Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chevassut, Olivier; Milner, Joseph; Pointcheval, David

2008-04-21

The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on anmore » analysis of relevant patents in the area.« less

Encryption Characteristics of Two USB-based Personal Health Record Devices

PubMed Central

Wright, Adam; Sittig, Dean F.

2007-01-01

Personal health records (PHRs) hold great promise for empowering patients and increasing the accuracy and completeness of health information. We reviewed two small USB-based PHR devices that allow a patient to easily store and transport their personal health information. Both devices offer password protection and encryption features. Analysis of the devices shows that they store their data in a Microsoft Access database. Due to a flaw in the encryption of this database, recovering the user’s password can be accomplished with minimal effort. Our analysis also showed that, rather than encrypting health information with the password chosen by the user, the devices stored the user’s password as a string in the database and then encrypted that database with a common password set by the manufacturer. This is another serious vulnerability. This article describes the weaknesses we discovered, outlines three critical flaws with the security model used by the devices, and recommends four guidelines for improving the security of similar devices. PMID:17460132

Impact of a dermatology wiki website on dermatology education.

PubMed

Karimkhani, Chante; Boyers, Lindsay N; Ellis, Lixia Z; Brice, Sylvia; Chen, David L; Dunnick, Cory A; Dellavalle, Robert P

2015-01-15

The Dermatology Education Wiki (dermwiki) website serves as a resource platform for medical students and residents. The readily accessible interface provides dermatology articles, survival guides, didactic lectures, and links to faculty talks as well as research opportunities. To assess medical student and resident satisfaction with the dermwiki website. Fourth-year medical students taking a dermatology elective were provided with a temporary password to access relevant dermwiki information. A satisfaction survey was created to assess whether medical students found the website helpful. Second- and third-year dermatology residents were also surveyed to compare satisfaction scores prior to and after the introduction of the dermwiki website. End-of-rotation medical student exam scores were tabulated and compared to the average scores from years prior to the development of the dermwiki website. Medical students rated the dermatology elective with the dermwiki website higher than rotations without a wiki (8.12 vs 7.31). Students planning to go into dermatology were more satisfied with the dermwiki website, reported accessing the website more frequently (11 times vs 9.5 times), and reported more time spent studying (12.2 hours vs 6.7 hours) than students not going into dermatology. End-of-rotation medical student exam scores did not differ from those prior to the development of the demwiki website. Ten second- and third-year dermatology residents unanimously stated that they were more satisfied with the program after the institution of the dermwiki website. Overall, addition of the dermwiki website to the dermatology elective curriculum has improved medical student and resident satisfaction scores. The improvement is greater among students planning to enter the field of dermatology. This study serves as a model for the incorporation of internet-based interactive tools to transform and supplement the learning environment.

Prevalence of Sharing Access Credentials in Electronic Medical Records

PubMed Central

Korach, Tzfania; Shreberk-Hassidim, Rony; Thomaidou, Elena; Uzefovsky, Florina; Ayal, Shahar; Ariely, Dan

2017-01-01

Objectives Confidentiality of health information is an important aspect of the physician patient relationship. The use of digital medical records has made data much more accessible. To prevent data leakage, many countries have created regulations regarding medical data accessibility. These regulations require a unique user ID for each medical staff member, and this must be protected by a password, which should be kept undisclosed by all means. Methods We performed a four-question Google Forms-based survey of medical staff. In the survey, each participant was asked if he/she ever obtained the password of another medical staff member. Then, we asked how many times such an episode occurred and the reason for it. Results A total of 299 surveys were gathered. The responses showed that 220 (73.6%) participants reported that they had obtained the password of another medical staff member. Only 171 (57.2%) estimated how many time it happened, with an average estimation of 4.75 episodes. All the residents that took part in the study (45, 15%) had obtained the password of another medical staff member, while only 57.5% (38/66) of the nurses reported this. Conclusions The use of unique user IDs and passwords to defend the privacy of medical data is a common requirement in medical organizations. Unfortunately, the use of passwords is doomed because medical staff members share their passwords with one another. Strict regulations requiring each staff member to have it's a unique user ID might lead to password sharing and to a decrease in data safety. PMID:28875052

Electronic patient data confidentiality practices among surgical trainees: questionnaire study.

PubMed

Mole, Damian J; Fox, Colin; Napolitano, Giulio

2006-10-01

The objective of this work was to evaluate the safeguards implemented by surgical trainees to protect the confidentiality of electronic patient data through a structured questionnaire sent to Northern Ireland surgical trainees. A group of 32 basic and higher surgical trainees attending a meeting of the Northern Ireland Association of Surgeons-in-Training were invited to complete a questionnaire regarding their computer use, UK Data Protection Act, 1988 registration and electronic data confidentiality practices. Of these 32 trainees, 29 returned completed questionnaires of whom 26 trainees regularly stored sensitive patient data for audit or research purposes on a computer. Only one person was registered under the Data Protection Act, 1988. Of the computers used to store and analyse sensitive data, only 3 of 14 desktops, 8 of 19 laptops and 3 of 14 hand-held computers forced a password logon. Of the 29 trainees, 16 used the same password for all machines, and 25 of 27 passwords were less than 8 characters long. Two respondents declined to reveal details of their secure passwords. Half of all trainees had never adjusted their internet security settings, despite all 14 desktops, 16 of 19 laptops and 5 of 14 hand-helds being routinely connected to the internet. Of the 29 trainees, 28 never encrypted their sensitive data files. Ten trainees had sent unencrypted sensitive patient data over the internet, using a non-secure server. Electronic data confidentiality practices amongst Northern Ireland surgical trainees are unsafe. Simple practical measures to safeguard confidentiality are recommended.

Internet and cardiovascular research: the present and its future potentials and limits.

PubMed

2002-03-01

The Internet and the World Wide Web have been proposed as tools to improve medical and cardiovascular research. These new technologies have been mainly applied to large-scale clinical trials, with the development of clinical-trial websites. They include tools for the management of some aspects of clinical trials, such as the dissemination of information on trial progress; randomisation and the monitoring processes; the distribution and accountability of study drugs; and remote data-entry. Several clinical-trial websites have been developed in the cardiovascular field over the last few years, but few have been designed to conduct trials fully online. Advantages of such systems include greater interaction between the coordinating centre and investigators, availability of a clean database in a short time, and cost reduction. Website developers need to take care of security issues and to use security tools (data encryption, firewalls, passwords and electronic signatures) in order to prevent unauthorised users from accessing the system and patient data.

From Legion to Avaki: The Persistence of Vision

DTIC Science & Technology

2006-01-01

person, but what component, is requesting an action. 5.3.1 Authentication Users authenticate themselves to a Legion grid with the login paradigm...password supplied during login is compared to the password in the state of the authentication object in order to permit or deny subsequent access to...In either case, the credential is protected by the security of the underlying operating system. Although login is the most commonly used method

Beyond Firewalls: Professional Certification Ensures Your Staff Will Understand Information Security in Its Proper Context

ERIC Educational Resources Information Center

Svetcov, Eric

2004-01-01

When it comes to security, many people do not know what they do not know. Consider for example, an administrator who leaves her password taped under her keyboard, or a teacher who doesn't change his password (ever!) or can't be bothered to log out or lock the computer, all the firewalls and antivirus programs in the world will not protect a…

Tailored approach to sleep health education (TASHE): study protocol for a web-based randomized controlled trial.

PubMed

Williams, Natasha J; Robbins, Rebecca; Rapoport, David; Allegrante, John P; Cohall, Alwyn; Ogedgebe, Gbenga; Jean-Louis, Girardin

2016-12-08

Obstructive sleep apnea (OSA) is a sleep disorder that disproportionately affects African Americans (hereafter referred to as blacks). Moreover, blacks may underutilize sleep services including overnight polysomnography. Thus, OSA among blacks may go undiagnosed and untreated, which has significant health consequences, including hypertension, diabetes, cognitive impairment, and daytime sleepiness. This two-arm randomized controlled trial will assign 200 participants to a culturally and linguistically tailored web-based sleep educational platform. The website will be developed to ensure that the content is user friendly and that it is readable and acceptable by the target community. Participants will receive login information to a password-protected website and will have access to the website for 2 months. Study assessments will be collected at baseline, 2 months (post-enrollment) and at 6 months (follow-up). We will use qualitative and quantitative methods to develop tailored materials and to ascertain whether tailored materials will increase OSA knowledge and OSA health literacy by comparing blacks exposed to tailored materials versus those exposed to standard sleep health literature. We hypothesize that exposure to tailored OSA information will improve OSA health literacy. Few studies have investigated the racial/ethnic disparities in relation to OSA screening and treatment comparing blacks and whites. Moreover, we know of no interventions designed to increase OSA knowledge and health literacy among blacks. Use of the Internet to disseminate health information is growing in this population. Thus, the Internet may be an effective means to increase OSA health literacy, thereby potentially increasing utilization of sleep-related services in this population. The study is registered at clinicaltrials.gov, reference number NCT02507089 . Registered on 21 July 2015.

Electronic Patient Data Confidentiality Practices Among Surgical Trainees: Questionnaire Study

PubMed Central

Mole, Damian J; Fox, Colin; Napolitano, Giulio

2006-01-01

INTRODUCTION The objective of this work was to evaluate the safeguards implemented by surgical trainees to protect the confidentiality of electronic patient data through a structured questionnaire sent to Northern Ireland surgical trainees. PARTICIPANTS AND METHODS A group of 32 basic and higher surgical trainees attending a meeting of the Northern Ireland Association of Surgeons-in-Training were invited to complete a questionnaire regarding their computer use, UK Data Protection Act, 1988 registration and electronic data confidentiality practices. RESULTS Of these 32 trainees, 29 returned completed questionnaires of whom 26 trainees regularly stored sensitive patient data for audit or research purposes on a computer. Only one person was registered under the Data Protection Act, 1988. Of the computers used to store and analyse sensitive data, only 3 of 14 desktops, 8 of 19 laptops and 3 of 14 hand-held computers forced a password logon. Of the 29 trainees, 16 used the same password for all machines, and 25 of 27 passwords were less than 8 characters long. Two respondents declined to reveal details of their secure passwords. Half of all trainees had never adjusted their internet security settings, despite all 14 desktops, 16 of 19 laptops and 5 of 14 hand-helds being routinely connected to the internet. Of the 29 trainees, 28 never encrypted their sensitive data files. Ten trainees had sent unencrypted sensitive patient data over the internet, using a non-secure server. CONCLUSIONS Electronic data confidentiality practices amongst Northern Ireland surgical trainees are unsafe. Simple practical measures to safeguard confidentiality are recommended. PMID:17059715

A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

PubMed

Mishra, Raghavendra; Barnwal, Amit Kumar

2015-05-01

The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

PubMed Central

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

A resettable and reprogrammable DNA-based security system to identify multiple users with hierarchy.

PubMed

Li, Hailong; Hong, Wei; Dong, Shaojun; Liu, Yaqing; Wang, Erkang

2014-03-25

Molecular-level security devices have raised ever-increasing interest in recent years to protect data and information from illegal invasion. Prior molecular keypad locks have an output signal dependent upon not only the appropriate combination but also the exact sequence of inputs, but it cannot be reset or reprogrammed. Here, a DNA-based security system with reset and never-reported reprogram function is successfully developed in proof-of-principle, with which one can change the password in case that the system is cracked. The previous password becomes invalid in the reprogrammed security system. Interestingly, more than one password is designed to permit multiple users to access. By harnessing the intrinsic merit of the different passwords, the system can distinguish different user who is endowed with prior authority. The intelligent device is addressed on solid support and facilitates electronic processes, avoiding chemical accumulation in the system by simple removal of the electrode from the input solution and indicating a main avenue for its further development.

Strong Password-Based Authentication in TLS Using the Three-PartyGroup Diffie-Hellman Protocol

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abdalla, Michel; Bresson, Emmanuel; Chevassut, Olivier

2006-08-26

The Internet has evolved into a very hostile ecosystem where"phishing'' attacks are common practice. This paper shows that thethree-party group Diffie-Hellman key exchange can help protect againstthese attacks. We have developed a suite of password-based cipher suitesfor the Transport Layer Security (TLS) protocol that are not onlyprovably secure but also assumed to be free from patent and licensingrestrictions based on an analysis of relevant patents in thearea.

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

PubMed

Choi, Younsung; Lee, Youngsook; Moon, Jongho; Won, Dongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications.

PubMed

Li, Xiong; Niu, Jianwei; Karuppiah, Marimuthu; Kumari, Saru; Wu, Fan

2016-12-01

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.

Collaborative Cyber-infrastructures for the Management of the UNESCO-IGCP Research Project "Forecast of tephra fallout"

NASA Astrophysics Data System (ADS)

Folch, A.; Costa, A.; Cordoba, G.

2009-04-01

Tephra fallout following explosive volcanic eruptions produces several hazardous effects on inhabitants, infrastructure, and property and represents a serious threat for communities located around active volcanoes. In order to mitigate the effects on the surrounding areas, scientists and civil decision-making authorities need reliable short-term forecasts during episodes of eruptive crisis and long-term probabilistic maps to plan territorial policies and land use. Modelling, together with field studies and volcano monitoring, constitutes an indispensable tool to achieve these objectives. The UNESCO-IGCP research project proposal "Forecast of tephra fallout" has the aim to produce a series of tools capable to elaborate both short-term forecasts and long-term hazard assessments using the cutting-edge models for tephra transport and sedimentation. A special project website will be designed to supply a set of models, procedures and expertise to several Latino-American Institutes based in countries seriously threatened by this geo-hazard (Argentina, Chile, Colombia, Ecuador, Mexico, and Nicaragua). This will proportionate to the final users a tool to elaborate short-term forecasts of tephra deposition on the ground, and determine airborne ash concentrations (a quantity of special relevance for aerial navigation safety) during eruptions and emergencies. The project web-site will have a public section and a password-protected area to exchange information and data among participants and, eventually, to allow remote execution of high-resolution mesoscale meteorological forecasts at the BSC facilities. The public website section will be updated periodically and will include sections describing the project objectives and achievements as well as the hazard maps for the investigated volcanoes, and will be linked to other relevant websites such as IAVCEI, IGCP, IUGS and UNESCO homepages. A part of the public section of the website will be devoted to disseminate achieved scientific results, provide general advice, and display hazard maps to a larger public beyond the scientific community. The website private section will include a software and documentation download section as well as a gateway to run the WRF mesoscale meteorological model and the parallel version of the FALL3D model at the BSC facilities. It will be invaluable during an eventual emergency if the affected institution does not yet have an agreement with its national weather service.

Research Using In Vivo Simulation of Meta-Organizational Shared Decision Making (SDM). Task 3: Testing the Shared Decision Making Framework in Vivo

DTIC Science & Technology

2011-12-01

developed to address the two main research questions (see Annex A). Exact wording of the questions varied during interviews to accommodate the...centre at DMS 3rd floor. All electronic files (including digital audio and video recordings) with participant data are being encrypted and password...locked filing cabinet at the University of Ottawa. Electronic files will remain encrypted, password protected and stored on a server to which only the

Electronic recording and reporting system for tuberculosis in China: experience and opportunities.

PubMed

Huang, Fei; Cheng, ShiMing; Du, Xin; Chen, Wei; Scano, Fabio; Falzon, Dennis; Wang, Lixia

2014-01-01

Tuberculosis (TB) surveillance in China is organized through a nationwide network of about 3200 hospitals and health facilities. In 2005, an electronic Tuberculosis Information Management System (TBIMS) started to be phased in to replace paper recording. The TBIMS collects key information on TB cases notified in TB care facilities, and exchanges real-time data with the Infectious Disease Reporting System, which covers the country's 37 notifiable diseases. The system is accessible to authorized users at every level of the TB network through a password-protected website. By 2009 the TBIMS achieved nationwide coverage. Completeness of data on patient bacteriological end points improved remarkably over time. Data on about a million active TB cases, including drug-resistant TB, are included each year. The sheer scale of the data handling and the intricate functions that the China TBIMS performs makes it stand apart from the electronic information systems for TB adopted in other countries. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Lock It Up! Computer Security.

ERIC Educational Resources Information Center

Wodarz, Nan

1997-01-01

The data contained on desktop computer systems and networks pose security issues for virtually every district. Sensitive information can be protected by educating users, altering the physical layout, using password protection, designating access levels, backing up data, reformatting floppy disks, using antivirus software, and installing encryption…

Security enhanced multi-factor biometric authentication scheme using bio-hash function

PubMed Central

Lee, Youngsook; Moon, Jongho

2017-01-01

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An’s scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user’s ID during login. Cao and Ge improved upon Younghwa An’s scheme, but various security problems remained. This study demonstrates that Cao and Ge’s scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge’s scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost. PMID:28459867

On the security of a simple three-party key exchange protocol without server's public keys.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Park, Minkyu; Paik, Juryon; Won, Dongho

2014-01-01

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond; Park, Minkyu; Paik, Juryon; Won, Dongho

2014-01-01

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol. PMID:25258723

Computer Security Products Technology Overview

DTIC Science & Technology

1988-10-01

13 3. DATABASE MANAGEMENT SYSTEMS ................................... 15 Definition...this paper addresses fall into the areas of multi-user hosts, database management systems (DBMS), workstations, networks, guards and gateways, and...provide a portion of that protection, for example, a password scheme, a file protection mechanism, a secure database management system, or even a

Password Protection Act of 2013

THOMAS, 113th Congress

Rep. Perlmutter, Ed [D-CO-7

2013-05-21

House - 06/14/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Cryptanalysis and improvement of Yan et al.'s biometric-based authentication scheme for telecare medicine information systems.

PubMed

Mishra, Dheerendra; Mukhopadhyay, Sourav; Chaturvedi, Ankita; Kumari, Saru; Khan, Muhammad Khurram

2014-06-01

Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan's scheme and proposed an improved scheme to erase the drawbacks of Tan's scheme. We analyze Yan et al.'s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.'s scheme.

HAEdb: a novel interactive, locus-specific mutation database for the C1 inhibitor gene.

PubMed

Kalmár, Lajos; Hegedüs, Tamás; Farkas, Henriette; Nagy, Melinda; Tordai, Attila

2005-01-01

Hereditary angioneurotic edema (HAE) is an autosomal dominant disorder characterized by episodic local subcutaneous and submucosal edema and is caused by the deficiency of the activated C1 esterase inhibitor protein (C1-INH or C1INH; approved gene symbol SERPING1). Published C1-INH mutations are represented in large universal databases (e.g., OMIM, HGMD), but these databases update their data rather infrequently, they are not interactive, and they do not allow searches according to different criteria. The HAEdb, a C1-INH gene mutation database (http://hae.biomembrane.hu) was created to contribute to the following expectations: 1) help the comprehensive collection of information on genetic alterations of the C1-INH gene; 2) create a database in which data can be searched and compared according to several flexible criteria; and 3) provide additional help in new mutation identification. The website uses MySQL, an open-source, multithreaded, relational database management system. The user-friendly graphical interface was written in the PHP web programming language. The website consists of two main parts, the freely browsable search function, and the password-protected data deposition function. Mutations of the C1-INH gene are divided in two parts: gross mutations involving DNA fragments >1 kb, and micro mutations encompassing all non-gross mutations. Several attributes (e.g., affected exon, molecular consequence, family history) are collected for each mutation in a standardized form. This database may facilitate future comprehensive analyses of C1-INH mutations and also provide regular help for molecular diagnostic testing of HAE patients in different centers.

Password Protection Act of 2012

THOMAS, 112th Congress

Sen. Blumenthal, Richard [D-CT

2012-05-09

Senate - 05/09/2012 Read twice and referred to the Committee on Health, Education, Labor, and Pensions. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Password Protection Act of 2013

THOMAS, 113th Congress

Sen. Blumenthal, Richard [D-CT

2013-08-01

Senate - 08/01/2013 Read twice and referred to the Committee on Health, Education, Labor, and Pensions. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Innovative methods for knowledge transfer

NASA Astrophysics Data System (ADS)

Goanta, A. M.

2015-11-01

At this time, learning takes place, either with classic books on paper support or using books scanned or drawn and further converted into PDF or PPT files that are printed on type support CD / DVD. The latter modern means of learning, the study adds live on the Internet using search engines and not least e-learning method, which allows the study of bibliographic related materials in PDF or PPT, stacked and grouped on the basis of a curriculum imposed which can be accessed on a website via a user name and password. Innovative methods come to successfully use other file types than those mentioned above. The graphics in teaching technical subjects such as descriptive geometry can be achieved using animated PowerPoint files, allowing for visualization of steps to be taken, in the case of solving by drawing a descriptive geometry. Another innovative method relies on the use of HTML files, inspired by related sites help design software packages that can be used when teaching descriptive geometry that the technical design. Through this work, the author has proposed to present a new innovative method, which is inspired by the methods listed above, but involves using AVI files to teaching of computer-assisted type graphics or info graphics. In general this new author's method lends itself particularly well to the teaching of the use of software packages because the student actually see the place from where the delivered command is accessed and contextual options of right button of the mouse. These laboratory courses or mentoring can be freestanding cards support CD / DVD or can be posted on websites with restricted access based on user name and password. Practically paper presents the methodology of creating courses and tutorials in AVI format, and how to monitor the degree of accessing the website, on which there were posted mentioned teaching materials, using the tools offered by Google Analytics. The results consist of graphical work, about the degree of access to educational materials, made on the basis of various criteria, such as the: time of access, access location, age of those who accessed, chapters accessed, etc. Finally the author presents his findings on the benefits of this method.

Survey of methods for secure connection to the internet

NASA Astrophysics Data System (ADS)

Matsui, Shouichi

1994-04-01

This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

76 FR 4463 - Privacy Act of 1974; Report of Modified or Altered System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-25

... occupationally related mortality or morbidity is occurring. In the event of litigation where the defendant is: (a... diseases and which provides for the confidentiality of the information. In the event of litigation..., limited log-ins, virus protection, and user rights/file attribute restrictions. Password protection...

Personal computer security: part 1. Firewalls, antivirus software, and Internet security suites.

PubMed

Caruso, Ronald D

2003-01-01

Personal computer (PC) security in the era of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) involves two interrelated elements: safeguarding the basic computer system itself and protecting the information it contains and transmits, including personal files. HIPAA regulations have toughened the requirements for securing patient information, requiring every radiologist with such data to take further precautions. Security starts with physically securing the computer. Account passwords and a password-protected screen saver should also be set up. A modern antivirus program can easily be installed and configured. File scanning and updating of virus definitions are simple processes that can largely be automated and should be performed at least weekly. A software firewall is also essential for protection from outside intrusion, and an inexpensive hardware firewall can provide yet another layer of protection. An Internet security suite yields additional safety. Regular updating of the security features of installed programs is important. Obtaining a moderate degree of PC safety and security is somewhat inconvenient but is necessary and well worth the effort. Copyright RSNA, 2003

From Sticks and Stones to Zeros and Ones: The Development of Computer Network Operations as an Element of Warfare. A Study of the Palestinian-Israeli Cyberconflict and What the United States Can Learn from the Interfada

DTIC Science & Technology

2005-09-01

Israeli teens who sabotaged a website of Hezbollah, the militantly anti-Israel guerrilla movement in Lebanon, with a defacement which placed an Israeli...ftp with out a password. FUCK HIZZBALLA!!! Sincerely digibrain & haboshanik (we are the domain masters).” • Hackers of Israel Unite: Hackers of...other defacement. 2. b1n4ry c0d3 defaced only one site on December 3, 2000. This defacement was the only one to refer to the WFD as the “World’s Fuck

Patient web portals, disease management, and primary prevention.

PubMed

Coughlin, Steven S; Prochaska, Judith J; Williams, Lovoria B; Besenyi, Gina M; Heboyan, Vahé; Goggans, D Stephen; Yoo, Wonsuk; De Leo, Gianluca

2017-01-01

Efforts aimed at health care reform and continued advances in information technologies have prompted interest among providers and researchers in patient web portals. Patient web portals are password-protected online websites that offer the patients 24-hour access to personal health information from anywhere with an Internet connection. This article, which is based upon bibliographic searches in PubMed, reviews important developments in web portals for primary and secondary disease prevention, including patient web portals tethered to electronic medical records, disease-specific portals, health disparities, and health-related community web portals. Although findings have not been uniformly positive, several studies of the effectiveness of health care system patient portals in chronic disease management have shown promising results with regard to patient outcomes. Patient web portals have also shown promising results in increasing adherence with screening recommendations. Racial and ethnic minorities, younger persons, and patients who are less educated or have lower health literacy have been found to be less likely to use patient portals. Additional studies are needed of the utility and effectiveness of different elements of web portals for different patient populations. This should include additional diseases and health topics such as smoking cessation and weight management.

Patient web portals, disease management, and primary prevention

PubMed Central

Coughlin, Steven S; Prochaska, Judith J; Williams, Lovoria B; Besenyi, Gina M; Heboyan, Vahé; Goggans, D Stephen; Yoo, Wonsuk; De Leo, Gianluca

2017-01-01

Background Efforts aimed at health care reform and continued advances in information technologies have prompted interest among providers and researchers in patient web portals. Patient web portals are password-protected online websites that offer the patients 24-hour access to personal health information from anywhere with an Internet connection. Methods This article, which is based upon bibliographic searches in PubMed, reviews important developments in web portals for primary and secondary disease prevention, including patient web portals tethered to electronic medical records, disease-specific portals, health disparities, and health-related community web portals. Results Although findings have not been uniformly positive, several studies of the effectiveness of health care system patient portals in chronic disease management have shown promising results with regard to patient outcomes. Patient web portals have also shown promising results in increasing adherence with screening recommendations. Racial and ethnic minorities, younger persons, and patients who are less educated or have lower health literacy have been found to be less likely to use patient portals. Conclusion Additional studies are needed of the utility and effectiveness of different elements of web portals for different patient populations. This should include additional diseases and health topics such as smoking cessation and weight management. PMID:28435342

User Account Passwords | High-Performance Computing | NREL

Science.gov Websites

Account Passwords User Account Passwords For NREL's high-performance computing (HPC) systems, learn about user account password requirements and how to set up, log in, and change passwords. Password Logging In the First Time After you request an HPC user account, you'll receive a temporary password. Set

Advanced Password Tips and Tricks

MedlinePlus

... email Looking for business guidance on privacy and security? Get Email Updates Blog Feed Facebook YouTube Twitter The Federal Trade Commission (FTC) is the nation’s consumer protection agency. The FTC works to prevent fraudulent, deceptive ...

75 FR 66752 - ILP Effectiveness Evaluation 2010; Additional Notice of Multi-Stakeholder Technical Conference on...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-29

... Licensing Process October 21, 2010. As announced in the May 18, 2010, ``Notice of Interviews... at [email protected]com by October 29, 2010 to receive the toll-free telephone number and password... Stephanie Obadia at [email protected]com by October 29, 2010. For more information about this conference...

32 CFR 806b.29 - Sending personal information over electronic mail.

Code of Federal Regulations, 2010 CFR

2010-07-01

... methods may include encryption or password protecting the information in a separate Word document. When....mil/whs/directives/corres/pdf/54007r_0998/p54007r.pdf. (c) Do not disclose personal information to...

A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule.

PubMed

Majumdar, Tapas; Haldar, Basudeb; Mallick, Arabinda

2017-02-20

A simple strategy is proposed to design and develop an intelligent device based on dual channel ion responsive spectral properties of a commercially available molecule, harmine (HM). The system can process different sets of opto-chemical inputs generating different patterns as fluorescence outputs at specific wavelengths which can provide an additional level of protection exploiting both password and pattern recognitions. The proposed system could have the potential to come up with highly secured combinatorial locks at the molecular level that could pose valuable real time and on-site applications for user authentication.

A Strategic Design of an Opto-Chemical Security Device with Resettable and Reconfigurable Password Based Upon Dual Channel Two-in-One Chemosensor Molecule

NASA Astrophysics Data System (ADS)

Majumdar, Tapas; Haldar, Basudeb; Mallick, Arabinda

2017-02-01

A simple strategy is proposed to design and develop an intelligent device based on dual channel ion responsive spectral properties of a commercially available molecule, harmine (HM). The system can process different sets of opto-chemical inputs generating different patterns as fluorescence outputs at specific wavelengths which can provide an additional level of protection exploiting both password and pattern recognitions. The proposed system could have the potential to come up with highly secured combinatorial locks at the molecular level that could pose valuable real time and on-site applications for user authentication.

Setting a disordered password on a photonic memory

NASA Astrophysics Data System (ADS)

Su, Shih-Wei; Gou, Shih-Chuan; Chew, Lock Yue; Chang, Yu-Yen; Yu, Ite A.; Kalachev, Alexey; Liao, Wen-Te

2017-06-01

An all-optical method of setting a disordered password on different schemes of photonic memory is theoretically studied. While photons are regarded as ideal information carriers, it is imperative to implement such data protection on all-optical storage. However, we wish to address the intrinsic risk of data breaches in existing schemes of photonic memory. We theoretically demonstrate a protocol using spatially disordered laser fields to encrypt data stored on an optical memory, namely, encrypted photonic memory. To address the broadband storage, we also investigate a scheme of disordered echo memory with a high fidelity approaching unity. The proposed method increases the difficulty for the eavesdropper to retrieve the stored photon without the preset password even when the randomized and stored photon state is nearly perfectly cloned. Our results pave ways to significantly reduce the exposure of memories, required for long-distance communication, to eavesdropping and therefore restrict the optimal attack on communication protocols. The present scheme also increases the sensitivity of detecting any eavesdropper and so raises the security level of photonic information technology.

Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms

DTIC Science & Technology

2011-08-31

2011 4 . TITLE AND SUBTITLE Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms 5a. CONTRACT...large numbers of hashed passwords (Booz Allen Hamilton, HBGary, Gawker, Sony Playstation , etc.), coupled with the availability of botnets that offer...when evaluating the strength of different password-composition policies. 4 . We investigate the effectiveness of entropy as a measure of password

Preventing Shoulder-Surfing Attack with the Concept of Concealing the Password Objects' Information

PubMed Central

Ho, Peng Foong; Kam, Yvonne Hwei-Syn; Wee, Mee Chin

2014-01-01

Traditionally, picture-based password systems employ password objects (pictures/icons/symbols) as input during an authentication session, thus making them vulnerable to “shoulder-surfing” attack because the visual interface by function is easily observed by others. Recent software-based approaches attempt to minimize this threat by requiring users to enter their passwords indirectly by performing certain mental tasks to derive the indirect password, thus concealing the user's actual password. However, weaknesses in the positioning of distracter and password objects introduce usability and security issues. In this paper, a new method, which conceals information about the password objects as much as possible, is proposed. Besides concealing the password objects and the number of password objects, the proposed method allows both password and distracter objects to be used as the challenge set's input. The correctly entered password appears to be random and can only be derived with the knowledge of the full set of password objects. Therefore, it would be difficult for a shoulder-surfing adversary to identify the user's actual password. Simulation results indicate that the correct input object and its location are random for each challenge set, thus preventing frequency of occurrence analysis attack. User study results show that the proposed method is able to prevent shoulder-surfing attack. PMID:24991649

Q-Boosted Optomechanical Resonators

DTIC Science & Technology

2015-11-18

Devices ( ORCHID ) Lead Organization: University of California at Berkeley Project Title: Q-Boosted Optomechanical Resonators Technical...be a PDF. Please do not password protect or secure the PDF . The maximum file size for the Report Document is 50MB. 150915 UCB Nguyen ORCHID

Are Password Management Applications Viable? An Analysis of User Training and Reactions

ERIC Educational Resources Information Center

Ciampa, Mark

2011-01-01

Passwords have the distinction of being the most widely-used form of authentication--and the most vulnerable. With the dramatic increase today in the number of accounts that require passwords, overwhelmed users usually resort to creating weak passwords or reusing the same password for multiple accounts, thus making passwords the weakest link in…

Online History Textbooks: Breaking the Mold.

ERIC Educational Resources Information Center

Schick, James B. M.

2001-01-01

Outlines recommended conditions and features of online history textbooks: link control, coverage of methodology, maps, breadth and depth of information, layered storytelling approach, tools, tutorials, customization, team teaching, short movies, interviews, reading activities and skill building activities, overcharging, and password protection.…

Internet Address Space Management in Digital

DTIC Science & Technology

1992-09-01

password: % passwd Changing password for wade Old password: New password: Retype new password: 3. Log out of the cluster center machine by typing...that on some machine, you can use the " passwd " command on the machine where the change is needed. 16

78 FR 20356 - NASA Advisory Council; Science Committee; Astrophysics Subcommittee; Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-04

... Committee; Astrophysics Subcommittee; Meeting AGENCY: National Aeronautics and Space Administration. ACTION... amended, the National Aeronautics and Space Administration (NASA) announces a meeting of the Astrophysics... password [email protected] The agenda for the meeting includes the following topics: --Astrophysics Division...

77 FR 31851 - Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-30

... identification, U.S. visa number, FCC point of contact, visitor signature, professional title, organizational... pertinent records, or to another public authority or professional organization, if necessary to obtain... secured by limited access card readers. The computer servers themselves are password-protected. Access to...

Alternative Fuels Data Center: Forgot Your Password?

Science.gov Websites

AFDC Printable Version Share this resource Send a link to Alternative Fuels Data Center: Forgot Your Password? to someone by E-mail Share Alternative Fuels Data Center: Forgot Your Password? on to share Alternative Fuels Data Center: Forgot Your Password? on AddThis.com... Forgot Your Password

Exploring the Use of Discrete Gestures for Authentication

NASA Astrophysics Data System (ADS)

Chong, Ming Ki; Marsden, Gary

Research in user authentication has been a growing field in HCI. Previous studies have shown that peoples’ graphical memory can be used to increase password memorability. On the other hand, with the increasing number of devices with built-in motion sensors, kinesthetic memory (or muscle memory) can also be exploited for authentication. This paper presents a novel knowledge-based authentication scheme, called gesture password, which uses discrete gestures as password elements. The research presents a study of multiple password retention using PINs and gesture passwords. The study reports that although participants could use kinesthetic memory to remember gesture passwords, retention of PINs is far superior to retention of gesture passwords.

A proactive password checker

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

Password selection has long been a difficult issue; traditionally, passwords are either assigned by the computer or chosen by the user. When the computer does the assignment, the passwords are often hard to remember; when the user makes the selection, the passwords are often easy to guess. This paper describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. The technique is site, user, and group compatible, and allows rapid changing of constraints imposed upon the password. Although experience with this technique is limited, it appears to have much promise.

75 FR 6339 - California Public Utilities Commission Petition for Rulemaking

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-09

... (NORS). The CPUC also requests password-protected access to California- specific disruption and outage... ``limited to California-specific disruption and outage data.'' NORS is the Web-based filing system through which certain communications providers submit reports to the Commission of disruptions to communications...

Computer Security-Risks, Threats, and Safeguards.

ERIC Educational Resources Information Center

Ekhaml, Leticia

2001-01-01

Describes a variety of Internet threats to computers and networks used in schools. Discusses electronic trashing; clearing hard drives; cyber spying on Web sites visited; protection against cyber spying, including disposable email accounts; password sniffers; privacy policies; email snooping; email attachments that carry viruses; and hoaxes. (LRW)

Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials

NASA Astrophysics Data System (ADS)

Park, Jun-Cheol

User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.

MPI Enhancements in John the Ripper

NASA Astrophysics Data System (ADS)

Sykes, Edward R.; Lin, Michael; Skoczen, Wesley

2010-11-01

John the Ripper (JtR) is an open source software package commonly used by system administrators to enforce password policy. JtR is designed to attack (i.e., crack) passwords encrypted in a wide variety of commonly used formats. While parallel implementations of JtR exist, there are several limitations to them. This research reports on two distinct algorithms that enhance this password cracking tool using the Message Passing Interface. The first algorithm is a novel approach that uses numerous processors to crack one password by using an innovative approach to workload distribution. In this algorithm the candidate password is distributed to all participating processors and the word list is divided based on probability so that each processor has the same likelihood of cracking the password while eliminating overlapping operations. The second algorithm developed in this research involves dividing the passwords within a password file equally amongst available processors while ensuring load-balanced and fault-tolerant behavior. This paper describes John the Ripper, the design of these two algorithms and preliminary results. Given the same amount of time, the original JtR can crack 29 passwords, whereas our algorithms 1 and 2 can crack an additional 35 and 45 passwords respectively.

75 FR 35028 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-21

... 20552 and 1625 Eye Street, NW., Washington, DC 20006. categories of individuals covered by the system... are protected by restricted access procedures, including user identifications and passwords. Only FHFA... regular mail address is: Privacy Act Officer, Federal Housing Finance Agency, 1625 Eye Street, NW...

49 CFR 228.203 - Program components.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Program components. (a) System security. The integrity of the program and database must be protected by a security system that utilizes an employee identification number and password, or a comparable method, to... system to pre-populate fields of the hours of service record provided that— (A) The recordkeeping system...

My Project. In: SMARTe20ll, EPA/600/C-10/007

EPA Science Inventory

SMARTe's "My Project" is intended to allow stakeholders to work together in a project "team room" and evaluate different reuse options for their specific situation. "My Project" is a password protected version of SMARTe. This personal SMARTe site has pull down menus for access ...

75 FR 32915 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-10

... used to authenticate authorized desktop and laptop computer users. Computer servers are scanned monthly... data is also used for management and statistical reports and studies. Routine uses of records... duties. The computer files are password protected with access restricted to authorized users. Records are...

