Secrete Keys based Payment Systems and Probability based payment systems were examined. Based on the requirements of payment system, these on-line payment systems were analyzed and compared. In the analysis phase, the advantages and drawbacks of these payment systems were figured out. It was found from the study that the credit card based payment systems are the most widely used means of conducting on-line payments. It is evident that credit card based payment systems satisfy stakeholder requirements the best, as they offer more flexible payment options, having a large user-base, benefit from familiarity and simplicity of use and also allow international payments. The other on-line payment systems lack this flexibility It can also be extracted from the study that users want more simplified, convenient and secure on-line payment systems. Thus the futuristic on-line payment systems will have all secure payment options into one system.

Online Payments

Macro Payments

Micro Payments

Credit Card Payment System

Electronic Cash Payment System

Electronic Check Payment System

Mobile Payment System

Computer Sciences

Datavetenskap (datalogi)

Enhancing security in distributed systems with trusted computing hardware

Reid, Jason Frederick

January 2007

The need to increase the hostile attack resilience of distributed and internet-worked computer systems is critical and pressing. This thesis contributes to concrete improvements in distributed systems trustworthiness through an enhanced understanding of a technical approach known as trusted computing hardware. Because of its physical and logical protection features, trusted computing hardware can reliably enforce a security policy in a threat model where the authorised user is untrusted or when the device is placed in a hostile environment. We present a critical analysis of vulnerabilities in current systems, and argue that current industry-driven trusted computing initiatives will fail in efforts to retrofit security into inherently flawed operating system designs, since there is no substitute for a sound protection architecture grounded in hardware-enforced domain isolation. In doing so we identify the limitations of hardware-based approaches. We argue that the current emphasis of these programs does not give sufficient weight to the role that operating system security plays in overall system security. New processor features that provide hardware support for virtualisation will contribute more to practical security improvement because they will allow multiple operating systems to concurrently share the same processor. New operating systems that implement a sound protection architecture will thus be able to be introduced to support applications with stringent security requirements. These can coexist alongside inherently less secure mainstream operating systems, allowing a gradual migration to less vulnerable alternatives. We examine the effectiveness of the ITSEC and Common Criteria evaluation and certification schemes as a basis for establishing assurance in trusted computing hardware. Based on a survey of smart card certifications, we contend that the practice of artificially limiting the scope of an evaluation in order to gain a higher assurance rating is quite common. Due to a general lack of understanding in the marketplace as to how the schemes work, high evaluation assurance levels are confused with a general notion of 'high security strength'. Vendors invest little effort in correcting the misconception since they benefit from it and this has arguably undermined the value of the whole certification process. We contribute practical techniques for securing personal trusted hardware devices against a type of attack known as a relay attack. Our method is based on a novel application of a phenomenon known as side channel leakage, heretofore considered exclusively as a security vulnerability. We exploit the low latency of side channel information transfer to deliver a communication channel with timing resolution that is fine enough to detect sophisticated relay attacks. We avoid the cost and complexity associated with alternative communication techniques suggested in previous proposals. We also propose the first terrorist attack resistant distance bounding protocol that is efficient enough to be implemented on resource constrained devices. We propose a design for a privacy sensitive electronic cash scheme that leverages the confidentiality and integrity protection features of trusted computing hardware. We specify the command set and message structures and implement these in a prototype that uses Dallas Semiconductor iButtons. We consider the access control requirements for a national scale electronic health records system of the type that Australia is currently developing. We argue that an access control model capable of supporting explicit denial of privileges is required to ensure that consumers maintain their right to grant or withhold consent to disclosure of their sensitive health information in an electronic system. Finding this feature absent in standard role-based access control models, we propose a modification to role-based access control that supports policy constructs of this type. Explicit denial is difficult to enforce in a large scale system without an active central authority but centralisation impacts negatively on system scalability. We show how the unique properties of trusted computing hardware can address this problem. We outline a conceptual architecture for an electronic health records access control system that leverages hardware level CPU virtualisation, trusted platform modules, personal cryptographic tokens and secure coprocessors to implement role based cryptographic access control. We argue that the design delivers important scalability benefits because it enables access control decisions to be made and enforced locally on a user's computing platform in a reliable way.

