This document outlines various scenarios and considerations for the voluntary Midata programme in the UK. The programme involves suppliers making customers' transaction data available to them in computer-readable format. It discusses the roles of suppliers, customers, and potential midata stores and service providers in different release scenarios. It also covers the developing co-regulatory environment, common operational risks and controls, and challenges specific to midata, such as issues around data portability, personal information management, and establishing appropriate principles for the midata community.
My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html
My initial thoughts following discussion of the roles of participants, process flows, the developing co-regulatory environment, risks, controls and challenges. I have also included scenario diagrams covering the three types of scenarios involved. Comments welcome here: http://sdj-thefineprint.blogspot.co.uk/2012/12/midata-thoughts-no-1.html
SmartQuora - Learn to build a Smart Contract application on Hyperledger Block...Srini Karlekar
SmartQuora is an application that enables knowledge sharing among participants while incentivizing answers that are meaningful and well-explained. Inquirers pose questions with a reward for the best answers and a due-date by which they are looking for an answer. Responders compete with each other to provide the best answers. Participants can like or dislike answers. When the due-date arrives the answers are tallied and the reward is shared proportionately among the responders such that the best answers gets the most earnings. To avoid abuse of the platform, inquirers cannot answer their own questions and respondents cannot vote for their own answers.
Technically speaking, SmartQuora is a DApp (Decentralized Application) built on top of the HLF - Hyperledger Fabric Blockchain decentralized peer-to-peer network. It uses Smart Contracts built using HLF Composer API to represent Questions and Answers which contains rules to manage the process and payout.
SmartQuora uses a Javascript-based front-end web application to communicate withe the Blockchain platform on which the Smart Contracts reside using a RESTful interface. It uses Passport for authentication of participants using OAuth protocol and allows maintenance of their digital wallets through which the participants can manage their Digital Identities. These Digital Identities are generated and managed using the Hyperledger Fabric platform.
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
Abstract: Communication is the important part in any type of network for making it possible to transfer data
from one node to another. Communication needs quality and security for better performance and for acceptance
of users and client companies. Data integrity is quite an issue in security and to maintain that integrity we tend
to improve as to provide the better encryption processes for security. In our proposed work, an innovative and
practical authentication system using Diffie-Hellman and AMA (Anonymous Micro payments Authentication)
are designed for micropayments in mobile data network. Through AMA the customer and the merchant can
authenticate each other indirectly, at the same time the merchant doesn’t know the customer’s real identity. A
customer can get fast micropayments not only from his local domain but also from a remote domain without
increasing any burden on his mobile phone/smartcard. Diffie-Hellman Encryption Algorithm adds more security
to the proposed work.
Keywords: AMA, Authentication, Diffie-Helman, Provate key, Public key
Confused by some of the terms used on CoinDesk? Here you will find a complete bitcoin 101 that will help you to understand digital currency by explaining commonly used terms and their meanings.
Smart contracts are digital contracts that can be built on different platforms that run on the blockchain network. Ethereum smart contracts are one type that provides a secure and automated way for businesses to sign contracts. Looking for smart contracts development companies? Check out Blockchain App factory for high-end development services of smart contracts.
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
Digital watermarks are used to prevent the possession
and transmission of copyright intellectual property over the
internet. Digital watermarking system is playing an
irrevocable role in privacy-preserving, buyer-seller
communication and e-commerce of digital content. In the past,
many buyer-seller protocols have been proposed to address
the copyright issues. Most of these protocols are only
protecting digital copyright of the digital content. This paper
proposes a new efficient buyer seller watermarking protocol
for secure digital transaction and to identify the Perpetrator
who actually pirates the digital content. To implement this
system we use a multi layerTerminate and Stay Resident
(TSR) scripting programs before embedding the
watermarking.
