Filter by type:

Sort by year:

Trust establishment between OAuth 2.0 resource servers using claims-based authorization

Journal paper
Edon Gashi, Blerim Rexha, Avni Rexhepi
Electronic Government, an International Journal, 2020 Vol.16 No.4, pp.XX
Publication year: 2020

Abstract

The OAuth 2.0 authorization framework is one of the most commonly used authorization frameworks. In its specification many implementation details are loosely defined, including the relationship between resource servers and authorization servers. This paper presents an approach for establishing trust between servers by using the authorization server as a broker, and examines an implementation for secure exchange of scholarship information between parties. To specify access rights, claims such as roles and capabilities are assigned to resource servers. These claims are asserted by the authorization server in form of access tokens. Instead of relying on shared databases, the issued access tokens are used to exchange messages between resource servers. This approach is useful in scenarios where applications have no shared infrastructure or are implemented by different parties.

 

Keywords

Authorization, OAuth, Trust, Security

Analysing and comparing the digital seal according to eIDAS regulation with and without blockchain technology

Journal paper
Vlera Alimehaj, Arbnor Halili, Ramadan Dervishi, Vehbi Neziri and Blerim Rexha
International Journal of Information and Computer Security, 2020 Vol.13 No.2, pp.XX
Publication year: 2020

Abstract

Digitalization of public services has already changed the way how we interact with government. The electronic signature, based on public key cryptography, has strengthened the trust towards this transformation. With the recent appearance of the electronic seal, this digital transformation is complete. The new European Union regulation for electronic Identification, Authentication and trust Services (eIDAS) has repealed the old directive and provides a regulatory environment. In the meantime, a novel technology based in cryptography rose as an alternative to fulfill these objectives – the blockchain. This paper, analyses the properties of the electronic seal, based on eIDAS regulation, with and without blockchain technology. The developed application uses local X.509 digital certificates and the MultiChain platform for the creation and deployment of private blockchains. At the end of the paper an overview of this comparison is provided, using different documents, pointing out the pros and cons of each technology.

 

Keywords

Digital signature, electronic seal, eIDAS, blockchain, cryptography

Applying Efficient Crowdsourcing Techniques for Increasing Quality and Transparency of Election Processes

Journal paper
Blerim Rexha, Ilir Murturi
Electronic Government, an International Journal, Vol.15 No.1, pp.107 – 128
Publication year: 2019

Abstract

Recently crowdsourcing is being established as the new platform for capturing ideas from multiple users, i.e., the crowd. Many companies have already shifted their approach towards utilising the power of the crowd. Transparency and quality of election process is the main factor for acknowledging the general election results. Voters, crowd feedback can be utilised to maintain a desired election process transparency and quality. This paper presents an efficient solution using crowdsourcing techniques for increasing transparency and the quality of election processes through a simple feedback web form in polling stations. These polling stations are securely connected to central election commission monitoring room, where the overall transparency and quality in national scale can be monitored. The survey conducted with more than 600 respondents shows that this approach will be acceptable from citizens and will increase the overall transparency, quality, and acceptance of election results.

 

Keywords

crowdsourcing, crowd voting, privacy, security

Using Record Level Encryption for Securing Information in Classified Information Systems

Journal paper
Blerim Rexha, Halil Sadiku, Bujar Krasniqi
Journal of Natural and Engineering Sciences (NESciences), Volume 3, No 2, pp. 207-224
Publication year: 2018

Abstract

Information technology (IT) systems have great potential to improve the efficiency and methods of operation in each government organization, providing added convenience and flexibility. Currently, most of government law enforcement agencies have digitized their methods of work by advancing their user services. With this new approach, have come new threats, therefore, it is necessary to develop and implement standard policies to enhance information security and privacy on all classified information systems. In this paper a novel solution is presented for protection of information up to the record level encryption by applying the Advanced Encryption Standard (AES) algorithm using derived symmetric master key. The master key is unique per each record and is calculated in the client application. The uniqueness of the derived master key is assured by applying the exclusive or operation of the key of each record and the unique key of the client. Furthermore, this paper includes a critical approach on existing cryptographic methods and proposes additional methods to protect information, such us authentication, access control, and audit.

