Best IT Blog

What CEO’s need to be concerned about

Posted in Business (600),Security (1500) by Guest on the January 20th, 2009
  1. Security Internet / External
  2. Shortage of key skills
  3. Industry consolidation
  4. Changes in type/level of competition
  5. Impact of the Internet
  6. Downward pressure prices
  7. Environment, health, and safety issues
  8. Change in supply/distribution systems
  9. Access to / cost of capital
  10. Changing technology
  11. Regulatory issues (labor, market access, etc)
  12. Effect of corruption
  13. Currency issues
  14. Stakeholder relations
  15. Pressure from institutional investors
  16. Instability in emerging markets


Consumer retail sites:

  1. Competitive product prices                               
  2. Well-designed product representation
  3. Good product selection
  4. Reliable shipping and handling
  5. On-time delivery
  6. Easy ordering
  7. High degree of customer support
  8. Valuable information about products
  9. Posted privacy policy
  10. User-friendly navigation tools                                          

Business-to-business sites:

  1. On-time delivery
  2. Competitive product prices
  3. Well-designed product representation
  4. Good product selection
  5. Easy ordering
  6. Valuable information about products
  7. High degree of customer support
  8. Reliable shipping and handling
  9. Posted privacy policy
  10. User-friendly navigation tools
Comments Off on What CEO’s need to be concerned about

Liability of Internetwork Carriers

Posted in Business (600),Networking (340),Security (1500) by Guest on the January 10th, 2009

The Internet is undergoing a rapid transition.  Two key, interrelated trends are easily discerned.  First, commercial traffic is now being carried on and across many networks.  Second, many networks are being operated more like businesses than research experiments.  New entities have been created as profit-seeking enterprises.  

In this environment, internet-work carriers strongly feel the need to protect themselves from possible liabilities arising out of use of the network.  If a carrier perceives uncertainty in the legal climate regarding its potential liability, it will naturally be inclined to reduce its risk by restricting or reserving the right to restrict uses of the network. 

These carriers typically provide or forward Usenet traffic, as well as access to various bulletin boards and online conferencing systems.  As such, possible areas of concern include allegedly defamatory statements, copyright infringement, invasion of privacy, obscenity, and criminal conspiracy, and trafficking in stolen information. 

If the carrier feels exposure, then the temptation will be to impose conditions of use to restrict the exposure. 

However well-intentioned, there are highly undesirable side-effects of acceptable use policies which are so motivated.  It can have the proverbial chilling effect on speech and expression.  Who is to say whether something is indeed defamatory or infringing?  If the carrier feels it is going to be dragged into such a mess, it may choose the “easy” way out by censoring or refusing to carry what may in fact be innocuous message traffic from the allegedly offending party.  This also puts the carrier in the position of making policy, that is, making decisions about what is legal and what isn’t.  This is not a role carriers should have to play or want to play. 

Telephone companies and other common carriers escape this problem because, as common carriers, they are statutorily immune from liability arising from the contents of messages they carry.   No one here is remotely suggesting that inter-network companies be taken the common carrier route, as it is inimical to the successful model of free enterprise, which is to be employed in the development of the next stage of the Internet.

The conclusion of our analysis is that some equivalent statutory protection for network carriers is called for in order to promote the orderly and free development of the net.  This discussion document outlines a proposed statute that would free “forwarders” of electronic communications from fears of legal liability that might incline them to be censors.

The purpose of the proposed legislation would be to facilitate the forwarding and transmission of electronic messages without undue fear of liability on the part of the party performing only a forwarding or transmission function. The goal is to encourage the use of new electronic media for transmission of information by providing explicitly that the sender, rather than the person who provides a medium for forwarding or transmission, is responsible for the content of the communication.


Comments Off on Liability of Internetwork Carriers

Identity Management Glossary of Terms

Acquisition device: The hardware used to acquire biometric samples.

Acquisition device: The hardware/sensors used to acquire biometric samples. These would include finger sensors or readers, iris scanning devices, facial recognition cameras.

Automated Fingerprint Identification System (AFIS): A system that compares a single fingerprint with a database of fingerprint images. 

Automated Fingerprint Identification System (AFIS): Automated Fingerprint Identification System. A system originally developed for use by law enforcement agencies, which compares one or more fingerprints from an individual with a database of fingerprint images. Subsequent developments have seen its use in commercial applications, where a client or customer has their finger image compared with existing personal data by placing a finger on a scanner, or by the scanning of inked paper impressions.

Algorithm: A sequence of instructions that tells a system how to accomplish some task. In cryptography, refers to a sequence of actions, usually mathematical calculations, performed on data to encrypt or decrypt it. In biometric systems, it is used to determine whether a sample and a template are a match.

Algorithm: A sequence of instructions that tells a system how to solve a problem. Used by biometric systems, for example, to tell whether a sample and a template are a match. Cryptographic algorithms are used to encrypt sensitive data files, to encrypt and decrypt messages, and to digitally sign documents.

Application Program Interface (API): Modular computer code that defines how a software application interacts with an application or device. When used with biometric systems, it provides an interface between the application and the biometric device.

Application Program Interface (API): Application Program Interface. A computer code that is a set of instructions or services used to standardize the interface to an application.
Authentication: The process of validating a claim of identity, binding the presented identity to the identity claimant.

Authentication: Any process that validates an identity via the matching of an individual against a system known item. Often involving a credential (unique id, logon id) and token (SecureID, Smartcard). Primary authentication methods are:

  • Access passwords (something the user knows)
  • Access tokens (something the user owns)

Biometrics (something the user is)

BioAPI: The API specification developed by BioAPI Consortium designed as a standard for serving various biometric technologies.  

BioAPI: Designed to produce a standard biometric API aiding integration between systems and devices.  Developed by the BioAPI consortium, and first released in March 2000, BioAPI has become an international standard and is used in many biometric applications deployed worldwide.

Biometric: A process by which identity is verified through the examination of behavioral or physiological characteristics, such as fingerprint or retinal scan. 

Biometric: A measurable, physical characteristic or personal behavior trait used to recognize the identity, or verify the claimed identity, of an applicant.  Facial images, fingerprints, and handwriting samples are all examples.

Biometric: A unique, machine measurable biological trait or characteristic that can be used to verify identity. Common biometrics are fingerprint, hand geometry, iris patterns, speaker recognition and face.

Claim of Identity or Credential:  An assertion made that an individual is a recognized identity.
Credential: An object that authoritatively binds an identity (and optionally, additional attributes) to and are controlled by an individual.

Claim of Identity or Credential: A unique item, which identifies the individual. Credentials include things like ID badges, smart cards, driver’s licenses, passports and other identity credentials.

Contact & Contactless: In regard to chip cards: whether the card is read by direct contact with a reader or has a transmitter/receiver system which allows it to be read using radio frequency technology (up to a certain distance).

Contact & Contactless: In regard to identification cards: whether the card is read by direct contact with a reader or has an internal transmitter/receiver which allows it to be read using radio frequency technologies (distance limited).

Enrollment: The initial process of collecting identity authentication data from a user. When referring to biometric systems, it is the process of collecting biometric data from an individual that will be stored in a template for later comparison. 

Enrollment: The process capturing an individual’s biographic and biometric data for entry into an identification system. 

False Accept Rate (FAR): The frequency (usually expressed as a percentage) at which imposters are incorrectly accepted as identified or verified by an authentication system. 

False Accept Rate (FAR): The probability that a biometric system will incorrectly identify an individual or will fail to reject an imposter.  The rate given normally assumes passive imposter attempts.  The FAR may be estimated as follows:  

FAR= NFA/NIVA  FAR is the False Acceptance rate, NFA is the number of false acceptances, and NIVA is the number of imposter verification attempts.
False Accept Rate (FAR): is the probability of a random user, who is not enrolled, being falsely accepted by a specific system. Sometimes referred to as a false positive or false match rate.

False Reject Rate (FRR): The frequency (usually expressed as a percentage) at which enrolled persons are incorrectly rejected as unidentified or unverified persons by an authentication system. 


