정보처리학회논문지C (The KIPS Transactions:PartC)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

지문인식 기반의 전자의무기록 시스템 인증 모델

An Authentication Model based Fingerprint Recognition for Electronic Medical Records System

  • 이용준 (한국인터넷진흥원 인터넷침해대응센터)
  • 투고 : 2011.06.14
  • 심사 : 2011.09.26
  • 발행 : 2011.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

의료정보는 환자에게 중요한 개인정보로써 반드시 보호돼야 한다. 특히 전자의무기록에 접근할때, 의료인의 강화된 신원확인에 대한 인증방식이 필요하다. 기존의 공인인증서 기반 인증모델은 개인키 관리, 권한위임 등 문제점으로 전자의무기록의 특성을 반영하지 못했다. 본 논문에서는 전자의무기록 시스템에 의료인이 접근하는 경우 지문인식 기반 인증 모델을 적용하여 강화된 인증방식을 제안한다. 전자의무기록의 지문인증 모델은 의료업무의 특성을 반영하여 개인키 관리, 권한위임 문제를 원천적으로 해결하였다.

Ensuring the security of medical records is becoming an increasingly important problem as modern technology is integrated into existing medical services. As a consequence of the adoption of EMR(Electronic Medical Records) in the health care sector, it is becoming more and more common for a health professional to edit and view a patient's record. In order to protect the patient's privacy, a secure authentication model to access the electronic medical records system must be used. A traditional identity based digital certificate for the authenticity of EMR has private key management and key escrow of a user's private key. In order to protect the EMR, The traditional authentication system is based on the digital certificate. The identity based digital certificate has many disadvantages, for example, the private key can be forgotten or stolen, and can be easily escrow of the private key. Nowadays, authentication model using fingerprint recognition technology for EMR has become more prevalent because of the advantages over digital certificate -based authentication model. Because identity-based fingerprint recognition can eliminate disadvantages of identity-based digital certificate, the proposed authentication model provide high security for access control in EMR.

키워드

참고문헌

  1. Despina Polemi, "TTPs and biometrics for securing the payment of telemedical services." Future Generation Computer Systems, Vol.15, Issue 2, pp.265-276, 1999. https://doi.org/10.1016/S0167-739X(98)00069-7
  2. Michael Fritscher, "Towards A Unique World-wide Digital Certificate," Proceedings of the Fifth Americas Conference on Information Systems, 1999.
  3. D.H. Yum and P.J. Lee, "Identity-Based Cryptography in Public Key Management," In Proceedings of EuroPKI, pp.71-84, 2004
  4. A. Kholmatov and B.A. Yanikoglu, "Biometric Authentication using Online Signatures," In Proceedings of ISCIS, pp.373-380, 2004.
  5. S. Krawczyk and A.K. Jain, "Securing Electronic Medical Records Using Biometric Authentication," In Proceedings of AVBPA, pp.1110-1119, 2005.
  6. A. Kholmatov and B. Yanikoglu, "Identity authentication using improved online signature verification method," Pattern Recognition Letters, Vol.26, Issue 15, pp.2400-2408, 2005. https://doi.org/10.1016/j.patrec.2005.04.017
  7. Chao LI, Yi-xian YANG and Xin-xin NIU, "Biometric-based personal identity-authentication system and security analysis," The Journal of China Universities of Posts and Telecommunications, Vol.13, Issue 4, pp.43-47, 2006. https://doi.org/10.1016/S1005-8885(07)60032-6
  8. A. Bhargav-Spantzel, A.C. Squicciarini and E. Bertino, "Privacy Preserving Multi-Factor Authentication with Biometrics," In Proceedings of Digital Identity Management, pp.63-72, 2006.
  9. R. Agrawal and C. Johnson, "Securing electronic health records without impeding the flow of information," International Journal of Medical Informatics, Vol.76, Issues 5-6, pp.471-479, 2007. https://doi.org/10.1016/j.ijmedinf.2006.09.015
  10. A. Salaiwarakul and M. Ryan, "Analysis of a Biometric Authentication Protocol for Signature Creation Application," In Proceedings of IWSEC, pp.231-245, 2008.