Comparasion of Password Generator between Coupled Linear Congruential Generator (CLCG) and Linear Congruential Generator (LCG)

NASA Astrophysics Data System (ADS)

Imamah; Djunaidy, A.; Rachmad, A.; Damayanti, F.

2018-01-01

Password is needed to access the computing services. Text password is a combination between characters, numbers and symbols. One of issues is users will often choose guessable passwords, e.g. date of birth, name of pet, or anniversary date. To address this issue, we proposed password generator using Coupled Congruential method (CLCG). CLCG is a method to solve the weakness of Linear Congruential generator (LCG). In this research, we want to prove that CLCG is really good to generate random password compared to LCG method. The result of this research proves that the highest password strength is obtained by CLCG with score 77.4%. Besides of those things, we had proved that term of LCG is also applicable to CLCG.

[Application of password manager software in health care].

PubMed

Ködmön, József

2016-12-01

When using multiple IT systems, handling of passwords in a secure manner means a potential source of problem. The most frequent issues are choosing the appropriate length and complexity, and then remembering the strong passwords. Password manager software provides a good solution for this problem, while greatly increasing the security of sensitive medical data. This article introduces a password manager software and provides basic information of the application. It also discusses how to select a really secure password manager software and suggests a practical application to efficient, safe and comfortable use for health care. Orv. Hetil., 2016, 157(52), 2066-2073.

How secure is your information system? An investigation into actual healthcare worker password practices.

PubMed

Cazier, Joseph A; Medlin, B Dawn

2006-09-27

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed.

How Secure Is Your Information System? An Investigation into Actual Healthcare Worker Password Practices

PubMed Central

Cazier, Joseph A; Medlin, B. Dawn

2006-01-01

For most healthcare information systems, passwords are the first line of defense in keeping patient and administrative records private and secure. However, this defense is only as strong as the passwords employees chose to use. A weak or easily guessed password is like an open door to the medical records room, allowing unauthorized access to sensitive information. In this paper, we present the results of a study of actual healthcare workers' password practices. In general, the vast majority of these passwords have significant security problems on several dimensions. Implications for healthcare professionals are discussed. PMID:18066366

A pedagogical example of second-order arithmetic sequences applied to the construction of computer passwords by upper elementary grade students

NASA Astrophysics Data System (ADS)

Coggins, Porter E.

2015-04-01

The purpose of this paper is (1) to present how general education elementary school age students constructed computer passwords using digital root sums and second-order arithmetic sequences, (2) argue that computer password construction can be used as an engaging introduction to generate interest in elementary school students to study mathematics related to computer science, and (3) share additional mathematical ideas accessible to elementary school students that can be used to create computer passwords. This paper serves to fill a current gap in the literature regarding the integration of mathematical content accessible to upper elementary school students and aspects of computer science in general, and computer password construction in particular. In addition, the protocols presented here can serve as a hook to generate further interest in mathematics and computer science. Students learned to create a random-looking computer password by using biometric measurements of their shoe size, height, and age in months and to create a second-order arithmetic sequence, then converted the resulting numbers into characters that become their computer passwords. This password protocol can be used to introduce students to good computer password habits that can serve a foundation for a life-long awareness of data security. A refinement of the password protocol is also presented.

Improving computer security for authentication of users: influence of proactive password restrictions.

PubMed

Proctor, Robert W; Lien, Mei-Ching; Vu, Kim-Phuong L; Schultz, E Eugene; Salvendy, Gavriel

2002-05-01

Entering a username-password combination is a widely used procedure for identification and authentication in computer systems. However, it is a notoriously weak method, in that the passwords adopted by many users are easy to crack. In an attempt to improve security, proactive password checking may be used, in which passwords must meet several criteria to be more resistant to cracking. In two experiments, we examined the influence of proactive password restrictions on the time that it took to generate an acceptable password and to use it subsequently to long in. The required length was a minimum of five characters in Experiment 1 and eight characters in Experiment 2. In both experiments, one condition had only the length restriction, and the other had additional restrictions. The additional restrictions greatly increased the time it took to generate the password but had only a small effect on the time it took to use it subsequently to long in. For the five-character passwords, 75% were cracked when no other restrictions were imposed, and this was reduced to 33% with the additional restrictions. For the eight-character passwords, 17% were cracked with no other restrictions, and 12.5% with restrictions. The results indicate that increasing the minimum character length reduces crackability and increases security, regardless of whether additional restrictions are imposed.

76 FR 15351 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-21

... public comment on new or revised data collections, the Railroad Retirement Board (RRB) will publish.../Password. Completion is voluntary, however, the RRB will be unable to provide a PRC or allow a requestor to... Charles[email protected] . Comments regarding the information collection should be sent to Patricia A...

77 FR 60401 - Privacy Act of 1974; Systems of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-03

... computer password protection.'' * * * * * System manager(s) and address: Delete entry and replace with...; Systems of Records AGENCY: National Security Agency/Central Security Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The National Security Agency (NSA) is proposing to amend a system of...

Getting Employees Involved in Information Security: The Case of Strong Passwords

ERIC Educational Resources Information Center

Taylor, Richard G.

2009-01-01

With the increasing amount and severity of information security incidents, organizations are constantly looking for better ways to protect their information. The implementation of physical safeguards such as firewalls and intrusion detection systems is an integral part on an organization's overall information security; however these safeguards…

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks.

PubMed

Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

2015-11-30

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost.

Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

PubMed

Wu, Fan; Xu, Lili

2013-08-01

Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

A study on user authentication methodology using numeric password and fingerprint biometric information.

PubMed

Ju, Seung-hwan; Seo, Hee-suk; Han, Sung-hyu; Ryou, Jae-cheol; Kwak, Jin

2013-01-01

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility.

A Study on User Authentication Methodology Using Numeric Password and Fingerprint Biometric Information

PubMed Central

Ju, Seung-hwan; Seo, Hee-suk; Han, Sung-hyu; Ryou, Jae-cheol

2013-01-01

The prevalence of computers and the development of the Internet made us able to easily access information. As people are concerned about user information security, the interest of the user authentication method is growing. The most common computer authentication method is the use of alphanumerical usernames and passwords. The password authentication systems currently used are easy, but only if you know the password, as the user authentication is vulnerable. User authentication using fingerprints, only the user with the information that is specific to the authentication security is strong. But there are disadvantage such as the user cannot change the authentication key. In this study, we proposed authentication methodology that combines numeric-based password and biometric-based fingerprint authentication system. Use the information in the user's fingerprint, authentication keys to obtain security. Also, using numeric-based password can to easily change the password; the authentication keys were designed to provide flexibility. PMID:24151601

Nutritional and Exercise Aspects of Prader-Willi Syndrome and Childhood Obesity

DTIC Science & Technology

2013-02-01

materials. Participants who returned the completed survey received a $10 gift card by mail. Survey responses were entered into a password-protected...Contact Us Choose Month and Year Monday, April 30, 2012 For a link to our Diabetes Seminars, click below! Subscribe to our iTunes U page for free

77 FR 71201 - Order Extending Temporary Conditional Exemption for Nationally Recognized Statistical Rating...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-29

... following conflict of interest: Issuing or maintaining a credit rating for a security or money market... that was paid for by the issuer, sponsor, or underwriter of the security or money market instrument. 17...; Provide free and unlimited access to such password- protected Internet Web site during the applicable...

Fingerprints in Place of Passwords: A Study of Technology Adoption in the Nursing Profession

ERIC Educational Resources Information Center

Francisco, James R.

2010-01-01

Health care is one of the most highly regulated industries in the United States. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates the implementation of information systems security to protect the personal information of patients. Properly planned implementations ease the process of introducing new technologies like…

Are participants concerned about privacy and security when using short message service to report product adherence in a rectal microbicide trial?

PubMed

Giguere, Rebecca; Brown, William; Balán, Ivan C; Dolezal, Curtis; Ho, Titcha; Sheinfil, Alan; Ibitoye, Mobolaji; Lama, Javier R; McGowan, Ian; Cranston, Ross D; Carballo-Diéguez, Alex

2018-04-01

During a Phase 2 rectal microbicide trial, men who have sex with men and transgender women (n = 187) in 4 countries (Peru, South Africa, Thailand, United States) reported product use daily via short message service (SMS). To prevent disclosure of study participation, the SMS system program included privacy and security features. We evaluated participants' perceptions of privacy while using the system and acceptability of privacy/security features. To protect privacy, the SMS system: (1) confirmed participant availability before sending the study questions, (2) required a password, and (3) did not reveal product name or study participation. To ensure security, the system reminded participants to lock phone/delete messages. A computer-assisted self-interview (CASI), administered at the final visit, measured burden of privacy and security features and SMS privacy concerns. A subsample of 33 participants underwent an in-depth interview (IDI). Based on CASI, 85% had no privacy concerns; only 5% were very concerned. Most were not bothered by the need for a password (73%) or instructions to delete messages (82%). Based on IDI, reasons for low privacy concerns included sending SMS in private or feeling that texting would not draw attention. A few IDI participants found the password unnecessary and more than half did not delete messages. Most participants were not concerned that the SMS system would compromise their confidentiality. SMS privacy and security features were effective and not burdensome. Short ID-related passwords, ambiguous language, and reminders to implement privacy and security-enhancing behaviors are recommended for SMS systems.

Surfing for suicide methods and help: content analysis of websites retrieved with search engines in Austria and the United States.

PubMed

Till, Benedikt; Niederkrotenthaler, Thomas

2014-08-01

The Internet provides a variety of resources for individuals searching for suicide-related information. Structured content-analytic approaches to assess intercultural differences in web contents retrieved with method-related and help-related searches are scarce. We used the 2 most popular search engines (Google and Yahoo/Bing) to retrieve US-American and Austrian search results for the term suicide, method-related search terms (e.g., suicide methods, how to kill yourself, painless suicide, how to hang yourself), and help-related terms (e.g., suicidal thoughts, suicide help) on February 11, 2013. In total, 396 websites retrieved with US search engines and 335 websites from Austrian searches were analyzed with content analysis on the basis of current media guidelines for suicide reporting. We assessed the quality of websites and compared findings across search terms and between the United States and Austria. In both countries, protective outweighed harmful website characteristics by approximately 2:1. Websites retrieved with method-related search terms (e.g., how to hang yourself) contained more harmful (United States: P < .001, Austria: P < .05) and fewer protective characteristics (United States: P < .001, Austria: P < .001) compared to the term suicide. Help-related search terms (e.g., suicidal thoughts) yielded more websites with protective characteristics (United States: P = .07, Austria: P < .01). Websites retrieved with U.S. search engines generally had more protective characteristics (P < .001) than searches with Austrian search engines. Resources with harmful characteristics were better ranked than those with protective characteristics (United States: P < .01, Austria: P < .05). The quality of suicide-related websites obtained depends on the search terms used. Preventive efforts to improve the ranking of preventive web content, particularly regarding method-related search terms, seem necessary. © Copyright 2014 Physicians Postgraduate Press, Inc.

Voice Biometrics as a Way to Self-service Password Reset

NASA Astrophysics Data System (ADS)

Hohgräfe, Bernd; Jacobi, Sebastian

Password resets are time consuming. Especially when urgent jobs need to be done, it is cumbersome to inform the user helpdesk, to identify oneself and then to wait for response. It is easy to enter a wrong password multiple times, which leads to the blocking of the application. Voice biometrics is an easy and secure way for individuals to reset their own password. Read more about how you can ease the burden of your user helpdesk and how voice biometric password resets benefit your expense situation without harming your security.

Internet marketing directed at children on food and restaurant websites in two policy environments.

PubMed

Kent, M Potvin; Dubois, L; Kent, E A; Wanless, A J

2013-04-01

Food and beverage marketing has been associated with childhood obesity yet little research has examined the influence of advertising policy on children's exposure to food/beverage marketing on the Internet. The purpose of this study was to assess the influence of Quebec's Consumer Protection Act and the self-regulatory Canadian Children's Food and Beverage Advertising Initiative (CAI) on food manufacturer and restaurant websites in Canada. A content analysis of 147 French and English language food and restaurant websites was undertaken. The presence of child-directed content was assessed and an analysis of marketing features, games and activities, child protection features, and the promotion of healthy lifestyle messages was then examined on those sites with child-directed content. There were statistically no fewer French language websites (n = 22) with child-directed content compared to English language websites (n = 27). There were no statistically significant differences in the number of the various marketing features, or in the average number of marketing features between the English and French websites. There were no fewer CAI websites (n = 14) with child-directed content compared to non-CAI websites (n = 13). The CAI sites had more healthy lifestyle messages and child protection features compared to the non-CAI sites. Systematic surveillance of the Consumer Protection Act in Quebec is recommended. In the rest of Canada, the CAI needs to be significantly expanded or replaced by regulatory measures to adequately protect children from the marketing of foods/beverages high in fat, sugar, and sodium on the Internet. Copyright © 2012 The Obesity Society.

31 CFR 363.19 - What should I do if I become aware that my password or other form of authentication has become...

Code of Federal Regulations, 2010 CFR

2010-07-01

... that my password or other form of authentication has become compromised? 363.19 Section 363.19 Money... that my password or other form of authentication has become compromised? If you become aware that your password has become compromised, that any other form of authentication has been compromised, lost, stolen...

One-Time Password Tokens | High-Performance Computing | NREL

Science.gov Websites

One-Time Password Tokens One-Time Password Tokens For connecting to NREL's high-performance computing (HPC) systems, learn how to set up a one-time password (OTP) token for remote and privileged a one-time pass code from the HPC Operations team. At the sign-in screen Enter your HPC Username in

Simpler and Safer: One Password Opens Many Online Doors

ERIC Educational Resources Information Center

Carnevale, Dan

2007-01-01

Going online nowadays often requires more log-ins and passwords than most people can remember. Faculty and staff members will sometimes write their various passwords on yellow sticky notes and post them on their computer monitors--leaving confidential data wide open to any passer-by. What if there were just one password? A single log-on for e-mail…

75 FR 4066 - Agency Information Collection Activities; Submission to OMB for Review and Approval; Comment...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-26

..., access the index listing of the contents of the docket, and to access those documents in the docket that... of the funding. The information is organized by programmatic goal and desired result, which aligns... organization is assigned a user ID and password. Security measures have been established to protect data that...

One-Time Password Registration Key Code Request | High-Performance

Science.gov Websites

Computing | NREL One-Time Password Registration Key Code Request One-Time Password Registration Key Code Request Use this form to request a one-time password (OTP) registration key code for using . Alternate Email In case there is a second email where we might contact you Phone In case we need to contact

31 CFR 363.17 - Who is liable if someone else accesses my TreasuryDirect ® account using my password?

Code of Federal Regulations, 2010 CFR

2010-07-01

..., password, and any other form(s) of authentication we may require. We will treat any transactions conducted using your password as having been authorized by you. We are not liable for any loss, liability, cost, or expense that you may incur as a result of transactions made using your password. [72 FR 30978...

Prospective study of clinician-entered research data in the Emergency Department using an Internet-based system after the HIPAA Privacy Rule

PubMed Central

Kline, Jeffrey A; Johnson, Charles L; Webb, William B; Runyon, Michael S

2004-01-01

Background Design and test the reliability of a web-based system for multicenter, real-time collection of data in the emergency department (ED), under waiver of authorization, in compliance with HIPAA. Methods This was a phase I, two-hospital study of patients undergoing evaluation for possible pulmonary embolism. Data were collected by on-duty clinicians on an HTML data collection form (prospective e-form), populated using either a personal digital assistant (PDA) or personal computer (PC). Data forms were uploaded to a central, offsite server using secure socket protocol transfer. Each form was assigned a unique identifier, and all PHI data were encrypted, but were password-accessible by authorized research personnel to complete a follow-up e-form. Results From April 15, 2003-April 15 2004, 1022 prospective e-forms and 605 follow-up e-forms were uploaded. Complexities of PDA use compelled clinicians to use PCs in the ED for data entry for most forms. No data were lost and server log query revealed no unauthorized entry. Prospectively obtained PHI data, encrypted upon server upload, were successfully decrypted using password-protected access to allow follow-up without difficulty in 605 cases. Non-PHI data from prospective and follow-up forms were available to the study investigators via standard file transfer protocol. Conclusions Data can be accurately collected from on-duty clinicians in the ED using real-time, PC-Internet data entry in compliance with the Privacy Rule. Deidentification-reidentification of PHI was successfully accomplished by a password-protected encryption-deencryption mechanism to permit follow-up by approved research personnel. PMID:15479471

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks

PubMed Central

Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

2015-01-01

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost. PMID:26633396

When Sharing Is a Bad Idea: The Effects of Online Social Network Engagement and Sharing Passwords with Friends on Cyberbullying Involvement.

PubMed

Meter, Diana J; Bauman, Sheri

2015-08-01

Every day, children and adolescents communicate online via social networking sites (SNSs). They also report sharing passwords with peers and friends, a potentially risky behavior in regard to cyber safety. This longitudinal study tested the hypotheses that social network engagement in multiple settings would predict more cyberbullying involvement over time, and that youth who reported sharing passwords would also experience an increase in cyberbullying involvement. Data were collected at two time points one year apart from 1,272 third through eighth grade students. In line with the first study hypothesis, participating in more online SNSs was associated with increased cyberbullying involvement over time, as well as sharing passwords over time. Cyberbullying involvement at T1 predicted decreases in sharing passwords over time, suggesting that youth become aware of the dangers of sharing passwords as a result of their experience. Sharing passwords at T1 was unrelated to cyberbullying involvement at T2. Although it seems that youth may be learning from their previous mistakes, due to the widespread use of social media and normality of sharing passwords among young people, it is important to continue to educate youth about cyber safety and risky online behavior.

Security analysis and improvements to the PsychoPass method.

PubMed

Brumen, Bostjan; Heričko, Marjan; Rozman, Ivan; Hölbl, Marko

2013-08-13

In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength.

Security Analysis and Improvements to the PsychoPass Method

PubMed Central

2013-01-01

Background In a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. Objective To perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. Methods We used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. Results The first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. Conclusions The proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength. PMID:23942458

Entity Resolution Workflow Installation Process and User Guide

DTIC Science & Technology

2013-07-01

Program Files\\PostgreSQL\\9.1\\data superuser ( postgres ), service account ( postgres ) password : "password" Port #: 5432 Add an environment variable...in this report. • Run the script found in <GG_HOME>\\ globalgraph-dist-1.4.6-final\\schema- ddl\\postgresSetup.bat. This script will set up Postgres ...Username: postgres DB Admin PWD: password GlobalGraph App User: gguser GlobalGraph App PWD: password • Restart the Postgres service using the Windows

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

A Prototype Implementation of a Time Interval File Protection System in Linux

DTIC Science & Technology

2006-09-01

when a user logs in, the /etc/ passwd file is read by the system to get the user’s home directory. The user’s login shell then changes the directory...and don. • Users can be added with the command: # useradd – m <username> • Set the password by: # passwd <username> • Make a copy of the

Collaboration using roles. [in computer network security

NASA Technical Reports Server (NTRS)

Bishop, Matt

1990-01-01

Segregation of roles into alternative accounts is a model which provides not only the ability to collaborate but also enables accurate accounting of resources consumed by collaborative projects, protects the resources and objects of such a project, and does not introduce new security vulnerabilities. The implementation presented here does not require users to remember additional passwords and provides a very simple consistent interface.

System of end-to-end symmetric database encryption

NASA Astrophysics Data System (ADS)

Galushka, V. V.; Aydinyan, A. R.; Tsvetkova, O. L.; Fathi, V. A.; Fathi, D. V.

2018-05-01

The article is devoted to the actual problem of protecting databases from information leakage, which is performed while bypassing access control mechanisms. To solve this problem, it is proposed to use end-to-end data encryption, implemented at the end nodes of an interaction of the information system components using one of the symmetric cryptographic algorithms. For this purpose, a key management method designed for use in a multi-user system based on the distributed key representation model, part of which is stored in the database, and the other part is obtained by converting the user's password, has been developed and described. In this case, the key is calculated immediately before the cryptographic transformations and is not stored in the memory after the completion of these transformations. Algorithms for registering and authorizing a user, as well as changing his password, have been described, and the methods for calculating parts of a key when performing these operations have been provided.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks".

PubMed

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroaki; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes' participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.'s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.'s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic.

Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks"

PubMed Central

Alizadeh, Mojtaba; Zamani, Mazdak; Baharun, Sabariah; Abdul Manaf, Azizah; Sakurai, Kouichi; Anada, Hiroki; Keshavarz, Hassan; Ashraf Chaudhry, Shehzad; Khurram Khan, Muhammad

2015-01-01

Proxy Mobile IPv6 is a network-based localized mobility management protocol that supports mobility without mobile nodes’ participation in mobility signaling. The details of user authentication procedure are not specified in this standard, hence, many authentication schemes have been proposed for this standard. In 2013, Chuang et al., proposed an authentication method for PMIPv6, called SPAM. However, Chuang et al.’s Scheme protects the network against some security attacks, but it is still vulnerable to impersonation and password guessing attacks. In addition, we discuss other security drawbacks such as lack of revocation procedure in case of loss or stolen device, and anonymity issues of the Chuang et al.’s scheme. We further propose an enhanced authentication method to mitigate the security issues of SPAM method and evaluate our scheme using BAN logic. PMID:26580963

Individual differences in cyber security behaviors: an examination of who is sharing passwords.

PubMed

Whitty, Monica; Doodson, James; Creese, Sadie; Hodges, Duncan

2015-01-01

In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found younger [corrected] people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns.

Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords

PubMed Central

Doodson, James; Creese, Sadie; Hodges, Duncan

2015-01-01

Abstract In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found older people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns. PMID:25517697

Unisys Corporation OS 1100

DTIC Science & Technology

1989-09-27

a run is always the @RUN statement, which can specify user-id, account number, and project-id. The @ PASSWD statement specifies password and security...Every-Page-Label Options PASSWD password for batch; F36 User-id validation chang for demand; comp, nent set for batch LEV change Clearance Level F33...clearance level @@PASS Change password F36 Current valid password must @@ PASSWD be specified @@SEND Display a print file F16 Sym to user-id or site-id that is

Evaluation of a new eLearning platform for distance teaching of microsurgery.

PubMed

Messaoudi, T; Bodin, F; Hidalgo Diaz, J J; Ichihara, S; Fikry, T; Lacreuse, I; Liverneaux, P; Facca, S

2015-06-01

Online learning (or eLearning) is in constant evolution in medicine. An analytical survey of the websites of eight academic societies and medical schools was carried out. These sites were evaluated against parameters that define the quality of an eLearning website, as well as the shareable content object reference model (SCORM) technical standards. All studied platforms were maintained by a webmaster and regularly updated. Only two platforms had teleconference opportunities, five had courses in PDF format, and four allowed online testing. Based on SCORM standards, only four platforms allowed direct access without a password. The content of all platforms was adaptable, interoperable and reusable. But their sustainability was difficult to assess. In parallel, we developed the first eLearning platform to be used as part of a university diploma in microsurgery in France. The platform was evaluated by students enrolled this diploma program. A satisfaction survey and platform evaluation showed that students were generally satisfied and had used the platform for microsurgery education, especially the seven students living abroad. ELearning for microsurgery allows the content to be continuously updated, makes for fewer classroom visits, provides easy remote access, and especially better training time management and cost savings in terms of travel and accommodations. Copyright © 2015 Elsevier Masson SAS. All rights reserved.

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

NASA Astrophysics Data System (ADS)

Sasaki, Yu; Wang, Lei; Ohta, Kazuo; Kunihiro, Noboru

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

The Characteristics of User-Generated Passwords

DTIC Science & Technology

1990-03-01

electronic keys), user interface tokens (pocket devices that can generate one-time passwords) and fixed password devices ( plastic cards that contain...APPENDIX B-7 DIFFREM DIFFICULTY REMfEIBERING by PASSCHAR PASSORD CARACTERISTICS PASSCHAR Pate I of 1 Count 1 Row Pet IALPHAVET NUMERIC ALPHANUM ASCII Cal Pet

Practical security and privacy attacks against biometric hashing using sparse recovery

NASA Astrophysics Data System (ADS)

Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdogan, Hakan

2016-12-01

Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user's password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

The Effect of Password Management Procedures on the Entropy of User Selected Passwords

ERIC Educational Resources Information Center

Enamait, John D.

2012-01-01

Maintaining the security of information contained within computer systems poses challenges for users and administrators. Attacks on information systems continue to rise. Specifically, attacks that target user authentication are increasingly popular. These attacks are based on the common perception that traditional alphanumeric passwords are weak…

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

NASA Astrophysics Data System (ADS)

Xie, Qi; Hu, Bin; Chen, Ke-Fei; Liu, Wen-Hao; Tan, Xiao

2015-11-01

In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency. Project supported by the Natural Science Foundation of Zhejiang Province, China (Grant No. LZ12F02005), the Major State Basic Research Development Program of China (Grant No. 2013CB834205), and the National Natural Science Foundation of China (Grant No. 61070153).

Development of a website and biobank database for the Nanosized Cancer Polymarker Biochip Project: a Multicenter Italian Experience.

PubMed

Leon, Antonette E; Fabricio, Aline S C; Benvegnù, Fabio; Michilin, Silvia; Secco, Annamaria; Spangaro, Omar; Meo, Sabrina; Gion, Massimo

2011-01-01

The Nanosized Cancer Polymarker Biochip Project (RBLA03S4SP) funded by an Italian MIUR-FIRB grant (Italian Ministry of University and Research - Investment Funds for Basic Research) has led to the creation of a free-access dynamic website, available at the web address https://serviziweb.ulss12.ve.it/firbabo, and of a centralized database with password-restricted access. The project network is composed of 9 research units (RUs) and has been active since 2005. The aim of the FIRB project was the design, production and validation of optoelectronic and chemoelectronic biosensors for the simultaneous detection of a novel class of cancer biomarkers associated with immunoglobulins of the M class (IgM) for early diagnosis of cancer. Biomarker immune complexes (BM-ICs) were assessed on samples of clinical cases and matched controls for breast, colorectal, liver, ovarian and prostate malignancies. This article describes in detail the architecture of the project website, the central database application, and the biobank developed for the FIRB Nanosized Cancer Polymarker Biochip Project. The article also illustrates many unique aspects that should be considered when developing a database within a multidisciplinary scenario. The main deliverables of the project were numerous, including the development of an online database which archived 1400 case report forms (700 cases and 700 matched controls) and more than 2700 experimental results relative to the BM-ICs assayed. The database also allowed for the traceability and retrieval of 21,000 aliquots archived in the centralized bank and stored as backup in the RUs, and for the development of a centralized biological bank in the coordinating unit with 6300 aliquots of serum. The constitution of the website and biobank database enabled optimal coordination of the RUs involved, highlighting the importance of sharing samples and scientific data in a multicenter setting for the achievement of the project goals.

27 CFR 73.12 - What security controls must I use for identification codes and passwords?

Code of Federal Regulations, 2010 CFR

2010-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2010-04-01 2010-04-01 false What security controls... controls must I use for identification codes and passwords? If you use electronic signatures based upon use of identification codes in combination with passwords, you must employ controls to ensure their...

DDN Trusted Guard Gateway. Trusted Guard Gateway (TGG) Technology Assessment. Phase 2

DTIC Science & Technology

1989-02-02

strengthened via removal of the encrypted passwords from the password/group files, and imposition of limits on root, login, passwd , and super users. For...amongst these are the removal of the list of encoded passwords from the etc/ passwd file, and the removal of any special privileges from the root ID

Implications of What Children Know about Computer Passwords

ERIC Educational Resources Information Center

Coggins, Porter E.

2013-01-01

The purpose of this article is to present several implications and recommendations regarding what elementary school children, aged 9-12 years, know about computer passwords and what they know about why computer passwords are important. Student knowledge can then be used to make relevant curriculum decisions based in conjunction with applicable…

Secure Biometric Multi-Logon System Based on Current Authentication Technologies

NASA Astrophysics Data System (ADS)

Tait, Bobby L.

The need for accurate authentication in the current IT world is of utmost importance. Users rely on current IT technologies to facilitate in day to day interactions with nearly all environments. Strong authentication technologies like the various biometric technologies have been in existence for many years. Many of these technologies, for instance fingerprint biometrics, have reached maturity. However, passwords and pins are still the most commonly used authentication mechanisms at this stage. An average user has to be authenticated in various situations during daily interaction with his or her environment, by means of a pin or a password. This results in many different passwords and pins that the user has to remember. The user will eventually either start documenting these passwords and pins, or often, simply use the same password and pin for all authentication situations.

Provably Secure Password-based Authentication in TLS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abdalla, Michel; Emmanuel, Bresson; Chevassut, Olivier

2005-12-20

In this paper, we show how to design an efficient, provably secure password-based authenticated key exchange mechanism specifically for the TLS (Transport Layer Security) protocol. The goal is to provide a technique that allows users to employ (short) passwords to securely identify themselves to servers. As our main contribution, we describe a new password-based technique for user authentication in TLS, called Simple Open Key Exchange (SOKE). Loosely speaking, the SOKE ciphersuites are unauthenticated Diffie-Hellman ciphersuites in which the client's Diffie-Hellman ephemeral public value is encrypted using a simple mask generation function. The mask is simply a constant value raised tomore » the power of (a hash of) the password.The SOKE ciphersuites, in advantage over previous pass-word-based authentication ciphersuites for TLS, combine the following features. First, SOKE has formal security arguments; the proof of security based on the computational Diffie-Hellman assumption is in the random oracle model, and holds for concurrent executions and for arbitrarily large password dictionaries. Second, SOKE is computationally efficient; in particular, it only needs operations in a sufficiently large prime-order subgroup for its Diffie-Hellman computations (no safe primes). Third, SOKE provides good protocol flexibility because the user identity and password are only required once a SOKE ciphersuite has actually been negotiated, and after the server has sent a server identity.« less

Alternative Fuels Data Center: Federal Laws and Incentives for Biodiesel

Science.gov Websites

Jennifer Keller National Clean Diesel Campaign U.S. Environmental Protection Agency Phone: (202) 343-9541 website. Point of Contact Jennifer Keller National Clean Diesel Campaign U.S. Environmental Protection projects. For more information, see the Clean Construction website. Point of Contact Jennifer Keller

Social Networking Technologies

DTIC Science & Technology

2015-01-01

that an invasion of privacy can occur where the user has created a password protected, private account and limits those who can view it. The question...increasingly add new options for more intimate sharing of information. For example, sites like FourSquare and Instagram , as well as some of the more...her account while a supervisor looked on. The supervisor then copied the post and forwarded it on to the state paramedic licensing board alleging

Disaster easily averted? Data confidentiality and the hospital desktop computer.

PubMed

Sethi, Neeraj; Lane, Gethin; Newton, Sophie; Egan, Philip; Ghosh, Samit

2014-05-01

We specifically identified the hospital desktop computer as a potential source of breaches in confidentiality. We aimed to evaluate if there was accessible, unprotected, confidential information stored on the desktop screen on computers in a district general hospital and if so, how a teaching intervention could improve this situation. An unannounced spot check of 59 ward computers was performed. Data were collected regarding how many had confidential information stored on the desktop screen without any password protection. An online learning module was mandated for healthcare staff and a second cycle of inspection performed. A district general hospital. Two doctors conducted the audit. Computers in clinical areas were assessed. All clinical staff with computer access underwent the online learning module. An online learning module regarding data protection and confidentiality. In the first cycle, 55% of ward computers had easily accessible patient or staff confidential information stored on their desktop screen. This included handovers, referral letters, staff sick leave lists, audits and nursing reports. The majority (85%) of computers accessed were logged in under a generic username and password. The intervention produced an improvement in the second cycle findings with only 26% of computers being found to have unprotected confidential information stored on them. The failure to comply with appropriate confidential data protection regulations is a persistent problem. Education produces some improvement but we also propose a systemic approach to solving this problem. Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.

76 FR 11680 - Service Contracts and Non-Vessel-Operating Service Arrangements; Transmission of Approved Log-In...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-03

... Contracts and Non-Vessel-Operating Service Arrangements; Transmission of Approved Log-In ID and Passwords... advise applicants for log-in IDs and passwords. DATES: The Final Rule is effective March 3, 2011. FOR... the U.S. Mail to transmit approved log-on IDs and password to registrants in the Commission's...

Password Complexity Recommendations: xezandpAxat8Um or P4$$w0rd!!!!

DTIC Science & Technology

2014-10-01

have we seen the computer screen with fast- scrolling characters, with good answers being indicated one by one? This is not a MasterMind game ! Password...security/2013/ 05/how-crackers-make-minced- meat -out-of-your-passwords (Access Date: 2014-04-02). 18 DRDC-RDDC-2014-R27 DOCUMENT CONTROL DATA (Security

A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Das, Ashok Kumar

2015-03-01

An integrated EPR (Electronic Patient Record) information system of all the patients provides the medical institutions and the academia with most of the patients' information in details for them to make corrective decisions and clinical decisions in order to maintain and analyze patients' health. In such system, the illegal access must be restricted and the information from theft during transmission over the insecure Internet must be prevented. Lee et al. proposed an efficient password-based remote user authentication scheme using smart card for the integrated EPR information system. Their scheme is very efficient due to usage of one-way hash function and bitwise exclusive-or (XOR) operations. However, in this paper, we show that though their scheme is very efficient, their scheme has three security weaknesses such as (1) it has design flaws in password change phase, (2) it fails to protect privileged insider attack and (3) it lacks the formal security verification. We also find that another recently proposed Wen's scheme has the same security drawbacks as in Lee at al.'s scheme. In order to remedy these security weaknesses found in Lee et al.'s scheme and Wen's scheme, we propose a secure and efficient password-based remote user authentication scheme using smart cards for the integrated EPR information system. We show that our scheme is also efficient as compared to Lee et al.'s scheme and Wen's scheme as our scheme only uses one-way hash function and bitwise exclusive-or (XOR) operations. Through the security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks.

An improved authenticated key agreement protocol for telecare medicine information system.

PubMed

Liu, Wenhao; Xie, Qi; Wang, Shengbao; Hu, Bin

2016-01-01

In telecare medicine information systems (TMIS), identity authentication of patients plays an important role and has been widely studied in the research field. Generally, it is realized by an authenticated key agreement protocol, and many such protocols were proposed in the literature. Recently, Zhang et al. pointed out that Islam et al.'s protocol suffers from the following security weaknesses: (1) Any legal but malicious patient can reveal other user's identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if the patient's identity is compromised. Zhang et al. also proposed an improved authenticated key agreement scheme with privacy protection for TMIS. However, in this paper, we point out that Zhang et al.'s scheme cannot resist off-line password guessing attack, and it fails to provide the revocation of lost/stolen smartcard. In order to overcome these weaknesses, we propose an improved protocol, the security and authentication of which can be proven using applied pi calculus based formal verification tool ProVerif.

TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones

NASA Astrophysics Data System (ADS)

Nauman, Mohammad; Ali, Tamleek

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device - such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services.

76 FR 2425 - Draft Regulatory Guide: Reissuance and Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-13

... posted on the NRC website and on the Federal rulemaking website Regulations.gov . Because your comments... publicly disclosed. Federal Rulemaking Website: Go to http://www.regulations.gov and search for [email protected] . The Regulatory Analysis is available electronically under ADAMS Accession Number...

Design and Implementation of Website Information Disclosure Assessment System

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people’s lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website’s information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites. PMID:25768434

Lecture-Capture Software and the Teaching of Soils

NASA Astrophysics Data System (ADS)

Brevik, Eric C.

2014-05-01

Several companies now offer software that can record academic lectures and place them on password-protected course websites for future review by students. Using lecture-capture software offers several advantages for the instructor and the students, including: 1) The ability for students who miss class for legitimate reasons (e.g., participation in school-sanctioned extra-curricular activities, illness or family emergencies) to get lecture materials by logging into the class website. This provides these students with a more complete exposure to the material than simply copying a classmate's notes. 2) The instructor is able to direct students who miss class for legitimate reasons to the recorded lecture rather than needing to spend time going over the material with those students and that recap does not end up being rushed. 3) The ability to address course conflicts for graduating seniors by allowing them to take the lecture portion of the class via recorded lecture. 4) Students who desire more in-depth learning are able to go back to selected portions of previous lectures to review and reconsider a topic of discussion or to fill in vague sections of their notes. There are also potential disadvantages to the use of lecture-capture software, including: 1) decreased student attendance in class because they feel they can watch class later at a time of their own choosing, 2) additional time spent by the instructor dealing with the technology, and 3) problems with hardware or software during class time that prevents recording a given day's lecture. These problems can often be addressed or justified relatively easily. If problem 1 is of concern to an instructor it can be addressed by blocking online access to individual students who have a poor record of class attendance. In the case of problem 2, the extra time spent with the technology is often offset by a reduction in time answering questions from students who have missed class. Problem 3 does happen, but in the author's experience it is fairly rare, representing less than 5% of class sessions per semester. Student comments have been overwhelmingly favorable towards the use of captured lectures since the technology was first adopted in the author's classes in 2009.