trusted computing

trusted computing hardware

trusted systems

operating system security

distributed systems security

smart card

security evaluation

tamper resistance

distance bounding protocol

side channel leakage

electronic cash

electronic health records

role-based access control

Automated Verification of Exam, Cash, aa Reputation, and Routing Protocols / Vérification automatique de protocoles d'examen, de monnaie, de réputation, et de routage

Kassem, Ali

18 September 2015

La sécurité est une exigence cruciale dans les applications basées sur l'information et la technologie de communication, surtout quand un réseau ouvert tel que l'Internet est utilisé. Pour assurer la sécurité dans ces applications des protocoles cryptographiques ont été développé. Cependant, la conception de protocoles de sécurité est notoirement difficile et source d'erreurs. Plusieurs failles ont été trouvées sur des protocoles qui se sont prétendus sécurisés. Par conséquent, les protocoles cryptographiques doivent être vérifiés avant d'être utilisés. Une approche pour vérifier les protocoles cryptographiques est l'utilisation des méthodes formelles, qui ont obtenu de nombreux résultats au cours des dernières années.Méthodes formelles portent sur l'analyse des spécifications des protocoles modélisées en utilisant, par exemple, les logiques dédiés, ou algèbres de processus. Les méthodes formelles peuvent trouver des failles ou permettent de prouver qu'un protocole est sécurisé sous certaines hypothèses par rapport aux propriétés de sécurité données. Toutefois, elles abstraient des erreurs de mise en ouvre et les attaques side-channel.Afin de détecter ces erreurs et la vérification des attaques d'exécution peut être utilisée pour analyser les systèmes ou protocoles exécutions. En outre, la vérification de l'exécution peut aider dans les cas où les procédures formelles mettent un temps exponentielle ou souffrent de problèmes de terminaison. Dans cette thèse, nous contribuons à la vérification des protocoles cryptographiques avec un accent sur la vérification formelle et l'automatisation. Tout d'abord, nous étudions les protocoles d'examen. Nous proposons des définitions formelles pour plusieurs propriétés d'authentification et de confidentialité dans le Pi-calcul Appliqué.Nous fournissons également une des définitions abstraites de propriétés de vérifiabilité. Nous analysons toutes ces propriétés en utilisant automatiquement ProVerif sur plusieurs études de cas, et avons identifié plusieurs failles. En outre, nous proposons plusieurs moniteurs de vérifier les exigences d'examen à l'exécution. Ces moniteurs sont validés par l'analyse d'un exécutions d'examen réel en utilisant l'outil MARQ Java.Deuxièmement, nous proposons un cadre formel pour vérifier les propriétés de sécurité de protocoles de monnaie électronique non transférable. Nous définissons la notion de vie privée du client et les propriétés de la falsification. Encore une fois, nous illustrons notre modèle en analysant trois études de cas à l'aide ProVerif, et confirmons plusieurs attaques connues.Troisièmement, nous proposons des définitions formelles de l'authentification, la confidentialité et les propriétés de vérifiabilité de protocoles de réputation électroniques. Nous discutons les définitions proposées, avec l'aide de ProVerif, sur un protocole de réputation simple. Enfin, nous obtenons un résultat sur la réduction de la vérification de la validité d'une route dans les protocoles de routage ad-hoc, en présence de plusieurs attaquants indépendants qui ne partagent pas leurs connaissances. / Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used.To ensure security in such applications cryptographic protocols have been used.However, the design of security protocols is notoriously difficult and error-prone.Several flaws have been found on protocols that are claimed secure.Hence, cryptographic protocols must be verified before they are used.One approach to verify cryptographic protocols is the use of formal methods, which have achieved many results in recent years.Formal methods concern on analysis of protocol specifications modeled using, e.g., dedicated logics, or process algebras.Formal methods can find flaws or prove that a protocol is secure under ``perfect cryptographic assumption" with respect to given security properties. However, they abstract away from implementation errors and side-channel attacks.In order to detect such errors and attacks runtime verification can be used to analyze systems or protocols executions.Moreover, runtime verification can help in the cases where formal procedures have exponential time or suffer from termination problems.In this thesis we contribute to cryptographic protocols verification with an emphasis on formal verification and automation.Firstly, we study exam protocols. We propose formal definitions for several authentication and privacy propertiesin the Applied Pi-Calculus. We also provide an abstract definitions of verifiability properties.We analyze all these properties automatically using ProVerif on multiple case studies, and identify several flaws.Moreover, we propose several monitors to check exam requirements at runtime. These monitors are validated by analyzing a real exam executions using MARQ Java based tool.Secondly, we propose a formal framework to verify the security properties of non-transferable electronic cash protocols.We define client privacy and forgery related properties.Again, we illustrate our model by analyzing three case studies using ProVerif, and confirm several known attacks.Thirdly, we propose formal definitions of authentication, privacy, and verifiability properties of electronic reputation protocols. We discuss the proposed definitions, with the help of ProVerif, on a simple reputation protocol.Finally, we obtain a reduction result to verify route validity of ad-hoc routing protocols in presence of multiple independent attackers that do not share their knowledge.

