DOCSLIB.ORG

Bachelor Thesis Master's Programme in Computer Science, 300 Credits

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bachelor Thesis Master's Programme in Computer Science, 300 Credits Bachelor Thesis Master's Programme in Computer Science, 300 credits EnterMedic, an E-health application for telemonitoring and health status feedback Development of a mobile healthcare tool and research about its usage in the field of E-health Computer Science and Engineering, 15 credits Halmstad 2020-06-07 Sebastian Larsson, Leif Sulaiman HALMSTAD UNIVERSITY Acknowledgements We want to start our thesis by thanking our supervisor Taha Khan who helped us immensely by making sure we got off on the right foot, providing us with knowledge about engineering combined with healthcare and answering any questions we had. Also, we would like to thank Cyrus Daneshmir, Roger Bergstrand and the development team of Entergate for helping us when we encountered issues, supplying us with endless amounts of coffee, for playing table tennis with us during their afternoon break and for keeping in touch with us during the rough times of the COVID19 outbreak. Regards, Sebastian Larsson & Leif Sulaiman Halmstad, Sweden 2020-05-10 i ii Abstract Digital tools are being implemented in every area of society. Digital healthcare, or E-health, is an area that is increasing in popularity with various mobile applications and online ser- vices available. Entergate, a company based in Halmstad, has developed a service called EnterMedic. It is a cloud service that collects data from patients through online question- naires. Once submitted, the service can directly forward data from these questionnaires to patient journals. EnterMedic also helps researchers with data to develop effective work methods in healthcare. The service was however limited to the web. This thesis consists of developing a mobile version of the service as it is more convenient to use compared to a web-based one and research contributing to what E-health applications can be used for. Interactivity is a desired feature for applications. EnterMedic will provide the users with feedback after questionnaire submissions, to help them track their state of health. Sammanfattning Digitala verktyg blir implementerade i alla omraden˚ av samhallet.¨ Digital halsov¨ ard,˚ eller E-halsa,¨ ar¨ ett omrade˚ som okar¨ i popularitet¨ med olika mobiltelefon applikationer och on- line tjanster¨ tillangliga.¨ Entergate, ett foretag¨ baserat i Halmstad, har utvecklat en tjanst¨ som heter EnterMedic. Det ar¨ en moln-tjanst¨ som samlar data fran˚ patienter genom online formular.¨ Nar¨ dessa skickas in kan tjansten¨ direkt vidarebefodra datan fran˚ formularen¨ till patient journaler. EnterMedic hjalper¨ aven¨ forskare med data for¨ att utveckla mer effek- tiva arbetsmetoder inom halsov¨ arden.˚ Tjansten¨ ar¨ dock begransad¨ till webben. Det har¨ examensarbetet bestar˚ av att utveckla en mobil version av tjansten¨ da˚ det ar¨ mer bekvamt¨ att anvanda¨ jamf¨ ort¨ med en webb-baserad tjanst¨ och forskning som bidrar till vad E-halsa¨ applikationer kan anvandas¨ for.¨ Interaktivitet ar¨ en onskad¨ funktion for¨ applikationer. En- terMedic kommer forse¨ anvandare¨ med aterkoppling˚ efter att ett formular¨ har skickats in, som i sin tur hjalper¨ dem folja¨ sitt halsotillst¨ and.˚ Keywords: Telemonitoring, E-health, Telehealth, Self Assessment Questionnaire, Digital Healthcare Tool, Healthcare Mobile Application, Cross-Platform iii iv Contents 1 Introduction 1 1.1 How EnterMedic works . 1 1.2 Purpose . 1 1.3 Problem specification . 2 1.4 Contributions . 3 1.5 Application specifications . 4 2 Background and theory 5 2.1 General . 5 2.2 Explanation of keywords . 5 2.2.1 Platform . 5 2.2.2 Cloud service . 6 2.2.3 Self assessment questionnaire . 6 2.2.4 Standard disease rating scales . 6 2.2.5 Telemonitoring . 6 2.2.6 HTTP and web requests . 7 2.2.7 GDPR . 7 2.3 API . 8 2.3.1 EnterMedic API . 8 3 Method 11 3.1 Hardware and Software Used . 11 3.1.1 Postman . 11 3.1.2 BankID . 11 3.1.3 Xamarin . 12 3.1.4 DB Browser for SQLite . 12 3.2 Method description . 13 3.2.1 Questionnaires . 13 3.2.2 Feedback . 13 3.2.3 Local database . 13 3.2.4 Web request and authentication . 14 3.2.5 Notifications . 15 3.2.6 User Interface . 16 3.2.7 Testing . 17 3.2.8 Expenses & resources . 