Journal of Medical Systems

, Volume 36, Issue 3, pp 1107–1116 | Cite as

PKI Security in Large-Scale Healthcare Networks

  • Georgios Mantas
  • Dimitrios LymberopoulosEmail author
  • Nikos Komninos


During the past few years a lot of PKI (Public Key Infrastructures) infrastructures have been proposed for healthcare networks in order to ensure secure communication services and exchange of data among healthcare professionals. However, there is a plethora of challenges in these healthcare PKI infrastructures. Especially, there are a lot of challenges for PKI infrastructures deployed over large-scale healthcare networks. In this paper, we propose a PKI infrastructure to ensure security in a large-scale Internet-based healthcare network connecting a wide spectrum of healthcare units geographically distributed within a wide region. Furthermore, the proposed PKI infrastructure facilitates the trust issues that arise in a large-scale healthcare network including multi-domain PKI infrastructures.


PKI Healthcare network Trust list Identity certificates Attribute certificates 


  1. 1.
    Adams, C., and Just, M., PKI: Ten years later. Proceedings of the 3rd Annual PKI R&D Workshop. 69–84, 2004.Google Scholar
  2. 2.
    Al-Nayadi, F., and Abawajy, J. H., An authentication framework for e-Health systems. Proceedings of the 7th IEEE International Symposium on Signal Processing and Information Technology. 616–620, 2007Google Scholar
  3. 3.
    Chadwick, D. W., Mundy, D., and New, J., Experiences of using a PKI to access a hospital information system by high street opticians. Comput Commun 26:1893–1903, 2003. Elsevier.CrossRefGoogle Scholar
  4. 4.
    Ferreira, A., Cruz-Correia, R., Antunes, L., and Chadwick, D., Access Control: How can it improve patients’ healthcare? Stud Health Technol Inform 127:65–76, 2007. IOS Press.Google Scholar
  5. 5.
    Gomes, H., Cunha, J. P., and Zúquete, A., Authentication architecture for eHealth professionals. In: Meersman, R., Tari Z. (Eds.), OTM 2007, Part II, LNCS. Springer. 4804: 1583–1600, 2007.Google Scholar
  6. 6.
    Han, S., Skinner, G., Potdar, V., and Chang, E., A framework of authentication and authorization for e-Health service systems. Proceedings of the 3rd ACM workshop on Secure web services. 105–106, 2006.Google Scholar
  7. 7.
    Hu, J., Chen, H.-H., and Hou, T.-W., A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput Stand Interfaces 32:274–280, 2010. Elsevier.CrossRefGoogle Scholar
  8. 8.
    Kambourakis, G., Maglogiannis, I., and Rouskas, A., PKI-based secure mobile access to electronic health services and data. Technol Health Care 13:511–526, 2005. IOS Press.Google Scholar
  9. 9.
    Komninos, N., PKI systems. In: Douligeris, C., and Serpanos, D. N. (Eds.), Network Security: Current Status and Future Directions. Wiley—IEEE Press. 409-418, 2007.Google Scholar
  10. 10.
    Lopez, J., Oppliger, R., and Pernul, G., Authentication and authorization infrastructures (AAIs): A comparative survey. Comput Secur 23:578–590, 2004. Elsevier.CrossRefGoogle Scholar
  11. 11.
    Menezes, A. J., Vanstone, S. A., and Van Oorschot, P. C., Handbook of applied cryptography. CRC, Inc, 2004.Google Scholar
  12. 12.
    Polk, W. T., Hastings, N. E., and Malpani, A., Public key infrastructures that satisfy security goals. IEEE Internet Comput 7:60–67, 2003.CrossRefGoogle Scholar
  13. 13.
    Rifà-Pous, H., and Herrera-Joancomartí, J., An interdomain PKI model based on trust lists. In: Lopez, J., Samarati P., and Ferrer, J. L. (Eds.), Proceedings of the 4th European PKI Workshop: Theory and Practice (EuroPKI 2007), LNCS. Springer. 4582: 49–64, 2007.Google Scholar
  14. 14.
    Voss, H., Heimly, V., and Sjögren, L. H., The Baltic Health Network—taking secure, Internet-based healthcare networks to the next level. In: Engelbrecht, R. Geissbuhler, A., Lovis, C., and Mihalas G. (Eds.), Connecting Medical Informatics and Bio-Informatics: Proceedings of MIE2005. 421–426, 2005.Google Scholar
  15. 15.
    Wilson, S., Public key superstructure “It’s PKI Jim, But Not As We Know It!”. Proceedings of the 7th symposium on Identity and trust on the Internet. 72–88, 2008.Google Scholar
  16. 16.
    Zúquete, A., Gomes, H., and Cunha, J. P., Authentication of professionals in the RTS E-Health system. Proceedings of the First International Conference on Health Informatics. 72–80, 2008.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Georgios Mantas
    • 1
  • Dimitrios Lymberopoulos
    • 1
    Email author
  • Nikos Komninos
    • 2
  1. 1.Wire Communications Laboratory, Electrical & Computer Engineering DepartmentUniversity of PatrasRio PatrasGreece
  2. 2.Athens Information TechnologyPeaniaGreece

Personalised recommendations