4 research outputs found
Recommended from our members
Patient privacy protection using anonymous access control techniques
Objective: The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. Methods: In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. Results: The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. Conclusion: The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records
Recommended from our members
Authentication and privacy in mobile web services
This thesis looks at the issue of authentication and privacy in mobile Web services. The work in this thesis builds on GSM and UMTS security framework to develop security protocols for mobile Web services environment. The thesis initially highlights some core principles of designing security protocols in such environment. The next two chapters look at the core technologies and building blocks in Web services systems and the core security features in mobile networks mainly GSM and UMTS. Registration and authentication were identified as security issues in federated systems. Proposed solutions were developed utilizing XML security mechanisms with SIM card security in GSM environment to address these issues. Also a novel system was proposed in which it is possible for a mobile user to securely authenticate and have full anonymity as far as the service providers are concerned; however it is possible for a trusted authority to reveal the identity of the user if he or she is suspected of illegal activities. The next section analyze in detail the Generic Authentication Architecture from 3GPP. Combining SAML with the Generic Authentication Architecture, we propose a novel "generic mobile Web service platform" for M-Commerce. Various solutions have been proposed to address privacy concern in distributed networks; the Platform for Privacy Preferences is one of the popular proposal, though it has many desirable features, it is not easy to enforce it. We argue that this limitation can be managed in federated system such as the Liberty Alliance framework. In the final chapter we make the case for using timestamp based authentication protocol
in mobile Web service on the ground of efficiency gain
Anonymous Single-Sign-On for n designated services with traceability
Anonymous Single-Sign-On authentication schemes have been proposed to allow
users to access a service protected by a verifier without revealing their
identity which has become more important due to the introduction of strong
privacy regulations. In this paper we describe a new approach whereby anonymous
authentication to different verifiers is achieved via authorisation tags and
pseudonyms. The particular innovation of our scheme is authentication can only
occur between a user and its designated verifier for a service, and the
verification cannot be performed by any other verifier. The benefit of this
authentication approach is that it prevents information leakage of a user's
service access information, even if the verifiers for these services collude
which each other. Our scheme also supports a trusted third party who is
authorised to de-anonymise the user and reveal her whole services access
information if required. Furthermore, our scheme is lightweight because it does
not rely on attribute or policy-based signature schemes to enable access to
multiple services. The scheme's security model is given together with a
security proof, an implementation and a performance evaluation.Comment: 3