Due to the medicine knowledge widespread, the human life expectancy is extending. People have to keep personal health records during their lifetime to share and discuss with medical professionals. Therefore, the issue of maintaining the historical personal health records becomes more significant. Our aim is to keep and manage the long-term historical electronic health records to avoid the records lost.
In this paper, we proposed an authentication and authorization protocol for the long-term historical electronic health records to manage more than the human life lifetime. User can request its records to migrate to a specific organization, and then authorize the organization. The proposed protocol is referring the cumulatively notarized signature to transfer the trustworthiness to a specific organization, and the trust third notary as an identity provider to authenticate the user, specific organizations. Finally, the trust third notary requests the authorization to user to share their historical records with the organization. And the proposed protocol achieves data integrity, non-repudiation for data authorization and availability of EHR.

中文摘要 Abstract 誌謝 Contents List of Figures List of Tables Chapter 1 Introduction Chapter 2 Related Work 2.1 Long-term Records Preservation 2.2 Cumulatively Notarized Signature 2.3 Preliminary 2.3.1 Public Key Cryptosystem 2.3.2 Adversary Model Chapter 3 The Proposed Protocol 3.1 Overview 3.2 Notations 3.3 Proposed Protocol 3.3.1 Initialization Phase 3.3.2 User Data Transfer Authentication Phase 3.3.3 User Data Authorization Phase Chapter 4 Protocol Analysis 4.1 Security Analysis 4.2 Features Comparison 4.3 Discussion 4.3.1 The advantage of cumulatively notarized signature 4.3.2 The advantage of using NOR as intermediary 4.3.3 The scenarios of authorization 4.3.4 The scenario for a records holder company been merged Chapter 5 Conclusion References