17 3.3 Result analysis . 17 4 Results 19 5 Discussion 23 5.1 Ethics . 23 5.2 Issues encountered . 23 5.2.1 Hardware faults . 23 5.2.2 Development tools . 24 5.2.3 The impact of a global pandemic . 24 5.2.4 Focus group . 24 5.3 Usage . 25 v 5.4 Improvements and plausible extra-features . 26 5.4.1 External connections . 26 5.4.2 Feedback improvements . 27 5.4.3 Notification improvements . 27 5.4.4 Alternative login . 27 6 Conclusion 29 6.1 Experience . 29 6.2 Future implementations . 29 vi 1 Introduction This bachelor’s thesis is done in cooperation with Entergate, a company based in Halm- stad, Sweden. Entergate has a web-based E-health application called EnterMedic. It is a cloud service that makes it possible to directly send data to patient journals and has been used daily since 2016 by Kristianstad University, Region Varmland¨ , and Region Halland. EnterMedic was co-developed with CKF (Centrum for¨ Klinisk Forskning i Vaster¨ as˚ ). CKF works a substantial amount with questionnaires within healthcare and aims to, while col- lecting information for research, help develop effective work methods in healthcare. En- terMedic encourages patient-integration and better communication between the patient and the care-taker which makes the experience better for both parties. 1.1 How EnterMedic works The service is divided into three types of authorizations: admins, units, and respondents. An admin could be a medical board of a county. A part of what they do is to create ques- tionnaires for patients to answer. The admins send it out to units which could be hospitals or health centers in the county. These are then provided to the respondents, who are patients, to fill out and submit back to their attending doctor in the unit. This makes it easier for the doctor to diagnose a patient. It is very important to note that this is not a tool that can diagnose, but instead eases the diagnostic process and pre-visit perception of the patient for the doctor. 1.2 Purpose The purpose of the project is to create an E-health application to assist the healthcare system and the doctors by acting as a tool of telemonitoring patients, with the hope that it will play a part in decreasing the queues of healthcare in the future. It is important to note that this thesis was written during the outbreak of COVID-19. As a consequence of this pandemic, telemonitoring increases in importance as it can prevent risk- groups, such as elderly or individuals with an underlying illness or compromised immune system[1], from contracting the disease by visiting hospitals and other healthcare centers. The process of E-health can be summarized: E-health applications collect data using self- assessment questionnaires submitted by the patient. Then, from the server, transmits a disease profile of the patient as a quantified form to a doctor who uses a standard clinical rating scale to make a clinical assessment[2]. The EnterMedic application is to be considered a telemonitoring application since the pa- tient’s state of health can be reviewed remotely through questionnaires. It is important that the UI (User Interface) is appealing and simple to use so that less technical people, such as elderly or disabled individuals, can understand it. 1 1.3 Problem specification As awareness for mental illness increases, more people feel confident in seeking aid. This is visible, not least among the younger population. From 2016 to 2018 there was a 24% increase in visits to BUP (Barn- och ungdomspsykiatrin), a Swedish institute helping chil- dren and teenagers with their mental issues[3]. While doctors and nurses hired were also increased during this time, it was only by 9% and 3% respectively. However, the number of psychologists decreased by nearly 9%, making the total staff decrease in size since they represent the largest portion of the staff. There is a clear pattern here, which is that an increasing number of people need help but the availability is decreasing. The thesis was written during the global pandemic of COVID-19. In Sweden, the national protocol regarding preparations for a pandemic does not directly implement a telemoni- toring system through a mobile application[4]. A study dating back to 2015 states that telemonitoring systems show great potential during pandemic outbreaks, but require more