Zhengxing Huang,Xudong Lu,Huilong Duan,Haomin Li

DOI: https://doi.org/10.1109/icbbe.2007.300

2007-01-01

Abstract:One of the key technologies in electronic medical record (EMR) is electronic signature which allows healthcare practitioners to sign off on electronic healthcare records. In order to implement electronic signature in clinical environment, two main factors should be considered: how to preserve the electronic signature data and the related contextual information in the EMR documents; how to introduce the tasks of EMR document electronic signature and validation into routing clinical workflow without disarranging well accepted working processes. This paper presents an enhanced CDA structure which extends HL7's CDA with the signature data presentation based on XML Digital Signature standard. In addition, the optimized workflow of clinical document with electronic signature has been designed. The enhanced CDA and related workflow has been used in the EMR system and implemented in the actual clinical environment. The result shows it can well solve the above problems and satisfy the applicable demands.

Junqi Zhang,Vijay Varadharajan,Yi Mu

DOI: https://doi.org/10.1504/ijhpcn.2005.009423

2005-01-01

International Journal of High Performance Computing and Networking

Abstract:XML has been widely used for representation and storage of documents and their exchange over the internet. Security mechanisms for the protection of XML document sources and their distribution are essential. In this paper, we present a novel scheme for securing XML documents and their distribution over the internet. The proposed scheme has some distinct features. It requires only one private key for each user. Therefore, when a user leaves or joins the system, keys of all the other existing users in the system remain unchanged. This makes the proposed scheme more attractive, and hence particularly suitable for the dynamic distribution of documents over the internet.

YAN Yong,HU Hua-ping

DOI: https://doi.org/10.3969/j.issn.1673-629x.2006.05.036

2006-01-01

Abstract:It has become an important subject for how to improve the security,opening and inter-operation of the information in the enterprise-spanning electronic document exchanging system.This paper presents a model of the electronic document exchanging system based on XML security technology aimed at the problems about the unsafety of the transmission and the storage of the key information,the disunity identity validation,the unconformance security specifications in the Internet/Intranet among different applications.This system based on the SAML-based single sign-on and authorization,XACML-based integrated access control,and the protection of key information using the XML encryption and signatures,and provided a solution against the menace to system.

JQ Zhang,V Varadharajan,Y Mu

DOI: https://doi.org/10.1109/aina.2004.1283969

2004-01-01

Abstract:XML has been becoming popular for data store, document representation and exchange over the Web. Security mechanisms for the protection of XML document sources and their distribution are essential. Author-X is a Java based system specifically conceived for the protection of XML documents. It supports a range of protection granularity levels and subject credentials, but also supports push distribution for documents broadcast. However, the proposed system has certain disadvantages in terms of both security and dynamic key management. For example, a sender has to distribute the secret keys to all correspondent users for different XML documents. Also, if one of the users leave or a credential is changed, then the sender has to re-encrypt all related documents and redistribute the secret keys to all correspondent users. In this paper, we present a scheme for securing XML documents and their distribution. Our scheme has several advantages over Author-X such as: (a) one user needs only one private key; (b) even when the user leaves or a credential is changed, all the other users will be unaffected; (c) there is no need to establish a secure channel for key distribution; and (d) there is no need for checking the XML documents for access control policies applied. These make the security model more efficient and robust as well as simplifying the programming and the generation of the encrypted document base.

ZHU Yiqun,ZHANG Quanhai,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.09.048

2006-01-01

Abstract:This paper presents an electronic official document system design based on XML security.The system security analysis shows that the system can support a wide range of security services,such as the confidentiality protection,integrity,authentication,non-repudiation and the system is a security electronic official document system.

Yao Lei,Zhang Xinjia,Zhang Huixiang

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.09.058

2006-01-01

Abstract:On the basis of the elementary knowledge of XML,the paper mainly discusses the security technology related to it,including XML encryption and XML signature,and implements XML encryption and XML signature based on PKI.

