Objective To provide suggestions for helping marketing authorization holders(MAHs)to develop an effective and compliant pharmacovigilance system.Methods The construction strategies of pharmacovigilance system of the m...Objective To provide suggestions for helping marketing authorization holders(MAHs)to develop an effective and compliant pharmacovigilance system.Methods The construction strategies of pharmacovigilance system of the multinational pharmaceutical companies were analyzed based on the requirements of regulations and laws.Results and Conclusion There are some gaps between local and multinational pharmaceutical companies in the construction of pharmacovigilance system.We can learn from the experience of multinational pharmaceutical companies to improve the pharmacovigilance system,which includes building a sound pharmacovigilance organizational structure,establishing a series of operational system files and cultivating professional talents.MAHs of China should improve the structure of enterprise pharmacovigilance system.Besides,members of Drug Safety Committee should be department managers with higher position so that they can fulfil the responsibilities of risk assessment.If MAHs possess a large variety and quantity of products,a Drug Safety Committee should be established to ensure the timely discovery of risks.In addition,MAHs should pay attention to the implementation of related regulations and laws on pharmacovigilance and establish compliant,effective and operatable files combing with the actual operation of pharmacovigilance system.Finally,MAHs should introduce and train pharmacovigilance talents,and hire pharmacovigilance experts as consultants to solve the problem of talent shortage.展开更多
A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state wh...A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.展开更多
Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource ...Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource are granted on the basis of their trust relation in distributed environment. Nevertheless, dynamic change of the status of credential and chain of trust induces to uncertainty of trust relation. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, and make use of the membership grade of fuzzy set to express joint trust-risk relation. Finally, derivation principle and constraint principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.展开更多
These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairnes...These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.展开更多
Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is ...Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is to verify a user’s identity.Authorization is the process of verifying that a authenticated user has the authority to perform a operation,which is more fine-grained.In most classical schemes,the authority management center(AMC)manages the resources permissions for all network nodes within the jurisdiction.However,the existence of AMC may be the weakest link of the whole scheme.In this paper,a protocol for QAM without AMC is proposed based on entanglement swapping.In this protocol,Bob(the owner of resources)authenticates the legality of Alice(the user)and then shares the right key for the resources with Alice.Compared with the other existed QAM protocols,this protocol not only implements authentication,but also authorizes the user permissions to access certain resources or carry out certain actions.The authority division is extended to fin-grained rights division.The security is analyzed from the four aspects:the outsider’s attack,the user’s attack,authentication and comparison with the other two QAM protocols.展开更多
Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challen...Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challenge;we focus to present dynamic time and location information in CP-ABE with mul-ti-authorization.Atfirst,along with the set of attributes of the users,their corre-sponding location is also embedded.Geohash is used to encode the latitude and longitude of the user’s position.Then,decrypt time period and access time period of users are defined using the new time tree(NTT)structure.The NTT sets the encrypted duration of the encrypted data and the valid access time of the private key on the data user’s private key.Besides,single authorization of attribute authority(AA)is extended as multi authorization for enhancing the effectiveness of key generation.Simulation results depict that the proposed CP-ABE achieves better encryption time,decryption time,security level and memory usage.Namely,encryption time and decryption time of the proposed CP-ABE are reduced to 19%and 16%than that of existing CP-ABE scheme.展开更多
Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level auth...Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.展开更多
A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permissio...A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permission which means that a user can perform certainoperation on a task only for a time interval, this not only ensure that only authorized users couldexecute a task but also ensure that the authorization flow is synchronised with workflow. The twoadvance models of RWAM deal with role hierarchy and constraints respectively RWAM ranges from simpleto complex and provides a general reference model for other researches and developments of suchareah.展开更多
TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to def...TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. This paper describes the TrustedRBAC model and its scalable design and implementation.展开更多
Unpredicted load behaviour troubles traditional power system and becomes a main unstable factor. This paper pro poses a digitalized power system based on synthetical transmission carrier which makes the power system a...Unpredicted load behaviour troubles traditional power system and becomes a main unstable factor. This paper pro poses a digitalized power system based on synthetical transmission carrier which makes the power system also serves as a data communication system with the same structure. Loads get authorized before powered on, so their behaviour is predictable. Digitalized power system includes such basic units as digital power source, hub and load. Their concepts are explained, their behaviour and implements arc also described in detail. Real time distribution of residual power is applied, which makes prompt authorization possible. Communication protocol and load address assignments are also presented in this paper. A prototype is built and the results verify the effect of the new proposed power system.展开更多
Mobile technologies make their headway by offering more flexibility to end-users and improve the productivities. Within the application of ubiquitous access and pervasive communication, security (or privacy) and QoS (...Mobile technologies make their headway by offering more flexibility to end-users and improve the productivities. Within the application of ubiquitous access and pervasive communication, security (or privacy) and QoS (Quality of Service) are two critical factors during global mobility, so how to get a smooth and fast handover based on a user privacy protected infrastructure is our focus. Based on a user-centric vir-tual identity defined by EU IST project Daidalos, this paper firstly proposes an effective infrastructure which protects the context-driven access policies for online services in order to avoid attacks by malicious eaves-droppers. In the proposed infrastructure, SMAL and Diameter are used to securely protect and deliver au-thenticated and authorized entities and XACML is used to authorize the user-level privacy policy. On the basis of it, a dynamic fast authentication and authorization handover mechanism is proposed which can save one trip communication time consummation between administrative domains.展开更多
Standard based Pub/Sub middleware, such as OMG Data Distribution Service (DDS), could assume a key role in supporting computer communications requiring continuous state information updating, deterministic deadline to ...Standard based Pub/Sub middleware, such as OMG Data Distribution Service (DDS), could assume a key role in supporting computer communications requiring continuous state information updating, deterministic deadline to data delivering and real time information adjourning. This kind of capability could be well ex-ploited by Peer-To-Peer (P2P) systems, Internet-wide as long as private ones, like in Public Safety or Civil Protection Communication Systems;but Pub/Sub specifications, and DDS/RTPS (Real Time Publish Sub-scribe) as well, usually do not provide Authentication & Authorization (AA) mechanisms. In the present work two important novelties are assessed: a possible scheme to implement AA in DDS/RTPS networks and a time performance evaluation study about embedded Authentication in RTPS.展开更多
To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new acce...To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.展开更多
Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repr...Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.展开更多
Should the article be accepted and published by Agricultural Biotechnology, the author hereby grants exclu- sively to the editorial department of Agricultural Biotechnology the digital reproduction, distribution, comp...Should the article be accepted and published by Agricultural Biotechnology, the author hereby grants exclu- sively to the editorial department of Agricultural Biotechnology the digital reproduction, distribution, compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repr...Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.展开更多
Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital repr...Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.展开更多
Should the article be accepted and published by Agricultural Biotechnology, the author hereby grants exclusively to the editorial department of Agricultural Biotechnology the digital reproduction, distribution, compil...Should the article be accepted and published by Agricultural Biotechnology, the author hereby grants exclusively to the editorial department of Agricultural Biotechnology the digital reproduction, distribution, compilation and information network transmission rights.展开更多
基金Integration Application Status and Problems Investigation of ICH Q8,Q9,Q10 across the Product Life Cycle(No.20210605).
文摘Objective To provide suggestions for helping marketing authorization holders(MAHs)to develop an effective and compliant pharmacovigilance system.Methods The construction strategies of pharmacovigilance system of the multinational pharmaceutical companies were analyzed based on the requirements of regulations and laws.Results and Conclusion There are some gaps between local and multinational pharmaceutical companies in the construction of pharmacovigilance system.We can learn from the experience of multinational pharmaceutical companies to improve the pharmacovigilance system,which includes building a sound pharmacovigilance organizational structure,establishing a series of operational system files and cultivating professional talents.MAHs of China should improve the structure of enterprise pharmacovigilance system.Besides,members of Drug Safety Committee should be department managers with higher position so that they can fulfil the responsibilities of risk assessment.If MAHs possess a large variety and quantity of products,a Drug Safety Committee should be established to ensure the timely discovery of risks.In addition,MAHs should pay attention to the implementation of related regulations and laws on pharmacovigilance and establish compliant,effective and operatable files combing with the actual operation of pharmacovigilance system.Finally,MAHs should introduce and train pharmacovigilance talents,and hire pharmacovigilance experts as consultants to solve the problem of talent shortage.
文摘A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.
基金Supported by the National Natural Science Foundation of China (60403027)
文摘Authorization management is important precondition and foundation for coordinating and resource sharing in open networks. Recently, authorization based on trust is widely used whereby access rights to shared resource are granted on the basis of their trust relation in distributed environment. Nevertheless, dynamic change of the status of credential and chain of trust induces to uncertainty of trust relation. Considering uncertainty of authorization and analyzing deficiency of authorization model only based on trust, we proposes joint trust-risk evaluation and build the model based on fuzzy set theory, and make use of the membership grade of fuzzy set to express joint trust-risk relation. Finally, derivation principle and constraint principle of joint trust-risk relationships are presented. The authorization management model is defined based on joint trust-risk evaluation, proof of compliance and separation of duty are analyzed. The proposed model depicts not only trust relationship between principals, but also security problem of authorization.
基金supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(No.2022R1I1A3063257)supported by Electronics and Telecommunications Research Institute(ETRI)grant funded by the Korean Government[22ZR1300,Research on Intelligent Cyber Security and Trust Infra].
文摘These days,data is regarded as a valuable asset in the era of the data economy,which demands a trading platform for buying and selling data.However,online data trading poses challenges in terms of security and fairness because the seller and the buyer may not fully trust each other.Therefore,in this paper,a blockchain-based secure and fair data trading system is proposed by taking advantage of the smart contract and matchmaking encryption.The proposed system enables bilateral authorization,where data trading between a seller and a buyer is accomplished only if their policies,required by each other,are satisfied simultaneously.This can be achieved by exploiting the security features of the matchmaking encryption.To guarantee non-repudiation and fairness between trading parties,the proposed system leverages a smart contract to ensure that the parties honestly carry out the data trading protocol.However,the smart contract in the proposed system does not include complex cryptographic operations for the efficiency of onchain processes.Instead,these operations are carried out by off-chain parties and their results are used as input for the on-chain procedure.The system also uses an arbitration protocol to resolve disputes based on the trading proof recorded on the blockchain.The performance of the protocol is evaluated in terms of off-chain computation overhead and on-chain gas consumption.The results of the experiments demonstrate that the proposed protocols can enable the implementation of a cost-effective data trading system.
文摘Quantum authorization management(QAM)is the quantum scheme for privilege management infrastructure(PMI)problem.Privilege management(authorization management)includes authentication and authorization.Authentication is to verify a user’s identity.Authorization is the process of verifying that a authenticated user has the authority to perform a operation,which is more fine-grained.In most classical schemes,the authority management center(AMC)manages the resources permissions for all network nodes within the jurisdiction.However,the existence of AMC may be the weakest link of the whole scheme.In this paper,a protocol for QAM without AMC is proposed based on entanglement swapping.In this protocol,Bob(the owner of resources)authenticates the legality of Alice(the user)and then shares the right key for the resources with Alice.Compared with the other existed QAM protocols,this protocol not only implements authentication,but also authorizes the user permissions to access certain resources or carry out certain actions.The authority division is extended to fin-grained rights division.The security is analyzed from the four aspects:the outsider’s attack,the user’s attack,authentication and comparison with the other two QAM protocols.
文摘Due to the mobility of users in an organization,inclusion of dynamic attributes such as time and location becomes the major challenge in Ciphertext-Policy Attribute-Based Encryption(CP-ABE).By considering this challenge;we focus to present dynamic time and location information in CP-ABE with mul-ti-authorization.Atfirst,along with the set of attributes of the users,their corre-sponding location is also embedded.Geohash is used to encode the latitude and longitude of the user’s position.Then,decrypt time period and access time period of users are defined using the new time tree(NTT)structure.The NTT sets the encrypted duration of the encrypted data and the valid access time of the private key on the data user’s private key.Besides,single authorization of attribute authority(AA)is extended as multi authorization for enhancing the effectiveness of key generation.Simulation results depict that the proposed CP-ABE achieves better encryption time,decryption time,security level and memory usage.Namely,encryption time and decryption time of the proposed CP-ABE are reduced to 19%and 16%than that of existing CP-ABE scheme.
基金the National Natural Science Foundation of China (60573009,90718009)
文摘Based on logic programs, authorization conflicts and resolution strategies are analyzed through the explanation of some examples on the health care sector. A resolution scheme for handling conflicts in high level authorization specification by using logic program with ordered disjunction (LPOD) is proposed. The scheme is useful for solving conflicts resulted from combining positive and negative authorization, complexity of authorization management, and less clarity of the specification. It can well specify kinds of conflicts (such as exceptional conflicts, potential conflicts), and is based on literals and dependent contexts. Thus it is expressive and available. It is shown that authorizations based on rules LPOD is very important both in theory and practice.
文摘A family of RBAC-based workflow authorization models, called RWAM, areproposed RWAM consists of a basic model and other models constructed from the basic model. The basicmodel provides the notion of temporal permission which means that a user can perform certainoperation on a task only for a time interval, this not only ensure that only authorized users couldexecute a task but also ensure that the authorization flow is synchronised with workflow. The twoadvance models of RWAM deal with role hierarchy and constraints respectively RWAM ranges from simpleto complex and provides a general reference model for other researches and developments of suchareah.
文摘TrustedRBAC is a scalable, decentralized trust-management and access control mechanism for systems that span multiple autonomous domains. We utilize X.509 attri- bute certificates to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. This paper describes the TrustedRBAC model and its scalable design and implementation.
文摘Unpredicted load behaviour troubles traditional power system and becomes a main unstable factor. This paper pro poses a digitalized power system based on synthetical transmission carrier which makes the power system also serves as a data communication system with the same structure. Loads get authorized before powered on, so their behaviour is predictable. Digitalized power system includes such basic units as digital power source, hub and load. Their concepts are explained, their behaviour and implements arc also described in detail. Real time distribution of residual power is applied, which makes prompt authorization possible. Communication protocol and load address assignments are also presented in this paper. A prototype is built and the results verify the effect of the new proposed power system.
文摘Mobile technologies make their headway by offering more flexibility to end-users and improve the productivities. Within the application of ubiquitous access and pervasive communication, security (or privacy) and QoS (Quality of Service) are two critical factors during global mobility, so how to get a smooth and fast handover based on a user privacy protected infrastructure is our focus. Based on a user-centric vir-tual identity defined by EU IST project Daidalos, this paper firstly proposes an effective infrastructure which protects the context-driven access policies for online services in order to avoid attacks by malicious eaves-droppers. In the proposed infrastructure, SMAL and Diameter are used to securely protect and deliver au-thenticated and authorized entities and XACML is used to authorize the user-level privacy policy. On the basis of it, a dynamic fast authentication and authorization handover mechanism is proposed which can save one trip communication time consummation between administrative domains.
文摘Standard based Pub/Sub middleware, such as OMG Data Distribution Service (DDS), could assume a key role in supporting computer communications requiring continuous state information updating, deterministic deadline to data delivering and real time information adjourning. This kind of capability could be well ex-ploited by Peer-To-Peer (P2P) systems, Internet-wide as long as private ones, like in Public Safety or Civil Protection Communication Systems;but Pub/Sub specifications, and DDS/RTPS (Real Time Publish Sub-scribe) as well, usually do not provide Authentication & Authorization (AA) mechanisms. In the present work two important novelties are assessed: a possible scheme to implement AA in DDS/RTPS networks and a time performance evaluation study about embedded Authentication in RTPS.
文摘To meet the authorization administration requirements in a distributedcomputer network environment, this paper extends the role-based access control model with multipleapplication dimensions and establishes a new access control model ED-RBAC(Extended Role Based AccessControl Model) for the distributed environment. We propose an extendable hierarchical authorizationassignment framework and design effective role-registeringi role-applying and role-assigningprotocol with symmetric and asymmetric cryptographic systems. The model can be used to simplifyauthorization administration in a distributed environment with multiple applications.
文摘Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.
文摘Should the article be accepted and published by Agricultural Biotechnology, the author hereby grants exclu- sively to the editorial department of Agricultural Biotechnology the digital reproduction, distribution, compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.
文摘Should the article be accepted and published by Meteorological and Environmental Research, the author hereby grants exclusively to the editorial department of Meteorological and Environmental Research the digital reproduction, distribution, compilation and information network transmission rights.
文摘Should the article be accepted and published by Agricultural Biotechnology, the author hereby grants exclusively to the editorial department of Agricultural Biotechnology the digital reproduction, distribution, compilation and information network transmission rights.
