Escrowvereinbarungen in der Insolvenz ein Beitrag zur Sicherung von IT-Investitionen

Rapp, Stefan

January 2007

Zugl.: Hannover, Univ., Diss., 2007

Escrow-Verhältnisse : das Escrow agreement und ähnliche Sicherungsgeschäfte /

Eisenhut, Stefan.

January 2009

Diss. Univ. Basel. / Register. Bibliogr.

A Session Initiation Protocol User Agent with Key Escrow

Hossen, MD. Sakhawat

January 2009

<p>Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system.</p><p>Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session.</p><p>This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. <em>without</em> the possibility of undetectable fabrication of<em><strong>  </strong></em>session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead.</p>

Lawful Interception

Key escrow

SRTP

MIKEY

PKI

Digital Signature

Fideicomiso de titulización para Inversión en Renta en Bienes Raíces “Fibra” / Real State Investment Trust “Reit”

Burga Campos, Esteban, Escalante Salas, Kenneth Orlando, Hinostroza Cruz, Elizabeth Giulianna, Salazar López, Richard

31 July 2019

En el Perú se ha observado una desaceleración económica que ha afectado el crecimiento del sector construcción, si a esto sumamos la falta de gestión para proyectos de infraestructura por la falta de capacidad de las autoridades de turno, esta desaceleración del país ha afectado el sector público como privado generado por escándalos de corrupción en el país. A pesar de este clima adverso, el país mantiene una economía estable y una proyección de crecimiento positivo. Para el gobierno es muy importante impulsar el crecimiento económico a través del desarrollo de infraestructura y la generación de inversión, por ello ha creado una serie de medidas que generan nuevas formas de inversión inmobiliaria a través del mercado bursátil. Es así que desde el año 2016 ha venido publicando una serie de normas que crean y regulan los Fideicomisos de Titulización para Inversión en Renta de Bienes Raíces (FIBRA), que en otros países son conocidos como REITs. Con el desarrollo de este trabajo de investigación daremos a conocer esta nueva forma de financiamiento alternativo para inversión en bienes inmobiliarios denominado FIBRA, el cual democratiza el sector inmobiliario, además de ofrecer una serie de beneficios tributarios para inversionistas y para los propietarios de los inmuebles, quienes podrán convertir su predio en un activo líquido y diversificar su inversión. / In Peru, there has been an economic slowdown that has affected the growth of the construction sector, if we add to this the lack of management for infrastructure projects due to the lack of capacity of the authorities on duty, this slowdown in the country has affected the public sector as private generated by corruption scandals in the country. Despite this adverse climate, the country maintains a stable economy and a positive growth projection. It is very important for the government to boost economic growth through infrastructure development and investment generation, which is why it has created a series of measures that generate new forms of real estate investment through the stock market. Thus, since 2016, it has been publishing a series of regulations that create and regulate the Securitization Trusts for Real Estate Investment Investment (FIBRA), which in other countries are known as REITs. With the development of this research work we will announce this new form of alternative financing for real estate investment called FIBRA, which democratizes the real estate sector, in addition to offering a series of tax benefits for investors and for property owners, who can convert their property into a liquid asset and diversify their investment. / Trabajo de investigación

Fideicomiso

Bienes raíces

Construcción

Arrendamiento

Escrow

Real estate

Building

Lease

El Fideicomiso de Titulización y su impacto en la Gestión Financiera en las empresas del Sector Agrícola de Piura, año 2017 / The Securitization Trust and its impact on Financial Management in the companies of the Agricultural Sector of Piura, year 2017

