Download presentation
Presentation is loading. Please wait.
1
Patient’s privacy protection with anonymous access to medical services Dasun Weerasinghe, Kalid Elmufti, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group School of Engineering and Mathematical Sciences City University London
2
Outline of the Presentation Motivation factor Anonymous access medial environment Propose protocol Security tokens Risk analysis Conclusion
3
Motivation factor Overstretched and under budgeted health sector Data transmission in the Internet/mobile network Sensitive medical information Possibility of selling medical information Patient’s privacy Patient’s anonymity
4
Anonymous Access Medical Environment
5
Protocol Anonymous authentication and access to Healthcare service providers (HSP) Patients access medications over the Internet or Mobile networks Assumptions Patients register with Healthcare Service Unit (HSU) HSP are registered with HSU 2 phases in the protocol Patient registration with the HSP Patient authentication and anonymous service access
6
Patient registration with the HSP HSP Registration Token, tsK Confirmation for User Registration Registration Token, Service Information HSP Patient HSUHSP Request to Register for a service Registration Request Token RT= eHSP (sHSU [UID|TS]) RRT = eHSP (sHSU [UID|TS|tsK|KeyLifeTime])
7
Security Tokens in Registration Registration Token RT = eHSP (sHSU [UID|TS]) String Timestamp Registration Request Token RRT = eHSP (sHSU [UID|TS|tsK|KeyLifeTime]) String Timestamp Key
8
Patient authentication and anonymous service access HSUHSP User Token, tsK, key life time User Token HSUHSP Patient HSUHSP Request to access HSP Service Request Confirmation Authentication Service Response UT = eHSP (sHSU [TUID|TS|tsK|KeyLifeTime])
9
Security Tokens in Request Access User Token UT = eHSP (sHSU [TUID|TS|tsK|KeyLifeTime]) String Timestamp Key Time
10
Risk Analysis User Anonymity HSP identifies patient with a temporary identity Temporary identity doesn’t relate with the true identity Message Privacy Patient’s health information doesn't relate with true identities Message confidentiality Messages are encrypted User Authentication and Authorization Secure authentication credentials are used User tokens are generated by HSU
11
Risk Analysis (Contd.) Replay Attacks Unable to reuse the previous login authentication messages Attackers are unable to alter timestamps Audit trials HSU logs login and service access requests HSP logs service requests Reverse identity track HSU maintains mapping between a temporary identity and the true identity In a critical medical situation
12
Prototype development Fully developed this protocol as a prototype Functional with Temporary identity XML Signature XML Encryption/Decryption Key management Technology and standards XML Security Single-Sign-On (SSO) Liberty Alliance standards If anyone interested then I can do a demo
13
Conclusion Patient access the medical environment without providing the identity Anonymous access medical environment Protocol with message formats Security tokens for authentication and authorization Risk analysis of the protocol
14
Q & A ??????
15
Thank you !!!!!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.