An event driven hybrid identity management approach to privacy enhanced e-health.
Identifieur interne : 000600 ( Main/Exploration ); précédent : 000599; suivant : 000601An event driven hybrid identity management approach to privacy enhanced e-health.
Auteurs : Rosa Sánchez-Guerrero [Espagne] ; Florina Almenárez ; Daniel Díaz-Sánchez ; Andrés Marín ; Patricia Arias ; Fabio SanvidoSource :
- Sensors (Basel, Switzerland) [ 1424-8220 ] ; 2012.
Descripteurs français
- KwdFr :
- MESH :
English descriptors
- KwdEn :
- MESH :
Abstract
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent--considered as a privacy rule in sensitive scenarios--has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
DOI: 10.3390/s120506129
PubMed: 22778634
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream PubMed, to step Corpus: 000279
- to stream PubMed, to step Curation: 000279
- to stream PubMed, to step Checkpoint: 000279
- to stream Ncbi, to step Merge: 000823
- to stream Ncbi, to step Curation: 000823
- to stream Ncbi, to step Checkpoint: 000823
- to stream Main, to step Merge: 000600
- to stream Main, to step Curation: 000600
Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">An event driven hybrid identity management approach to privacy enhanced e-health.</title><author><name sortKey="Sanchez Guerrero, Rosa" sort="Sanchez Guerrero, Rosa" uniqKey="Sanchez Guerrero R" first="Rosa" last="Sánchez-Guerrero">Rosa Sánchez-Guerrero</name><affiliation wicri:level="3"><nlm:affiliation>Department of Telematic Engineering, Carlos III University of Madrid, Avda. Universidad 30, 28911, Leganes, Madrid, Spain. rmsguerr@it.uc3m.es</nlm:affiliation><country xml:lang="fr">Espagne</country><wicri:regionArea>Department of Telematic Engineering, Carlos III University of Madrid, Avda. Universidad 30, 28911, Leganes, Madrid</wicri:regionArea><placeName><settlement type="city">Madrid</settlement><region nuts="2" type="region">Communauté de Madrid</region></placeName></affiliation></author><author><name sortKey="Almenarez, Florina" sort="Almenarez, Florina" uniqKey="Almenarez F" first="Florina" last="Almenárez">Florina Almenárez</name></author><author><name sortKey="Diaz Sanchez, Daniel" sort="Diaz Sanchez, Daniel" uniqKey="Diaz Sanchez D" first="Daniel" last="Díaz-Sánchez">Daniel Díaz-Sánchez</name></author><author><name sortKey="Marin, Andres" sort="Marin, Andres" uniqKey="Marin A" first="Andrés" last="Marín">Andrés Marín</name></author><author><name sortKey="Arias, Patricia" sort="Arias, Patricia" uniqKey="Arias P" first="Patricia" last="Arias">Patricia Arias</name></author><author><name sortKey="Sanvido, Fabio" sort="Sanvido, Fabio" uniqKey="Sanvido F" first="Fabio" last="Sanvido">Fabio Sanvido</name></author></titleStmt><publicationStmt><idno type="wicri:source">PubMed</idno><date when="2012">2012</date><idno type="doi">10.3390/s120506129</idno><idno type="RBID">pubmed:22778634</idno><idno type="pmid">22778634</idno><idno type="wicri:Area/PubMed/Corpus">000279</idno><idno type="wicri:explorRef" wicri:stream="PubMed" wicri:step="Corpus" wicri:corpus="PubMed">000279</idno><idno type="wicri:Area/PubMed/Curation">000279</idno><idno type="wicri:explorRef" wicri:stream="PubMed" wicri:step="Curation">000279</idno><idno type="wicri:Area/PubMed/Checkpoint">000279</idno><idno type="wicri:explorRef" wicri:stream="Checkpoint" wicri:step="PubMed">000279</idno><idno type="wicri:Area/Ncbi/Merge">000823</idno><idno type="wicri:Area/Ncbi/Curation">000823</idno><idno type="wicri:Area/Ncbi/Checkpoint">000823</idno><idno type="wicri:Area/Main/Merge">000600</idno><idno type="wicri:Area/Main/Curation">000600</idno><idno type="wicri:Area/Main/Exploration">000600</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en">An event driven hybrid identity management approach to privacy enhanced e-health.