Soplin Montoya, Gabriel Raul, Herrera Ponte, Liliana Mariela

24 September 2019

La presente investigación de tesis tiene como objetivo determinar la viabilidad de estructurar el Fideicomiso de Titulización, y su impacto en la gestión financiera en las empresas del Sector Agrícola del año 2017, para ello es indispensable realizar la identificación de las alternativas de financiamiento que existen en el mercado, compararlas, y optar por la mejor alternativa de financiamiento. El presente estudio se encuentra agrupado por cinco capítulos, los cuales se menciona a continuación: Capítulo I Marco Teórico, se realiza una investigación a través de diversas fuentes primarias, en donde se definen las dimensiones y factores de los patrimonios en Fideicomiso, su estructuración y alcances; y un análisis de las alternativas de financiamiento que existen en el mercado. Capítulo II Plan de investigación, se formula la situación problemática de la tesis, el problema principal, problemas específicos, objetivo general y objetivos específicos, la hipótesis inicial e hipótesis específicos. Capítulo III Metodología de investigación se definió la población, la muestra para las investigaciones cuantitativas y cualitativas. Capítulo IV Desarrollo de Investigación, se realizó la investigación de nuestra tesis a través de la entrevista a profundidad con expertos del tema, preguntas y el desarrollo del caso práctico. Capítulo V Análisis de Resultados, se elabora el análisis de los instrumentos y el caso práctico. Se concluye con la validación de la hipótesis general y especificas en base a los resultados obtenidos en las tablas cruzadas y el CHI cuadrado. / The objective of this thesis research is to determine the viability of structuring the Securitization Trust, and its impact on financial management in the Agricultural Sector companies of the year 2017, for this it is essential to identify the financing alternatives that exist in The market, compare them, and opt for the best financing alternative. The present study is grouped by five chapters, which are mentioned below: Chapter I Theoretical Framework, an investigation is carried out through diverse primary sources, where the dimensions and factors of the patrimonies in trust, its structuring and scopes are defined; and an analysis of financing alternatives that exist in the market. Chapter II Research plan, the problematic situation of the thesis is formulated, the main problem, specific problems, general objective and specific objectives, the initial hypothesis and specific hypotheses. Chapter III Research methodology population was defined, the sample for quantitative and qualitative research. Chapter IV Research Development, the research of our thesis was carried out through an in-depth interview with subject experts, questions and the development of the practical case. Chapter V Analysis of Results, the analysis of the instruments and the practical case is elaborated. It concludes with the validation of the general and specific hypothesis based on the results obtained in the crossed tables and the square CHI. / Tesis

Fideicomiso

Inmueble

Sector agrario

Escrow

Property

Agricultural sector

A Session Initiation Protocol User Agent with Key Escrow

Hossen, MD. Sakhawat

January 2009

Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding &amp; compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system. Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session. This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. without the possibility of undetectable fabrication of  session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead.

Lawful Interception

Key escrow

SRTP

MIKEY

PKI

Digital Signature

Multiple Escrow Agents in VoIP

Azfar, Abdullah

January 2010

Using a Key escrow agent in conjunction with Voice over IP (VoIP) communication ensures that law enforcements agencies (LEAs) can retrieve the session key used to encrypt data between two users in a VoIP session. However, the use of a single escrow agent has some drawbacks. A fraudulent request by an evil employee from the LEA can lead to improper disclosure of a session key. After the escrow agent reveals the key this evil person could fabricate data according to his/her needs and encrypt it again (using the correct session key). In this situation the persons involved in the communication session can be accused of crimes that he or she or they never committed. The problems with a single escrow agent becomes even more critical as a failure of the escrow agent can delay or even make it impossible to reveal the session key, thus the escrow agent might not be able to comply with a lawful court order or comply with their escrow agreement in the case of data being released according to this agreement (for example for disaster recovery). This thesis project focused on improving the accessibility and reliability of escrow agents, while providing good security. One such method is based on dividing the session key into M chunks and escrowing the chunks with M escrow agents. Using threshold cryptography the key can be regenerated by gathering any N-out-of-M chunks. The value of M and N may differ according to the role of the user. For a highly sophisticated session, the user might define a higher value for M and N for improved, availability, reliability, and security. For a less confidential or less important session (call), the value of M and N might be smaller. The thesis examines the increased availability and increased reliability made possible by using multiple escrow agents. / Med en nyckel förvaringsinstitut som tillsammans med Röst över IP (VoIP) kommunikation säkerställer att brottsbekämpande organ (LEAs) kan hämta sessionsnyckeln används för att kryptera data mellan två användare i en VoIP-session. Däremot har användningen av ett enda förvaringsinstitut visa nackdelar. En bedräglig begäran av en ond arbetstagare från LEA kan leda till otillbörligt röjande av en sessionsnyckel. Efter förvaringsinstitut avslöjar nyckeln detta onda person kunde fabricera uppgifter i enlighet med hans eller hennes behov och kryptera den igen (med rätt sessionsnyckel). I denna situation personer som deltar i kommunikationssession kan anklagas för brott som han eller hon eller de aldrig begått. Problemen med en enda förvaringsinstitut som blir ännu mer kritisk som ett misslyckande av förvaringsinstitut kan försena eller till och med gör det omöjligt att avslöja sessionsnyckeln, vilket förvaringsinstituten kanske inte kan följa en laglig domstolsbeslut eller uppfyller sina depositionsavtalets när det gäller data frisläppas i enlighet med detta avtal (till exempel för katastrofer). Detta examensarbete fokuserar på att förbättra tillgängligheten och tillförlitligheten i spärrade medel, samtidigt som god säkerhet. En sådan metod bygger på att dela upp sessionsnyckeln till M bitar och escrowing i bitar med M förvaringsinstituten. Använda tröskel kryptografi nyckeln kan genereras genom att samla alla N-out-of-M bitar. Värdet på M och N kan variera beroende på användarens roll. För en mycket sofistikerad session kan användaren definiera ett högre värde för M och N för förbättrad tillgänglighet, tillförlitlighet och säkerhet. För en mindre konfidentiell eller mindre viktigt session (telefonsamtal), kan värdet på M och N vara mindre. I avhandlingen analyseras den ökade tillgänglighet och ökad tillförlitlighet möjligt genom att använda flera spärrade medel.

