Need help with assignments?

Our qualified writers can create original, plagiarism-free papers in any format you choose (APA, MLA, Harvard, Chicago, etc.)

Order from us for quality, customized work in due time of your choice.

Click Here To Order Now

Abstract

The present article sets out to employ the ever-evolving knowledge of design science in information science research to conceptualize the problem of incorrect academic certifications doing rounds in places of employment or in academic institutions, which primarily originates from illegal activities such as forgery or identity theft. To prevent these instances, we propose an electronic web-based Certification Verification Program.

Using the Stakeholders perspectives to understand the problem and implement an effective and efficient web-based artifact aimed at dealing with this menace, the article discusses the various phases and processes entailed in enlisting the stakeholders concerns, proposing a solution to the problem, prototyping, and building and evaluating the artifact against specific benchmarks, such as utility and efficiency of the proposed artifact in real-world settings.

Through the incorporation of various security levels, authentications, and user and content access control mechanisms in each of the components that function to serve the different stakeholders, in our case  the sender, receiver, and controller, this article sufficiently demonstrates how the Certifications Verification Program could be beneficial to all stakeholders, particularly with regard to ensuring transparency and accountability in policies and privacy practices, ensuring the quality of data, enhancing data collection limitation, guaranteeing purpose specification, and safeguarding the consent of users.

Introduction

Although the boundaries and contours of design sciences continue to experience numerous definitions and refinements as we progress deeper into the 21^st century, and in spite of the fact that the sciences of design are seen as a comparatively new entrant to the prism of methodologies, paradigms, and perspectives that have been dominated by ongoing debates formerly only positioned as positivist versus interpretive and quantitative versus qualitative (Purao et al, 2008), academics and practitioners are in agreement about the fundamental importance and value of the subfield to the information systems discipline (March & Storey 2008). Although this shift became visible in the information systems (IS) discipline only since the mid-1990s, according to these authors, design science has in the past received widespread attention and indeed practiced as an important mode of research in other specialized disciplines, including architecture, building economics and engineering. The seminal works of Hevner et al (2004) highlighted design science research as a clear alternative to the IS discipline, leading to the progression of two paradigms that characterized research in the IS discipline, namely behavioral research and design science.

The present article seeks to utilize the knowledge that has so far been gathered in design science to design, implement and evaluate a proposed information technology artifact, known as the Certifications Verification System, which could be used not only to prevent some illegal activities associated with paper-based certificates but also facilitate the storage, management, and retrieval of academic certifications papers for students. Available literature demonstrates that such an artifact, if well designed and implemented, could have the capacity to improve the efficiency and performance of business/learning institutions (March & Storey 2008), but also maximize their value and competitiveness (Germonprez et al 2011).

To understand the dynamics of the proposed IT artifact, it is important to provide an overview of design science research, as follows.

An Overview of Design Science Research

Hevner et al (2004) acknowledge that the design-science paradigm in IS discipline &seeks to extend the boundaries of human and organizational capabilities by creating new and innovative artifacts (p. 75). The paradigm is placed at the confluence of people, organizations, and technology (Hevner et al 2004), and is endowed with the functionality of developing, implementing, using, and managing information systems within organizational contexts with the view to change existing situations into preferred ones. Design science researchers operating within organizational contexts can therefore utilize information technology (IT), among other resources, to design and outline work systems and processes through which critical organizational objectives are achieved.

Simon cited in March & Storey (2008) noted that design science research is grounded in two important phases, namely (1) the definition of the problem space, and (2) optimization techniques to search it. According to these authors, the problem space denotes the desired end situation, the present organizational situation, and the variations between the desired end situation and the present situation. The optimization techniques, on their part, denote actions that may be taken by design and management professionals to eradicate acknowledged variations between the desired end state and the present state.

Hence, it is important to note that &the representation of design problems and the generation and evaluation of design solutions are the major tasks in design science research (March & Storey 2008, p. 726). As noted by these authors, the challenges for design science research in the IS field to develop and evaluate IT artifacts that facilitate management and IT, staff, too, among other things, (1) describe desired organizational information processing capabilities and their relationship with present and desired organizational situations, and (2) develop actions that enable them to implement information processing capabilities that move the organization towards desired situations (p. 726). It is the major purpose of this paper to develop and evaluate an IT artifact known as the Certifications Verification System, based on the central tenets of design science research in the IS discipline.

