We are working on a project its nature is somewhat ride sharing , I read about PCI Compliance i know we have to be PCI Compliance if we are dealing with credit card or payment i am a little ambiguous do we store our drivers bank info like Account number(encrypted) , Account title etc in database , i have read about
Who must be PCI compliant?
"If you accept credit cards from your customers, then you must be PCI compliant" reference
so if we store only bank account numbers not credit card
we must have to be PCI compliance.
You do not have to be PCI compliant as, you already have pointed out, that you do not handle credit card information. PCI DSS, which standards for Payment Card Industry Data Security Standard, only governs credit card data. ACH/Bank account information clearly does not fall under their purview.
However, there are rules around ACH/Bank account data governed by NACHA. You do fall under their scope and must obey their standards. So, essentially, there are a set of standards similar to PCI that must follow. So if you were hoping to avoid scrutiny and regulation you are out of luck.
You also may be governed by the laws of where your data is stored as well as where you operate. You would need to speak to a lawyer to get more information about that.
Related
I am building a commercial platform that uses voluntarily-supplied psychological data to help clients make commercial and operational decisions. Rather than pay for this data once, I would like to engage the people who supply their data in an ongoing way. In particular, I would like them to continue to benefit from the revenue their data generates.
However, while I am aware that web3 protocols allow this, I have no knowledge of the software stack I might need to do this. Well, I have a sense that the Ethereum ecosystem might allow this, but not precisely how. In no particular order, I have trouble with the following questions:
How do I associate participants with their data?
How do I log the usage of participants' data in a way that reflects
the extent to which it is used?
How do I remunerate participants when their data is used?
How do I maintain the integrity of the data ownership system?
I can imagine possible ways to do all these things, but would appreciate any insight from someone who has better familiarity with the technology. (For the record, I have substantial experience in python, data science, and NLP, so I'm not afraid of technical suggestions.)
How do I associate participants with their data?
You could create an NFT(ERC721) that describes the relationship to your business.
How do I log theusage of participants' data in a way that reflects the extent to which it is used?
You can use the token ID of the NFT as an ID for their data. and everytime their data is used you can call a function in your smart contract that adds the usage to a data structure associated with their token ID.
How do I remunerate participants when their data is used?
you can have a function in your smart contract to settle that refers the data structure you created early to see how much the data was used and the amount of ether can be sent to the address of the owner of token.
How do I maintain the integrity of the data ownership system?
Using the blockchain itself takes care of it if you wrote your smart contracts correctly.
This way gives the owner of the data an option to sell his token to someone so that the buyer can earn from owner's data and the owner of the data could demand whatever he thinks is the value of the token is.
On the below link, there is a paragraph that says:
http://www.coindesk.com/stellar-ripple-hyperledger-rivals-bitcoin-proof-work/
“Each node publishes a public key. Any message coming through the node is signed by the node to verify its format. Once enough responses that are identical are reached, then you can agree that is a valid transaction.”
My Understanding:
Once a transaction
Consensus is a mechanism by which the nodes in the blockchain decide that a transaction block can be appended to the blockchain. There are many consensus mechanisms - for example, Bitcoin uses a consensus mechanism called Proof of work, ethereum uses a consensus mechanism called Proof of stake. The consensus can be at a ledger level (all nodes have to agree) or transaction level (only the transacting nodes have to agree) In case of Hyperledger, consensus is at transaction level, meaning not all nodes need to engage in the consensus mechanism. Only the two transacting parties can engage and arrive at a consensus. Detailed technical explanation of PBFT (practical byzantine fault tolerance) based Hyperledger Fabric consensus is explained in this link:
http://hyperledger-fabric.readthedocs.io/en/release/txflow.html
A less technical explanation can be found here: this also talks about the different roles the nodes take in Hyperledger Fabric
https://medium.com/#philippsandner/comparison-of-ethereum-hyperledger-fabric-and-corda-21c1bb9442f6
Hyperledger is an umbralla project aims at creating a modulus approach for assembling the blockchain solutions. It has a layered architecture including a separate consensus layer. The goal is you should be able to switch in-and-out the consensus policy of your business need
This table from Hyperledger
Architecture, Volume 1
gives you examples of its consensus approaches in various child projects.
In this type of consensus:
A transaction is performed, i.e. someone buys something from someone
else.
The person who desires for this transaction to become a legitimate
block on the blockchain will send out a cryptographic hash.
The hash is a function which scrambles its inputs and creates an
output.
There is no easy way to solve for the original inputs so peers will
put random numbers into the function in an attempt to find the inputs that created the hash.
After enough of these peers have independently solved the problem
then the transaction is considered legitimate and the transaction
goes on the ledger.
In the bitcoin model, this means the bitcoins are immediately moved to the other party's account.
The number of peers needed to validate the transaction is often calculated by a Byzantine fault tolerance algorithm. You can read the full paper at the link below but it basically means that the system needs:
n = 2f + 1 peers to agree where n is the total number of peers
and f is the number of failing peers.
For example, if you have 4 peers then according to the algorithm three of them must agree before consensus can be achieved.
