User authentication algorithm with role-based access control for electronic health systems to prevent abuse of patient privacy

2017 ◽  
Author(s):  
Pinyaphat Tasatanattakool ◽  
Chian Techapanupreeda
Keyword(s):  
Access Control ◽  
Health Systems ◽  
User Authentication ◽  
Role Based Access Control ◽  
Patient Privacy ◽  
Electronic Health ◽  
Role Based

Securing XML with Role-Based Access Control

2014 ◽  
pp. 334-365 ◽  
Author(s):  
Alberto De la Rosa Algarín ◽  
Steven A. Demurjian ◽  
Timoteus B. Ziminski ◽  
Yaira K. Rivera Sánchez ◽  
Robert Kuykendall
Keyword(s):  
Access Control ◽  
Electronic Health Record ◽  
Information Exchange ◽  
Security Policies ◽  
Health Record ◽  
Role Based Access Control ◽  
Future Trends ◽  
Security Framework ◽  
Electronic Health ◽  
Role Based

Today’s applications are often constructed by bringing together functionality from multiple systems that utilize varied technologies (e.g. application programming interfaces, Web services, cloud computing, data mining) and alternative standards (e.g. XML, RDF, OWL, JSON, etc.) for communication. Most such applications achieve interoperability via the eXtensible Markup Language (XML), the de facto document standard for information exchange in domains such as library repositories, collaborative software development, health informatics, etc. The use of a common data format facilitates exchange and interoperability across heterogeneous systems, but challenges in the aspect of security arise (e.g. sharing policies, ownership, permissions, etc.). In such situations, one key security challenge is to integrate the local security (existing systems) into a global solution for the application being constructed and deployed. In this chapter, the authors present a Role-Based Access Control (RBAC) security framework for XML, which utilizes extensions to the Unified Modeling Language (UML) to generate eXtensible Access Control Markup Language (XACML) policies that target XML schemas and instances for any application, and provides both the separation and reconciliation of local and global security policies across systems. To demonstrate the framework, they provide a case study in health care, using the XML standards Health Level Seven’s (HL7) Clinical Document Architecture (CDA) and the Continuity of Care Record (CCR). These standards are utilized for the transportation of private and identifiable information between stakeholders (e.g. a hospital with an electronic health record, a clinic’s electronic health record, a pharmacy system, etc.), requiring not only a high level of security but also compliance to legal entities. For this reason, it is not only necessary to secure private information, but for its application to be flexible enough so that updating security policies that affect millions of documents does not incur a large monetary or computational cost; such privacy could similarly involve large banks and credit card companies that have similar information to protect to deter identity theft. The authors demonstrate the security framework with two in-house developed applications: a mobile medication management application and a medication reconciliation application. They also detail future trends that present even more challenges in providing security at global and local levels for platforms such as Microsoft HealthVault, Harvard SMART, Open mHealth, and open electronic health record systems. These platforms utilize XML, equivalent information exchange document standards (e.g., JSON), or semantically augmented structures (e.g., RDF and OWL). Even though the primary use of these platforms is in healthcare, they present a clear picture of how diverse the information exchange process can be. As a result, they represent challenges that are domain independent, thus becoming concrete examples of future trends and issues that require a robust approach towards security.

Access Control in Mobile and Ubiquitous Environments

2010 ◽  
pp. 1481-1497
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
New Techniques ◽  
Role Based ◽  
Resource Constrained Devices

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resource-constrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

scholarly journals Evolution of access control models for protection of patient details: a survey

2018 ◽  
Vol 7 (2.8) ◽  
pp. 554
Author(s):  
Geetanjali Sinha ◽  
Prabhu Shankar K.C ◽  
Shaurya Jain
Keyword(s):  
Access Control ◽  
Control Model ◽  
Role Based Access Control ◽  
Patient Privacy ◽  
Access Control Model ◽  
Access Control Models ◽  
Control Models ◽  
Role Hierarchy ◽  
Role Based ◽  
Electronic Hospital

Hospitals across the world are adapting to Electronic Hospital Information Systems and are moving away from the manual paper systems to provide patients efficient services. Numerous Access ControlModels have been deployed for securing patient privacy one of them being Role Based Access Control Model (RBAC). The current models merely allow access on the basis of roles and role hierarchy without actually understanding the real intention of the person accessing the system. This could lead to a compromise of patient privacy and thus new methods have been evolving. In this survey we will see an evolution of the access control models which lead to the discovery of KC-RBAC (Knowledge Constrained Role Based Access Control) Model which takes into consideration the knowledge related to the medical domain along with the role to provide authorization.

scholarly journals An ECDSA Approach to Access Control in Knowledge Management Systems Using Blockchain

