Basic Search / Detailed Display

Author: 吳佳怡
Chia-Yi Wu
Thesis Title: 一個支援長期檢驗電子健康記錄管理之身份識別與授權機制
An Authentication and Authorization Mechanism for Long-term Electronic Health Records Management
Advisor: 羅乃維
Nai-Wei Lo
Committee: 查士朝
Shi-Cho Cha
Raylin Tso
Degree: 碩士
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2015
Graduation Academic Year: 103
Language: 英文
Pages: 41
Keywords (in Chinese): 電子健康紀錄長期管理電子資料累積公證簽章身份辨識授權
Keywords (in other languages): Electronic health records, Long-term electronic records management, Cumulatively notarized signature, Authentication, Authorization
Reference times: Clicks: 91Downloads: 6
School Collection Retrieve National Library Collection Retrieve Error Report
  • 現今,因醫療普及人們普遍壽命延長,我們需要長期保存並存取一生中健康資料,以讓該資料可於未來與醫院、健康組織、醫療人員共享,因此歷史健康資料的保存是重要的。我們的目的是維持與管理人們的歷史健康記錄,並避免電子健康記錄遺失。

    Due to the medicine knowledge widespread, the human life expectancy is extending. People have to keep personal health records during their lifetime to share and discuss with medical professionals. Therefore, the issue of maintaining the historical personal health records becomes more significant. Our aim is to keep and manage the long-term historical electronic health records to avoid the records lost.
    In this paper, we proposed an authentication and authorization protocol for the long-term historical electronic health records to manage more than the human life lifetime. User can request its records to migrate to a specific organization, and then authorize the organization. The proposed protocol is referring the cumulatively notarized signature to transfer the trustworthiness to a specific organization, and the trust third notary as an identity provider to authenticate the user, specific organizations. Finally, the trust third notary requests the authorization to user to share their historical records with the organization. And the proposed protocol achieves data integrity, non-repudiation for data authorization and availability of EHR.

    中文摘要 Abstract 誌謝 Contents List of Figures List of Tables Chapter 1 Introduction Chapter 2 Related Work 2.1 Long-term Records Preservation 2.2 Cumulatively Notarized Signature 2.3 Preliminary 2.3.1 Public Key Cryptosystem 2.3.2 Adversary Model Chapter 3 The Proposed Protocol 3.1 Overview 3.2 Notations 3.3 Proposed Protocol 3.3.1 Initialization Phase 3.3.2 User Data Transfer Authentication Phase 3.3.3 User Data Authorization Phase Chapter 4 Protocol Analysis 4.1 Security Analysis 4.2 Features Comparison 4.3 Discussion 4.3.1 The advantage of cumulatively notarized signature 4.3.2 The advantage of using NOR as intermediary 4.3.3 The scenarios of authorization 4.3.4 The scenario for a records holder company been merged Chapter 5 Conclusion References

