Tuesday, June 26, 2012

UMA at Oracle Community for Security

Last week I had the opportunity to spread the word about User-Managed Access (UMA) at the Oracle Community for Security in Italy.
Oracle Community for Security is an Italian community of qualified Oracle's partners. They have the goal to provide technical and business awareness to the enterprise and for the market. Last years they contributed on interesting studies (Italian) about the "Return on Security Investiments", "Healthcare Record Management", and "Privacy on Cloud and Mobile".
Since in the community there is a convergence of interests on Privacy and Persona Data Protection, I've explained UMA's concepts and benefits in this field, starting from the today's challenges: 
  • Privacy in the Social Networks, 
  • The emerging of the personal cloud, Personal data store (PDS),
  • The Participatory Personal Data.
All these phenomenas along with the mobile and pervasive computing are the main drivers of personal data collection, processing and data sharing, with a sensible impact for the privacy of the individuals.
This brief presentation (see slideshow below) describes these scenarios, and how UMA helps user to manage their personal data and sharing decisions.

Take Control of your Personal Data

Thursday, June 7, 2012

Securing Internet Payment Systems

Recently, the European Central Bank (ECB) released a report with a set of recommendations to improve the security of internet payments. The recommendations include:
  • General control and security environment.
  • Specific control and security measures for Internet Payments.
  • Customer awareness, education and communication.
The security measures for the Internet Payments include:
  • Customer identification
  • Strong Customer authentication 
  • Enrollment for and provision of strong authentication 
  • Log-in attempts, session time-out, validity of authentication
  • Transaction monitoring and authorization
  • Protection of sensitive payment data
The following presentation that I've presented at the Security Summit 2012 (Rome), shows the Oracle approach for Securing Internet payment systems according to ECB recommendations. In particular, it shows an intelligent model to prevent online fraud, based on Oracle Adaptive Access Manager (OAAM), a context-aware risk analysis system. Furthermore, it includes a brief introduction to the Managed-Fraud Reduction (MFR) solution based on Oracle and British Telecom experience.