Sensors 2012, 12(5), 6129-6154; doi:10.3390/s120506129
Article

An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health

Department of Telematic Engineering, Carlos III University of Madrid, Avda. Universidad 30, 28911, Leganes, Madrid, Spain
* Author to whom correspondence should be addressed.
Received: 20 March 2012; in revised form: 27 April 2012 / Accepted: 29 April 2012 / Published: 10 May 2012
PDF Full-text Download PDF Full-Text [3235 KB, uploaded 10 May 2012 13:50 CEST]
Abstract: Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed.This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.
Keywords: identity management; privacy; user-centric; federation; revocation consent; delegation; health care; event; theory queue

Article Statistics

Load and display the download statistics.

Citations to this Article

Cite This Article

MDPI and ACS Style

Sánchez-Guerrero, R.; Almenárez, F.; Díaz-Sánchez, D.; Marín, A.; Arias, P.; Sanvido, F. An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health. Sensors 2012, 12, 6129-6154.

AMA Style

Sánchez-Guerrero R, Almenárez F, Díaz-Sánchez D, Marín A, Arias P, Sanvido F. An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health. Sensors. 2012; 12(5):6129-6154.

Chicago/Turabian Style

Sánchez-Guerrero, Rosa; Almenárez, Florina; Díaz-Sánchez, Daniel; Marín, Andrés; Arias, Patricia; Sanvido, Fabio. 2012. "An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health." Sensors 12, no. 5: 6129-6154.

Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert