Abstract
This paper describes the design and implementation of an e-Health authentication architecture using smartcards and a PKI. This architecture was developed to authenticate e-Health Professionals accessing the RTS (Rede Telemática da Saúde), a regional platform for sharing clinical data among a set of affiliated health institutions. The architecture had to accommodate specific RTS requirements, namely the security of Professionals’ credentials, the mobility of Professionals, and the scalability to accommodate new health institutions. The adopted solution uses short-lived certificates and cross-certification agreements between RTS and e-Health institutions for authenticating Professionals accessing the RTS. These certificates carry as well the Professional’s role at their home institution for role-based authorization. Trust agreements between e-Health institutions and RTS are necessary in order to make the certificates recognized by the RTS. As a proof of concept, a prototype was implemented with Windows technology. The presented authentication architecture is intended to be applied to other medical telematic systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cunha, J.P.S., Cruz, I., Oliveira, I., Pereira, A.S., Costa, C.T., Oliveira, A.M., Pereira, A.: The RTS Project: Promoting secure and effective clinical telematic communication within the Aveiro region. In: eHealth 2006 High Level Conf., Malaga, Spain (2006)
Cunha, J.P.: RTS Network: Improving Regional Health Services through Clinical Telematic Web-based Communication System. In: eHealth Conf. 2007, Berlin, Germany (2007)
European Commission Information Society and Media: ICT for Health and i2010: Transforming the European healthcare landscape (June 2006) ISBN 92-894-7060-7
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. RFC 2459, IETF (January 1999)
Dierks, T., Rescorla, E.: The TLS Protocol Version 1.1. RFC 4346, IETF (April 2006)
Ribeiro, C., Silva, F., Zúquete, A.: A Roaming Authentication Solution for WiFi using IPSec VPNs with Client Certificates. In: TERENA Networking Conf. 2004, Rhodes, Greece (June 2004)
Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301, IETF (December 2005)
Katehakis, D.G., Sfakianakis, S.G., Anthoulakis, D., Kavlentakis, G., Tzelepis, T.Z., Orphanoudakis, S.C., Tsiknakis, M.: A Holistic Approach for the Delivery of the Integrated Electronic Health Record within a Regional Health Information Network. Technical Report 350 (FORTH-ICS/ TR-350), Foundation for Research and Technology - Hellas, Institute of Computer Science, Heraklion, Crete, Greece (February 2005)
Tsiknakis, M., Katehakis, D.G., Sfakianakis, S., Kavlentakis, G., Orphanoudakis, S.C.: An Architecture for Regional Health Information Networks Addressing Issues of Modularity and Interoperability. Journal of Telecommunications and Information Technology (JTIT) 4, 26–39 (2005)
ISO 9735: Electronic data interchange for administration, commerce and transport (EDIFACT) (1988), http://www.iso.org
MedCom IV: MedCom – the Danish Healthcare Data Network. MedCom IV, Status Plans and Projects (December 2003), http://www.medcom.dk/dwn396
Pedersen, C.D.: An baltic healthcare network and interoperability challenges. Cisco eHealth think tank meeting (2005)
Voss, H., Heimly, V., Sjögren, L.H.: The Baltic ehealth Network – taking secure, Internet-based healthcare networks to the next level. Norwegian Centre for Informatics in Health and Social Care (May 2005)
Sundhed.dk: The Danish eHealth experience: One Portal for Citizens and Professionals (December 2006), http://dialog.sundhed.dk
Rossing, N.: The Health Portal and the Health Data Network of Denmark. Executive Summary of Presentaion in eHealth Athens 2005 (2005), www.sundhed.dk
Gomes, H., Cunha, J.P., Zúquete, A.: Authentication architecture for ehealth professionals. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1583–1600. Springer, Heidelberg (2007)
PKCS#11: Cryptographic Token Interface Standard, v2.20. RSALaboratories (2004)
Cunha, J.P.S., Oliveira, I., Fernandes, J.M., Campilho, A., Castelo-Branco, M., Sousa, N., Pereira, A.S.: BING: The Portuguese Brain Imaging Network GRID. In: IberGRID 2007, Santiago de Compostela, Spain, pp. 268–276 (2007)
Oliveira, I.C., Fernandes, J.M., Alves, L., Pereira, A.S., Cunha, J.P.S.: GERES-med: An Architecture for Grid-Enabled scientific RepositorieS for medical applications. In: 2nd Iberian Grid Infrastructure Conf. (IBERGRID 2008), Porto, Portugal (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zúquete, A., Gomes, H., Cunha, J.P.S. (2008). Authentication Architecture for Region-Wide e-Health System with Smartcards and a PKI. In: Fred, A., Filipe, J., Gamboa, H. (eds) Biomedical Engineering Systems and Technologies. BIOSTEC 2008. Communications in Computer and Information Science, vol 25. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92219-3_36
Download citation
DOI: https://doi.org/10.1007/978-3-540-92219-3_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92218-6
Online ISBN: 978-3-540-92219-3
eBook Packages: Computer ScienceComputer Science (R0)