Advanced Terrain Representation for the Microticcit Workstation: System Maintenance Manual

DTIC Science & Technology

1986-02-01

enter the */ /* password. */ /* Inputs: passwd - password to compare userfs entry to */ /* Outputs: TRUE - if password entered correctly...include "atrdefs.h" #include "ctype.h" extern char window[]; /* useable portion of screen */ 1 i getpw( passwd ) char passwd []; { int c...blank input window */ pcvgcp(&row,*col); curs_off(); nchars - ntries - 0; len « strlen( passwd ); pcvwca(len,• *,REVIDEO); /* process keys till user

Distributed Password Cracking

DTIC Science & Technology

2009-12-01

other services for early UNIX systems at Bell labs. In many UNIX based systems, the field added to ‘etc/ passwd ’ file to carry GCOS ID information was...charset, and external. struct options_main { /* Option flags */ opt_flags flags; /* Password files */ struct list_main * passwd ; /* Password file...object PASSWD . It is part of several other data structures. struct PASSWD { int id; char *login; char *passwd_hash; int UID

Password-free network security through joint use of audio and video

NASA Astrophysics Data System (ADS)

Civanlar, Mehmet R.; Chen, Tsuhan

1997-01-01

REmote authentication is vital for many network based applications. As the number of such applications increases, user friendliness of the authentication process, particularly as it relates to password management, becomes as important as its reliability. The multimedia capabilities of the modern terminal equipment can provide the basis for a dependable and easy to use authentication system which does not require the user to memorize passwords. This paper outlines our implementation of an authentication system based on the joint use of the speech and facial video of a user. Our implementation shows that the voice and the video of the associated lip movements, when used together, can be very effective for password free authentication.

Using virtualization to protect the proprietary material science applications in volunteer computing

NASA Astrophysics Data System (ADS)

Khrapov, Nikolay P.; Rozen, Valery V.; Samtsevich, Artem I.; Posypkin, Mikhail A.; Sukhomlin, Vladimir A.; Oganov, Artem R.

2018-04-01

USPEX is a world-leading software for computational material design. In essence, USPEX splits simulation into a large number of workunits that can be processed independently. This scheme ideally fits the desktop grid architecture. Workunit processing is done by a simulation package aimed at energy minimization. Many of such packages are proprietary and should be protected from unauthorized access when running on a volunteer PC. In this paper we present an original approach based on virtualization. In a nutshell, the proprietary code and input files are stored in an encrypted folder and run inside a virtual machine image that is also password protected. The paper describes this approach in detail and discusses its application in USPEX@home volunteer project.

Computer-Access-Code Matrices

NASA Technical Reports Server (NTRS)

Collins, Earl R., Jr.

1990-01-01

Authorized users respond to changing challenges with changing passwords. Scheme for controlling access to computers defeats eavesdroppers and "hackers". Based on password system of challenge and password or sign, challenge, and countersign correlated with random alphanumeric codes in matrices of two or more dimensions. Codes stored on floppy disk or plug-in card and changed frequently. For even higher security, matrices of four or more dimensions used, just as cubes compounded into hypercubes in concurrent processing.

Productivity, part 2: cloud storage, remote meeting tools, screencasting, speech recognition software, password managers, and online data backup.

PubMed

Lackey, Amanda E; Pandey, Tarun; Moshiri, Mariam; Lalwani, Neeraj; Lall, Chandana; Bhargava, Puneet

2014-06-01

It is an opportune time for radiologists to focus on personal productivity. The ever increasing reliance on computers and the Internet has significantly changed the way we work. Myriad software applications are available to help us improve our personal efficiency. In this article, the authors discuss some tools that help improve collaboration and personal productivity, maximize e-learning, and protect valuable digital data. Published by Elsevier Inc.

Biometric template transformation: a security analysis

NASA Astrophysics Data System (ADS)

Nagar, Abhishek; Nandakumar, Karthik; Jain, Anil K.

2010-01-01

One of the critical steps in designing a secure biometric system is protecting the templates of the users that are stored either in a central database or on smart cards. If a biometric template is compromised, it leads to serious security and privacy threats because unlike passwords, it is not possible for a legitimate user to revoke his biometric identifiers and switch to another set of uncompromised identifiers. One methodology for biometric template protection is the template transformation approach, where the template, consisting of the features extracted from the biometric trait, is transformed using parameters derived from a user specific password or key. Only the transformed template is stored and matching is performed directly in the transformed domain. In this paper, we formally investigate the security strength of template transformation techniques and define six metrics that facilitate a holistic security evaluation. Furthermore, we analyze the security of two wellknown template transformation techniques, namely, Biohashing and cancelable fingerprint templates based on the proposed metrics. Our analysis indicates that both these schemes are vulnerable to intrusion and linkage attacks because it is relatively easy to obtain either a close approximation of the original template (Biohashing) or a pre-image of the transformed template (cancelable fingerprints). We argue that the security strength of template transformation techniques must consider also consider the computational complexity of obtaining a complete pre-image of the transformed template in addition to the complexity of recovering the original biometric template.

Preliminary Lessons Learned from the “Native Navigators and the Cancer Continuum” (NNACC)

PubMed Central

Krebs, Linda U.; Watanabe-Galloway, Shinobu; Petereit, Daniel G.; Pingatore, Noel L.; Eschiti, Valerie

2012-01-01

This community-based participatory research (CBPR) study was based on patient navigation (Navigator) among three original sites: Colorado, Michigan, and South Dakota. During 2010, the study added two sites: the Comanche Nation and the Muscogee (Creek) Nation (Oklahoma). The intervention includes 24-h of a Navigator-implemented cancer education program that addresses the full continuum of cancer care. The partners include agreements with up to two local Native American organizations each year, called Memorandum Native Organizations, who have strong relationships with local American Indians. Family fun events are used to initiate the series of workshops and to collect baseline data and also to wrap up and evaluate the series 3 months following the completion of the workshop series. Evaluation data are collected using an audience response system (ARS) and stored using an online evaluation program. Among the lessons learned to date are: the Institutional Review Board processes required both regional and national approvals and took more than 9 months. All of the workshop slides were missing some components and needed refinements. The specifics for the Memorandum Native Organization deliverables needed more details. The ARS required additional training sessions, but once learned the Navigator use the ARS well. Use of the NACR website for a password-protected page to store all NNACC workshop and training materials was easier to manage than use of other online storage programs. The community interest in taking part in the workshops was greater than what was anticipated. All of the Navigators’ skills are improving and all are enjoying working with the community. PMID:22410710

Exploring the evidence in pediatric hematology and oncology nursing through the "article of the month".

PubMed

Linder, Lauri

2010-01-01

As the scope of pediatric hematology and oncology nursing expands, nurses are challenged with staying current in the evidence guiding their practice. Nurse-reported barriers to accessing and utilizing research include lack of time as well as difficulty in accessing, understanding, and synthesizing findings. Journal clubs provide a process to guide nurses in the review of current literature related to their practice and promote utilization of research and evidence-based practice among nurses. This article describes the transition of an in-person journal club to an electronically delivered "Article of the Month." The "Article of the Month" is offered six times each year and is posted on the service line's password-protected intranet website. Oversight of the "Article of the Month" is provided by the service line clinical nurse specialist who selects articles based on an annual learning needs assessment and develops a quiz to assess learning and promote critical thinking among nursing staff. Outcomes include anecdotal reports of increased staff confidence in managing emergent patient care needs and greater appreciation of nursing care issues for children with cancer. Areas for future development include exploring options for increasing in-person discussion of issues addressed in the "Article of the Month" among staff members, extending the "Article of the Month" to nurses in other service areas who care for children with cancer, and increasing staff participation in article selection and quiz item development. An ultimate goal is to develop formal evaluation strategies to link this educational strategy to clinical outcomes.

A novel chaotic stream cipher and its application to palmprint template protection

NASA Astrophysics Data System (ADS)

Li, Heng-Jian; Zhang, Jia-Shu

2010-04-01

Based on a coupled nonlinear dynamic filter (NDF), a novel chaotic stream cipher is presented in this paper and employed to protect palmprint templates. The chaotic pseudorandom bit generator (PRBG) based on a coupled NDF, which is constructed in an inverse flow, can generate multiple bits at one iteration and satisfy the security requirement of cipher design. Then, the stream cipher is employed to generate cancelable competitive code palmprint biometrics for template protection. The proposed cancelable palmprint authentication system depends on two factors: the palmprint biometric and the password/token. Therefore, the system provides high-confidence and also protects the user's privacy. The experimental results of verification on the Hong Kong PolyU Palmprint Database show that the proposed approach has a large template re-issuance ability and the equal error rate can achieve 0.02%. The performance of the palmprint template protection scheme proves the good practicability and security of the proposed stream cipher.

Storage-based Intrusion Detection: Watching storage activity for suspicious behavior

DTIC Science & Technology

2002-10-01

password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access pat- terns seen at the storage...example, consider a UNIX system password file (/etc/ passwd ), which con- sists of a set of well-defined records. Records are delimited by a line-break, and...etc/ passwd and verify that they conform to a set of basic integrity rules: 7-field records, non-empty password field, legal default shell, legal home

Gout

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Osteonecrosis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Vasculitis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Password-only authenticated three-party key exchange with provable security in the standard model.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Polymyalgia Rheumatica

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Neck Pain

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Psoriatic Arthritis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Juvenile Arthritis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Dermatomyositis (Juvenile)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Metabolic Myopathies

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Spinal Stenosis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Find a Rheumatologist

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Antinuclear Antibodies (ANA)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Sex and Arthritis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Joint Injection/Aspiration

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Giant Cell Arteritis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Carpal Tunnel Syndrome

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Tendinitis and Bursitis

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

A more secure anonymous user authentication scheme for the integrated EPR information system.

PubMed

Wen, Fengtong

2014-05-01

Secure and efficient user mutual authentication is an essential task for integrated electronic patient record (EPR) information system. Recently, several authentication schemes have been proposed to meet this requirement. In a recent paper, Lee et al. proposed an efficient and secure password-based authentication scheme used smart cards for the integrated EPR information system. This scheme is believed to have many abilities to resist a range of network attacks. Especially, they claimed that their scheme could resist lost smart card attack. However, we reanalyze the security of Lee et al.'s scheme, and show that it fails to protect off-line password guessing attack if the secret information stored in the smart card is compromised. This also renders that their scheme is insecure against user impersonation attacks. Then, we propose a new user authentication scheme for integrated EPR information systems based on the quadratic residues. The new scheme not only resists a range of network attacks but also provides user anonymity. We show that our proposed scheme can provide stronger security.

RUASN: a robust user authentication framework for wireless sensor networks.

PubMed

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

A Password System Based on Sketches

DTIC Science & Technology

2016-07-12

than traditional passwords. Biometrics include biological properties such as fingerprints, voices, faces, and even handwriting . Fingerprints have been...perturbation of the sketch495 results in a corresponding change in the model, which is exactly what we imply when we say that model is (locally...Conf. on Frontiers in Handwriting Recognition (2010) 339–344.690 [29] M. Martinez-Diaz, J. Fierrez, J. Galbally, The DooDB Graphical Password Database: Data Analysis and Benchmark Results, IEEE Access 1 (2013) 596–605. 32 33

PKPass

DOE Office of Scientific and Technical Information (OSTI.GOV)

Adamson, Ryan M.

Password management solutions exist, but few are designed for enterprise systems administrators sharing oncall rotations. Due to the Multi-Factor Level of Assurance 4 effort, DOE is now distributing PIV cards with cryptographically signed certificate and private key pairs to administrators and other security-significant users. We utilize this public key infrastructure (PKI) to encrypt passwords for other recipients in a secure way. This is cross platform (works on OSX and Linux systems), and has already been adopted internally by the NCCS systems administration staff to replace their old password book system.

HIV and Rheumatic Disease

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

What Is a Rheumatologist?

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Genetics and Rheumatic Disease

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Pregnancy and Rheumatic Disease

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

HCV and Rheumatic Disease

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

American College of Rheumatology

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Sjögren's Syndrome

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Granulomatosis with Polyangiitis (Wegener's)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Calcium Pyrophosphate Deposition (CPPD)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Alternative Fuels Data Center: Federal Laws and Incentives for Idle

Science.gov Websites

information on available grants and funding opportunities, see the NCDC website. Point of Contact Jennifer website. Point of Contact Jennifer Keller National Clean Diesel Campaign U.S. Environmental Protection

NSAIDs (Nonsteroidal Anti-inflammatory Drugs)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Osteonecrosis of the Jaw (ONJ)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Can I Use This App or Website for My Class? What to Know about Instructing Teachers and Students on Digital Citizenship, Digital Footprints, and Cybersafety

ERIC Educational Resources Information Center

Miller, Beth

2016-01-01

This article addresses the question of what app or website is appropriate for teachers to use for classroom instruction. While most school districts have safety policies related to the Children's Internet Protection Act (CIPA) and the Children's Online Privacy Protection Act (COPPA) implemented by means of software and district firewalls, this…

Cryopyrin-Associated Autoinflammatory Syndromes (CAPS) - Juvenile

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

A Systematic Method for Reviewing and Analyzing Health Information on Consumer-Oriented Websites.

PubMed

Rew, Lynn; Saenz, Ashley; Walker, Lorraine O

2018-05-29

A discussion of a proposed method for analyzing the quality of consumer-oriented websites that provide health-related information. The quality of health information available to consumers online varies widely in quality. In an effort to improve the quality of online information, experts have undertaken systematic reviews on selected health topics; however, no standardized comprehensive methodology currently exists for such review. An eight-step method is recommended embracing the following steps: (1) select topic; (2) determine the purpose of the analysis; (3) select search terms and engines; (4) develop and apply website inclusion and exclusion criteria; (5) develop processes and tools to manage search results; (6) specify measures of quality; (7) compute readability; (8) evaluate websites. Each of these steps is illustrated in relation to the health topic of gynecomastia, a physical and mental health challenge for many adolescent males and young men. Although most extant analyses of consumer-oriented websites have focused on disease conditions and their treatment, website-analysis methodology would encourage analyses that fall into the nursing care domain. The method outlined in this paper is intended to provide nurses and others who work with specific patient populations with the tools needed for website analytic studies. Such studies provide a foundation for making recommendations about quality websites, as well as identifying gaps in online information for health consumers. This article is protected by copyright. All rights reserved. This article is protected by copyright. All rights reserved.

Optical key system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hagans, K.G.; Clough, R.E.

2000-04-25

An optical key system comprises a battery-operated optical key and an isolated lock that derives both its operating power and unlock signals from the correct optical key. A light emitting diode or laser diode is included within the optical key and is connected to transmit a bit-serial password. The key user physically enters either the code-to-transmit directly, or an index to a pseudorandom number code, in the key. Such person identification numbers can be retained permanently, or ephemeral. When a send button is pressed, the key transmits a beam of light modulated with the password information. The modulated beam ofmore » light is received by a corresponding optical lock with a photovoltaic cell that produces enough power from the beam of light to operate a password-screen digital logic. In one application, an acceptable password allows a two watt power laser diode to pump ignition and timing information over a fiberoptic cable into a sealed engine compartment. The receipt of a good password allows the fuel pump, spark, and starter systems to each operate. Therefore, bypassing the lock mechanism as is now routine with automobile thieves is pointless because the engine is so thoroughly disabled.« less

Optical key system

DOEpatents

Hagans, Karla G.; Clough, Robert E.

2000-01-01

An optical key system comprises a battery-operated optical key and an isolated lock that derives both its operating power and unlock signals from the correct optical key. A light emitting diode or laser diode is included within the optical key and is connected to transmit a bit-serial password. The key user physically enters either the code-to-transmit directly, or an index to a pseudorandom number code, in the key. Such person identification numbers can be retained permanently, or ephemeral. When a send button is pressed, the key transmits a beam of light modulated with the password information. The modulated beam of light is received by a corresponding optical lock with a photovoltaic cell that produces enough power from the beam of light to operate a password-screen digital logic. In one application, an acceptable password allows a two watt power laser diode to pump ignition and timing information over a fiberoptic cable into a sealed engine compartment. The receipt of a good password allows the fuel pump, spark, and starter systems to each operate. Therefore, bypassing the lock mechanism as is now routine with automobile thieves is pointless because the engine is so thoroughly disabled.

Enhanced smartcard-based password-authenticated key agreement using extended chaotic maps.

PubMed

Lee, Tian-Fu; Hsiao, Chia-Hung; Hwang, Shi-Han; Lin, Tsung-Hung

2017-01-01

A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes.

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

PubMed Central

Nam, Junghyun; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks. PMID:24977229

Enhanced smartcard-based password-authenticated key agreement using extended chaotic maps

PubMed Central

Lee, Tian-Fu; Hsiao, Chia-Hung; Hwang, Shi-Han

2017-01-01

A smartcard based password-authenticated key agreement scheme enables a legal user to log in to a remote authentication server and access remote services through public networks using a weak password and a smart card. Lin recently presented an improved chaotic maps-based password-authenticated key agreement scheme that used smartcards to eliminate the weaknesses of the scheme of Guo and Chang, which does not provide strong user anonymity and violates session key security. However, the improved scheme of Lin does not exhibit the freshness property and the validity of messages so it still fails to withstand denial-of-service and privileged-insider attacks. Additionally, a single malicious participant can predetermine the session key such that the improved scheme does not exhibit the contributory property of key agreements. This investigation discusses these weaknesses and proposes an enhanced smartcard-based password-authenticated key agreement scheme that utilizes extended chaotic maps. The session security of this enhanced scheme is based on the extended chaotic map-based Diffie-Hellman problem, and is proven in the real-or-random and the sequence of games models. Moreover, the enhanced scheme ensures the freshness of communicating messages by appending timestamps, and thereby avoids the weaknesses in previous schemes. PMID:28759615

Immune System and Its Link to Rheumatic Diseases

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

Periodic Fever, Aphthous Stomatitis, Pharyngitis, Adenitis Syndrome (PFAPA)

MedlinePlus

... Keep me signed in Passwords are Case Sensitive. Ex. Enter smith as follows: Smith Forgot Username/Password? ... Erythematosus (Juvenile) Takayasu's Arteritis Tendinitis & Bursitis Tumor Necrosis Factor Receptor Associated Periodic Syndrome (Juvenile) Vasculitis Enfermedades y ...

76 FR 30408 - Agency Forms Submitted for OMB Review, Request for Comments

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-25

... conduct business with the agency electronically. As part of the system, the RRB collects information..., the requestor can apply for a PIN/ Password online. Once the PIN/Password has been established, the...

What Is the PE Password? Incorporating Vocabulary in Your Elementary PE Program

ERIC Educational Resources Information Center

Robelee, Margaret E.

2016-01-01

This article describes a novel program for third through fifth grade called "What is the PE Password?" that teaches vocabulary words and concepts without sacrificing activity time in order to support Common Core learning.

Testing the Effects of the Addition of Videos to a Website Promoting Environmental Breast Cancer Risk Reduction Practices: Are Videos Worth It?

PubMed Central

Perrault, Evan K.; Silk, Kami J.

2013-01-01

Searching for ways to reach wider audiences in more comprehensible ways, health promotion agencies might add videos to their current web offerings. While potentially costly and time consuming to create, the effect of these videos on websites has not received much attention. This study translated research about the potential breast cancer risk for young girls associated with the household chemical PFOA into two websites mothers with young daughters were randomly assigned to view (website with videos vs. website without videos). Results revealed participants in the video condition found the advocated risk protective behaviors easier to perform and stated they were more likely to perform them than those in the non-video condition. Approximately 15 days after exposure, those in the video condition performed on average one more protective behavior than those in the non-video condition. Results also suggest that agencies’ efforts should focus on creating one quality video to place on a homepage, as video views declined the deeper people navigated into the site. Behaviors advocated should also be ones that can have lasting impacts with one-time actions, as effects wore away over time. Additional strategies are discussed for health promoters seeking to create videos to add to their current websites. PMID:25143661

Smart security and securing data through watermarking

NASA Astrophysics Data System (ADS)

Singh, Ritesh; Kumar, Lalit; Banik, Debraj; Sundar, S.

2017-11-01

The growth of image processing in embedded system has provided the boon of enhancing the security in various sectors. This lead to the developing of various protective strategies, which will be needed by private or public sectors for cyber security purposes. So, we have developed a method which uses digital water marking and locking mechanism for the protection of any closed premises. This paper describes a contemporary system based on user name, user id, password and encryption technique which can be placed in banks, protected offices to beef the security up. The burglary can be abated substantially by using a proactive safety structure. In this proposed framework, we are using water-marking in spatial domain to encode and decode the image and PIR(Passive Infrared Sensor) sensor to detect the existence of person in any close area.

Connecting to HPC VPN | High-Performance Computing | NREL

Science.gov Websites

and password will match your NREL network account login/password. From OS X or Linux, open a terminal finalized. Open a Remote Desktop connection using server name WINHPC02 (this is the login node). Mac Mac

Password Cracking Using Sony Playstations

NASA Astrophysics Data System (ADS)

Kleinhans, Hugo; Butts, Jonathan; Shenoi, Sujeet

Law enforcement agencies frequently encounter encrypted digital evidence for which the cryptographic keys are unknown or unavailable. Password cracking - whether it employs brute force or sophisticated cryptanalytic techniques - requires massive computational resources. This paper evaluates the benefits of using the Sony PlayStation 3 (PS3) to crack passwords. The PS3 offers massive computational power at relatively low cost. Moreover, multiple PS3 systems can be introduced easily to expand parallel processing when additional power is needed. This paper also describes a distributed framework designed to enable law enforcement agents to crack encrypted archives and applications in an efficient and cost-effective manner.

Backup key generation model for one-time password security protocol

NASA Astrophysics Data System (ADS)

Jeyanthi, N.; Kundu, Sourav

2017-11-01

The use of one-time password (OTP) has ushered new life into the existing authentication protocols used by the software industry. It introduced a second layer of security to the traditional username-password authentication, thus coining the term, two-factor authentication. One of the drawbacks of this protocol is the unreliability of the hardware token at the time of authentication. This paper proposes a simple backup key model that can be associated with the real world applications’user database, which would allow a user to circumvent the second authentication stage, in the event of unavailability of the hardware token.

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

Alternative Fuels Data Center: Petroleum and Emission Reduction Planning

Science.gov Websites

Add Goal × Log In You need an account to save your plans. If you already have an account, log in below. Otherwise, create an account. Email address: Password: Confirm password: LOG IN Cancel Forgot

Robust Speaker Authentication Based on Combined Speech and Voiceprint Recognition

NASA Astrophysics Data System (ADS)

Malcangi, Mario

2009-08-01

Personal authentication is becoming increasingly important in many applications that have to protect proprietary data. Passwords and personal identification numbers (PINs) prove not to be robust enough to ensure that unauthorized people do not use them. Biometric authentication technology may offer a secure, convenient, accurate solution but sometimes fails due to its intrinsically fuzzy nature. This research aims to demonstrate that combining two basic speech processing methods, voiceprint identification and speech recognition, can provide a very high degree of robustness, especially if fuzzy decision logic is used.

DSSTOX WEBSITE LAUNCH: IMPROVING PUBLIC ACCESS TO DATABASES FOR BUILDING STRUCTURE-TOXICITY PREDICTION MODELS

EPA Science Inventory

DSSTox Website Launch: Improving Public Access to Databases for Building Structure-Toxicity Prediction Models
Ann M. Richard
US Environmental Protection Agency, Research Triangle Park, NC, USA

Distributed: Decentralized set of standardized, field-delimited databases,...

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

PubMed Central

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost. PMID:22163888

Design of Provider-Provisioned Website Protection Scheme against Malware Distribution

NASA Astrophysics Data System (ADS)

Yagi, Takeshi; Tanimoto, Naoto; Hariu, Takeo; Itoh, Mitsutaka

Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.

75 FR 5579 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-03

... with re-entry controlled by passwords. The DLA Enterprise Hotline Program Database is also password...: * * * * * System location: Delete entry and replace with ``Director, DLA Accountability Office (DA), Headquarters....'' * * * * * Retention and disposal: Delete entry and replace with ``Records are destroyed/deleted 10 years after...

For Parents, Teachers and Coaches: About Sports Eye Injury and Protective Eyewear

MedlinePlus

... Search Search the NEI Website search NEI on Social Media | Search A-Z | en español | Text size S M ... Contact Us A-Z Site Map NEI on Social Media Information in Spanish (Información en español) Website, Social ...

Correction.

PubMed

2015-03-01

In the January 2015 issue of Cyberpsychology, Behavior, and Social Networking (vol. 18, no. 1, pp. 3–7), the article "Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords." by Prof. Monica Whitty et al., has an error in wording in the abstract. The sentence in question was originally printed as: Contrary to our hypotheses, we found older people and individuals who score high on self-monitoring were more likely to share passwords. It should read: Contrary to our hypotheses, we found younger people and individuals who score high on self-monitoring were more likely to share passwords. The authors wish to apologize for the error.

Customer privacy on UK healthcare websites.

PubMed

Mundy, Darren P

2006-09-01

Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the author's research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the author's findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.

Simple group password-based authenticated key agreements for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

Information Parents Must Know about Online Privacy.

ERIC Educational Resources Information Center

Markell, Ginny

2000-01-01

Presents four tips to help parents monitor whether website operators are complying with the 1988 Children's Online Privacy Protection Act: look for privacy policies on children's websites; determine if they ask for parental consent to collect personal information; regularly monitor information being sent to children; and determine if web operators…

75 FR 2836 - Schools and Libraries Universal Service Support Mechanism

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-19

... networking websites and in chat rooms and cyberbullying awareness and response, as required by the Protecting... interacting with other individuals on social networking Web sites and in chat rooms and cyberbullying... networking websites and in chat rooms and cyberbullying awareness and response. We seek comment on this...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http://alaskafisheries.noaa.gov. (2... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2012 CFR

2012-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

50 CFR 679.91 - Amendment 80 Program annual harvester privileges.

Code of Federal Regulations, 2013 CFR

2013-10-01

...) Hand delivery or carrier: NMFS, Room 713, 709 West 9th Street, Juneau, AK 99801. (iv) Electronic: http... using the transferor's NMFS ID, password, and Transfer Key and submitting the transfer request, the... on the computer screen. By using the transferee's NMFS ID, password and Transfer Key, the designated...

21 CFR 11.300 - Controls for identification codes/passwords.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 21 Food and Drugs 1 2011-04-01 2011-04-01 false Controls for identification codes/passwords. 11.300 Section 11.300 Food and Drugs FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN... attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational...

21 CFR 11.300 - Controls for identification codes/passwords.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 21 Food and Drugs 1 2010-04-01 2010-04-01 false Controls for identification codes/passwords. 11.300 Section 11.300 Food and Drugs FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN... attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational...

Beyond Passwords: Usage and Policy Transformation

DTIC Science & Technology

2007-03-01

case scenario for lost productivity due to users leaving their CAC at work, in their computer, is costing 261 work years per year with an estimated ...one for your CAC) are you currently using? ..................................................................................................... 43...PASSWORDS: USAGE AND POLICY TRANSFORMATION I. Introduction Background Currently , the primary method for network authentication on the

21 CFR 11.300 - Controls for identification codes/passwords.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 21 Food and Drugs 1 2012-04-01 2012-04-01 false Controls for identification codes/passwords. 11.300 Section 11.300 Food and Drugs FOOD AND DRUG ADMINISTRATION, DEPARTMENT OF HEALTH AND HUMAN SERVICES GENERAL ELECTRONIC RECORDS; ELECTRONIC SIGNATURES Electronic Signatures § 11.300 Controls for...

A Password-Protected Web Site for Mothers Expressing Milk for Their Preterm Infants.

PubMed

Blatz, MaryAnn; Dowling, Donna; Underwood, Patricia W; Bieda, Amy; Graham, Gregory

2017-06-01

Research has demonstrated that breast milk significantly decreases morbidities that impact length of stay for preterm infants, but there is a need to test interventions to improve breastfeeding outcomes. Since many Americans are using technologies such as the Intranet and smartphones to find health information and manage health, a Web site was developed for mothers who provide breast milk for their preterm hospitalized infants. This study examined the efficacy of a Web site for mothers to educate them about breast milk expression and assist them in monitoring their breast milk supply. Quantitative and qualitative data were collected from mothers whose preterm infants were hospitalized in a level IV neonatal intensive care unit (NICU) or transitional care unit (TCU) in an urban academic medical center in the Midwest. Eighteen mothers participated in evaluation of the Web site. Thirteen mothers consistently logged on to the password-protected Web site (mean [standard deviation] = 13.3 [11.7]) times. Most participants, (69.2%), reported they used the breast milk educational information. Most mothers indicated that using the Web site log helped in tracking their pumping. These findings can be used to direct the design and development of web-based resources for mothers of preterm infants IMPLICATIONS FOR PRACTICE:: NICU and TCU staffs need to examine and establish approaches to actively involve mothers in monitoring the establishment and maintenance of an adequate supply of breast milk to improve neonatal health outcomes. An electronic health application that incorporates the features identified in this study should be developed and tested.

Quality of Breast Cancer Information on the Internet by African Organizations: An Appraisal

PubMed Central

2017-01-01

Objective. The aim of this study was to appraise the quality of information on BC available at websites run by organizations in Africa. Methods. Three searches were conducted using Google search engine to generate a list of websites. The identified websites were assessed using European Commission (EC) quality criteria for health-related websites, which comprises different assessment areas including, completeness, transparency and honesty, authority, privacy and data protection, updating of information, accountability, and accessibility. Results. Thirteen (13) websites were included in the evaluation. Majority of the websites evaluated had low scores on the completeness and transparency of their websites. Scores on accessibility were however moderate and high for most of the websites. Breast cancer-specific organizations provided the highest quality information, particularly in terms of completeness. The overall lowest and highest quality scores were 9 and 43 out of 63, respectively, and 77% of the included websites scored less than 50% of the total quality score. Conclusion. This review has provided evidence of inadequate and inaccurate BC information provided by some cancer organizations in Africa. Considerable effort is required to make BC information on the Internet a valuable and up-to-date source for both professionals and patients. PMID:28168059

Alternative Fuels Data Center: Plug-In Electric Vehicle Readiness Scorecard

Science.gov Websites

track progress toward PEV readiness. Get started evaluating your community. Create Account Log in to your account. Email Password Forgot your password? LOG IN Public reporting burden for this collection of information is estimated to average (20.5 hours) per response, including the time for reviewing

A Comparison of Password Techniques for Multilevel Authentication Mechanisms

DTIC Science & Technology

1990-06-01

an individual user’s perceptions, personal interests and personal history . This information is unique to the individual and is neither commonly...a user may associative passwords profile around the Beatles . In this case, cues may include "abbey", "john", "yellow" and "george" and have responses

General Framework for Evaluating Password Complexity and Strength

DTIC Science & Technology

2015-11-15

stronger password requirements: User attitudes and behaviors,” in Pro- ceedings of the Sixth Symposium on Usable Privacy and Security, ser. SOUPS ’10. New...Proceedings of the Eighth Symposium on Usable Privacy and Security, ser. SOUPS ’12. New York, NY, USA: ACM, 2012, pp. 1–20. [22] P. Kelley, S. Komanduri

Internet food marketing on popular children's websites and food product websites in Australia.

PubMed

Kelly, Bridget; Bochynska, Katarzyna; Kornman, Kelly; Chapman, Kathy

2008-11-01

The aim of the present study was to describe the nature and extent of food marketing on popular children's websites and food product websites in Australia. Food product websites (n 119) and popular children's websites (n 196) were selected based on website traffic data and previous research on frequently marketed food brands. Coding instruments were developed to capture food marketing techniques. All references to food on popular children's websites were also classified as either branded or non-branded and according to food categories. Websites contained a range of marketing features. On food product websites these marketing features included branded education (79.0% of websites), competitions (33.6%), promotional characters (35.3%), downloadable items (35.3%), branded games (28.6%) and designated children's sections (21.8%). Food references on popular children's websites were strongly skewed towards unhealthy foods (60.8% v. 39.2% healthy food references; P<0.001), with three times more branded food references for unhealthy foods. Branded food references displayed similar marketing features to those identified on food product websites. Internet food marketing uses a range of techniques to ensure that children are immersed in brand-related information and activities for extended periods, thereby increasing brand familiarity and exposure. The relatively unregulated marketing environment and increasing use of the Internet by children point to the potential increase in food marketing via this medium. Further research is required to investigate the impact of Internet food marketing on children's food preferences and consumption, and regulatory options to protect children.

PDBsum: Structural summaries of PDB entries.

PubMed

Laskowski, Roman A; Jabłońska, Jagoda; Pravda, Lukáš; Vařeková, Radka Svobodová; Thornton, Janet M

2018-01-01

PDBsum is a web server providing structural information on the entries in the Protein Data Bank (PDB). The analyses are primarily image-based and include protein secondary structure, protein-ligand and protein-DNA interactions, PROCHECK analyses of structural quality, and many others. The 3D structures can be viewed interactively in RasMol, PyMOL, and a JavaScript viewer called 3Dmol.js. Users can upload their own PDB files and obtain a set of password-protected PDBsum analyses for each. The server is freely accessible to all at: http://www.ebi.ac.uk/pdbsum. © 2017 The Protein Society.

Formal Methods for Information Protection Technology. Task 1: Formal Grammar-Based Approach and Tool for Simulation Attacks against Computer Network. Part 1

DTIC Science & Technology

2004-02-01

Protocol for Unix enumerating by stealing /etc/ passwd and (or) /etc/hosts.equiv and (or) ~/.rhosts; ISU – Identifying SID with user2sid ; IAS...null sessions””, FUE – “Finger Users Enumeration”, UTFTP – “Use of Trivial File Transfer Protocol for Unix enumerating by stealing /etc/ passwd and...Ping of Death”, UF – “UDP flooding”, IFS – “Storm of inquiries to FTP-server”, APF – “Access to Password File . passwd ”, WDPF – “Writing of Data with

User Authentication: A State-of-the-Art Review

DTIC Science & Technology

1991-09-01

etc/ passwd , is publicly readable. Although the passwords in the file are encrypted, the encryption routine is read:.ly accessible. Encrypting a guess...version 4.0, and AT&T’s System V release 3.2 and System V/MLS, have addressed the problem by moving the passwords from /etc/ passwd into a shadow file that

17 CFR 269.7 - Form ID, uniform application for access codes to file on EDGAR.

Code of Federal Regulations, 2010 CFR

2010-04-01

... on to the EDGAR system, submit filings, and change its CCC. (d) Password Modification Authorization Code (PMAC)—allows a filer, filing agent or training agent to change its Password. [69 FR 22710, Apr... Sections Affected, which appears in the Finding Aids section of the printed volume and on GPO Access. ...

17 CFR 249.446 - Form ID, uniform application for access codes to file on EDGAR.

Code of Federal Regulations, 2010 CFR

2010-04-01

... log on to the EDGAR system, submit filings, and change its CCC. (d) Password Modification Authorization Code (PMAC)—allows a filer, filing agent or training agent to change its Password. [69 FR 22710... Sections Affected, which appears in the Finding Aids section of the printed volume and on GPO Access. ...

Identifying preferences for mobile health applications for self-monitoring and self-management: focus group findings from HIV-positive persons and young mothers.

PubMed

Ramanathan, Nithya; Swendeman, Dallas; Comulada, W Scott; Estrin, Deborah; Rotheram-Borus, Mary Jane

2013-04-01

Self-management of risk behaviors is a cornerstone of future population health interventions. Using mobile phones for routine self-monitoring and feedback is a cost-efficient strategy for self-management and ecological momentary interventions (EMI). However, mobile health applications need to be designed to be highly attractive and acceptable to a broad range of user groups. To inform the design of an adaptable mobile health application we aimed to identify the dimensions and range of user preferences for application features by different user groups. Five focus group interviews were conducted: two (n=9; n=20) with people living with HIV (PLH) and three with young mothers (n=6; n=8; n=10). Thematic analyses were conducted on the focus group sessions' notes and transcripts. Both groups considered customization of reminders and prompts as necessary, and goal setting, motivational messaging, problem solving, and feedback as attractive. For PLH, automated and location-based reminders for medication adherence and sharing data with healthcare providers were both acceptable and attractive features. Privacy protection and invasiveness were the primary concerns, particularly around location tracking, illegal drug use, and sexual partner information. Concerns were ameliorated by use scenario or purpose, monetary incentives, and password protection. Privacy was not a major concern to mothers who considered passwords burdensome. Mothers' preferences focused on customization that supports mood, exercise and eating patterns, and especially using the mobile phone camera to photograph food to increase self-accountability. Individualization emerged as the key feature and design principle to reduce user burden and increase attractiveness and acceptability. Mobile phone EMI uniquely enables individualization, context-aware and real-time feedback, and tailored intervention delivery. Published by Elsevier Ireland Ltd.

46 CFR Appendix A to Part 530 - Instructions for the Filing of Service Contracts

Code of Federal Regulations, 2011 CFR

2011-10-01

... file service contracts. BTCL will direct OIRM to provide approved filers with a log-on ID and password. Filers who wish a third party (publisher) to file their service contracts must so indicate on Form FMC-83... home page, http://www.fmc.gov. A. Registration, Log-on ID and Password To register for filing, a...

46 CFR Appendix A to Part 530 - Instructions for the Filing of Service Contracts

Code of Federal Regulations, 2010 CFR

2010-10-01

... file service contracts. BTCL will direct OIRM to provide approved filers with a log-on ID and password. Filers who wish a third party (publisher) to file their service contracts must so indicate on Form FMC-83... home page, http://www.fmc.gov. A. Registration, Log-on ID and Password To register for filing, a...

