Search results

In this paper we present a framework for enhancing trust in Internet commerce. Experience shows that efficient cryptographic protocols are not enough to guarantee peoples’ confidence in Internet commerce; the transacting parties must also trust each other. Hence, the main ingredient missing in today’s e‐commerce infrastructures is modeling and implementing trust. Several attempts have been made to provide secure and trusted protocols but few have seen any practical use. This paper shows how trust can be provided through a network of Trust Service Providers (TSp). We have identified a set of services that should be offered by a TSp. We also present a distributed object‐oriented implementation of trust services using CORBA, JAVA and XML.

Personal identification numbers, passwords, smart cards and digital certificates are some of the means employed for user authentication in various electronic commerce applications. However, these means do not really identify a person, but only knowledge of some data or belonging of some determined object. This paper introduces the notion of biometric signature – a new approach to integrate biometrics with public key infrastructure, using biometric based digital signature generation which is secure, efficacious, fast, convenient, non‐invasive and correctly identifies the maker of a transaction. It also suggests two schemes for biometric signature using two existing and widely used digital signature algorithms, RSA and DSA, and discusses the problems associated with them individually. Speed of both schemes (based on iris recognition) is measured and compared with the help of JAVA implementation for both approaches.

To devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.

To enhance security of a private key, we propose a scheme that regenerates a user's private key by taking a genuine user's password, fingerprint and a valid smart card. Our scheme uses features extracted from fingerprint along with public key cryptography, cryptographic hash functions and Shamir secret sharing scheme in a novel way to achieve our desired objectives.

Despite changes in the fingerprint pattern each time it is presented, our scheme is sufficiently robust to regenerate a constant private key. As compared to conventional methods of storing a private key merely by password‐based encryption, our scheme offers more security as it requires a genuine user's password, fingerprint and a valid smart card. Key lengths up to 1024‐bit or even higher can be regenerated making the scheme compatible with the current security requirements of public key cryptosystems.

Minutia points used for image alignment can be incorporated in the key regeneration algorithm for stronger user authentication. In this case, some alternative technique will be required for image alignment.

The robustness of our scheme depicts its use in practical systems where there are variations in fingerprint patterns because of sensor noise and alignment issues.

In this paper, we have demonstrated a novel idea of regenerating the private key of a user by using fingerprint, password and a smart card. The basic aim is to provide more security to key storage as compared to traditional methods that uses password‐based encryption for secure storage of private keys.

n recent years, public key infrastructure (PKI) has emerged as co‐existent with the increasing demand for digital security. A digital signature is created using existing public key cryptography technology. This technology will permit commercial transactions to be carried out across insecure networks without fear of tampering or forgery. The relative strength of digital signatures relies on the access control over the individual’s private key. The private key storage, which is usually password‐protected, has long been a weak link in the security chain. In this paper, we describe a novel and feasible system – BioPKI cryptosystem – that dynamically generates private keys from users’ on‐line handwritten signatures. The BioPKI cryptosystem eliminates the need of private key storage. The system is secure, reliable, convenient and non‐invasive. In addition, it ensures non‐repudiation to be addressed on the maker of the transaction instead of the computer where the transaction occurs.

Trust has become a major issue among online shoppers. This underresearched subject will predictably determine the success or failure of e-commerce vendors. The lack of face-to-face interaction, the inability to inspect goods and services prior to purchase, and the asynchronous exchange of goods and money all contribute to the perceived risk of purchasing online and the resulting need for trust. Trust is particularly critical for small and new Internet ventures confronted by the liability of newness (Stinchcombe 1965). Lacking, among other things, a name that is readily recognized in the marketplace, entrepreneurial Internet ventures require trust if they are to succeed. The research presented in this article addresses this issue by building on the work of McKnight and colleagues and considering the effects of propensity to trust on trusting beliefs. Specifically, the author predicts that propensity to trust will significantly affect perceived ability, benevolence, and integrity but only for those individuals with limited direct experience. Based on a sample of web survey participants, the author found that propensity to trust significantly impacted perceived ability and benevolence for individuals with limited direct experience only. No statistically significant results were found for the effects of propensity to trust on perceived integrity.

Biometric authentication, which requires storage of biometric templates and/or encryption keys, raises a matter of serious concern, since the compromise of templates or keys necessarily compromises the information secured by those keys. To address such concerns, efforts based on dynamic key generation directly from the biometrics have recently emerged. However, previous methods often have quite unacceptable authentication performance and/or small key spaces and therefore are not viable in practice. The purpose of this paper is to propose a novel method which can reliably generate long keys while requires storage of neither biometric templates nor encryption keys.

This proposition is achieved by devising the use of fingerprint orientation fields for key generation. Additionally, the keys produced are not permanently linked to the orientation fields, hence, allowing them to be replaced in the event of key compromise.