 

Keywords

Information security, Privacy, Encryption, Decryption, Access control, Audit

Using efficient TRNGs for PSEUDO profile in national eID card

Journal paper
Blerim Rexha, Dren Imeraj, Isak Shabani
International Journal of Recent Contributions from Engineering, Science & IT (iJES). eISSN: 2197-8581, Vol 6, No 1 pp. 57-73, 2018
Publication year: 2018

Abstract

Applications that requires true random number generator (TRNG), which uses raw analog data generated from any noise source in nature, must convert the source normal distribution to uniform distribution. Many up to date implementations convert the raw analog data into digital data by employing a comparator or a Schmitt trigger. This method wastes a large amount of random input data, lowering the throughput of the TRNG. In new national electronic identity card (eID) beyond the true identity of his bearer and to address the increasing concern of user privacy while doing business in Internet an additional pseudo profile is set. This pseudo profile uses 20-byte random value generated by database server, using a script during personalization process. In this paper, we present a novel algorithm that enables efficient distribution conversion in low power devices. The low memory requirements and efficient processing make it suitable for implementation low power cryptographic devices but also in complex personalization systems. Furthermore, we compare the random data generated by our efficient TRNG vs. those generated by database server.

 

Keywords

eID, privacy, security, random, TRNG

 

The teachers’ impact on policy making for the improvement of the school performance (the case of Kosovo)

Journal paper
Jehona Ferizi-Miftari, Blerim Rexha
International Journal of Education Economics and Development, Vol. 9 No. 1, pp.80-104
Publication year: 2018

Abstract

Teachers’ contribution in the process of improving the contemporary school performance is manifold and permanent. This study elaborates the contribution of the Kosovan teachers towards the improvement of the  quality of work in primary and lower secondary school. Data were collected from 1080 teachers working in schools located in different areas in Kosovo. The data processing was done through the descriptive statistics method with the aim of extracting the characteristics of the data (average  standard deviation) and the inferential statistics method in the function of the validity scale of assumptions that result from the data. The research results indicate that today, the Kosovan teachers enjoy more opportunities to influence the policies for the functionalisation and improvement of the work at school, whereas teachers with a higher level of education are more sceptical concerning the issues of influencing the policies of functionalisation and improvement of the work at school.

 

Keywords

reform; Kosovo; teacher commitment; school performance; school improvement; decision-making.

The process of school adaptation and restructuring towards supporting social, economic and political developments in post-war Kosovo - critical review

Conference paper
Jehona Ferizi-Miftari & Blerim Rexha
International conference, Kosovo Academy of Sciences and Arts, Prishtina, October 26 - 27 2018, pp. 229-246
Publication year: 2018

Abstract

Everything that happens in a society is transmitted and reflected indirectly in its schools. The education system in post-war Kosovo underwent radical changes, and the reform and adaptation movements affected all the links of the education system. The political, social and economic status of post-war Kosovo, as well as insufficient staffing capabilities for implementing educational reform, represent a serious challenge in the process of practical implementation of educational reform. In such transitions there are drives to transfer the experiences of the most advanced educational systems of western countries. The application of these reforms brought much disappointments, objections and dilemmas. This paper, apart from the chronological critical review of the changes the education system in Kosovo went through, compares the positive experiences of neighboring countries such as Albania, Macedonia, Serbia and Croatia, and German-speaking countries such as Germany and Austria, i.e. practices that these countries have followed to overcome the challenges that arise in education reforms. In the Kosovo context, based on the steps taken at each stage of the process, we conclude that the initiation of changes in the Kosovo education system started in disregard of the context in which these schools operate. In conclusion, the paper provides recommendations for stakeholders in the education system in order to meet the increasing demands of the society.

 

Keywords

Kosovo, school, reform, transition, development.

