Abstract
In this chapter, the authors propose and describe an identity management framework that allows users to asynchronously control and effectively share sensitive dynamic data, thus guaranteeing security and privacy in a simple and transparent way. Their approach is realised by a fully secure mobile identity digital wallet, running on mobile devices (Android devices), where users can exercise discretionary control over the access to sensitive dynamic attributes, disclosing their value only to pre-authenticated and authorised users for determined periods of time. For that, the authors rely on an adaptation of the OAuth protocol to authorise and secure the disclosure of personal-private user data by the usage of token exchange and new XML Schemas to establish secure authorisation and disclosure of a set of supported dynamic data types that are being maintained by the personal mobile digital wallet. The communication infrastructure is fully implemented over the XMPP instant messaging protocol and is completely compatible with the public XMPP large messaging infrastructures already deployed on the Internet for real time XML document interchange. Copyright (C) 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.

Abstract
The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.

Abstract
Since 2011, it's mandatory to prescribe through an electronic system in Portugal. Several third party companies start to develop prescribing software/interfaces that act as gateways to transmit the prescription data from the practitioners to the Health Ministry. The use of those companies in this circuit weakens the Prescription System's security levels and compromises the confidentiality and privacy of doctors and patients' personal data. Aim: The main aim is to propose a secure and safer Prescribing System that allows prescriptions' authentication and protects the patient data, keeping their identity confidential. Results: By protecting several system flaws, this proposed increases greatly the Prescription System security levels, protects patient data, and avoid its collection from Third Party Companies. Also the physical model of the electronic Prescription appears to have all the security and applicability requirements needed to function during a communication network dysfunction.

Abstract
In medical organizations, healthcare providers need to have fast access to patients' medical information in order to make accurate diagnoses as well as to provide appropriate treatments. Efficient healthcare is thus highly dependent on doctors being provided with access to patients' medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not inter-operate in a timely manner. Unfortunately the standard operational mode for many healthcare applications, and even healthcare institutions, is to be managed and operated as isolated islands that do not share information in an efficient manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. In this paper we propose a RBAC mobile agent access control model supported by a specially managed public key infrastructure for mobile agent's strong authentication and access control. Our aim is to create the right means for doctors to be provided with timely accurate information, which would be otherwise inaccessible, by the means of strongly authenticated mobile agents capable of securely bridging otherwise isolated institutional eHealth domains and legacy applications. © 2013 IEEE.

Abstract
New governmental legislation introduced e-prescription as mandatory in the Portuguese health system. This changes consequences were not properly considered, which caused security problems related to patient and prescriber's data, such as digital identity fraud or access to prescriptions history to build clinical profiles. In order to evaluate the e-prescribing software users awareness to those risks, a survey took place, and the results revealed ignorance of certain obligations and procedures of the e-prescribing process. A significant part of doctors are not conscious about where the patient's data is stored neither about the risks related with prescription's information. © 2013 IEEE.

Abstract