research to be applied fully in situations similar to the COVID-19 pandemic[5]. Digitization has helped many areas of society, such as shopping for food through internet services, but also healthcare. There is a rise in the use of medical applications such as Kry and Min Doktor which had an increase in digital visits of 500% in one year[6]. This points to that patients are willing to get help through an application as an alternative to physical help when possible. Figure 1 shows that a relatively high percentage of the Swedish popu- lation already use digital tools existing in the healthcare industry. A noticeable deviation is the elder population in comparison to the population as a whole. They tend to not use these tools as much as the younger population. Figure 1: Percentage of the Swedish population (16+ years) using the healthcare system’s digital tools (blue) and healthcare apps instead of a normal visit (red), the year 2019[7]. The leftmost bars display the whole population. 2 Certain cases regarding BUP and the regular healthcare system can be time-sensitive. A patient must get to see a doctor or healthcare worker on time.
Load more

Recommended publications
  • Bankid TSPS Mobile Personal
    BankID TSPS Mobile Personal 1 Introduction Document history Version Date Changes Approved by 1.1 21.05.2019 Various smaller clarifying text changes. BankID Policy Board 1.0 29.11.2018 Final version for publishing document. BankID Policy Board 1.1 Overview For users not very familiar with PKI and the technical language used in this document, please see the more suitable version in the PKI disclosure statement (PDS), a simplified document to assist the end- user/subscriber (PKI users) in making informed trust decisions before applying for a BankID according to this document. The PDS is based upon the structure according to annex A in ETSI EN 319 411-1 [25] and merged with an earlier version of the general terms and conditions. This document is the joint core part of the Trust Service Provider Practice Statement (TSPS) for Level 1 issuers of BankID. A Level 1 issuer of BankID may either be one single bank or a legal entity owned by and representing a group of banks. In the first case the Registration Authority will be the same legal entity as the issuer, in the latter case the RA will be any of the banks represented by the issuer. This document describes the TSPS for BankID Certificates for natural persons (Personal Certificates). BankIDs can be issued by Banks affiliated to the Finance Norway Service Office, or Norwegian or foreign banks and credit institutions which have the consent of the Finance Norway Service Office and have agreed to comply with BankID Rules. This document is unclassified and can be freely distributed.
    [Show full text]
  • Advanced Authentication- Helpdesk Administrator
    Contents About this Book 7 1Overview 9 2 Logging In to the Helpdesk Administration Portal 11 3 Managing Authenticators 13 3.1 Enrolling Multiple Authenticators of the Same Type . .14 Sample Scenario: Authenticating to Windows Client with the Multi-Enrollment Supported Method and Non-Supported Method . .14 3.2 Bluetooth . .15 3.2.1 Enrolling the Bluetooth Authenticator . 15 3.2.2 Testing the Bluetooth Authenticator. .16 3.3 Card. .16 3.3.1 Enrolling the Card Authenticator. .16 3.3.2 Testing the Card Authenticator . .17 3.4 Device Authentication. .17 3.4.1 Enrolling Device Authentication Authenticator . .18 3.4.2 Testing Device Authentication Authenticator. .18 3.5 Email OTP . .18 3.5.1 Enrolling the Email OTP Authenticator . .18 3.5.2 Testing the Email OTP Authenticator . .19 3.6 Emergency Password. .19 3.6.1 Enrolling the Emergency Password . .19 3.6.2 Testing the Emergency Password Authenticator . .19 3.7 Facial Recognition . .20 3.7.1 Enrolling the Face Authenticator. .20 3.7.2 Testing the Face Authenticator . .20 3.8 Flex OTP . .21 3.8.1 Enrolling the Flex OTP Authenticator . .21 3.8.2 Testing the Flex OTP Authenticator. .21 3.9 FIDO 2.0 . .21 3.9.1 Enrolling the FIDO 2.0 Authenticator . .22 3.9.2 Testing the FIDO 2.0 Authenticator. .22 3.10 FIDO U2F. .22 3.10.1 Enrolling the FIDO U2F Authenticator. .23 3.10.2 Testing the FIDO U2F Authenticator . .23 3.11 Fingerprint . .24 Duress Finger . .24 3.11.1 Enrolling the Fingerprint Authenticator Using Single Finger Reader .
    [Show full text]
  • National Authentication Systems
    National Authentication Systems Are Haugen Sandnes Master of Science in Communication Technology Submission date: Mars 2012 Supervisor: Stig Frode Mjølsnes, ITEM Co-supervisor: Tord Ingolf Reistad, Difi Norwegian University of Science and Technology Department of Telematics Problem Description Are Haugen Sandnes ID-porten is a national eID portal for the public sector in Norway, developed and managed by the Agency for Public Management and eGovernment (Difi). MinID is a two-factor authentication system used by ID-porten with approximately 2.6 million users. Such authentication systems have great demands on both security and ease of use. Difi is working on mobile adapted webpages for MinID. This thesis will assess existing authentication systems on the Internet, in particular those aimed at large groups of users. It will investigate the threats and vulnerabilities from the perspective of end users and consider solutions that provide both security and user friendliness. The thesis will also examine mobile adapted authentication systems that can be used in conjunction with ID-porten. Assignment given: 09.10.2011 Supervisor: Stig Frode Mjølsnes, ITEM Sammendrag Informasjonssikkerhet m˚atilpasse seg et stadig skiftende miljø. I det siste har det vært en betydelig økning i bruk av smarttelefoner og andre mobile enheter for ˚af˚atilgang til tjenester p˚aInternett som opprinnelig er laget for stasjonære datamaskiner. Denne oppgaven undersøker autentiseringssystemer p˚aInternett rettet mot store brukergrupper i sammenheng med at trusler stadig utvikler seg p˚agrunn av økt bruk av mobile enheter. Den undersøker autentiseringssystemene fra sluttbrukerens synspunkt og ser p˚aproblemene som oppst˚armed økt bruk av mobile enheter. Dette arbeidet viser at mye kan gjøres i alle faser for ˚aforbedre sikkerheten ved autentisering p˚aInternett.
    [Show full text]
  • Digital Identity
    Digital Identity APPENDIX B: Case Studies Citing reference: FATF (2020), “Appendix B” in Guidance on Digital Identity, FATF, Paris, www.fatf-gafi.org/publications/documents/digital-identity-guidance.html For more information about the FATF, please visit www.fatf-gafi.org This document and/or any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. © 2020 FATF/OECD. All rights reserved. No reproduction or translation of this publication may be made without prior written permission. Applications for such permission, for all or part of this publication, should be made to the FATF Secretariat, 2 rue André Pascal 75775 Paris Cedex 16, France (fax: +33 1 44 30 61 37 or e-mail: [email protected]) Photocredits coverphoto ©Getty Images GUIDANCE ON DIGITAL IDENTITY | 71 APPENDIX B: CASE STUDIES Box 4. India’s Unique ID (UID) number Features of the digital ID system: India’s Unique ID (UID) number—or Aadhaar— identity program uses multiple biometrics and biographic information, as well as official identity documentation where it is available, to provide a digital ID to all residents in India, regardless of age or nationality. The Unique Identification Authority of India (UIDAI) has released a mobile app, m- Aadhaar, which generates a “virtual ID” number, linked to but different than the Aadhaar number, to increase privacy and security. Both the Aadhaar number and Virtual ID can be authenticated online, against the Aadhaar database, or offline, using a QR code.