 

Increasing trustworthiness of face authentication in mobile devices by modeling gesture behavior and location using neural networks

Journal paper
Blerim Rexha, Gresa Shala, Valon Xhafa
International Journal of Future Internet, Volume 10, Issue 2,
Publication year: 2018

Abstract

Personal mobile devices currently have access to a significant portion of their user’s private sensitive data and are increasingly used for processing mobile payments. Consequently, securing access to these mobile devices is a requirement for securing access to the sensitive data and potentially costly services. Face authentication is one of the promising biometrics-based user authentication mechanisms that has been widely available in this era of mobile computing. With a built-in camera capability on smartphones, tablets, and laptops, face authentication provides an attractive alternative of legacy passwords for its memory-less authentication process, which is so sophisticated that it can unlock the device faster than a fingerprint. Nevertheless, face authentication in the context of smartphones has proven to be vulnerable to attacks. In most current implementations, a sufficiently high-resolution face image displayed on another mobile device will be enough to circumvent security measures and bypass the authentication process. In order to prevent such bypass attacks, gesture recognition together with location is proposed to be additionally modeled. Gestures provide a faster and more convenient method of authentication compared to a complex password. The focus of this paper is to build a secure authentication system with face, location and gesture recognition as components. User gestures and location data are a sequence of time series; therefore, in this paper we propose to use unsupervised learning in the long short-term memory recurrent neural network to actively learn to recognize, group and discriminate user gestures and location. Moreover, a clustering-based technique is also implemented for recognizing gestures and location.

 

Keywords

authentication; face; smartphones; gestures; location; LSTM; neural network

Impact of Electronic Competence Based Teaching in Higher Education

Journal paper
Isak Shabani, Fatos Halilaj, Blerim Rexha
Journal of Natural and Engineering Sciences, 2018, Volume 3, No: 3, pp. 233-247
Publication year: 2018

Abstract

In the beginning of Bologna’s process and creation of European Higher Education Area (EHEA), great importance has been to the transparency, increase of quality and concurrency between institutions of higher education. Nowadays, hot topic in higher education institutions in Europe are real-time learning outcomes, they are analyzed, projected and are evaluated today in all Europe and abroad. Traditional models and methods of success expression in learning and the degree of qualification is substituted with modern online systems. This paper proposes best practices for competence based teaching in higher education by using eCompetence software. The way these competences are organized, activities which are related to these competences and course contents which will help us to continuously evaluate students and prepare them for the labor market. Our results suggest that by implementing competence based teaching system in university evaluation and competence gaining would be more productive and would better prepare students for labor market. Consequently, this paper draws attention on provision of implementation of such a system in higher education by providing competence matrix, a competence software, and evaluation process.

 

Keywords

Competence, E-learning, Evaluation, Competence Management System

Energy Efficiency Optimization by Spectral Efficiency Maximization in 5G Networks

Journal paper
Bujar Krasniqi, Blerim Rexha, Betim Maloku
International Journal of Electronics and Telecommunications, 2018, Vol. 64, pp. 497–503
Publication year: 2018

Abstract

Energy and spectral efficiency are the main challenges in 5th generation of mobile cellular networks. In this paper, we propose an optimization algorithm
to optimize the energy efficiency by maximizing the spectral efficiency. Our simulation results show a significant increase in terms of spectral efficiency as well as energy efficiency whenever the mobile user is connected to a low power indoor base station. By applying the proposed algorithm, we show the network performance improvements up to 9 bit/s/Hz in spectral efficiency and 20 Gbit/Joule increase in energy efficiency for the mobile user served by the indoor base station rather than by the outdoor base station.

 

Keywords

Energy efficiency, 5G, radio resources, power allocation, optimization convexity

Challenges of quality assurance in Higher Education in Kosovo

Conference paper
Furtuna Mehmeti & Blerim Rexha
International conference, Kosovo Academy of Sciences and Arts, Prishtina, October 26 - 27 2018, pp. 132-152
Publication year: 2018

