Search results

The purpose of this paper is to present a smartphone-based physical access control system in which the access points are not directly connected to a central authorization server, but rather use the connectivity of the mobile phone to authorize a user access request online by a central access server. The access points ask the mobile phone whether a particular user has access or not. The mobile phone then relays such a request to the access server or presents an offline ticket. One of the basic requirements of our solution is the independence from third parties like mobile network operators, trusted service managers and handset manufacturers.

The authentication of the smartphone is based on public key cryptography. This requires that the private key is stored in a secure element or in a trusted execution environment to prevent identity theft. However, due to the intended independence from third parties, subscriber identity module (SIM)-based secure elements and embedded secure elements (i.e. separate hardware chips on the handset) were not an option and only one of the remaining secure element architectures could be used: host card emulation (HCE) or a microSD-based secure element.

This paper describes the implementation of such a physical access control system and discusses its security properties. In particular, it is shown that the HCE approach cannot solve the relay attack under conservative security assumptions and an implementation based on a microSD secure element is presented and discussed. Moreover, the paper also describes an offline solution which can be used if the smartphone is not connected to the access server. In this case, an access token is sent to the access point in response to an access request. These tokens are renewed regularly and automatically whenever the smartphone is connected.

In this paper, a physical access control system is presented which operates as fast as existing card-based solutions. By using a microSD-based secure element (SE), the authors were able to prevent the software relay attack. This solution is not restricted to microSD-based SEs, it could also be implemented with SIM-based or embedded secure elements (with the consequence that the solution depends on third parties).

Cross‐connected engines are fitted with a non‐return valve 12 in the pipe 11 between the pump chamber of one two‐diameter cylinder and the working chamber of an adjoining cylinder. Each pump‐piston is phased 90 deg. in advance of its associated power piston. The valves 12 are controlled by springs enclosed in a sealed chamber, are placed at the power‐cylinder end of the conduits, and closed by the power‐piston at the top of the stroke. They are inclined so as to divert the incoming charge towards the cylinder head, the wall of the inlet port adjacent to the half‐circumference of the valve head which is distant from the cylinder head being a close fit to said half‐circumference.

In propulsion apparatus having a combustion chamber with an open‐discharge nozzle at its outer end, in combination, a substantially spherical chamber wall for said combustion chamber and having an axial feed opening at its inner end, an inner casing enclosing an inner jacket space about said spherical wall, an outer casing enclosing an outer jacket space about said inner casing, and means to supply a liquid oxidizer under pressure to said outer jacket space, said inner jacket casing having spaced openings through which portions of said liquid arc sprayed against the combustion chamber wall, said inner jacket space communicating with an inner opening at its inner end, which opening is formed between adjacent portions of said combustion chamber wall and said inner casing, and through which annular opening partially vaporized oxidizer is fed from said inner jacket space to said combustion chamber, and means to supply liquid fuel to said combustion chamber in a direction opposed to the path of travel of the oxidizer.

The evidence base for what works with forensic patients in high-security inpatient settings has typically focused on outcome research and not included clinical expertise from practice-based experience, which is an important facet of evidence-based practice. The purpose of this paper is to establish whether experts with clinical and/or research experience in this setting could reach consensus on elements of high-security hospital services that would be essential to the rehabilitation of forensic patients.

A three-round Delphi survey was conducted to achieve this aim. Experts were invited to rate agreement with elements of practice and interventions derived from existing research evidence and patient perspectives on what worked. Experts were also invited to propose elements of hospital treatment based on their individual knowledge and experience.

In the first round 54 experts reached consensus on 27 (out of 39) elements that included physical (e.g. use of CCTV), procedural (e.g. managing restricted items) and relational practices (e.g. promoting therapeutic alliances), and to a lesser extent-specific medical, psychological and social interventions. In total, 16 additional elements were also proposed by experts. In round 2 experts (n=45) were unable to reach a consensus on how essential each of the described practices were. In round 3 (n=35), where group consensus feedback from round 2 was provided, consensus was still not reached.

Patient case complexity, interventions with overlapping outcomes and a chequered evidence base history for this population are offered as explanations for this finding alongside limitations with the Delphi method.

Based on the consensus for essential elements derived from research evidence and patient experience, high-secure hospital services might consider those practices and interventions that experts agreed were therapeutic options for reducing risk of offending, improving interpersonal skills and therapeutic interactions with patients, and mental health restoration.

The study triangulates what works research evidence from this type of forensic setting and is the first to use a Delphi survey in an attempt to collate this information.

The purpose of this paper is to address the design, implementation, performance and limitations of an environment that emulates a secure element for rapid prototyping and debugging. Today, it is difficult for developers to get access to a near field communication (NFC)-secure element in current smartphones. Moreover, the security constraints of smartcards make in-circuit emulation and debugging of applications impractical. Therefore, an environment that emulates a secure element brings significant advantages for developers.

The authors' approach to such an environment is the emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android Dalvik VM), as this would facilitate the use of existing debugging tools. As the operation principle of the Java Card VM is based on persistent memory technology, the VM and applications running on top of it have a significantly different life cycle compared to other Java VMs. The authors evaluate these differences and their impact on Java VM-based Java Card emulation. They compare possible strategies to overcome the problems caused by these differences, propose a possible solution and create a prototypical implementation to verify the practical feasibility of such an emulation environment.

