scholarly journals EFFICIENT POLICY-BASED ACCESS CONTROL IN WEB-BASED PERSONALIZATION MANAGEMENT - For Use in Convergent Applications

2006 ◽  
Keyword(s):  
Access Control ◽  
Web Based

scholarly journals Evaluating the Performance of Novel JWT Revocation Strategy

2021 ◽  
Author(s):  
László Viktor Jánoky ◽  
Péter Ekler ◽  
János Levendovszky
Keyword(s):  
Access Control ◽  
Real World ◽  
Mathematical Framework ◽  
Web Based ◽  
Novel Approach ◽  
User Access ◽  
Digital Signing

JSON Web Tokens (JWT) provide a scalable, distributed way of user access control for modern web-based systems. The main advantage of the scheme is that the tokens are valid by themselves – through the use of digital signing – also imply its greatest weakness. Once issued, there is no trivial way to revoke a JWT token. In our work, we present a novel approach for this revocation problem, overcoming some of the problems of currently used solutions. To compare our solution to the established solutions, we also introduce the mathematical framework of comparison, which we ultimately test using real-world measurements.

Exploring Type-and-Identity-Based Proxy Re-Encryption Scheme to Securely Manage Personal Health Records

2010 ◽  
Vol 1 (2) ◽  
pp. 1-21
Author(s):  
Luan Ibraimi ◽  
Qiang Tang ◽  
Pieter Hartel ◽  
Willem Jonker
Keyword(s):  
Access Control ◽  
Health Data ◽  
Third Party ◽  
Personal Health ◽  
Encryption Scheme ◽  
Health Records ◽  
Web Based ◽  
The Third ◽  
Access Control Policies ◽  
Identity Based

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).

Security in E-Health Applications

2011 ◽  
pp. 104-119
Author(s):  
Snezana Sucurovic
Keyword(s):  
Access Control ◽  
Heterogeneous Systems ◽  
Role Based Access Control ◽  
Health Care Information ◽  
Web Based ◽  
Privilege Management ◽  
Electronic Healthcare Record ◽  
Health Care Information Systems ◽  
Care Information ◽  
Role Based

This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic healthcare record (EHCR). Security solutions in several projects have been presented and in particular a solution for EHCR integration from scratch. Implementations of Public key infrastructure, privilege management infrastructure, role based access control and rule based access control in EHCR have been presented. Regarding EHCR integration from scratch architecture and security have been proposed and discussed. This integration is particularly suitable for developing countries with wide spread Internet while at the same time the integration of heterogeneous systems is not needed. The chapter aims at contributing to initiatives for implementation of national and transnational EHCR in security aspect.

Security in E-Health Applications

2011 ◽  
pp. 1949-1964
Author(s):  
Snezana Sucurovic
Keyword(s):  
Access Control ◽  
Heterogeneous Systems ◽  
Role Based Access Control ◽  
Health Care Information ◽  
Web Based ◽  
Privilege Management ◽  
Electronic Healthcare Record ◽  
Health Care Information Systems ◽  
Care Information ◽  
Role Based

This chapter presents security solutions in integrated patient-centric Web-based health-care information systems, also known as electronic healthcare record (EHCR). Security solutions in several projects have been presented and in particular a solution for EHCR integration from scratch. Implementations of Public key infrastructure, privilege management infrastructure, role based access control and rule based access control in EHCR have been presented. Regarding EHCR integration from scratch architecture and security have been proposed and discussed. This integration is particularly suitable for developing countries with wide spread Internet while at the same time the integration of heterogeneous systems is not needed. The chapter aims at contributing to initiatives for implementation of national and transnational EHCR in security aspect.

Improving the Information Security of Collaborative Web Portals via Fine-Grained Role-Based Access Control

2010 ◽  
pp. 430-448
Author(s):  
S. Demurjian ◽  
H. Ren ◽  
S. Berhe ◽  
M. Devineni ◽  
Sushil Vegad ◽  
...  
Keyword(s):  
Access Control ◽  
Full Range ◽  
Coarse Grained ◽  
Role Based Access Control ◽  
Security Model ◽  
Web Portals ◽  
Web Based ◽  
Fine Grained ◽  
Role Based ◽  
The Look

Collaborative portals are emerging as a viable technology to allow groups of individuals to easily author, create, update, and share content via easy-to-use Web-based interfaces, for example, MediaWiki, Microsoft’s Sharepoint, and so forth. From a security perspective, these products are often limited and coarse grained in their authorization and authentication. For example, in a Wiki, the security model is often at two ends of the spectrum: anonymous users with no authorization and limited access via readonly browsing vs. registered users with full-range of access and limited oversight in content creation and modification. However, in practice, such full and unfettered access may not be appropriate for all users and for all applications, particularly as the collaborative technology moves into commercial usage (where copyright and intellectual property are vital) or sensitive domains such as healthcare (which ushave stringent HIPAA requirements). In this chapter, we report on our research and development effort of a role-based access control for collaborative Web portals that encompasses and realizes security at the application level, the document level (authoring and viewing), and the look-and-feel of the portal itself.

Sign in / Sign up

Export Citation Format

Share Document