Senselect
BiometricPIN™

[CLB: Interesting. I'm trying to determine if finger-push timing effects the pin accuracy, if partial prints are an issue, and how long authentication takes. I'm not yet convinced that the security of this model is currently viable. I'm also curious about a person's ability to recall multiple finger sequences - one sequence for each type of transaction.]

(0) comments

Electronic Design Europe

In the long term electronics will give people a personal body area network (BAN) that will be used to gather vital body information into a central intelligent node. This, in turn, will communicate wirelessly with a basestation. BANs will be built on a number of small low-power sensor/actuator nodes with sufficient computing power, wireless capabilities, and integrated antenna. Each node will have enough intelligence to carry out its task. These could range from storing and forwarding algorithms to complex, nonlinear data analysis. These nodes will be able to communicate with other sensor nodes or with a central node worn on the body. The central node will communicate using standard telecommunication infrastructure, such as a WiFi or mobile phone network.

The network will also be able to deliver services to the owner of the BAN, including the management of chronic disease, medical diagnostic, home monitoring, biometrics, and sports and fitness tracking.

The realisation of BANs largely depends on extending the capabilities of existing devices; a number of medical and technological obstacles need to be removed. For example, the lifetime of battery-powered devices is limited at present and must be extended if it is to power many of these applications. Likewise, the interaction between sensors and actuators needs to be enlarged to support new applications such as multi-parameter biometrics. Also, devices need intelligence built-in so they can store, process and transfer data.

[...]

PDF: European Group on Ethics in Science and New Technologies: Opening the discussion on safe, ethical use of ICT technologies embedded within the human body.

(0) comments

physorg.com

Computers just respond to commands, never 'thinking' about the consequences. A new software language, however, promises to enable computers to reason much more precisely and thus better reflect subtleties intended by commands of human operators. Developed by National Institute of Standards and Technology (NIST) researchers and colleagues in France, Germany, Japan and the United Kingdom, the process specification language software, known as ISO 18629, should make computers much more useful in manufacturing.

ISO 18629 uses artificial intelligence (AI) and language analysis to represent computer commands in the context of a manufacturing plan. Researchers have incorporated approximately 300 concepts, such as “duration” and “sequence,” into its software structure. Computers using software with this expanded, though still primitive AI capacity, can act on a word’s “meaning,” interpreting a command almost like a person.

For instance, a person who hears the commands “paint it, before shipping it” and “turn on the coolant, before milling” understands that the word "before" has slightly different meanings in these two different contexts. In the first command, it is understood that painting and drying must be completed prior to the next action, shipping. In the second command, however, the first action, turning on the coolant, continues after the milling starts. ISO 18629 supports computer systems with this type of rudimentary understanding of context-specific language.

The ISO 18629 language is especially suited for the exchange of process planning, validation, production scheduling and control information for guiding manufacturing processes. The International Organization for Standardization (ISO), which already has approved six sections of the fledging standard, is currently reviewing the last of its three sections. Once the expected ISO approval is given, software vendors will begin building a variety of manufacturing systems that conform to ISO 18629.

Source: NIST

(0) comments

ProjectLiberty.org

The Liberty Specifications were built with privacy in mind.

The decisions made in developing technology were all made to enhance privacy and make it easier to implement good privacy practices.

Non Technical Privacy Features

Consumer consent

• All of the relevant specifications include the reference to the need of consumer consent for relevant transactions.

Consumer choice of Identity Providers

• Federated architecture allows consumer to choose an Identity Provider independent of the used network or service.
  
• Selection is only constrained by laws, regulations and business models, not the Liberty specifications

Decentralized or federated storage of PII or other information related to your identity

• Federated architecture allows the information related to a specific identity to be stored in relevant locations defined by the consumer, government or business relationship between the consumer and certain Service Provider
  
• Storage of PII or other identity related information is only constrained by laws, regulations and business models, not the Liberty specifications
  
• Simplified password management

Technical Privacy Features

XML Signature - XMLDSig allow a proper verification of the transaction parties, and if messages are signed and stored, allows for later auditing

Pseudonymous access - Identity Federation in Liberty creates a pseudonym, constructed of a random set of characters and being unique in the context of a specific Identity Provider and Service Provider

Anonymous Access - Liberty specs provide means for a Service Provider to access Identity Services without a need to know who the consumer they are providing services to really is.

Usage Directives - Allows for indication of associated privacy policy in both a request and reply for principal attributes

Consent header block - SOAP header block used to explicitly assert that the Principal consented to the present interaction

Interaction Service - The Interaction Service specification defines schemas and profiles that enable an Identity Service to interact with the owner of the information exposed by that Identity Service

__posted by Carolyn L Burke @ 3:14 p.m.
subscribe to Integrity

(0) comments

vnunet.com

To maintain security and privacy, firms must improve wireless tag management

Two new reports show that radio frequency identification (RFID) wireless tags are entering the mainstream of business, but warn that IT managers must improve the way they manage security and privacy issues arising from the technology or risk alienating staff and customers.