The Certifications Verification System

The emergence of information technology (IT) and related applications continue to create novel challenges for the education system, not only in terms of building IT-oriented infrastructure to transfer content and learning materials in between the students and the instructors but also in ensuring the students are graded efficiently and results disseminated to the students in a secure cost-effective way. Today, more than ever before, IT professionals and experts in the education sector are working with increasingly complex problems to come up with technology solutions that not only assist in moving information around from one region or place to another, but also facilitate connections between groups of students, learning institutions, and external learning resources (Rye 2009).

Most of these technologies, as typically suggested in Shields (2011), have been focused on the provision of on-line course materials, grading and distance education; however, this article seeks to design, develop and evaluate a unique IT-enabled artifact that can account for students academic progress and provide certifications to students who have successfully attained the set educational goals. The need to design and develop the Certifications Verification System arises from the corresponding demands to (1) safeguard educational quality though the processing and dispensing of authenticated certificates to students and employers, (2) expand access to the certificates for students, (3) increase economic competitiveness for institutions which adopt the proposed system, and (4) facilitate inclusion and equitable distribution of the certificates in a rapidly expanding global information system.

Every certification program, whether paper-based or automated, has its own vulnerabilities which include identity theft and forgeries (Gorard 2010). Considering that certificates are the physical evidence of our academic achievements needed to support further studies and gain formal employment, ensuring that the programs design is flawless is of utmost importance to learning institutions. The proposed IT-oriented artifact must therefore not only expose and address challenges related to such system vulnerabilities but must also address privacy and confidentiality issues if the system is to achieve the desired end state and sufficiently meet its demands as outlined above.

Representation of Design Problems

First, it is imperative to note that the representation of design problems for the proposed Certifications Verification Program will be conceptualized around three stakeholders, namely: (1) the receiver  potential new employer or educational facility, (2) the controller  a graduated person who is going to control the access permissions and authorizations, and (3) the sender  an academic institution that processes the certification. Each of these stakeholders has some demands and concerns (design problems), conceptualized, and illustrated as follows.

The receiver

This stakeholder demands the right certification and the right person, primarily driven by real or perceived concerns about the circulation of fake certifications and identity fraud. It has been reported in the literature that these illegal activities emerge due to paper-based certificates (Murthy 2011), not mentioning that some online sites engaged in providing fake certificates to potential customers (Shields 2011).

This article will focus on two such illegal activities, namely:

Forgery

Forgery is defined in State v. Lutes,38 Wn.2d 475, 479, 230 P.2d 786 (1951), as & the false making of an instrument, which purports on the face of it to be good and valid for the purposes for which it was created, with a design to defraud any person or persons&.( State v. Goranson 1965). Unfortunately, the convergence of the technology revolution witnessed in the 21^st century has made the creation of fake paper-based documents a reality. In recent years, there are a number of sites available on the Internet which issue fake degree certificates. It is a growing trade worldwide in counterfeit university degree certificates and academic transcripts, which in turn creates potential damage to the universities and employment systems. In May 2004, an audit showed that around 463 employees in the federal government in the US had fake academic degrees (Murthy, 2011).

Identity Fraud

Identity fraud occurs when an individual &with malicious intent consciously creates the semblance of an identity that does not belong to him, using the identity of someone else or of a non-existing person (Koops and Leenes 2006). In the scope and context of this article, identity fraud involves a person who, with prior knowledge, wrongfully and deceitfully obtains and uses personal or academic data of another person and passes them as own, characteristically for economic or academic gains. In recent years, the internet has become a fertile ground for criminals to acquire data of other people without their consent and passing them as their own to achieve selfish interests (US Department of Justice n.d.).

Identity fraud can best be described by the works of sociologist and criminologist Cressey (1973) cited in Malgwi & Rakovski (2009), who developed the Fraud Triangle Theory to argue that fraud is likely to occur due to one or more of the three elements in the fraud triangle: perceived pressure, perceived opportunities, and rationalization. Figure 1 illustrates the elements of the Fraud Triangle Theory.

