IBM Video Central for e-Business: Web Services Privacy, Security, and Accuracy

Abdul Al-Azzawe, Senior Software Engineer, IBM Silicon Valley Lab

Abdul H. Al-Azzawe is a senior software engineer at the IBM Silicon Valley Lab in San Jose. An IBM veteran, he joined the company in 1990. Abdul is the lead architect for the SQL debugger and the application development tools for DB2 on Windows. Prior to his current assignment, he was a member of the core DB2 engine development team at the IBM Toronto Lab.

Summary: IBM Video Central for e-business is an end-to-end sample solution offering a set of business-to-business (B2B) Web services to access a DB2 central repository of data specifically designed for the video rental industry. As with any e-business venture, data privacy, security, and accuracy are paramount to the success of the solution. This article describes an implementation framework on top of the base Video Central solution that is required to address these concerns.This article is part of the series that describes various aspects of IBM Video Central for e-business. This article focuses on data privacy, security, and accuracy.This article is part of the series that describes various aspects of IBM Video Central for e-business.

Tag this!

Date: 19 Nov 2001
Level: Introductory
Activity: 909 views
Comments:

Overview of IBM Video Central for e-business

IBM Video Central for e-business (hereon referred to as simply Video Central) is a set of Web services that provides access to a central repository database spanning multiple businesses. The purpose of this repository is to track, among other things, customer credentials, customer rented and wished titles list, customer titles ratings and reviews, title information, and customer and business registration information.

The Video Central Web services provide rental businesses with the ability to:

Set maximum rental limit for customers based on their rental credentials
Reward frequent customers having good credentials
Avoid duplicate rentals to customers using prior rental history checks
Make customers wished titles list readily available at all businesses
Empower businesses to recommend in stock wished titles
Provide customers with rental title recommendations through business intelligence queries based on customer rental history, wished titles list, prior rating of rentals, and actual titles' information
Provide businesses with recommended title purchase quantity through business intelligence queries based on localized businesses' customer preferences and actual title information
Provide automatic new rental titles information update into local business database by avoiding manual and repetitive entry of newly purchased titles through automatic extraction of this data from the central database
Make cross store title rating and reviews readily available to customers
Provide businesses with automatic notification of customer profile updates.

Requirements

Access to potentially sensitive data through Web services must meet stringent data security, privacy, and accuracy requirements.

Disclaimer: IBM Video Central for e-business Tutorial

The IBM Video Central tutorial is a complete working application, including a step-by-step guide, to demonstrate DB2 as a Web service provider, and WebSphere® as a Web application server. This tutorial includes complete documentation required to successfully deploy five Web services to a WebSphere application server. A client application is also provided to demonstrate these Web services in action. The DB2 XML Extender's dynamic XML mapping capabilities are demonstrated in this tutorial.

At the time of this article, only phase one of Video Central has been implemented. The implementation provide basic Web services, namely, customer credential tracking and the wished and rented titles list. The services implemented support very basic security, namely, sending the business user name and password in the clear as part of the service request.

The tutorial can be found at the following URL:

http://www.ibm.com/developerworks/data/library/samples/videocentral/videocentral.html

Data security

Video Central provides a set of Web services to access a central repository database. Although the network architecture of Video Central allows for a firewall to be installed and configured so as to limit access through a well defined set of Web services, there still exists a need to secure access to this data, as the internet is an open medium where data may be captured and viewed by anyone.

In order to understand the implication of providing a secure framework for data access, we must first understand what the security issues are, namely Internet security breaches and preventive measures.

Internet security breaches

There are two common types of Internet security breaches, sniffing and spoofing. Sniffing is the act of intercepting and inspecting data packets and Spoofing is the act of identity impersonation. For Video Central, sniffing translates to viewing the Web service request and reply data, and spoofing translates to issuing Web service requests using the sniffed identifier of a registered Web service consumer.

Internet security measures

Secure access to data on the Internet implies that Web services carrying sensitive data must exhibit the following secure features:

Encryption to protect against data sniffing, and
Identity validation to protect against spoofing.

Data encryption
For Web services implemented using Java" HTTP servlets over HTTP, data encryption may be achieved by exchanging data packets over Secure Sockets Layer (SSL). For Web services implemented using Simple Object Access Protocol (SOAP), data encryption may also be achieved through the use of SSL, as SOAP payloads are also sent over HTTP.

Identity validation
Identity validation may be implemented using a number of ways including the use of digital certificates technology, such as personal and server certificates from such companies as Verisign.

An alternate, far simpler solution would be for Video Central to use public and private key mechanism.

When a business application registers for Video Central Web services, a Public Business ID, and a Private Security Key is generated and returned as part of an encrypted response from the registration Web service.
For encrypted Web services, the Public Business ID and the Private Security Key are sent as part of the request. Video Central would validate the private key before processing the request.
For non-encrypted Web services, a public key must first be generated and then sent in the clear as part of the request in conjunction with the Public Business ID and the request sequence number. Video Central would validate the public key before processing the request.

