Skip to main content
Log in

A Non-Repudiated and Traceable Authorization System Based on Electronic Health Insurance Cards

  • ORIGINAL PAPER
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Since anamnesis management in health care is directly relative to patients’ privacy protection, how to resist malicious behaviors is an important issue in information security. In recent years, the developed electronic health insurance cards (eHIC) has been widely adopted as an identification certificate, which involves lots applications and provides convenience to both the patients and relative medical workers as well. There always existed some disputes and moral standards for these medical doctors who are to be confronted with these challenges. For example: The doctor discloses patient’s anamnesis without patient’s consent and anamnesis by the illegal access…etc. As required in E-Health, the current systems are almost offline system, which are not suitable to support online E-anamnesis sharing access to reduce the consumption of the medical treatment and fulfill a secure audit channel. In this paper, to solve these problems, an eHIC-based online authorization system with non-repudiated and traceable properties is proposed. According to our simulation results, not only the patient’s privacy could be fully protected, but also the medical revenue could be raised extensively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Ashrafi, M. Z., and Ng, S. K., Privacy-preserving e-payments using one-time payment details. Comput. Stand. Interfaces 31(2):321–328, 2009.

    Article  Google Scholar 

  2. Blobel, B., Comparing approaches for advanced e-health security infrastructures. Int. J. Med. Inform. 76(5–6):454–459, 2007.

    Article  Google Scholar 

  3. Blobel, B., Hoepner, P., Joop, R., Karnouskos, S., Kleinhuis, G., and Stassinopoulos, G., Using a privilege management infrastructure for secure web-based e-health applications. Comput. Commun. 26(16):1863–1872, 2003.

    Article  Google Scholar 

  4. Bowling, J. M., Rimer, B. K., Lyons, E. J., Golin, C. E., Frydman, G., and Ribisl, K. M., Methodologic challenges of e-health research. Eval. Program Plann. 29(4):390–396, 2006.

    Article  Google Scholar 

  5. Chien, H. Y., New efficient user authentication scheme with user anonymity facilitating e-commerce applications. The 9th IEEE International Conference on E-Commerce Technology and the 4th IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC-EEE 2007), Tokyo, Japan, pp.461-464, 23–26 July, 2007.

  6. Croll, P. R., and Croll, J., Investigating risk exposure in e-health systems. Int. J. Med. Inform. 76(5–6):460–465, 2007.

    Article  Google Scholar 

  7. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004.

    Article  Google Scholar 

  8. Davies, G. I., and Price, W. L., Security for computer network: Wiley-Interscience Publication. Wiley, Chichester, 1984.

    Google Scholar 

  9. Denning, D. E., Cryptography and data security. Addison-Wesley, Massachusetts, 1982.

    MATH  Google Scholar 

  10. Diffie, W., and Hellman, M. E., New directions in cryptography. IEEE Trans. Inf. Theory 22(6):644–654, 1976.

    Article  MathSciNet  MATH  Google Scholar 

  11. ElGamal, T., A public key cryptosystem and signature scheme based on discrete logarithm. IEEE Trans. Inf. Theory 31(4):469–472, 1985.

    Article  MathSciNet  MATH  Google Scholar 

  12. Goriparthi, T., Das, M. L., and Saxena, A., An improved bilinear pairing based remote user authentication scheme. Comput. Stand. Interfaces 31(1):181–185, 2009.

    Article  Google Scholar 

  13. Gortzis, L. G., and Nikiforidis, G., Tracing and cataloguing knowledge in an e-health cardiology environment. J. Biomed. Inform. 41(2):217–223, 2008.

    Article  Google Scholar 

  14. Hsieh, S. H., Hsieh, S. L., Chien, Y. H., Weng, Y. C., Hsu, K. P., et al., Newborn screening healthcare information system based on service-oriented architecture. J. Med. Syst. 34(4):519–530, 2010.

    Article  Google Scholar 

  15. Huang, E. W., and Liou, D. M., Performance analysis of a medical record exchanges model. IEEE Trans. Inf. Technol. Biomed. 11(2):153–160, 2007.

    Article  Google Scholar 

  16. Hu, L., Yang, Y., and Niu, X., Improved remote user authentication scheme preserving user anonymity. Fifth Annual Conference on Communication Networks and Services Research (CNSR ‘07), Frederlcton, NB, pp. 323–328, 14–17 May, 2007.

  17. Hwang, S. Y., Wen, H. A., and Hwang, T., On the security enhancement for anonymous secure e-voting over computer network. Comput. Stand. Interfaces 27(2):163–168, 2005.