Response to FCA crowdfunding consultation simon deane-johns - finalSimon Deane-Johns
My personal response to the UK Financial Conduct Authority's proposed rules to regulated peer-to-peer lending and crowd-investment platforms. Discussion welcome here: http://sdj-thefineprint.blogspot.co.uk/2013/12/response-to-fca-crowdfunding.html
Response to the European Commission's crowdfunding consultation, previously discussed here: http://sdj-thefineprint.blogspot.co.uk/2013/10/crowdfunding-brussels-sprouts.html
CBGTBT - Part 1 - Workshop introduction & primerBlockstrap.com
A Complete Beginners Guide to Blockchain Technology Part 1 of 6. Slides from the #StartingBlock2015 tour by @blockstrap
Part 1: http://www.slideshare.net/Blockstrap/cbgtbt-part-1-workshop-introduction-primer
Part 2: http://www.slideshare.net/Blockstrap/02-blockchains-101
Part 3: http://www.slideshare.net/Blockstrap/03-transactions-101
Part 4: http://www.slideshare.net/Blockstrap/cbgtbt-part-4-mining
Part 5: http://www.slideshare.net/Blockstrap/05-blockchains-102
Part 6: http://www.slideshare.net/Blockstrap/06-transactions-102
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
SmartQuora - Learn to build a Smart Contract application on Hyperledger Block...Srini Karlekar
SmartQuora is an application that enables knowledge sharing among participants while incentivizing answers that are meaningful and well-explained. Inquirers pose questions with a reward for the best answers and a due-date by which they are looking for an answer. Responders compete with each other to provide the best answers. Participants can like or dislike answers. When the due-date arrives the answers are tallied and the reward is shared proportionately among the responders such that the best answers gets the most earnings. To avoid abuse of the platform, inquirers cannot answer their own questions and respondents cannot vote for their own answers.
Technically speaking, SmartQuora is a DApp (Decentralized Application) built on top of the HLF - Hyperledger Fabric Blockchain decentralized peer-to-peer network. It uses Smart Contracts built using HLF Composer API to represent Questions and Answers which contains rules to manage the process and payout.
SmartQuora uses a Javascript-based front-end web application to communicate withe the Blockchain platform on which the Smart Contracts reside using a RESTful interface. It uses Passport for authentication of participants using OAuth protocol and allows maintenance of their digital wallets through which the participants can manage their Digital Identities. These Digital Identities are generated and managed using the Hyperledger Fabric platform.
Diffie-Hellman Algorithm and Anonymous Micropayments Authentication in Mobile...IOSR Journals
Abstract: Communication is the important part in any type of network for making it possible to transfer data
from one node to another. Communication needs quality and security for better performance and for acceptance
of users and client companies. Data integrity is quite an issue in security and to maintain that integrity we tend
to improve as to provide the better encryption processes for security. In our proposed work, an innovative and
practical authentication system using Diffie-Hellman and AMA (Anonymous Micro payments Authentication)
are designed for micropayments in mobile data network. Through AMA the customer and the merchant can
authenticate each other indirectly, at the same time the merchant doesn’t know the customer’s real identity. A
customer can get fast micropayments not only from his local domain but also from a remote domain without
increasing any burden on his mobile phone/smartcard. Diffie-Hellman Encryption Algorithm adds more security
to the proposed work.
Keywords: AMA, Authentication, Diffie-Helman, Provate key, Public key
Confused by some of the terms used on CoinDesk? Here you will find a complete bitcoin 101 that will help you to understand digital currency by explaining commonly used terms and their meanings.
Smart contracts are digital contracts that can be built on different platforms that run on the blockchain network. Ethereum smart contracts are one type that provides a secure and automated way for businesses to sign contracts. Looking for smart contracts development companies? Check out Blockchain App factory for high-end development services of smart contracts.
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
Digital watermarks are used to prevent the possession
and transmission of copyright intellectual property over the
internet. Digital watermarking system is playing an
irrevocable role in privacy-preserving, buyer-seller
communication and e-commerce of digital content. In the past,
many buyer-seller protocols have been proposed to address
the copyright issues. Most of these protocols are only
protecting digital copyright of the digital content. This paper
proposes a new efficient buyer seller watermarking protocol
for secure digital transaction and to identify the Perpetrator
who actually pirates the digital content. To implement this
system we use a multi layerTerminate and Stay Resident
(TSR) scripting programs before embedding the
watermarking.