Hot on the heels of a study from the US Government Accountability Office (GAO), which found that federal departments using RFID were largely ignorant of potential privacy and legal issues, Britain's GMB union released a study claiming RFID and satellite technology was violating the privacy of up to 10,000 UK warehouse staff and other supply chain workers.

[...]

(0) comments

UIA

Information system integrity: The ability of an information system to protect itself against unauthorized user access, to the extent that security controls cannot be compromised. Security controls, no matter how sophisticated, are not reliable if the operating system that administers those controls is not itself protected from user tampering. Total information system integrity, or security, is not considered feasible. A level of system integrity must therefore be selected where the cost and risk involved in breaking that security exceed the benefits to be gained from doing so, or exceed the cost and risk of obtaining the same benefits in another way.

(0) comments

compliance - a Whatis.com definition

Compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so. Software, for example, may be developed in compliance with specifications created by some standards body, such as the Institute of Electrical and Electronics Engineers (IEEE), and may be distributed in compliance with the vendor's licensing agreement. In the legal system, compliance usually refers to behavior in accordance with legislation, such as the United States' Can Spam Act of 2003, the Sarbanes-Oxley Act (SOX) of 2002, or HIPAA (United States Health Insurance Portability and Accountability Act of 1996).

Compliance in a regulatory context is a prevalent business concern, perhaps because of an ever-increasing number of regulations and a fairly widespread lack of understanding about what is required for a company to be in compliance with new legislation. In the financial sector, SOX was enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. In the healthcare sector, HIPAA Title II includes an administrative simplification section which mandates standardization of healthcare-related information systems.

As compliance has increasingly become a concern of corporate management, corporations are turning to specialized software, consultancies, and even a new job title, the Chief Compliance Officer (CCO).

(0) comments

SearchSecurity.com

Trying to be compliant or pass an audit doesn't make you more secure and doesn't protect you from attacks; conversely though, a common sense approach in security may equal regulatory compliance.

So said a Gartner analyst yesterday at the Gartner Security Summit. Amrit Williams, research director of the Information Security & Risk Group, believes that a focus on compliance is to the detriment of security overall. In particular, it may not address some threats that are increasing in scope.

'The greatest threat to us right now is the role of money as a motivator for cybercrime,' Williams said. 'The big threats aren't new, but they are changing and the reason is money.'

Those threats include identity theft; blackmail schemes, such as data for ransom and denial-of-service threats; spam relays [70% of spam is generated by compromised machines]; and espionage.

"If there's money to be made, [attackers will] do anything they can to get it," Williams added. "These attackers will be stealthier and more difficult to prevent." He said true numbers on such attacks are difficult to determine because they often go unreported.

"Through 2007, 80% of damage-causing events will have been preventable by effective implementations of network access control, intrusion prevention, identity and access management, and vulnerability management," according to a report released in December by Stamford, Conn.-based Gartner.

And while many of these issues are also addressed indirectly through regulatory compliance, some may fall off an enterprise's radar while resources instead go toward creating the kind of paper trails now required to show a company's data is secure.

However, Williams said focusing on these elements will go far in mitigating most network security threats. When looking at intrusion prevention, he suggests securing the network as best you can, then focusing on mobile users. For example, buy personal firewalls for all mobile clients because they are a much higher risk for bringing problems into the network. Then focus on servers and desktops.

Williams said better security is about prioritization and planning. Successful vulnerability management relies heavily on determining asset classification and threat posture, while identity and access management depends on predefined roles, controls and accountability. As for network access control, he's a proponent of "quarantine, limit, deny" for systems that may not be current with patches and antivirus signatures.

Concluded Williams: "Doing these four things will make your organization more efficient, protect against current, emerging and future threats, and help you meet regulatory compliance."

(1) comments

RepRap.org

CNN.com June 2, 2005

The machine that can copy anything
The RepRap, a revolutionary machine that can copy itself and manufacture everyday objects quickly and cheaply, could transform industry in the developing world.

The machine could build items ranging in size from a few millimeters to around 30 centimeters, such as plates, dishes, combs and musical instruments.

The design of the RepRap will be available online and free to use.

---

From RepRap.org

A universal constructor is a machine that can replicate itself and - in addition - make other industrial products. Such a machine would have a number of interesting characteristics, such as being subject to Darwinian evolution, increasing in number exponentially, and being extremely low-cost.

A rapid prototyper is a machine that can manufacture objects directly (usually, though not necessarily, in plastic) under the control of a computer.

The project described in these pages is working towards creating a universal constructor by using rapid prototyping, and then giving the results away free under the GNU General Public Licence to allow other investigators to work on the same idea. We are trying to prove the hypothesis: Rapid prototyping and direct writing technologies are sufficiently versatile to allow them to be used to make a von Neumann Universal Constructor.

(0) comments