The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers

DTIC Science & Technology

2014-07-07

POST re- quest, LastPass will store h’ as authenticating Alice. Mallory can then use otp’ to log-in to LastPass us- ing otp’. Of course , decrypting the...everywhere. [36] M. Rochkind. Security, forms, and error handling. In Expert PHP and MySQL , pages 191–247. Springer, 2013. [37] D. Silver, S. Jana, E

17 CFR 249.446 - Form ID, uniform application for access codes to file on EDGAR.

Code of Federal Regulations, 2011 CFR

2011-04-01

... log on to the EDGAR system, submit filings, and change its CCC. (d) Password Modification Authorization Code (PMAC)—allows a filer, filing agent or training agent to change its Password. [69 FR 22710... Sections Affected, which appears in the Finding Aids section of the printed volume and at at www.fdsys.gov. ...

17 CFR 269.7 - Form ID, uniform application for access codes to file on EDGAR.

Code of Federal Regulations, 2011 CFR

2011-04-01

... on to the EDGAR system, submit filings, and change its CCC. (d) Password Modification Authorization Code (PMAC)—allows a filer, filing agent or training agent to change its Password. [69 FR 22710, Apr... Sections Affected, which appears in the Finding Aids section of the printed volume and at at www.fdsys.gov. ...

Apple OS X VPN Set Up | High-Performance Computing | NREL

Science.gov Websites

software using that conf file and your UserID Start the connection using your password plus the 6-digit OTP . Configure the Client Software Start the Endian Connect App (It should have installed into Applications in an password" link, and add your UserID. Start the app, and begin configuring the connection by clicking

On the security flaws in ID-based password authentication schemes for telecare medical information systems.

PubMed

Mishra, Dheerendra

2015-01-01

Telecare medical information systems (TMIS) enable healthcare delivery services. However, access of these services via public channel raises security and privacy issues. In recent years, several smart card based authentication schemes have been introduced to ensure secure and authorized communication between remote entities over the public channel for the (TMIS). We analyze the security of some of the recently proposed authentication schemes of Lin, Xie et al., Cao and Zhai, and Wu and Xu's for TMIS. Unfortunately, we identify that these schemes failed to satisfy desirable security attributes. In this article we briefly discuss four dynamic ID-based authentication schemes and demonstrate their failure to satisfy desirable security attributes. The study is aimed to demonstrate how inefficient password change phase can lead to denial of server scenario for an authorized user, and how an inefficient login phase causes the communication and computational overhead and decrease the performance of the system. Moreover, we show the vulnerability of Cao and Zhai's scheme to known session specific temporary information attack, vulnerability of Wu and Xu's scheme to off-line password guessing attack, and vulnerability of Xie et al.'s scheme to untraceable on-line password guessing attack.

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.

PubMed

Moon, Jongho; Choi, Younsung; Kim, Jiye; Won, Dongho

2016-03-01

Recently, numerous extended chaotic map-based password authentication schemes that employ smart card technology were proposed for Telecare Medical Information Systems (TMISs). In 2015, Lu et al. used Li et al.'s scheme as a basis to propose a password authentication scheme for TMISs that is based on biometrics and smart card technology and employs extended chaotic maps. Lu et al. demonstrated that Li et al.'s scheme comprises some weaknesses such as those regarding a violation of the session-key security, a vulnerability to the user impersonation attack, and a lack of local verification. In this paper, however, we show that Lu et al.'s scheme is still insecure with respect to issues such as a violation of the session-key security, and that it is vulnerable to both the outsider attack and the impersonation attack. To overcome these drawbacks, we retain the useful properties of Lu et al.'s scheme to propose a new password authentication scheme that is based on smart card technology and requires the use of chaotic maps. Then, we show that our proposed scheme is more secure and efficient and supports security properties.

Robust anonymous authentication scheme for telecare medical information systems.

PubMed

Xie, Qi; Zhang, Jun; Dong, Na

2013-04-01

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient's privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.'s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.'s scheme also has some weaknesses. In particular, Chen et al.'s scheme does not provide user's privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user's smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.

Promotion and marketing of bioidentical hormone therapy on the internet: a content analysis of websites.

PubMed

Yuksel, Nese; Treseng, Laetitia; Malik, Bushra; Ogbogu, Ubaka

2017-10-01

To evaluate the quality of information presented and claims made on websites offering bioidentical hormone therapy (BHT) products or services. A quantitative content analysis was completed on 100 websites promoting or offering BHT products or services. Websites were identified through Google search engine from September to October 2013. Search terms included "bioidentical hormone therapy" or "bioidentical progesterone," accompanied by "purchase or buy," "service," or "doctors." The Brief DISCERN instrument was used to determine the quality of the health information. Websites were from Canada (59%), United States (38%), and other countries (3%). Almost half of the websites originated from medical clinics (47%), and healthcare professionals offering BHT services included physicians (50%), pharmacists (19%), and naturopaths (16%). Majority of websites promoted BHT as custom-compounded formulations (62%), with only 27% indicating that BHT is also commercially available. Websites overall claimed that BHT had less risk compared with conventional hormone therapy (62%). BHT was described as having less breast cancer risk (40%), whereas over a quarter of websites described BHT as "protective" for breast cancer. Websites mainly targeted women (99%), with males mentioned in 62% of websites. Product descriptors used to promote BHT included individualization (77%), natural (70%), hormone imbalance (56%), and antiaging (50%). The mean Brief DISCERN score was 15, indicating lower quality of information. Claims made about BHT on the internet are misleading and not consistent with current professional organizations' recommendations. Understanding how BHT may be promoted on the internet can help healthcare professionals when educating patients.

Protecting your privacy | National Oceanic and Atmospheric Administration

Science.gov Websites

no personal information about you when you visit our website unless you choose to provide that information to us. Here is how we handle information about your visit to NOAA.gov: If you do nothing during your visit but browse through the website, read pages or download information, we will gather and store

16 CFR 312.3 - Regulation of unfair or deceptive acts or practices in connection with the collection, use, and...

Code of Federal Regulations, 2013 CFR

2013-01-01

... UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.3 Regulation of unfair... operator of a website or online service directed to children, or any operator that has actual knowledge... this part, an operator must: (a) Provide notice on the website or online service of what information it...

16 CFR 312.3 - Regulation of unfair or deceptive acts or practices in connection with the collection, use, and...

Code of Federal Regulations, 2012 CFR

2012-01-01

... UNDER SPECIFIC ACTS OF CONGRESS CHILDREN'S ONLINE PRIVACY PROTECTION RULE § 312.3 Regulation of unfair... operator of a website or online service directed to children, or any operator that has actual knowledge... this part, an operator must: (a) Provide notice on the website or online service of what information it...

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Keystroke Dynamics-Based Credential Hardening Systems

NASA Astrophysics Data System (ADS)

Bartlow, Nick; Cukic, Bojan

abstract Keystroke dynamics are becoming a well-known method for strengthening username- and password-based credential sets. The familiarity and ease of use of these traditional authentication schemes combined with the increased trustworthiness associated with biometrics makes them prime candidates for application in many web-based scenarios. Our keystroke dynamics system uses Breiman’s random forests algorithm to classify keystroke input sequences as genuine or imposter. The system is capable of operating at various points on a traditional ROC curve depending on application-specific security needs. As a username/password authentication scheme, our approach decreases the system penetration rate associated with compromised passwords up to 99.15%. Beyond presenting results demonstrating the credential hardening effect of our scheme, we look into the notion that a user’s familiarity to components of a credential set can non-trivially impact error rates.

Secure password-based authenticated key exchange for web services

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liang, Fang; Meder, Samuel; Chevassut, Olivier

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options inmore » the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.« less

Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes

DOEpatents

Kent, Alexander Dale [Los Alamos, NM

2008-09-02

Methods and systems in a data/computer network for authenticating identifying data transmitted from a client to a server through use of a gateway interface system which are communicately coupled to each other are disclosed. An authentication packet transmitted from a client to a server of the data network is intercepted by the interface, wherein the authentication packet is encrypted with a one-time password for transmission from the client to the server. The one-time password associated with the authentication packet can be verified utilizing a one-time password token system. The authentication packet can then be modified for acceptance by the server, wherein the response packet generated by the server is thereafter intercepted, verified and modified for transmission back to the client in a similar but reverse process.

Why Schools Do Not Release ASVAB Scores to Military Recruiters

DTIC Science & Technology

2012-06-08

Career and Technical Education DoD Department of Defense FERPA Family Education Records Protection Act GA Grad...incorporated the CEP. Since the adaptation of career clusters in Career and Technical Education (CTE), a venture funded by the states and the federal...available from career and technical education websites. The ASVAB CEP website provides the ASVAB CEP Fact Sheet and Overview of the ASVAB CEP.

Cybersecurity Education for Military Officers

DTIC Science & Technology

2017-12-01

lecture showed the math behind the possible combinations of passwords of different lengths, and made the recommendation to increase your password to...2. Math the system to the real world: Use of effective metaphors and real world language wherever possible. 3. User Control: Try to give the user...given any training on this topic outside of annual NKO courses. I was a math major for my undergraduate degree, so I have no computer science

BACTrack: A Surveillance Technique for Detecting and Locating Bioagent Attacks

DTIC Science & Technology

2003-06-10

Implementation • Location History – Location tracking/storage using cell - phone network (geo-location mandated by 2006) • Subscription Services...Reporting – User reports symptoms through automated cell - phone interface using password Individual reports only releasable with password Summary...Earlier detection and location relative to medical surveillance • The cell - phone location based service market can offer a means to implement BACTrack and to distribute its costs

'Total girlfriend experience': examining marketplace mythologies on sex tourism websites.

PubMed

Gezinski, Lindsay B; Karandikar, Sharvari; Levitt, Alexis; Ghaffarian, Roxane

2016-07-01

The purpose of this study was to conduct a systematic content analysis of sex tour websites to understand how sex tours are marketed to potential clients. A total of 380 web pages from 21 sex tour websites were reviewed. The sex tour websites sought to promote privacy and hassle-free travel with a local 'escort' and the opportunity for 'hooks-ups' with no strings attached. Three themes emerged around the description of sex workers: (1) enjoyment and complete acceptance, (2) a 'total girlfriend experience' and (3) exoticisation of the 'Third World' woman. The majority of the sex tourism websites used marketplace mythologies concerning racism, sexism and imperialism to appeal to sex tourists' desires for fantasy experiences, power and domination, and a renewed sense of identity. Legal and STI-related information was largely missing from the websites, and when it was included it was aimed at protecting sex tourists, not sex workers. It is of importance for researchers, social workers and others engaging with sex workers and sexscapes to recognise the power of language, cultural myths and framings and their ability to generate real-world social and health implications.

Fukushima Daiichi Information Repository FY13 Status

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Curtis; Phelan, Cherie; Schwieder, Dave

The accident at the Fukushima Daiichi nuclear power station in Japan is one of the most serious in commercial nuclear power plant operating history. Much will be learned that may be applicable to the U.S. reactor fleet, nuclear fuel cycle facilities, and supporting systems, and the international reactor fleet. For example, lessons from Fukushima Daiichi may be applied to emergency response planning, reactor operator training, accident scenario modeling, human factors engineering, radiation protection, and accident mitigation; as well as influence U.S. policies towards the nuclear fuel cycle including power generation, and spent fuel storage, reprocessing, and disposal. This document describesmore » the database used to establish a centralized information repository to store and manage the Fukushima data that has been gathered. The data is stored in a secured (password protected and encrypted) repository that is searchable and available to researchers at diverse locations.« less

Smart Sensing Based on DNA-Metal Interaction Enables a Label-Free and Resettable Security Model of Electrochemical Molecular Keypad Lock.

PubMed

Du, Yan; Han, Xu; Wang, Chenxu; Li, Yunhui; Li, Bingling; Duan, Hongwei

2018-01-26

Recently, molecular keypad locks have received increasing attention. As a new subgroup of smart biosensors, they show great potential for protecting information as a molecular security data processor, rather than merely molecular recognition and quantitation. Herein, label-free electrochemically transduced Ag + and cysteine (Cys) sensors were developed. A molecular keypad lock model with reset function was successfully realized based on the balanced interaction of metal ion with its nucleic acid and chemical ligands. The correct input of "1-2-3" (i.e., "Ag + -Cys-cDNA") is the only password of such molecular keypad lock. Moreover, the resetting process of either correct or wrong input order could be easily made by Cys, buffer, and DI water treatment. Therefore, our system provides an even smarter system of molecular keypad lock, which could inhibit illegal access of unauthorized users, holding great promise in information protection at the molecular level.

Informatics in Radiology (infoRAD): personal computer security: part 2. Software Configuration and file protection.

PubMed

Caruso, Ronald D

2004-01-01

Proper configuration of software security settings and proper file management are necessary and important elements of safe computer use. Unfortunately, the configuration of software security options is often not user friendly. Safe file management requires the use of several utilities, most of which are already installed on the computer or available as freeware. Among these file operations are setting passwords, defragmentation, deletion, wiping, removal of personal information, and encryption. For example, Digital Imaging and Communications in Medicine medical images need to be anonymized, or "scrubbed," to remove patient identifying information in the header section prior to their use in a public educational or research environment. The choices made with respect to computer security may affect the convenience of the computing process. Ultimately, the degree of inconvenience accepted will depend on the sensitivity of the files and communications to be protected and the tolerance of the user. Copyright RSNA, 2004

Online and in-person networking among women in the Earth Sciences Women's Network at www.ESWNonline.org

NASA Astrophysics Data System (ADS)

Kontak, R.; Adams, A. S.; De Boer, A. M.; Hastings, M. G.; Holloway, T.; Marin-Spiotta, E.; Steiner, A. L.; Wiedinmyer, C.

2012-12-01

The Earth Science Women's Network is an international peer-mentoring network of women in the Earth Sciences, many of whom are in the early stages of their careers. Membership is free and has grown through "word of mouth," and includes upper-level undergraduates, graduate students, professionals in a range of environmental fields, scientists working in public and private institutions. Our mission is to promote career development, build community, provide informal mentoring and support, and facilitate professional collaborations. Since 2002 we have accomplished this trough online networking, including over email and a listserv, on facebook, in-person networking events, and professional development workshops. Now in our 10th year, ESWN is debuting a new web-center that creates an online space exclusively for women in any discipline of the Earth (including planetary) sciences. ESWN members can connect and create an online community of support and encouragement for themselves as women in a demanding career. Many women in Earth Science fields feel isolated and are often the only woman in their department or work environments. ESWN is a place to meet others, discuss issues faced in creating work-life balance and professional success and share best practices through peer mentoring. Now on ESWN's new web-center, members can create and personalize their profiles and search for others in their field, nearby, or with similar interests. Online discussions in the members-only area can also be searched. Members can create groups for discussion or collaboration, with document sharing and password protection. Publicly, we can share gained knowledge with a broader audience, like lessons learned at our professional development workshops and collected recommendations from members. The new web center allows for more connectivity among other online platforms used by our members, including linked-in, facebook, and twitter. Built in Wordpress with a Buddpress members-only section, the new ESWN website is supported by AGU and a NSF ADVANCE grant.;

A systematic review of studies of web portals for patients with diabetes mellitus.

PubMed

Coughlin, Steven S; Williams, Lovoria B; Hatzigeorgiou, Christos

2017-01-01

Patient web portals are password-protected online websites that offer patients 24-hour access to personal health information from anywhere with an Internet connection. Due to advances in health information technologies, there has been increasing interest among providers and researchers in patient web portals for use by patients with diabetes and other chronic conditions. This article, which is based upon bibliographic searches in PubMed, reviews web portals for patients with diabetes mellitus including patient web portals tethered to electronic medical records and web portals developed specifically for patients with diabetes. Twelve studies of the impact of patient web portals on the management of diabetes patients were identified. Three had a cross-sectional design, 1 employed mixed-methods, one had a matched-control design, 3 had a retrospective cohort design, and 5 were randomized controlled trials. Six (50%) of the studies examined web portals tethered to electronic medical records and the remainder were web portals developed specifically for diabetes patients. The results of this review suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control. However, results from observational studies indicate that many diabetic patients do not take advantage of web portal features such as secure messaging, perhaps because of a lack of internet access or lack of experience in navigating web portal resources. Although results from randomized controlled trials provide stronger evidence of the efficacy of web portal use in improving glycemic control among diabetic patients, the number of trials is small and results from the trials have been mixed. Studies suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control, but negative findings have also been reported. The number of randomized controlled trials that have examined the efficacy of web portal use in improving glycemic control among diabetic patients is still small. Additional research is needed to identify specific portal features that may impact quality of care or improve glycemic control.

Rewards and challenges of family practice

PubMed Central

Manca, Donna P.; Varnhagen, Stanley; Brett-MacLean, Pamela; Allan, G. Michael; Szafran, Olga; Ausford, Allen; Rowntree, Carol; Rumzan, Ismael; Turner, Diana

2007-01-01

OBJECTIVE To identify and describe the important rewards and challenges that affect family physicians in Alberta. DESIGN Web-based qualitative study using the Delphi method. SETTING Province of Alberta. PARTICIPANTS Twenty-eight family physicians practising in Alberta. METHODS The study website presented a description of the project, ethical information, a calendar of events, and contact information. Delphi surveys and demographic questionnaires were password protected. Five rounds of surveys were conducted between May 2004 and January 2005. Participants were notified of each round of surveys and prompted by e–mail ifthey did not respond. FINDINGS Participants identified 8 key rewards and 9 key challenges. The research team identified 2 additional challenges that were validated by participants. In order of perceived importance, key rewards were providing diverse and comprehensive care; providing preventive care; having relationships with patients and their families; being an immersed witness to the human condition; providing continuity of care and receiving ongoing feedback; having flexibility and control of practice and job security; maintaining and acquiring skills and knowledge; teaching and sharing knowledge and gaining experience and mentoring. The challenges, in order of perceived need to be addressed, were workload and time pressures and meeting demands; the need to promote the rewards of family practice to those considering joining the profession; overhead and income inequities; getting respect from specialists; the need to ensure that the rewards identified are not adversely affected by primary care reform; lack of availability of specialists, procedures, tests, and other resources; running a practice as a small business; paperwork, telephone calls, and forms; maintaining and acquiring skills and knowledge; patients’ expectations; and medicolegal issues, insurance paperwork, and dealing with medical claims related to motor vehicle accidents. CONCLUSION The rewards and challenges reported by participants outline the positive and negative factors in family practice. The challenges provide a focus for further work. PMID:17872645

A systematic review of studies of web portals for patients with diabetes mellitus

PubMed Central

Williams, Lovoria B.; Hatzigeorgiou, Christos

2017-01-01

Patient web portals are password-protected online websites that offer patients 24-hour access to personal health information from anywhere with an Internet connection. Due to advances in health information technologies, there has been increasing interest among providers and researchers in patient web portals for use by patients with diabetes and other chronic conditions. This article, which is based upon bibliographic searches in PubMed, reviews web portals for patients with diabetes mellitus including patient web portals tethered to electronic medical records and web portals developed specifically for patients with diabetes. Twelve studies of the impact of patient web portals on the management of diabetes patients were identified. Three had a cross-sectional design, 1 employed mixed-methods, one had a matched-control design, 3 had a retrospective cohort design, and 5 were randomized controlled trials. Six (50%) of the studies examined web portals tethered to electronic medical records and the remainder were web portals developed specifically for diabetes patients. The results of this review suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control. However, results from observational studies indicate that many diabetic patients do not take advantage of web portal features such as secure messaging, perhaps because of a lack of internet access or lack of experience in navigating web portal resources. Although results from randomized controlled trials provide stronger evidence of the efficacy of web portal use in improving glycemic control among diabetic patients, the number of trials is small and results from the trials have been mixed. Studies suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control, but negative findings have also been reported. The number of randomized controlled trials that have examined the efficacy of web portal use in improving glycemic control among diabetic patients is still small. Additional research is needed to identify specific portal features that may impact quality of care or improve glycemic control. PMID:28736732

Improvement in Fruit and Vegetable Consumption Associated with More Favorable Energy Density and Nutrient and Food Group Intake, but not Kilocalories.

PubMed

Thompson, Debbe; Ferry, Robert J; Cullen, Karen W; Liu, Yan

2016-09-01

Children generally do not consume adequate amounts of fruits and vegetables (F/V). Eating more F/V can improve energy density and overall diet quality. Our aim was to investigate whether improvements in F/V consumption were associated with improvements in energy density, total calories, and dietary components related to F/V. We performed secondary analyses of dietary data from a successful four-group randomized controlled trial promoting F/V. Data were collected at baseline, immediately after gameplay, and 3 months post intervention. Preadolescent child-parent dyads (n=400) were recruited. Eligibility criteria were 4th- or 5th-grade child (approximately 9 to 11 years old) with Internet access and a parent willing to participate in the intervention. Complete dietary data were collected on 387 of the 400 child participants. The videogame was available online on a secure, password-protected website. Dietary intake was assessed with three unannounced dietary recalls collected at each data-collection period via telephone by trained staff using Nutrition Data System for Research software. Energy density and F/V, nutrient, and food consumption were calculated. A 4×3 (group by time) repeated measures analysis of covariance with mixed-effect linear models was used. Covariates included child's sex, race/ethnicity, and total energy intake as well as parent's age and household education. Energy was excluded as a covariate in the energy density and energy models. Significant changes occurred in energy density. A significant interaction (group by time) was observed (F6, 515=2.40; P<0.05) in energy density from food only, while a significant time effect was observed for energy density from all foods and beverages (F2, 388=13.75; P<0.0001). Desirable changes were also observed in F/V-related dietary components. Increasing F/V consumption improved energy density and diet quality considerably in preadolescent children. Copyright © 2016 Academy of Nutrition and Dietetics. Published by Elsevier Inc. All rights reserved.

System Connection via SSH Gateway | High-Performance Computing | NREL

Science.gov Websites

;@peregrine.hpc.nrel.gov First time logging in? If this is the first time you've logged in with your new account, you will password. You will be prompted to enter it a second time, then you will be logged off. Just reconnect with your HPC password at any time, you can simply use the passwd command. Remote Users If you're connecting

One Time Passwords in Everything (OPIE): Experiences with Building and Using Stringer Authentication

DTIC Science & Technology

1995-01-01

opiepasswd(1). The name change brings it more in line with its UNIX counterpart passwd (1), which should make both programs easier to remember for users. This...char * passwd ) int opiehash(char *x, unsigned algorithm) The one-time password schemes implemented in OPIE, as rst described in [Hal94], compute a...seed, passwd ); while (sequence-- != 0) opiehash(result, algorithm); opiebtoe(result,words); Send words. : : : 6 Deployment Every machine that has

Design and implementation of face recognition system based on Windows

NASA Astrophysics Data System (ADS)

Zhang, Min; Liu, Ting; Li, Ailan

2015-07-01

In view of the basic Windows login password input way lacking of safety and convenient operation, we will introduce the biometrics technology, face recognition, into the computer to login system. Not only can it encrypt the computer system, also according to the level to identify administrators at all levels. With the enhancement of the system security, user input can neither be a cumbersome nor worry about being stolen password confidential.

Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs.

PubMed

Teoh, Andrew B J; Goh, Alwyn; Ngo, David C L

2006-12-01

Biometric analysis for identity verification is becoming a widespread reality. Such implementations necessitate large-scale capture and storage of biometric data, which raises serious issues in terms of data privacy and (if such data is compromised) identity theft. These problems stem from the essential permanence of biometric data, which (unlike secret passwords or physical tokens) cannot be refreshed or reissued if compromised. Our previously presented biometric-hash framework prescribes the integration of external (password or token-derived) randomness with user-specific biometrics, resulting in bitstring outputs with security characteristics (i.e., noninvertibility) comparable to cryptographic ciphers or hashes. The resultant BioHashes are hence cancellable, i.e., straightforwardly revoked and reissued (via refreshed password or reissued token) if compromised. BioHashing furthermore enhances recognition effectiveness, which is explained in this paper as arising from the Random Multispace Quantization (RMQ) of biometric and external random inputs.

Analysis of Internet Information on Lateral Lumbar Interbody Fusion.

PubMed

Belayneh, Rebekah; Mesfin, Addisu

2016-07-01

Lateral lumbar interbody fusion (LLIF) is a surgical technique that is being increasingly used. The authors' objective was to examine information on the Internet pertaining to the LLIF technique. An analysis was conducted of publicly accessible websites pertaining to LLIF. The following search engines were used: Google (www.google.com), Bing (www.bing.com), and Yahoo (www.yahoo.com). DuckDuckGo (www.duckduckgo.com) was an additional search engine used due to its emphasis on generating accurate and consistent results while protecting searchers' privacy and reducing advertisements. The top 35 websites providing information on LLIF from the 4 search engines were identified. A total of 140 websites were evaluated. Each web-site was categorized based on authorship (academic, private, medical industry, insurance company, other) and content of information. Using the search term lateral lumbar interbody fusion, 174,000 Google results, 112,000 Yahoo results, and 112,000 Bing results were obtained. DuckDuckGo does not display the number of results found for a search. From the top 140 websites collected from each website, 78 unique websites were identified. Websites were authored by a private medical group in 46.2% of the cases, an academic medical group in 26.9% of the cases, and the biomedical industry in 5.1% of the cases. Sixty-eight percent of websites reported indications, and 24.4% reported contraindications. Benefits of LLIF were reported by 69.2% of websites. Thirty-six percent of websites reported complications of LLIF. Overall, the quality of information regarding LLIF on the Internet is poor. Spine surgeons and spine societies can assist in improving the quality of the information on the Internet regarding LLIF. [Orthopedics. 2016; 39(4):e701-e707.]. Copyright 2016, SLACK Incorporated.

How to Prevent Type-Flaw Guessing Attacks on Password Protocols

DTIC Science & Technology

2003-01-01

How to prevent type-flaw guessing attacks on password protocols∗ Sreekanth Malladi , Jim Alves-Foss Center for Secure and Dependable Systems...respectively. R Retagging 〈−(t, f),+(t′, f)〉. The retagging strand captures the concept of receiving a message of one type and sending it, with a claim of a...referrees for insightful comments. Thanks are also due to Ricardo Corin for many helpful technical discus- sions. References [AN94] M. Abadi and R

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

DTIC Science & Technology

2007-01-15

it can detect specifically proscribed content changes to critical files (e.g., illegal shells inserted into /etc/ passwd ). Fourth, it can detect the...UNIX password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access patterns seen at the storage...content integrity verification is utilized. As a concrete example, consider a UNIX system password file (/etc/ passwd ), which consists of a set of well

Implementing an Intrusion Detection System in the Mysea Architecture

DTIC Science & Technology

2008-06-01

password for each user passwd <username> then follow the prompts 2. PostgreSQL 7.4.18 Installation Perform the following steps as root: 1. Copy...password changed Repeat for user snort. exit After making the groups and users the group and passwd file needs to be updated. Set security and...untrusted/bin/xtsmkgroup > /etc/group chmod 644 /etc/group /xts/untrusted/bin/xtsmkpasswd > /etc/ passwd chmod 644 /etc/ passwd 3. PostgreSQL 7.4.18

Biometrics based authentication scheme for session initiation protocol.

PubMed

Xie, Qi; Tang, Zhixiong

2016-01-01

Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed protocol achieves security and authentication. Furthermore, our protocol is highly efficient when compared to other related protocols.

What Otaku consumers care about: The factors influential to online purchase intention

NASA Astrophysics Data System (ADS)

Chang, Che-Chang

2013-10-01

Chinese customers and those in the rest of world share the same two principal concerns about e-commerce: inadequate information from website and inadequate legal protection for Internet purchases. This study shows that trust, information adequacy and Otakus' characteristics have a significant effect on online purchase intention. Moreover, Otakus' characteristics demonstrate an interference effect on purchasing intention online for the influential factors: information provision and trust in the website.

Improving Army Basic Research: Report of an Expert Panel on the Future of Army Laboratories

DTIC Science & Technology

2012-01-01

commercial use only. Unauthorized posting of RAND electronic documents to a non-RAND website is prohibited. RAND electronic documents are protected under...complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND documents to a non-RAND website is prohibited. RAND...Inspired senior scientists and technologists with vision will be essential in research as well as in the design , development, evaluation, and

Lawrence Livermore National Laboratory`s Computer Security Short Subjects Videos: Hidden Password, The Incident, Dangerous Games and The Mess; Computer Security Awareness Guide

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

A video on computer security is described. Lonnie Moore, the Computer Security Manager, CSSM/CPPM at Lawrence Livermore National Laboratory (LLNL) and Gale Warshawsky, the Coordinator for Computer Security Education and Awareness at LLNL, wanted to share topics such as computer ethics, software piracy, privacy issues, and protecting information in a format that would capture and hold an audience`s attention. Four Computer Security Short Subject videos were produced which ranged from 1--3 minutes each. These videos are very effective education and awareness tools that can be used to generate discussions about computer security concerns and good computing practices.

Using technology to support investigations in the electronic age: tracking hackers to large scale international computer fraud

NASA Astrophysics Data System (ADS)

McFall, Steve

1994-03-01

With the increase in business automation and the widespread availability and low cost of computer systems, law enforcement agencies have seen a corresponding increase in criminal acts involving computers. The examination of computer evidence is a new field of forensic science with numerous opportunities for research and development. Research is needed to develop new software utilities to examine computer storage media, expert systems capable of finding criminal activity in large amounts of data, and to find methods of recovering data from chemically and physically damaged computer storage media. In addition, defeating encryption and password protection of computer files is also a topic requiring more research and development.

Empowering radiologic education on the Internet: a new virtual website technology for hosting interactive educational content on the World Wide Web.

PubMed

Frank, M S; Dreyer, K

2001-06-01

We describe a virtual web site hosting technology that enables educators in radiology to emblazon and make available for delivery on the world wide web their own interactive educational content, free from dependencies on in-house resources and policies. This suite of technologies includes a graphically oriented software application, designed for the computer novice, to facilitate the input, storage, and management of domain expertise within a database system. The database stores this expertise as choreographed and interlinked multimedia entities including text, imagery, interactive questions, and audio. Case-based presentations or thematic lectures can be authored locally, previewed locally within a web browser, then uploaded at will as packaged knowledge objects to an educator's (or department's) personal web site housed within a virtual server architecture. This architecture can host an unlimited number of unique educational web sites for individuals or departments in need of such service. Each virtual site's content is stored within that site's protected back-end database connected to Internet Information Server (Microsoft Corp, Redmond WA) using a suite of Active Server Page (ASP) modules that incorporate Microsoft's Active Data Objects (ADO) technology. Each person's or department's electronic teaching material appears as an independent web site with different levels of access--controlled by a username-password strategy--for teachers and students. There is essentially no static hypertext markup language (HTML). Rather, all pages displayed for a given site are rendered dynamically from case-based or thematic content that is fetched from that virtual site's database. The dynamically rendered HTML is displayed within a web browser in a Socratic fashion that can assess the recipient's current fund of knowledge while providing instantaneous user-specific feedback. Each site is emblazoned with the logo and identification of the participating institution. Individuals with teacher-level access can use a web browser to upload new content as well as manage content already stored on their virtual site. Each virtual site stores, collates, and scores participants' responses to the interactive questions posed on line. This virtual web site strategy empowers the educator with an end-to-end solution for creating interactive educational content and hosting that content within the educator's personalized and protected educational site on the world wide web, thus providing a valuable outlet that can magnify the impact of his or her talents and contributions.

Mobile phone text message intervention to reduce binge drinking among young adults: study protocol for a randomized controlled trial

PubMed Central

2013-01-01

Background Heavy episodic (binge) drinking is common among young adults and can lead to injury and illness. Young adults who seek care in the Emergency Department (ED) may be disproportionately affected with binge drinking behavior, therefore provide an opportunity to reduce future risk through screening, brief intervention and referral to treatment (SBIRT). Mobile phone text messaging (SMS) is a common form of communication among young adults and has been shown to be effective at providing behavioral support to young adult drinkers after ED discharge. Efficacy of SMS programs to reduce binge drinking remains unknown. Methods/Design We will conduct a three parallel arm, randomized trial. A convenience sample of adults aged 18 to 25 years attending three EDs in Pittsburgh, PA and willing to participate in the study will be screened for hazardous alcohol consumption. Participants identified as hazardous drinkers will then be allocated to either 12 weeks of weekly SMS drinking assessments with feedback (SA+F), SMS drinking assessments without feedback (SA), or a control group. Randomization will be via an independent and remote computerized randomization and will be stratified by study site. The SA+F group will be asked to provide pre-weekend drinking intention as well as post-weekend consumption via SMS and will receive feedback messages focused on health consequences of alcohol consumption, personalized normative feedback, protective drinking strategies and goal setting. Follow-up data on alcohol use and injury related to alcohol will be collected through a password-protected website three, six and nine months later. The primary outcome for the study is binge drinking days (≥4 drinks for women; ≥5 drinks for men) during the previous month, and the main secondary outcome is the proportion of participants who report any injury related to alcohol in the prior three months. Discussion This study will test the hypothesis that a mobile phone text-messaging program will result in immediate and durable reductions in binge drinking among at-risk young adults. By testing an intervention group to an assessment-only and control group, we will be able to separate the effect of assessment reactivity. By collecting pre-weekend drinking intentions and post-weekend consumption data in the SA+F group, we will be able to better understand mechanism of change. Trial registration Clinicaltrials.gov NCT01688245 PMID:23552023

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Privacy Enhancements for Inexact Biometric Templates

NASA Astrophysics Data System (ADS)

Ratha, Nalini; Chikkerur, Sharat; Connell, Jonathan; Bolle, Ruud

Traditional authentication schemes utilize tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. Although these techniques are widely used, they have several limitations. Both tokenand knowledge-based approaches cannot differentiate between an authorized user and an impersonator having access to the tokens or passwords. Biometrics-based authentication schemes overcome these limitations while offering usability advantages in the area of password management. However, despite its obvious advantages, the use of biometrics raises several security and privacy concerns.

The fast encryption package

NASA Technical Reports Server (NTRS)

Bishop, Matt

1988-01-01

The organization of some tools to help improve passwork security at a UNIX-based site is described along with how to install and use them. These tools and their associated library enable a site to force users to pick reasonably safe passwords (safe being site configurable) and to enable site management to try to crack existing passworks. The library contains various versions of a very fast implementation of the Data Encryption Standard and of the one-way encryption functions used to encryp the password.

Ethical considerations in internet use of electronic protected health information.

PubMed

Polito, Jacquelyn M

2012-03-01

Caregivers, patients, and their family members are increasingly reliant on social network websites for storing, communicating, and referencing medical information. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule seeks balance by protecting the privacy of patients' health information and assuring that this information is available to those who need it to provide health care. Though federal and state governments have created laws and policies to safeguard patient privacy and confidentiality, the laws are inadequate against the rapid and innovative use of electronic health websites. As Internet use broadens access to information, health professionals must be aware that this information is not always secure. We must identify and reflect on medical ethics issues and be accountable for maintaining privacy for the patient.

The security of patient identifiable information in doctors' homes.

PubMed

McLean, Iain; Anderson, C Mary

2004-08-01

Ethically and legally doctors bear a responsibility to ensure the security of patient identifiable information in their possession. Many doctors, especially those in forensic medicine, hold paper or computerised medical records at home. This survey was conducted to assess the level of security for these records and awareness of the issues. Fifty-six forensic physicians (30 male, 26 female) answered a questionnaire. Eighty-nine percent used a computer to write patient notes and reports, but only 26 of these were on the Data Protection Register, and only 24 password-protected their files. Few doctors took steps to protect data on old computers they had stopped using. Of those responding, 88% held paper records at home but only of these had lockable filing cabinets. Burglar alarms were fitted in 77% of homes, yet 36% of homes had been burgled. No participants had written instructions for disposal of records and reports after their death. Older participants were more likely to have been burgled, yet less likely to have antiviral software than their younger counterparts. Participants expressed the need for information, education and training in data security.

Content, Quality, and Assessment Tools of Physician-Rating Websites in 12 Countries: Quantitative Analysis.

PubMed

Rothenfluh, Fabia; Schulz, Peter J

2018-06-14

Websites on which users can rate their physician are becoming increasingly popular, but little is known about the website quality, the information content, and the tools they offer users to assess physicians. This study assesses these aspects on physician-rating websites in German- and English-speaking countries. The objective of this study was to collect information on websites with a physician rating or review tool in 12 countries in terms of metadata, website quality (transparency, privacy and freedom of speech of physicians and patients, check mechanisms for appropriateness and accuracy of reviews, and ease of page navigation), professional information about the physician, rating scales and tools, as well as traffic rank. A systematic Web search based on a set of predefined keywords was conducted on Google, Bing, and Yahoo in August 2016. A final sample of 143 physician-rating websites was analyzed and coded for metadata, quality, information content, and the physician-rating tools. The majority of websites were registered in the United States (40/143) or Germany (25/143). The vast majority were commercially owned (120/143, 83.9%), and 69.9% (100/143) displayed some form of physician advertisement. Overall, information content (mean 9.95/25) as well as quality were low (mean 18.67/47). Websites registered in the United Kingdom obtained the highest quality scores (mean 26.50/47), followed by Australian websites (mean 21.50/47). In terms of rating tools, physician-rating websites were most frequently asking users to score overall performance, punctuality, or wait time in practice. This study evidences that websites that provide physician rating should improve and communicate their quality standards, especially in terms of physician and user protection, as well as transparency. In addition, given that quality standards on physician-rating websites are low overall, the development of transparent guidelines is required. Furthermore, attention should be paid to the financial goals that the majority of physician-rating websites, especially the ones that are commercially owned, pursue. ©Fabia Rothenfluh, Peter J Schulz. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 14.06.2018.