Response to FCA crowdfunding consultation simon deane-johns - finalSimon Deane-Johns
My personal response to the UK Financial Conduct Authority's proposed rules to regulated peer-to-peer lending and crowd-investment platforms. Discussion welcome here: http://sdj-thefineprint.blogspot.co.uk/2013/12/response-to-fca-crowdfunding.html
Response to the European Commission's crowdfunding consultation, previously discussed here: http://sdj-thefineprint.blogspot.co.uk/2013/10/crowdfunding-brussels-sprouts.html
CBGTBT - Part 1 - Workshop introduction & primerBlockstrap.com
A Complete Beginners Guide to Blockchain Technology Part 1 of 6. Slides from the #StartingBlock2015 tour by @blockstrap
Part 1: http://www.slideshare.net/Blockstrap/cbgtbt-part-1-workshop-introduction-primer
Part 2: http://www.slideshare.net/Blockstrap/02-blockchains-101
Part 3: http://www.slideshare.net/Blockstrap/03-transactions-101
Part 4: http://www.slideshare.net/Blockstrap/cbgtbt-part-4-mining
Part 5: http://www.slideshare.net/Blockstrap/05-blockchains-102
Part 6: http://www.slideshare.net/Blockstrap/06-transactions-102
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
An Overview of the interface of MODRNA and GSMA Mobile ConnectBjorn Hjelm
An overview of the interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile Connect presented on June 22, 2017, Cloud Identity Summit 2017.
Digital fraud has become big business. They have teams of criminals looking for vulnerabilities in webstores. Those of us fighting fraud and trying to make the internet a safe place to do business need to stay a step ahead of the Dark Web.
In this presentation, Maggie Bodak, Senior Product Manager and Ian Poole, Director, Technical Product Management - both from CardinalCommerce, discuss how a greatly enhanced data exchange between the merchant and issuer is helping drive increased authorizations, ultimately changing the payments landscape through 3DS 2.0.
Learn more about CardinalCommerce: https://www.cardinalcommerce.com/
A Secure Account-Based Mobile Payment Protocol with Public Key CryptographyIDES Editor
The way people do the business and transactions
are changing drastically with the advent of Information
Technology. The customer wants to access information, goods
and services any time and in any place on his mobile device.
Receiving financial data, trade on stock exchanges, accessing
balances, paying bills and transfer funds using SMS are done
through mobile phones. Due to involvement of valuable
financial and personal information, the mobile phones are
vulnerable to numerous security threats. Most common activity
in M-Commerce is the payment to the merchant using a mobile
phone. In this paper we present a secure account–based
payment protocol which is suitable for M-commerce to transfer
the payment from wireless networks based on public key
cryptography. Based on author knowledge, this is a first kind
of protocol which applies public key cryptography to mobile
network and satisfies all the security requirements of the
properties provided by standard protocols for wired networks
such as SET and iKP.
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...amadhireddy
With the recent tightening of credit markets, companies are increasingly moving toward credit cards as the preferred receipt method. This helps companies transfer substantial part of credit risk to card issuer. However, processing of credit cards requires compliance with security standards, fraud prevention guidelines and often Purchase Card Industry Guidelines. This session will highlight the 10 things to know while implementing a credit card receipt model and how Oracle helps security and compliance. Learning Objectives: 1. Learn the credit card industry guidelines for security and compliance and industry operating model 2. Know how Oracle stores credit card data and the patches required for advanced security 3.Understand the zero-touch credit card processing features offered by Oracle Receivables and Payments 4.Case Study on how VeriSign Inc integrated its web stores with Oracle Payments and key lessons 5.Learn how Advanced Collections could be integrated with Payments for real-time credit card authorizations.
An overview of the interface of MODRNA (Mobile Profile of OpenID Connect) and GSMA Mobile Connect presentation as part of "International Identity Standards – Innovation in Government & Global Interoperability" on September 20, 2016, at Global Identity Summit 2016.
More details at https://events.afcea.org/GlobalID16/Public/Content.aspx?ID=61320&sortMenu=102002 and https://events.afcea.org//GlobalID16/CUSTOM/pdf/innov-in-federation.pdf.
