The Implementation of Federated Digital Identifiers in Health Care: Rapid Review.

BACKGROUND: Federated digital identifiers (FDIs) have been cited to improve the interoperability of data and information management while enhancing the privacy of individuals verifying their identity on the web. Many countries around the world have implemented FDIs in various sectors, such as banking and government. Similarly, FDIs could improve the experience for those wanting to access their health care information; however, they have only been introduced in a few jurisdictions around the world, and their impact remains unclear. OBJECTIVE: The main objective of this environmental scan was to describe how FDIs have been established and implemented to enable patients' access to health care. METHODS: We conducted this study in 2 stages, with the primary stage being a rapid review, which was supplemented by a targeted gray literature search. Specifically, the rapid review was conducted through a database search of MEDLINE and Embase, which generated a list of countries and their services that use FDIs in health care. This list was then used to conduct a targeted gray literature search using the Google search engine. RESULTS: A total of 93 references from the database and targeted Google searches were included in this rapid review. FDIs were implemented in health care in 11 countries (Australia, Belgium, Canada, Denmark, Estonia, Finland, Iceland, Norway, Singapore, Sweden, and Taiwan) and exclusively used with a patient-accessible electronic health record system through a single sign-on interface. The most common FDIs were implemented nationally or provincially, and establishing them usually required individuals to visit a bank or government office in person. In contrast, some countries, such as Australia, allow individuals to verify their identities entirely on the web. We found that despite the potential of FDIs for use in health care to facilitate the amalgamation of health information from different data sources into one platform, the adoption of most health care services that use FDIs remained below 30%. The exception to this was Australia, which had an adoption rate of 90%, which could be correlated with the fact that it leveraged an opt-out consent model. CONCLUSIONS: This rapid review highlights key features of FDIs across regions and elements associated with higher adoption of the patient-accessible electronic health record systems that use them, like opt-out registration. Although FDIs have been reported to facilitate the collation of data from multiple sources through a single sign-on interface, there is little information on their impact on care or patient experience. If FDIs are used to their fullest potential and implemented across sectors, adoption rates within health care may also improve.

DIdM-EIoTD: Distributed Identity Management for Edge Internet of Things (IoT) Devices.

The Internet of Things (IoT) paradigm aims to enhance human society and living standards with the vast deployment of smart and autonomous devices, which requires seamless collaboration. The number of connected devices increases daily, introducing identity management requirements for edge IoT devices. Due to IoT devices' heterogeneity and resource-constrained configuration, traditional identity management systems are not feasible. As a result, identity management for IoT devices is still an open issue. Distributed Ledger Technology (DLT) and blockchain-based security solutions are becoming popular in different application domains. This paper presents a novel DLT-based distributed identity management architecture for edge IoT devices. The model can be adapted with any IoT solution for secure and trustworthy communication between devices. We have comprehensively reviewed popular consensus mechanisms used in DLT implementations and their connection to IoT research, specifically identity management for Edge IoT devices. Our proposed location-based identity management model is generic, distributed, and decentralized. The proposed model is verified using the Scyther formal verification tool for security performance measurement. SPIN model checker is employed for different state verification of our proposed model. The open-source simulation tool FobSim is used for fog and edge/user layer DTL deployment performance analysis. The results and discussion section represents how our proposed decentralized identity management solution should enhance user data privacy and secure and trustworthy communication in IoT.

Managing One's Age in Age-Dissimilar Mentoring Relationships.

The aging of the workforce creates opportunities for experienced employees to share expertise with newer employees, via mentoring relationships. Age-dissimilar interactions, however, like those between mentor and protégé, can engender challenging interpersonal dynamics such as concern about how others view and respond to them. The current study examines the unique challenges and opportunities of age-dissimilar mentoring relationships, using a sample of doctor and lawyer protégés. Findings suggest that age dissimilarity does not play as large of a role in mentoring relationship outcomes as age-related behaviors. How one manages their age seems to be more important, such that managing one's age in a positive way by redefining age-related stereotypes rather than switching attention away from stereotypes is better for mentoring relationship outcomes no matter the age difference between mentor and protégé. Implications, inferences, and limitations are discussed.