Key escrow

VoIP

Law Enforcement Agency

Multiple Escrow Agents

Threshold Cryptography

Reliability

Availability

Shamir's Secret Sharing

Communication Systems

Kommunikationssystem

Securing LBO VoLTE roaming with multiple Escrow Agents : A dynamic approach to distribute cryptographic keys to Escrow Agents / Ett tillvägagångssätt att säkra LBO VoLTE roaming med flera "Escrow Agents"

Eneroth, Nathanael

January 2018

The fourth generation cellular mobile broadband, Long-Term Evolution (LTE), provides high speed Internet via Internet Protocol (IP). Today’s wireless infrastructure paves the way to a connected society where high speed Internet is seamlessly available at all times for anyone to use. To achieve this, a mobile service subscriber can no longer be bound to a single network provided by a single operator. Thus, roaming constitutes a key pillar in shaping the connected society Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) roaming enables a mobile service subscriber to breakout from its home network, and to use network services in a visited network. LBO requires control signalling and user data to be routed over several Public Land Mobile Networks (PLMNs), thus making mobile service subscriber’s the subject of Lawful Intercept (LI) across multiple networks. This thesis project investigates the possibility of using Multimedia Internet KEYing (MIKEY) and Secure Real-Time Transport Protocol (SRTP) to encrypt the payload of VoLTE media packets. More specifically, a Law Enforcement Monitoring Provider (LEMP) is designed, implemented, and evaluated. LEMP is deployed within a cell phone and serves to distribute cryptographic key shares to Trusted Third Parties (TTPs), i.e. multiple escrow agents, entrusted to store these cryptographic key shares. The result preserves the requirements for LI despite the fact that there may be multiple network operators involved. Moreover, the experiments show that the distribution time depends primarily on network latency rather than the time required to split the cryptographic key in chunks; hence the approach is usable in practice. / Den fjärde generationens mobila bredband, Long-Term Evolution (LTE), möjliggör användandet av höghastighetsinternet över Internet Protocol (IP). Dagens trådlösa infrastrukturer banar väg för ett fritt och lättillgängligt digitalt samhälle där alla kan vara uppkopplade samtidigt. För att uppnå global trådlös infrastruktur måste mobilabonnenten ha möjlighet att utnyttja flera andra trådlösa nätverk än det nätverk som teleoperatören binder dem till. Därför utgör fri roaming en viktig del i utvecklingen av framtidens globala trådlösa infrastrukturer. Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) är en roamingarkitektur som gör det möjligt för en mobilabonnent att kopplas upp från en teleoperatörs nät till en annans. LBO kräver att kontrollsignaler och användardata skickas mellan flera operatörer innan trafiken når sitt mål, och därmed utsätts mobilabonnenten för laglig avlyssning av elektronisk information på flera platser samtidigt. Det här examensarbetet undersöker möjligheten att använda Multimedia Internet KEYing (MIKEY) och Secure Real-Time Transport Protocol (SRTP) för att kryptera mediatrafik i VoLTE. Under arbetets gång utvecklas och utvärderas en Law Enforcement Monitoring Provider (LEMP). LEMP är placerad i en mobiltelefon och distribuerar delar av krypteringsnycklar till flera betrodda tredje parter (till flera escrow agents). Detta gör det möjligt att uppfylla kraven för laglig avlyssning av elektronisk information även när flera teleoperatörer avlyssnar användardata och kontrollsignaler. Resultatet visar att distribueringstiden primärt beror på nätverkslatens, och inte på den tid det tar att fördela krypteringsnyckeln i mindre delar. Därför kan den här metoden användas i praktiken.

LTE

VoLTE

LBO

Lawful Intercept

Multiple Escrow Agents

Shamir’s Secret Sharing

LTE

VoLTE

LBO

laglig avlyssning

flera "Escrow Agents"

Shamirs krypteringsmetod

Communication Systems

Kommunikationssystem

An investigation into source code escrow as a controlling measure for operational risk contained in business critical software

Eksteen, Lambertus Lochner

12 1900

Thesis (MBA)--Stellenbosch University, 2012. / This research report outlines corporate governance and information technology risk management frameworks and the use of software escrow within a holistic enterprise risk management strategy to maintain business continuity. Available risk mitigation tools and frameworks were analysed including the use of software escrow as an information technology risk mitigation tool and continuity instrument. The primary researched problem relates to how organisations can ensure business continuity through managing the risks surrounding business-critical software applications. Software escrow was identified in the literature review as a risk management tool used to mitigate operational risks residing in the licencing of mission-critical software applications. The primary research question is: “How can source code escrow contribute towards business continuity by limiting risks contained in licensed business critical software applications?” This study found that an escrow agreement ensures an end-user access to licenced mission-critical intellectual property in the event of the owner’s insolvency, acquisition or breach of maintenance agreements and thereby ensures continuity. The following secondary research questions were also answered: “What types of operational risks will be minimised using software escrow?” and “What constitutes an effective source code agreement in South Africa?” The research identified that the main driver for escrow was operational risk of a mission-critical system failure due to maintenance and upgrades not taking place. The reasons identified included insolvency of the software supplier, acquisition of the supplier, loss of key resources (developers) and breach of maintenance or development agreements. The research also identified some limitations to the application of escrow and the reasons for some agreements not being executed. Key escrow contract quality criteria were identified which ensure an effective agreement under South African law. The following essential quality criteria were found to improve the efficiency of execution of the escrow contract: - Frequency and quality of deposits; - Deposit verification to ensure usability of material post release; and - Well-defined release trigger events to avoid legal disputes regarding what constitutes a release. Case studies highlighted the main risks that drive the creation of escrow agreements and identified limitations to the execution of some escrow agreements. The software end-user operational risks mitigated by the use of escrow included: - Continued use of the software despite vendor bankruptcy; - Reducing the dependency on the supplier for maintenance and support of the software Safeguarding critical business processes; and - Return on investment (software implementation, hardware and training of staff). It was concluded that, despite the legal and practical complexities concerned with escrow, it remains the best instrument to ensure continuity when relying on licensed intellectual property used for business-critical functions and processes. Software escrow is therefore a vital component of a well-formulated license agreement to ensure access to mission-critical technology (including all related intellectual property) under pre-defined conditions of release to the end-user (licensee). In the event of a release, the escrow agent gives the end-user access to the deposited source code and related materials for the purposes of business continuity only and in no way affects the ownership rights of the supplier/owner.

Risk management

Software escrow

Data protection

Computer security

Dissertations -- Business management

Theses -- Business management

UCTD

Anonymous Multi-Receiver Certificate-Based Encryption

Tsai, Pei-Jen

16 August 2011

In a multi-receiver encryption environment, a sender can randomly choose a set of authorized receivers while distributing messages to them efficiently and securely. Recently, more and more researchers concern the privacy of receivers. They mentioned that an authorized receiver does not want other entities, except the service provider, to be able to derive her/his identity in many applications such as pay-TV. However, most of these protocols either provide no formal security proofs or are inefficient owing to high computation cost. In this thesis, we construct two provably secure and efficient anonymous multi-receiver certificated-based encryption schemes, PMCE and SCMCE, which avoid the key escrow problem while preserving the implicit certification of identity-based setting. The proposed PMCE and SCMCE get rid of pairing computation to encrypt a message and only need one and two pairing computations to decrypt the ciphertext, respectively. Finally, we define the security models and offer formal proofs to all properties including receiver anonymity.

Key Escrow Freeness

Multi-Receiver Encryption

Bilinear Pairing

Certificate-Based Encryption

Anonymity