As described by Malgwi & Rakovski (2009), the pressure is what causes a person to commit fraud, and can be ignited by a multiplicity of variables, including medical bills, expensive tastes, and addiction problems, among others. Most of the time, pressure arises from a significant financial need/problem. Opportunity is the ability to commit fraud. Because fraudsters dont wish to be caught, they must also believe that their activities will not be detected. Opportunity is created by weak internal controls, poor management oversight, and/or through the use of ones position and authority. Failure to establish adequate procedures to detect fraudulent activity also increases the opportunity for fraud to occur. Rationalization is a crucial component in most frauds and involves a person reconciling his/her behavior (stealing) with the commonly accepted norms of decency and trust (Malgwi & Rakovski 2009).

The Controller

The controller, who in this context happens to be the graduate, must have the necessary control and access permissions and authorizations to ensure that his data are only accessed by the authorized person. Consequently, it is in order to conceptualize privacy concerns and access control needs in the proposed IT-oriented artifact.

Privacy concerns

Privacy is a serious issue in any electronic transaction. Culnan (2000) defines privacy as &the ability of an individual to control the terms under which their personal information is acquired and used. An individuals privacy, as such, is always in an inherent state of tension, since it must be defined in conjunction with the capabilities of others to transact business and even to control their own privacy.

Privacy has four basic categories: information privacy, bodily privacy, communications privacy, and territorial privacy. Internet privacy is mostly information privacy, which means the ability of the individual to control information about ones self. Invasions of privacy occur when individuals cannot maintain a substantial degree of control over their personal information and its use (Davies 1996).

In the last two decades, record access has received much attention from legislators and regulators. On the other hand, privacy protection laws have affected the accessibility and therefore the appraisal of records containing personally identifiable information. The privacy statutes have attempted to protect individual privacy by legislating what information may be collected, the circumstances under which it may be retained, and to whom the data may be released; and by prescribing remedies for violations and sanctions against violators (Barritt 1986).

According to above, the concept of (PII) had been defined as any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individuals identity, such as name, social security number, date and place of birth, mothers maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information (Gallagher 2010).

Access Control Needs

Access control approaches combine cryptographic protection and authorization access control to enforce access control via selective encryption, which implies the receiver can access and decrypt only the data they are authorized to access. Most of these approaches contain a structure called the user tree hierarchy, which represents the relationship between receiver and information items (Hue et al 2011). The challenge here is to satisfy the controllers needs, depending on his rights, by giving him full control of access to his information, with a multi-level of permission such as the permission to view, download or print.

The Sender

The sender, who in this context comprises the academic institution charged with the responsibility of processing certifications, must put security concerns at the center of the whole exercise for the model to succeed. Security is defined as &the protection of data against accidental or intentional disclosure to unauthorized persons, or unauthorized modifications or destruction (Yazdanifard et al 2011). The sender concerns could be within some security attributes level or computer infections, conceptualized as follows.

Security Concerns

Security is the combination of processes, procedures, and systems used to ensure confidentiality, authentication, and integrity of data (Akhlaq et al 2006). The senders concerns are to make sure of the security of the information sent via the infrastructure by employing four security attributes, namely: confidentiality, authentication, integrity, and non-repudiation. In confidentiality, the sender must have the capacity to keep the information sent unreadable to unauthorized users, while in authentication, the sender must demonstrate the capacity to decipher the identity of the receiver to avoid identity fraud, which leads to loss of critical data to unauthorized users. The integrity component denotes the senders capacity to ensure that the information sent is not illegally altered or destroyed during transmission. Finally, non-repudiation entails putting in place mechanisms that will ensure the infrastructure will acknowledge that it indeed sent information or data to the receiver (Akhlaq et al 2006).

Infections and Intrusions

Computer infections, such as viruses and worms, spread over networks of contacts between computers, with different types of networks being exploited by different types of infections. The structure of contact networks affects the rate and extent of spreading computer infections (Balthrop et al 2004). The sender must bear concerns of being affected by any of these viruses and worms through his connection to other networks. Additionally, the sender must bear concerns for intrusion threat, which is defined as the potential possibility of a deliberate unauthorized attempt to access information, manipulate information, or render a system unreliable or unusable (Kumar 1995). The figure next page represents an illustration of the conceptualization of the problem from stakeholders perspectives.

