Native App vs. Website for a University Library : Comparison testing on a touch screen phone

Syftet med denna uppsats var att undersöka hur väl webbplatsen för Karlstad Universitetsbibliotek möter studenters behov på mobila enheter, samt huruvida de anser att en biblioteksapp skulle utgöra ett behövligt komplement i framtiden. Uppsatsen riktar sig främst till Karlstads Universitetsbibliotek men kan även tänkas vara av intresse för bibliotek vid liknande lärosäten. För ändamålet upprättades två prototyper, varav den ena representerade befintlig webbplats på mobiltelefoner, medan den andra utgjorde ett exempel på hur en biblioteksapp skulle kunna se ut. Under jämförelsetester fick sedan studenter genomföra en grupprumsbokning och söka upp en elektronisk resurs i respektive prototyp samt besvara enkätfrågor. Av resultatet att döma finns ett intresse kring en biblioteksapp bland Karlstad Universitets studenter, då de gärna vill ha tillgång till bibliotekets tjänster på sina mobiltelefoner även om befintlig webbplats upplevs som krånglig på denna plattform. I ”OneSearch” (dvs. söktjänsten för bibliotekets tryckta och elektroniska resurser) skulle avgränsningsalternativen kunna begränsas, så att mobilanvändarna inte överväldigas av alltför många valmöjligheter. I bokningssystemet för grupprum bör presentationen göras mer konsekvent och det bör tydliggöras att vissa element är klickbara

A Configuration User Interface for Multi-Cloud Storage Based on Secret Sharing : An Exploratory Design Study

Storing personal information in a secure and reliable manner may be crucial for organizational as well as private users. Encryption protects the confidentiality of data against adversaries but if the cryptographic key is lost, the information will not be obtainable for authorized individuals either. Redundancy may protect information against availability issues or data loss, but also comes with greater storage overhead and cost. Cloud storage serves as an attractive alternative to traditional storage as one is released from maintenance responsibilities and does not have to invest in in-house IT-resources. However, cloud adoption is commonly hindered due to privacy concerns. Instead of relying on the security of a single cloud, this study aims to investigate the applicability of a multi-cloud solution based on Secret Sharing, and to identify suitable options and guidelines in a configuration user interface (UI). Interviews were conducted with technically skilled people representing prospective users, followed by walkthroughs of a UI prototype. Although the solution would (theoretically) allow for employment of less “trustworthy” clouds without compromising the data confidentiality, the research results indicate that trust factors such as compliance with EU laws may still be a crucial prerequisite in order for users to utilize cloud services. Users may worry about cloud storage providers colluding, and the solution may not be perceived as adequately secure without the use of encryption. The configuration of the Secret Sharing parameters are difficult to comprehend even for technically skilled individuals and default values could/should be recommended to the user.PRISMACLOU

Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service : Qualitative Study of Perspectives by Medical Professionals and Patients

Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.This paper was included as manuscript in Alaqra's licentiate thesis The Wicked Problem of Privacy: Design Challenge for Crypto-based SolutionsThis paper was included as manuscript in Alaqra's licentiate thesis Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services, with the title: Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Perspectives by Medical Professionals and Patients</p

Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients (Preprint)

BACKGROUND Patients’ privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users’ evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. OBJECTIVE This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. METHODS We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers’ perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor’s perspective of EHR data redaction control were used. RESULTS We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor’s signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients’ redactions and the design of redaction templates for guidance and control. CONCLUSIONS For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered. </sec

Making secret sharing based cloud storage usable

The purpose of this paper is to develop a usable configuration management for Archistar, whichutilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure andprivacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and othersettings for securely storing the secret data shares, while meeting all of end user’s requirements and otherrestrictions, is a complex task. In particular, complex trade-offs between different protection goals and legalprivacy requirements need to be made.Prismacloud (4805

Making secret sharing based cloud storage usable

Purpose The purpose of this paper is to develop a usable configuration management for Archistar, which utilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure and privacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and other settings for securely storing the secret data shares, while meeting all of end user’s requirements and other restrictions, is a complex task. In particular, complex trade-offs between different protection goals and legal privacy requirements need to be made. Design/methodology/approach A human-centered design approach with structured interviews and cognitive walkthroughs of user interface mockups with system administrators and other technically skilled users was used. Findings Even technically skilled users have difficulties to adequately select secret sharing parameters and other configuration settings for adequately securing the data to be outsourced. Practical implications Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations. Originality/value The authors present novel human computer interaction (HCI) guidelines for a usable configuration management, which propose to automatically set configuration parameters and to solve trade-offs based on the type of data to be stored in the cloud. Through these automatic settings, not only system administrators but also non-technical users will be able to easily derive suitable configurations. </jats:sec