Systematic Review of Authentication and Authorization Advancements for the Internet of Things.

Technologies for the Internet of Things (IoT) are maturing, yet no common standards dictate their direction, leaving space for a plethora of research directions and opportunities. Among the most important IoT topics is security. When we design a robust system, it is important to know the available options for facing common tasks related to access control, authentication, and authorization. In this review, we systematically analyze 1622 peer-reviewed publications from October 2017 to December 2020 to find the taxonomy of security solutions. In addition, we assess and categorize current practices related to IoT security solutions, commonly involved technologies, and standards applied in recent research. This manuscript provides a practical road map to recent research, guiding the reader and providing an overview of recent research efforts.

Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT.

Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users' data privacy and security.

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy.

Self-Sovereign Identity (SSI) is an identity model centered on the user. The user maintains and controls their data in this model. When a service provider requests data from the user, the user sends it directly to the service provider, bypassing third-party intermediaries. Thus, SSI reduces identity providers' involvement in the identification, authentication, and authorization, thereby increasing user privacy. Additionally, users can share portions of their personal information with service providers, significantly improving user privacy. This identity model has drawn the attention of researchers and organizations worldwide, resulting in an increase in both scientific and non-scientific literature on the subject. This study conducts a comprehensive and rigorous systematic review of the literature and a systematic mapping of theoretical and practical advances in SSI. We identified and analyzed evidence from reviewed materials to address four research questions, resulting in a novel SSI taxonomy used to categorize and review publications. Additionally, open challenges are discussed along with recommendations for future work.

Between cornfields and Kinfolk: Identity management among transgender youth in Midwestern families and communities.

Transgender and gender diverse (TGD) youth face high rates of discrimination and victimization in their communities and families that contribute to elevated rates of behavioral health concerns. While the individual links between community and family environments and well-being for this population are clear, how these environments work in unison remains unclear. Furthermore, the methods TGD youth use to manage their identities in these environments are not well understood. We address this gap by exploring the overlap between community climate and familial treatment of TGD identities and the methods TGD youth use to manage their identities in these environments. Semi-structured qualitative interviews were conducted with TGD youth (n = 19) in two Midwestern U.S. states. Thematic analysis was used to develop categories that represent the phenomena being investigated and to understand relationships between categories. Findings depict overlap about TGD people between three components of community climate and family members that shaped the treatment of TGD youth. Furthermore, community climate toward TGD people influenced identity management through the availability of proximal resources. Four methods of identity management emerged from the data: emotion work, educating, connections, and generativity. Findings are discussed in the context of current literature, and recommendations are made for future research and practice with TGD youth.

Evaluating the Performance of Speaker Recognition Solutions in E-Commerce Applications.

Two important tasks in many e-commerce applications are identity verification of the user accessing the system and determining the level of rights that the user has for accessing and manipulating system's resources. The performance of these tasks is directly dependent on the certainty of establishing the identity of the user. The main research focus of this paper is user identity verification approach based on voice recognition techniques. The paper presents research results connected to the usage of open-source speaker recognition technologies in e-commerce applications with an emphasis on evaluating the performance of the algorithms they use. Four open-source speaker recognition solutions (SPEAR, MARF, ALIZE, and HTK) have been evaluated in cases of mismatched conditions during training and recognition phases. In practice, mismatched conditions are influenced by various lengths of spoken sentences, different types of recording devices, and the usage of different languages in training and recognition phases. All tests conducted in this research were performed in laboratory conditions using the specially designed framework for multimodal biometrics. The obtained results show consistency with the findings of recent research which proves that i-vectors and solutions based on probabilistic linear discriminant analysis (PLDA) continue to be the dominant speaker recognition approaches for text-independent tasks.

A Smart Biometric Identity Management Framework for Personalised IoT and Cloud Computing-Based Healthcare Services.

