Authentication and authorization in PeerHood System

The goal of this work is to design and implement authentication and authorization section to PeerHood system. PeerHood system is developedin Lappeenranta University of Technology. It provides functions of discovering devices compatible with PeerHood and listing services offered by those devices; based on wireless technologies: Wi-Fi, Bluetooth and GPRS. The thesis describes implementation of the security approach intomobile Ad-Hoc environment and includes both authentication and authorization processes.

Wireless Authentication and Authorization, case Wireless Access Control System

Lyhyen kantaman radiotekniikoiden hyödyntäminen mahdollistaa uudenlaisten paikallisten palveluiden käytön ja vanhojen palveluiden kehittämisen. Kulunvalvonta on päivittäisenä palveluna valittu työn esimerkkisovellukseksi. Useita tunnistus- ja valtuutustapoja tutkitaan, ja julkisen avaimen infrastruktuuri on esitellään tarkemmin. Langattomat tekniikat Bluetooth, Zigbee, RFID ja IrDA esitellän yleisellä tasolla langattomat tekniikat –luvussa. Bluetooth-tekniikan rakennetta, mukaan lukien sen tietoturva-arkkitehtuuria, tutkitaan tarkemmin. Bluetooth-tekniikkaa käytetään työssä suunnitellun langattoman kulunvalvontajärjestelmän tietojen siirtoon. Kannettava päätelaite toimii käyttäjän henkilökohtaisena luotettuna laitteena, jota voi käyttää avaimena. Käyttäjän tunnistaminen ja valtuuttaminen perustuu julkisen avaimen infrastruktuuriin. Ylläpidon allekirjoittamat varmenteet sisältävät käyttäjän julkisen avaimen lisäksi tietoa hänestä ja hänen oikeuksistaan. Käyttäjän tunnistaminen kulunvalvontapisteissä tehdään julkisen ja salaisen avaimen käyttöön perustuvalla haaste-vastaus-menetelmällä. Lyhyesti, järjestelmässä käytetään Bluetooth-päätelaitteita langattomina avaimina.

Authentication and authorization service for a community network

Wireless community networks became popular in uniting people with common interests. This thesis presents authentication and authorization service for a wireless community network using captive portal approach including ability to authenticate clients from associated networks thereby combining multiple communities in a syndicate. The system is designed and implemented to be reliable, scalable and flexible. Moreover, the result includes software management system, which automatically performs software updates at network’s access points. Future development of the system can be concentrated on an improvement of the software management system.

Improving purchasing process for small purchases at a manufacturing company in chemical industry

This thesis was conducted on assignment by a multinational chemical corporation as a case study. The purpose of this study is to find ways to improve the purchasing process for small purchases at the case company. The improvements looked after are mainly cost and time savings. Purchasing process is the process that starts from the requisition of goods or services and ends when the invoice is paid. In this thesis the purchases with value less than 1000€ are considered to be small. The theoretical framework of the thesis consists of general theoretical view of costs and performance of the purchasing process, different types of purchasing processes and a model for improving purchasing processes. The categorization to small and large purchases is the most important followed by the division between direct and indirect purchases. Also models that provide more strategic perspective for categorization were found to be useful. Auditing and managerial control are important parts of the purchasing process. When considering the transaction costs of purchasing from the costs–benefits perspective large and small purchases should not have the same processes. Purchasing cards, e-procurement and vendor managed inventory are seen as an alternative to the traditional purchasing process. The empirical data collection was done by interviewing the company employees that take part of the purchasing process in their daily work. The interviews had open-ended questions and the answers were coded and analyzed. The results consist of process description and assessment as well as suggestions for potential improvements. At the case company the basic purchasing process was similar to the traditional purchasing process that is entirely done with computers and online. For some categories there was already more sophisticated e-procurement solutions in use. To improve the current e-procurement based solutions elimination of authorization workflow and better information exchange can be seen as potential improvements for most of the case purchases. Purchasing cards and a lightweight form of vendor managed inventory can be seen as potential improvements for some categories. Implementing the changes incurs at least some cost and the benefits might be hard to measure. This thesis has revealed that the small purchases have potential for significant cost and time savings at the case company.