    Google Scholar 

  18. Lee, J. W., Lee, K. H., Lee, Y. J., Hong, L. Y., Kim, D. J., et al., Reusable electrical activity of the heart monitoring patch for mobile/ubiquitous healthcare. J. Med. Syst. 33(1):41–46, 2009.

    Article  Google Scholar 

  19. Kim, H., Oh, R., Lee, S., Kim, T., Lee, S., Chung, Y., and Cho, C., A fingerprint-based user authentication protocol considering both the mobility and security in the telematics environment. Comput. Stand. Interfaces 31(6):1098–1107, 2009.

    Article  Google Scholar 

  20. Kim, H. S., Lee, S. W., and Yoo, K. Y., ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper. Syst. Rev 37(4):32–41, 2003.

    Article  MathSciNet  Google Scholar 

  21. Kin, S. K., and Cung, M. G., More secure remote user authentication scheme. Comput. Commun. 32(6):1018–1021, 2009.

    Article  Google Scholar 

  22. Liao, I. E., Lee, C. C., and Hwang, M. S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.

    Article  MathSciNet  MATH  Google Scholar 

  23. Liao, Y. P., and Wang, S. S., A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1):24–29, 2009.

    Article  Google Scholar 

  24. Liang, X., Xiong, N., Yang, L. T., Zhang, H., and Park, J. H., A compensation scheme of fingerprint distortion using combined radial basis function model for ubiquitous services. Comput. Commun. 31(18):4360–4366, 2008.

    Article  Google Scholar 

  25. Liu, J. Y., Zhou, A. M., and Gao, M. X., A new mutual authentication scheme based on nonce and smart cards. Comput. Commun. 31(10):2205–2209, 2008.

    Article  Google Scholar 

  26. Masseroli, M., and Marchente, M., X-PAT A: Multiplatform patient referral data management system for small healthcare institution requirements. IEEE Trans. Inf. Technol. Biomed. 12(4):424–432, 2008.

    Article  Google Scholar 

  27. Matsunami, K., Clinical supporting system developed with Filemaker pro -collaboration of paper medical record with electronic preservation. IEEE/ICME International Conference on Complex Medical Engineering, (CME 2007), Beijing China, pp.323–326, 23–27 May, 2007.

  28. Nandakumar, K., Jain, A. K., and Pankanti, S., Fingerprint-based fuzzy vault implementation and performance. IEEE Trans. Inf. Forensics Secur. 2(4):744–757, 2007.

    Article  Google Scholar 

  29. Scott, R. E., e-Records in health—Preserving our future. Int. J. Med. Inform. 76(5–6):427–431, 2007.

    Article  Google Scholar 

  30. Su, C. J., Mobile multi-agent based, distributed information platform (MADIP) for wide-area e-health monitoring. Comput. Ind. 59(1):55–68, 2008.

    Article  Google Scholar 

  31. Su, Q., Tian, J., Chen, X., and Yang, X., A fingerprint authentication system based on mobile phone. In 5th International Conference on Audio- and Video-Based Biometric Person Authentication, pp. 151–159, 2005.

  32. Sucurovic, S., An approach to access control in electronic health record. J. Med. Syst. 34(4):659–666, 2010.

    Article  Google Scholar 

  33. Wang, C. T., Chang, C. C., and Lin, C. H., Using IC cards to remotely login passwords without verification tables. Proceedings of the 18th International Conference on Advanced Information Networking and Applications, Fukuoka, 1, pp. 321–326, 2004.

  34. Yang, W. H., and Shieh, S. P., Password authentication scheme with smart cards. Comput. Secur. 18(8):727–733, 1999.

    Article  Google Scholar 

  35. Yang, X., and Yu, Z., An efficient proxy blind signature scheme based on DLP. International Conference on Embedded Software and Systems, pp. 163–166, 2008.

  36. Yoon, E. J., and Yoo, K. Y., More efficient and secure remote user authentication scheme using smart cards. Proceedings of 11th International Conference on Parallel and Distributed System, Fukuoka Japan, pp. 73–77, 22–22 July, 2005.

  37. Yu, Y., Xu, C., Huang, X., and Mu, Y., An efficient anonymous proxy signature scheme with provable security. Comput. Stand. Interfaces 31(2):348–353, 2009.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Chin-Ling Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, CL., Lu, MS. & Guo, ZM. A Non-Repudiated and Traceable Authorization System Based on Electronic Health Insurance Cards. J Med Syst 36, 2359–2370 (2012). https://doi.org/10.1007/s10916-011-9703-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-011-9703-4

Keywords

Navigation