There are so many initiatives designed to control the digital world that I'm struggling to keep track. There is also plenty of overlap and commonality in the issues and regulatory solutions, as well as the digital environments and problems the solutions seek to address. So I put together a few slides for ready comparison. Interesting to see what leaps out.
Embedding Encouragement of Innovation Across the FCASimon Deane-Johns
My remarks to the Finance Innovation Lab workshop on "How Policy & Regulation Can Encourage Finance Innovation With a Social Purpose" hosted by the FCA on 20 March 2017
Proposed amendments to the financial services bill sdj 21 06 12Simon Deane-Johns
A set of amendments I was asked to prepare for a cross-party group of Peers for their review of the Financial Services Bill. Explained further on The Fine Print: http://sdj-thefineprint.blogspot.co.uk/2012/06/innovation-meets-financial-services.html
Enabling The Growth of P2P Finance - Simon Deane-JohnsSimon Deane-Johns
Summarising recent a recent submission to the UK government consultation on non-bank finance for small businesses, and the government's response to that consultation. A summary of the ensuing discussion is here: http://sdj-thefineprint.blogspot.co.uk/2012/03/financial-innovation-federation.html
Business implications of evolutions in privacy law mes infos 23 04 12 - simo...Simon Deane-Johns
A presentation to the Ctrl-Shift conference for MesInfos, the French equivalent of the Midata initiative to encourage businesses to make available to customers their own personal transaction data. Explained further here: http://sdj-thefineprint.blogspot.co.uk/2012/04/business-implications-of-privacy-law.html
Alternative Finance Briefing Paper - Simon Deane-Johns 27 01 12Simon Deane-Johns
Submitted on 27 January 2012 to the UK Government's Red Tape Challenge on Disruptive Business Models (http://www.redtapechallenge.cabinetoffice.gov.uk/themehome/disruptive-business-model/) and the Taskforce on Non-bank Finance (http://www.bis.gov.uk/businessfinance). Related posts are here: http://sdj-thefineprint.blogspot.co.uk/2012/01/submission-on-new-model-for-retail.html
3. Overview
• The voluntary Midata programme involves a Supplier making
each Customer’s transaction data available to the Customer
in computer-readable format (“midata”).
• This suggests three types of scenario:
1. Release of midata by a Current Supplier to the Customer
2. Release of midata by a Current Supplier to the Customer’s duly
authorised data storage provider (Midata Store) or more active
data services provider (Midata Service Provider)
3. Release of midata by Current Supplier to Customer or MS/MSP,
who transfers it to a third party supplier (“3PS”)
4. Participants/Roles
• Supplier
– Supplier of goods or services whose systems generate midata (e.g. utility, bank,
telco)
– Includes Supplier’s own outsourced service provider(s)
• Customer
– person or micro-business who interacts with Supplier to produce midata
• Provider of data storage or extra data services, acting for the Customer:
– Midata Store (“MS”)
• Only receives, stores and/or transmits midata, or tracks where midata sits
• May receive midata from Customer or from Current Supplier (“Linked Midata Store”)
• can’t ‘see’ or otherwise process content
• ‘mere conduit’?
– Midata Service Provider (“MSP”)
• May also act as a Midata Store
• Adds value by analysing or otherwise processing data
• May alter content and/or produce a result on which Customer/3PS relies.
• Third Party Supplier (“3PS”)
– Receives ‘midata’ (or a small extract) only for the purpose of deciding to supply
goods or services to the Customer
5. Process Flows
Midata involves two separate process flows:
• Transaction flows
– Offer and acceptance => contract between each of Customer,
Current Supplier and MS/MSP
– Messaging, including identification of each party, data release
request, confirmation of receipt etc.
• Midata flows
– Actual transfers of midata
[Funds flows related to payments due between participants
are currently out of scope]
6. Developing Co-regulatory Environment
• Data Protection Act 1998 (“DPA”) etc supervised by Information
Commissioner’s Office (“ICO”) and related exemptions
• Guidance etc issued by ICO
• Sector-specific law/regulation
– Sections 9 DPA and 159 of Consumer Credit Act 1974, applicable to credit
reference agency data
– Electricity Act, Gas Act => Data and Communications Company
– [new Telecoms/banking/consumer credit regulation]
• Industry Codes
– Principles of Reciprocity (Credit Reference Agency data)
– Smart Energy Code
– [Other sector codes]
– Security standards, Privacy by Design etc.
