Giving You back Control of Your Data: Digital Signing Practical Issues and the eCert Solution

As technologies develop rapidly, digital signing is commonly used in eDocument security. However, unaddressed issues exist. An eCertificate system represents the problem situation, and therefore is being used as case study, in a project called eCert, to research for the solution. This paper addresses these issues, explores the gap between current tools and the desired system, through analysis of the existing services and eCertificate use cases, and the identified requirements, thereby presenting an approach which solves the above problems. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future study of solving digital signing issues

Solving the e-Portfolio Certificate Problem

ePortfolios are of particular interest as a means of supporting and encouraging life-long learning and continuing personal development. A current problem in this context concerns the inclusion of certification of attainment – the electronic equivalent of paper award certificates. At its heart is an interesting problem of three party trust extended over the lifetime of the student. This paper outlines the key issues, offers a proposed solution, and indicates how work is proceeding on an on-going UK-funded project which will deliver and evaluate a demonstrator to test the effectiveness of this solution

eIDeCert: a user-centric solution for mobile identification

The necessity to certify one's identity for different purposes and the evolution of mobile technologies have led to the generation of electronic devices such as smart cards, and electronic identities designed to meet daily needs. Nevertheless, these mechanisms have a problem: they don't allow the user to set the scope of the information presented. That problem introduces interesting security and privacy challenges and requires the development of a new tool that supports user-centrity for the information being handled. This article presents eIDeCert, a tool for the management of electronic identities (eIDs) in a mobile environment with a user-centric approach. Taking advantage of existing eCert technology we will be able to solve a real problem. On the other hand, the application takes us to the boundary of what the technology can cope with: we will assess how close we are to the boundary, and we will present an idea of what the next step should be to enable us to reach the goal

eCert: a secure and user centric edocument transmission protocol: solving the digital signing practical issues

Whilst our paper-based records and documents are gradually being digitized, security concerns about how such electronic data is stored, transmitted, and accessed have increased rapidly. Although the traditional digital signing method can be used to provide integrity, authentication, and non-repudiation for signed eDocuments, this method does not address all requirements, such as fine-grained access control and content status validation. What is more, information owners have increasing demands regarding their rights of ownership. Therefore, a secure user-centric eDocument management system is essential. Through a case study of a secure and user-centric electronic qualification certificate (eCertificate) system, this dissertation explores the issues and the technology gaps; it identifies existing services that can be re-used and the services that require further development; it proposes a new signing method and the corresponding system framework which solves the problems identified. In addition to tests that have been carried out for the newly designed eCertificate system to be employed under the selected ePortfolio environments, the abstract protocol (named eCert protocol) has also been applied and evaluated in two other eDocument transmitting situations, Mobile eID and eHealthcare patient data. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future eDocument transmitting research and development

Healthcare Data Management Issues and the eCert Solution

While our paper-based records and documents are gradually digitized, security concerns about how such electronic data is stored and transmitted have increased. This has a serious impact on our healthcare information system, as it contains sensitive patient data. The prevention of unauthorized modification and loss of records is highly important in the healthcare sector. What’s more, information owners have increasing demands regarding their rights of ownership. Therefore, a secured user-centric healthcare information management system is not only required but also important. This paper presents a protocol for the management of healthcare information in the form of a securely distributed eHealthcare document, the eHealth-eCert. By analysis of the eHealthcare problem domain, a system has been derived with both eCert supported functions and eHealthcare unique features

A User-Centric Approach for Secured eDocument Transmission: Digital Signing Practical Issues and the eCert Solution

Digital signing is commonly used in eDocument security, but does not address all requirements such as fine-grained access control and content status validation. A system for distributing electronic educational certificates (eCertificates) is used as a case study in the eCert project. This paper describes the issues, identifies the required use cases, explores the gap between current techniques and the desired system, and presents a design which meets the requirements. A preliminary implementation confirms that the design is a sound one, and can be used to solve digital signing issues in related scenarios such as mobile IDs and healthcare records

The nationality of Ibni Sina (Avicenna)

we all receive paper based certificates during our study journey, but they are hard to manage to avoid damage or loss. The field of e-Learning provides technological developments, such as e-portfolios, which enable greater power and flexibility in displaying achievements. These may include on-line versions of certificates of the applicant's attainment which overcome the limitations of paper-based versions. However, these “e-certificates” present a number of practical challenges, which so far have not been addressed, such as the validation of claimed e-qualification certificates. This paper addresses the issues, and explores the gap between current e-portfolio tools and the desired e-qualification certificate system. Through analysis of the existing systems and e-certificate use cases, we have identified existing services that can be reused and the services that require further development, thereby presenting an approach which solves the above problems. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future e-certificate implementations

Secure Certification for ePortfolios

Students often build up portfolios of their achievements as they study and present them when they apply for jobs or for further study. Of increasing interest is the concept of an online “ePortfolio” which enables greater power and flexibility in displaying achievements. However, the issue of cheating needs to be addressed, especially where certificates of attainment are being presented. An eCertification project, named “eCert”, has recently been run at Southampton in order to explore these issues. This paper documents how we approach the validation of applicants' claims of attainment

Towards an secured e-Certificate System for use in e-Portfolios

E-Portfolios are being explored as an improvement over paper-based portfolios in the job and course application process. To be a true replacement for physical portfolios, e-Portfolios need to include an on-line version of certificates of the applicant's attainment. However, these “e-Certificates” present a number of practical challenges, so the validation of certificates of attainment which the students are presenting has not been addressed until now. This paper addresses the issues at stake, explores the gap between current e-Portfolio tools and an e-Certificate system, and presents an approach which solves the related problems. The recommendations from this research provide a reference from which e-Certificate implementations can be developed facilitating up take of e-Portfolio tools