75 resultados para confidentiality
Resumo:
An increasing number of countries are faced with an aging population increasingly needing healthcare services. For any e-health information system, the need for increased trust by such clients with potentially little knowledge of any security scheme involved is paramount. In addition notable scalability of any system has become a critical aspect of system design, development and ongoing management. Meanwhile cryptographic systems provide the security provisions needed for confidentiality, authentication, integrity and non-repudiation. Cryptographic key management, however, must be secure, yet efficient and effective in developing an attitude of trust in system users. Digital certificate-based Public Key Infrastructure has long been the technology of choice or availability for information security/assurance; however, there appears to be a notable lack of successful implementations and deployments globally. Moreover, recent issues with associated Certificate Authority security have damaged trust in these schemes. This paper proposes the adoption of a centralised public key registry structure, a non-certificate based scheme, for large scale e-health information systems. The proposed structure removes complex certificate management, revocation and a complex certificate validation structure while maintaining overall system security. Moreover, the registry concept may be easier for both healthcare professionals and patients to understand and trust.
Resumo:
The primary motivation for signcryption was the gain in efficiency when both encryption and signing need to be performed. These two cryptographic operations may be done sequentially either by first encrypt and then sign (EtS) or alternatively, by first sign and then encrypt (StE). Further gains in efficiency can be achieved if encryption and signature are carried out in parallel (E&S). More importantly, however, is that these efficiency gains are complemented by gains in security, i.e., we may use relative weak encryption and signature schemes in order to obtain a “stronger” signcryption scheme. The reader is referred to Chaps. 2 and 3 for a discussion of the different “strengths” of security model (e.g., outsider vs. insider adversaries, two-user vs. multi-user setting).
Resumo:
We consider the following problem: members in a dynamic group retrieve their encrypted data from an untrusted server based on keywords and without any loss of data confidentiality and member’s privacy. In this paper, we investigate common secure indices for conjunctive keyword-based retrieval over encrypted data, and construct an efficient scheme from Wang et al. dynamic accumulator, Nyberg combinatorial accumulator and Kiayias et al. public-key encryption system. The proposed scheme is trapdoorless and keyword-field free. The security is proved under the random oracle, decisional composite residuosity and extended strong RSA assumptions.
Resumo:
The issue of how individual patients and their doctors should act in relation to the knowledge that the patient has a genetic condition— specifically, whether the patient and/or the doctor should or must inform relevant members of the patient’s family—is a looming area of medicolegal controversy. Over the last fifteen years or so, the issue of confidentiality versus disclosure has been particularly controversial in relation to HIV/AIDS patients.1 It has been argued that medical information about genetic disease gives rise to special problems vis-à-vis blood relatives. Because genetic disease is transmitted only by way of procreation, information about genetic disease is unique in that there is a propensity (which is highly variable and depends upon a variety of factors) for the condition to be shared by members of a family who are biologically related. Thus, genetic information about an individual may reveal information about relatives of that individual which is ‘specific (that the person has or will develop a genetic disease); or predictive (that the person has an unspecified risk of developing the disease)’
Resumo:
Security protocols are designed in order to provide security properties (goals). They achieve their goals using cryptographic primitives such as key agreement or hash functions. Security analysis tools are used in order to verify whether a security protocol achieves its goals or not. The analysed property by specific purpose tools are predefined properties such as secrecy (confidentiality), authentication or non-repudiation. There are security goals that are defined by the user in systems with security requirements. Analysis of these properties is possible with general purpose analysis tools such as coloured petri nets (CPN). This research analyses two security properties that are defined in a protocol that is based on trusted platform module (TPM). The analysed protocol is proposed by Delaune to use TPM capabilities and secrets in order to open only one secret from two submitted secrets to a recipient
Resumo:
This paper investigates the outsourcing of income tax return preparation by Australian accounting firms. It identifies the extent to which firms are currently outsourcing accounting services or considering outsourcing accounting services, with a focus on personal and business income tax return preparation. The motivations and barriers for outsourcing by Australian accounting firms are also considered in this paper. Privacy, security of client data, and the competence of the outsourcing provider's staff have been identified as risks associated with outsourcing. An expectation relating to confidentiality of client data is also examined in this paper. Statistical analysis of data collected from a random sample of Australian accounting firms using a survey questionnaire provided the empirical data for the paper. The results indicate that the majority of Australian accounting firms are either currently outsourcing or considering outsourcing accounting services, and firms are outsourcing taxation preparation both onshore and offshore. The results also indicate that firms expect the volume of outsourced work to increase in the future. In contrast to the literature identifying labour arbitrage as the primary driver for organisations choosing to outsource, this study found that the main factors considered by accounting firms in the decision to outsource were to expedite delivery of services to clients and to enable the firm to focus on core competencies. Data from this study also supports the literature which ndicates that not all tax practitioners are adhering to codes of conduct in relation to client confidentiality. Research identifying the extent to which accounting services are outsourced is limited, therefore significant contributions to the academic literature and the accounting profession are provided by this ndicates that not all tax practitioners are adhering to codes of conduct in relation to client confidentiality. Research identifying the extent to which accounting services are outsourced is limited, therefore significant contributions to the academic literature and the accounting profession are provided by this study.
