Abstract
Since anamnesis management in health care is directly relative to patients’ privacy protection, how to resist malicious behaviors is an important issue in information security. In recent years, the developed electronic health insurance cards (eHIC) has been widely adopted as an identification certificate, which involves lots applications and provides convenience to both the patients and relative medical workers as well. There always existed some disputes and moral standards for these medical doctors who are to be confronted with these challenges. For example: The doctor discloses patient’s anamnesis without patient’s consent and anamnesis by the illegal access…etc. As required in E-Health, the current systems are almost offline system, which are not suitable to support online E-anamnesis sharing access to reduce the consumption of the medical treatment and fulfill a secure audit channel. In this paper, to solve these problems, an eHIC-based online authorization system with non-repudiated and traceable properties is proposed. According to our simulation results, not only the patient’s privacy could be fully protected, but also the medical revenue could be raised extensively.
Similar content being viewed by others
References
Ashrafi, M. Z., and Ng, S. K., Privacy-preserving e-payments using one-time payment details. Comput. Stand. Interfaces 31(2):321–328, 2009.
Blobel, B., Comparing approaches for advanced e-health security infrastructures. Int. J. Med. Inform. 76(5–6):454–459, 2007.
Blobel, B., Hoepner, P., Joop, R., Karnouskos, S., Kleinhuis, G., and Stassinopoulos, G., Using a privilege management infrastructure for secure web-based e-health applications. Comput. Commun. 26(16):1863–1872, 2003.
Bowling, J. M., Rimer, B. K., Lyons, E. J., Golin, C. E., Frydman, G., and Ribisl, K. M., Methodologic challenges of e-health research. Eval. Program Plann. 29(4):390–396, 2006.
Chien, H. Y., New efficient user authentication scheme with user anonymity facilitating e-commerce applications. The 9th IEEE International Conference on E-Commerce Technology and the 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC-EEE 2007), Tokyo, Japan, pp.461-464, 23–26 July, 2007.
Croll, P. R., and Croll, J., Investigating risk exposure in e-health systems. Int. J. Med. Inform. 76(5–6):460–465, 2007.
Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.
Davies, G. I., and Price, W. L., Security for computer network: Wiley-Interscience Publication. Wiley, Chichester, 1984.
Denning, D. E., Cryptography and data security. Addison-Wesley, Massachusetts, 1982.
Diffie, W., and Hellman, M. E., New directions in cryptography. IEEE Trans. Inf. Theory 22(6):644–654, 1976.
ElGamal, T., A public key cryptosystem and signature scheme based on discrete logarithm. IEEE Trans. Inf. Theory 31(4):469–472, 1985.
Goriparthi, T., Das, M. L., and Saxena, A., An improved bilinear pairing based remote user authentication scheme. Comput. Stand. Interfaces 31(1):181–185, 2009.
Gortzis, L. G., and Nikiforidis, G., Tracing and cataloguing knowledge in an e-health cardiology environment. J. Biomed. Inform. 41(2):217–223, 2008.
Hsieh, S. H., Hsieh, S. L., Chien, Y. H., Weng, Y. C., Hsu, K. P., et al., Newborn screening healthcare information system based on service-oriented architecture. J. Med. Syst. 34(4):519–530, 2010.
Huang, E. W., and Liou, D. M., Performance analysis of a medical record exchanges model. IEEE Trans. Inf. Technol. Biomed. 11(2):153–160, 2007.
Hu, L., Yang, Y., and Niu, X., Improved remote user authentication scheme preserving user anonymity. Fifth Annual Conference on Communication Networks and Services Research (CNSR ‘07), Frederlcton, NB, pp. 323–328, 14–17 May, 2007.
Hwang, S. Y., Wen, H. A., and Hwang, T., On the security enhancement for anonymous secure e-voting over computer network. Comput. Stand. Interfaces 27(2):163–168, 2005.