Information ◽  
2020 ◽  
Vol 11 (2) ◽  
pp. 111 ◽  
Author(s):  
Gabriel Nyame ◽  
Zhiguang Qin ◽  
Kwame Opuni-Boachie Obour Agyekum ◽  
Emmanuel Boateng Sifah
Keyword(s):  
Knowledge Management ◽  
Access Control ◽  
User Authentication ◽  
Knowledge Management System ◽  
System Model ◽  
Management Systems ◽  
Role Based Access Control ◽  
Blockchain Technology ◽  
Smart Contract ◽  
Role Based

Access control has become problematic in several organizations because of the difficulty in establishing security and preventing malicious users from mimicking roles. Moreover, there is no flexibility among users in the participation in their roles, and even controlling them. Several role-based access control (RBAC) mechanisms have been proposed to alleviate these problems, but the security has not been fully realized. In this work, however, we present an RBAC model based on blockchain technology to enhance user authentication before knowledge is accessed and utilized in a knowledge management system (KMS). Our blockchain-based system model and the smart contract ensure that transparency and knowledge resource immutability are achieved. We also present smart contract algorithms and discussions about the model. As an essential part of RBAC model applied to KMS environment, trust is ensured in the network. Evaluation results show that our system is efficient.

Securing XML with Role-Based Access Control

2016 ◽  
pp. 487-522
Author(s):  
Alberto De la Rosa Algarín ◽  
Steven A. Demurjian ◽  
Timoteus B. Ziminski ◽  
Yaira K. Rivera Sánchez ◽  
Robert Kuykendall
Keyword(s):  
Access Control ◽  
Electronic Health Record ◽  
Information Exchange ◽  
Security Policies ◽  
Health Record ◽  
Role Based Access Control ◽  
Future Trends ◽  
Security Framework ◽  
Electronic Health ◽  
Role Based

Today's applications are often constructed by bringing together functionality from multiple systems that utilize varied technologies (e.g. application programming interfaces, Web services, cloud computing, data mining) and alternative standards (e.g. XML, RDF, OWL, JSON, etc.) for communication. Most such applications achieve interoperability via the eXtensible Markup Language (XML), the de facto document standard for information exchange in domains such as library repositories, collaborative software development, health informatics, etc. The use of a common data format facilitates exchange and interoperability across heterogeneous systems, but challenges in the aspect of security arise (e.g. sharing policies, ownership, permissions, etc.). In such situations, one key security challenge is to integrate the local security (existing systems) into a global solution for the application being constructed and deployed. In this chapter, the authors present a Role-Based Access Control (RBAC) security framework for XML, which utilizes extensions to the Unified Modeling Language (UML) to generate eXtensible Access Control Markup Language (XACML) policies that target XML schemas and instances for any application, and provides both the separation and reconciliation of local and global security policies across systems. To demonstrate the framework, they provide a case study in health care, using the XML standards Health Level Seven's (HL7) Clinical Document Architecture (CDA) and the Continuity of Care Record (CCR). These standards are utilized for the transportation of private and identifiable information between stakeholders (e.g. a hospital with an electronic health record, a clinic's electronic health record, a pharmacy system, etc.), requiring not only a high level of security but also compliance to legal entities. For this reason, it is not only necessary to secure private information, but for its application to be flexible enough so that updating security policies that affect millions of documents does not incur a large monetary or computational cost; such privacy could similarly involve large banks and credit card companies that have similar information to protect to deter identity theft. The authors demonstrate the security framework with two in-house developed applications: a mobile medication management application and a medication reconciliation application. They also detail future trends that present even more challenges in providing security at global and local levels for platforms such as Microsoft HealthVault, Harvard SMART, Open mHealth, and open electronic health record systems. These platforms utilize XML, equivalent information exchange document standards (e.g., JSON), or semantically augmented structures (e.g., RDF and OWL). Even though the primary use of these platforms is in healthcare, they present a clear picture of how diverse the information exchange process can be. As a result, they represent challenges that are domain independent, thus becoming concrete examples of future trends and issues that require a robust approach towards security.

Access Control in Mobile and Ubiquitous Environments

2011 ◽  
pp. 278-294 ◽  
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
Access Control Policy ◽  
New Techniques ◽  
Role Based

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resourceconstrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

AN ADAPTIVE ROLE-BASED ACCESS CONTROL APPROACH FOR CLOUD E-HEALTH SYSTEMS

2017 ◽  
Vol 2 (3) ◽  
pp. 26-37
Author(s):  
Amer Al-Badarneh ◽  
◽  
Hassan Najadat ◽  
Enas 'Hassan Abu Yabes' ◽  
◽  
...  
Keyword(s):  
Access Control ◽  
Health Systems ◽  
Role Based Access Control ◽  
Control Approach ◽  
Role Based ◽  
Adaptive Role
Sign in / Sign up

Export Citation Format

Share Document