Abstract

 The liberalization of the higher education market and the growth of higher education service providers in the last two decades has demanded from such providers to demonstrate the quality of their activities. Research shows that universities were used to seeing excellence as a self-evident key indicator of quality in higher education, but now this self-evident indicator has been transformed into a control mechanism. In Kosovo, the concept of quality assurance through the Kosovo Accreditation Agency is relatively new, but this concept is becoming increasingly integral and important part of each higher education institution. Mechanisms for external and internal quality assurance have been established in the formal sense, the legal basis on which the quality assurance system is organized, i.e. the quality assurance requirements and standards, is well defined and applicable. This paper presents the challenges of quality assurance (external and internal), by comparing the fulfillment of these criteria over the years, then by comparing with the European quality assurance standards and guidelines as well as the good practices of some developed countries. The paper presents the conclusions, lessons learned during these years, and finally recommendations for higher education system actors to overcome these challenges.

 

Keywords

Higher education, quality assurance, accreditation, challenges, Kosovo.

Analyzing and comparing the performance of national biometric eID card in heavy cryptographic applications

Journal paper
Gazmend Krasniqi, Petrit Rama, Blerim Rexha
Journal of Applied System Innovation. Volume 37, Issue 1
Publication year: 2018

Abstract

Today, we are witnessing increased demand for more speed and capacity in the Internet, and more processing power and storage in every end user device. Demand for greater performance is present in every system. Electronic devices and their hosted applications need to be fast, but not to lose their main security features. Authentication and encryption are the main processes in the security aspect, and are required for a secure communication. These processes can be executed in different devices, among them PCs, microprocessors, microcontrollers, biometric cards or mobile devices. Biometric identity cards are becoming increasingly popular, challenging traditional PC devices. This paper compares two processing systems, the efficiency of encryption and signatures on the data executed in national identity biometric card versus PC, known also as the match-on-card versus the match-off-card. It considers how different parameters impact the process and the role they play on the overall process. The results, executed with a predefined set of test vectors, determine which processing system to use in a certain situation. Final conclusions and recommendations are given taking into consideration the efficiency and security of the data.

 

Keywords

cryptography; digital signature; match-on-card; match-off-card; eID biometric card

Analysis of Macro-Femto Cellular Performance in LTE under Various Transmission Power and Scheduling Schemes

Journal paper
Bujar Krasniqi, Blerim Rexha
Journal of Communications, 2018, Vol. 13, no. 3, pp. 119-123
Publication year: 2018

Abstract

The mobile networks use femtocells as low power nodes to improve indoor coverage and thus achieve a high network capacity. In this paper, we focus on a combination of macrocells and femtocells in Long Term Evolution (LTE) networks. To achieve a high LTE network performance, we investigate the influence of power allocated to Evolved NodeB (eNodeBs) and Home Evolved NodeB (HeNodeBs) respectively. Using the Round Robin scheduling, while decreasing the eNodeBs transmit power and increasing the HeNodeBs transmit power, improve the user’s throughput significantly. We further demonstrate, by simulations, that applying other scheduling algorithms under the low eNodeBs transmit power and high eNodeBs, results in a significantly increased performance of LTE network.

 

Keywords

Scheduling, transmit power, HetNet, LTE, resource block

Using collaborative based algorithm for efficient management of limited resources on social networks

Conference paper
Valon Xhafa, Korab Rrmoku, Blerim Rexha
IEEE 2016 Third International Conference on Mathematics and Computers in Sciences and in Industry (MCSI), pp. 289-295
Publication year: 2016

Abstract

With all features and resources, such as: social actors, social relations, content, communication, and ratings that todays’ social networks like Facebook, LinkedIn, Twitter, Google+, etc. offer to users, it still appears that at given point we have to refine and optimize our own accounts within the limits of a certain social network. In line with this trend, in this paper we present a model for efficient management of friends list in Facebook, as one of the limited resource in this social network. In order to get users data from Facebook, a web scraping technique combined with reverse image search has been adopted to ensure users authenticity. The activity between nodes (friends) on a social network is calculated based on their interactions in terms of likes, comments, shares and posts between each other. This approach led us into designing and implementing an algorithm based in these collaborative metrics, named “weight of relationship”. This algorithm calculates weights between friends on a network, and the results are evaluated by comparing these weights with respondent answers, conducted through personalized questionnaire. Consequently, this methodology brings feasible results, with an average accuracy of 71% on recommending which friends should be removed, thus releasing the space for incoming new friends. An app named RateMyFriends is developed based on presented approach.

