A secure framework and related protocols for ubiquitous access to electronic health records using Java sim cards

Ubiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the point-ofcare could possibly lead to a fatality. The U.S. Institute of Medicine has reported that between 44,000 and 98,000 people die each year due to medical errors, such as incorrect medication dosages, due to poor legibility in manual records, or delays in consolidating needed information to discern the proper intervention. In this research we propose employing emergent technologies such as Java SIM Cards (JSC), Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHR). A partial EHR contained within a JSC can be used at the point-of-care in order to help quick diagnosis of a patient’s problems. The full EHR can be accessed from an Electronic Health Records Centre (EHRC) when time and network availability permit. Moreover, this framework and related protocols enable patients to give their explicit consent to a doctor to access their personal medical data, by using their Smart Phone, when the doctor needs to see or update the patient’s medical information during an examination. Also our proposed solution would give the power to patients to modify the Access Control List (ACL) related to their EHRs and view their EHRs through their Smart Phone. Currently, very limited research has been done on using JSCs and similar technologies as a portable repository of EHRs or on the specific security issues that are likely to arise when JSCs are used with ubiquitous access to EHRs. Previous research is concerned with using Medicare cards, a kind of Smart Card, as a repository of medical information at the patient point-of-care. However, this imposes some limitations on the patient’s emergency medical care, including the inability to detect the patient’s location, to call and send information to an emergency room automatically, and to interact with the patient in order to get consent. The aim of our framework and related protocols is to overcome these limitations by taking advantage of the SIM card and the technologies mentioned above. Briefly, our framework and related protocols will offer the full benefits of accessing an up-to-date, precise, and comprehensive medical history of a patient, whilst its mobility will provide ubiquitous access to medical and patient information everywhere it is needed. The objective of our framework and related protocols is to automate interactions between patients, healthcare providers and insurance organisations, increase patient safety, improve quality of care, and reduce the costs.

The mobile phone as a multi OTP device using trusted computing

The rapid growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with credentials, which in turn negatively impact their ability to manage them securely. Passwords are perhaps the most common type of credential used today. To avoid the tedious task of remembering difficult passwords, users often behave less securely by using low entropy and weak passwords. Weak passwords and bad password habits represent security threats to online services. Some solutions have been developed to eliminate the need for users to create and manage passwords. A typical solution is based on giving the user a hardware token that generates one-time-passwords, i.e. passwords for single session or transaction usage. Unfortunately, most of these solutions do not satisfy scalability and/or usability requirements, or they are simply insecure. In this paper, we propose a scalable OTP solution using mobile phones and based on trusted computing technology that combines enhanced usability with strong security.

A secure framework and related protocols for ubiquitous access to electronic health records using Java SIM cards

Ubiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the patient point-of-care could possibly lead to a fatality. In this paper we propose employing emergent technologies such as Java SIM Cards (JSC),Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHRs). A partial EHR contained within a JSC can be used at the patient point-of-care in order to help quick diagnosis of a patient’s problems. The full EHR can be accessed from an Electronic Healthcare Records Centre (EHRC).

A story worth telling : putting oral history and digital collections online in cultural institutions

Digital platforms in cultural institutions offer exciting opportunities for oral history and digital storytelling that can augment and enrich traditional collections. The way in which cultural institutions allow access to the public is changing dramatically, prompting substantial expansions of their oral history and digital story holdings. In Queensland, Australia, public libraries and museums are becoming innovative hubs of a wide assortment of collections that represent a cross-section of community groups and organisations through the integration of oral history and digital storytelling. The State Library of Queensland (SLQ) features digital stories online to encourage users to explore what the institution has in the catalogue through their website. Now SLQ also offers oral history interviews online, to introduce users to oral history and other components of their collections,- such as photographs and documents to current, as well as new users. This includes the various departments, Indigenous centres and regional libraries affiliated with SLQ statewide, who are often unable to access the materials held within, or even full information about, the collections available within the institution. There has been a growing demand for resources and services that help to satisfy community enthusiasm and promote engagement. Demand increases as public access to affordable digital media technologies increases, and as community or marginalised groups become interested in do it yourself (DIY) history; and SLQ encourages this. This paper draws on the oral history and digital story-based research undertaken by the Queensland University of Technology (QUT) for the State Library of Queensland including: the Apology Collection: The Prime Minister’s apology to Australia’s Indigenous Stolen Generation; Five Senses: regional Queensland artists; Gay history of Brisbane; and The Queensland Business Leaders Hall of Fame.

