OFELIA – A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management

Augusto, Alexandre B.; Correia, Manuel E.

doi:10.1007/978-3-642-30436-1_6

Cited by 8 publications

(14 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this integrated view, a patient can select a part of his/her EHR and view in more detail who is accessing it and for what purpose. An example of such a tool was proposed in [20] and its security and privacy requirements have already been studied on previous research [21] [22]. Even less seems to exist about transparency and privacy in EHR.…”

Section: Transparency Enhancing Toolsmentioning

confidence: 99%

“…In access control, obligations can be performed on a GRANT or DENY of an access request, for example, when a BTG is requested, an obligation can be triggered to send an email to the responsible authority to check whether that BTG access was valid or not; AUTH: European Directives [1] state that there needs to be a description of how personal data must be collected and processed. Regarding access control, this data can refer to patient's identification and authentication information (e.g., including patient's credentials for authentication and authorisation); SECAUTH: Secure authentication mechanisms with unique identification cards and one time passwords as well as secure authentication and authorization features are proposed in [21];…”

Section: Access Controlmentioning

confidence: 99%

See 1 more Smart Citation

Can Transparency Enhancing Tools Support Patient’s Accessing Electronic Health Records?

Ferreira

Lenzini

2015

New Contributions in Information Systems and Technologies

View full text Add to dashboard Cite

Abstract. Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient healthcare management, and is also in agreement with European directives on data protection. However, accessing medical data can be risky. Security should be assured and it should be evident to the patients, who has access to what data and any violation to patient's privacy requirements should be reported. We call this property transparency. Precisely this work looks into the Transparency Enhancing Tools that have been proposed to increase people's awareness about security and privacy on the Internet, and discusses to which extent these tools can empower transparency in healthcare.

show abstract

Section: Transparency Enhancing Toolsmentioning

confidence: 99%

Section: Access Controlmentioning

confidence: 99%

Can Transparency Enhancing Tools Support Patient’s Accessing Electronic Health Records?

Ferreira

Lenzini

2015

New Contributions in Information Systems and Technologies

View full text Add to dashboard Cite

show abstract

“…Architecturally, PACVIM integrates with OFELIA (Open Federated Environments Leveraging Identity and Authorization), a prototype system to perform registration, authentication and authorisation to EHRs [16]. From the human interaction's point of view, PACVIM uses visual access control tools commonly employed nowadays to browse social networks.…”

Section: Introductionmentioning

confidence: 99%

Envisioning secure and usable access control for patients

Ferreira

Lenzini

Santos-Pereira

et al. 2014

2014 IEEE 3nd International Conference on Serious Games and Applications for Health (SeGAH)

Self Cite

View full text Add to dashboard Cite

Abstract-Several pilot tests show that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR.

show abstract

“…Therefore providing a practical solution for the users Internet reachability challenge [8]. The use of smartphones for identity management is currently also recognized as essential for enhancing security and privacy [9,10,11] and has been proved to play a crucial role on more flexible user-centric models [12,13]. Based on these facts, the proposed architecture adopt the use of smartphones as an Authorization Broker in order to grant users a dynamic and more active role over their identity attributes.…”

Section: Proposed Solutionmentioning

confidence: 99%

“…These authorization take the form of conditional, temporal limited and easily revocable by the data owners. [7,13] …”

Section: Identity Managementmentioning

confidence: 99%

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

Augusto

Correia

Psychology and Mental Health

Self Cite

View full text Add to dashboard Cite

The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.

show abstract

OFELIA – A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management

Cited by 8 publications

References 15 publications

Can Transparency Enhancing Tools Support Patient’s Accessing Electronic Health Records?

Can Transparency Enhancing Tools Support Patient’s Accessing Electronic Health Records?

Envisioning secure and usable access control for patients

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

Contact Info

Product

Resources

About