– [Midata Principlesstandard permissions, rules on liablility etc?]
• Contracts
– Consents etc given under Contracts
– [standard Midata permissions or Midata sharing agreements?]
7. Midata Scenario 1
1. ID authentication (“auth”)
2. Midata request
Current
Customer
Supplier
3. Midata transfer
Supply contract
8. Midata Scenario 2a
MS/MSP
4. ID auth. 6. Midata
5. Midata Request transfer
1. ID auth 2. Midata request
Current
Customer
Supplier
3. Midata transfer
Supply contract PIM Service contract
9. Midata Scenario 2b
MS/MSP
3. ID auth.
4. Midata request
Supplier Customer
1. ID auth
2. Midata Request
Supply contract PIM Service contract
10. Midata Scenario 2b
Co-regulatory
MS/MSP
relationship?
3. ID auth.
4. Midata request
Current
Customer
Supplier
1. ID auth
2. Midata Request
Supply contract PIM Service contract
11. Midata Scenario 3a
8. Data transfer
3PS 7. ID auth MS/MSP
Transaction flow
3. ID auth; 4. Request
Current
Customer
Supplier
Transaction flow
1. ID auth; 2. Request
Supply contract PIM Service contract 3PS Service contract
12. Midata Scenario 3a
8. Data transfer
3PS 7. ID auth MS/MSP
Transaction flow
3. ID auth; 4. Request
Current
Customer
Supplier
Transaction flow
1. ID auth; 2. Request
Co-regulatory
Supply contract PIM Service contract 3PS Service contract
relationships?
13. Midata Scenario 3b
8. Data transfer
3PS 7. ID auth MS/MSP
4. ID auth. 6. Midata
5. Midata Request transfer
1. ID auth 2. Midata request
Current
Customer
Supplier
3. Midata transfer
Supply contract PIM Service contract 3PS Service contract
14. Midata Scenario 3b
8. Data transfer
3PS 7. ID auth MS/MSP
4. ID auth. 6. Midata
5. Midata Request transfer
1. ID auth 2. Midata request
Current
Customer
Supplier
3. Midata transfer
Co-regulatory
Supply contract PIM Service contract 3PS Service contract
relationships?
15. Midata Scenario 3c
3PS
6. Midata
transfer
4. ID auth.
5. Midata Request
1. ID auth
Current 2. 2. Midata request Customer
Supplier
3. Midata transfer
Supply contract PIM Service contract 3PS Service contract
16. Common Operational Risks
• Failure to identify one or more parties
• Fraudulent impersonation of one or more parties
• ‘Wrongful’ refusal to release midata
• Interception of messaging and/or midata in transit
• Wrong midata released
• Midata is inaccurate, late and/or unreliable
• Midata is false, altered or corrupted
• Midata misuse:
– loss
– destruction
– storage longer than agreed/necessary
– wrongful disclosure
– use for an illicit purpose (including breach of IPRs)
17. Common Operational Controls/Challenges
• Identity authentication/assurance for all parties
• Release of correct midata
• Secure transmission, processing, storage of midata
• Preserving secrecy/confidentiality of midata content
• Maintaining authenticity and integrity of midata
• Ensuring accuracy, timeliness and reliability of midata
• Guarding against various types of midata misuse
• Vesting and protection of intellectual property rights in midata
and/or midata databases
18. Midata-specific Challenges
• Midata portability?
• Extent of ‘agency’ involved in personal information
management by PIM
• Midata ‘community’ issues:
– Principles of reciprocity?
– Appropriate grounds for refusal to release?
– Mirror CRA and/or DCC environment?
– Apportionment of liability for various heads of loss or damage?
– Complaints handling?
– Enforcement?
– Mapping midata to legal rights/obligations to customer permissions
=> a ‘personal data mark-up language’ (WEF “Rethinking Personal
Data”)
19. Comments
Comments welcome via the related post at
The Fine Print:
http://sdj-thefineprint.blogspot.co.uk/2013/01/midata-thoughts-no-2.html