A Systematic Process to Facilitate Evidence-Informed Decisionmaking Regarding Program Expansion. The RAND Toolkit, Volume 3

DTIC Science & Technology

2014-01-01

provided for non - commercial use only. Unauthorized posting of RAND electronic documents to a non -RAND website is prohibited. RAND electronic documents...documents to a non -RAND website is prohibited. RAND documents are protected under copyright law. Permission is given to duplicate this document for...the DoD-wide decisionmaking board to focus their review efforts on larger programs or those that function in multiple branches of service, as well as

A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2013-06-01

Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user's personal biometrics along with his/her password with the help of the smart card. The user's biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.'s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.'s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks

PubMed Central

Zhang, Ruisheng; Liu, Qidong

2017-01-01

Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research. PMID:28135288

A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks.

PubMed

Liu, Xin; Zhang, Ruisheng; Liu, Qidong

2017-01-01

Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research.

Using cloud models of heartbeats as the entity identifier to secure mobile devices.

PubMed

Fu, Donglai; Liu, Yanhua

2017-01-01

Mobile devices are extensively used to store more private and often sensitive information. Therefore, it is important to protect them against unauthorised access. Authentication ensures that authorised users can use mobile devices. However, traditional authentication methods, such as numerical or graphic passwords, are vulnerable to passive attacks. For example, an adversary can steal the password by snooping from a shorter distance. To avoid these problems, this study presents a biometric approach that uses cloud models of heartbeats as the entity identifier to secure mobile devices. Here, it is identified that these concepts including cloud model or cloud have nothing to do with cloud computing. The cloud model appearing in the study is the cognitive model. In the proposed method, heartbeats are collected by two ECG electrodes that are connected to one mobile device. The backward normal cloud generator is used to generate ECG standard cloud models characterising the heartbeat template. When a user tries to have access to their mobile device, cloud models regenerated by fresh heartbeats will be compared with ECG standard cloud models to determine if the current user can use this mobile device. This authentication method was evaluated from three aspects including accuracy, authentication time and energy consumption. The proposed method gives 86.04% of true acceptance rate with 2.73% of false acceptance rate. One authentication can be done in 6s, and this processing consumes about 2000 mW of power.

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Kumar, Neeraj

2015-11-01

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

An improved anonymous authentication scheme for roaming in ubiquitous networks.

PubMed

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick; Won, Dongho

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

An improved anonymous authentication scheme for roaming in ubiquitous networks

PubMed Central

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments. PMID:29505575

About Us | Argonne National Laboratory

Science.gov Websites

and technology - advanced technologies for detection of chemical and biological species of interest for environmental protection, national security and disease detection Explore this website to learn

The IAEA’s activities on radiation protection in interventional cardiology

PubMed Central

Rehani, MM

2007-01-01

The International Atomic Energy Agency (IAEA) under its mandate of developing and applying standards of radiation safety has initiated a number of activities in recent years on radiation protection in interventional cardiology. These activities are implemented through four mechanisms, namely training, providing information through the website, research projects and assistance to Member States through Technical Cooperation (TC) projects. Major international initiatives have been taken in the area of training where more than half a dozen regional training courses have been conducted for cardiologists from over 50 countries. Additionally four national training events for over 300 medical and paramedical staff members involved in interventional procedures were held. The training material is freely available on CD from the IAEA. The newly established website provides information on radiation protection issues [1]. Two coordinated research projects have just been completed where peak skin doses to patients undergoing high dose interventional procedures were studied and factors to manage patient doses were identified. The technical cooperation projects involving protection in cardiac interventional procedures have 30 countries as participants. PMID:21614275

Ethos in Fukushima and the ICRP dialogue seminars.

PubMed

Ando, R

2016-12-01

Ethos in Fukushima, a non-profit organisation, participated in 10 of the 12 International Commission on Radiological Protection (ICRP) dialogue seminars over the past 4 years. The slides and videos that were shown at the seminars are recorded on the Ethos in Fukushima website ( http://ethos-fukushima.blogspot.jp/p/icrp-dialogue.html ). I would like to introduce the activities of Ethos in Fukushima to date, and explain why the ICRP dialogue materials have come to be published on its website.

Telemedicine and Plastic Surgery: A Pilot Study.

PubMed

Valente, Denis Souto; Silveira Eifler, Luciano; Carvalho, Lauro Aita; Filho, Gustavo Azambuja Pereira; Ribeiro, Vinicius Weissheimer; Padoin, Alexandre Vontobel

2015-01-01

Background. Telemedicine can be defined as the use of electronic media for transmission of information and medical data from one site to another. The objective of this study is to demonstrate an experience of telemedicine in plastic surgery. Methods. 32 plastic surgeons received a link with password for real-time streaming of a surgery. At the end of the procedure, the surgeons attending the procedure by the Internet answered five questions. The results were analyzed with descriptive statistics. Results. 27 plastic surgeons attended the online procedure in real-time. 96.3% considered the access to the website as good or excellent and 3.7% considered it bad. 14.8% reported that the transmission was bad and 85.2% considered the quality of transmission as good or excellent. 96.3% classified the live broadcasting as a good or excellent learning experience and 3.7% considered it a bad experience. 92.6% reported feeling able to perform this surgery after watching the demo and 7.4% did not feel able. 100% of participants said they would like to participate in other surgical demonstrations over the Internet. Conclusion. We conclude that the use of telemedicine can provide more access to education and medical research, for plastic surgeons looking for medical education from distant regions.

A qualitative analysis of the beliefs of Japanese anti-influenza vaccination website authors.

PubMed

Okuhara, Tsuyoshi; Ishikawa, Hirono; Kato, Mio; Okada, Masafumi; Kiuchi, Takahiro

2018-04-01

Influenza vaccine coverage among the Japanese population is less than optimal. Anti-vaccination sentiment exists worldwide, and Japan is no exception. Anti-influenza vaccination activists argue on the internet that influenza vaccine has little or no efficacy and a high risk of side effects, and they warn that people should forgo vaccination. We conducted a qualitative analysis to explore beliefs underlying the messages of anti-influenza vaccination websites, by focusing on the perceived value these beliefs provide to those who hold them. We conducted online searches in January 2017 using two major Japanese search engines (Google Japan and Yahoo! Japan). Targeted websites were classified as "pro", "anti", or "neutral" depending on their claims. We applied a dual analytic approach-inductive thematic analysis and deductive interpretative analysis-to textual data of the anti websites. Of the 113 anti websites, we identified two themes that correspond to beliefs: it is necessary to 1) protect others against risks and exploitation related to influenza vaccination, and 2) educate others about hidden truths and self-determination. Authors of anti websites ascribed two values (people's "safety" and one's own "self-esteem") to their beliefs. Website authors may engage in anti-vaccination activities because they want to feel they are virtuous, saving people from harm caused by vaccination, and to boost their self-esteem, thinking "I am enlightening uninformed people." The anti-vaccination beliefs of website authors were considered to be strong. In promoting vaccination, it would be better not to target outright vaccine refusers, such as the authors of anti-vaccination websites; it is preferable to target vaccine-hesitant people who are more amenable to changing their attitudes toward vaccination. We discuss possible means of promoting vaccination in that target population.

Could we do better? Behavioural tracking on recommended consumer health websites.

PubMed

Burkell, Jacquelyn; Fortier, Alexandre

2015-09-01

This study examines behavioural tracking practices on consumer health websites, contrasting tracking on sites recommended by information professionals with tracking on sites returned by Google. Two lists of consumer health websites were constructed: sites recommended by information professionals and sites returned by Google searches. Sites were divided into three groups according to source (Recommended-Only, Google-Only or both) and type (Government, Not-for-Profit or Commercial). Behavioural tracking practices on each website were documented using a protocol that detected cookies, Web beacons and Flash cookies. The presence and the number of trackers that collect personal information were contrasted across source and type of site; a second set of analyses specifically examined Advertising trackers. Recommended-Only sites show lower levels of tracking - especially tracking by advertisers - than do Google-Only sites or sites found through both sources. Government and Not-for-Profit sites have fewer trackers, particularly from advertisers, than do Commercial sites. Recommended sites, especially those from Government or Not-for-Profit organisations, present a lower privacy threat than sites returned by Google searches. Nonetheless, most recommended websites include some trackers, and half include at least one Advertising tracker. To protect patron privacy, information professionals should examine the tracking practices of the websites they recommend. © 2015 Health Libraries Group.

Insecure Behaviors on Mobile Devices Under Stress

DTIC Science & Technology

2014-04-08

a text or in an email . The most secure network is only as secure as its most careless user. Thus, in the current project we sought to discover the...challenges in mobile security is human behavior. The most secure password may be useless if it is sent as a text or in an email . The most secure network...The most secure password may be useless if it is sent as a text or in an email . The most secure network is only as secure as its most careless user

The 60 Minute Network Security Guide (First Steps Towards a Secure Network Environment)

DTIC Science & Technology

2001-10-16

default/ passwd file in UNIX. Administrators should obtain and run password-guessing programs (i.e., “John the Ripper,’’ “L0phtCrack,” and “Crack...system on which it is running, it is a good idea to transfer the encrypted passwords (the dumped SAM database for Windows and the /etc/ passwd and /etc...ownership by root and group sys. The /etc/ passwd file should have permissions 644 with owner root and group root. n Be cracked every month to find

A Secure Mobile-Based Authentication System for e-Banking

NASA Astrophysics Data System (ADS)

Rifà-Pous, Helena

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable. We propose a challenge-response based one-time password (OTP) scheme that uses symmetric cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks. Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own trusted computers.

Secure Server Login by Using Third Party and Chaotic System

NASA Astrophysics Data System (ADS)

Abdulatif, Firas A.; zuhiar, Maan

2018-05-01

Server is popular among all companies and it used by most of them but due to the security threat on the server make this companies are concerned when using it so that in this paper we will design a secure system based on one time password and third parity authentication (smart phone). The proposed system make security to the login process of server by using one time password to authenticate person how have permission to login and third parity device (smart phone) as other level of security.

The Fukushima Daiichi Accident Study Information Portal

DOE Office of Scientific and Technical Information (OSTI.GOV)

Shawn St. Germain; Curtis Smith; David Schwieder

This paper presents a description of The Fukushima Daiichi Accident Study Information Portal. The Information Portal was created by the Idaho National Laboratory as part of joint NRC and DOE project to assess the severe accident modeling capability of the MELCOR analysis code. The Fukushima Daiichi Accident Study Information Portal was created to collect, store, retrieve and validate information and data for use in reconstructing the Fukushima Daiichi accident. In addition to supporting the MELCOR simulations, the Portal will be the main DOE repository for all data, studies and reports related to the accident at the Fukushima Daiichi nuclear powermore » station. The data is stored in a secured (password protected and encrypted) repository that is searchable and accessible to researchers at diverse locations.« less

The BiolAD-DB system : an informatics system for clinical and genetic data.

PubMed

Nielsen, David A; Leidner, Marty; Haynes, Chad; Krauthammer, Michael; Kreek, Mary Jeanne

2007-01-01

The Biology of Addictive Diseases-Database (BiolAD-DB) system is a research bioinformatics system for archiving, analyzing, and processing of complex clinical and genetic data. The database schema employs design principles for handling complex clinical information, such as response items in genetic questionnaires. Data access and validation is provided by the BiolAD-DB client application, which features a data validation engine tightly coupled to a graphical user interface. Data integrity is provided by the password-protected BiolAD-DB SQL compliant server and database. BiolAD-DB tools further provide functionalities for generating customized reports and views. The BiolAD-DB system schema, client, and installation instructions are freely available at http://www.rockefeller.edu/biolad-db/.

How has the flu virus infected the Web? 2010 influenza and vaccine information available on the Internet

PubMed Central

2013-01-01

Background The 2009–10 influenza pandemic was a major public health concern. Vaccination was recommended by the health authorities, but compliance was not optimal and perception of the presumed associated risks was high among the public. The Internet is increasingly being used as a source of health information and advice. The aim of the study was to investigate the characteristics of websites providing information about flu vaccine and the quality of the information provided. Methods Website selection was performed in autumn 2010 by entering eight keywords in two of the most commonly used search engines (Google.com and Yahoo.com). The first three result pages were analysed for each search, giving a total of 480 occurrences. Page rank was evaluated to assess visibility. Websites based on Web 2.0 philosophy, websites merely displaying popular news/articles and single files were excluded from the subsequent analysis. We analysed the selected websites (using WHO criteria) as well as the information provided, using a codebook for pro/neutral websites and a qualitative approach for the adverse ones. Results Of the 89 websites selected, 54 dealt with seasonal vaccination, three with anti-H1N1 vaccination and 32 with both. Rank analysis showed that only classic websites (ones not falling in any other category) and one social network were provided on the first pages by Yahoo; 21 classic websites, six displaying popular news/articles and one blog by Google. Analysis of the selected websites revealed that the majority of them (88.8%) had a positive/neutral attitude to flu vaccination. Pro/neutral websites distinguished themselves from the adverse ones by some revealing features like greater transparency, credibility and privacy protection. Conclusions We found that the majority of the websites providing information on flu vaccination were pro/neutral and gave sufficient information. We suggest that antivaccinationist information may have been spread by a different route, such as via Web 2.0 tools, which may be more prone to the dissemination of “viral” information. The page ranking analysis revealed the crucial role of search engines regarding access to information on the Internet. PMID:23360311

How has the flu virus infected the Web? 2010 influenza and vaccine information available on the Internet.

PubMed

Covolo, Loredana; Mascaretti, Silvia; Caruana, Anna; Orizio, Grazia; Caimi, Luigi; Gelatti, Umberto

2013-01-29

The 2009-10 influenza pandemic was a major public health concern. Vaccination was recommended by the health authorities, but compliance was not optimal and perception of the presumed associated risks was high among the public. The Internet is increasingly being used as a source of health information and advice. The aim of the study was to investigate the characteristics of websites providing information about flu vaccine and the quality of the information provided. Website selection was performed in autumn 2010 by entering eight keywords in two of the most commonly used search engines (Google.com and Yahoo.com). The first three result pages were analysed for each search, giving a total of 480 occurrences. Page rank was evaluated to assess visibility. Websites based on Web 2.0 philosophy, websites merely displaying popular news/articles and single files were excluded from the subsequent analysis. We analysed the selected websites (using WHO criteria) as well as the information provided, using a codebook for pro/neutral websites and a qualitative approach for the adverse ones. Of the 89 websites selected, 54 dealt with seasonal vaccination, three with anti-H1N1 vaccination and 32 with both. Rank analysis showed that only classic websites (ones not falling in any other category) and one social network were provided on the first pages by Yahoo; 21 classic websites, six displaying popular news/articles and one blog by Google. Analysis of the selected websites revealed that the majority of them (88.8%) had a positive/neutral attitude to flu vaccination. Pro/neutral websites distinguished themselves from the adverse ones by some revealing features like greater transparency, credibility and privacy protection. We found that the majority of the websites providing information on flu vaccination were pro/neutral and gave sufficient information. We suggest that antivaccinationist information may have been spread by a different route, such as via Web 2.0 tools, which may be more prone to the dissemination of "viral" information. The page ranking analysis revealed the crucial role of search engines regarding access to information on the Internet.

Computer Cache. Environmental Protection: Websites on the Environment

ERIC Educational Resources Information Center

Byerly, Greg; Brodie, Carolyn S.

2005-01-01

"Give a hoot, don't pollute!" "Save the environment!" "Save the Whales!" Ranger Rick. Recycle. These are all well-known phrases and emblems of the fight to "protect the environment." Young children seem to understand almost intuitively the need to do those simple things that will make the Earth a better place to live and play. However, especially…

Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication.

PubMed

Juang, Kevin; Greenstein, Joel

2018-04-01

We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases.

American Academy of Pediatrics

MedlinePlus

... AAP AAP Voices Blueprint for Children Recent AAP.org AAP Urges Elected Leaders to Protect Communities from ... on Children's Health Use Information for Parents HealthyChildren.org The official parenting website of the AAP Quick ...

Noise-Induced Hearing Loss

MedlinePlus

... to noise. The NIDCD sponsors It's a Noisy Planet. Protect Their Hearing® , a national public education campaign ... induced hearing loss is 100% preventable. NIDCD's Noisy Planet website Have a question? Information specialists can answer ...

48 CFR 50.203 - General.

Code of Federal Regulations, 2012 CFR

2012-10-01

... management protections for sellers of QATTs and others in the supply and distribution chain. (b) The SAFETY... website are block designations and block certifications granted by DHS. [72 FR 63030, Nov. 7, 2007, as...

48 CFR 50.203 - General.

Code of Federal Regulations, 2013 CFR

2013-10-01

... management protections for sellers of QATTs and others in the supply and distribution chain. (b) The SAFETY... website are block designations and block certifications granted by DHS. [72 FR 63030, Nov. 7, 2007, as...

48 CFR 50.203 - General.

Code of Federal Regulations, 2011 CFR

2011-10-01

... management protections for sellers of QATTs and others in the supply and distribution chain. (b) The SAFETY... website are block designations and block certifications granted by DHS. [72 FR 63030, Nov. 7, 2007, as...

48 CFR 50.203 - General.

Code of Federal Regulations, 2014 CFR

2014-10-01

... management protections for sellers of QATTs and others in the supply and distribution chain. (b) The SAFETY... website are block designations and block certifications granted by DHS. [72 FR 63030, Nov. 7, 2007, as...

Security Analysis and Improvement of 'a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System'.

PubMed

Islam, S K Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.'s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen's scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature.

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

PubMed

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’

PubMed Central

Islam, SK Hafizul; Khan, Muhammad Khurram; Li, Xiong

2015-01-01

Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. PMID:26263401

User Perceptions of a Dementia Risk Reduction Website and Its Promotion of Behavior Change

PubMed Central

2013-01-01

Background Several modifiable health and lifestyle factors are consistently associated with dementia risk and it is estimated that significantly fewer people would develop dementia if the incidence of risk factors could be reduced. Despite this, Australians’ awareness of the health and lifestyle factors associated with dementia risk is low. Within a national community education campaign, Alzheimer’s Australia developed a dementia risk reduction website providing information about modifiable risk or protective factors for dementia. Objective This study aimed to assess the usefulness of the website content in improving knowledge and enabling adoption of recommended strategies, and to examine what additional resources consumers need. Methods Visitors to the website over a 3 month period were invited to complete an online survey, which asked them to rate their knowledge of dementia risk reduction before and after visiting the site, how important monitoring their health related behavior was to them before and after visiting the site, their current behavior related to health and lifestyle factors associated with dementia risk, their intentions to change behavior, and the usefulness of potential additional resources to help them do so. Results For this study, 123 Australian adults responded to the survey. 44.7% (55/122) were aged over 60 and 82.1% (98/119) were female. Respondents’ ratings and comments indicated they generally found the content interesting, informative, and helpful to them. Respondents’ ratings of their knowledge about the links between health and lifestyle factors and dementia risk significantly increased after visiting the website (P<.001). Their ratings of how important monitoring what they do in relation to their health and lifestyle factors were also significantly increased after visiting the website (P<.001). Average ratings for how well respondents felt they were doing at the time in relation to specific risk or protective factors were generally high, suggesting many website visitors already had high levels of health motivation and healthy lifestyle behaviors. 55.6% (45/81) said that after visiting the website their intention to make lifestyle changes was strong. Only 27.1% (22/81) said their intention to visit their doctor to discuss dementia risk reduction was strong. Potential additional resources that would help people assess and address their personal dementia risk factors were rated as more helpful than general information resources. Conclusions A dementia risk reduction website providing information about the current evidence and practical strategies was of interest and was useful to the Australian community. Benefits for visitors included increased knowledge and increased motivation to address relevant behaviors. Many visitors to the site were already health conscious, indicating that more needs to be done to get dementia risk reduction messages to the wider community. More interactive and personalized resources in future interventions may offer additional benefits to individuals. PMID:23608480

Privacy Protection by Masking Moving Objects for Security Cameras

NASA Astrophysics Data System (ADS)

Yabuta, Kenichi; Kitazawa, Hitoshi; Tanaka, Toshihisa

Because of an increasing number of security cameras, it is crucial to establish a system that protects the privacy of objects in the recorded images. To this end, we propose a framework of image processing and data hiding for security monitoring and privacy protection. First, we state the requirements of the proposed monitoring systems and suggest possible implementation that satisfies those requirements. The underlying concept of our proposed framework is as follows: (1) in the recorded images, the objects whose privacy should be protected are deteriorated by appropriate image processing; (2) the original objects are encrypted and watermarked into the output image, which is encoded using an image compression standard; (3) real-time processing is performed such that no future frame is required to generate on output bitstream. It should be noted that in this framework, anyone can observe the decoded image that includes the deteriorated objects that are unrecognizable or invisible. On the other hand, for crime investigation, this system allows a limited number of users to observe the original objects by using a special viewer that decrypts and decodes the watermarked objects with a decoding password. Moreover, the special viewer allows us to select the objects to be decoded and displayed. We provide an implementation example, experimental results, and performance evaluations to support our proposed framework.

Indoor Air Quality Tools for Tribal Communities

EPA Pesticide Factsheets

This Website can help you improve IAQ in your tribal community. You can find information to educate your community about the simple actions they can take to improve their IAQ and protect their health.

75 FR 19388 - Pesticide Product; Registration Application

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-14

... or otherwise protected through regulations.gov or e- mail. The regulations.gov website is an... files should avoid the use of special characters, any form of encryption, and be free of any defects or...

75 FR 6656 - Pesticide Product; Registration Application

Federal Register 2010, 2011, 2012, 2013, 2014

2010-02-10

... otherwise protected through regulations.gov or e- mail. The regulations.gov website is an ``anonymous access... the use of special characters, any form of encryption, and be free of any defects or viruses. Docket...

75 FR 23759 - Pesticide Products; Registration Applications

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-04

... or otherwise protected through regulations.gov or e- mail. The regulations.gov website is an... files should avoid the use of special characters, any form of encryption, and be free of any defects or...

Indoor Air Quality in Tribal Communities

EPA Pesticide Factsheets

This Website can help you improve IAQ in your tribal community. You can find information to educate your community about the simple actions they can take to improve their IAQ and protect their health.

A novel approach to transformed biometrics using successive projections

NASA Astrophysics Data System (ADS)

Gopi, E. S.

2010-02-01

Unlike user created password, number of biometrics is limited for creating account in different organizations. Transformed biometrics attempts to solve the problem by transforming the biometric into another form, which is unique to the particular organization. This makes the availability of different transformed biometrics in different organizations transformed from the same biometrics and helps in foolproof transactions. In this article a novel approach to transformed biometrics using successive projection technique is suggested .In the proposed technique, the user can register up to 5*4n-1 organizations if the length of the biometric password is 'n'.

A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Wen, Fengtong

2013-12-01

User authentication plays an important role to protect resources or services from being accessed by unauthorized users. In a recent paper, Das et al. proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. This scheme uses three factors, e.g. biometrics, password, and smart card, to protect the security. It protects user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Das et al.'s scheme, and show that the scheme is in fact insecure against the replay attack, user impersonation attacks and off-line guessing attacks. Then, we also propose a robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Compared with the existing schemes, our protocol uses a different user authentication mechanism to resist replay attack. We show that our proposed scheme can provide stronger security than previous protocols. Furthermore, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

Data protection among junior medical staff: a questionnaire study.

PubMed

Titchener, Andrew Gordon; Ramoutar, Anil; Ramoutar, Darryl N; Yousef, Almunir

2013-06-01

There have been numerous reports of loss of confidential information amongst UK public agencies. The aim of the study was to examine current standards of practice and knowledge of junior medical staff with respect to management of patient identifiable information. An anonymous multiple choice questionnaire was completed by 50 junior medical staff in each of 2 separate district general hospitals in the UK. Sixty-two percent of physicians surveyed held patient identifiable information electronically, outside of normal NHS use. Thirty percent of physicians used portable memory sticks, of which, 68% were not password protected. Ninety percent of physicians used patient ward lists in paper format with 18% frequently using a domestic waste bin for disposal. Thirty-five percent of physicians were aware of the Caldicott principles, and 58% were aware of the Data Protection Act as applied to their duties. Despite having statutory duties toward the management of patient identifiable information, many physicians are not aware of their responsibilities and obligations. This is unlikely to be an isolated local issue. More emphasis needs to be placed on data management in hospital induction procedures for new employees, and security measures, such as encryption software, should be made more widely available.

Locking it down

PubMed Central

Grindrod, Kelly; Boersema, Jonathan; Waked, Khrystine; Smith, Vivian; Yang, Jilan; Gebotys, Catherine

2016-01-01

Objective: To explore the privacy and security of free medication applications (apps) available to Canadian consumers. Methods: The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen’s Kappa statistic was used to measure interrater agreement. Results: Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Conclusion: Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps. PMID:28286594

Locking it down: The privacy and security of mobile medication apps.

PubMed

Grindrod, Kelly; Boersema, Jonathan; Waked, Khrystine; Smith, Vivian; Yang, Jilan; Gebotys, Catherine

2017-01-01

To explore the privacy and security of free medication applications (apps) available to Canadian consumers. The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen's Kappa statistic was used to measure interrater agreement. Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

Development of an electronic radiation oncology patient information management system.

PubMed

Mandal, Abhijit; Asthana, Anupam Kumar; Aggarwal, Lalit Mohan

2008-01-01

The quality of patient care is critically influenced by the availability of accurate information and its efficient management. Radiation oncology consists of many information components, for example there may be information related to the patient (e.g., profile, disease site, stage, etc.), to people (radiation oncologists, radiological physicists, technologists, etc.), and to equipment (diagnostic, planning, treatment, etc.). These different data must be integrated. A comprehensive information management system is essential for efficient storage and retrieval of the enormous amounts of information. A radiation therapy patient information system (RTPIS) has been developed using open source software. PHP and JAVA script was used as the programming languages, MySQL as the database, and HTML and CSF as the design tool. This system utilizes typical web browsing technology using a WAMP5 server. Any user having a unique user ID and password can access this RTPIS. The user ID and password is issued separately to each individual according to the person's job responsibilities and accountability, so that users will be able to only access data that is related to their job responsibilities. With this system authentic users will be able to use a simple web browsing procedure to gain instant access. All types of users in the radiation oncology department should find it user-friendly. The maintenance of the system will not require large human resources or space. The file storage and retrieval process would be be satisfactory, unique, uniform, and easily accessible with adequate data protection. There will be very little possibility of unauthorized handling with this system. There will also be minimal risk of loss or accidental destruction of information.

Multi-factor challenge/response approach for remote biometric authentication

NASA Astrophysics Data System (ADS)

Al-Assam, Hisham; Jassim, Sabah A.

2011-06-01

Although biometric authentication is perceived to be more reliable than traditional authentication schemes, it becomes vulnerable to many attacks when it comes to remote authentication over open networks and raises serious privacy concerns. This paper proposes a biometric-based challenge-response approach to be used for remote authentication between two parties A and B over open networks. In the proposed approach, a remote authenticator system B (e.g. a bank) challenges its client A who wants to authenticate his/her self to the system by sending a one-time public random challenge. The client A responds by employing the random challenge along with secret information obtained from a password and a token to produce a one-time cancellable representation of his freshly captured biometric sample. The one-time biometric representation, which is based on multi-factor, is then sent back to B for matching. Here, we argue that eavesdropping of the one-time random challenge and/or the resulting one-time biometric representation does not compromise the security of the system, and no information about the original biometric data is leaked. In addition to securing biometric templates, the proposed protocol offers a practical solution for the replay attack on biometric systems. Moreover, we propose a new scheme for generating a password-based pseudo random numbers/permutation to be used as a building block in the proposed approach. The proposed scheme is also designed to provide protection against repudiation. We illustrate the viability and effectiveness of the proposed approach by experimental results based on two biometric modalities: fingerprint and face biometrics.

Protecting America's ports

DOT National Transportation Integrated Search

2003-06-12

This website presents the press kit which accompanied the announcement by U.S. Secretary of Homeland Security Tom Ridge at Port Elizabeth, New Jersey on June 12, 2003 of new port security initiatives and investments to provide increased international...

31 CFR 351.2 - How do I contact Fiscal Service?

Code of Federal Regulations, 2014 CFR

2014-07-01

... Service by e-mail at [email protected]gov, or by writing to the following address: Bureau of the Fiscal Service, Parkersburg, West Virginia 26106-1328. Our website address is www.savingsbonds.gov. ...

Molecules for security measures: from keypad locks to advanced communication protocols.

PubMed

Andréasson, J; Pischel, U

2018-04-03

The idea of using molecules in the context of information security has sparked the interest of researchers from many scientific disciplines. This is clearly manifested in the diversity of the molecular platforms and the analytical techniques used for this purpose, some of which we highlight in this Tutorial Review. Moreover, those molecular systems can be used to emulate a broad spectrum of security measures. For a long time, molecular keypad locks enjoyed a clear preference and the review starts off with a description of how these devices developed. In the last few years, however, the field has evolved into something larger. Examples include more complex authentication protocols (multi-factor authentication and one-time passwords), the recognition of erroneous procedures in data transmission (parity devices), as well as steganographic and cryptographic protection.

40 CFR 720.40 - General.

Code of Federal Regulations, 2014 CFR

2014-07-01

...) E-mail. [email protected]net. (b) When to submit a notice. Each person who is required to submit a... website at http://cdx.epa.gov/epa_home.asp. (f) New information. During the notice review period, if the...

Using an introduction website to start a family: implications for users and health practitioners.

PubMed

Harper, Joyce; Jackson, Emily; Spoelstra-Witjens, Laura; Reisel, Dan

2017-06-01

Donor insemination treatment offered in licensed clinics protects the donor, recipient and offspring both medically and legally. The Internet has opened up novel, unregulated ways of donating sperm through 'introduction websites' and social media forums. Broadly, three categories of women use introduction websites: those who want to have a child with no further involvement of the donor; those who wish to know the identity of the donor from the start; and those who intend to electively co-parent, that is, to bring up the child together with the donor/father. Donors may choose to donate through introduction websites for altruistic reasons and/or in order to have greater involvement with the child. There are some donors who are motivated by the prospect of a sexual encounter, advertising their preference for 'natural insemination' - i.e. via sexual intercourse or partial intercourse. When people make their own arrangements online, they may do so in the absence of clear, accurate information. This article, sets out some of the issues that recipients and donors ought to consider before embarking on unregulated sperm donation.

31 CFR 351.20 - What is the investment yield (interest) during the original maturity period of Series EE savings...

Code of Federal Regulations, 2010 CFR

2010-07-01

... email at [email protected], or by writing us at the following address: Bureau of the Public Debt... prior to 5 years from issue date at our website at www.savingsbonds.gov, by contacting us by email at [email protected], or writing to the following address: Bureau of the Public Debt, Parkersburg, West...

Internet filters and entry pages do not protect children from online alcohol marketing.

PubMed

Jones, Sandra C; Thom, Jeffrey A; Davoren, Sondra; Barrie, Lance

2014-02-01

We review programs and policies to prevent children from accessing alcohol marketing online. To update the literature, we present our recent studies that assess (i) in-built barriers to underage access to alcohol brand websites and (ii) commercial internet filters. Alcohol websites typically had poor filter systems for preventing entry of underage persons; only half of the sites required the user to provide a date of birth, and none had any means of preventing users from trying again. Even the most effective commercial internet filters allowed access to one-third of the sites we examined.

Restrictions impeding web-based courses: a survey of publishers' variation in authorising access to high quality on-line literature.

PubMed

Langlois, Michele; Heller, Richard F; Edwards, Richard; Lyratzopoulos, Georgios; Sandars, John

2004-04-07

Web-based delivery of educational programmes is becoming increasingly popular and is expected to expand, especially in medicine. The successful implementation of these programmes is reliant on their ability to provide access to web based materials, including high quality published work. Publishers' responses to requests to access health literature in the context of developing an electronic Master's degree course are described. Two different permission requests were submitted to publishers. The first was to store an electronic version of a journal article, to which we subscribe, on a secure password protected server. The second was to reproduce extracts of published material on password protected web pages and CD Rom. Eight of 16 publishers were willing to grant permission to store electronic versions of articles without levying charges additional to the subscription. Twenty of 35 publishers gave permission to reproduce extracts of published work at no fee. Publishers' responses were highly variable to the requests for access to published material. This may be influenced by vague terminology within the 'fair dealing' provision in the copyright legislation, which seems to leave it open to individual interpretation. Considerable resource costs were incurred by the exercise. Time expended included those incurred by us: research to identify informed representatives within the publishing organisation, request 'chase-ups' and alternative examples being sought if publishers were uncooperative; and the publisher when dealing with numerous permission requests. Financial costs were also incurred by both parties through additional staffing and paperwork generated by the permission process, the latter including those purely borne by educators due to the necessary provision of photocopy 'course packs' when no suitably alternative material could be found if publishers were uncooperative. Finally we discuss the resultant bias in material towards readily available electronic resources as a result of publisher's uncooperative stance and encourage initiatives that aim to improve open electronic access. The permission request process has been expensive and has resulted in reduced access for students to the relevant literature. Variations in the responses from publishers suggest that for educational purposes common policies could be agreed and unnecessary restrictions removed in the future.

40 CFR 720.40 - General.

Code of Federal Regulations, 2011 CFR

2011-07-01

... at 1-888-890-1995. (C) E-mail. [email protected]net. (b) When to submit a notice. Each person who is... from the CDX website at http://cdx.epa.gov/epa_home.asp. (f) New information. During the notice review...

40 CFR 720.40 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... at 1-888-890-1995. (C) E-mail. [email protected]net. (b) When to submit a notice. Each person who is... from the CDX website at http://cdx.epa.gov/epa_home.asp. (f) New information. During the notice review...

40 CFR 720.40 - General.

Code of Federal Regulations, 2012 CFR

2012-07-01

... at 1-888-890-1995. (C) E-mail. [email protected]net. (b) When to submit a notice. Each person who is... from the CDX website at http://cdx.epa.gov/epa_home.asp. (f) New information. During the notice review...

40 CFR 720.40 - General.

Code of Federal Regulations, 2013 CFR

2013-07-01

... at 1-888-890-1995. (C) E-mail. [email protected]net. (b) When to submit a notice. Each person who is... from the CDX website at http://cdx.epa.gov/epa_home.asp. (f) New information. During the notice review...

INTRODUCING THE FIRST EVER PEC WEBSITE

EPA Science Inventory

Since it's creation in 1985, the Pathogen Equivalency Committee (PEC) has been reviewing novel sludge disinfection technologies and their ability to protect human health and the environment. The PEC is charged to make recommendations on whether these novel technologies provide eq...

75 FR 22401 - Petition from Pesticide Poisoning Victims United; Notice of Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-28

... protected through regulations.gov or e- mail. The regulations.gov website is an ``anonymous access'' system... should avoid the use of special characters, any form of encryption, and be free of any defects or viruses...

Provider-Initiated Patient Satisfaction Reporting Yields Improved Physician Ratings Relative to Online Rating Websites.

PubMed

Ricciardi, Benjamin F; Waddell, Brad S; Nodzo, Scott R; Lange, Jeffrey; Nocon, Allina A; Amundsen, Spencer; Tarity, T David; McLawhorn, Alexander S

2017-09-01

Recently, providers have begun to publicly report the results of patient satisfaction surveys from their practices. However, these outcomes have never been compared with the findings of commercial online physician rating websites. The goals of the current study were to (1) compare overall patient satisfaction ratings for orthopedic surgeons derived from provider-based third-party surveys with existing commercial physician rating websites and (2) determine the association between patient ratings and provider characteristics. The authors identified 12 institutions that provided publicly available patient satisfaction outcomes derived from third-party surveys for their orthopedic surgeons as of August 2016. Orthopedic surgeons at these institutions were eligible for inclusion (N=340 surgeons). Provider characteristics were recorded from publicly available data. Four high-traffic commercial online physician rating websites were identified: Healthgrades.com, UCompareHealthCare.com, Vitals.com, and RateMDs.com. For each surgeon, overall ratings (on a scale of 1-5), total number of ratings, and percentage of negative ratings were compared between provider-initiated internal ratings and each commercial online website. Associations between baseline factors and overall physician ratings and negative ratings were assessed. Provider-initiated internal patient satisfaction ratings showed a greater number of overall patient ratings, higher overall patient satisfaction ratings, and a lower percentage of negative comments compared with commercial online physician rating websites. A greater number of years in practice had a weak association with lower internal ratings, and an academic practice setting and a location in the Northeast were protective factors for negative physician ratings. Compared with commercial online physician rating websites, provider-initiated patient satisfaction ratings of orthopedic surgeons appear to be more favorable, with greater numbers of responses. [Orthopedics. 2017; 40(5):304-310.]. Copyright 2017, SLACK Incorporated.

The Step Method - Battling Identity Theft Using E-Retailers' Websites

NASA Astrophysics Data System (ADS)

Schulze, Marion; Shah, Mahmood H.

Identity theft is the fastest growing crime in the 21st century. This paper investigates firstly what well-known e-commerce organizations are communicating on their websites to address this issue. For this purpose we analyze secondary data (literature and websites of ten organizations). Secondly we investigate the good practice in this area and recommend practical steps. The key findings are that some organizations only publish minimum security information to comply with legal requirements. Others inform consumers on how they actively try to prevent identity theft, how consumers can protect themselves, and about supporting actions when identity theft related fraud actually happens. From these findings we developed the Support - Trust - Empowerment -Prevention (STEP) method. It is aimed at helping to prevent identity theft and dealing with consequences when it occurs. It can help organizations on gaining and keeping consumers’ trust which is so essential for e-retailers in a climate of rising fraud.

