Sensors 2012, 12(5), 6129-6154; doi:10.3390/s120506129

An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health

* email, email, email, email, email and email
Received: 20 March 2012; in revised form: 27 April 2012 / Accepted: 29 April 2012 / Published: 10 May 2012
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract: Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed.This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
Keywords: identity management; privacy; user-centric; federation; revocation consent; delegation; health care; event; theory queue
PDF Full-text Download PDF Full-Text [3235 KB, uploaded 21 June 2014 04:25 CEST]

Export to BibTeX |

MDPI and ACS Style

Sánchez-Guerrero, R.; Almenárez, F.; Díaz-Sánchez, D.; Marín, A.; Arias, P.; Sanvido, F. An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health. Sensors 2012, 12, 6129-6154.

AMA Style

Sánchez-Guerrero R, Almenárez F, Díaz-Sánchez D, Marín A, Arias P, Sanvido F. An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health. Sensors. 2012; 12(5):6129-6154.

Chicago/Turabian Style

Sánchez-Guerrero, Rosa; Almenárez, Florina; Díaz-Sánchez, Daniel; Marín, Andrés; Arias, Patricia; Sanvido, Fabio. 2012. "An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health." Sensors 12, no. 5: 6129-6154.

Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert