ABSTRACT
We present rendezvous-based access control for access control in the pre-hospital environment. Rendezvous-based access control is a simple cryptographic access control method that provides access if and only if patient and health worker meet in the physical world. Access is provided locally and does not depend on connectivity with remote systems. It is therefore suitable in an environment with small mobile devices that have local connectivity but may be disconnected now and then from remote systems. It is designed to protect against aggregation threats without letting the patients carry their own medical data. A system can then be implemented where the tokens carried by the patients are simple and robust which is easily managed. We believe that our mechanism provides a useful alternative to remote access to a centralized system and to patients carrying their own medical record (on a smartcard e.g.).
- R. Anderson. Security in clinical information systems. Published by the British Medical Association, 1996.Google Scholar
- R. J. Anderson. NHS-wide networking and patient confidentiality. BMJ, 311(6996):5--6, 1995.Google ScholarCross Ref
- R. J. Anderson. Clinical system security: interim guidelines. BMJ, 312(7023):109--111, 1996.Google ScholarCross Ref
- R. J. Anderson. A security policy model for clinical information systems. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society, 1996. Google ScholarDigital Library
- T. Beale, S. Heard, D. Kalra, and D. Lloyd. openEHR Architecture Overview. http://www.openEHR.org Mar 2006.Google Scholar
- S. B. Davidson, H. Garcia-Molina, and D. Skeen. Consistency in a partitioned network: a survey. ACM Comput. Surv., 17(3):341--370, 1985. Google ScholarDigital Library
- M. A. C. Dekker and S. Etalle. Audit-based access control for electronic health records. Electron. Notes Theor. Comput. Sci., 168:221--236, 2007. Google ScholarDigital Library
- J. Dennis and E. V. Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143--155, Mar. 1966. Google ScholarDigital Library
- Department of Defense. DoD 5200. 28-STD: Department of defense (DoD) trusted computer system evaluation criteria (TCSEC), 1985.Google Scholar
- M. Eichelberg, T. Aden, J. Riesmeier, A. Dogac, and G. B. Laleci. A survey and analysis of electronic healthcare record standards. ACM Comput. Surv., 37(4):277--315, 2005. Google ScholarDigital Library
- P. G. Goldschmidt. HIT and MIS: implications of health information technology and medical information systems. Commun. ACM, 48(10):68--74, 2005. Google ScholarDigital Library
- V. R. Joan Daemen. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer Verlag, 2002. Google ScholarDigital Library
- B. Lampson. Protection. In Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, pages 437--443, Princeton University, Mar. 1971. Reprinted in ACM Operating Systems Review, 8, 1, January 1974, pp. 18--24. Google ScholarDigital Library
- J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-veri?able authentication. In SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 110--124, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- B. Neuman. Proxy-based authorization and accounting for distributed systems. In Proceedings of the 13th International Conference on Distributed Computing Systems, pages 283--291, Pittsburgh, May 1993.Google ScholarCross Ref
- B. Schneier. Description of a new variable-length key, 64-bit block cipher (blow ?sh). In Fast Software Encryption, Cambridge Security Workshop, pages 191--204, London, UK, 1994. Springer-Verlag. Google ScholarDigital Library
- A. Tanenbaum, S. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference on Distributed Computing Systems (ICDCS), pages 558--563, Washington, DC, 1986. IEEE Computer Society.Google Scholar
- M. Wilkes and R.Needham. The Cambridge CAP computer and its operating system. Operating and Programming System Series. Elsevier, North Holland, 1979. Google ScholarDigital Library
Index Terms
- Rendezvous-based access control for medical records in the pre-hospital environment
Recommendations
Relationship-Based Access Control for an Open-Source Medical Records System
SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and TechnologiesInspired by the access control models of social network systems, Relationship-Based Access Control (ReBAC) was recently proposed as a general-purpose access control paradigm for application domains in which authorization must take into account the ...
Attribute based access control scheme with controlled access delegation for collaborative E-health environments
Modern electronic healthcare (e-health) settings constitute collaborative environments with complex access requirements. Thus, there is a need for sophisticated fine-grained access control mechanisms to cater these access demands and thereby experience ...
Research of Access Control in Electronic Medical Record Based on UCON
CIS '11: Proceedings of the 2011 Seventh International Conference on Computational Intelligence and SecurityAccess control mechanisms are vital to the privacy preservation and information security in electronic medical record system. In this paper, we analyze the existing drawbacks in traditional access control models firstly and outline the characteristics ...
Comments