Resumo:
We consider the following problem: users in a dynamic group store their encrypted documents on an untrusted server, and wish to retrieve documents containing some keywords without any loss of data confidentiality. In this paper, we investigate common secure indices which can make multi-users in a dynamic group to obtain securely the encrypted documents shared among the group members without re-encrypting them. We give a formal definition of common secure index for conjunctive keyword-based retrieval over encrypted data (CSI-CKR), define the security requirement for CSI-CKR, and construct a CSI-CKR based on dynamic accumulators, Paillier’s cryptosystem and blind signatures. The security of proposed scheme is proved under strong RSA and co-DDH assumptions.
Resumo:
To provide card holder authentication while they are conducting an electronic transaction using mobile devices, VISA and MasterCard independently proposed two electronic payment protocols: Visa 3D Secure and MasterCard Secure Code. The protocols use pre-registered passwords to provide card holder authentication and Secure Socket Layer/ Transport Layer Security (SSL/TLS) for data confidentiality over wired networks and Wireless Transport Layer Security (WTLS) between a wireless device and a Wireless Application Protocol (WAP) gateway. The paper presents our analysis of security properties in the proposed protocols using formal method tools: Casper and FDR2. We also highlight issues concerning payment security in the proposed protocols.
Resumo:
With the introduction of Check 21 law and the development of FSTC's echeck system, there has been an increasing usage of e-cheque conversions and acceptance among retailers, banks, and consumers. However, the current e-cheque system does not address issues concerning privacy, confidentiality, and traceability. We highlight the issues concerning the current electronic cheque system and provide a solution to overcome those drawbacks.
Resumo:
We consider the following problem: a user stores encrypted documents on an untrusted server, and wishes to retrieve all documents containing some keywords without any loss of data confidentiality. Conjunctive keyword searches on encrypted data have been studied by numerous researchers over the past few years, and all existing schemes use keyword fields as compulsory information. This however is impractical for many applications. In this paper, we propose a scheme of keyword field-free conjunctive keyword searches on encrypted data, which affirmatively answers an open problem asked by Golle et al. at ACNS 2004. Furthermore, the proposed scheme is extended to the dynamic group setting. Security analysis of our constructions is given in the paper.
Resumo:
Healthcare professionals’ use of social media platforms, such as blogs, wikis, and social networking web sites has grown considerably in recent years. However, few studies have explored the perspectives and experiences of physicians in adopting social media in healthcare. This article aims to identify the potential benefits and challenges of adopting social media by physicians and demonstrates this by presenting findings from a survey conducted with physicians. A qualitative survey design was employed to achieve the research goal. Semi-structured interviews were conducted with 24 physicians from around the world who were active users of social media. The data were analyzed using the thematic analysis approach. The study revealed six main reasons and six major challenges for physicians adopting social media. The main reasons to join social media were as follows: staying connected with colleagues, reaching out and networking with the wider community, sharing knowledge, engaging in continued medical education, benchmarking, and branding. The main challenges of adopting social media by physicians were also as follows: maintaining confidentiality, lack of active participation, finding time, lack of trust, workplace acceptance and support, and information anarchy. By revealing the main benefits as well as the challenges of adopting social media by physicians, the study provides an opportunity for healthcare professionals to better understand the scope and impact of social media in healthcare, and assists them to adopt and harness social media effectively, and maximize the benefits for the specific needs of the clinical community.