False Rejection Rate (FRR): The probability that a biometric system will fail to identify an applicant, or verify the legitimate claimed identity of an applicant.  The False Rejection Rate may be estimated as follows: 

FRR=NFR/NEVA   FRR is the false rejection rate, NFR is the number of false rejections, NEVA is the number of applicant verification attempts.  This estimate assumes that the applicant verification attempts are representative of those for the whole population of end-users.  The FRR normally excludes Failure to Acquire errors. 

False Reject Rate (FRR): is the probability of a legitimate user being falsely denied access to a specific system. Sometimes called a false negative or false non-match rate. 

Fingerprint Template:A highly compressed and digitally encoded mathematical representation of fingerprint features stored for future verification purposes. 

Fingerprint Template:A description of all the detected minutiae in a fingerprint pattern. The template contains each minutia’s coordinate, slope, and type, thus summarizing the characteristics of the fingerprint for purposes of matching the fingerprint against candidates. 

Identification: A process by which an entity is recognized and its ‘identity’ established. In biometric systems, refers to the process by which the system identifies the person through a search of the enrolled population. 

Identification: The process of discovering the true identity (i.e. origin, initial history) of a person or item from the entire collection of similar persons or items. 

Identification: (1:N, one-to-many, recognition) – The process of determining a person’s identity by performing matches against multiple biometric templates. Identification systems are designed to determine identity based solely on biometric information. Positive identification systems are designed to find a match for a user’s biometric information in a database of biometric information.

Identity proofing: The process of providing sufficient information (e.g., identity history, credentials, documents) to a PIV Registration Authority when attempting to establish an identity.

Identity Management: broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity.

Identity Management: IT infrastructure designed to consolidate and streamline the management of user identity, authentication and authorization data. 

Identity Verification: The process of affirming that a claimed identity is correct by comparing the offered claims of identity with previously proven information stored in the identity card or PIV system. 

Matching: The process of comparing a biometric sample (i.e. fingerprint) to one stored in the template to determine if they correlate. 

Matching: The process of comparing biometric information against a previously stored template and scoring the level of similarity. 

Matching: The comparison of biometric templates to determine their degree of similarity or correlation. A match attempt results in a score that, in most systems, is compared against a threshold. If the score exceeds the threshold, the result is a positive match; if the score falls below the threshold, the result is a non-match. 

Minutiae Points: Local ridge characteristics that occur at either a ridge bifurcation or a ridge ending.
Minutiae Points: Unique characteristics or identity points of a biometric. In a finger biometric unique lines, called ridges, occur on the fingerprint surface. The finger minutiae are the points where these ridge lines terminate or intersect one another. 

Sample: The identifiable, unprocessed image or recording of a physiological or behavioral characteristic, acquired during submission, used to generate biometric templates.

Smart Card: A card, not much bigger than a credit card that contains a computer chip and is used to store or process information. When used with identity authentication systems, it may contain a digital certificate or biometric template, or both. 

Smart Card: A specialized ID card that contains a computer processor chip (with memory). This card can store information related to identity and privileges. The data can be in the form of a PIN, a digital signature, electronic keys, medical information or a biometric template such as are generated from a finger image. 

Template: A mathematical representation of biometric data.
Template: A biometric image data record.
Template: a mathematical representation of biometric data. A template can vary in size from 9 bytes for hand geometry to several thousand bytes for facial recognition.
Response Time/Processing Time: The time period for an authentication system to return a decision on identification or verification of a biometric sample or other presented authentication data.
Response Time/Processing Time:The time period required by a biometric system to return a decision on identification or verification of a biometric sample.
Threshold: A predefined number, that establishes the degree of correlation necessary for a comparison to be deemed a match.
Threshold: A predefined number, often controlled by a biometric system administrator, which establishes the degree of correlation necessary for a comparison to be deemed a match.
Verification: The process of comparing characteristics of a valid identity to those presented to the claimant in order to establish whether or not the identity is valid and can be bound to the identity claimant. When used with biometric systems, it is the process of establishing identity validity through the comparison of the verification with the enrollment template.


Comments Off on Identity Management Glossary of Terms