Figure 1. Business registration Web service

Web services that use private keys are completely secure as no amount of sniffing could identify these keys due to data encryption.

Web services that use the public keys are at risk of spoofing since the public keys are sent in the clear without encryption and may be sniffed by others. In order to protect against this type of attack, the public key must be generated prior to every request and must only be valid for that request.

This can be accomplished by using an algorithm where the public key is generated using an encryption algorithm that takes in as input the private key and the Web service request sequence number, using the following method:

int GetPublicKey ( int PrivateKey, int SequenceNo )

This method basically generates a public key given a private key and a sequence number. Video Central would use the same mechanism to generate a public key. If the generated key matches the request public key, then the point of origin has been validated and the request is processed. Note that the sequence number is an incrementing number and cannot be re-used more than once in a log-in session.

Selective security measures

Selective security measures must be implemented since data encryption and public/private key identification are expensive operations and not all data exchanged require the same level of security protection. For example, sending a customer wished titles list updates is not as critical as securing the customer identification record which includes customer private data.

Selective security entails implementing the following three security levels:

Low level-security for querying non-sensitive data,
Medium-level security for updating non-sensitive data, and
High-level security for querying and updating sensitive data.

Low-level security
This level of security is required when querying non-sensitive data including movie title information, rating, and reviews, as well as customer's wished titles list, customer's rented titles list, and customer's recommended titles list. The only security validation required for these types of Web services is the public business registration identifier, which entitles a business access to these Web services.

Figure 2. Low-level security Web service

Medium-level security
This level of security is required for updating non-sensitive data including entries in the customer's wished and rented titles lists, as well as customer's title rating and reviews. The security validation required for these types of Web services is the public business registration identifier with the added measure of identity validation using the public key security protection outlined earlier.

Using data encryption for these types of services is possible; however, the added performance cost is not justified since the data being updated is not sensitive in nature.

Figure 3. Medium-level security Web service

High-level security
This level of security is required when exchanging sensitive data. This would include such things as updating business identification record, updating customer identification record, and querying or updating customer infraction records. The security validation required for these types of services is the public business registration identifier, identity validation using the private security key, as well as encrypting the data transmitted.

Figure 4. High-level security Web service

Data security summary

To summaries, a security mechanism must be put in place in order to ensure that sensitive data is safeguarded against data sniffing and identity spoofing. Encryption is expensive and should only be used where data sniffing pose a security risk. Public and private key validation would alleviate the problem of identity spoofing, and should also be used where spoofing poses a security risk.

Selective security measures must be put in place to safe guard against sniffing and spoofing only when required to avoid the performance penalty incurred by implementing these two security measures.

Data privacy

Video Central gathers data about both the rental businesses and the rental business customers; hence data privacy in this context implies that:

The data gathered about a customer of the rental businesses by these businesses is ultimately owned by the customer, and that the customer has granted these businesses limited access for the purpose of providing value add services.
The data gathered about a rental business is ultimately owned by the rental business, and that the business has granted Video Central limited access for the purpose of enabling the business to provide value add services to both it and its customers.

In order to address the privacy requirement, we must first analyze the type of customer data being gathered. Video Central data repository tracks the following customer data:

Customer identification record
Customer credential records (infractions history)
Customer rented and wished titles list records

Customer identification record

The customer identification record (CIR) is used to uniquely identify a customer and assign the customer a global unique identifier. This global unique identifier (GUID) is later used to access other customer information including, among other things, customer credentials, customer's title rental history, and customer's wished list.

When a registered business acquires a new customer, the business issues a Web service request to Video Central to register the new customer. The registration service would either create a new customer having a new GUID, or it would return an exiting GUID if a matching customer record is found in the central repository database.

The CIR must contain enough information to uniquely identify a customer. The type of information contained includes the customer home address, phone numbers, e-mail address, and customer identification numbers such as social security number (SSN), driver license number (DLN), etc. In most instances, the CIR will only contain a subset of this information, as customers may not wish to divulge such private information as their SSN or DLN. Regardless of this fact, the information contained in the CIR is customer private information and must be protected.

Protecting the customer identification record
In order to protect the CIR data, Video Central must unequivocally state that these records are:

Never divulged to any business through a Web service, and
Only used for the purpose of assigning a GUID to a new customer or looking up the GUID for an existing customer.

Customer credential records

The customer credential records (CCR) are used to evaluate customers and determine the type and level of services a rental business should make available to these customers. This type of data does not fall under the data privacy section; rather, it falls under the data accuracy section.

Customer wished and rented titles list records

The customer wished and rented titles list records are used to track titles a customer may be interested in renting and titles a customer has rented in the past respectively. The purpose of this data is to provide value add services to rental business customers by making this information available everywhere. These value add services include:

Notifying businesses of possible duplicate rentals,
Recommending in-stock titles based on entries in the wished list, and
Recommending titles based on business intelligence using data mining queries that inspects customer's wished and rented list, customer's title ratings, customer profile, and the repository of other customers and titles in the database.

Protecting the wished and rented titles list records
In order to protect the data pertaining to the wished and rented titles list records, Video Central must abide by these requirements:

Customers must explicitly agree to share this data in order to reap the benefits of the value add services. This agreement must be provided indirectly through the rental businesses themselves,
No customer sensitive profile data is shared with the registered businesses, rather only the wished and the rented titles list data entries,
No business sensitive data is shared, including the identity of the business where the customer rented or wished the title. Thus no quantitative or qualitative information about one rental business is passed to another rental business. The rental business information is censored, and only the customer information is exchanged, namely (rental history, wish-list, and credentials). No business' customer list or daily rental quantity is exchanged with another business,
Exchange of this data may at anytime be terminated at the explicit request of a customer,
Customer data may only be provided to businesses that have registered the customer.

Data privacy summary

To summarize, customers and the businesses -- the e-business consumers -- ultimately own the data and not Video Central, the e-business provider. In order to guarantee privacy, customers must be given the choice to whether or not to share this data, no business sensitive data must be exchanged between businesses, and the data must not be sold or divulged to others without the explicit permission of the data owners.

Data accuracy

The accuracy of the data contained in the central repository database must be guaranteed in order to preserve the value of the Web services offered by Video Central. Although all customer data must be accurate, some data elements require a greater degree of accuracy than others.

It should be obvious that an incorrect entry in the wished titles list or the rented titles list is not as critical as an incorrect customer credentials data entry, since the latter could limit the type of services a rental business may make available to its customers.

Accuracy of customer credentials data

The customer credentials Web services offered by Video Central is similar to the credit history and rating services provided by the likes of Equifax. Basically, it tracks any infractions made by a customer, including late rental returns, damaged media, or lost or stolen media titles. Rental businesses can query these credentials report and then impose limitations on the services they offer to the customer, such as how many rental titles and limit rental of other items, such as expensive video equipments without proper deposits.

Because the data contained in the customer credentials database severely impacts the quality and quantity of services offered by businesses to their customers, then customers should be given the ability to request credential reports directly from Video Central and to challenge the source and validity of these reports.

Ensuring data accuracy of customer credentials data
In order to ensure data accuracy of customer credential data, Video Central must be further enhanced to provide the following:

A Web-based interface that allows customers to request credentials reports and challenge the source and validity of report entries,
A set of Web notification services that informs businesses of challenged credential report entries,
A set of Web services that allows businesses to withdraw, modify, or re-assert customer credential entries that have been challenged, and
Ensure that credential report entries have an expiry date ranging from one to three years.

Data accuracy summary

To summaries, when gathering customer data that impacts the type of services that can be offered to a customer, e-business solution providers must empower these customers with the ability to review this data and challenge the accuracy and source of this data.

Conclusion

There are tremendous benefits that can be gleaned from providing customers with personalized services that are specifically tailored to the customer based on his or her profile and historical data.

Because customers ultimately deal with more than one business, some customer data must be shared across these businesses to facilitate a more accurate and complete set of personalized services.

Customer data sharing must abide by a stringent set of rules in order to ensure security, privacy, and accuracy, as the customers themselves ultimately own their data and have simply granted businesses limited access to it.

IBM Video Central for e-business provides a central repository and a set of Web services that enables the rental industry, be they online or brick and mortar, to share non-sensitive customer data in order to provide personalized and customized video rental services.

This document outlines a framework that should be implemented on top of the base Video Central solution to help achieve the criteria set for data security, privacy, and accuracy. This framework may be extended for all Web services that exchange any customer sensitive data.

DB2,IBM, and WebSphere are trademarks or registered trademarks of the IBM Corporation in the United States and/or other countries.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Other company, product, and service names may be trademarks or service marks of others.

IBM copyright and trademark information

About the author

Comments

Trademarks | My developerWorks terms and conditions

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Close [x]

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/

SITE_ID=1

Zone=Information Management

ArticleID=13627

ArticleTitle=IBM Video Central for e-Business: Web Services Privacy, Security, and Accuracy

publish-date=11192001

author1-email=dmdd@us.ibm.com

author1-email-cc=

Overview of IBM Video Central for e-business
Disclaimer: IBM Video Central for e-business Tutorial
Data security
Internet security breaches
Internet security measures
Selective security measures
Data security summary
Data privacy
Customer identification record
Customer credential records
Customer wished and rented titles list records
Data privacy summary
Data accuracy
Accuracy of customer credentials data
Data accuracy summary
Conclusion
About the author
Comments

Next steps from IBM

WebSphere Portal can help your small and midsize business achieve better website security, along with faster time to value with easily deployable and customizable example Web sites.