Abstract: Search technology is one of the main issues which unleash the infinite prospective of the Web today. A significant aspect of this technology is its importance for achieving customer-oriented e-commerce successful activities. In this article, we will investigate the potential offered by the Google SOAP Search API to search for data on the Internet. Our approach focuses in personalizing Web search results: the resulted Web pages will take into account the interests of the individuals. Collecting and processing such information, explicitly or implicitly (e.g. from the products that are bought or the pages that are visited), may lead the user to products or services in a more accurate way. Thus, the search time is decreased and the environment becomes more user-friendly.
Abstract: The establishment of an efficient access control system in healthcare intranets is a critical security issue directly related to the protection of patients' privacy. Our C-TMAC (Context and Team-based Access Control) model is an active security access control model that layers dynamic access control concepts on top of RBAC (Role-based) and TMAC (Team-based) access control models. It also extends them in the sense that contextual information concerning collaborative activities is associated with teams of users and user permissions are dynamically filtered during runtime. These features of C-TMAC meet the specific security requirements of healthcare applications. In this paper, an experimental implementation of the C-TMAC model is described. More specifically, we present the operational architecture of the system that is used to implement C-TMAC security components in a healthcare intranet. Based on the technological platform of an Oracle Data Base Management System and Application Server, the application logic is coded with stored PL/SQL procedures that include Dynamic SQL routines for runtime value binding purposes. The resulting active security system adapts to current need-to-know requirements of users during runtime and provides fine-grained permission granularity. Apart from identity certificates for authentication, it uses attribute certificates for communicating critical security metadata, such as role membership and team participation of users.
Abstract: Objectives: Internet technologies provide an attractive infrastructure for efficient and low cost communications in regional health information networks. The advantages provided by the Internet come however with a significantly greater element of risk to the confidentiality and integrity of information. This is because the Internet has been designed primarily to optimize information sharing and interoperability not security. The main objective of this paper is to propose the exploitation of public-key cryptography techniques to provide adequate security to enable secure healthcare Internet applications. Methods: Public-key cryptography techniques can provide the needed security infrastructure in regional health networks. In the regional health-care security framework presented in this paper, we propose the use of state-of-art Public Key Infrastructure (PKI) technology. Such an e-Health PKI consists of regional certification authorities that are implemented within the central hospitals of each region and provide their services to the rest of the healthcare establishments of the same region. Results: Significant experience in this area has been gained from the implemeatation of the PKI@AUTH project. Conclusions: The developed PKI infrastructure already successfully provides its security services to the AHEPA university hospital. The same infrastructure is designed to easily support a number of hospitals participating in a regional health information network.
Abstract: BACKGROUND: Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. OBJECTIVES: To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. METHODS: We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. RESULTS: Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. CONCLUSIONS: Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.
Abstract: The healthcare environment consists of vast amounts of dynamic and unstructured information, distributed over a large number of information systems. Mobile agent technology is having an ever-growing impact on the delivery of medical information. It supports acquiring and manipulating information distributed in a large number of information systems. Moreover is suitable for the computer untrained medical stuff. But the introduction of mobile agents generates advanced threads to the sensitive healthcare information, unless the proper countermeasures are taken. By applying the role-based approach to the authorization problem, we ease the sharing of information between hospital information systems and we reduce the administering part. The different initiative of the agent's migration method, results in different methods of assigning roles to the agent.
Abstract: Health information networks are expected to support information exchange that is authentic, accurate, private and available when, where and to whom is needed. With the increase of the shared medical information and resources in healthcare wireless information systems, unauthorized access to the information by illegal users also increases. The security of the transmitted information is a vital issue. In this paper, we report on the development of the Lightweight Authentication Protocol (LAP), which makes a mobile and distributed system more secure and flexible and we implement it in a Health Care Environment where the clinicians use mobile and wireless devices like PDAs. We also provide an indicative example of integrating the LAP with access control mechanisms. Context-based Team Access Control (C-TMAC) model is used in this example, since it provides great flexibility on user-permissions management in collaborative healthcare environments. LAP is indeed capable to support efficiently the advanced authorization procedures of such demanding active security models.
Abstract: Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modem healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has therefore become a major concern for healthcare applications over the Internet. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security policy is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided.
Abstract: Grid technologies promise to change the way that health organizations tackle complex problems by offering unprecedented opportunities for resource sharing and collaboration. Healthgrids are Grid infrastructures comprising applications, services or middleware components that deal with the specific problems arising in the processing of biomedical data. Resources in Healthgrids are databases, computing power, medical expertise and even medical devices. Securing this new environment in Health organizations is a major issue today. Security considerations and more specifically authorization decisions is a critical problem. Personal data is confidential, so access to the information must be restricted to authorized and authenticated persons. Furthermore data must be protected to guarantee its confidentiality and integrity. This work provides a suitable authorization mechanism that facilitates the usage of grid and agent technology in HealthGrid environments. More specifically, our approach applies the RBAC access control model for dynamically assigning security roles to visiting agents on hosts of the HealthGrid environment. Our methodology proposes a flexible role decomposition method, which facilitates the role assignment process. The role decomposition relies on a set of common Attribute Fields, shared between Grid's hosts, filled with Attribute values that every host evaluates according to its security goals. In any case, every host participating in the grid retains its security policy without altering or compromising its security policy in order to participate in the agent exchange process. The proposed process and the related assignment algorithms have been experimentally implemented and applied in a typical health environment. The results have shown that the proposed framework is applicable and implementable, and can be applied successfully in real life health care environments.
Abstract: Mobile setting considerations provide valuable issues regarding flexible mobile applications. In this paper, we indicate the advantages of an m-commerce application capable to provide users with useful information (e.g. historical buildings, shops, hotels) according to their location. First, the application creates a basic profile of the current user (type of information the user is mainly interested in). Then, in addition with the location awareness of the user's position the application provides only useful information according to the user's whereabouts. When the user is alerted that he is in close proximity of one place that he is interested in, he has the option to access more info about it (streaming video or photo and text). The application is implemented using the Java Micro Edition (Java ME) platform and is mainly making use of the Location API, which provides information about the device's present physical location and orientation. The customized information is stored online and is accessed only when user needs it.
Abstract: We discuss the integration of contextual information with team-based access control. The TMAC model was formulated by Thomas in [1] to provide access control for collaborative activity best accomplished by teams of users. In TMAC, access control revolves around teams, where a "team" is an abstraction that encapsulates a collection of users in specific roles and collaborating with the objective of accomplishing a specific task or goal. Users who belong to a team are given access to resources used by a team. However, the effective permissions of a user are always derived from permission types defined for roles that the user belongs to. TMAC is an example of what we call "active security models". These models are aware of the context associated with an ongoing activity in providing access control and thus distinguish the passive concept of permission assignment from the active concept of context-based permission activation. The ability to integrate contextual information allows models such as TMAC to be flexible and express a variety of access policies that can provide tight and just-in-time permission activation.