Complaining in cyberspace : the motives and forms of hotel guests’ complaints online

Traditionally, consumers who have been dissatisfied with service have typically complained to the frontline personnel or to a manager in either a direct (face-to-face, over the phone) manner, indirect by writing, or done nothing but told friends and family of the incident. More recently, the Internet has provided various “new” ways to air a grievance, especially when little might have been done at the point of service failure. With the opportunity to now spread word-of-mouth globally, consumers have the potential to impact the standing of a brand or a firm's reputation. The hotel industry is particularly vulnerable, as an increasing number of bookings are undertaken via the Internet and the decision process is likely to be influenced by what other previous guests might post on many booking-linked sites. We conducted a qualitative study of a key travel site to ascertain the forms and motives of complaints made online about hotels and resorts. 200 web-based consumer complaints were analyzed using NVivo 8 software. Findings revealed that consumers report a wide range of service failures on the Internet. They tell a highly descriptive, persuasive, and credible story, often motivated by altruism or, at the other end of the continuum, by revenge. These stories have the power to influence potential guests to book or not book accommodation at the affected properties. Implications for managers of hotels and resorts are discussed.

Universal online interventions might engage psychologically distressed university students who are unlikely to seek formal help

University students are a high risk population for mental health problems, yet few seek professional help when experiencing problems. This study explored the potential role of an online intervention for promoting wellbeing in university students, by investigating students' help-seeking behaviour, intention to use online interventions and student content preference for such interventions; 254 university students responded to an online survey designed for this study. As predicted, students were less likely to seek help as levels of psychological distress increased. Conversely, intention to use an online intervention increased at higher levels of distress, with 39.1%, 49.4% and 57.7% of low, moderate and severely distressed students respectively indicating they would use an online program supporting student well-being. Results suggest that online interventions may be a useful way to provide help to students in need who otherwise may not seek formal help.

Signal authentication and integrity schemes for next generation global navigation satellite systems

This paper describes a number of techniques for GNSS navigation message authentication. A detailed analysis of the security facilitated by navigation message authentication is given. The analysis takes into consideration the risk of critical applications that rely on GPS including transportation, finance and telecommunication networks. We propose a number of cryptographic authentication schemes for navigation data authentication. These authentication schemes provide authenticity and integrity of the navigation data to the receiver. Through software simulation, the performance of the schemes is quantified. The use of software simulation enables the collection of authentication performance data of different data channels, and the impact of various schemes on the infrastructure and receiver. Navigation message authentication schemes have been simulated at the proposed data rates of Galileo and GPS services, for which the resulting performance data is presented. This paper concludes by making recommendations for optimal implementation of navigation message authentication for Galileo and next generation GPS systems.

Secure tracking using trusted GNSS receivers and Galileo authentication services

This paper describes a secure framework for tracking applications that use the Galileo signal authentication services. First a number of limitations that affect the trust of critical tracking applications, even in presence of authenticated GNSS signals, are detailed. Requirements for secure tracking are then introduced; detailing how the integrity characteristics of the Galileo authentication could enhance the security of active tracking applications. This paper concludes with a discussion of our existing tracking technology using a Siemens TC45 GSM/GPRS module and future development utilizing our previously proposed trusted GNSS receiver.

Continuous biometric authentication : can it be more practical?

Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consider various issues that might affect practicality in real world applications and continuous authentication scenarios. One of the main issues is that the presented CBAS are based on several samples of training data either of both intruder and valid users or only the valid users' profile. This means that historical profiles for either the legitimate users or possible attackers should be available or collected before prediction time. However, in some cases it is impractical to gain the biometric data of the user in advance (before detection time). Another issue is the variability of the behaviour of the user between the registered profile obtained during enrollment, and the profile from the testing phase. The aim of this paper is to identify the limitations in current CBAS in order to make them more practical for real world applications. Also, the paper discusses a new application for CBAS not requiring any training data either from intruders or from valid users.

Centrally supported online surveys for research at QUT

We describe the introduction, service growth, benefits and holistic support approach of a centrally supported universitywide online survey tool for researchers at QUT. The online survey service employs the Key Survey software, and has grown into a significant service for QUT researchers since being introduced in 2009. Key benefits of the approach include the ability of QUT to handle important issues relating to data such as security, privacy, integrity, archiving & disposal. The service also incorporates a workflow process that enhances the institution’s ability to ensure survey quality control through controlled approval and pilot testing before any survey is widely released. An important issue is that a tool like this can make it very easy to do very poor research very quickly while creating lots of data, due to the absence of a rigorous methodology designed to reduce errors and collect accurate, comprehensive, timely data. With this in mind, a holistic approach to service provision and support has been taken, which has included the introduction of an integrated system of seminars, tools and workshops to get researchers thinking about the quality of their research while becoming operational quickly. The system of seminars, workshops, checks and approvals we have put in place at QUT is designed to ensure better quality outcomes for QUT’s research and the individual researchers concerned.

Online service delivery models : an international comparison in the public sector

Governments around the world are facing the challenge of responding to increased expectations by their customers with regard to public service delivery. Citizens, for example, expect governments to provide better and more efficient electronic services on the Web in an integrated way. Online portals have become the approach of choice in online service delivery to meet these requirements and become more customer-focussed. This study describes and analyses existing variants of online service delivery models based upon an empirical study and provides valuable insights for researchers and practitioners in government. For this study, we have conducted interviews with senior management representatives from five international governments. Based on our findings, we distinguish three different classes of service delivery models. We describe and characterise each of these models in detail and provide an in-depth discussion of the strengths and weaknesses of these approaches.