Catálogo de publicaciones - libros

One of the major risks involved in using biometrics for identification and authentication over open public networks, is the danger that the electronic biometric token (for e.g. a fingerprint or iris) can be intercepted and replayed by an unauthorized party. Furthermore, it is possible to make an unauthorized copy of a biometric token, without the permission and knowledge of the real owner, and use that for unauthorized transactions. This can for e.g. happen when a fingerprint is ‘lifted’ from an object the owner has used, and a latex copy is made from this token [].This paper reports on a system in development, called Biovault, which addresses precisely the problems mentioned above, and which may help to make biometric tokens much safer to use over open public networks, for specific application in electronic commerce.

E-commerce applications need new solutions in the field of integration, inter-change and transformation of data across the global marketplace. Such advanced data management features, which are expected to function automatically or semi-automatically, are necessary when a party looks for potential business partners, a buyer wants to find relevant supplier of the products, a seller wants to find potential customers or business partners negotiate a deal, and so on. In these e-commerce applications distributed systems based on the traditional client-server paradigm are nowadays replaced by peer-to-peer (P2P) systems. The goal of data management in P2P systems is to make use of a decentralized, easily extensible architecture in which any user can contribute new data or new schemas and mappings between other peer’s schemas. P2P data management systems replace traditional data integration systems based on single global schema with an interlinked collection of semantic mappings between peers’ individual schemas. The paper discusses this kind of P2P data management in e-commerce settings. A new proposal concerning schema mapping specification and query reformulation is presented.

In this paper, we analyze the main issues of traceability along the supply chain: architectural solutions, business process interaction, lot identification, traceability information management, and communication standards. In particular, the employment in this setting of two different standards for inter-enterprise business collaboration (as ebXML and Web Services) is discussed. Moreover, different standards for lot identification and data capture, as EPC for RFID and EAN/UCC for bar code are taken into account, uncovering their potential contributions in reducing the cost of procedures for tracking goods. The Cerere project experience is finally reported: it is shown that the architecture of a Web Information System framework (developed to assess food supply requirements) witnesses the actual possibility to support process integration and semantic interoperability via XML-based technologies.

Periodic vulnerability assessment (VA), used to uncover and correct vulnerabilities, is a common intrusion prevention technique. Although the VA tools that perform those assessments, report similar information, there are tool specific differences. Unfortunately, trying to combine the output of these tools would require separate parsing tools to address the significant low-level differences. A new data model (Vulnerability Assessment Report Format — VARF) is presented in this paper in order to define data formats for sharing information of interest to VA and to facilitate the interaction with the risk management process. As a proof of concept a set of XSLT transformations was built in order to transform the results of an open source VA tool to a VARF compliant report enabling further processing of the results.

There is considerable interest for electronic merchants with limited resources but a limitless ambition for profits, providing quality of service to customers in proportion to their buying potential or finds a legal way of maximizing their profits. The on-line customers always demand fast response and secure transactions, at the same time the electronic merchants are relentless in managing their finite resources to maximize their profits.

We propose a Genetic Algorithm(GA) based call admission control(CAC) scheme for all the customers of a vendor on the vendor’s VPN. The algorithm prioritizes the customers based on their past purchase history so that the vendors can select the genuine customer to boost their profits.

Customer Behavior Transition Diagram(CBTD) is used to compute the customer based priority of the vendor. Priorities keep changing dynamically as a function of the status of the customer based on the past purchase history at the e-commerce site. The designed method has been tested analytically and simulated in a real time Internet environment on an e-commerce site consisting of multiple servers distributed on LANs and WANs. This mechanism of admitting clients(customers) on requests among the servers(vendors) at the e-commerce site will improve its revenue at peak times. There is a fervent growth in the business through Internet. Virtual Private Network(VPN) is a must for virtual walk way to make it less vulnerable. Vendor controlled virtual path group(VPG) based VPN is adopted as an appropriate security policy on e-commerce by an architecture dedicated to host and serve the e-commerce site. The results are encouraging in admitting the potential customers and given the optimal service.

According to evolving literature on the Software as a Service (SaaS) concept, the benefits proposed for the customer and the provider are controversial as many of the customer benefits are also serious risks for the service provider. A sustainable service in the proposed one-to-many SaaS-mode will therefore require an effective business model capable to lock-in customers. For this purpose we propose applying general e-commerce business models. To tailor these for SaaS, we need to develop new instruments in order to study the customer benefits and value creation. For our explorative empirical study we propose that ease of use and usefulness from the Technology Acceptance Model (TAM) should be combined with content, context, and infrastructure from Rayport and Sviokla’s model in order to study the evolution of the lock-in of the customers of online services. Our empirical data on 251 online newspaper readers showed that the above-mentioned predictors appeared in new factorial combinations of navigational characteristics, usefulness, novelty of the content, complementarities, and the context of the service. These combinations were significant predictors of the customer lock-in, many of them being competitive. For the experienced customers, personally relevant and useful content and effective infrastructure explained over 40 percent of the variance in the lock-in. For the non-experienced users the novelty of the services was the most significant predictor of the lock-in. We discuss the role of the customer value sources (novelty, effectiveness, and complementarities) for practical development of the online Software as a Service offering.

We proposed a framework, called (ROBALO), to ease the tension between (a) the reliability requirement to serve a job request, and (b) the cost of the job’s assignment. In ROBALO, the risks for workers to execute a job are taken into consideration. Such consideration is especially useful in the scenario of mobile workforce management because mobile workers usually meet unexpected situations in the field. Therefore, we can find the job assignment with the minimum cost under a certain degree of risk. Therefore, the job dispatcher can reserve enough resources and make enough preparations for a incident. In tradition, job dispatching mechanism usually take exception handling processes to deal with the failure of job execution. Compared to this approach, the time to discover the failure can be saved because we try to do things right at the first time.

In this paper, we focuses on two process phases of web services, namely the web services discovery and web service query. Web services discovery is to locate the appropriate service, and web service query is to search the service data during execution of web service. When an end-user wants to book a ticket, he will discover the web service first, and then query this service to determine whether it can provide the satisfiable ticket. So the two process phases should work together, not only to discover possible satisfiable service, but to find the real satisfiable service data. It’s a promising idea to adopt Semantic Web technology to implement the two processes. This paper first proposes the whole architecture for discovery and query, then gives four algorithms to discover web services and three algorithms to query web service based on the service data instance concept and similarity calculation. Accordingly, two frameworks separately for discovery and query are implemented. The result proves the approach of combination of two processes can really meet the personal requirements, so has certain application value.

Existing systems supporting collaboration processes typically implement a single, fixed collaboration protocol, and collaboration process takes place inside a single group. In this paper, we present in details the prototype which provides support for multiple collaboration protocols for non-monolithic collaboration processes, i.e. collaboration processes in which collaboration is spread among many groups. Collaboration protocols used by the prototype includes communicative, “acting”, and social aspects of collaboration processes, and the introduction of group actions provides support for group dynamics and helps to structure collaboration processes.

Risk has increased with the development of an Internet-oriented society, and to what extent that risk can be reduced has become a major issue. Thus, risk communication has become crucial for the formation of a consensus among decision-makers such as citizens. Dealing with risk, however, requires the reduction of risks based on conflicting concepts such as security, privacy, and development costs; obtaining the consensus of individuals involved and determining optimal combinations of the measures are not easy. A “multiplex risk communicator (MRC)” with (1) a simulator, (2) an optimization engine, and (3) displays for the formation of a consensus is needed in order to resolve such problems. This paper describes the features an MRC should have, a simple prototype program to support it, and results of its trial application.