The evaluation demonstrates that the proposed method for dynamic key generation can offer both good reliability and security in practice, and outperforms other related methods.

In this paper, the authors propose a novel method which can reliably generate long keys while requires storage of neither biometric templates nor encryption keys. This is achieved by devising the use of fingerprint orientation fields for key generation. Additionally, the keys produced are not permanently linked to the orientation fields, hence, allowing them to be replaced in the event of key compromise.

To explore the role of trust and risk in consumers' apparent reluctance to convert from internet browsers to potential online purchasers. To consider how marketing planners in that environment can devise strategies that balance perceptions of risk against perceptions of trustworthiness.

The literatures of trust and risk were reviewed, with a focus on internet usage and online buying. Six components of organisational trust are used as the framework for a discussion of perceived risk, and of the tactics available to counterbalance perceptions of the riskiness of online buying with evidence of the trustworthiness of the online merchant.

The conclusion is that marketing planners can overcome the barrier of perceived risk if they find the means to generate sufficient trust among their potential customers.

This presents no empirical evidence but does draw together the work of others and build from it a framework for understanding how the twin concepts of risk and trust work together. Fellow researchers are invited to test its propositions experimentally.

Planners of marketing campaigns for online suppliers of products and services can use the framework presented in this paper as a basis for the formulation of effective strategies to convert current web‐browsers into future internet shoppers, and thereby benefit to the full from the advantages of online distribution channels.

Provides a general overview of a topic that is clearly relevant to gatherers of marketing intelligence and planners of marketing strategy, in the rapidly changing online environment.

Modern wireless communications need novel microwave components that can be effectively used for high data rate and low-power applications. The operating environment decides the severity of the noise coupled to the transceiver system from the ambient environment. In a deep fading environment, narrowband systems fail where the wideband systems come for rescue. Thus, the microwave components are ought to switch between the narrowband and wideband states. This paper aims to study the design of a bandpass filter to meet the requirements by appropriately switching between the dual narrowband frequencies and single ultra-wideband frequency band.

The design and implementation of a compact microwave filter with reconfigurable bandwidth characteristics are presented in this paper. The proposed filter is constructed using a hexagonal ring with shorted perturbation along one corner. The filter is capacitively coupled to the external excitation source. External stubs are connected to the corners of the hexagonal resonator to obtain dual passband characteristics centred at 2.1 and 4.5 GHz. The external stubs are configured to achieve bandwidth reconfigurable characteristics. PIN diodes are used with a suitable biasing network to obtain reconfiguration. In the reconfigured state, the proposed two-port filter offers a continuous bandwidth from 2.1 to 5.9 GHz. The roll-off rate along the band edges is improved by increasing the order of the filter.

The proposed filter operates in two states. In state 1, the filter operates with dual frequencies centred around 2 and 4.5 GHz with insertion loss less than <1 dB and return loss greater than 13 dB with a peak return loss of 21 and 31 dB at 2.1 and 2.15 GHz, respectively. In state 2, the filter operates from 2.1 to 5.9 GHz with insertion loss less than 1 dB and return loss greater than 12 dB. The filter exhibits four-pole characteristics with a peak return loss greater than 22 dB. Thus, the fractional bandwidth of the proposed filter is 17% and 16% in state 1, whereas the fractional bandwidth is 95% in state 2.

The proposed filter is the first of its kind to simultaneously offer miniaturization and bandwidth reconfiguration. The proposed second-order filter has two-pole characteristics in the narrowband state, whereas four-pole characteristics are realized in the wideband state. The growing interest in 4G and 5G wireless communications makes the proposed filter a suitable candidate for operation in the rich scattering environment.

This paper seeks to investigate how the concept of a trust level is used in the access control policy of a web services provider in conjunction with the attributes of users.

A literature review is presented to provide background to the progressive role that trust plays in access control architectures. The web services access control architecture is defined.

The architecture of an access control service of a web service provider consists of three components, namely an authorisation interface, an authorisation manager, and a trust manager. Access control and trust policies are selectively published according to the trust levels of web services requestors. A prototype highlights the incorporation of a trust level in the access control policy as a viable solution to the problem of web services access control, where decisions of an autonomous nature need to be made, based on information and evidence.

The WSACT architecture addresses the selective publication of policies. The implementation of sophisticated policy‐processing points at each web service endpoint, to automatically negotiate about policies, is an important element needed to complement the architecture.

The WSACT access control architecture illustrates how access control decisions can be made autonomously by including a trust level of web services requestors in an access control policy.

The WSACT architecture incorporates the trust levels of web services requestors and the attributes of users into one model. This allows web services providers to grant advanced access to the users of trusted web services requestors, in contrast with the limited access that is given to users who make requests through web services requestors with whom a minimal level of trust has been established.