    [Show full text]
  • Advanced Authentication 6.2 Helpdesk Administration Guide
    Advanced Authentication 6.2 Helpdesk Administration Guide February 2019 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/. Copyright © 2019 NetIQ Corporation, a Micro Focus company. All Rights Reserved. Contents About NetIQ Corporation 5 About this Book 7 1 Overview 9 2 Logging in to the Helpdesk Administration Portal 11 3 Managing the Authenticators of Users 13 Bluetooth. 14 Enrolling the Bluetooth Authenticator . 14 Testing the Bluetooth Authenticator . 14 Card . 15 Enrolling the Card Authenticator . 15 Testing the Card Authenticator . 15 Email OTP. 16 Enrolling the Email OTP Authenticator. 16 Testing the Email OTP Authenticator . 16 Emergency Password . 17 Enrolling the Emergency Password . 17 Testing the Emergency Password Authenticator . 17 Facial Recognition . 17 Enrolling the Face Authenticator . 17 Testing the Face Authenticator. 18 FIDO 2.0 . 18 Enrolling the FIDO 2.0 Authenticator . 19 Testing the FIDO 2.0 Authenticator . 19 FIDO U2F . 19 Enrolling the FIDO U2F Authenticator . 19 Testing the FIDO U2F Authenticator . 20 Fingerprint. 21 Duress Finger. 21 Enrolling the Fingerprint Authenticator Using Single Finger Reader . 21 Enrolling the Fingerprint Authenticator Using Multi-Finger Reader . 22 Assigning a Finger as Duress . 22 Testing the Fingerprint Authenticator . 23 HOTP . 23 Enrolling the HOTP Authenticator . 23 Testing the HOTP Authenticator. 25 LDAP Password . 25 Enrolling the LDAP Password Authenticator . .25 Testing the LDAP Password Authenticator. 25 Password . 26 Enrolling the Password Authenticator . 26 Testing the Password Authenticator . 26 PKI . 26 Enrolling the PKI Authenticator Using PKI Device .
    [Show full text]
  • Bankid TSPS Mobile Personal Version 1.2.1
    BankID TSPS Mobile Personal Version 1.2.1. Last updated 26 Nov 2019 Contents 1 Introduction ................................................................................................................................7 1.1 Overview .............................................................................................................................7 1.2 Document name and identification .................................................................................... 10 1.3 PKI participants and responsibilities/obligations ................................................................ 10 1.3.1 Trust Service Provider ................................................................................................ 10 1.3.2 Registration authorities.............................................................................................. 11 1.3.3 Subscribers/subjects .................................................................................................. 11 1.3.4 Relying parties ........................................................................................................... 12 1.3.5 Other participants ...................................................................................................... 12 1.4 Certificate usage ................................................................................................................ 12 1.4.1 Appropriate certificate uses ....................................................................................... 12 1.4.2 Prohibited certificate uses ........................................................................................
    [Show full text]
  • Bankid Relying Party Guidelines Version: 2.16 2017-11-14
    BankID Page 1(24) BankID Relying Party Guidelines Version: 2.16 2017-11-14 BankID Relying Party Guidelines Version: 2.16 2017-11-14 BankID Page 2(24) BankID Relying Party Guidelines Version: 2.16 1 Introduction .................................................................................................................................. 4 1.1 Versions ............................................................................................................................................... 4 1.2 Terms and definition .......................................................................................................................... 4 1.3 How it Works...................................................................................................................................... 5 1.4 Client Platforms ................................................................................................................................. 5 2 Use Cases ...................................................................................................................................... 5 2.1 Basic Use cases.................................................................................................................................... 5 2.2 Flow of events ..................................................................................................................................... 6 2.3 Exceptions ..........................................................................................................................................