Designing the Components of the Solution

In order to synthesize the solution, it is imperative to understand the critical components of the solution, described as follows.

The Internet and the Web

In common usage, the words Internet and Web are often used interchangeably. Although they are strongly related, there are some differences between them. The term Internet, in particular, is the more general term and implicitly includes physical aspects of the underlying networks as well as mechanisms such as email and peer-to-peer activities that are not directly associated with the Web. The term Web, on the other hand, is associated with the information stored and available on the Internet. It is also used to indicate other complex networks of information, such as webs of scientific citations, social relations, or even protein interactions (Baldi et al 2003). The Web has ushered an era of anytime, anywhere, any place communication. Widely accepted standards such as HTML use the Web to fully function (Aalst& Kumar 2003). Consequently, it is ideal to use the internet in designing the solution, particularly in availing a link between the different stakeholders, due to its availability, ease of accessibility, and low cost.

XML Exchange Language

The proposed solution is based on web service technology, which relies on XML for communicating the service request and response messages. XML is a data exchange technology, which has not only rapidly evolved into an international standard but has also permeated every sector of business  from aviation and accounting to weather and workflow. In technical terms, XML is a subset of SGML (Standard Generalized Markup Language), modified and optimized for delivery over the Web (Aalst & Kumar 2003).

By using structured data formats like XML the developers have the benefit to get great flexibility on the application because it has the capability to define the contents of documents through a set of elements or tags (Aalst& Kumar 2003). Additionally, XML provides a structured representation of data that can be implemented broadly and is easy to deploy. Evidence from the literature demonstrates that XML provides a data standard which can encode the content, semantics, and schemata for a wide variety of cases ranging from simple to complex, implying that it can be used to mark up a purchase order, an invoice, payment advice, a doctors prescription and information about people and organizations, among other functionalities (Aalst & Kumar 2003).

Overall, XML ensures that structured data will be uniform and understandable across a variety of applications, vendors, and customers. The resulting interoperability has provided the impetus for a new generation of business and electronic commerce Web applications to grow (Aalst& Kumar 2003). Consequently, with XML language, which gives us the ability to connect different applications with different data types, the solution will rely on its capacity to transfer massages among the different stakeholders.

Access Control

Identity Based Access Control (IBAC)

Under this model, permissions to access a resource are directly associated with a subjects identifier (e.g., a user name). Access to the resource is only granted when such an association exists. An example of IBAC is the use of Access Control Lists (ACL), commonly found in operating systems and network security services. An ACL contains a list of users and their access rights such as read, write, or execute (Yuan & Tong 2005).

Role-Based Access Control (RBAC)

The RBAC model restricts access to a resource based on the business function or role the subject is performing. The permissions to access a resource are then assigned to the appropriate role or roles, rather than directly assigned to subject identifiers (Yuan & Tong 2005).

Lattice-Based Access Control (LBAC)

The LBAC model is manageable when there are a relatively small number of static security labels and categories (as the total combinations of labels and categories are potentially n*m), and therefore is only effective for certain coarsely-grained security scenarios and lacks flexibility and scalability (Yuan & Tong 2005).

In our solution, we think the most appropriate model to use is the Role Based Access Control (RBAC). With this access control model, the controller will be allowed to give permission to the appropriate role or roles to access the information.

Antivirus

An antivirus can be described as a protective software primarily designed to protect computers and networks from malicious software, which include: viruses, Trojans, Keyloggers, hijackers, dialers, and other codes that vandalizes or steals the computer contents. Anyone who accesses other networks on a regular basis using the internet should develop and implement an antivirus strategy (Patil et al 2010).

Antivirus products are categorized into three major divisions: Internet Security [IS], Total Security [TS], and Antivirus [AV]. Antivirus products are primarily focused on detecting and remedying viruses and Spyware, while Internet Security products provide all the virus and Spyware removal features of an AV, as well as additional functions to provide greater internet protection. These features may include protection against phishing, rootkit detection, firewalls, and scanning of web pages and HTTP data. Total Security products provide data migration and backup features on top of all security features common to IS products (Patil et al 2010).