 

Keywords

Social networks; algorithm; efficiency; Web scraping; application

Improving Quality of Election Process Using Crowdsourcing Techniques

Journal paper
Blerim Rexha, Ilir Murturi, Isak Shabani, Avni Rexhepi
International Journal of Applied Mathematics, Electronics and Computers, ISSN: 2147-82282147-6799, Volume 4 (4), pp.107-112
Publication year: 2016

Abstract

Quality of election process is a main factor for acknowledging the general election results. In this sense a feedback from voters is critical to maintain a desired process quality. Crowdsourcing is establishing as standard platform to capture feedback and new ideas from the participating stakeholders. This paper presents an efficient solution using crowdsourcing techniques for improving the quality of election processes through a simple feedback web form in polling stations. These polling stations are securely connected to Central Election Commission monitoring room, where the overall quality in national scale can be monitored. The survey conducted with more 600 respondents shows that this approach will be acceptable from citizens and will improve the total quality and acceptance of election results.

 

Keywords

Crowdsourcing; crowd voting; privacy; security;

Enhancing Network Security in PPPoE protocol during the logical Local Loop Unbundling

Conference paper
Kushtrim Kelmendi, Blerim Rexha
ICINS '16 Proceedings of the 4th International Conference on Information and Network Security, pp.45-49
Publication year: 2016

Abstract

Local Loop Unbundling (LLU) is a process which allows the competitive Network Service Providers (NSPs) to use the telecom’s incumbent infrastructure to provide the services to their subscribers. In logical LLU, as the traffic passes through the incumbent network infrastructure, security and privacy of the NSP subscribers is of a serious concern. In this paper, we have presented a novel approach to address these concerns, by implementing the encryption on the Point to Point Protocol over Ethernet (PPPoE), in the broadband network, between the NSP Customer Premises Equipment (CPE) and Broadband Network Gateway (BNG) router. First, encryption algorithm is negotiated using the existing protocol Encryption Control Protocol (ECP), during the PPP establishment phase, and after that the PPP packet payload is encrypted using the Advanced Encryption Standard AES, 128 bit version. The encryption key is derived using the first 128 bits of the SHA256 hash of sum of the three key variables: PPPoE SESSION_ID, CPE MAC Address, and CPE serial number, which makes this encryption key unique. The proposed solution is compared to existing protocols.

 

Keywords

AES, BNG, ECP, PPPoE, SHA256

Impact of secure programming on web application vulnerabilities

Conference paper
Blerim Rexha, Arbnor Halili, Korab Rrmoku, Dren Imeraj
2015 IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS), pp. 61-66
Publication year: 2015

Abstract

Nowadays all organizations tend to shift their daily business processes into web. This shifting requires from web developer’s detailed knowledge about security techniques, such as Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS), otherwise the data managed and protected by web application could be exposed to not authorized parties. This paper aims to link and measure the impact of security techniques used by web developers for avoiding the vulnerabilities in web applications. We conducted a survey about the level of applicability of security techniques during web development and conducted a penetration testing for more than 110 local web sites. We discovered many vulnerabilities in these web sites and we linked the results with survey outcome.

 

Keywords

Web security, security scanners, Web vulnerabilities, SQL injection, XSS attack

Efficient distribution conversion algorithm in low power TRNGs for embedded security applications

Conference paper
Blerim Rexha, Dren Imeraj, Ehat Qerimi and Arbnor Halili
19th International Conference on Circuits, Systems, Communications and Computers (CSCC 2015) Technical sponsor for CSCC: IEEE Egypt Chapter, Greece, July 16-20, 2015
Publication year: 2015

