Cookies Policy
The website need some cookies and similar means to function. If you permit us, we will use those means to collect data on your visits for aggregated statistics to improve our service. Find out More
Accept Reject
  • Menu
Publications

Publications by Manuel Eduardo Correia

2016

Digital Signatures Workflows in Alfresco

Authors
Sousa, PR; Faria, P; Correia, ME; Resende, JS; Antunes, L;

Publication
Electronic Government and the Information Systems Perspective - 5th International Conference, EGOVIS 2016, Porto, Portugal, September 5-8, 2016, Proceedings

Abstract
There are some obstacles, towards a paperless office. One of them is the collection of signatures, since nearly half of all documents are printed for the sole purpose of collecting them. Digital signatures can have the same legal evidential validity as handwritten signatures, provided they are based on certificates issued by accredited certification authorities and the associated private keys are stored on tamper proof token security devices like smart cards. In this article, we propose a platform for secure digital signature workflow management that integrates secure token based digital signatures with the Enterprise Content Management Alfresco, where each user can associate a set of smart cards to his account. The documents can then be signed with the citizen card or other smart card that has digital signatures capabilities. We have implemented an Alfresco module that allows us to explore several workflow techniques to implement real task secure digital signatures workflows, as people for example do when they pass a paper document between various departments to be signed. Since all users can see the current state of the documents being signed during the entire signage process, important security properties like system trust are preserved. We also describe an external validation web service, that provides a way for users to validate signed documents. The validation service then shows to the user important document security properties like timestamps, certificates attributes and highlights the document integrity in face of the digital signatures that have been collected in the workflows defined by our module in Alfresco. © Springer International Publishing Switzerland 2016.

2013

Physician's awareness of e-prescribing security risks

Authors
Rodrigues, H; Antunes, LFC; Santos, C; Correia, ME; Pinho, TM; Magalhaes, HG;

Publication
2013 IEEE 26TH INTERNATIONAL SYMPOSIUM ON COMPUTER-BASED MEDICAL SYSTEMS (CBMS)

Abstract
New governmental legislation introduced e-prescription as mandatory in the Portuguese health system. This changes consequences were not properly considered, which caused security problems related to patient and prescriber's data, such as digital identity fraud or access to prescriptions history to build clinical profiles. In order to evaluate the e-prescribing software users awareness to those risks, a survey took place, and the results revealed ignorance of certain obligations and procedures of the e-prescribing process. A significant part of doctors are not conscious about where the patient's data is stored neither about the risks related with prescription's information.

2013

A secure RBAC mobile agent access control model for Healthcare Institutions

Authors
Santos Pereira, C; Augusto, AB; Cruz Correia, R; Correia, ME;

Publication
2013 IEEE 26TH INTERNATIONAL SYMPOSIUM ON COMPUTER-BASED MEDICAL SYSTEMS (CBMS)

Abstract
In medical organizations, healthcare providers need to have fast access to patients' medical information in order to make accurate diagnoses as well as to provide appropriate treatments. Efficient healthcare is thus highly dependent on doctors being provided with access to patients' medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not inter-operate in a timely manner. Unfortunately the standard operational mode for many healthcare applications, and even healthcare institutions, is to be managed and operated as isolated islands that do not share information in an efficient manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. In this paper we propose a RBAC mobile agent access control model supported by a specially managed public key infrastructure for mobile agent's strong authentication and access control. Our aim is to create the right means for doctors to be provided with timely accurate information, which would be otherwise inaccessible, by the means of strongly authenticated mobile agents capable of securely bridging otherwise isolated institutional eHealth domains and legacy applications.

2013

A secure RBAC mobile agent model for healthcare institutions - Preliminary study

Authors
Santos Pereira, C; Augusto, AB; Cruz Correia, R; Correia, ME;

Publication
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Abstract
Efficient healthcare is thus highly dependent on doctors being provided with access to patients medical information at the right time and place. However it frequently happens that critical pieces of pertinent information end up not being used because they are located in information systems that do not interoperate in a timely manner. There are many reasons that contribute to this grim state of affairs, but what interests us the most is the lack of enforceable security policies for systems interoperability and data exchange and the existence of many heterogeneous legacy systems that are almost impossible to directly include into any reasonable secure interoperable workflow. The objective of this paper is to establish a mobile agent access control model based on RBAC model that allows the exchange of clinical information between different health institutions that fall within the same circle of trust. © 2013 Springer-Verlag.

2013

A Potpourri of authentication mechanisms The mobile device way

Authors
Martins, RA; Augusto, AB; Correia, ME;

Publication
PROCEEDINGS OF THE 2013 8TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI 2013)

Abstract
Nowadays the use of mobile devices, such as smartphones and tablets, are rapidly increasing in network services, proliferating to almost every environment. This massive appearance of mobile devices creates significant opportunities to leverage these mobile devices to establish novel types of services. However there are also significant concerns about the privacy and security of sensitive data exchanged and stored on these devices. Since these devices are usually embodied with numerous characteristics like camera devices, 3G and NFC connection that can be used to create new alternative authentication schemes in order to guarantee users identity. This paper performs a survey on the current state of the art in alternative authentication mechanisms regarding access and authentication against the traditional login and password scheme by the usage of the mobile devices and their properties.

2013

A Secure and Dynamic Mobile Identity Wallet Authorization Architecture Based on a XMPP Messaging Infrastructure

Authors
Augusto, AB; Correia, ME;

Publication
INNOVATIONS IN XML APPLICATIONS AND METADATA MANAGEMENT: ADVANCING TECHNOLOGIES

Abstract
In this chapter, the authors propose and describe an identity management framework that allows users to asynchronously control and effectively share sensitive dynamic data, thus guaranteeing security and privacy in a simple and transparent way. Their approach is realised by a fully secure mobile identity digital wallet, running on mobile devices (Android devices), where users can exercise discretionary control over the access to sensitive dynamic attributes, disclosing their value only to pre-authenticated and authorised users for determined periods of time. For that, the authors rely on an adaptation of the OAuth protocol to authorise and secure the disclosure of personal-private user data by the usage of token exchange and new XML Schemas to establish secure authorisation and disclosure of a set of supported dynamic data types that are being maintained by the personal mobile digital wallet. The communication infrastructure is fully implemented over the XMPP instant messaging protocol and is completely compatible with the public XMPP large messaging infrastructures already deployed on the Internet for real time XML document interchange. Copyright (C) 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.

  • 1
  • 11