This paper proposes a novel identity management framework for Internet of Things (IoT) and cloud computing-based personalized healthcare systems. The proposed framework uses multimodal encrypted biometric traits to perform authentication. It employs a combination of centralized and federated identity access techniques along with biometric based continuous authentication. The framework uses a fusion of electrocardiogram (ECG) and photoplethysmogram (PPG) signals when performing authentication. In addition to relying on the unique identification characteristics of the users' biometric traits, the security of the framework is empowered by the use of Homomorphic Encryption (HE). The use of HE allows patients' data to stay encrypted when being processed or analyzed in the cloud. Thus, providing not only a fast and reliable authentication mechanism, but also closing the door to many traditional security attacks. The framework's performance was evaluated and validated using a machine learning (ML) model that tested the framework using a dataset of 25 users in seating positions. Compared to using just ECG or PPG signals, the results of using the proposed fused-based biometric framework showed that it was successful in identifying and authenticating all 25 users with 100% accuracy. Hence, offering some significant improvements to the overall security and privacy of personalized healthcare systems.

Sovereignty, privacy, and ethics in blockchain-based identity management systems.

Self-sovereign identity (SSI) solutions implemented on the basis of blockchain technology are seen as alternatives to existing digital identification systems, or even as a foundation of standards for the new global infrastructures for identity management systems. It is argued that 'self-sovereignty' in this context can be understood as the concept of individual control over identity relevant private data, capacity to choose where such data is stored, and the ability to provide it to those who need to validate it. It is also argued that while it might be appealing to operationalise the concept of 'self-sovereignty' in a narrow technical sense, depreciation of moral semantics obscures key challenges and long-term repercussions. Closer attention to the normative substance of the 'sovereignty' concept helps to highlight a range of ethical issues pertaining to the changing nature of human identity in the context of ubiquitous private data collection.

Assessment of scalability and performance of the record linkage tool E-PIX® in managing multi-million patients in research projects at a large university hospital in Germany.

BACKGROUND: The identity management is a central component in medical research. Patients are recruited from various sites, which requires an error tolerant record linkage method, to ensure that patients are registered only once. In large research projects or institutions, the identity management has to deal with several thousands or millions of patients. In environments with large numbers of patients the register process could lead to high runtimes caused by record linkage. The Central Biomaterial Bank of the Charité (ZeBanC) searched for an identity management solution, which can handle millions of patients in large research projects with an acceptable performance. The goal of this paper was to simulate the registration of several million patients using the E-PIX service at Charité - Universitätsmedizin Berlin. The E-PIX service was evaluated in terms of needed runtimes, memory requirements, and processor utilization. A total of at least 20 million patients had to be registered. The runtimes to register patients into databases with various sizes should be examined, and the maximum number of patients, which the E-PIX service could handle, should be determined. METHODS: Tools were set up or developed to measure the needed runtimes, the memory used and the processor usage to register patients into various sizes of databases. To generate runtimes close to reality, modified patient data based on transposed real patient data were used for the simulation. The transposed patient data were sent to E-PIX to measure the runtimes of the registration process. This measurement was repeated for various database sizes. RESULTS: E-PIX is suitable to manage multi-million patients within a dataset. With the given hardware, it was possible to register a total of more than 30 million patients. It was possible to register more than 16 thousand patients per day into this database. CONCLUSIONS: The E-PIX tool fulfills the requirements of the Charité to be used for large research projects. The use of E-PIX is intended for the research context in the Charité.

Gay Voice: Stable Marker of Sexual Orientation or Flexible Communication Device?

Listeners rely on vocal features when guessing others' sexual orientation. What is less clear is whether speakers modulate their voice to emphasize or to conceal their sexual orientation. We hypothesized that gay individuals adapt their voices to the social context, either emphasizing or disguising their sexual orientation. In Study 1 (n = 20 speakers, n = 383 Italian listeners and n = 373 British listeners), using a simulated conversation paradigm, we found that gay speakers modulated their voices depending on the interlocutor, sounding more gay when speaking to a person with whom they have had an easy (vs. difficult or no) coming out. Although straight speakers were always clearly perceived as heterosexual, their voice perception also varied depending on the interlocutor. Study 2 (n = 14 speakers and n = 309 listeners), comparing the voices of young YouTubers before and after their public coming out, showed a voice modulation as a function of coming out. The voices of gay YouTubers sounded more gay after coming out, whereas those of age-matched straight control male speakers sounded increasingly heterosexual over time. Combining experimental and archival methods, this research suggests that gay speakers modulate their voices flexibly depending on their relation with the interlocutor and as a consequence of their public coming out.

The OLYMPUS Architecture-Oblivious Identity Management for Private User-Friendly Services.

Privacy enhancing technologies (PETs) allow to achieve user's transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices.

Distributed Ledger Technology for eHealth Identity Privacy: State of The Art and Future Perspective.

Electronic healthcare (eHealth) identity management (IdM) is a pivotal feature in the eHealth system. Distributed ledger technology (DLT) is an emerging technology that can achieve agreements of transactional data states in a decentralized way. Building identity management systems using Blockchain can enable patients to fully control their own identity and provide increased confidence in data immutability and availability. This paper presents the state of the art of decentralized identity management using Blockchain and highlights the possible opportunities for adopting the decentralized identity management approaches for future health identity systems. First, we summarize eHealth identity management scenarios. Furthermore, we investigate the existing decentralized identity management solutions and present decentralized identity models. In addition, we discuss the current decentralized identity projects and identify new challenges based on the existing solutions and the limitations when applying it to healthcare as a particular use case.

Evaluation of an IoT Application-Scoped Access Control Model over a Publish/Subscribe Architecture Based on FIWARE.

The Internet of Things (IoT) brings plenty of opportunities to enhance society's activities, from improving a factory's production chain to facilitating people's household tasks. However, it has also brought new security breaches, compromising privacy and authenticity. IoT devices are vulnerable to being accessed from the Internet; they lack sufficient resources to face cyber-attack threats. Keeping a balance between access control and the devices' resource consumption has become one of the highest priorities of IoT research. In this paper, we evaluate an access control architecture based on the IAACaaS (IoT application-Scoped Access Control as a Service) model with the aim of protecting IoT devices that communicate using the Publish/Subscribe pattern. IAACaaS is based on the OAuth 2.0 authorization framework, which externalizes the identity and access control infrastructure of applications. In our evaluation, we implement the model using FIWARE Generic Enablers and deploy them for a smart buildings use case with a wireless communication. Then, we compare the performance of two different approaches in the data-sharing between sensors and the Publish/Subscribe broker, using Constrained Application Protocol (CoAP) and Hypertext Transfer Protocol (HTTP) protocols. We conclude that the integration of Publish/Subscribe IoT deployments with IAACaaS adds an extra layer of security and access control without compromising the system's performance.

IMSC-EIoTD: Identity Management and Secure Communication for Edge IoT Devices.

The Internet of things (IoT) will accommodate several billions of devices to the Internet to enhance human society as well as to improve the quality of living. A huge number of sensors, actuators, gateways, servers, and related end-user applications will be connected to the Internet. All these entities require identities to communicate with each other. The communicating devices may have mobility and currently, the only main identity solution is IP based identity management which is not suitable for the authentication and authorization of the heterogeneous IoT devices. Sometimes devices and applications need to communicate in real-time to make decisions within very short times. Most of the recently proposed solutions for identity management are cloud-based. Those cloud-based identity management solutions are not feasible for heterogeneous IoT devices. In this paper, we have proposed an edge-fog based decentralized identity management and authentication solution for IoT devices (IoTD) and edge IoT gateways (EIoTG). We have also presented a secure communication protocol for communication between edge IoT devices and edge IoT gateways. The proposed security protocols are verified using Scyther formal verification tool, which is a popular tool for automated verification of security protocols. The proposed model is specified using the PROMELA language. SPIN model checker is used to confirm the specification of the proposed model. The results show different message flows without any error.