Abstract

The raw analog data generated from almost any noise source in nature has a normal distribution of values. Cryptography applications usually require true random number generators (TRNGs) to output random data streams that have a uniform distribution of values. Since TRNGs use a noise source to generate the random data, and that source usually has a normal distribution, the TRNG has to convert the distribution. If the TRNG is implemented in a low power device such as a microcontroller, the algorithm for distribution conversion needs to be lightweight and efficient in terms of using as much of the raw data as possible. Current market implementations convert the analog data into digital data by employing a comparator or a Schmitt trigger. This method wastes a large amount of random input data, lowering the throughput of the TRNG. This paper presents a novel algorithm that enables distribution conversion in low power devices. The low memory requirements and efficient processing make it suitable for implementation in microcontrollers or other low power cryptographic devices. The algorithm is also flexible, allowing for any size of noise samples.

 

Keywords

Algorithm, distribution, random, security, TRNG

Increasing SMS privacy using AES encryption algorithm in Android application

Conference paper
Blerim Rexha, Lavdërim Shala, Ehat Qerimi
The International Conference 'Recent Trends and Applications in Computer Science and Information Technology' Tirana, Albania, December 12-13, 2014
Publication year: 2014

Abstract

Short Message Service (SMS) is the oldest application for exchanging messages between communicating parties in cellular network used by mobile phones. These messages are encrypted over-the-air with A5/1 algorithm and stored as clear text at network operator. Recent developments have shown that this algorithm is not secure any more. Compromising an access to network operator registers gains access to SMS also. For assuring privacy the SMS application must provide end-to-end encryption. In this paper we present an efficient solution for encrypting SMS between communicating parties using Advanced Encryption Standard (AES) algorithm in Android environment. Furthermore we compare the proposed solution we existing ones in market listing strengthens and limitations.

 

Keywords

Encryption, Privacy, SMS, AES, and Android.

Improving authentication and transparency of e-Voting system – Kosovo case

Journal paper
Blerim Rexha, Vehbi Neziri and Ramadan Dervishi
International Journal on Computers and Communications, Issue 1, Volume 6, pp.84-91
Publication year: 2012

Abstract

Authentication and privacy are central issues for acceptance of any e-Voting system in particular and growth of e-Services in general. This paper aims to: (i) to analyze the appropriate architecture and propose new efficient architecture of electronic voting system in Kosovo, and (ii) to analyze the threat vectors and their avoidance in such system. The novelty of implemented solution is based on using dynamic queue list generated based on voters arrivals and identification at the polling station. The proposed architecture enables citizens to cast their vote in any polling station, in opposite to paper form voting where citizen is linked to his predefined polling station. The national election commission configures the smart card, as part of electronic voting infrastructure, to allow decryption of number of records that matches the number of voters in final country wide voting list. The communication between polling stations and central server is encrypted with server’s public key stored in digital certificate and every casted vote is digitally signed by ballot box private key. The developed model is used to compare the costs and efficiency of e-Voting against the traditional paper based voting system in Kosovo.

 

Keywords

Digital Signature, Privacy, Security, Smart Cards, e-Voting, X.509 Digital Certificates

Enhancement of String Matching Queries on Albanian Names for Kosovo Civil Registry

Conference paper
Blerim Rexha, Valon Raca, Agni Dika
International Conference on Recent Advances in Computers, Communications, Applied Social Science and Mathematics, Barcelona, Spain, September 15-17, 2011
Publication year: 2011

Abstract

Civil Registry Information System serves as an essential data source for all e-government services. Searching for a citizen’s data in Civil Registry Database is usually done by providing unique keywords such as name. Due to the similar pronunciation of some Albanian language consonants, for example gj [ɟ] and xh [d͡ ʒ], problems arise in finding citizens data, names of which are similarly pronounced, despite different spelling. This paper presents a novel approach for string matching algorithm based on Albanian names. For this paper Levenshtein distance, American Soundex and modified Soundex results are compared on a database of 271.000 citizens of Prishtina municipality. The modified Soundex algorithm accommodates basic rules of pronunciation in Albanian language and its accuracy and efficiency is better than Levenshtein distance and American
Soundex.