Black megachurch websites: an assessment of health content for congregations and communities.

PubMed

Campbell, Anthony D; Wallace, Gail

2015-01-01

This study examines the health-related content of Black megachurch websites in the southeastern United States. Data collection resulted in the identification of qualitative themes and frequencies of references to general health, specific health conditions, and corresponding general and specific health ministries. The most salient qualitative themes included holistic definitions of health, attention to racial health disparities, belief in divine health and protection from illness, emphasis on individual health responsibility, and belief in a religion-health connection. Nearly all websites referred to general health, and 74% mentioned a general health ministry. The most frequent references to specific health conditions included addiction, cancer, and HIV/AIDS, roughly corresponding to the top mentioned specific health ministries. This study provides baseline data on Black megachurch efforts to convey health information to their virtual congregations and communities. Findings support recent initiatives to involve megachurches in the provision of health messages within cultural frames to reach African Americans.

An Online Skin Cancer Risk-Reduction Intervention for Young Adults: Mechanisms of Effects

PubMed Central

Heckman, Carolyn J.; Handorf, Elizabeth A.; Darlow, Susan D.; Ritterband, Lee M.; Manne, Sharon L.

2016-01-01

Objective The study’s purpose was to investigate moderator, implementation, and mediator variables related to the efficacy of UV4.me, an internet intervention that decreased ultraviolet radiation (UV) exposure and increased skin protection behaviors among young adults. Methods Nine-hundred sixty-five 18-25 year olds at risk for skin cancer were recruited nationally online. Participants were randomized to an experimental website (UV4.me), a control website, or assessment only. Participant characteristics (moderators), engagement with and perceptions of interventions (implementation measures), and exposure and protection attitudinal variables (mediators) were assessed. Linear regression and mediation analyses were conducted. Results Intervention effects on skin protection were greater for participants with a family history of skin cancer (p = 0.01). Intervention effects on UV exposure were greater among recent indoor tanners (p = 0.04). Improvements in skin protection (but not UV exposure) were associated with perceiving the interventions as satisfying or helpful (ps< .01). The experimental group had better outcomes if they completed more modules (ps< .01) or set more behavioral goals (ps< .01). Knowledge and exposure decisional balance mediated intervention effects for UV exposure (ps < 0.05), and protection decisional balance, self-efficacy, and intentions mediated intervention effects for protection (ps < 0.05). Conclusions The experimental intervention was more efficacious for certain high risk groups. The more individuals liked and engaged with the interventions (e.g., by setting goals), the better their outcomes. Mediation results inform theory about change mechanisms and differed by behavioral outcome. PMID:27819460

An online skin cancer risk-reduction intervention for young adults: Mechanisms of effects.

PubMed

Heckman, Carolyn J; Handorf, Elizabeth A; Darlow, Susan D; Ritterband, Lee M; Manne, Sharon L

2017-03-01

The study's purpose was to investigate moderator, implementation, and mediator variables related to the efficacy of UV4.me, an Internet intervention that decreased ultraviolet radiation (UV) exposure and increased skin protection behaviors among young adults. A total of 965 18-25 year olds at risk for skin cancer were recruited nationally online. Participants were randomized to an experimental website (UV4.me), a control website, or assessment only. Participant characteristics (moderators), engagement with and perceptions of interventions (implementation measures), and exposure and protection attitudinal variables (mediators) were assessed. Linear regression and mediation analyses were conducted. Intervention effects on skin protection were greater for participants with a family history of skin cancer (p = .01). Intervention effects on UV exposure were greater among recent indoor tanners (p = .04). Improvements in skin protection (but not UV exposure) were associated with perceiving the interventions as satisfying or helpful (ps < .01). The experimental group had better outcomes if they completed more modules (ps < .01) or set more behavioral goals (ps < .01). Knowledge and exposure decisional balance mediated intervention effects for UV exposure (ps < .05), and protection decisional balance, self-efficacy, and intentions mediated intervention effects for protection (ps < .05). The experimental intervention was more efficacious for certain high risk groups. The more individuals liked and engaged with the interventions (e.g., by setting goals), the better their outcomes. Mediation results inform theory about change mechanisms and differed by behavioral outcome. (PsycINFO Database Record (c) 2017 APA, all rights reserved).

Leveraging Observations of Security Force Assistance in Afghanistan for Global Operations

DTIC Science & Technology

2013-01-01

commercial use only. Unauthorized posting of RAND electronic documents to a non-RAND website is prohibited. RAND electronic documents are protected under...copyright law. Permission is required from RAND to reproduce, or reuse in another form, any of our research documents for commercial use . For...contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of

Adopting Quality Criteria for Websites Providing Medical Information About Rare Diseases

PubMed Central

Göbel, Jens; Storf, Holger; Litzkendorf, Svenja; Babac, Ana; Frank, Martin; Lührs, Verena; Schauer, Franziska; Schmidtke, Jörg; Biehl, Lisa; Wagner, Thomas OF; Ückert, Frank; Graf von der Schulenburg, Johann-Matthias; Hartz, Tobias

2016-01-01

Background The European Union considers diseases to be rare when they affect less than 5 in 10,000 people. It is estimated that there are between 5000 and 8000 different rare diseases. Consistent with this diversity, the quality of information available on the Web varies considerably. Thus, quality criteria for websites about rare diseases are needed. Objective The objective of this study was to generate a catalog of quality criteria suitable for rare diseases. Methods First, relevant certificates and quality recommendations for health information websites were identified through a comprehensive Web search. Second, all considered quality criteria of each certification program and catalog were examined, extracted into an overview table, and analyzed by thematic content. Finally, an interdisciplinary expert group verified the relevant quality criteria. Results We identified 9 quality certificates and criteria catalogs for health information websites with 304 single criteria items. Through this, we aggregated 163 various quality criteria, each assigned to one of the following categories: thematic, technical, service, content, and legal. Finally, a consensus about 13 quality criteria for websites offering medical information on rare diseases was determined. Of these categories, 4 (data protection concept, imprint, creation and updating date, and possibility to contact the website provider) were identified as being the most important for publishing medical information about rare diseases. Conclusions The large number of different quality criteria appearing within a relatively small number of criteria catalogs shows that the opinion of what is important in the quality of health information differs. In addition, to define useful quality criteria for websites about rare diseases, which are an essential source of information for many patients, a trade-off is necessary between the high standard of quality criteria for health information websites in general and the limited provision of information about some rare diseases. Finally, transparently presented quality assessments can help people to find reliable information and to assess its quality. PMID:27562540

Adopting Quality Criteria for Websites Providing Medical Information About Rare Diseases.

PubMed

Pauer, Frédéric; Göbel, Jens; Storf, Holger; Litzkendorf, Svenja; Babac, Ana; Frank, Martin; Lührs, Verena; Schauer, Franziska; Schmidtke, Jörg; Biehl, Lisa; Wagner, Thomas Of; Ückert, Frank; Graf von der Schulenburg, Johann-Matthias; Hartz, Tobias

2016-08-25

The European Union considers diseases to be rare when they affect less than 5 in 10,000 people. It is estimated that there are between 5000 and 8000 different rare diseases. Consistent with this diversity, the quality of information available on the Web varies considerably. Thus, quality criteria for websites about rare diseases are needed. The objective of this study was to generate a catalog of quality criteria suitable for rare diseases. First, relevant certificates and quality recommendations for health information websites were identified through a comprehensive Web search. Second, all considered quality criteria of each certification program and catalog were examined, extracted into an overview table, and analyzed by thematic content. Finally, an interdisciplinary expert group verified the relevant quality criteria. We identified 9 quality certificates and criteria catalogs for health information websites with 304 single criteria items. Through this, we aggregated 163 various quality criteria, each assigned to one of the following categories: thematic, technical, service, content, and legal. Finally, a consensus about 13 quality criteria for websites offering medical information on rare diseases was determined. Of these categories, 4 (data protection concept, imprint, creation and updating date, and possibility to contact the website provider) were identified as being the most important for publishing medical information about rare diseases. The large number of different quality criteria appearing within a relatively small number of criteria catalogs shows that the opinion of what is important in the quality of health information differs. In addition, to define useful quality criteria for websites about rare diseases, which are an essential source of information for many patients, a trade-off is necessary between the high standard of quality criteria for health information websites in general and the limited provision of information about some rare diseases. Finally, transparently presented quality assessments can help people to find reliable information and to assess its quality.

Hazardous Waste Clean-Up Information (CLU-IN) On-line Characterization and Remediation Databases Fact Sheet

EPA Pesticide Factsheets

This fact sheet provides an overview of the 10 on-line characterization and remediation databases available on the Hazardous Waste Clean-Up Information (CLU-IN) website sponsored by the U.S. Environmental Protection Agency.

75 FR 13281 - Fipronil; Receipt of Application for Emergency Exemption, Solicitation of Public Comment

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-19

... or otherwise protected through regulations.gov or e- mail. The regulations.gov website is an... files should avoid the use of special characters, any form of encryption, and be free of any defects or...

76 FR 25710 - Notice of Lodging of a Consent Decree Under the Comprehensive Environmental Response...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-05

... Justice website: http://www.usdoj.gov/enrd/Consent_Decrees.html . A copy of the proposed consent [email protected] ), fax no. (202) 514-0097, phone confirmation number (202) 514-1547. In requesting a...

A physical map of Brassica oleracea shows complexity of chromosomal changes following recursive paleopolyploidizations

PubMed Central

2011-01-01

Background Evolution of the Brassica species has been recursively affected by polyploidy events, and comparison to their relative, Arabidopsis thaliana, provides means to explore their genomic complexity. Results A genome-wide physical map of a rapid-cycling strain of B. oleracea was constructed by integrating high-information-content fingerprinting (HICF) of Bacterial Artificial Chromosome (BAC) clones with hybridization to sequence-tagged probes. Using 2907 contigs of two or more BACs, we performed several lines of comparative genomic analysis. Interspecific DNA synteny is much better preserved in euchromatin than heterochromatin, showing the qualitative difference in evolution of these respective genomic domains. About 67% of contigs can be aligned to the Arabidopsis genome, with 96.5% corresponding to euchromatic regions, and 3.5% (shown to contain repetitive sequences) to pericentromeric regions. Overgo probe hybridization data showed that contigs aligned to Arabidopsis euchromatin contain ~80% of low-copy-number genes, while genes with high copy number are much more frequently associated with pericentromeric regions. We identified 39 interchromosomal breakpoints during the diversification of B. oleracea and Arabidopsis thaliana, a relatively high level of genomic change since their divergence. Comparison of the B. oleracea physical map with Arabidopsis and other available eudicot genomes showed appreciable 'shadowing' produced by more ancient polyploidies, resulting in a web of relatedness among contigs which increased genomic complexity. Conclusions A high-resolution genetically-anchored physical map sheds light on Brassica genome organization and advances positional cloning of specific genes, and may help to validate genome sequence assembly and alignment to chromosomes. All the physical mapping data is freely shared at a WebFPC site (http://lulu.pgml.uga.edu/fpc/WebAGCoL/brassica/WebFPC/; Temporarily password-protected: account: pgml; password: 123qwe123. PMID:21955929

SU-E-E-02: Dashboard for Tracking Physics Resident Progress

DOE Office of Scientific and Technical Information (OSTI.GOV)

Becker, SJ

2014-06-01

Purpose: Design a system to easily and securely track the progress of medical physics residents through their residency. Paper sign-offs while offering a real signature are not easily updated or summarized. A resident or mentor needs to be able to quickly assess what the current assignments are, what are overdue, and whether the resident is on track to complete all the tasks in a timely fashion. An electronic version can accomplish all these goals. Methods: An electronic dashboard was created in excel to not only house the tasks and sign-off but to succinctly summarize the residents progress. The first tabmore » contains the dashboard which displays tables of the progress of the residents in each rotation, their current task, and overdue tasks. It also displays the last meetings with the residents, and timeline of important items, and a burn-down chart of the remaining tasks. This are all tied to the data and current date which auto fills the tables. The second tab contains the data. This is comprised of lists of rotations and their associated tasks along with their due dates. A signature column was also created which is password protected but allows special subset users i.e. mentors to alter without using a password. Results: The dashboard has allowed residents to better track their progress and tells them what they should be working on. It has also allowed the mentors and the program director to rapid assess their progress. Conclusion: The dashboard is successful and has been created to allow easy addition and subtraction of required tasks as the residency evolves. The next step is to create a web app version of the excel sheet with logins.« less

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

PubMed Central

Lee, Youngsook; Paik, Juryon

2014-01-01

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme. PMID:25302330

Security analysis and improvement of an anonymous authentication scheme for roaming services.

PubMed

Lee, Youngsook; Paik, Juryon

2014-01-01

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme.

A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi; Wang, Chun-Cheng

2015-11-01

To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das's authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

Development of a web-based, work-related asthma educational tool for patients with asthma.

PubMed

Ghajar-Khosravi, Shadi; Tarlo, Susan M; Liss, Gary M; Chignell, Mark; Ribeiro, Marcos; Levinson, Anthony J; Gupta, Samir

2013-01-01

Asthma is a common chronic condition. Work-related asthma (WRA) has a large socioeconomic impact and is increasing in prevalence but remains under-recognized. Although international guidelines recommend patient education, no widely available educational tool exists. To develop a WRA educational website for adults with asthma. An evidence-based database for website content was developed, which applied evidence-based website design principles to create a website prototype. This was subsequently tested and serially revised according to patient feedback in three moderated phases (one focus group and two interview phases), followed by face validation by asthma educators. Patients (n=10) were 20 to 28 years of age; seven (70%) were female, three (30%) were in university, two (20%) were in college and five (50%) were currently employed. Key format preferences included: well-spaced, bulleted text; movies (as opposed to animations); photos (as opposed to cartoons); an explicit listing of website aims on the home page; and an exploding tab structure. Participants disliked integrated games and knowledge quizzes. Desired informational content included a list of triggers, prevention⁄control methods, currently available tools and resources, a self-test for WRA, real-life scenario presentations, compensation information, information for colleagues on how to react during an asthma attack and a WRA discussion forum. The website met the perceived needs of young asthmatic patients. This resource could be disseminated widely and should be tested for its effects on patient behaviour, including job choice, workplace irritant⁄allergen avoidance and⁄or protective equipment, asthma medication use and physician prompting for management of WRA symptoms.

Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems.

PubMed

Zhang, Liping; Zhu, Shaohui

2015-05-01

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

Are physicians aware enough of patient radiation protection? Results from a survey among physicians of Pavia District- Italy.

PubMed

Campanella, Francesca; Rossi, Laura; Giroletti, Elio; Micheletti, Piero; Buzzi, Fabio; Villani, Simona

2017-06-14

Radiological practices are the first anthropic sources of ionizing radiation exposure of the population. However, a review of recent publications underlines inadequate doctors' knowledge about doses imparted in medical practices and about patient protection that might explain unnecessary radiological prescriptions. We investigated the knowledge of the physicians of Pavia District (Italy) on the risk of radiation exposure. A cross sectional study was performed involving the Medical Association of Pavia District. Data were collected with a self-administered questionnaire, available on-line with private login and password. Four hundred nineteen physicians fulfilled the questionnaire; 48% of participants reported training about radiation protection. The average percentage of correct answers on the knowledge on ionizing radiation was 62.29%, with a significantly higher result between radiologist. Around 5 and 13% of the responders do not know that, respectively, ultrasonography and magnetic resonance do not expose patients to ionizing radiations. Only 5% of the physicians properly identified the cancer risk rate associated to abdomen computed tomography. The findings show a quite good level of the general knowledge about ionizing radiations, higher that reported in literature. Nevertheless, we believe the usefulness of training on the risk linked to radiation exposure in medicine for physicians employed in every area.

ACTIVE PEC APPLICATIONS, THE PEC WEBSITE, AND SLUDGE STABILITY RESEARCH

EPA Science Inventory

Since it's creation in 1985, the Pathogen Equivalency Committee (PEC) has been reviewing novel sludge disinfection technologies with regards to their abilities to protect human health and the environment. The PEC is charged to make recommendations on whether these novel technolog...

EPA's Public Access Website Children’s Privacy and Copyright Issues

EPA Pesticide Factsheets

This document establishes the policy for protecting the privacy of children on EPA’s Public Access Web site. It concerns the collection, both online and off, of information from ages 13 and under, and the display of Personally Identifying Information (PII)

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

PubMed Central

Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme. PMID:24892078

A robust and effective smart-card-based remote user authentication mechanism using hash function.

PubMed

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2014-01-01

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

De-MA: a web Database for electron Microprobe Analyses to assist EMP lab manager and users

NASA Astrophysics Data System (ADS)

Allaz, J. M.

2012-12-01

Lab managers and users of electron microprobe (EMP) facilities require comprehensive, yet flexible documentation structures, as well as an efficient scheduling mechanism. A single on-line database system for managing reservations, and providing information on standards, quantitative and qualitative setups (element mapping, etc.), and X-ray data has been developed for this purpose. This system is particularly useful in multi-user facilities where experience ranges from beginners to the highly experienced. New users and occasional facility users will find these tools extremely useful in developing and maintaining high quality, reproducible, and efficient analyses. This user-friendly database is available through the web, and uses MySQL as a database and PHP/HTML as script language (dynamic website). The database includes several tables for standards information, X-ray lines, X-ray element mapping, PHA, element setups, and agenda. It is configurable for up to five different EMPs in a single lab, each of them having up to five spectrometers and as many diffraction crystals as required. The installation should be done on a web server supporting PHP/MySQL, although installation on a personal computer is possible using third-party freeware to create a local Apache server, and to enable PHP/MySQL. Since it is web-based, any user outside the EMP lab can access this database anytime through any web browser and on any operating system. The access can be secured using a general password protection (e.g. htaccess). The web interface consists of 6 main menus. (1) "Standards" lists standards defined in the database, and displays detailed information on each (e.g. material type, name, reference, comments, and analyses). Images such as EDS spectra or BSE can be associated with a standard. (2) "Analyses" lists typical setups to use for quantitative analyses, allows calculation of mineral composition based on a mineral formula, or calculation of mineral formula based on a fixed amount of oxygen, or of cation (using an analysis in element or oxide weight-%); this latter includes re-calculation of H2O/CO2 based on stoichiometry, and oxygen correction for F and Cl. Another option offers a list of any available standards and possible peak or background interferences for a series of elements. (3) "X-ray maps" lists the different setups recommended for element mapping using WDS, and a map calculator to facilitate maps setups and to estimate the total mapping time. (4) "X-ray data" lists all x-ray lines for a specific element (K, L, M, absorption edges, and satellite peaks) in term of energy, wavelength and peak position. A check for possible interferences on peak or background is also possible. Theoretical x-ray peak positions for each crystal are calculated based on the 2d spacing of each crystal and the wavelength of each line. (5) "Agenda" menu displays the reservation dates for each month and for each EMP lab defined. It also offers a reservation request option, this request being sent by email to the EMP manager for approval. (6) Finally, "Admin" is password restricted, and contains all necessary options to manage the database through user-friendly forms. The installation of this database is made easy and knowledge of HTML, PHP, or MySQL is unnecessary to install, configure, manage, or use it. A working database is accessible at http://cub.geoloweb.ch.

A Real-time Irrigation Forecasting System in Jiefangzha Irrigation District, China

NASA Astrophysics Data System (ADS)

Cong, Z.

2015-12-01

In order to improve the irrigation efficiency, we need to know when and how much to irrigate in real time. If we know the soil moisture content at this time, we can forecast the soil moisture content in the next days based on the rainfall forecasting and the crop evapotranspiration forecasting. Then the irrigation should be considered when the forecasting soil moisture content reaches to a threshold. Jiefangzha Irrigation District, a part of Hetao Irrigation District, is located in Inner Mongolia, China. The irrigated area of this irrigation district is about 140,000 ha mainly planting wheat, maize and sunflower. The annual precipitation is below 200mm, so the irrigation is necessary and the irrigation water comes from the Yellow river. We set up 10 sites with 4 TDR sensors at each site (20cm, 40cm, 60cm and 80cm depth) to monitor the soil moisture content. The weather forecasting data are downloaded from the website of European Centre for Medium-Range Weather Forecasts (ECMWF). The reference evapotranspiration is estimated based on FAO-Blaney-Criddle equation with only the air temperature from ECMWF. Then the crop water requirement is forecasted by the crop coefficient multiplying the reference evapotranspiration. Finally, the soil moisture content is forecasted based on soil water balance with the initial condition is set as the monitoring soil moisture content. When the soil moisture content reaches to a threshold, the irrigation warning will be announced. The irrigation mount can be estimated through three ways: (1) making the soil moisture content be equal to the field capacity; (2) making the soil moisture saturated; or (3) according to the irrigation quota. The forecasting period is 10 days. The system is developed according to B2C model with Java language. All the databases and the data analysis are carried out in the server. The customers can log in the website with their own username and password then get the information about the irrigation forecasting and other information about the irrigation. This system can be expanded in other irrigation districts. In future, it is even possible to upgrade the system for the mobile user.

Development of EPA OTM 10 for Landfill Applications

EPA Science Inventory

In 2006, the U.S. Environmental Protection Agency posted a new test method on its website called OTM 10 which describes direct measurement of pollutant mass emission flux from area sources using ground-based optical remote sensing. The method has validated application to relative...

31 CFR 351.23 - Are tables of redemption values available for bonds issued prior to May 1, 1995?

Code of Federal Regulations, 2010 CFR

2010-07-01

... the appropriate yields and tables by downloading from our website at www.savingsbonds.gov, contacting us by email at [email protected]gov, or by writing us at the following address: Bureau of the...

31 CFR 351.23 - Are tables of redemption values available for bonds issued prior to May 1, 1995?

Code of Federal Regulations, 2014 CFR

2014-07-01

... the appropriate yields and tables by downloading from our website at www.savingsbonds.gov, contacting us by email at [email protected]gov, or by writing us at the following address: Bureau of the...

31 CFR 351.23 - Are tables of redemption values available for bonds issued prior to May 1, 1995?

Code of Federal Regulations, 2011 CFR

2011-07-01

... the appropriate yields and tables by downloading from our website at www.savingsbonds.gov, contacting us by email at [email protected]gov, or by writing us at the following address: Bureau of the...

31 CFR 351.23 - Are tables of redemption values available for bonds issued prior to May 1, 1995?

Code of Federal Regulations, 2013 CFR

2013-07-01

... the appropriate yields and tables by downloading from our website at www.savingsbonds.gov, contacting us by email at [email protected]gov, or by writing us at the following address: Bureau of the...

31 CFR 351.23 - Are tables of redemption values available for bonds issued prior to May 1, 1995?

Code of Federal Regulations, 2012 CFR

2012-07-01

... the appropriate yields and tables by downloading from our website at www.savingsbonds.gov, contacting us by email at [email protected]gov, or by writing us at the following address: Bureau of the...

Cyber crimes.

PubMed

Nuzback, Kara

2014-07-01

Since it began offering cyber liability coverage in December 2011, the Texas Medical Liability Trust has received more than 150 cyber liability claims, most of which involved breaches of electronic protected health information. TMLT's cyber liability insurance will protect practices financially should a breach occur. The insurance covers a breach notification to customers and business partners, expenses for legal counsel, information security and forensic data services, public relations support, call center and website support, credit monitoring, and identity theft restoration services.

BEV Charging Behavior Observed in The EV Project for 2013

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bennett, Brion D.

2014-01-01

This fact sheet will be issued quarterly to report on the number of Nissan Leafs vehicle usage, charging locations, and charging completeness as part of the EV Project. It will be posted on the INL/AVTA and ECOtality websites and will be accessible by the general public. The raw data that is used to create the report is considered proprietary/OUO and NDA protected, but the information in this report is NOT proprietary nor NDA protected.

Alternative Fuels Data Center

Science.gov Websites

operators must notify the appropriate state and local implementing agencies at least 30 days before regulated fuel the agency has identified. This notification timeframe allows agencies to request information implementing agencies by state, see the U.S. Environmental Protection Agency UST Compatibility website and the

Alternative Fuels Data Center

Science.gov Websites

Clean Agriculture Clean Agriculture is a voluntary program that promotes the reduction of diesel cleaner fuels. Clean Agriculture is part of the U.S. Environmental Protection Agency's National Clean information, see the Clean Agriculture website. Point of Contact Jennifer Keller National Clean Diesel

76 FR 23109 - Enhancing Airline Passenger Protections

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-25

... Department; expanding the group of carriers that are required to adopt, follow, and audit customer service... carriers to those required to include their contingency plans and customer service plans on their websites..., and audit customer service plans. The rule also defined chronically delayed flights and deemed them to...

Practical Computer Security through Cryptography

NASA Technical Reports Server (NTRS)

McNab, David; Twetev, David (Technical Monitor)

1998-01-01

The core protocols upon which the Internet was built are insecure. Weak authentication and the lack of low level encryption services introduce vulnerabilities that propagate upwards in the network stack. Using statistics based on CERT/CC Internet security incident reports, the relative likelihood of attacks via these vulnerabilities is analyzed. The primary conclusion is that the standard UNIX BSD-based authentication system is by far the most commonly exploited weakness. Encryption of Sensitive password data and the adoption of cryptographically-based authentication protocols can greatly reduce these vulnerabilities. Basic cryptographic terminology and techniques are presented, with attention focused on the ways in which technology such as encryption and digital signatures can be used to protect against the most commonly exploited vulnerabilities. A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes. Nine practical recommendations for improving security are described.

A digital memories based user authentication scheme with privacy preservation.

PubMed

Liu, JunLiang; Lyu, Qiuyun; Wang, Qiuhua; Yu, Xiangxiang

2017-01-01

The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key), which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users' privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results.

FRAMES-2.0 Software System: Providing Password Protection and Limited Access to Models and Simulations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Whelan, Gene; Pelton, Mitch A.

2007-08-09

One of the most important concerns for regulatory agencies is the concept of reproducibility (i.e., reproducibility means credibility) of an assessment. One aspect of reproducibility deals with tampering of the assessment. In other words, when multiple groups are engaged in an assessment, it is important to lock down the problem that is to be solved and/or to restrict the models that are to be used to solve the problem. The objective of this effort is to provide the U.S. Nuclear Regulatory Commission (NRC) with a means to limit user access to models and to provide a mechanism to constrain themore » conceptual site models (CSMs) when appropriate. The purpose is to provide the user (i.e., NRC) with the ability to “lock down” the CSM (i.e., picture containing linked icons), restrict access to certain models, or both.« less

A digital memories based user authentication scheme with privacy preservation

PubMed Central

Liu, JunLiang; Lyu, Qiuyun; Wang, Qiuhua; Yu, Xiangxiang

2017-01-01

The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key), which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users’ privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results. PMID:29190659

A web-based repository of surgical simulator projects.

PubMed

Leskovský, Peter; Harders, Matthias; Székely, Gábor

2006-01-01

The use of computer-based surgical simulators for training of prospective surgeons has been a topic of research for more than a decade. As a result, a large number of academic projects have been carried out, and a growing number of commercial products are available on the market. Keeping track of all these endeavors for established groups as well as for newly started projects can be quite arduous. Gathering information on existing methods, already traveled research paths, and problems encountered is a time consuming task. To alleviate this situation, we have established a modifiable online repository of existing projects. It contains detailed information about a large number of simulator projects gathered from web pages, papers and personal communication. The database is modifiable (with password protected sections) and also allows for a simple statistical analysis of the collected data. For further information, the surgical repository web page can be found at www.virtualsurgery.vision.ee.ethz.ch.

Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems.

PubMed

Lou, Der-Chyuan; Lee, Tian-Fu; Lin, Tsung-Hung

2015-05-01

Authenticated key agreements for telecare medicine information systems provide patients, doctors, nurses and health visitors with accessing medical information systems and getting remote services efficiently and conveniently through an open network. In order to have higher security, many authenticated key agreement schemes appended biometric keys to realize identification except for using passwords and smartcards. Due to too many transmissions and computational costs, these authenticated key agreement schemes are inefficient in communication and computation. This investigation develops two secure and efficient authenticated key agreement schemes for telecare medicine information systems by using biometric key and extended chaotic maps. One scheme is synchronization-based, while the other nonce-based. Compared to related approaches, the proposed schemes not only retain the same security properties with previous schemes, but also provide users with privacy protection and have fewer transmissions and lower computational cost.

HEP Computing

Science.gov Websites

Argonne National Laboratory HEP Laptop Computing Problem Report Service Request Password Help New on ANL Exchange: See section for your OS Printing Available Software for Download VPN: Virtual

"iBIM"--internet-based interactive modules: an easy and interesting learning tool for general surgery residents.

PubMed

Azer, Nader; Shi, Xinzhe; de Gara, Chris; Karmali, Shahzeer; Birch, Daniel W

2014-04-01

The increased use of information technology supports a resident- centred educational approach that promotes autonomy, flexibility and time management and helps residents to assess their competence, promoting self-awareness. We established a web-based e-learning tool to introduce general surgery residents to bariatric surgery and evaluate them to determine the most appropriate implementation strategy for Internet-based interactive modules (iBIM) in surgical teaching. Usernames and passwords were assigned to general surgery residents at the University of Alberta. They were directed to the Obesity101 website and prompted to complete a multiple-choice precourse test. Afterwards, they were able to access the interactive modules. Residents could review the course material as often as they wanted before completing a multiple-choice postcourse test and exit survey. We used paired t tests to assess the difference between pre- and postcourse scores. Out of 34 residents who agreed to participate in the project, 12 completed the project (35.3%). For these 12 residents, the precourse mean score was 50 ± 17.3 and the postcourse mean score was 67 ± 14 (p = 0.020). Most residents who participated in this study recommended using the iBIMs as a study tool for bariatric surgery. Course evaluation scores suggest this novel approach was successful in transferring knowledge to surgical trainees. Further development of this tool and assessment of implementation strategies will determine how iBIM in bariatric surgery may be integrated into the curriculum.

An authentication scheme for secure access to healthcare services.

PubMed

Khan, Muhammad Khurram; Kumari, Saru

2013-08-01

Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

Parallel, Distributed Scripting with Python

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miller, P J

2002-05-24

Parallel computers used to be, for the most part, one-of-a-kind systems which were extremely difficult to program portably. With SMP architectures, the advent of the POSIX thread API and OpenMP gave developers ways to portably exploit on-the-box shared memory parallelism. Since these architectures didn't scale cost-effectively, distributed memory clusters were developed. The associated MPI message passing libraries gave these systems a portable paradigm too. Having programmers effectively use this paradigm is a somewhat different question. Distributed data has to be explicitly transported via the messaging system in order for it to be useful. In high level languages, the MPI librarymore » gives access to data distribution routines in C, C++, and FORTRAN. But we need more than that. Many reasonable and common tasks are best done in (or as extensions to) scripting languages. Consider sysadm tools such as password crackers, file purgers, etc ... These are simple to write in a scripting language such as Python (an open source, portable, and freely available interpreter). But these tasks beg to be done in parallel. Consider the a password checker that checks an encrypted password against a 25,000 word dictionary. This can take around 10 seconds in Python (6 seconds in C). It is trivial to parallelize if you can distribute the information and co-ordinate the work.« less

Computer assisted audit techniques for UNIX (UNIX-CAATS)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Polk, W.T.

1991-12-31

Federal and DOE regulations impose specific requirements for internal controls of computer systems. These controls include adequate separation of duties and sufficient controls for access of system and data. The DOE Inspector General`s Office has the responsibility to examine internal controls, as well as efficient use of computer system resources. As a result, DOE supported NIST development of computer assisted audit techniques to examine BSD UNIX computers (UNIX-CAATS). These systems were selected due to the increasing number of UNIX workstations in use within DOE. This paper describes the design and development of these techniques, as well as the results ofmore » testing at NIST and the first audit at a DOE site. UNIX-CAATS consists of tools which examine security of passwords, file systems, and network access. In addition, a tool was developed to examine efficiency of disk utilization. Test results at NIST indicated inadequate password management, as well as weak network resource controls. File system security was considered adequate. Audit results at a DOE site indicated weak password management and inefficient disk utilization. During the audit, we also found improvements to UNIX-CAATS were needed when applied to large systems. NIST plans to enhance the techniques developed for DOE/IG in future work. This future work would leverage currently available tools, along with needed enhancements. These enhancements would enable DOE/IG to audit large systems, such as supercomputers.« less

Computer assisted audit techniques for UNIX (UNIX-CAATS)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Polk, W.T.

1991-01-01

Federal and DOE regulations impose specific requirements for internal controls of computer systems. These controls include adequate separation of duties and sufficient controls for access of system and data. The DOE Inspector General's Office has the responsibility to examine internal controls, as well as efficient use of computer system resources. As a result, DOE supported NIST development of computer assisted audit techniques to examine BSD UNIX computers (UNIX-CAATS). These systems were selected due to the increasing number of UNIX workstations in use within DOE. This paper describes the design and development of these techniques, as well as the results ofmore » testing at NIST and the first audit at a DOE site. UNIX-CAATS consists of tools which examine security of passwords, file systems, and network access. In addition, a tool was developed to examine efficiency of disk utilization. Test results at NIST indicated inadequate password management, as well as weak network resource controls. File system security was considered adequate. Audit results at a DOE site indicated weak password management and inefficient disk utilization. During the audit, we also found improvements to UNIX-CAATS were needed when applied to large systems. NIST plans to enhance the techniques developed for DOE/IG in future work. This future work would leverage currently available tools, along with needed enhancements. These enhancements would enable DOE/IG to audit large systems, such as supercomputers.« less

An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity

PubMed Central

Lu, Yanrong; Li, Lixiang; Zhang, Hao; Yang, Yixian

2016-01-01

User anonymity is one of the key security features of an authenticated key agreement especially for communicating messages via an insecure network. Owing to the better properties and higher performance of chaotic theory, the chaotic maps have been introduced into the security schemes, and hence numerous key agreement schemes have been put forward under chaotic-maps. Recently, Xie et al. released an enhanced scheme under Farash et al.’s scheme and claimed their improvements could withstand the security loopholes pointed out in the scheme of Farash et al., i.e., resistance to the off-line password guessing and user impersonation attacks. Nevertheless, through our careful analysis, the improvements were released by Xie et al. still could not solve the problems troubled in Farash et al‥ Besides, Xie et al.’s improvements failed to achieve the user anonymity and the session key security. With the purpose of eliminating the security risks of the scheme of Xie et al., we design an anonymous password-based three-party authenticated key agreement under chaotic maps. Both the formal analysis and the formal security verification using AVISPA are presented. Also, BAN logic is used to show the correctness of the enhancements. Furthermore, we also demonstrate that the design thwarts most of the common attacks. We also make a comparison between the recent chaotic-maps based schemes and our enhancements in terms of performance. PMID:27101305

Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol. PMID:25309956

Privacy-protected biometric templates: acoustic ear identification

NASA Astrophysics Data System (ADS)

Tuyls, Pim T.; Verbitskiy, Evgeny; Ignatenko, Tanya; Schobben, Daniel; Akkermans, Ton H.

2004-08-01

Unique Biometric Identifiers offer a very convenient way for human identification and authentication. In contrast to passwords they have hence the advantage that they can not be forgotten or lost. In order to set-up a biometric identification/authentication system, reference data have to be stored in a central database. As biometric identifiers are unique for a human being, the derived templates comprise unique, sensitive and therefore private information about a person. This is why many people are reluctant to accept a system based on biometric identification. Consequently, the stored templates have to be handled with care and protected against misuse [1, 2, 3, 4, 5, 6]. It is clear that techniques from cryptography can be used to achieve privacy. However, as biometric data are noisy, and cryptographic functions are by construction very sensitive to small changes in their input, and hence one can not apply those crypto techniques straightforwardly. In this paper we show the feasibility of the techniques developed in [5], [6] by applying them to experimental biometric data. As biometric identifier we have choosen the shape of the inner ear-canal, which is obtained by measuring the headphone-to-ear-canal Transfer Functions (HpTFs) which are known to be person dependent [7].

A Multifactor Secure Authentication System for Wireless Payment

NASA Astrophysics Data System (ADS)

Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected health care.

PubMed

Xie, Qi; Liu, Wenhao; Wang, Shengbao; Han, Lidong; Hu, Bin; Wu, Ting

2014-09-01

Patient's privacy-preserving, security and mutual authentication between patient and the medical server are the important mechanism in connected health care applications, such as telecare medical information systems and personally controlled health records systems. In 2013, Wen showed that Das et al.'s scheme is vulnerable to the replay attack, user impersonation attacks and off-line guessing attacks, and then proposed an improved scheme using biometrics, password and smart card to overcome these weaknesses. However, we show that Wen's scheme is still vulnerable to off-line password guessing attacks, does not provide user's anonymity and perfect forward secrecy. Further, we propose an improved scheme to fix these weaknesses, and use the applied pi calculus based formal verification tool ProVerif to prove the security and authentication.

