2015
Autores
Goncalves, RP; Augusto, AB; Correia, ME;
Publicação
2015 10TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI)
Abstract
Handwritten signature recognition is still the most widely accepted method to validate paper based documents. However, in the digital world, there is no readymade way to distinguish a real handwritten signature on a scanned document from a forged copy of another signature made by the same person on another document that is simply "pasted" into the forged document. In this paper we describe how we are using the touch screen of smartphones or tablets to collect handwritten signature images and associated biometric markers derived from the motion direction of handwritten signatures that are made directly into the device touchscreen. These time base biometric markers can then be converted into signaling time waves, by using the dragging or lifting movements the user makes with a touch screen omnidirectional tip stylus, when he handwrites is signature at the device touchscreen. These time/space signaling time waves can then be converted into a biometric bit stream that can be matched with previously enrolled biometric markers of the user's handwritten signature. In this paper we contend that the collection of these simple biometric features is sufficient to achieve a level of user recognition and authentication that is sufficient for the majority of online user authentication and digital documents authenticity.
2014
Autores
Pereira, A; Correia, M; Brandao, P;
Publicação
COMMUNICATIONS AND MULTIMEDIA SECURITY, CMS 2014
Abstract
We expose an USB vulnerability in some vendors' customization of the android system, where the serial AT commands processed by the cellular modem are extended to allow other functionalities. We target that vulnerability for the specific vendor system and present a proof of concept of the attack in a realistic scenario environment. For this we use an apparently inoffensive smartphone charging station like the one that is now common at public places like airports. We unveil the implications of such vulnerability that culminate in flashing a compromised boot partition, root access, enable adb and install a surveillance application that is impossible to uninstall without re-flashing the android boot partition. All these attacks are done without user consent or knowledge on the attacked mobile phone.
2015
Autores
Ferreira, R; Correia, ME; Rocha Goncalves, FN; Cruz Correia, RJ;
Publicação
HEALTHINF 2015 - Proceedings of the International Conference on Health Informatics, Lisbon, Portugal, 12-15 January, 2015.
Abstract
Introduction: The improvements made to healthcare IT systems made over the past years led to the creation of a multitude of different applications essential to the institutions daily operations. Aim: We aim to create and install a system capable of displaying production metrics for healthcare management with little requirements, efforts and software providers involved. Methods: We propose a system capable of displaying production metrics for healthcare facilities, by extracting HL7 messages and other eHealth relevant protocols directly from the institution's network infrastructure. Our system is then able to populate a knowledge database with meaningful information derived from the gathered data. Results: Our system is currently being tested on a large healthcare facility where it extracts and analyses a daily average of 44,000 HL7 messages. The system is currently capable of inferring and displaying the daily distribution of healthcare related activities such as laboratory orders or even relevant billing information. Conclusion: HL7 messages moving over the network contain valuable information that can then be used to assess many relevant production metrics for the entire facility and from otherwise non-interoperable production systems that, in most cases, can only be seen as black boxes by other system integrators.
2013
Autores
Augusto, AB; Correia, ME;
Publicação
Architectures and Protocols for Secure Information Technology Infrastructures
Abstract
The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.
2015
Autores
Ferreira, R; Correia, ME; Rocha Goncalves, F; Cruz Correia, R;
Publicação
2015 IEEE 28TH INTERNATIONAL SYMPOSIUM ON COMPUTER-BASED MEDICAL SYSTEMS (CBMS)
Abstract
The development of eHealth technologies over the last few years has been pushing healthcare institutions to evolve their own infrastructures. Along with this evolution, critical systems now need to use communication standards such as HL7 or DICOM in order to exchange information in a more meaningful and efficient way. However, healthcare institutions often experience complications when different systems communicate directly even when using communication standards. We aim to assess the quality of the data present in HL7 messages exchanged between different critical systems in a large healthcare facility and therefore propose an integration infrastructure that allows a real time and centralized way to manage, route and monitor the integration flows between various systems.
2014
Autores
Ferreira, AM; Lenzini, G; Pereira, CS; Augusto, AB; Correia, ME;
Publicação
3nd IEEE International Conference on Serious Games and Applications for Health, SeGAH 2014, Rio de Janeiro, Brazil, May 14-16, 2014
Abstract
Several pilot tests show that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR.
The access to the final selection minute is only available to applicants.
Please check the confirmation e-mail of your application to obtain the access code.