While the authors found that the Java Card inbuilt persistent memory management is not available on other Java VMs, they present a strategy to model this persistence mechanism on other VMs to build a complete Java Card run-time environment on top of a non-Java Card VM. Their analysis of the performance degradation in a prototypical implementation caused by additional effort put into maintaining persistent application state revealed that the implementation of such an emulation environment is practically feasible.

This paper addresses the problem of emulating a complete Java Card run-time environment on top of non-Java Card virtual machines which could open and significantly ease the development of NFC secure element applications.

The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever.

A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications.

To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time.

By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Skin‐stressed aircraft bodies, hulls, or floats comprise a shell composed of a number of channel section strips assembled in sets with the channel flanges projecting inwardly, each set constituting a section of the skin and connected to the adjacent set by securing together outwardly directed flanges formed on or fixed to the marginal strips of the sets. A monocoque fuselage 1, Fig. 1, of substantially oval section tapering in width to the rear end 5 and provided with an engine supporting frame at the forward end, is divided at 10 into two parts, of which the forward is built up in two sections 22, 23 joined in a horizontal plane 24 and the after part is built up from sections 2, 3, Fig. 3, joined in the plane of symmetry. The latter sections each comprise a half‐bulkhead 2a, 3a respectively to which channel strips 6 are secured by engagement of side flanges 6a in peripheral slots 7 and by welding. The abutting flanges 6a of the several strips are additionally interconnected by riveting along their length. The half‐bulkheads together with their attached channel strips are interconnected by engagement of a rod 9 in tubular lugs 8 formed alternately on the edges of the parts 2a, 3a, and also by riveting or bolting together the marginal pairs of channel strips. These may be formed with up‐turned abutting flanges 11 which are faired by a split tube 13 slidden or otherwise engaged therewith. Adjacent fuselage parts may be interconnected by riveting or otherwise securing juxtaposed bulk‐heads. The channel strips 6 are shaped to correspond with the longitudinal changes in section of the fuselage and may be reduced in gauge toward the tail or be of varying gauge to suit localized stresses. In a modification in which annular frames 16 of channel or box‐section are substituted for bulk‐heads, Fig. 10, the flanges 6a of channels 6 are inwardly bent at 6b to rest on the frames and attachment is by angle members 17, of which one limb is secured to flanges 6a and one to a side wall of frame 16. Fig. 11 shows modified channel member, the flanges of which form on assembly a series of longitudinal stiffeners, 6c. Attachment to frame 16 is by bent‐up fittings 22 secured to the flanges by bolts 24 which connect them together.

In this paper, a hybrid stress 12‐node brick element is presented. Its assumed stress field is derived by first examining the deformation modes of a geometrically regular element and then generalizing to other element configurations using tensorial transformation. The total number of stress modes is 30 which is minimal for securing the element rank. To reduce the computational cost associated with the fully populated flexibility matrix, the admissible matrix formation is employed to induce high sparsity in the matrix. Popular beam bending benchmark problems are examined. The proposed elements deliver encouraging accuracy.

The purpose of this paper is to outline the challenges to achieving positive outcomes for young people within the secure estate in England, and introduces a psychologically informed framework, SECURE STAIRS (SS), aimed at improving outcomes.

The paper argues that there is a need for a fundamental shift in the way care and intervention for young people within the secure estate is delivered. It gives an overview of current challenges and needs and summarises the theoretical concepts and evidence base which can guide practice and form the foundations of the SS framework.

The framework recommends that intervention shift from focussing primarily on individual assessment and treatment to a greater emphasis on supporting the work of the wider system of care. Recommendations include promoting trauma-informed care, a focus on the system dynamics within institutions and how these impact on the care young people receive, and on the collaborative development with residential staff and young people of formulation-led care plans that include a focus on issues of sustainability after leaving the secure estate.

These include the establishment of discrete residential groupings with truly integrated and trauma-informed work across residential, mental health, education and criminal justice agencies. This involves addressing governance issues around shared record keeping, and challenges to sustainability and the accompanying need for local implementation plans for each establishment alongside central support at a strategic level.

This paper describes a new and innovative way of working within secure settings to ensure children and young people’s needs are better met.

Mobile financial services (MFS) applications require a hardware secure storage, secure element (SE) for crucial payment and authentication credentials, comparable to the EMV chip cards recently introduced in the payment card world. However, the diffusion of MFS is currently obstructed due to debate within the industry over which SE technology is to be adopted. The purpose of this paper is to demonstrate how industry participants can position themselves in the value chain and select the ideal SE option, thereby accelerating the acceptance of MFS.

This paper is based on previous research done in this field by Mobey Forum and other mobile payments bodies.

The study shows that MFS value chain positioning has a direct effect on which SE alternative is most suitable to the company. Identifying the most suitable SE technology in turn allows companies to seek out the most interesting business partners, and thereby results in a quick and widespread diffusion of MFS.

This study has implications for the adoption of MFS technology and the development of the mobile payments marketplace. It is especially relevant to management working towards creating a working MFS ecosystem.