    [1] F. Khan, A. Ali, H. Abbas, and N. Haldar (2014).A cloud-based healthcare
    framework for security and patients' data privacy using wireless body area
    networks. Procedia Computer Science Volume 34, 2014, pages 511–517.
    [2] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. (2009). Patient Controlled
    Encryption: Ensuring Privacy of Electronic Medical Records. CCSW '09
    Proceedings of the 2009 ACM workshop on Cloud computing security, pages
    [3] S. Sabnis and D. Charles(2012). Opportunities and challenges: Security in
    eHealth. Bell Labs Technical Journal, Volume: 17, Issue: 3 , pages 105–112,
    [4] J. Akinyele, M. Pagano, M. Green, C. Lehmann, Z. Peterson, and A. Rubin
    (2011).Securing Electronic Medical Records Using Attribute-Based Encryption
    on Mobile Devices. SPSM '11 Proceedings of the 1st ACM workshop on
    Security and privacy in smartphones and mobile devices, pages 75-86, October
    2011. ACM
    [5] S. Narayan, M. Gagne , and R. Safavi-Naini (2010), Privacy Preserving EHR
    System Using Attribute-based Infrastructure.CCSW’10, Proceedings of the 2nd
    ACM Cloud Computing Security Workshop, October 8, 2010. ACM
    [6] A. Tamersoy, G. Loukides, M. Nergiz, Y. Saygin, and B. Malin (2012),
    Anonymization of Longitudinal Electronic Medical Records. IEEE Transactions
    on Information Technology in Biomedicine, Volume: 16 , Issue: 3 , , Page(s):
    413 – 423, 2012.
    [7] M. Shin, S. Yoo, K. Lee , D. Lee (2012). Electronic Medical Records privacy
    preservation through k-anonymity clustering method, 2012 Joint 6th International Conference on Soft Computing and Intelligent Systems (SCIS) and
    13th International Symposium on Advanced Intelligent Systems (ISIS), pages:
    1119 – 1124, 2012.
    [8] T. Lee. (2014). Verifier-based three-party authentication schemes using extended
    chaotic maps for data exchange in Telecare medicine information systems.
    Journal of Medical Systems , April 2014.
    [9] K. Chen, Y. Chang, and D. Wang (2010). Aspect-oriented design and
    implementation of adaptable access control for Electronic Medical Record.
    International journal of medical informatics 79, pages: 181-203, 2010.
    [10] L. Guo, C. Zhang , J. Sun , and Y.Fang(2014) .A Privacy-Preserving
    Attribute-Based Authentication System for Mobile Health Networks. IEEE
    Transactions on Mobile Computing, Volume: 13, Issue: 9, pages: 1927 – 1941,
    [11] J. Jin, G. Ahn, M. Covington, and X. Zhang (2009). Access Control Model for
    Sharing Composite Electronic Health Records. Collaborative Computing:
    Networking, Applications and Worksharing, Lecture Notes of the Institute for
    Computer Sciences, Social Informatics and Telecommunications
    Engineering Volume 10, pages: 340-354, 2009.
    [12] P. Burnap, I. Spasi? , W. Gray, J. Hilton, O. Rana, and G. Elwyn (2012).
    Protecting Patient Privacy in Distributed Collaborative Healthcare Environments
    by Retaining Access Control of Shared Information. 2012International
    Conference on Collaboration Technologies and Systems (CTS), pages: 490 - 497,
    21-25 May 2012.
    [13] J. Zhou, X. Lin, X. Dong, and Z. Cao (2014). PSMPA: Patient Self-controllable
    and Multi-level Privacy-preserving Cooperative Authentication in Distributed
    m-Healthcare Cloud Computing System, IEEE Transactions on Parallel and Distributed Systems, Volume: PP , Issue: 99 , Pages: 1 ,2014.
    [14] D. Lekkas and D. Gritzalis (2007). Long-term verifiability of the electronic
    healthcare records’ authenticity. International Journal of Medical Informatics, v
    76, n 5-6, p 442-448, May/June 2007.
    [15] M. Vigil, D. Cabarcas, J. Buchmann, and J. Huang (2013). Assessing trust in
    the long-term protection of documents. 2013 IEEE Symposium on Computers
    and Communications (ISCC), Page(s): 000185 – 000191, 2013.
    [16] T. Hyla, I. Fray, W. Mac’ko’w,J. Pejas’
    (2012). Long-term preservation of digital signatures for multiple groups of
    related documents. Information Security, IET ,Volume: 6 , Issue: 3 , Page(s):
    219 – 227, 2012.
    [17] D. Lekkas, D. Gritzalis (2004). Cumulative notarization for long-term
    preservation of digital signatures. Computers & Security, Volume 23, Issue 5 ,
    pages 413–424, July 2004.
    [18] Carmela Troncoso, Danny De Cock, Bart Preneel (2008). Improving Secure
    Long-Term Archival of Digitally Signed Documents. StorageSS'08 Proceedings
    of the 4th ACM international workshop on Storage security and survivability,
    pages 27-36, 2008.
    [19] M. Vigila, J. Buchmanna, D. Cabarcasb, C. Weinerta, A. Wiesmaierc (2015).
    Integrity, authenticity, non-repudiation, and proof of existence for long-term
    archiving: A survey. Computers & Security,Volume 50, pages 16–32, May 2015.
    [20] A. Uherek, S. Maier, U. Borghoff (2014). An Approach for Long-Term
    Preservation of Digital Videos based on the Extensible MPEG-4 Textual Format.
    2014 International Conference on Collaboration Technologies and Systems
    (CTS), pages:324 - 329,19-23 May 2014
    [21] PKI , [22] Health Insurance Portability and Accountability Act (HIPAA),
    [23] T. Gondrom, R. Brandner, and U. Pordesch (2007). “Evidence record syntax
    (ERS) “,
    [24] ETSI XML advanced electronic signatures (XAdES) TS 101 903, 1.8.3 edn
    [25] ETSI and 2010b ETSI CMS advanced electronic signatures (CAdES) TS 101
    733, 1.7.4 edn. (2010)
    [26] P. Ruotsalainena, and B. Manningb (2007). A notary archive model for secure
    preservation and distribution of electrically signed patient documents.
    International Journal of Medical Informatics,Volume 76, Issues 5–6, pages
    449–453, May–June 2007.