現今，因醫療普及人們普遍壽命延長，我們需要長期保存並存取一生中健康資料，以讓該資料可於未來與醫院、健康組織、醫療人員共享，因此歷史健康資料的保存是重要的。我們的目的是維持與管理人們的歷史健康記錄，並避免電子健康記錄遺失。
在此篇論文中，為了讓歷史健康記錄可以長期保存至人的一生，我們提出一個身份識別與授權機制來保存與管理長期電子健康記錄，使用者可自行將其醫院或健康組織內的健康記錄轉移至特定的組織。協定是採用累積簽章機制將在轉移前擁有資料的組織的信任程度轉移至新組織，並以第三方可信任機關作為身份提供商身份識別所有組織，最後由授權機制確保使用者授權該機構共享資料，並可以達到長期電子健康記錄的完整性、可用性與記錄授權的不可否認性。

Due to the medicine knowledge widespread, the human life expectancy is extending. People have to keep personal health records during their lifetime to share and discuss with medical professionals. Therefore, the issue of maintaining the historical personal health records becomes more significant. Our aim is to keep and manage the long-term historical electronic health records to avoid the records lost.
In this paper, we proposed an authentication and authorization protocol for the long-term historical electronic health records to manage more than the human life lifetime. User can request its records to migrate to a specific organization, and then authorize the organization. The proposed protocol is referring the cumulatively notarized signature to transfer the trustworthiness to a specific organization, and the trust third notary as an identity provider to authenticate the user, specific organizations. Finally, the trust third notary requests the authorization to user to share their historical records with the organization. And the proposed protocol achieves data integrity, non-repudiation for data authorization and availability of EHR.

中文摘要
Abstract
誌謝
Contents
List of Figures
List of Tables
Chapter 1 Introduction
Chapter 2 Related Work
2.1 Long-term Records Preservation
2.2 Cumulatively Notarized Signature
2.3 Preliminary
2.3.1 Public Key Cryptosystem
2.3.2 Adversary Model
Chapter 3 The Proposed Protocol
3.1 Overview
3.2 Notations
3.3 Proposed Protocol
3.3.1 Initialization Phase
3.3.2 User Data Transfer Authentication Phase
3.3.3 User Data Authorization Phase
Chapter 4 Protocol Analysis
4.1 Security Analysis
4.2 Features Comparison
4.3 Discussion
4.3.1 The advantage of cumulatively notarized signature
4.3.2 The advantage of using NOR as intermediary
4.3.3 The scenarios of authorization
4.3.4 The scenario for a records holder company been merged
Chapter 5 Conclusion
References

