Security Authentication Mechanisms for Electronic Medicine Environments

• Main Authors: Zhen-Yu Wu, 吳鎮宇
• Other Authors: 賴飛羆
• Format: Others
• Language: en_US
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/41752444436120306294

博士 === 國立臺灣大學 === 資訊工程學研究所 === 99 === In medical domain, different medical environments would be generated with various contexts and regions, such as general hospitals and clinics, where people go for healthcare, emergency rooms, where patients in the crisis, deficient health centers in mountain, outlying islands, and remote areas, and the medical record management center in hospitals. In these environments, the protected medical information is likely to be transmitted among systems or users for patient treatments, clinical research, or doctor enquiry. The safe transmission on the network and the guarantee of the information privacy and integrity are the critical issue. An authorization mechanism would be used to ensure the private information is not obtained fraudulently by illegal persons. The password-based authentication scheme is the most widely employed method because of its efficiency. Under such mechanism, each user is allowed to select his password and keep in mind without any additional assistant device for the further authentication process. Nonetheless, different requirements are presented on various medical environments. General authentication schemes therefore cannot be applied to special medical environments. For this reason, this study proposes three authentication schemes, namely system-based, user-based, and mobility-based, for various environmental demands. Not only various malicious attacks such as replay attacks, password guessing attacks, stolen-verifier attacks, server spoofing attacks, impersonation attacks can be resisted but also the perfect forward secrecy is preserved in these schemes. In addition, this study further explains these schemes can conform to the security regulations of Health Insurance Portability and Accountability Act so that they are appropriate to be applied in medicine environments. Health Insurance Portability and Accountability Act, the law of United States Federal Government enacted in August 1996, is the most important Act for electronic medicine and is applied to standardize the medical information and applications, and the privacy of patients. The crucial part of the act comprises its privacy and security regulations. Privacy regulations address the patients’ rights to understand and control the use of their protected health information. Security regulations can be defined by requirement standards and specifications on what to do and how to do it. For constructing a secure medicine environment, satisfying both privacy and security rules are important.