Location, location, location: utilizing pipelines and services to more effectively georeference the world's biodiversity data

PubMed Central

Hill, Andrew W; Guralnick, Robert; Flemons, Paul; Beaman, Reed; Wieczorek, John; Ranipeta, Ajay; Chavan, Vishwas; Remsen, David

2009-01-01

Background Increasing the quantity and quality of data is a key goal of biodiversity informatics, leading to increased fitness for use in scientific research and beyond. This goal is impeded by a legacy of geographic locality descriptions associated with biodiversity records that are often heterogeneous and not in a map-ready format. The biodiversity informatics community has developed best practices and tools that provide the means to do retrospective georeferencing (e.g., the BioGeomancer toolkit), a process that converts heterogeneous descriptions into geographic coordinates and a measurement of spatial uncertainty. Even with these methods and tools, data publishers are faced with the immensely time-consuming task of vetting georeferenced localities. Furthermore, it is likely that overlap in georeferencing effort is occurring across data publishers. Solutions are needed that help publishers more effectively georeference their records, verify their quality, and eliminate the duplication of effort across publishers. Results We have developed a tool called BioGeoBIF, which incorporates the high throughput and standardized georeferencing methods of BioGeomancer into a beginning-to-end workflow. Custodians who publish their data to the Global Biodiversity Information Facility (GBIF) can use this system to improve the quantity and quality of their georeferences. BioGeoBIF harvests records directly from the publishers' access points, georeferences the records using the BioGeomancer web-service, and makes results available to data managers for inclusion at the source. Using a web-based, password-protected, group management system for each data publisher, we leave data ownership, management, and vetting responsibilities with the managers and collaborators of each data set. We also minimize the georeferencing task, by combining and storing unique textual localities from all registered data access points, and dynamically linking that information to the password protected record information for each publisher. Conclusion We have developed one of the first examples of services that can help create higher quality data for publishers mediated through the Global Biodiversity Information Facility and its data portal. This service is one step towards solving many problems of data quality in the growing field of biodiversity informatics. We envision future improvements to our service that include faster results returns and inclusion of more georeferencing engines. PMID:19900299

Accuracy of vertical radial plume mapping technique in measuring lagoon gas emission

USDA-ARS?s Scientific Manuscript database

Recently, the U.S. Environmental Protection Agency (USEPA) posted a ground-based optical remote sensing method on its website called OTM 10 for measuring fugitive gas emission flux from area sources such as closed landfills. The OTM 10 utilizes the vertical radial plume mapping (VRPM) technique to c...

Taming Big Data: Using App Technology to Study Organizational Behavior on Social Media

ERIC Educational Resources Information Center

Bail, Christopher A.

2017-01-01

Social media websites such as Facebook and Twitter provide an unprecedented amount of qualitative data about organizations and collective behavior. Yet these new data sources lack critical information about the broader social context of collective behavior--or protect it behind strict privacy barriers. In this article, I introduce social media…

The Saint Louis River Idea-Slam crowd sourcing good ideas for the Saint Louis River

EPA Science Inventory

As part of the 2017 Saint Louis River Summit, we propose hosting an “Idea-Slam” using software originally developed by the U.S. Consumer Financial Protection Bureau. Idea-box is an open source online app/website used to collect and surface ideas from members of an or...

Cluster randomized controlled trial of a peer support program for people with diabetes: study protocol for the Australasian peers for progress study

PubMed Central

2012-01-01

Background Well managed diabetes requires active self-management in order to ensure optimal glycaemic control and appropriate use of available clinical services and other supports. Peer supporters can assist people with their daily diabetes self-management activities, provide emotional and social support, assist and encourage clinical care and be available when needed. Methods A national database of Australians diagnosed with type 2 diabetes is being used to invite people in pre-determined locations to participate in community-based peer support groups. Peer supporters are self-identified from these communities. All consenting participants receive diabetes self-management education and education manual prior to randomization by community to a peer support intervention or usual care. This multi-faceted intervention comprises four interconnected components for delivering support to the participants. (1) Trained supporters lead 12 monthly group meetings. Participants are assisted to set goals to improve diabetes self-management, discuss with and encourage each other to strengthen linkages with local clinical services (including allied health services) as well as provide social and emotional support. (2) Support through regular supporter-participant or participant-participant contact, between monthly sessions, is also promoted in order to maintain motivation and encourage self-improvement and confidence in diabetes self-management. (3) Participants receive a workbook containing diabetes information, resources and community support services, key diabetes management behaviors and monthly goal setting activity sheets. (4) Finally, a password protected website contains further resources for the participants. Supporters are mentored and assisted throughout the intervention by other supporters and the research team through attendance at a weekly teleconference. Data, including a self-administered lifestyle survey, anthropometric and biomedical measures are collected on all participants at baseline, 6 and 12 months. The primary outcome is change in cardiovascular disease risk using the UKPDS risk equation. Secondary outcomes include biomedical, quality of life, psychosocial functioning, and other lifestyle measures. An economic evaluation will determine whether the program is cost effective. Discussion This manuscript presents the protocol for a cluster randomized controlled trial of group-based peer support for people with type 2 diabetes in a community setting. Results from this trial will contribute evidence about the effectiveness of peer support in achieving effective self-management of diabetes. Trial registration number Australian New Zealand Clinical Trials Registry (ANZCTR); ACTRN12609000469213 PMID:23035666

Functionality and acceptability of a wireless fetal heart rate monitoring device in term pregnant women in rural Southwestern Uganda.

PubMed

Mugyenyi, Godfrey R; Atukunda, Esther C; Ngonzi, Joseph; Boatin, Adeline; Wylie, Blair J; Haberer, Jessica E

2017-06-08

Over 3 million stillbirths occur annually in sub Saharan Africa; most occur intrapartum and are largely preventable. The standard of care for fetal heart rate (FHR) assessment in most sub-Saharan African settings is a Pinard Stethoscope, limiting observation to one person, at one point in time. We aimed to test the functionality and acceptability of a wireless FHR monitor that could allow for expanded monitoring capacity in rural Southwestern Uganda. In a mixed method prospective study, we enrolled 1) non-laboring healthy term pregnant women to wear the device for 30 min and 2) non-study clinicians to observe its use. The battery-powered prototype uses Doppler technology to measure fetal cardiotocographs (CTG), which are displayed via an android device and wirelessly transmit to cloud storage where they are accessible via a password protected website. Prototype functionality was assessed by the ability to obtain and transmit a 30-min CTG. Three obstetricians independently rated CTGs for readability and agreement between raters was calculated. All participants completed interviews on acceptability. Fifty pregnant women and 7 clinicians were enrolled. 46 (92.0%) CTGs were successfully recorded and stored. Mean scores for readability were 4.71, 4.71 and 4.83 (out of 5) with high agreement (intra class correlation 0.84; 95% CI 0.74 to 0.91). All pregnant women reported liking or really liking the device, as well as high levels of comfort, flexibility and usefulness of the prototype; all would recommend it to others. Clinicians described the prototype as portable, flexible, easy-to-use and a time saver. Adequate education for clinicians and women also seemed to improve correct usage and minimise concerns on safety of the device. This prototype wireless FHR monitor functioned well in a low-resource setting and was found to be acceptable and useful to both pregnant women and clinicians. The device also seemed to have potential to improve the experience of the users compared with standard of care and expand monitoring capacity in settings where bulky, wired or traditional equipment are unreliable. Further research needs to investigate the potential impact and cost of such innovations to improve perinatal outcomes.

Exercise and Pulmonary Hypertension (PH)

MedlinePlus

... with PAH Consensus Statement Issued by the Scientific Leadership Council DISCLAIMER: This information is for general information ... on our new PHPN/PHCR or Support Group Leadership Institute portal? Reset your password here . Login Username ...

HEP Computing

Science.gov Websites

Domain (One password used for computer logins, e-mail logins, VPN, and many other internal Argonne web see this page.). NEW!! Click here for instructions on how to setup publickey (passwordless) logins to

75 FR 52394 - Privacy Act of 1974, as Amended

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-25

... Responsibilities for Maintaining Records About Individuals, dated February 8, 1996. The system notice is published..., DC and Fort Worth, Texas facilities. Desktop PCs are password controlled by users. Retention and...

High-Performance Secure Database Access Technologies for HEP Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Matthew Vranicar; John Weicher

2006-04-17

The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysismore » capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the secure authorization is pushed into the database engine will eliminate inefficient data transfer bottlenecks. Furthermore, traditionally separated database and security layers provide an extra vulnerability, leaving a weak clear-text password authorization as the only protection on the database core systems. Due to the legacy limitations of the systems’ security models, the allowed passwords often can not even comply with the DOE password guideline requirements. We see an opportunity for the tight integration of the secure authorization layer with the database server engine resulting in both improved performance and improved security. Phase I has focused on the development of a proof-of-concept prototype using Argonne National Laboratory’s (ANL) Argonne Tandem-Linac Accelerator System (ATLAS) project as a test scenario. By developing a grid-security enabled version of the ATLAS project’s current relation database solution, MySQL, PIOCON Technologies aims to offer a more efficient solution to secure database access.« less

Tardive Dyskinesia

MedlinePlus

... Search form Sorry, we didn't find an account with that username and password. Please try again. Close Sign In to myNAMI signin form Forgot Sign In Create an Account Logging in... Learn More Find Support Get Involved ...

Lung Transplantation in Patients with Pulmonary Hypertension

MedlinePlus

... Pulmonary Hypertension Consensus Statements Issued by the Scientific Leadership Council Download & Print PDF DISCLAIMER: This information is ... on our new PHPN/PHCR or Support Group Leadership Institute portal? Reset your password here . Login Username ...

Cerebral and Sinus Vein Thrombosis

MedlinePlus

... Disclosures Footnotes References Figures & Tables Info & Metrics eLetters Article Tools Print Citation Tools Cerebral and Sinus Vein ... Remember my user name & password. Submit Share this Article Email Thank you for your interest in spreading ...

Screening for Peripheral Artery Disease

MedlinePlus

... Disclosures Acknowledgments Footnotes Figures & Tables Info & Metrics eLetters Article Tools Print Citation Tools Screening for Peripheral Artery ... Remember my user name & password. Submit Share this Article Email Thank you for your interest in spreading ...

HEP Computing

Science.gov Websites

Service Request Password Help New Users Back to HEP Computing Mail-Migration Procedure on Linux Mail -Migration Procedure on Windows How to Migrate a Folder to GMail using Pine U.S. Department of Energy The

Find a Physical Medicine & Rehabilitation Physician

MedlinePlus

... password Create a new account American Academy of Physical Medicine and Rehabilitation 9700 W. Bryn Mawr Ave ... Physiatry About Physiatry History of the Specialty About Physical Medicine and Rehabilitation Find a PM&R Physician ...

American Association on Intellectual and Developmental Disabilities

MedlinePlus

... Password Education Webinars Annual Conference 2018 Call for Papers SECP Opportunities Exhibits and Sponsorship Hotel & Travel Registration ... Material Transition Planning SIS-A SIS-C White Papers International SIS Use Order SIS-A Contact Us ...

Society of NeuroInterventional Surgery

MedlinePlus

... Find A Doctor / In the News / SNIS Foundation / Login Membership Login Join Today SNIS Connect Getting Started on SNIS ... SNIS Members Area Remember Me > Forget your password? > Login > Not a Member? SNIS Foundation > SNIS Foundation Publications ...

Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schaffner, Christian

2010-09-15

We present simple protocols for oblivious transfer and password-based identification which are secure against general attacks in the noisy-quantum-storage model as defined in R. Koenig, S. Wehner, and J. Wullschleger [e-print arXiv:0906.1030]. We argue that a technical tool from Koenig et al. suffices to prove security of the known protocols. Whereas the more involved protocol for oblivious transfer from Koenig et al. requires less noise in storage to achieve security, our ''canonical'' protocols have the advantage of being simpler to implement and the security error is easier control. Therefore, our protocols yield higher OT rates for many realistic noise parameters.more » Furthermore, a proof of security of a direct protocol for password-based identification against general noisy-quantum-storage attacks is given.« less

Run-length encoding graphic rules, biochemically editable designs and steganographical numeric data embedment for DNA-based cryptographical coding system.

PubMed

Kawano, Tomonori

2013-03-01

There have been a wide variety of approaches for handling the pieces of DNA as the "unplugged" tools for digital information storage and processing, including a series of studies applied to the security-related area, such as DNA-based digital barcodes, water marks and cryptography. In the present article, novel designs of artificial genes as the media for storing the digitally compressed data for images are proposed for bio-computing purpose while natural genes principally encode for proteins. Furthermore, the proposed system allows cryptographical application of DNA through biochemically editable designs with capacity for steganographical numeric data embedment. As a model case of image-coding DNA technique application, numerically and biochemically combined protocols are employed for ciphering the given "passwords" and/or secret numbers using DNA sequences. The "passwords" of interest were decomposed into single letters and translated into the font image coded on the separate DNA chains with both the coding regions in which the images are encoded based on the novel run-length encoding rule, and the non-coding regions designed for biochemical editing and the remodeling processes revealing the hidden orientation of letters composing the original "passwords." The latter processes require the molecular biological tools for digestion and ligation of the fragmented DNA molecules targeting at the polymerase chain reaction-engineered termini of the chains. Lastly, additional protocols for steganographical overwriting of the numeric data of interests over the image-coding DNA are also discussed.

US Astronomers Access to SIMBAD in Strasbourg

NASA Technical Reports Server (NTRS)

Oliversen, Ronald (Technical Monitor); Eichhorn, Guenther

2004-01-01

During the last year the US SIMBAD Gateway Project continued to provide services like user registration to the US users of the SIMBAD database in France. Currently there are over 4500 US users registered. We also provided user support by answering questions from users and handling requests for lost passwords when still necessary. Even though almost all users now access SIMBAD without a password, based on hostnames/IP addresses, there are still some users that need individual passwords. We continued to maintain the mirror copy of the SIMBAD database on a server at SAO. This allows much faster access for the US users. During the past year we again moved this mirror to a faster server to improve access for the US users. We again supported a demonstration of the SIMBAD database at the meeting of the American Astronomical Society in January. We provided support for the demonstration activities at the SIMBAD booth. We paid part of the fee for the SIMBAD demonstration. We continued to improve the cross-linking between the SIMBAD project and the Astrophysics Data System. This cross-linking between these systems is very much appreciated by the users of both the SIMBAD database and the ADS Abstract Service. The mirror of the SIMBAD database at SA0 makes this connection faster for the US astronomers. We exchange information between the ADS and SIMBAD on a daily basis. During the last year we also installed a mirror copy of the Vizier system from the CDS, in addition to the SIMBAD mirror.

Analysis of the Argonne distance tabletop exercise method.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tanzman, E. A.; Nieves, L. A.; Decision and Information Sciences

2008-02-14

The purpose of this report is to summarize and evaluate the Argonne Distance Tabletop Exercise (DISTEX) method. DISTEX is intended to facilitate multi-organization, multi-objective tabletop emergency response exercises that permit players to participate from their own facility's incident command center. This report is based on experience during its first use during the FluNami 2007 exercise, which took place from September 19-October 17, 2007. FluNami 2007 exercised the response of local public health officials and hospitals to a hypothetical pandemic flu outbreak. The underlying purpose of the DISTEX method is to make tabletop exercising more effective and more convenient for playingmore » organizations. It combines elements of traditional tabletop exercising, such as scenario discussions and scenario injects, with distance learning technologies. This distance-learning approach also allows playing organizations to include a broader range of staff in the exercise. An average of 81.25 persons participated in each weekly webcast session from all playing organizations combined. The DISTEX method required development of several components. The exercise objectives were based on the U.S. Department of Homeland Security's Target Capabilities List. The ten playing organizations included four public health departments and six hospitals in the Chicago area. An extent-of-play agreement identified the objectives applicable to each organization. A scenario was developed to drive the exercise over its five-week life. Weekly problem-solving task sets were designed to address objectives that could not be addressed fully during webcast sessions, as well as to involve additional playing organization staff. Injects were developed to drive play between webcast sessions, and, in some cases, featured mock media stories based in part on player actions as identified from the problem-solving tasks. The weekly 90-minute webcast sessions were discussions among the playing organizations that were moderated by a highly-qualified public health physician, who reviewed key scenario developments and player actions, as well as solicited input from each playing organization. The exercise control structure included trusted agents who oversaw exercise planning, playing organization points of contact to ensure exercise coordination, and exercise controller/evaluators to initiate and oversee exercise play. A password-protected exercise website was designed for FluNami 2007 to serve as a compartmentalized central information source, and for transmitting exercise documents. During the course of FluNami 2007, feedback on its quality was collected from players and controller/evaluators. Player feedback was requested at the conclusion of each webcast, upon completion of each problem-solving task, and on October 17, 2007, after the final webcast session had ended. The overall average score given to FluNami 2008 by the responding players was 3.9 on a five-point scale. In addition, suggestions for improving the process were provided by Argonne controller/evaluators after the exercise concluded. A series of recommendations was developed based on feedback from the players and controller/evaluators. These included improvements to the exercise scope and objectives, the problem-solving tasks, the scenarios, exercise control, the webcast sessions, the exercise website, and the player feedback process.« less

eMental Health Experiences and Expectations: A Survey of Youths' Web-Based Resource Preferences in Canada

PubMed Central

Mar, Marissa Y; Neilson, Erika K; Werker, Gregory R; Krausz, Michael

2014-01-01

Background Due to the high prevalence of psychological disorders and the lack of access to care among Canadian youth, the development of accessible services is increasingly important. eMental Health is an expanding field that may help to meet this need through the provision of mental health care using technology. Objective The primary goals of the study are to explore youth experiences with traditional and online mental health resources, and to investigate youth expectations for mental health websites. Methods A Web-based survey containing quantitative and qualitative questions was delivered to youth aged 17-24 years. Participants were surveyed to evaluate their use of mental health resources as well as their preferences for various components of a potential mental health website. Results A total of 521 surveys were completed. Most participants (61.6%, 321/521) indicated that they had used the Internet to seek information or help for feelings they were experiencing. If they were going through a difficult time, 82.9% (432/521) of participants were either “somewhat likely” or “very likely” to use an information-based website and 76.8% (400/521) reported that they were either “somewhat unlikely” or “very unlikely” to visit social media websites for information or help-seeking purposes during this time. Most (87.7%, 458/521) participants rated their online privacy as very important. Descriptions of interventions and treatments was the most highly rated feature to have in a mental health-related website, with 91.9% (479/521) of participants regarding it as “important” or “very important”. When presented a select list of existing Canadian mental health-related websites, most participants had not accessed any of the sites. Of the few who had, the Canadian Mental Health Association website was the most accessed website (5.8%, 30/521). Other mental health-related websites were accessed by only 10.9% of the participants (57/521). Conclusions The findings suggest that despite interest in these tools, current eMental Health resources either do not meet the needs of or are not widely accessed by youth with mental health problems. In order to improve access to these resources for Canadian youth, Web-based platforms should provide information about mental health problems, support for these problems (peer and professional), and information about resources (self-help as well as ability to locate nearby resources), while protecting the privacy of the user. These findings will not only assist in the development of new mental health platforms but may also help improve existing ones. PMID:25519847

eMental health experiences and expectations: a survey of youths' Web-based resource preferences in Canada.

PubMed

Wetterlin, Felicia M; Mar, Marissa Y; Neilson, Erika K; Werker, Gregory R; Krausz, Michael

2014-12-17

Due to the high prevalence of psychological disorders and the lack of access to care among Canadian youth, the development of accessible services is increasingly important. eMental Health is an expanding field that may help to meet this need through the provision of mental health care using technology. The primary goals of the study are to explore youth experiences with traditional and online mental health resources, and to investigate youth expectations for mental health websites. A Web-based survey containing quantitative and qualitative questions was delivered to youth aged 17-24 years. Participants were surveyed to evaluate their use of mental health resources as well as their preferences for various components of a potential mental health website. A total of 521 surveys were completed. Most participants (61.6%, 321/521) indicated that they had used the Internet to seek information or help for feelings they were experiencing. If they were going through a difficult time, 82.9% (432/521) of participants were either "somewhat likely" or "very likely" to use an information-based website and 76.8% (400/521) reported that they were either "somewhat unlikely" or "very unlikely" to visit social media websites for information or help-seeking purposes during this time. Most (87.7%, 458/521) participants rated their online privacy as very important. Descriptions of interventions and treatments was the most highly rated feature to have in a mental health-related website, with 91.9% (479/521) of participants regarding it as "important" or "very important". When presented a select list of existing Canadian mental health-related websites, most participants had not accessed any of the sites. Of the few who had, the Canadian Mental Health Association website was the most accessed website (5.8%, 30/521). Other mental health-related websites were accessed by only 10.9% of the participants (57/521). The findings suggest that despite interest in these tools, current eMental Health resources either do not meet the needs of or are not widely accessed by youth with mental health problems. In order to improve access to these resources for Canadian youth, Web-based platforms should provide information about mental health problems, support for these problems (peer and professional), and information about resources (self-help as well as ability to locate nearby resources), while protecting the privacy of the user. These findings will not only assist in the development of new mental health platforms but may also help improve existing ones.

A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems.

PubMed

Das, Ashok Kumar

2015-03-01

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user authentication schemes have been proposed in the literature for TMIS. However, most of them are either insecure against various known attacks or they are inefficient. Recently, Tan proposed an efficient user anonymity preserving three-factor authentication scheme for TMIS. In this paper, we show that though Tan's scheme is efficient, it has several security drawbacks such as (1) it fails to provide proper authentication during the login phase, (2) it fails to provide correct updation of password and biometric of a user during the password and biometric update phase, and (3) it fails to protect against replay attack. In addition, Tan's scheme lacks the formal security analysis and verification. Later, Arshad and Nikooghadam also pointed out some security flaws in Tan's scheme and then presented an improvement on Tan's s scheme. However, we show that Arshad and Nikooghadam's scheme is still insecure against the privileged-insider attack through the stolen smart-card attack, and it also lacks the formal security analysis and verification. In order to withstand those security loopholes found in both Tan's scheme, and Arshad and Nikooghadam's scheme, we aim to propose an effective and more secure three-factor remote user authentication scheme for TMIS. Our scheme provides the user anonymity property. Through the rigorous informal and formal security analysis using random oracle models and the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, we show that our scheme is secure against various known attacks, including the replay and man-in-the-middle attacks. Furthermore, our scheme is also efficient as compared to other related schemes.

76 FR 63251 - Revisions to Federal Implementation Plans To Reduce Interstate Transport of Fine Particulate...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-12

... Matter and Ozone AGENCY: Environmental Protection Agency (EPA). ACTION: Announcement of public hearing... Ozone'', which was signed on October 6, 2011 and posted on EPA's website on October 6, 2011. The hearing... Particulate Matter and Ozone and Correction of SIP Approvals). EPA is proposing to amend the assurance penalty...

Interactive Tailored Website to Promote Sun Protection and Skin Self-Check Behaviors in Patients With Stage 0-III Melanoma

ClinicalTrials.gov

2017-11-15

Stage 0 Skin Melanoma; Stage I Skin Melanoma; Stage IA Skin Melanoma; Stage IB Skin Melanoma; Stage II Skin Melanoma; Stage IIA Skin Melanoma; Stage IIB Skin Melanoma; Stage IIC Skin Melanoma; Stage III Skin Melanoma; Stage IIIA Skin Melanoma; Stage IIIB Skin Melanoma; Stage IIIC Skin Melanoma

Cyberbullying: What Parents Can Do to Protect Their Children

ERIC Educational Resources Information Center

PACER Center, 2013

2013-01-01

If the word "bullying" makes you think of one child picking on another in the schoolyard, it is time to update your image of how students bully. While the face-to-face harassment certainly still exists, new ways of bullying have emerged. With the easy access to cell phones, instant messaging, mobile devices, social networking websites,…

Mitigating the Risk of Environmental Hazards in Mexico

DTIC Science & Technology

2011-10-28

consultant reports, country data, media reports, medical studies, government websites, environmental data, and Congressional testimony. iv... medications , immunizations, or personal protective equipment). DoD Instruction Number 6490.03, dated August 2006, states the objective is “to...complexity, with the potential for tragic medical outcomes in the absence of a risk mitigation strategy. 8 EXPOSURES DURING PAST DEPLOYMENTS

National Association of Pediatric Nurse Practitioners

MedlinePlus

... Your Source for Pediatric CE Check out PedsCE today! P resident's Message PedsCE SM NAPNAP Partners for ... Log in Forgot Username/Password | Join JOIN NAPNAP TODAY! Become a Member Corporate Circle Members See All ...

Sleeping Pills for Insomnia: Which Ones Work Best?

MedlinePlus

... Student Debt Special Report All Money More on Money Best & Worst Banks According to Consumer Reports Members ... 333-0663 Join Consumer Reports Basic Membership is FREE. Show Password By clicking "Become a Member" you ...

Rethinking Defensive Information Warfare

DTIC Science & Technology

2004-06-01

Countless studies, however, have demonstrated the weakness in this system.15 The tension between easily remembered passwords and suffi...vulnerabilities Undiscovered flaws The patch model for Internet security has failed spectacularly. Caida , 2004 Signature-Based Defense Anti virus, intrusion

Sharing with More Caring: Coordinating and Improving the Ethical Governance of Data and Biomaterials Obtained from Children.

PubMed

Longstaff, Holly; Khramova, Vera; Portales-Casamar, Elodie; Illes, Judy

2015-01-01

Research on complex health conditions such as neurodevelopmental disorders increasingly relies on large-scale research and clinical studies that would benefit from data sharing initiatives. Organizations that share data stand to maximize the efficiency of invested research dollars, expedite research findings, minimize the burden on the patient community, and increase citation rates of publications associated with the data. This study examined ethics and governance information on websites of databases involving neurodevelopmental disorders to determine the availability of information on key factors crucial for comprehension of, and trust and participation in such initiatives. We identified relevant databases identified using online keyword searches. Two researchers reviewed each of the websites and identified thematic content using principles from grounded theory. The content for each organization was interrogated using the gap analysis method. Sixteen websites from data sharing organizations met our inclusion criteria. Information about types of data and tissues stored, data access requirements and procedures, and protections for confidentiality were significantly addressed by data sharing organizations. However, special considerations for minors (absent from 63%), controls to check if data and tissues are being submitted (absent from 81%), disaster recovery plans (absent from 81%), and discussions of incidental findings (absent from 88%) emerged as major gaps in thematic website content. When present, content pertaining to special considerations for youth, along with other ethics guidelines and requirements, were scattered throughout the websites or available only from associated documents accessed through live links. The complexities of sharing data acquired from children and adolescents will only increase with advances in genomic and neuro science. Our findings suggest that there is a need to improve the consistency, depth and accessibility of governance and policies on which these collaborations can lean specifically for vulnerable young populations.

Best practices for online Canadian prenatal health promotion: A public health approach.

PubMed

Chedid, Rebecca A; Terrell, Rowan M; Phillips, Karen P

2017-11-04

Prenatal health promotion provides information regarding pregnancy risks, protective behaviours and clinical and community resources. Typically, women obtain prenatal health information from health care providers, prenatal classes, peers/family, media and increasingly, Internet sites and mobile apps. Barriers to prenatal health promotion and related services include language, rural/remote location, citizenship and disability. Online public health platforms represent the capacity to reach underserved women and can be customised to address the needs of a heterogeneous population of pregnant women. Canadian government-hosted websites and online prenatal e-classes were evaluated to determine if accessible, inclusive, comprehensive and evidence-based prenatal health promotion was provided. Using a multijurisdictional approach, federal, provincial/territorial, municipal and public health region-hosted websites, along with affiliated prenatal e-classes, were evaluated based on four criteria: comprehensiveness, evidence-based information, accessibility and inclusivity. Online prenatal e-classes, federal, provincial/territorial and public health-hosted websites generally provided comprehensive and evidence-based promotion of essential prenatal topics, in contrast to municipal-hosted websites which provided very limited prenatal health information. Gaps in online prenatal health promotion were identified as lack of French and multilingual content, targeted information and representations of Indigenous peoples, immigrants and women with disabilities. Canadian online prenatal health promotion is broadly comprehensive and evidence-based, but fails to address the needs of non-Anglophones and represent the diverse population of Canadian pregnant women. It is recommended that agencies enhance the organisation of website pregnancy portals/pages and collaborate with other jurisdictions and community groups to ensure linguistically accessible, culturally-competent and inclusive prenatal online resources. Copyright © 2017 Australian College of Midwives. All rights reserved.

The feasibility of e-learning as a quality improvement tool.

PubMed

Kobewka, Daniel; Backman, Chantal; Hendry, Paul; Hamstra, Stanley J; Suh, Kathryn N; Code, Catherine; Forster, Alan J

2014-10-01

Many quality problems exist in health care. We aim to investigate the feasibility and acceptability of using e-learning (defined as computer-based learning modules) to address gaps in quality of care. We performed a qualitative evaluation of participants in a pilot e-learning program. Physician members of six medical teaching units (MTUs) at a multi-site tertiary care teaching hospital were asked to complete two e-learning modules addressing hand hygiene practices and management of community-acquired pneumonia (CAP). An e-learning design team created online modules that were made available to members of the six MTUs for 4 weeks using a password secured website. Use of the modules was voluntary. Participants' perceptions of module content, mode of delivery, and suggestions for improvement were determined through focus groups. We then performed content analysis on the transcripts. We used system data to define patterns of module access. Out of 55 eligible users, 30 (55%) logged onto the system at least once. Residents (14/30, 47%) were less likely to use the system than medical students (9/14, 64%) and attending staff (7/11, 64%). Learners at all levels thought the modules were easy to use. Participants liked the knowledge-based material in the CAP module because it directly applied to their work. There were less favourable opinions of the hand hygiene module Generating e-learning modules targeted at gaps in quality of care is feasible and acceptable to learners. Future studies should assess whether these approaches lead to desired changes in behavior. © 2014 John Wiley & Sons, Ltd.

Chemists, Access, Statistics

NASA Astrophysics Data System (ADS)

Holmes, Jon L.

2000-06-01

New JCE Internet Feature at JCE Online Biographical Snapshots of Famous Chemists is a new JCE Internet feature on JCE Online. Edited by Barbara Burke, this feature provides biographical information on leading chemists, especially women and minority chemists, fostering the attitude that the practitioners of chemistry are as human as those who endeavor to learn about it. Currently, the column features biographical "snapshots" of 30 chemists. Each snapshot includes keywords and bibliography and several contain links to additional online information about the chemist. More biographical snapshots will appear in future installments. In addition, a database listing over 140 women and minority chemists is being compiled and will be made available online with the snapshots in the near future. The database includes the years of birth and death, gender and ethnicity, major and minor discipline, keywords to facilitate searching, and references to additional biographical information. We welcome your input into what we think is a very worthwhile resource. If you would like to provide additional biographical snapshots, see additional chemists added to the database, or know of additional references for those that are already in the database, please contact JCE Online or the feature editor. Your feedback is welcome and appreciated. You can find Biographical Snapshots of Famous Chemists starting from the JCE Online home page-- click the Features item under JCE Internet and then the Chemist Bios item. Access JCE Online without Name and Password We have recently been swamped by libraries requesting IP-number access to JCE Online. With the great benefit IP-number authentication gives to librarians (no user names and passwords to administer) and to their patrons (no need to remember and enter valid names and passwords) this is not surprising. If you would like access to JCE Online without the need to remember and enter a user name and password, you should tell your librarian about our IP-number access. Current subscriptions can be upgraded to IP-number access at little additional cost. We are pleased to be able to offer to institutions and libraries this convenient mode of access to subscriber only resources at JCE Online. JCE Online Usage Statistics We are continually amazed by the activity at JCE Online. So far, the year 2000 has shown a marked increase. Given the phenomenal overall growth of the Internet, perhaps our surprise is not warranted. However, during the months of January and February 2000, over 38,000 visitors requested over 275,000 pages. This is a monthly increase of over 33% from the October-December 1999 levels. It is good to know that people are visiting, but we would very much like to know what you would most like to see at JCE Online. Please send your suggestions to JCEOnline@chem.wisc.edu. For those who are interested, JCE Online year-to-date statistics are available. Biographical Snapshots of Famous Chemists: Mission Statement Feature Editor: Barbara Burke Chemistry Department, California State Polytechnic University-Pomona, Pomona, CA 91768 phone: 909/869-3664 fax: 909/869-4616 email: baburke@csupomona.edu The primary goal of this JCE Internet column is to provide information about chemists who have made important contributions to chemistry. For each chemist, there is a short biographical "snapshot" that provides basic information about the person's chemical work, gender, ethnicity, and cultural background. Each snapshot includes links to related websites and to a biobibliographic database. The database provides references for the individual and can be searched through key words listed at the end of each snapshot. All students, not just science majors, need to understand science as it really is: an exciting, challenging, human, and creative way of learning about our natural world. Investigating the life experiences of chemists can provide a means for students to gain a more realistic view of chemistry. In addition students, especially women and minorities, need more scientist role models. When teachers weave biographical information into their conceptual lectures, they are using an effective pedagogical tool that will enhance students' understanding of chemical facts. Linking chemical ideas to real people provides a stronger infrastructure than facts alone: students need more than just the facts--they need to know the stories of the people behind the "magic". Without these stories, our students miss the wonderful, exciting, human side of our chemical sciences. Acknowledgments National Science Foundation, Alliance for Minority Progress Grant (HRD 9353276); Chemical Heritage Foundation, Philadelphia, PA; Huntington Library, San Marino, CA.

American Society of Nuclear Cardiology

MedlinePlus

... Society of Nuclear Cardiology Career Center Search for jobs. Post a resume or job. Member Login Enter Forgot your password? Meetings & Events ... Extended! Missed ASNC2017? Save $100 -Order Meeting On Demand by Oct. 31 Wednesday, October 25, 2017 admin ...

75 FR 27313 - Procurement List; Additions and Deletions

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-14

... AES Encryption NSN: 7045-01-558-4989--512MB. NSN: 7045-01-558-4990--USB Flash Drive. NPA: North...--1 GB, no encryption. NSN: 7045-01-568-4207--1GB, with encryption. USB Flash Drive with Password...

Guidelines for Network Security in the Learning Environment.

ERIC Educational Resources Information Center

Littman, Marlyn Kemper

1996-01-01

Explores security challenges and practical approaches to safeguarding school networks against invasion. Highlights include security problems; computer viruses; privacy assaults; Internet invasions; building a security policy; authentication; passwords; encryption; firewalls; and acceptable use policies. (Author/LRW)

Family Life.

ERIC Educational Resources Information Center

Naturescope, 1986

1986-01-01

Focuses on various aspects of mammal family life ranging from ways different species are born to how different mammals are raised. Learning activities include making butter from cream, creating birth announcements for mammals, and playing a password game on family life. (ML)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, T.

SPI/U3.1 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Inspector Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, Tony

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Multi-factor authentication using quantum communication

DOEpatents

Hughes, Richard John; Peterson, Charles Glen; Thrasher, James T.; Nordholt, Jane E.; Yard, Jon T.; Newell, Raymond Thorson; Somma, Rolando D.

2018-02-06

Multi-factor authentication using quantum communication ("QC") includes stages for enrollment and identification. For example, a user enrolls for multi-factor authentication that uses QC with a trusted authority. The trusted authority transmits device factor information associated with a user device (such as a hash function) and user factor information associated with the user (such as an encrypted version of a user password). The user device receives and stores the device factor information and user factor information. For multi-factor authentication that uses QC, the user device retrieves its stored device factor information and user factor information, then transmits the user factor information to the trusted authority, which also retrieves its stored device factor information. The user device and trusted authority use the device factor information and user factor information (more specifically, information such as a user password that is the basis of the user factor information) in multi-factor authentication that uses QC.

SPI/U3.2. Security Profile Inspector for UNIX Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, A.

1994-08-01

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Centralized Authentication with Kerberos 5, Part I

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wachsmann, A

Account administration in a distributed Unix/Linux environment can become very complicated and messy if done by hand. Large sites use special tools to deal with this problem. I will describe how even very small installations like your three computer network at home can take advantage of the very same tools. The problem in a distributed environment is that password and shadow files need to be changed individually on each machine if an account change occurs. Account changes include: password change, addition/removal of accounts, name change of an account (UID/GID changes are a big problem in any case), additional or removedmore » login privileges to a (group of) computer(s), etc. In this article, I will show how Kerberos 5 solves the authentication problem in a distributed computing environment. A second article will describe a solution for the authorization problem.« less

A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Lin, Tsung-Hung; Wang, Ching-Cheng

2013-06-01

The integrated EPR information system supports convenient and rapid e-medicine services. A secure and efficient authentication scheme for the integrated EPR information system provides safeguarding patients' electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Wu et al. proposed an efficient password-based user authentication scheme using smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various malicious attacks. However, their scheme is still vulnerable to lost smart card and stolen verifier attacks. This investigation discusses these weaknesses and proposes a secure and efficient authentication scheme for the integrated EPR information system as alternative. Compared with related approaches, the proposed scheme not only retains a lower computational cost and does not require verifier tables for storing users' secrets, but also solves the security problems in previous schemes and withstands possible attacks.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

PubMed

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Making generic tutorials content specific: recycling evidence-based practice (EBP) tutorials for two disciplines.

PubMed

Jeffery, Keven M; Maggio, Lauren; Blanchard, Mary

2009-01-01

Librarians at the Boston University Medical Center constructed two interactive online tutorials, "Introduction to EBM" and "Formulating a Clinical Question (PICO)," for a Family Medicine Clerkship and then quickly repurposed the existing tutorials to support an Evidence-based Dentistry course. Adobe's ColdFusion software was used to populate the tutorials with course-specific content based on the URL used to enter each tutorial, and a MySQL database was used to collect student input. Student responses were viewable immediately by course faculty on a password-protected Web site. The tutorials ensured that all students received the same baseline training and allowed librarians to tailor a subsequent library skills workshop to student tutorial answers. The tutorials were well-received by the medical and dental schools and have been added to mandatory first-year Evidence-based Medicine (EBM) and Evidence-based Dentistry (EBD) courses, meaning that every medical and dental student at BUMC will be expected to complete these tutorials.