[1] F. Khan, A. Ali, H. Abbas, and N. Haldar (2014).A cloud-based healthcare
framework for security and patients' data privacy using wireless body area
networks. Procedia Computer Science Volume 34, 2014, pages 511–517.
[2] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. (2009). Patient Controlled
Encryption: Ensuring Privacy of Electronic Medical Records. CCSW '09
Proceedings of the 2009 ACM workshop on Cloud computing security, pages
103-114.
[3] S. Sabnis and D. Charles(2012). Opportunities and challenges: Security in
eHealth. Bell Labs Technical Journal, Volume: 17, Issue: 3 , pages 105–112,
2012.
[4] J. Akinyele, M. Pagano, M. Green, C. Lehmann, Z. Peterson, and A. Rubin
(2011).Securing Electronic Medical Records Using Attribute-Based Encryption
on Mobile Devices. SPSM '11 Proceedings of the 1st ACM workshop on
Security and privacy in smartphones and mobile devices, pages 75-86, October
2011. ACM
[5] S. Narayan, M. Gagne , and R. Safavi-Naini (2010), Privacy Preserving EHR
System Using Attribute-based Infrastructure.CCSW’10, Proceedings of the 2nd
ACM Cloud Computing Security Workshop, October 8, 2010. ACM
[6] A. Tamersoy, G. Loukides, M. Nergiz, Y. Saygin, and B. Malin (2012),
Anonymization of Longitudinal Electronic Medical Records. IEEE Transactions
on Information Technology in Biomedicine, Volume: 16 , Issue: 3 , , Page(s):
413 – 423, 2012.
[7] M. Shin, S. Yoo, K. Lee , D. Lee (2012). Electronic Medical Records privacy
preservation through k-anonymity clustering method, 2012 Joint 6th International Conference on Soft Computing and Intelligent Systems (SCIS) and
13th International Symposium on Advanced Intelligent Systems (ISIS), pages:
1119 – 1124, 2012.
[8] T. Lee. (2014). Verifier-based three-party authentication schemes using extended
chaotic maps for data exchange in Telecare medicine information systems.
Journal of Medical Systems , April 2014.
[9] K. Chen, Y. Chang, and D. Wang (2010). Aspect-oriented design and
implementation of adaptable access control for Electronic Medical Record.
International journal of medical informatics 79, pages: 181-203, 2010.
[10] L. Guo, C. Zhang , J. Sun , and Y.Fang(2014) .A Privacy-Preserving
Attribute-Based Authentication System for Mobile Health Networks. IEEE
Transactions on Mobile Computing, Volume: 13, Issue: 9, pages: 1927 – 1941,
2014.
[11] J. Jin, G. Ahn, M. Covington, and X. Zhang (2009). Access Control Model for
Sharing Composite Electronic Health Records. Collaborative Computing:
Networking, Applications and Worksharing, Lecture Notes of the Institute for
Computer Sciences, Social Informatics and Telecommunications
Engineering Volume 10, pages: 340-354, 2009.
[12] P. Burnap, I. Spasi? , W. Gray, J. Hilton, O. Rana, and G. Elwyn (2012).
Protecting Patient Privacy in Distributed Collaborative Healthcare Environments
by Retaining Access Control of Shared Information. 2012International
Conference on Collaboration Technologies and Systems (CTS), pages: 490 - 497,
21-25 May 2012.
[13] J. Zhou, X. Lin, X. Dong, and Z. Cao (2014). PSMPA: Patient Self-controllable
and Multi-level Privacy-preserving Cooperative Authentication in Distributed
m-Healthcare Cloud Computing System, IEEE Transactions on Parallel and Distributed Systems, Volume: PP , Issue: 99 , Pages: 1 ,2014.
[14] D. Lekkas and D. Gritzalis (2007). Long-term verifiability of the electronic
healthcare records’ authenticity. International Journal of Medical Informatics, v
76, n 5-6, p 442-448, May/June 2007.
[15] M. Vigil, D. Cabarcas, J. Buchmann, and J. Huang (2013). Assessing trust in
the long-term protection of documents. 2013 IEEE Symposium on Computers
and Communications (ISCC), Page(s): 000185 – 000191, 2013.
[16] T. Hyla, I. Fray, W. Mac’ko’w,J. Pejas’
(2012). Long-term preservation of digital signatures for multiple groups of
related documents. Information Security, IET ,Volume: 6 , Issue: 3 , Page(s):
219 – 227, 2012.
[17] D. Lekkas, D. Gritzalis (2004). Cumulative notarization for long-term
preservation of digital signatures. Computers & Security, Volume 23, Issue 5 ,
pages 413–424, July 2004.
[18] Carmela Troncoso, Danny De Cock, Bart Preneel (2008). Improving Secure
Long-Term Archival of Digitally Signed Documents. StorageSS'08 Proceedings
of the 4th ACM international workshop on Storage security and survivability,
pages 27-36, 2008.
[19] M. Vigila, J. Buchmanna, D. Cabarcasb, C. Weinerta, A. Wiesmaierc (2015).
Integrity, authenticity, non-repudiation, and proof of existence for long-term
archiving: A survey. Computers & Security,Volume 50, pages 16–32, May 2015.
[20] A. Uherek, S. Maier, U. Borghoff (2014). An Approach for Long-Term
Preservation of Digital Videos based on the Extensible MPEG-4 Textual Format.
2014 International Conference on Collaboration Technologies and Systems
(CTS), pages:324 - 329,19-23 May 2014
[21] PKI ,ftp://ftp.rsa.com/pub/pdfs/understanding_pki.pdf [22] Health Insurance Portability and Accountability Act (HIPAA),
http://health.state.tn.us/hipaa/
[23] T. Gondrom, R. Brandner, and U. Pordesch (2007). “Evidence record syntax
(ERS) “, http://www.ietf.org/rfc/rfc4998.txt
[24] ETSI XML advanced electronic signatures (XAdES) TS 101 903, 1.8.3 edn
(2010)
[25] ETSI and 2010b ETSI CMS advanced electronic signatures (CAdES) TS 101
733, 1.7.4 edn. (2010)
[26] P. Ruotsalainena, and B. Manningb (2007). A notary archive model for secure
preservation and distribution of electrically signed patient documents.
International Journal of Medical Informatics,Volume 76, Issues 5–6, pages
449–453, May–June 2007.