10,847 research outputs found
Secure and Trustable Electronic Medical Records Sharing using Blockchain
Electronic medical records (EMRs) are critical, highly sensitive private
information in healthcare, and need to be frequently shared among peers.
Blockchain provides a shared, immutable and transparent history of all the
transactions to build applications with trust, accountability and transparency.
This provides a unique opportunity to develop a secure and trustable EMR data
management and sharing system using blockchain. In this paper, we present our
perspectives on blockchain based healthcare data management, in particular, for
EMR data sharing between healthcare providers and for research studies. We
propose a framework on managing and sharing EMR data for cancer patient care.
In collaboration with Stony Brook University Hospital, we implemented our
framework in a prototype that ensures privacy, security, availability, and
fine-grained access control over EMR data. The proposed work can significantly
reduce the turnaround time for EMR sharing, improve decision making for medical
care, and reduce the overall costComment: AMIA 2017 Annual Symposium Proceeding
The Adoption of Blockchain Technologies in Data Sharing: A State of the Art Survey
In the big data era, it is a significant need for data sharing in various industries. However, there are many weaknesses in the traditional centralized way of data sharing. It is easy to attack the centralized data storage center. As the process of data asset transactions is not transparent, there is a lack of trust in the percipients of data sharing. Blockchain technology offers a possibility to solve these problems in data sharing, as the blockchain can provide a decentralized, programmable, tamperproof, and anonymous data sharing environment. In this paper, we compare the blockchain-based data sharing with the traditional ways of data sharing, and analyze the scenarios in major industry applications. We survey the state of the art of the adoption of blockchain technologies in data sharing, and provide a summary about their technical frameworks and schemes
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed.This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.This work was partially founded by the Spanish Ministry of Science and Innovation under the project TEC2010-20572-C02-01 (CONSEQUENCE) and by the State of Madrid (Spain) under the contract number S2009/TIC-1650 (e-Madrid). Moreover, the authors would like to thank to the anonymous referees for comments and recommendations for the paper improvement
A Decentralised Digital Identity Architecture
Current architectures to validate, certify, and manage identity are based on
centralised, top-down approaches that rely on trusted authorities and
third-party operators. We approach the problem of digital identity starting
from a human rights perspective, with a primary focus on identity systems in
the developed world. We assert that individual persons must be allowed to
manage their personal information in a multitude of different ways in different
contexts and that to do so, each individual must be able to create multiple
unrelated identities. Therefore, we first define a set of fundamental
constraints that digital identity systems must satisfy to preserve and promote
privacy as required for individual autonomy. With these constraints in mind, we
then propose a decentralised, standards-based approach, using a combination of
distributed ledger technology and thoughtful regulation, to facilitate
many-to-many relationships among providers of key services. Our proposal for
digital identity differs from others in its approach to trust in that we do not
seek to bind credentials to each other or to a mutually trusted authority to
achieve strong non-transferability. Because the system does not implicitly
encourage its users to maintain a single aggregated identity that can
potentially be constrained or reconstructed against their interests,
individuals and organisations are free to embrace the system and share in its
benefits.Comment: 30 pages, 10 figures, 3 table
Analysis and improvement of security and privacy techniques for genomic information
The purpose of this thesis is to review the current literature of privacy preserving techniques for genomic information on the last years. Based on the analysis, we propose a long-term classification system for the reviewed techniques. We also develop a security improvement proposal for the Beacon system without hindering research utility
- …