Placing Evidence-Based Interventions at the Fingertips of School Social Workers.

PubMed

Castillo, Humberto López; Rivers, Tommi; Randall, Catherine; Gaughan, Ken; Ojanen, Tiina; Massey, Oliver Tom; Burton, Donna

2016-07-01

Through a university-community collaborative partnership, the perceived needs of evidence-based practices (EBPs) among school social workers (SSWs) in a large school district in central Florida was assessed. A survey (response rate = 83.6%) found that although 70% of SSWs claim to use EBPs in their everyday practice, 40% do not know where to find them, which may partially explain why 78% of respondents claim to spend 1 to 4 h every week looking for adequate EBPs. From this needs assessment, the translational model was used to address these perceived needs. A systematic review of the literature found 40 tier 2 EBPs, most of which (23%) target substance use, abuse, and dependence. After discussion with academic and community partners, the stakeholders designed, discussed, and implemented a searchable, online, password-protected, interface of these tier 2 EBPs, named Evidence-Based Intervention Toolkit (eBIT). Lessons learned, future directions, and implications of this "one-stop shop" for behavioral health are discussed.

Placing Evidence-based Interventions at the Fingertips of School Social Workers

PubMed Central

Castillo, Humberto López; Rivers, Tommi; Randall, Catherine; Gaughan, Ken; Ojanen, Tiina; Massey, Oliver “Tom”; Burton, Donna

2015-01-01

Through a university-community collaborative partnership, the perceived needs of evidence-based practices (EBP) among school social workers (SSW) in a large school district in central Florida was assessed. A survey (response rate = 83.6%) found that although 70% of SSW claim to use EBP in their everyday practice, 40% do not know where to find them, which may partially explain why 78% of respondents claim to spend 1 to 4 hours every week looking for adequate EBP. From this needs assessment, the translational model was used to address these perceived needs. A systematic review of the literature found forty Tier 2 EBP, most of which (23%) target substance use, abuse, and dependence. After discussion with academic and community partners, the stakeholders designed, discussed, and implemented a searchable, online, password-protected, interface of these Tier 2 EBP, named eBIT (evidence-Based Intervention Toolkit). Lessons learned, future directions, and implications of this “one-stop shop” for behavioral health are discussed. PMID:26659382

USign--a security enhanced electronic consent model.

PubMed

Li, Yanyan; Xie, Mengjun; Bian, Jiang

2014-01-01

Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

A test of multiple hypotheses for the function of call sharing in female budgerigars, Melopsittacus undulatus

PubMed Central

Young, Anna M.; Cordier, Breanne; Mundry, Roger; Wright, Timothy F.

2014-01-01

In many social species group, members share acoustically similar calls. Functional hypotheses have been proposed for call sharing, but previous studies have been limited by an inability to distinguish among these hypotheses. We examined the function of vocal sharing in female budgerigars with a two-part experimental design that allowed us to distinguish between two functional hypotheses. The social association hypothesis proposes that shared calls help animals mediate affiliative and aggressive interactions, while the password hypothesis proposes that shared calls allow animals to distinguish group identity and exclude nonmembers. We also tested the labeling hypothesis, a mechanistic explanation which proposes that shared calls are used to address specific individuals within the sender–receiver relationship. We tested the social association hypothesis by creating four–member flocks of unfamiliar female budgerigars (Melopsittacus undulatus) and then monitoring the birds’ calls, social behaviors, and stress levels via fecal glucocorticoid metabolites. We tested the password hypothesis by moving immigrants into established social groups. To test the labeling hypothesis, we conducted additional recording sessions in which individuals were paired with different group members. The social association hypothesis was supported by the development of multiple shared call types in each cage and a correlation between the number of shared call types and the number of aggressive interactions between pairs of birds. We also found support for calls serving as a labeling mechanism using discriminant function analysis with a permutation procedure. Our results did not support the password hypothesis, as there was no difference in stress or directed behaviors between immigrant and control birds. PMID:24860236

Lawrence Livermore National Laboratory Environmental Report 2016

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rosene, Crystal

The purposes of the Environmental Report 2016 are to record LLNL’s compliance with environmental standards and requirements, describe LLNL’s environmental protection and remediation programs, and present the results of environmental monitoring. Specifically, the report discusses LLNL’s EMS; describes significant accomplishments in pollution prevention; presents the results of air, water, vegetation, and foodstuff monitoring; reports radiological doses from LLNL operations; summarizes LLNL’s activities involving special status wildlife, plants, and habitats; and describes the progress LLNL has made in remediating groundwater contamination. Environmental monitoring at LLNL, including analysis of samples and data, is conducted according to documented standard operating procedures. Duplicate samplesmore » are collected and analytical results are reviewed and compared to internal acceptance standards. This report is prepared for DOE by LLNL’s Environmental Functional Area (EFA). Submittal of the report satisfies requirements under DOE Order 231.1B, “Environment, Safety and Health Reporting,” and DOE Order 458.1, “Radiation Protection of the Public and Environment.” The report is distributed in electronic form and is available to the public at https://saer.llnl.gov/, the website for the LLNL annual environmental report. Previous LLNL annual environmental reports beginning with 1994 are also on the website.« less

Dual Diagnosis: Substance Abuse and Mental Illness

MedlinePlus

... Search form Sorry, we didn't find an account with that username and password. Please try again. Close Sign In to myNAMI signin form Forgot Sign In Create an Account Logging in... Learn More Find Support Get Involved ...

Patient's Guide to Recovery After Deep Vein Thrombosis or Pulmonary Embolism

MedlinePlus

... Information Disclosures Footnotes Figures & Tables Info & Metrics eLetters Article Tools Print Citation Tools A Patient’s Guide to ... Remember my user name & password. Submit Share this Article Email Thank you for your interest in spreading ...

Word Problem Wizardry.

ERIC Educational Resources Information Center

Cassidy, Jack

1991-01-01

Presents suggestions for teaching math word problems to elementary students. The strategies take into consideration differences between reading in math and reading in other areas. A problem-prediction game and four self-checking activities are included along with a magic password challenge. (SM)

Are we failing to communicate? Internet-based patient education materials and radiation safety.

PubMed

Hansberry, David R; Ramchand, Tekchand; Patel, Shyam; Kraus, Carl; Jung, Jin; Agarwal, Nitin; Gonzales, Sharon F; Baker, Stephen R

2014-09-01

Patients frequently turn to the Internet when seeking answers to healthcare related inquiries including questions about the effects of radiation when undergoing radiologic studies. We investigate the readability of online patient education materials concerning radiation safety from multiple Internet resources. Patient education material regarding radiation safety was downloaded from 8 different websites encompassing: (1) the Centers for Disease Control and Prevention, (2) the Environmental Protection Agency, (3) the European Society of Radiology, (4) the Food and Drug Administration, (5) the Mayo Clinic, (6) MedlinePlus, (7) the Nuclear Regulatory Commission, and (8) the Society of Pediatric Radiology. From these 8 resources, a total of 45 articles were analyzed for their level of readability using 10 different readability scales. The 45 articles had a level of readability ranging from 9.4 to the 17.2 grade level. Only 3/45 (6.7%) were written below the 10th grade level. No statistical difference was seen between the readability level of the 8 different websites. All 45 articles from all 8 websites failed to meet the recommendations set forth by the National Institutes of Health and American Medical Association that patient education resources be written between the 3rd and 7th grade level. Rewriting the patient education resources on radiation safety from each of these 8 websites would help many consumers of healthcare information adequately comprehend such material. Copyright © 2014. Published by Elsevier Ireland Ltd.

A Randomized Controlled Trial to Evaluate an Internet-Based Self-Management Program in Systemic Sclerosis.

PubMed

Khanna, Dinesh; Serrano, Jennifer; Berrocal, Veronica J; Silver, Richard M; Cuencas, Pedro; Newbill, Sharon L; Battyany, Josephine; Maxwell, Cynthia; Alore, Mary; Dyas, Laura; Riggs, Robert; Connolly, Kerri; Kellner, Saville; Fisher, Jody J; Bush, Erica; Sachdeva, Anjali; Evnin, Luke; Raisch, Dennis W; Poole, Janet L

2018-05-09

A pilot study showed that an internet-based self-management program improves self-efficacy in systemic sclerosis (SSc). The objective of the present study was to compare the internet-based self-management program to an educational book developed for people with SSc in measures of self-efficacy and other patient-reported outcomes. A 16-week randomized, controlled trial. Of the 267 participants who completed baseline questionnaires and were randomized to the intervention (internet) or control (book) condition, 123 (93%) in the internet and 124 (94%) in the control completed the 16-week RCT. The mean (SD) age of all participants was 53.7 (11.7) years, 91% were female, and 79.4% had some college or a higher degree. The mean (SD) disease duration after diagnosis of SSc was 8.97 (8.50) years. There were no statistical differences between the 2 groups for the primary outcome measure (PROMIS Self Efficacy Managing Symptoms: mean change of 0.35 in the internet group vs. 0.94 in control group, p=0.47) and secondary outcome measures, except the EQ5D visual analog scale (p=0.05). Internet group participants agreed that the self-management modules were of importance to them, the information was presented clearly, and the website was easy to use and at an appropriate reading level. Our RCT showed that the internet-based self-management website was not statistically superior to an educational patient-focused book in improving self-efficacy and other measures. The participants were enthusiastic for the content and presentation of the self-management website. This article is protected by copyright. All rights reserved. This article is protected by copyright. All rights reserved.

[How are the websites of pharmaceutical companies directed at users?].

PubMed

López Hidalgo, María Jesús; Aguado Gómez, Alicia; Sánchez Ruiz, Marceliana; García-Moreno Rodríguez, Gregoria; Alejandre Lázaro, Gemma

2010-05-01

To describe the content and structure of the websites of pharmaceutical companies (PC) with health information to patients. Descriptive, cross-sectional. health topics treated, and 9 sections: objectives and target population; editorial policy, authoring, updating of content, personal data protection, interactivity, accessibility, advertising labels. Internet. All PC websites with patient health information in Spanish. We studied 60 sites found. Most common: 19.3% neurology, mental health and 12% digestive diseases. Few specify the address of the person responsible for the site (51.7%), responsible for quality (10%) or the authors of the text (15%). Nearly 2/3 show the date of publication of content (66.7%), but only 13.3% updated. Privacy and data protection are mentioned in 65%, with only 28.3% allowing control of the use of personal data. Only 10% allow expressing doubts online and 1/3 of the sites have frequently asked questions. A total of 41.7% omitted to say their information does not replace medical advice. Educational materials (for children) can be downloaded in 11.7%. Almost all (93.3%) adapted their language to the recipient, but none are accessible to disabled people. The majority (86.7%) have the company logo on all pages. Only 16.7% are fronts for advertising, and only 9 sites have a quality seal (HONcode). Pages are designed to give superficial information on a disease than directly advertise a particular brand or active ingredient. However, their reliability has to be low due to the authors and sources of information being unknown. If Internet health information was truthful and backed up by authors or appropriate information sources, the Internet could well be a genuine health education tool. Copyright 2009 Elsevier España, S.L. All rights reserved.

Exploiting science? A systematic analysis of complementary and alternative medicine clinic websites' marketing of stem cell therapies.

PubMed

Murdoch, Blake; Zarzeczny, Amy; Caulfield, Timothy

2018-02-28

To identify the frequency and qualitative characteristics of stem cell-related marketing claims made on websites of clinics featuring common types of complementary and alternative medicine practitioners. The involvement of complementary and alternative medicine practitioners in the marketing of stem cell therapies and stem cell-related interventions is understudied. This research explores the extent to which they are involved and collaborate with medical professionals. This knowledge will help with identifying and evaluating potential policy responses to this growing market. Systematic website analysis. Global. US and English-language bias due to methodology. Representations made on clinic websites in relation to practitioner types, stem cell therapies and their targets, stem cell-related interventions. Statements about stem cell therapies relating to evidence of inefficacy, limited evidence of efficacy, general procedural risks, risks specific to the mode of therapy, regulatory status, experimental or unproven nature of therapy. Use of hype language (eg, language that exaggerates potential benefits). 243 websites offered stem cell therapies. Many websites advertised stem cell transplantation from multiple sources, such as adipose-derived (112), bone marrow-derived (100), blood-derived (28), umbilical cord-derived (26) and others. Plant stem cell-based treatments and products (20) were also advertised. Purposes for and targets of treatment included pain, physical injury, a wide range of diseases and illnesses, cosmetic concerns, non-cosmetic ageing, sexual enhancement and others. Medical doctors (130), chiropractors (53) and naturopaths (44) commonly work in the clinics we found to be offering stem cell therapies. Few clinic websites advertising stem cell therapies included important additional information, including statements about evidence of inefficacy (present on only 12.76% of websites), statements about limited evidence of efficacy (18.93%), statements of general risks (24.69%), statements of risks specific to the mode(s) of therapy (5.76%), statements as to the regulatory status of the therapies (30.86%) and statements that the therapy is experimental or unproven (33.33%). Hype language was noted (31.69%). Stem cell therapies and related interventions are marketed for a wide breadth of conditions and are being offered by complementary and alternative practitioners, often in conjunction with medical doctors. Consumer protection and truth-in-advertising regulation could play important roles in addressing misleading marketing practices in this area. © Article author(s) (or their employer(s) unless otherwise stated in the text of the article) 2018. All rights reserved. No commercial use is permitted unless otherwise expressly granted.

Penetrating ocular injuries in the home.

PubMed

Bhogal, G; Tomlins, P J; Murray, P I

2007-03-01

We studied the prevalence and aetiology of penetrating ocular injuries, in particular ones that were sustained whilst undertaking Do It Yourself (DIY) or gardening in the domestic environment. We also examined the extent of eye safety promotion in DIY stores and garden centres and on their websites. We conducted a case note review of patients who underwent surgery for penetrating ocular trauma between January 2000 and June 2004. Eight DIY stores and garden centres and 10 websites were visited and evaluated using standardized questions. Of the 85 patients identified, 35 (41.2%) patients had injuries that occurred in the home with 10 patients having visual acuities of <6/60 at final follow up. Accidents from DIY or gardening were the cause in 17 of 33 (51.5%) patients, with a failure to wear eye protection in all cases. Overall, DIY stores and garden centres were poor at promoting eye safety both in their stores and on their websites. The home is a frequent place for severe penetrating ocular injury, with highly popular pastimes such as DIY and gardening as common causes. As many of these injuries are preventable, additional safety information is essential to educate the public on the potential dangers of these pastimes.

Exploiting science? A systematic analysis of complementary and alternative medicine clinic websites’ marketing of stem cell therapies

PubMed Central

Murdoch, Blake; Zarzeczny, Amy; Caulfield, Timothy

2018-01-01

Objective To identify the frequency and qualitative characteristics of stem cell-related marketing claims made on websites of clinics featuring common types of complementary and alternative medicine practitioners. The involvement of complementary and alternative medicine practitioners in the marketing of stem cell therapies and stem cell-related interventions is understudied. This research explores the extent to which they are involved and collaborate with medical professionals. This knowledge will help with identifying and evaluating potential policy responses to this growing market. Design Systematic website analysis. Setting Global. US and English-language bias due to methodology. Main outcome measures Representations made on clinic websites in relation to practitioner types, stem cell therapies and their targets, stem cell-related interventions. Statements about stem cell therapies relating to evidence of inefficacy, limited evidence of efficacy, general procedural risks, risks specific to the mode of therapy, regulatory status, experimental or unproven nature of therapy. Use of hype language (eg, language that exaggerates potential benefits). Results 243 websites offered stem cell therapies. Many websites advertised stem cell transplantation from multiple sources, such as adipose-derived (112), bone marrow-derived (100), blood-derived (28), umbilical cord-derived (26) and others. Plant stem cell-based treatments and products (20) were also advertised. Purposes for and targets of treatment included pain, physical injury, a wide range of diseases and illnesses, cosmetic concerns, non-cosmetic ageing, sexual enhancement and others. Medical doctors (130), chiropractors (53) and naturopaths (44) commonly work in the clinics we found to be offering stem cell therapies. Few clinic websites advertising stem cell therapies included important additional information, including statements about evidence of inefficacy (present on only 12.76% of websites), statements about limited evidence of efficacy (18.93%), statements of general risks (24.69%), statements of risks specific to the mode(s) of therapy (5.76%), statements as to the regulatory status of the therapies (30.86%) and statements that the therapy is experimental or unproven (33.33%). Hype language was noted (31.69%). Conclusions Stem cell therapies and related interventions are marketed for a wide breadth of conditions and are being offered by complementary and alternative practitioners, often in conjunction with medical doctors. Consumer protection and truth-in-advertising regulation could play important roles in addressing misleading marketing practices in this area. PMID:29490963

Direct SSH Gateway Access to Peregrine | High Performance Computing |

Science.gov Websites

can access peregrine-ssh.nrel.gov, you must have: An active NREL HPC user account (see User Accounts ) An OTP Token (see One Time Password Tokens) Logging into peregrine-ssh.nrel.gov With your HPC account

75 FR 4526 - Privacy Act of 1974, System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-28

... address, country, work address, professional affiliations, age, gender, phone number, and other... of certain age groups, and analysis of differences between genders and region. The results of the..., title, role, company, country, age, gender, username, password, professional biographical information...

Computer Insecurity.

ERIC Educational Resources Information Center

Wilson, David L.

1994-01-01

College administrators recently appealed to students and faculty to change their computer passwords after security experts announced that tens of thousands had been stolen by computer hackers. Federal officials are investigating. Such attacks are not uncommon, but the most effective solutions are either inconvenient or cumbersome. (MSE)

21 CFR 1311.102 - Practitioner responsibilities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... the password or other knowledge factor, or biometric information, with any other person. The... hard token, knowledge factor, or biometric information may provide a basis for revocation or suspension... organization has found that the electronic prescription application records, stores, and transmits the...

21 CFR 1311.102 - Practitioner responsibilities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... the password or other knowledge factor, or biometric information, with any other person. The... hard token, knowledge factor, or biometric information may provide a basis for revocation or suspension... organization has found that the electronic prescription application records, stores, and transmits the...

21 CFR 1311.102 - Practitioner responsibilities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... the password or other knowledge factor, or biometric information, with any other person. The... hard token, knowledge factor, or biometric information may provide a basis for revocation or suspension... organization has found that the electronic prescription application records, stores, and transmits the...

21 CFR 1311.102 - Practitioner responsibilities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... the password or other knowledge factor, or biometric information, with any other person. The... hard token, knowledge factor, or biometric information may provide a basis for revocation or suspension... organization has found that the electronic prescription application records, stores, and transmits the...

A Study on the Interrelations between the Security-Related Antecedents of Customers' Online Trust

NASA Astrophysics Data System (ADS)

Peikari, Hamid Reza

Despite the wide attention of previous studies to explore the influence of different security-related factors on customers' online trust, the interrelations between such factors and their direct and indirect influences on customers' trust have been neglected. This study investigates the direct and indirect interrelations between the factors authentication, encryption, technical protection and externally provided assurances including third party security and privacy seals with customers' trust in the business-to-customer (B2C) environment. The data was collected from 238 respondents and after the test of reliability and validity of the scale, the hypotheses were tested using structural equation modeling. The results showed that customers' perception of encryption and authentication mechanisms implemented by a Website have a positive significant influence on their perceived technical protection while technical protection was found to significantly influence customers' trust to the Website. However, the analysis did not find any relation between the third party assurance and customers' trust, indicating that despite the high expenses companies involve to obtain such assurances from reputed third parties, such mechanisms and assurances do not have any direct or indirect significant influence on customers' trust; which raises questions on the value of such mechanisms .finally, after discussing the findings and implication of this study for both academic and business worlds, suggestions for future studies were made to have a better understanding of the dimensions of the interrelations between the security-related factors.

Servicemembers Civil Relief Act: Information on Mortgage Protections and Related Education Efforts

DTIC Science & Technology

2014-01-01

activities; legal assistance attorneys provide counseling; and a number of outreach media , such as publications and websites, are aimed at informing...to servicemembers. DOD and the Consumer Federation of America also conduct the Military Saves Campaign every year, a social marketing campaign to...theft, and insurance scams targeted at servicemembers and their families. DOD established its financial education partnerships by signing memorandums

Simple Benchmark Specifications for Space Radiation Protection

NASA Technical Reports Server (NTRS)

Singleterry, Robert C. Jr.; Aghara, Sukesh K.

2013-01-01

This report defines space radiation benchmark specifications. This specification starts with simple, monoenergetic, mono-directional particles on slabs and progresses to human models in spacecraft. This report specifies the models and sources needed to what the team performing the benchmark needs to produce in a report. Also included are brief descriptions of how OLTARIS, the NASA Langley website for space radiation analysis, performs its analysis.

76 FR 15895 - Approval and Promulgation of Implementation Plans and Designations of Areas for Air Quality...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-22

... consider to be CBI or otherwise protected. The http://www.regulations.gov website is an ``anonymous access... annual PM 2.5 NAAQS? A. Criteria B. Chattanooga Area Air Quality IV. What Is the effect of this action? V.... Does the Chattanooga area meet the annual PM 2.5 NAAQS? A. Criteria Today's rulemaking proposed to find...

Intratheater Airlift Functional Solution Analysis (FSA)

DTIC Science & Technology

2011-01-01

law as indicated in a notice appearing later in this work. This electronic representation of RAND intellectual property is provided for non ...commercial use only. Unauthorized posting of RAND electronic documents to a non -RAND website is prohibited. RAND electronic documents are protected under...1. REPORT DATE 2011 2. REPORT TYPE 3. DATES COVERED 00-00-2011 to 00-00-2011 4. TITLE AND SUBTITLE Intratheater Airlift Functional Solution

Environmental Report 2009

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gallegos, Gretchen M.; Bertoldo, Nicholas A.; Campbell, Christopher G.

The purposes of the Lawrence Livermore National Laboratory Environmental Report 2009 are to record Lawrence Livermore National Laboratory’s (LLNL’s) compliance with environmental standards and requirements, describe LLNL’s environmental protection and remediation programs, and present the results of environmental monitoring at the two LLNL sites—the Livermore site and Site 300. The report is prepared for the U.S. Department of Energy (DOE) by LLNL’s Environmental Protection Department. Submittal of the report satisfies requirements under DOE Order 231.1A, Environmental Safety and Health Reporting, and DOE Order 5400.5, Radiation Protection of the Public and Environment. The report is distributed electronically and is available atmore » https://saer.lln.gov/, the website for the LLNL annual environmental report. Previous LLNL annual environmental reports beginning in 1994 are also on the website. Some references in the electronic report text are underlined, which indicates that they are clickable links. Clicking on one of these links will open the related document, data workbook, or website that it refers to. The report begins with an executive summary, which provides the purpose of the report and an overview of LLNL’s compliance and monitoring results. The first three chapters provide background information: Chapter 1 is an overview of the location, meteorology, and hydrogeology of the two LLNL sites; Chapter 2 is a summary of LLNL’s compliance with environmental regulations; and Chapter 3 is a description of LLNL’s environmental programs with an emphasis on the Environmental Management System including pollution prevention. The majority of the report covers LLNL’s environmental monitoring programs and monitoring data for 2009: effluent and ambient air (Chapter 4); waters, including wastewater, storm water runoff, surface water, rain, and groundwater (Chapter 5); and terrestrial, including soil, sediment, vegetation, foodstuff, ambient radiation, and special status wildlife and plants (Chapter 6). Complete monitoring data, which are summarized in the body of the report, are provided in Appendix A. The remaining three chapters discuss the radiological impact on the public from LLNL operations (Chapter 7), LLNL’s groundwater remediation program (Chapter 8), and quality assurance for the environmental monitoring programs (Chapter 9).« less

Surfing for mouth guards: assessing quality of online information.

PubMed

Magunacelaya, Macarena B; Glendor, Ulf

2011-10-01

The Internet is an easily accessible and commonly used source of health-related information, but evaluations of the quality of this information within the dental trauma field are still lacking. The aims of this study are (i) to present the most current scientific knowledge regarding mouth guards used in sport activities, (ii) to suggest a scoring system to evaluate the quality of information pertaining to mouth guard protection related to World Wide Web sites and (iii) to employ this scoring system when seeking reliable mouth guard-related websites. First, an Internet search using the keywords 'athletic injuries/prevention and control' and 'mouth protector' or 'mouth guards' in English was performed on PubMed, Cochrane, SvedMed+ and Web of Science to identify scientific knowledge about mouth guards. Second, an Internet search using the keywords 'consumer health information Internet', 'Internet information public health' and 'web usage-seeking behaviour' was performed on PubMed and Web of Science to obtain scientific articles seeking to evaluate the quality of health information on the Web. Based on the articles found in the second search, two scoring systems were selected. Then, an Internet search using the keywords 'mouth protector', 'mouth guards' and 'gum shields' in English was performed on the search engines Google, MSN and Yahoo. The websites selected were evaluated for reliability and accuracy. Of the 223 websites retrieved, 39 were designated valid and evaluated. Nine sites scored 22 or higher. The mean total score of the 39 websites was 14.2. Fourteen websites scored higher than the mean total score, and 25 websites scored less. The highest total score, presented by a Public Institution Web site (Health Canada), was 31 from a maximum possible score of 34, and the lowest score was 0. This study shows that there is a high amount of information about mouth guards on the Internet but that the quality of this information varies. It should be the responsibility of health care professionals to suggest and provide reliable Internet URL addresses to patients. In addition, an appropriate search terminology and search strategy should be made available to persons who want to search beyond the recommended sites. © 2011 John Wiley & Sons A/S.

HEP Computing

Science.gov Websites

Argonne National Laboratory High Energy Physics Division Windows Desktops Problem Report Service Request Password Help New Users Back to HEP Computing Email on ANL Exchange: See Windows Clients section (Outlook or Thunderbird recommended) Web Browsers: Web Browsers for Windows Desktops Software: Available

Safeguarding Databases Basic Concepts Revisited.

ERIC Educational Resources Information Center

Cardinali, Richard

1995-01-01

Discusses issues of database security and integrity, including computer crime and vandalism, human error, computer viruses, employee and user access, and personnel policies. Suggests some precautions to minimize system vulnerability such as careful personnel screening, audit systems, passwords, and building and software security systems. (JKP)

21 CFR 1311.102 - Practitioner responsibilities.

Code of Federal Regulations, 2010 CFR

2010-04-01

... not share the password or other knowledge factor, or biometric information, with any other person. The... hard token, knowledge factor, or biometric information may provide a basis for revocation or suspension... organization has found that the electronic prescription application records, stores, and transmits the...

US Gateway to SIMBAD Astronomical Database

NASA Technical Reports Server (NTRS)

Eichhorn, G.

1998-01-01

During the last year the US SIMBAD Gateway Project continued to provide services like user registration to the US users of the SIMBAD database in France. User registration is required by the SIMBAD project in France. Currently, there are almost 3000 US users registered. We also provide user support by answering questions from users and handling requests for lost passwords. We have worked with the CDS SIMBAD project to provide access to the SIMBAD database to US users on an Internet address basis. This will allow most US users to access SIMBAD without having to enter passwords. This new system was installed in August, 1998. The SIMBAD mirror database at SAO is fully operational. We worked with the CDS to adapt it to our computer system. We implemented automatic updating procedures that update the database and password files daily. This mirror database provides much better access to the US astronomical community. We also supported a demonstration of the SIMBAD database at the meeting of the American Astronomical Society in January. We shipped computer equipment to the meeting and provided support for the demonstration activities at the SIMBAD booth. We continued to improve the cross-linking between the SIMBAD project and the Astro- physics Data System. This cross-linking between these systems is very much appreciated by the users of both the SIMBAD database and the ADS Abstract Service. The mirror of the SIMBAD database at SAO makes this connection faster for the US astronomers. The close cooperation between the CDS in Strasbourg and SAO, facilitated by this project, is an important part of the astronomy-wide digital library initiative called Urania. It has proven to be a model in how different data centers can collaborate and enhance the value of their products by linking with other data centers.

Unconditional security from noisy quantum storage

NASA Astrophysics Data System (ADS)

Wehner, Stephanie

2010-03-01

We consider the implementation of two-party cryptographic primitives based on the sole physical assumption that no large-scale reliable quantum storage is available to the cheating party. An important example of such a task is secure identification. Here, Alice wants to identify herself to Bob (possibly an ATM machine) without revealing her password. More generally, Alice and Bob wish to solve problems where Alice holds an input x (e.g. her password), and Bob holds an input y (e.g. the password an honest Alice should possess), and they want to obtain the value of some function f(x,y) (e.g. the equality function). Security means that the legitimate users should not learn anything beyond this specification. That is, Alice should not learn anything about y and Bob should not learn anything about x, other than what they may be able to infer from the value of f(x,y). We show that any such problem can be solved securely in the noisy-storage model by constructing protocols for bit commitment and oblivious transfer, where we prove security against the most general attack. Our protocols can be implemented with present-day hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties. Our work raises a large number of immediate theoretical as well as experimental questions related to many aspects of quantum information science, such as for example understanding the information carrying properties of quantum channels and memories, randomness extraction, min-entropy sampling, as well as constructing small handheld devices which are suitable for the task of secure identification. [4pt] Full version available at arXiv:0906.1030 (theoretical) and arXiv:0911.2302 (practically oriented).

Evaluating authentication options for mobile health applications in younger and older adults

PubMed Central

Khan, Hassan; Hengartner, Urs; Ong, Stephanie; Logan, Alexander G.; Vogel, Daniel; Gebotys, Robert; Yang, Jilan

2018-01-01

Objective Apps promoting patient self-management may improve health outcomes. However, methods to secure stored information on mobile devices may adversely affect usability. We tested the reliability and usability of common user authentication techniques in younger and older adults. Methodology Usability testing was conducted in two age groups, 18 to 30 years and 50 years and older. After completing a demographic questionnaire, each participant tested four authentication options in random order: four-digit personal identification number (PIN), graphical password (GRAPHICAL), Android pattern-lock (PATTERN), and a swipe-style Android fingerprint scanner (FINGERPRINT). Participants rated each option using the Systems Usability Scale (SUS). Results A total of 59 older and 43 younger participants completed the study. Overall, PATTERN was the fastest option (3.44s), and PIN had the fewest errors per attempt (0.02). Participants were able to login using PIN, PATTERN, and GRAPHICAL at least 98% of the time. FINGERPRINT was the slowest (26.97s), had an average of 1.46 errors per attempt, and had a successful login rate of 85%. Overall, PIN and PATTERN had higher SUS scores than FINGERPRINT and GRAPHICAL. Compared to younger participants, older participants were also less likely to find PATTERN to be tiring, annoying or time consuming and less likely to consider PIN to be time consuming. Younger participants were more likely to rate GRAPHICAL as annoying, time consuming and tiring than older participants. Conclusions On mobile devices, PIN and pattern-lock outperformed graphical passwords and swipe-style fingerprints. All participants took longer to authenticate using the swipe-style fingerprint compared to other options. Older participants also took two to three seconds longer to authenticate using the PIN, pattern and graphical passwords though this did not appear to affect perceived usability. PMID:29300736

Evaluating authentication options for mobile health applications in younger and older adults.

PubMed

Grindrod, Kelly; Khan, Hassan; Hengartner, Urs; Ong, Stephanie; Logan, Alexander G; Vogel, Daniel; Gebotys, Robert; Yang, Jilan

2018-01-01

Apps promoting patient self-management may improve health outcomes. However, methods to secure stored information on mobile devices may adversely affect usability. We tested the reliability and usability of common user authentication techniques in younger and older adults. Usability testing was conducted in two age groups, 18 to 30 years and 50 years and older. After completing a demographic questionnaire, each participant tested four authentication options in random order: four-digit personal identification number (PIN), graphical password (GRAPHICAL), Android pattern-lock (PATTERN), and a swipe-style Android fingerprint scanner (FINGERPRINT). Participants rated each option using the Systems Usability Scale (SUS). A total of 59 older and 43 younger participants completed the study. Overall, PATTERN was the fastest option (3.44s), and PIN had the fewest errors per attempt (0.02). Participants were able to login using PIN, PATTERN, and GRAPHICAL at least 98% of the time. FINGERPRINT was the slowest (26.97s), had an average of 1.46 errors per attempt, and had a successful login rate of 85%. Overall, PIN and PATTERN had higher SUS scores than FINGERPRINT and GRAPHICAL. Compared to younger participants, older participants were also less likely to find PATTERN to be tiring, annoying or time consuming and less likely to consider PIN to be time consuming. Younger participants were more likely to rate GRAPHICAL as annoying, time consuming and tiring than older participants. On mobile devices, PIN and pattern-lock outperformed graphical passwords and swipe-style fingerprints. All participants took longer to authenticate using the swipe-style fingerprint compared to other options. Older participants also took two to three seconds longer to authenticate using the PIN, pattern and graphical passwords though this did not appear to affect perceived usability.

Compressive sensing using optimized sensing matrix for face verification

NASA Astrophysics Data System (ADS)

Oey, Endra; Jeffry; Wongso, Kelvin; Tommy

2017-12-01

Biometric appears as one of the solutions which is capable in solving problems that occurred in the usage of password in terms of data access, for example there is possibility in forgetting password and hard to recall various different passwords. With biometrics, physical characteristics of a person can be captured and used in the identification process. In this research, facial biometric is used in the verification process to determine whether the user has the authority to access the data or not. Facial biometric is chosen as its low cost implementation and generate quite accurate result for user identification. Face verification system which is adopted in this research is Compressive Sensing (CS) technique, in which aims to reduce dimension size as well as encrypt data in form of facial test image where the image is represented in sparse signals. Encrypted data can be reconstructed using Sparse Coding algorithm. Two types of Sparse Coding namely Orthogonal Matching Pursuit (OMP) and Iteratively Reweighted Least Squares -ℓp (IRLS-ℓp) will be used for comparison face verification system research. Reconstruction results of sparse signals are then used to find Euclidean norm with the sparse signal of user that has been previously saved in system to determine the validity of the facial test image. Results of system accuracy obtained in this research are 99% in IRLS with time response of face verification for 4.917 seconds and 96.33% in OMP with time response of face verification for 0.4046 seconds with non-optimized sensing matrix, while 99% in IRLS with time response of face verification for 13.4791 seconds and 98.33% for OMP with time response of face verification for 3.1571 seconds with optimized sensing matrix.

Mobile Device Management

DTIC Science & Technology

2012-01-01

password policies (or smart card authentication), disabling compo- nents of the operating system that were deemed unsafe, allowing users to only install...written nearly 100 applications for the iOS and Android platforms with over 1,500,000 downloads on iTunes and Google Play. CPT Braunstein is a

Employee, Retiree Resources

Science.gov Websites

Hire Payroll, Taxes Retirees Travel Verification of Employment Life at the Lab Career Stories Dual Careers Inclusion & Diversity Work-Life Balance Career Resources Apply for a Job Postdocs Students Employees (need password) Dual Career Services Educational Assistance, Scholarships Housing Life at the Lab

FloCon 2006 Proceedings

DTIC Science & Technology

2006-10-01

SNORT: KICKASS_PORN DRAGON: PORN HARDCORE SOURCEDEST SOURCE SOURCE SOURCE DEST DEST DEST DEST Stepping stone 51.251.22.183 Username password Sept...possibly initiates more DNS requests for media such as images and video . 7. Browser initiates more HTTP and/or FTP requests for media. Web Surfing in

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

PubMed

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Khan, Muhammad Tawab; Khan, Muhammad Khurram; Shon, Taeshik

2016-11-01

Recently several authentication schemes are proposed for telecare medicine information system (TMIS). Many of such schemes are proved to have weaknesses against known attacks. Furthermore, numerous such schemes cannot be used in real time scenarios. Because they assume a single server for authentication across the globe. Very recently, Amin et al. (J. Med. Syst. 39(11):180, 2015) designed an authentication scheme for secure communication between a patient and a medical practitioner using a trusted central medical server. They claimed their scheme to extend all security requirements and emphasized the efficiency of their scheme. However, the analysis in this article proves that the scheme designed by Amin et al. is vulnerable to stolen smart card and stolen verifier attacks. Furthermore, their scheme is having scalability issues along with inefficient password change and password recovery phases. Then we propose an improved scheme. The proposed scheme is more practical, secure and lightweight than Amin et al.'s scheme. The security of proposed scheme is proved using the popular automated tool ProVerif.

A user anonymity preserving three-factor authentication scheme for telecare medicine information systems.

PubMed

Tan, Zuowen

2014-03-01

The telecare medicine information system enables the patients gain health monitoring at home and access medical services over internet or mobile networks. In recent years, the schemes based on cryptography have been proposed to address the security and privacy issues in the telecare medicine information systems. However, many schemes are insecure or they have low efficiency. Recently, Awasthi and Srivastava proposed a three-factor authentication scheme for telecare medicine information systems. In this paper, we show that their scheme is vulnerable to the reflection attacks. Furthermore, it fails to provide three-factor security and the user anonymity. We propose a new three-factor authentication scheme for the telecare medicine information systems. Detailed analysis demonstrates that the proposed scheme provides mutual authentication, server not knowing password and freedom of password, biometric update and three-factor security. Moreover, the new scheme provides the user anonymity. As compared with the previous three-factor authentication schemes, the proposed scheme is more secure and practical.