郑晓梅,张天

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.08.045

2010-01-01

Computer Science

Abstract:This paper firstly analysed the typical application of the XML multi-party communication chain business in the current Web server architecture and built up the corresponding research model.Based on the model,this paper proposed a new encryption technology named untied signature,which can solve the problems of the reduplicate signature and not strict information association using the traditional signature technology.This paper also analysed the limitations of using current XML specification to fulfill the encryption technology,and then raised the implementation scheme of XML untied signature.Finally,this paper presented the syntax definition of XML united signature.

安南,张申生

2002-01-01

Abstract:This paper designed and implemented a secure framework that provides XML signature function, XML element-wise encryption function, smart card based crypto API library and Public Key Infrastructure (PKI) security functions to achieve confidentiality, integrity, message authentication, and/or signer authentication services for XML documents and existing non-XML documents that are exchanged by Internet for e-commerce application.

MAO Chang,LIU Xiao-jie,LI Tao,HU Xiao-qin,SHA Kai-bo,ZHANG Xing-su,CHENG Xiao-xiao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.09.033

2007-01-01

Abstract:This paper presended a PKI-based secure management mechod for electronic documents(SMMED).This method provided some secure services in high degree,including confidentiality,integrity and nonrepudiation.This paper first de- scribed SMMED's theoretical model,then introduced the architecture of a sealed bid auction system which adopted SMMED, and finally listed the advantages of this method.

Yanyan Li,Mengjun Xie,Jiang Bian

DOI: https://doi.org/10.1109/EMBC.2014.6944620

2014-01-01

Abstract:Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

LIANG Zhi-wei,LU Yu-bo,LUO Yun-jian,CHENG Zhi-de,LI Xiao-hua,LIU Bao-yan,CHENG Yi-yu

DOI: https://doi.org/10.3969/j.issn.1006-1959.2007.06.001

2007-01-01

Abstract:Objective Compared among several typical techniques which possesses potential and presentative benefits to hospital information system (HIS), to establish a systematic solution for the electronic signature (ES) and the encryption for sea-like amount of information on HIS. Methods the protocol of X.509, massage abstract (ABS), permanent pad for distributed system (PPDS) and extensible markup language (XML) was use; Digital certificate formed with XML was designed and recommended; A software packet with component and control for ES and message-encryption was researched and developed. Results The systematic solution for ES with PPDS and ABS, and its application-case solved various kinds of message security problem existing on HIS, including ES and the encryption for electronic medical record. It may be technically satisfy to the requirement being asked from law concerning to the authentication, integrity check, non-repudiation and guarantee of privacy. Conclusion Electronic signature, security storage and transmission for medical document as well as the system of certificate authority is important and practicable for hospital information administration and is going to become a new area of the research and development on HIS.

CAI Minye,JIANG Xinghao,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.03.020

2007-01-01

Abstract:Upon careful study of the XML Key Management Specification,the XML-Signature technology and the XML-Encryption technology,this paper proposes a solution of secure Web Services which is based on XKMS,and pro- vides a PKI service.And,this paper also describes the researches on certification registration process and certification validation algorithm.

Diana Berbecaru,Antonio Lioy,Marius Marian

DOI: https://doi.org/10.48550/arXiv.1910.07945

2019-10-17

Cryptography and Security

Abstract:The efficiency and service quality in public administration can be improved by using electronic documents (or e-docs) and digital signature to speed up their activity and at the same time to better satisfy customer needs. This paper presents an XML-based document exchange system that integrates a platform for the management (creation, search, storage) of e-docs and a secure trustworthy environment for digitally signing e-docs. The framework provides security services, like privacy, authorization, authentication and non-repudiation. Possibly a mobile terminal equipped with a smartcard reader and integrating WYSIWYS features could be used for viewing and signing e-docs. The proposed system can be easily integrated with the infrastructure (e.g. database system) already in use at each administration site. It is described also the use of the system in a real world service.