A Machine Learning-Based Method for Automated Blockchain Transaction Signing Including Personalized Anomaly Detection.

The basis of blockchain-related data, stored in distributed ledgers, are digitally signed transactions. Data can be stored on the blockchain ledger only after a digital signing process is performed by a user with a blockchain-based digital identity. However, this process is time-consuming and not user-friendly, which is one of the reasons blockchain technology is not fully accepted. In this paper, we propose a machine learning-based method, which introduces automated signing of blockchain transactions, while including also a personalized identification of anomalous transactions. In order to evaluate the proposed method, an experiment and analysis were performed on data from the Ethereum public main network. The analysis shows promising results and paves the road for a possible future integration of such a method in dedicated digital signing software for blockchain transactions.

"Lez be honest": Gender expression impacts workplace disclosure decisions.

We introduce a theoretical framework of lesbian disclosure of sexual orientation in workplace contexts. Existing empirical research suggests (1) that disclosing one's sexual orientation results in positive, negative, and neutral workplace outcomes; and (2) that scholarship focused specifically on lesbian disclosure in workplace contexts is relatively limited. We extend this literature by introducing new theory that suggests that reactions to disclosure of lesbian identities will vary as a function of self-presentation. Specifically, we suggest that the extent of stereotypical gender expression (embodying stereotypically masculine vs. feminine traits or behaviors) will impact both the decision to disclose and the outcomes of disclosure in workplace contexts. We describe a conceptual model that includes intrapersonal, interpersonal, organizational, and societal considerations related to lesbian disclosure and present eight specific research propositions to advance this literature.

Driving brand equity in health services organizations: the need for an expanded view of branding.

BACKGROUND: Branding-the assignment of names, logos, slogans, and related elements of identity to institutions and their product offerings for the purpose of conveying desired images to target audiences-is of paramount importance in the health services industry. Associated initiatives traditionally have centered on developing verbal and visual brand expressions, but opportunities abound to drive brand equity by supplementing traditional pursuits with new, different, and unexpected expressions that afford highly memorable experiences. DISCUSSION: Willis-Knighton Health System has possessed an expanded view of branding for decades. While the system has directed thorough attention toward traditional brand expressions, additional identity opportunities outside the bounds of traditional branding thought have been pursued vigorously. There perhaps is no better illustration of Willis-Knighton Health System's expanded approach to branding than that of Willis the Bear, the institution's iconic teddy bear mascot developed to promote labor and delivery services. This article presents the origins and development of this brand expression, particularly emphasizing the need to address nontraditional elements of identity for purposes of driving brand equity. CONCLUSIONS: Given the importance of brand management and extraction of associated value, health services organizations must diligently direct attention toward branding initiatives. Traditional approaches, when executed well, deliver excellent results, but enhanced value can be derived by addressing nontraditional brand elements which afford unique opportunities to differentiate given establishments from their competitors, facilitating institutional viability and vitality.

"It Was Not Me That Was Sick, It Was the Building": Rhetorical Identity Management Strategies in the Context of Observed or Suspected Indoor Air Problems in Workplaces.

Suffering from a contested illness poses a serious threat to one's identity. We analyzed the rhetorical identity management strategies respondents used when depicting their health problems and lives in the context of observed or suspected indoor air (IA) problems in the workplace. The data consisted of essays collected by the Finnish Literature Society. We used discourse-oriented methods to interpret a variety of language uses in the construction of identity strategies. Six strategies were identified: respondents described themselves as normal and good citizens with strong characters, and as IA sufferers who received acknowledge from others, offered positive meanings to their in-group, and demanded recognition. These identity strategies located on two continua: (a) individual- and collective-level strategies and (b) dissolved and emphasized (sub)category boundaries. The practical conclusion is that professionals should be aware of these complex coping strategies when aiming to interact effectively with people suffering from contested illnesses.