Here is the example with 4 peers:
n = 4
4 = 2f + 1
3 = 2f
1.5 = f
total failures can only be 1
n - 1 = 4 - 1 = 3 peers must agree
Included with the paper on the algorithm are another slideshow that may be helpful to understand it and a link to a video that should be helpful about the bitcoin model in general.
http://pmg.csail.mit.edu/papers/osdi99.pdf
http://www.cs.utah.edu/~stutsman/cs6963/public/pbft.pdf
https://www.youtube.com/watch?v=GMKgB3zZ1so
This question concerns the CoAP protocol and the CoRE link format as implemented in Contiki-OS.
Suppose a Contiki device sharing several resources which are:
Sensors
Temperature
Humidity
Motion
Battery voltage
Solar panel voltage
A client can access these resources with their respective URL like for example:
REQ: GET /sensors/humidity
Each of these resources is periodic (except Motion obviously) and observable, but the maximum number of allowed observers configured by default is limited to 3 actually.
We could increase this number to be equal to the number of observable resources and create an observer for each of these resource (I don't know what would be the consequences). We may furthermore create a global "Sensors" periodic resource and share all resource at once.
But is there a better way to do that? Is the standard providing a mechanism which allow us to combine several periodic resources in one observer?
Thanks.
Coap observe draft says:
If multiple subjects are of interest to an observer, the observer must register separately for all of them.
So, to reply to your question, no, there is no standard way, at most you could add another url that returns all the sensors if you prefer (but imho it's a very bad solution).
Instead I would just override the default maximum observers setting. In fact the observe draft doesn't say anything about a maximum number of observers, it's just up to you to set one to be sure that your device doesn't crash because of memory allocation.
What is the best way to generate a unique hardware ID on Microsoft Windows with C++ that is not easily spoofable (with for example changing the MAC Address)?
Windows stores a unique Guid per machine in the registry at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MachineGuid
This used to be the CPU serial number but today there are many types of motherboards and this factor is not accurate. MAC address can be easily forged. That leaves us with the internal hard drive serial number. See also: http://www.codeproject.com/Articles/319181/Haephrati-Searching-for-a-reliable-Hardware-ID
There are a variety of "tricks", but the only real "physical answer" is "no, there is no solution".
A "machine" is nothing more than a passive bus with some hardware around.
Although each piece of iron can provide a somehow usable identifier, every piece of iron can be replaced by a user for whatever bad or good reason you can never be fully aware of (so if you base your functionality on this, you create problems to your user, and hence -as a consequence- to yourself every time an hardware have to be replaced / reinitialized / reconfigured etc. etc.).
Now, if your problem is identify a machine in a context where many machines have to inter-operate together, this is a role well played by MAC or IP addresses or Hostnames. But be prepared to the idea that they are not necessarily constant on long time-period (so avoid to hard-code them - instead "discover then" upon any of your start-up)
If your problem is -instead- identify a software instance or a licence, you have probably better to concentrate on another kind of solution: you sell licences to "users" (it is the user that has the money, not his computer!), not to their "machines" (that users must be free to change whenever they need/like without your permission, since you din't licence the hardware or the OS...), hence your problem is not to identify a machine, but a USER (consider that a same machine can be a host for many user and that a same user can work on a variety of machines ..., you cannot assume/impose a 1:1 relation, without running into some kind of problems sooner or later, when this idiom ifs found to no more fit).
The idea should be to register the users in a somewhat reachable site, give them keys you generate, and check that a same user/key pair is not con-temporarily used more than an agreed number of times under a given time period. When violations exceed, or keys becomes old, just block and wait for the user to renew.
As you can see, the answer mostly depends on the reason behind your question, more than from the question itself.
There are various IDs assigned to hardware that can be read and combined to form a machine key. For example, you could get the ID of the hard drive where the software is stored, the proc ID, etc. Some of these can be set more easily than others, but part of the strength is in combining multiple pieces together that are not necessarily strong enough by themselves.
Here is a program (also available as DLL) that can read and show your computer/hardware ID: http://www.soft.tahionic.com/download-hdd_id/index.html
Use Win32 System HDS APIs.
Don't read the registry, it has no sense at all.
hi we try to implement a process like when a user does something, his company's credit will be deducted accordingly.
But there is a concurrency issue when multiple users in one company participant in the process because the credit got deducted wrong.
Can anyone point a right direction for such issue?
thanks very much.
This is a classic problem that is entirely independent of the implementation language(s).
You have a shared resource that is maintaining a persistent data store. (This is typically a database, likely an RDBMS).
You also have a (business) process that uses and/or modifies the information maintained in the shared data store.
When this process can be performed concurrently by multiple actors, the issue of informational integrity arises.
The most common way to address this is to serialize access to the shared resources, so that the operation against the shared resources occur in sequence.
This serialization can happen at the actor level, or, at the shared resource itself, and can take many forms, such as queuing actions, or using messaging, or using transactions at the shared resource. Its here that considerations such as system type, application, and the platforms and systems that are used become important and determine the design of the overall system.
Take a look at this wikipedia article on db transactions, and then google your way to more technical content on this topic. You may also wish to take a look at messaging systems, and if you are feeling adventurous, also read up on software transactional memory.