</title><author><name sortKey="Sanchez Guerrero, Rosa" sort="Sanchez Guerrero, Rosa" uniqKey="Sanchez Guerrero R" first="Rosa" last="Sánchez-Guerrero">Rosa Sánchez-Guerrero</name><affiliation wicri:level="3"><nlm:affiliation>Department of Telematic Engineering, Carlos III University of Madrid, Avda. Universidad 30, 28911, Leganes, Madrid, Spain. rmsguerr@it.uc3m.es</nlm:affiliation><country xml:lang="fr">Espagne</country><wicri:regionArea>Department of Telematic Engineering, Carlos III University of Madrid, Avda. Universidad 30, 28911, Leganes, Madrid</wicri:regionArea><placeName><settlement type="city">Madrid</settlement><region nuts="2" type="region">Communauté de Madrid</region></placeName></affiliation></author><author><name sortKey="Almenarez, Florina" sort="Almenarez, Florina" uniqKey="Almenarez F" first="Florina" last="Almenárez">Florina Almenárez</name></author><author><name sortKey="Diaz Sanchez, Daniel" sort="Diaz Sanchez, Daniel" uniqKey="Diaz Sanchez D" first="Daniel" last="Díaz-Sánchez">Daniel Díaz-Sánchez</name></author><author><name sortKey="Marin, Andres" sort="Marin, Andres" uniqKey="Marin A" first="Andrés" last="Marín">Andrés Marín</name></author><author><name sortKey="Arias, Patricia" sort="Arias, Patricia" uniqKey="Arias P" first="Patricia" last="Arias">Patricia Arias</name></author><author><name sortKey="Sanvido, Fabio" sort="Sanvido, Fabio" uniqKey="Sanvido F" first="Fabio" last="Sanvido">Fabio Sanvido</name></author></analytic><series><title level="j">Sensors (Basel, Switzerland)</title><idno type="eISSN">1424-8220</idno><imprint><date when="2012" type="published">2012</date></imprint></series></biblStruct></sourceDesc></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Humans</term><term>Medical Records Systems, Computerized</term><term>Motivation</term><term>Patient Identification Systems</term><term>Privacy</term></keywords><keywords scheme="KwdFr" xml:lang="fr"><term>Humains</term><term>Motivation</term><term>Système identification patient</term><term>Systèmes informatisés de dossiers médicaux</term><term>Vie privée</term></keywords><keywords scheme="MESH" xml:lang="en"><term>Humans</term><term>Medical Records Systems, Computerized</term><term>Motivation</term><term>Patient Identification Systems</term><term>Privacy</term></keywords><keywords scheme="MESH" xml:lang="fr"><term>Humains</term><term>Motivation</term><term>Système identification patient</term><term>Systèmes informatisés de dossiers médicaux</term><term>Vie privée</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent--considered as a privacy rule in sensitive scenarios--has not been fully addressed. This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.</div></front></TEI><affiliations><list><country><li>Espagne</li></country><region><li>Communauté de Madrid</li></region><settlement><li>Madrid</li></settlement></list><tree><noCountry><name sortKey="Almenarez, Florina" sort="Almenarez, Florina" uniqKey="Almenarez F" first="Florina" last="Almenárez">Florina Almenárez</name><name sortKey="Arias, Patricia" sort="Arias, Patricia" uniqKey="Arias P" first="Patricia" last="Arias">Patricia Arias</name><name sortKey="Diaz Sanchez, Daniel" sort="Diaz Sanchez, Daniel" uniqKey="Diaz Sanchez D" first="Daniel" last="Díaz-Sánchez">Daniel Díaz-Sánchez</name><name sortKey="Marin, Andres" sort="Marin, Andres" uniqKey="Marin A" first="Andrés" last="Marín">Andrés Marín</name><name sortKey="Sanvido, Fabio" sort="Sanvido, Fabio" uniqKey="Sanvido F" first="Fabio" last="Sanvido">Fabio Sanvido</name></noCountry><country name="Espagne"><region name="Communauté de Madrid"><name sortKey="Sanchez Guerrero, Rosa" sort="Sanchez Guerrero, Rosa" uniqKey="Sanchez Guerrero R" first="Rosa" last="Sánchez-Guerrero">Rosa Sánchez-Guerrero</name></region></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/TelematiV1/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000600 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000600 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Ticri/CIDE
|area= TelematiV1
|flux= Main
|étape= Exploration
|type= RBID
|clé= pubmed:22778634
|texte= An event driven hybrid identity management approach to privacy enhanced e-health.
}}
Pour générer des pages wiki
HfdIndexSelect -h $EXPLOR_AREA/Data/Main/Exploration/RBID.i -Sk "pubmed:22778634" \
| HfdSelect -Kh $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd \
| NlmPubMed2Wicri -a TelematiV1
| This area was generated with Dilib version V0.6.31. |  |