Resumo:
Health Law in Australia is the country’s leading text in this area and was the first book to deal with health law on a comprehensive national basis. In this important field that continues to give rise to challenges for society Health Law in Australia takes a logical, structured approach to explain the breadth of this area of law across all Australian jurisdictions. By covering all the major areas in this diverse field, Health Law in Australia enhances the understanding of the discipline as a whole. Beginning with an exploration of the general principles of health law, including chapters on “Negligence”, “Children and Consent to Medical Treatment”, and “Medical Confidentiality and Patient Privacy”, the book goes on to consider beginning-of-life and end-of-life issues before concluding with chapters on emerging areas in health law, such as biotechnology, genetic technologies and medical research. The contributing authors are national leaders who are specialists in these areas of health law and who can share with readers the results of their research. Health Law in Australia has been written for both legal and health audiences and is essential reading for undergraduate and postgraduate students, researchers and scholars in the disciplines of law, health and medicine, as well as health and legal practitioners, government departments and bodies in the health area, and private health providers.
Resumo:
Background Ambulance professionals often address conflicts between ethical values. As individuals’ values represent basic convictions of what is right or good and motivate behaviour, research is needed to understand their value profiles. Objectives To translate and adapt the Managerial Values Profile to Spanish and Swedish, and measure the presence of utilitarianism, moral rights and/or social justice in ambulance professionals’ value profiles in Spain and Sweden. Methods The instrument was translated and culturally adapted. A content validity index was calculated. Pilot tests were carried out with 46 participants. Ethical considerations This study conforms to the ethical principles for research involving human subjects and adheres to national laws and regulations concerning informed consent and confidentiality. Findings Spanish professionals favoured justice and Swedish professionals’ rights in their ambulance organizations. Both countries favoured utilitarianism least. Gender differences across countries showed that males favoured rights. Spanish female professionals favoured justice most strongly of all. Discussion Swedes favour rights while Spaniards favour justice. Both contexts scored low on utilitarianism focusing on total population effect, preferring the opposite, individualized approach of the rights and justice perspectives. Organizational investment in a utilitarian perspective might jeopardize ambulance professionals’ moral right to make individual assessments based on the needs of the patient at hand. Utilitarianism and a caring ethos appear as stark opposites. However, a caring ethos in its turn might well involve unreasonable demands on the individual carer’s professional role. Since both the justice and rights perspectives portrayed in the survey mainly concern relationship to the organization and peers within the organization, this relationship might at worst be given priority over the equal treatment and moral rights of the patient. Conclusion A balanced view on ethical perspectives is needed to make professionals observant and ready to act optimally – especially if these perspectives are used in patient care. Research is needed to clarify how justice and rights are prioritized by ambulance services and whether or not these organization-related values are also implemented in patient care.
Resumo:
Research studies aimed at advancing cancer prevention, diagnosis, and treatment depend on a number of key resources, including a ready supply of high-quality annotated biospecimens from diverse ethnic populations that can be used to test new drugs, assess the validity of prognostic biomarkers, and develop tailor-made therapies. In November 2011, KHCCBIO was established at the King Hussein Cancer Center (KHCC) with the support of Seventh Framework Programme (FP7) funding from the European Union (khccbio.khcc.jo). KHCCBIO was developed for the purpose of achieving an ISO accredited cancer biobank through the collection, processing, and preservation of high-quality, clinically annotated biospecimens from consenting cancer patients, making it the first cancer biobank of its kind in Jordan. The establishment of a state-of-the-art, standardized biospecimen repository of matched normal and lung tumor tissue, in addition to blood components such as serum, plasma, and white blood cells, was achieved through the support and experience of its European partners, Trinity College Dublin, Biostor Ireland, and accelopment AG. To date, KHCCBIO along with its partners, have worked closely in establishing an ISO Quality Management System (QMS) under which the biobank will operate. A Quality Policy Manual, Validation, and Training plan have been developed in addition to the development of standard operating procedures (SOPs) for consenting policies on ethical issues, data privacy, confidentiality, and biobanking bylaws. SOPs have also been drafted according to best international practices and implemented for the donation, procurement, processing, testing, preservation, storage, and distribution of tissues and blood samples from lung cancer patients, which will form the basis for the procurement of other cancer types. KHCCBIO will be the first ISO accredited cancer biobank from a diverse ethnic Middle Eastern and North African population. It will provide a unique and valuable resource of high-quality human biospecimens and anonymized clinicopathological data to the cancer research communities world-wide.