    [Show full text]
  • Advanced Authentication System Requirements
    Advanced Authentication System Requirements NetIQ Corporation recommends the fully tested and certified platforms described in this page. However, customers running on other platforms or with untested configurations will be supported until the point NetIQ Corporation determines that the root cause is the uncertified platform or configuration. Issues that can be reproduced on the certified platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies. For more information about installation or hardware requirements, see the Advanced Authentication- Server Installation and Upgrade guide. Choose a category in the below list to learn about the technical specifications: Section 1, “Appliance Requirements,” on page 1 Section 2, “Integrations,” on page 2 Section 3, “RADIUS Server,” on page 3 Section 4, “ADFS Plug-In,” on page 3 Section 5, “Ports,” on page 3 Section 6, “Smartphone Applications,” on page 3 Section 7, “Enrollment,” on page 3 Section 8, “Client Components,” on page 4 1 Appliance Requirements The following are the requirements for Advanced Authentication appliance: Minimum Configuration 40 GB disk space 2 Cores CPU SSE 4.2 instructions must be supported by processor 4 GB RAM Recommended Configuration 60 GB disk space 8 Cores CPU SSE 4.2 instructions must be supported by processor 8 GB RAM Advanced Authentication Appliance runs 64-bit operating system on x86-64 hardware supported by SLES 12 SP3. Advanced Authentication System Requirements 1 Supported Authentication Methods: Bluetooth Card Email OTP Facial Recognition Fingerprint HOTP LDAP Password Password PKI RADIUS Client Security Questions Smartphone SMS OTP Swedish BankID Swisscom Mobile ID TOTP FIDO U2F Voice Voice OTP Windows Hello It is possible to combine more than one authentication method to form an authentication chain.
    [Show full text]
  • Advanced Authentication 6.2 User Guide
    Advanced Authentication 6.2 User Guide February 2019 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/. Copyright © 2019 NetIQ Corporation, a Micro Focus company. All Rights Reserved. Contents About NetIQ Corporation 7 About this Book 9 1 Logging In to Advanced Authentication Self-Service Portal 11 2 Managing Authenticators 13 Bluetooth. 14 Enrolling the Bluetooth Authenticator . 14 Testing the Bluetooth Authenticator . 15 Card . 15 Enrolling the Card Authenticator . 15 Testing the Card Authenticator . 15 Email OTP. 16 Enrolling the Email OTP Authenticator. 16 Testing the Email OTP Authenticator . 17 Facial Recognition . 17 Enrolling the Face Authenticator . 17 Testing the Face Authenticator. 18 FIDO 2.0 . 18 Enrolling the FIDO 2.0 Authenticator . 18 Testing the FIDO 2.0 Authenticator . 19 FIDO U2F . 19 Enrolling the FIDO U2F Authenticator . 19 Testing the FIDO U2F Authenticator . 20 Fingerprint. 20 Duress Finger. 21 Enrolling the Fingerprint Authenticator Using Single Finger Reader . 21 Enrolling the Fingerprint Authenticator Using Multi-Finger Reader . 21 Assigning a Finger as Duress . 22 Testing the Fingerprint Authenticator . 22 HOTP . 23 Enrolling the HOTP Authenticator . 23 Testing the HOTP Authenticator. 24 LDAP Password . 25 Enrolling the LDAP Password Authenticator . .25 Testing the LDAP Password Authenticator. 25 Password . 25 Enrolling the Password Authenticator . 25 Testing the Password Authenticator . 26 PKI . 26 Enrolling the PKI Authenticator Using PKI Device . 26 Enrolling the PKI Authenticator Using Virtual Smartcard . 27 Testing the PKI Authenticator . 27 RADIUS Client . 29 Enrolling the RADIUS Client Authenticator .