Lee, J. W., Lee, K. H., Lee, Y. J., Hong, L. Y., Kim, D. J., et al., Reusable electrical activity of the heart monitoring patch for mobile/ubiquitous healthcare. J. Med. Syst. 33(1):41–46, 2009.
Kim, H., Oh, R., Lee, S., Kim, T., Lee, S., Chung, Y., and Cho, C., A fingerprint-based user authentication protocol considering both the mobility and security in the telematics environment. Comput. Stand. Interfaces 31(6):1098–1107, 2009.
Kim, H. S., Lee, S. W., and Yoo, K. Y., ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper. Syst. Rev 37(4):32–41, 2003.
Kin, S. K., and Cung, M. G., More secure remote user authentication scheme. Comput. Commun. 32(6):1018–1021, 2009.
Liao, I. E., Lee, C. C., and Hwang, M. S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.
Liao, Y. P., and Wang, S. S., A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1):24–29, 2009.
Liang, X., Xiong, N., Yang, L. T., Zhang, H., and Park, J. H., A compensation scheme of fingerprint distortion using combined radial basis function model for ubiquitous services. Comput. Commun. 31(18):4360–4366, 2008.
Liu, J. Y., Zhou, A. M., and Gao, M. X., A new mutual authentication scheme based on nonce and smart cards. Comput. Commun. 31(10):2205–2209, 2008.
Masseroli, M., and Marchente, M., X-PAT A: Multiplatform patient referral data management system for small healthcare institution requirements. IEEE Trans. Inf. Technol. Biomed. 12(4):424–432, 2008.
Matsunami, K., Clinical supporting system developed with Filemaker pro -collaboration of paper medical record with electronic preservation. IEEE/ICME International Conference on Complex Medical Engineering, (CME 2007), Beijing China, pp.323–326, 23–27 May, 2007.
Nandakumar, K., Jain, A. K., and Pankanti, S., Fingerprint-based fuzzy vault implementation and performance. IEEE Trans. Inf. Forensics Secur. 2(4):744–757, 2007.
Scott, R. E., e-Records in health—Preserving our future. Int. J. Med. Inform. 76(5–6):427–431, 2007.
Su, C. J., Mobile multi-agent based, distributed information platform (MADIP) for wide-area e-health monitoring. Comput. Ind. 59(1):55–68, 2008.
Su, Q., Tian, J., Chen, X., and Yang, X., A fingerprint authentication system based on mobile phone. In 5th International Conference on Audio- and Video-Based Biometric Person Authentication, pp. 151–159, 2005.
Sucurovic, S., An approach to access control in electronic health record. J. Med. Syst. 34(4):659–666, 2010.
Wang, C. T., Chang, C. C., and Lin, C. H., Using IC cards to remotely login passwords without verification tables. Proceedings of the 18th International Conference on Advanced Information Networking and Applications, Fukuoka, 1, pp. 321–326, 2004.
Yang, W. H., and Shieh, S. P., Password authentication scheme with smart cards. Comput. Secur. 18(8):727–733, 1999.
Yang, X., and Yu, Z., An efficient proxy blind signature scheme based on DLP. International Conference on Embedded Software and Systems, pp. 163–166, 2008.
Yoon, E. J., and Yoo, K. Y., More efficient and secure remote user authentication scheme using smart cards. Proceedings of 11th International Conference on Parallel and Distributed System, Fukuoka Japan, pp. 73–77, 22–22 July, 2005.
Yu, Y., Xu, C., Huang, X., and Mu, Y., An efficient anonymous proxy signature scheme with provable security. Comput. Stand. Interfaces 31(2):348–353, 2009.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chen, CL., Lu, MS. & Guo, ZM. A Non-Repudiated and Traceable Authorization System Based on Electronic Health Insurance Cards. J Med Syst 36, 2359–2370 (2012). https://doi.org/10.1007/s10916-011-9703-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-011-9703-4