 

Keywords

String matching, Levenshtein, Soundex, Civil Registry

Implementing data security in student lifecycle management system at the university of Prishtina

Journal paper
Blerim Rexha, Haxhi Lajqi, Myzafere Limani
Transactions on Information Science and Applications, Volume 7 Issue 7, July 2010 Pages 965-974
Publication year: 2010

Abstract

In this paper is presented a novel approach for fulfilling the data security criteria in a Student Lifecycle Management System at the University of Prishtina. The four main criteria of data security such as: privacy, authentication, integrity and non-repudiation are fulfilled through carefully selected security policies. Student data privacy is achieved using the Secure Socket Layer protocol for web communication with web server. Each user, being student, academic or administrative staff is provided with unique user name and initial password in the Student Lifecycle Management System. Data integrity and non-repudiation are fulfilled using digital signatures. The novelty of implemented solution is based on extending the subject name in X.509 digital certificates and using this certificate for securing student grades, which is in full compliance with the Kosovo Law on Information Society. Public Key Infrastructure and X.509 digital certificates have been established as the most trustworthy methods for assuring data security criteria in modern software applications. Security policy enforces that digital certificate and its associated private key shall be stored in a smart card. Access to private key stored in a smart card is protected by Personal Identification Number, known only by smart card holder. This implementation was installed at the Faculty of Electrical and Computer Engineering and has successfully passed a six semester testing period and students were, for the first time in the history of the University of Prishtina, able to apply online to take an exam.

 

Keywords

Digital Signature, Privacy, Security, Smart Cards, X.509 Digital Certificates

Increasing User Privacy in Online Transactions with X.509 v3 Certificate Private Extensions and Smartcards

Conference paper
Blerim Rexha
7th International IEEE Conference on E-Commerce Technology 2005, Munich, Germany, July 2005
Publication year: 2005

Abstract

Security and privacy are central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Public Key Infrastructure and X.509 certificates have been established as the most trustworthy methods for assuring security in online transactions. In this work is a new approach proposed for increasing security by avoiding privacy violation using X.509 version 3 certificate private extensions and storing the certi cate and its corresponding private key in the smartcard. The private key never leaves the smartcard and it can be used for encryption/decryption only after successful personal identi cation number presentation.

 

Keywords

X.50g v3 identity and. attribute certificates, privacy, security encryption, digital signature, non-repudiation, online transaction, smartcards, SET.

 

 

 

Securing Web Services in a User-to-Application Model Based on Certificate Extensions and Smartcard Technology

PhD dissertation
Blerim Rexha
PhD thesis, Vienna University of Technology, Vienna, April 2004
Publication year: 2004

Abstract

Web Services represents a new way of invoking remote functions over standard Internet protocols. They are basic building blocks of the distributed computing over the Internet. Security and privacy are central issues for the acceptance of Web Services in particular and the growth of the Internet market in general. Public Key Infrastructure and X.509 Certificates have been established as the most trustworthy methods for assuring online security. In this thesis are compared the existing approaches for securing Web Services and proposed new approaches for increasing security by avoiding privacy violation using X.509 certificate private extensions and storing these certificates in smartcards. Adopting the Internet for every possible transaction has lead to a situation where a user has to enter extra information for completing his real profile. The aim of the thesis is to increase user privacy in online transactions. This is achieved through extending certificates with private extensions. Each extension holds encrypted data for user properties, such as: credit card number, insurance number, address, etc., and thus each online participant understands the general (public) data on the certificate and one relevant encrypted private extension.

Method for transmitting protected information to a plurality of recipients

Patent
Blerim Rexha, Albert Treytl
US Patent App. 10/567,972
Publication year: 2003

Description

The invention relates to first information which is determined for a first receiver. Said first information is transmitted together with secondary information, which is determined for a second receiver in a common information unit to the first receiver. The first information can be encrypted according to specifications of the first receiver. The secondary information, which can be made of several components, is encrypted according to the specifications of the second receiver, for example, with an open key, a so-called public key. Said public key encryption methods have various embodiments and security steps. Said methods ensure that the first receiver, upon receipt of the complete information, can not encrypt pieces of information therefor not intended therefor.

 

Patent applied in online transaction