    [Show full text]
  • Bankid Relying Party Guidelines Version 3.5 2020-10-26
    BankID Page 1(29) BankID Relying Party Guidelines Version 3.5 2020-10-26 BankID Relying Party Guidelines Version: 3.5 2020-10-26 BankID Page 2(29) BankID Relying Party Guidelines Version 3.5 2020-10-26 1 Introduction .................................................................................................................................. 4 1.1 Versions ............................................................................................................................................... 4 1.2 Terms and Definitions ....................................................................................................................... 4 1.3 How it Works...................................................................................................................................... 5 1.4 Client Platforms ................................................................................................................................. 5 2 Use Cases ...................................................................................................................................... 5 2.1 Basic Use Cases .................................................................................................................................. 5 2.2 Flow of Events .................................................................................................................................... 6 2.3 Exceptions ..........................................................................................................................................
    [Show full text]
  • Electronic Identification As an Enabling Or Obstructive Force the General Public’S Use and Reflections on the Swedish E-ID
    Master Thesis Electronic Identification as an Enabling or Obstructive force The general public’s use and reflections on the Swedish e-ID Author: Annie Göransson Supervisor: Behrooz Golshan Examiner: Päivi Jokela Date: 2018-06-01 Course code: 5IK50E, 30 credits Subject: Informatics Level: Master Thesis Department of Informatics Abstract This thesis is an exploration of the general public's use and reflections on electronic identification (e-ID) tokens, in Sweden. Based on the researcher’s own experiences, the aim was to understand how the current e-ID scheme was enabling or obstructing the interaction with public agencies, etcetera. The thesis has a qualitative research design and is situated within the interpretivist paradigm. The data was collected through semi-structured interviews and the analysis of three documents, published by three different public agencies in Sweden. The data was analyzed through the vehicle of thematic analysis, which engendered four themes. These were 1. e-ID definitions, 2. the personal identity number as enabler and obstruction, 3. banks as the major e-ID issuer in Sweden and 4. security, skepticism and trust. The findings indicated that the e-ID was associated with convenience and security risks, which were brought up by the interviewees as well as the analyzed public reports. Furthermore, one of the public reports argued that the e-ID should be separated from the notion of having authority, through re- baptizing the Swedish term for e-ID, in Swedish 'e-legitimation' to electronic identity document ('elektronisk identitetshandling' in Swedish). Keywords electronic identification, BankID, frauds, personal identity number, convenience, trust, skepticism, security, general public i Table of contents Abstract...................................................................................................................................
    [Show full text]
  • Two-Factor Authentication in Smartphones
    Christofer Ericson Two-factor Authentication in Smartphones: Attacks in and Implementations Authentication Two-factor Master’s Thesis Two-factor Authentication in Smartphones: Implementations and Attacks Christofer Ericson Series of Master’s theses Department of Electrical and Information Technology LU/LTH-EIT 2015-462 Department of Electrical and Information Technology, http://www.eit.lth.se Faculty of Engineering, LTH, Lund University, August, 2015. Two-factor Authentication in Smartphones: Implementations and Attacks Christofer Ericson [email protected] Department of Electrical and Information Technology Lund University Advisors: Martin Hell, EIT Albert Altman, IT Advisor August 27, 2015 Printed in Sweden E-huset, Lund, 2015 Abstract Two-factor authentication is the method of combining two so called authentication factors in order to enhance the security of user authentication. An authentication factor is defined as ”Something the user knows, has or is”. Something the user knows is often the traditional username and password, something the user has is something that the user is in physical possession of and something the user is is a physical trait of the user, such as biometrics. Two-factor authentication greatly enhances security attributes compared to traditional password-only methods. With the advent of the smartphone, new convenient authentication methods have been developed in order to take advantage of the versatility such devices provide. However, older two-factor authentication methods such as sending codes via SMS are still widely popular and in the case of the smartphone opens up new attack vectors for criminals to exploit by creating malware that is able to gain control over SMS functionality. This thesis explores, discusses and compares three distinct two-factor authenti- cation methods used in smartphones today in the sense of security and usability.
    [Show full text]