2013
Autores
Augusto, AB; Correia, ME;
Publicação
INNOVATIONS IN XML APPLICATIONS AND METADATA MANAGEMENT: ADVANCING TECHNOLOGIES
Abstract
In this chapter, the authors propose and describe an identity management framework that allows users to asynchronously control and effectively share sensitive dynamic data, thus guaranteeing security and privacy in a simple and transparent way. Their approach is realised by a fully secure mobile identity digital wallet, running on mobile devices (Android devices), where users can exercise discretionary control over the access to sensitive dynamic attributes, disclosing their value only to pre-authenticated and authorised users for determined periods of time. For that, the authors rely on an adaptation of the OAuth protocol to authorise and secure the disclosure of personal-private user data by the usage of token exchange and new XML Schemas to establish secure authorisation and disclosure of a set of supported dynamic data types that are being maintained by the personal mobile digital wallet. The communication infrastructure is fully implemented over the XMPP instant messaging protocol and is completely compatible with the public XMPP large messaging infrastructures already deployed on the Internet for real time XML document interchange. Copyright (C) 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
2013
Autores
Augusto, AB; Correia, ME;
Publicação
Architectures and Protocols for Secure Information Technology Infrastructures
Abstract
The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.
2013
Autores
Rodrigues, HAM; Antunes, L; Correia, ME;
Publicação
INTERNATIONAL CONFERENCE ON INFORMATION SOCIETY (I-SOCIETY 2013)
Abstract
Since 2011, it's mandatory to prescribe through an electronic system in Portugal. Several third party companies start to develop prescribing software/interfaces that act as gateways to transmit the prescription data from the practitioners to the Health Ministry. The use of those companies in this circuit weakens the Prescription System's security levels and compromises the confidentiality and privacy of doctors and patients' personal data. Aim: The main aim is to propose a secure and safer Prescribing System that allows prescriptions' authentication and protects the patient data, keeping their identity confidential. Results: By protecting several system flaws, this proposed increases greatly the Prescription System security levels, protects patient data, and avoid its collection from Third Party Companies. Also the physical model of the electronic Prescription appears to have all the security and applicability requirements needed to function during a communication network dysfunction.
2013
Autores
Santos Pereira, C; Augusto, AB; Cruz Correia, R; Correia, ME;
Publicação
Proceedings - IEEE Symposium on Computer-Based Medical Systems
Abstract
In medical organizations, healthcare providers need to have fast access to patients' medical information in order to make accurate diagnoses as well as to provide appropriate treatments. Efficient healthcare is thus highly dependent on doctors being provided with access to patients' medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not inter-operate in a timely manner. Unfortunately the standard operational mode for many healthcare applications, and even healthcare institutions, is to be managed and operated as isolated islands that do not share information in an efficient manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. In this paper we propose a RBAC mobile agent access control model supported by a specially managed public key infrastructure for mobile agent's strong authentication and access control. Our aim is to create the right means for doctors to be provided with timely accurate information, which would be otherwise inaccessible, by the means of strongly authenticated mobile agents capable of securely bridging otherwise isolated institutional eHealth domains and legacy applications. © 2013 IEEE.
2013
Autores
Rodrigues, H; Antunes, LFC; Santos, C; Correia, ME; Pinho, TM; Magalhaes, HG;
Publicação
Proceedings - IEEE Symposium on Computer-Based Medical Systems
Abstract
New governmental legislation introduced e-prescription as mandatory in the Portuguese health system. This changes consequences were not properly considered, which caused security problems related to patient and prescriber's data, such as digital identity fraud or access to prescriptions history to build clinical profiles. In order to evaluate the e-prescribing software users awareness to those risks, a survey took place, and the results revealed ignorance of certain obligations and procedures of the e-prescribing process. A significant part of doctors are not conscious about where the patient's data is stored neither about the risks related with prescription's information. © 2013 IEEE.
2013
Autores
A. Maia, L; M. Valente, L; E. Correia, M; M. Ribeiro, L; Antunes, L;
Publicação
EUNIS 2013 Congress Proceedings: 2013: ICT Role for Next Generation Universities
Abstract
It is widely recognized that information systems constitute a key tool for the overall performance improvement of administrative tasks in academic institutions. However at their genesis lies a latent promise of a paper-less environment that stays most of the time unfulfilled due to the lack of appropriate digital document integrity and accountability mechanisms. Academic institutions are thus most of the time still relying on traditional security trust methods based on paper documents for signing and archiving critical documents. While this method delivers an inefficient, inconvenient and costly workflow, it is still a common method to provide some sort of workable verifiable integrity and accountability that is still considered to be appropriate for the digital data that is being managed by the institutional information systems. Paper based documents have been relying on physical signatures and stamping policies and the physical properties of paper and ink for their integrity and authenticity for a long time. However, the evaluation of a paper document signature or stamp is not a straight forward process. It requires the recipient to have a notarized copy of the signer's signature or stamp for comparison and requires handwritten signature evaluation training that is often beyond the scope of many office employee training. This can lead to situations where the level of credibility and integrity of paper based document is not adequate and makes the verification process entirely dependent on the administrative staff capacity of recognizing hand written signatures and puts too much trust on physical stamps, some of which are non-locally issued and thus very difficult to authenticate. In critical contexts this clearly is not enough to provide appropriate levels of non-repudiation and integrity for critical documents issued by institutions.
Digitally signed structured XML documents provide an interesting solution to this problem. Not only can the validation of the document be fully automatized and its integrity verifiable in real time by the information system, but it can also be implemented in such way that the information contained in such structured documents can be safely and more easily integrated into different information systems without human intervention, thus allowing for substantial cost reduction and leading to faster process work-flows with increased security and data quality.
In this paper we propose a PDF based document framework where any signed XML (PDF) document, produced by the institution can be at a later stage directly dematerialized and integrated into any compliant information system in a secure way while maintaining the information integrity and the ability to be self-verifiable. This framework involves the embedding of an encapsulated XAdES signed XML document with the information used on its production as an attachment to a PDF document with an institutional rendering visualization of the signed XML data. The attached XML document and the PDF are both time stamped by an external entity and signed by employees and the issuing institution.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.