Authentification

La confidentialité

La vérifiabilité

La vérification formelle

La vérification de l’exécution

Examens

Argent électronique

La réputation électronique

Route validité

ProVerif

QEA

MarQ

Authentication

Privacy

Verifiability

Formal Verification

RunTime Verification

Exams

Electronic Cash

Electronic Reputation

Route Validity

QEA

MarQ

004

510

Ochrana soukromí na Internetu / Internet privacy protection

Malina, Lukáš

January 2010

Anonymous authentication is a mean of authorizing a user without leakage of user personal information. The technology of Anonymous Authentication Systems (AAS) provides privacy of the user and yet preserves the security of the system. This thesis presents the basic cryptographic primitives, which can provide anonymous authentication. Among these primitives there are usually some asymmetric cryptosystems, but an essential part of anonymous authentication is based on zero knowledge protocols, blind signature schemes, threshold group schemes, etc., that are presented in Chapter 1. Generally, Anonymous Authentication Systems have application as electronic coin, electronic cash, group signatures, anonymous access systems, electronic vote, etc., which are analyzed and presented in Chapters 2 and 3. In the practical section, the implementation (in the environment .NET in C#) of the AAS system is presented and described in Chapter 4, which is being developed at the FEEC BUT.

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards

Internet-based electronic payment systems

Kortekaas, Birgit Friederike

01 January 2002

As today, the traditional payment systems of cash, cheques and credit cards are being supplemented by electronic cheques, electronic credit card-based systems, and token-based systems, online security is of utmost importance and one of the biggest criteria used for evaluating electronic payment systems. Electronic payment systems must guarantee the essential security requirements: confidentiality, privacy, integrity, availability. authentication, non-repudiation as well as anonymity and trust. This paper compares the various payment systems (both traditional and electronic) available today mainly according to their security aspects. Secure processing can be accomplished including access controls and detection techniques, such as, encrypted communication channels, user and/or message authentication, symmetric and asymmetric encryption, digital certificates and firewalls. These effective security measures, which are outlined in detail in this paper, will protect the information and payment systems against security risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)

Internet

Electronic commerce

Electronic payment systems

Authentication

Confidentiality

Identification

Integrity

Privacy

Security

Cryptography

Certificates

Encryption

Digital signatures

Anonymity

Threats

Electronic cash

Electronic cheque

Smart cards

Electronic credit cards

658.478

Internet -- Economic aspects

Internet -- Security measures

Payment

Electronic commerce -- Security measures

Computer networks -- Security measures

Data encryption (Computer science)

Smart cards