The most recent updated antivirus programs, that going to be used in the solution, will guarantee secure transaction of data among stakeholders.

Characteristics of the Solution

As noted by Hevner et al (2004), the solution to the problem will be characterized &with respect to the artifacts use (intention to use), perceived usefulness, and impact on individuals and organizations (net benefits) depending on the system, service, and information quality (p. 77). Based on the above, it is in order to develop constructs and models that provide a unique problem-solving approach for developing an IT-oriented artifact that could allow all stakeholders to share information. A design framework for the Certifications Verification System would therefore entail the following key characteristics:

Components

Components entail &technological subunits that can be combined to form higher-level technologies (Adomavicius et al 2008, p. 786). Here, we conceptualize the use of XML queries by the sender (institutions holding critical certifications information) using either synchronous or asynchronous techniques. The XML query will contain metadata fields for use by the controller, but will also be constructed in such a manner that it will allow for specific control attributes to be used.

Products

Products entail &technologies that interact with the user in a given usage context (Adomavicius et al 2008, p. 786). Here, we conceptualize the use of full access control by the controller, which inarguably allows them to provide access to the receiver (potential employers or institutions of learning).

Infrastructure

Infrastructure entails &technologies that support and extend the use of product technologies (Adomavicius et al 2008, p. 786). Here, we conceptualize the use of a website on the internet which provides the controller with a basic account. The controller can log into the website with the correct authorizations and access their certifications for downloading, printing, or sending to the receiver (potential employers or institutions of learning). The figure next page illustrates the proposed solution to this problem.

The Prototype

According to Ambler (2012), &prototyping is an iterative analysis technique in which users are actively involved in the mocking-up of the UI [User Interface] for a system. This author further notes that prototypes serve several functions, which include (1) analysis artifact  enables IT, professionals, to explore the problem space with other stakeholders, (2) requirements artifact  enables the initial envisioning of the system, and (3) design artifact  enables IT, experts, to explore the solution space of the proposed system. The proposed prototype is design-oriented, implying that it will enable the developers to explore the solution space for the proposed IT artifact. This further implies that the proposed prototype will not only have the capacity to determine the artifacts desired functionality and its architecture but will be instrumental in creating the actual artifact (Peffers et al 2008).

The prototype for the proposed solution will have three components, namely (1) the controller component, (2) the receiver component, and (3) the sender component. Each of these components is discussed in detail below.

The Controller Component

The Controller Registration Process

In order to use the artifact, the controller will have to register in order to get the subject identifiers (username and password). The registration process is made up of simple steps as elaborated in the figure next page, which illustrates the controllers registration model. Considering that the artifact is web-based, the controller has to register through the proposed website.

This diagram represents the interface of the controllers registration form. The form is designed to collect important information about the controller such as names, school ID, email address, and date of birth among others. This information is saved in the sender database and has to be matched by inputted data whenever someone wants to log in as a controller. This ensures that only the selected controller accesses the account, thereby guaranteeing accountability if the account is misused.

The second step is to verify the provided information with the sender database. If the provided data does not match with the sender data the registration process will terminate. If not the system will send an e-mail to the controller, including their user name and password.

The purpose of using this method in the registration process is to implement the easiest way for the controller to create his account, rather than make them contact the university to apply for the account. We are assuming that only the controller knows this information, so, no one else can provide it but them. Moreover, we are assuming that the controllers e-mail will be in the sender database, so no one will receive the user name and password except the real graduated person from the university.

The figure next page shows the interface of the controller registration form, and also demonstrates the key pieces of recommended information to create the controller account.

The Controller Sign-in Process

After the controller receives the registration e-mail which consists of their user name, password, and the link of the sign-in page, they can now enter the artifact web service, as shown in Figure 6

The Controller Interface Design

After the controller sign in successfully to the web artifact, he will be directed to the controller interface, which contains the elements that make him with full control generated from the web links to the receiver. These elements are outlined in the following table.

Table 1: Elements in the Controller Interface Design.