Baolong Liu,Joan Lu,Jim Yip

DOI: https://doi.org/10.48550/arXiv.0906.3772

2009-06-20

Software Engineering

Abstract:Data integrity is the fundamental for data authentication. A major problem for XML data authentication is that signed XML data can be copied to another document but still keep signature valid. This is caused by XML data integrity protecting. Through investigation, the paper discovered that besides data content integrity, XML data integrity should also protect element location information, and context referential integrity under fine-grained security situation. The aim of this paper is to propose a model for XML data integrity considering XML data features. The paper presents an XML data integrity model named as CSR (content integrity, structure integrity, context referential integrity) based on a concatenated hash function. XML data content integrity is ensured using an iterative hash process, structure integrity is protected by hashing an absolute path string from root node, and context referential integrity is ensured by protecting context-related elements. Presented XML data integrity model can satisfy integrity requirements under situation of fine-grained security, and compatible with XML signature. Through evaluation, the integrity model presented has a higher efficiency on digest value-generation than the Merkle hash tree-based integrity model for XML data.

饶元,陆淑敏,李尊朝,冯博琴

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.12.023

2004-01-01

Abstract:After formulated the definition of information security, an XML-based logistic security hierarchical structure and a protocols stack were presented in the paper. Moreover, a XKMS Trust Architecture Model, XKMS-TA, was built on some XML-based security technology, such as XML-Encryption, XML-Signature, XML-Access Control and XKML. This model decreased effectually the degree of complexity about the client collocated, PKI deployed and the cost of operating maintained, as well as increased the interoperation between the PKI sites. Furthermore, mixed the XKMS-TA model and XML-Access Control technology, XBSIA (XML-Based Security Integrated Architecture), a new XML-based Security integrated solution, was designed and applied in the programming of OPEN-CLASS system. The results of practice proved that XBSIA solution has great security and dynamic maintenance.

安南,张申生

DOI: https://doi.org/10.3969/j.issn.1003-7985.2002.02.002

2002-01-01

Abstract:Today companies and organizations are using the Web as the main information dissemination means both at internal and external level. Information dissemination often takes the form of XML documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients. These documents often contain information at different degrees of sensitivity, therefore a strong XML security platform and mechanism is needed. In this paper we developed CIT/XML security platform and take a close look to syntax and processing of CIT/digital signature model, CIT/encryption model, CIT/ smart card crypto and SPKI interface security models. Security services such as authentication, integrity and confidentiality to XML documents and non-XML documents, which exchanged among various servers, are provided.

PENG Jie,GUO Shan-Qing,MAO Bing,XIE Li

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.05.013

2005-01-01

Computer Science

Abstract:In this paper, we analyze the problems exposed by the current security management systems, and intro- duce the trust mechanism to XML-based security management platform. In the traditional trust model, the trust sub- kect is unitary, which can not meet the requirements raised by the XML-based security management to trust. In order to solve this problem, some necessary improvements are made to the traditional trust model. First, the bidirectional trust is proposed, resolving the mutual trust problem of the server and client. Second, a local trust library is added to enhance both the administrator's global analysis and the assessment of reputation-based trust degree.

Weiqi Dai,T. Paul Parker,Hai Jin,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2012.71

2012-01-01

Abstract:Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.

LUO Changhang,HU Liyong,OUYANG Jin,ZHANG Weiguo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.23.050

2005-01-01

Abstract:With the development of Internet,a unitive secure platform of data exchange becomes very important at the Internet environment.A secure and flexible data exchange system based on SAML is presented,in which PKI and XML techniques are applied.

Ronghua Yao,Qijun Zhao,Hongtao Lu

2006-01-01

Abstract:With the fast development of Extensible Markup Language (XML) and its comprehensive application, the integrity protection of XML documents is becoming pressing. A traditional method for this is digital signature. In this paper, however, based on watermark techniques, we propose a novel solution to the integrity protection of XML documents. In this scheme, watermarks are generated through applying Principal Component Analysis (PCA) on a matrix constructed from an XML document and a key. Then they are embedded into the XML document by altering the case of letters in the XML tags according to the Exclusive OR (XOR) results of the XML document and watermarks. To testify the integrity of a watermarked XML document, watermarks are generated again and the original document can be exactly retrieved from the XOR results of these watermarks and the watermarked document only if it is not tampered; otherwise, the retrieved document will be an illegal XML document. Compared with existing signature methods, this scheme is excellent in its simplicity and economy of storage and channel bandwidth. Experimental results also demonstrate that our proposed watermarking scheme is less time-consuming than the traditional signature methods.