Abstract
Recently, it has become possible for the hospital environment to provide medical services to patients anywhere by integrating IT technology in medical devices. However, medical services in the current environment face a problem in that identifiable patient information cannot be safely transferred to the medical staff when the patient is receiving medical services. In this paper, we propose a mandate-based signature authentication protocol that can safely deliver the personal information of patients to the medical personnel providing the medical services. In the proposed protocol, the patient information being delivered is encrypted with a signature key and random-generated number in order to avoid exposure to a third party capable of identifying the information of the patient. In addition, the proposed protocol maintains the synchronization between patients and staff based on the rating of the medical personnel in order to prevent the illegal abuse of patient information from a third party. In particular, the proposed protocol ensures access only to staff members who have received a mandate from the hospital to care for the patient. The performance and security of the proposed protocol are evaluated separately. In the performance evaluation, the proposed protocol‘s authentication latency showed an average improvement of 6.5% over the previous protocol. Throughtput was 8% higher than the previous protocol, and the authentication overhead improved by an average of 5.3%.
Similar content being viewed by others
References
Jeong, Y.S.: RFID-based authentication protocol for implantable medical device. J. Digital Policy Manag. 10(2), 141–146 (2012)
Zhou, Y., Cao, Z., Lu, R.: Provably secure proxy-protected signature schemes based on factoring. J. Appl. Math. Comput. 164(1), 83–98 (2005)
Jeong, Y.S., Lee, S.H.: u-healthcare service authentication protocol based on RFID technology. J. Digital Policy Manag. 10(2), 153–160 (2012)
Miao, F., Jiang, L., Li, Y., Zhang, Y. T.: A novel biometrics based security solution for body sensor networks. In: Proceedings of 2nd International Conference on Biomedical Engineering and Informatics 2009 (BMEI ‘09), pp. 1–5 (2009)
Sudha, G., Ganesan, R.: Secure transmission medical data for pervasive healthcare system using Android. In: Proceedings of the 2013 International Conference on Communications and Signal Processing (ICCSP), pp. 433–436 (2013)
Zhao, Z.A.: Secure RFID authentication protocol for healthcare environments using elliptic curve cryptosystem. J. Med. Syst. 38(5), 38–46 (2014)
Zhang, Z., Qi, Q.: An efficient RFID authentication protocol to enhance patient medication safety using elliptic curve cryptography. J. Med. Syst. 38(5), 47 (2014)
Khattak, Z.A., Sulaiman, S., Manan, J.A.: A study on threat model for federated identities in federated identity management system. In: Proceedings of 2010 International Symposium in Information Technology (ITSim), pp. 618–623 (2010)
Gao, H., Yan, J., Mu, Y.: Dynamic trust model for federated identity management. In: Proceedings of 2010 4th International Conference on Network and System Security, pp. 55–61 (2010)
Saraswat, V., Sahu, R. A.: A secure anonymous proxy multi-signature scheme. In: Procceedings of 2014 11th International Conference on Security and Cryptography, pp. 1–12 (2014)
Junru, H., Yi, D.: An efficient signcryption scheme with shortened ciphertext. In: Proceedings of the 2010 International Conference on Computer Application and System Modeling (ICCASM), pp. V12-404–V12-407 (2010)
Shieh, Y.Y., Tsai, F.Y., Arash, A., Wang, M. D., Lin, C.-M.C.: Mobile healthcare: opportunities and challenges. In: Proceedings of the International Conference on the Management of Mobile Business (ICMB 2007), pp. 50 (2007)
Jeong, Y.S., Kim, Y.T.: A token-based authentication security scheme for Hadoop distributed file system using elliptic curve cryptography. J. Comput. Virol. Hacking Tech. 11(3), 137–142 (2015)
Zhou, J., Cao, Z., Dong, X.L., Lin, X.D.: Securing m-healthcare social networks: challenges, countermeasures and future directions. J. IEEE Wireless Commun. 20(4), 12–21 (2013)
Kramer, S., Bradfield, J.C.: A general definition of malware. J. Comput. Virol. Hacking Tech. 6(2), 105–114 (2010)
Lu, R.X., Lin, X.D., Shen, X.M.: SPOC: a secure and privacy-preserving opportunistic computing framework for mobile-healthcare emergency. J. IEEE Trans. Parallel Distrib. Syst. 24(3), 614–624 (2013)
Miao, F., Jiang, L., Li, Y., Zhang, Y. T.: Biometrics based novel key distribution solution for body sensor networks. In: Proceedings of the 2009 Annual International Conference of the IEEE Engineering in Medicine and Biology Society (2009 EMBC), pp. 2458–2461 (2009)
Hamon, V.: Android botnets for multi-targeted attacks. J. Comput. Virol. Hacking Tech. 11(4), 193–202 (2015)
Kinable, J., Kostakis, O.: Malware classification based on call graph clustering. J. Comput. Virol. Hacking Tech. 7(4), 233–245 (2011)
Zhou, Y., Cao, Z., Lu, R.: Provably secure proxy-protected signature schemes based on factoring. J. Appl. Math. Comput. 164(1), 83–98 (2005)
Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures for delegating signing operation. In: Proceedings of the Third ACM Conference on Computer and Communications Security, pp. 48–57 (1996)
Lu, R., Cao, Z., Zhou, Y.: An efficient proxy-protected signature scheme based on factoring. In: Proceedings of the Parallel and Distributed Processing and Applications - ISPA 2005 Workshops, vol. 3759, pp. 332–341 (2005)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jeong, YS. Secure information authentication protocol between patients and medical staff in a hospital environment. J Comput Virol Hack Tech 13, 271–278 (2017). https://doi.org/10.1007/s11416-017-0294-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-017-0294-6