Browse > Article
http://dx.doi.org/10.3837/tiis.2020.01.024

Biometric-based key management for satisfying patient's control over health information in the HIPAA regulations  

Bui, Quy-Anh (Department of Information Engineering and Computer Science, Feng Chia University)
Lee, Wei-Bin (Department of Information Engineering and Computer Science, Feng Chia University)
Lee, Jung-San (Department of Information Engineering and Computer Science, Feng Chia University)
Wu, Hsiao-Ling (Department of Information Engineering and Computer Science, Feng Chia University)
Liu, Jo-Yun (Department of Information Engineering and Computer Science, Feng Chia University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.14, no.1, 2020 , pp. 437-454 More about this Journal
Abstract
According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.
Keywords
Health Insurance Portability and Accountability Act (HIPAA); electronic health information control; patient's privacy/security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Guo, H. Shi, Q. Zhao, and D. Zheng, "Secure Attribute-based Signature Scheme with Multiple Authorities for Blockchain in Electronic Health Records Systems," IEEE Access, Vol. 6, pp. 11676-11686, Feb. 2018.   DOI
2 D. C. Nguyen, P. N. Pathirana, M. Ding, and A. Seneviratne, "Blockchain for Secure EHRs Sharing of Mobile Cloud Based E-Health Systems," IEEE Access, Vol. 7, pp. 66792-66806, May 2019.   DOI
3 R. L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, vol. 21 no. 2, Feb. 1978.
4 W.B. Lee and C.D. Lee, "A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations," IEEE Transactions on Information Technology in Biomedicine, vol. 12, no. 1, pp. 34-41, Jan. 2008.   DOI
5 J. Li, J. Lee, and C. Chang, "Preserving PHI in Compliance with HIPAA Privacy/Security Regulations using Cryptographic Techniques," in Proc. of International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Harbin, Aug. 2008.
6 J. Hu, H. H. Chen, and T. W. Hou, "A Hybrid Public Key Infrastructure Solution (HPKI) for HIPAA Privacy/Security Regulations," Computer Standards & Interfaces, vol. 32, no 5-6, pp. 274-280, 2010.   DOI
7 H. F. Huang, K. C. Liu, and H. W. Wang, "A New Design of Cryptographic Key Management for HIPAA Privacy and Security Regulations," International journal of innovative computing, information & control, vol. 5, no. 11(A), pp. 3923-3931, Nov. 2009.
8 H. F. Huang and K. C. Liu, "Efficient Key Management for Preserving HIPAA Regulations," Journal of Systems and Software, vol. 84, no. 1, pp. 113-119, Jan. 2011.   DOI
9 W.B. Lee, C.D. Lee, K. I. J. Ho, "A HIPAA-compliant Key Management Scheme with Revocation of Authorization," Computer Methods and Programs in Biomedicine, vol. 113, no. 3, pp. 809-814, Mar. 2014.   DOI
10 A. Jebrane, N. Meddah, A. Toumanari, and M. Bousseta, "New Real Time Cloud Telemedicine using Digital Signature Algorithm on Elliptic Curves," in Proc. of International Conference on Advanced Information Technology, Services and Systems, pp. 324-332, Nov. 2017.
11 D. Anton, G. Kurillo, and R. Bajcsy, "User Experience and Interaction Performance in 2D/3D Telecollaboration," Future Generation Computer Systems, vol. 82, pp. 77-88, May 2018.   DOI
12 R. L. Rivest, A. Shamir, and L. M. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, vol. 21, no. 2, pp. 120-126, Jan 1978.   DOI
13 Y. Dodis, R. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data," SIAM Journal on Computing, vol. 38, no. 1, pp. 97-139, Mar. 2008.   DOI
14 X. Liu, W.B. Lee, B.Q. Bui, C.C. Lin, and H.L. Wu, "Biometrics-Based RSA Cryptosystem for Securing Real-Time Communication," Sustainability, vol. 10, no. 10, p.3588, Oct. 2018.   DOI
15 Government Public Key Infrastructure, Available Online: Article (CrossRef Link).
16 Could Physical NHI Cards Go the Way of History?, Available Online: Article (CrossRef Link).
17 M. Burrows, M. Abadi, and R. Needham, "A Logic of Authenticatio," ACM Transactions on Computer Systems, vol. 8, no. 1, Feb. 1990.
18 A. Biryukov, "Block Ciphers and Stream Ciphers: The State of the Art," IACR Cryptology ePrint Archive, 2004.
19 J. Daemen and V. Rijmen, "The Block Cipher Rijndael," in Proc. of the International Conference on Smart Card Research and Applications, pp. 277-284, Sep. 1998.
20 S.P. Yang and X. Li, "Defect in Protocol Analysis with BAN Logic on Man-in-the-Middle Attacks," OALib Journal, 2007.
21 W.B. Lee, Y.T. Lin, M.H. Tsai, and H.B. Chen, "A Novel One-time Password Mutual Authentication Scheme using Biometrics-based Key and Visual Secret Sharing," Interational journal of Advance Computational Engineering and Networking (IJACEN), vol.3, no.5, pp.27-32, 2015.
22 N. Panteli and P. Dawson, "Video Conferencing Meetings: Changing Patterns of Business Communication," New Technology Work and Employment, vol. 16, no. 2, pp. 88-99, Dec. 2001.   DOI
23 S. Jeong, Y. Jeong, K. Lee, S. Lee, and B.Yoon, "Technology-based New Service Idea Generation for Smart Spaces: Application of 5g Mobile Communication Technology," Sustainability, vol. 8, no. 11, p. 1211, Nov. 2016.   DOI
24 J. A. Correa-Garcia, M. A. Garcia-Benau, and E. Garcia-Meca, "CSR Communication Strategies of Colombian Business Groups: An Analysis of Corporate Reports," Sustainability, vol. 10, no. 5, p. 1602, May 2018.   DOI
25 Health Insurance Portability Accountability Act of 1996(HIPAA), Centers for Medicare and Medicaid Services, Baltimore, MD, 1996, Available online: Article (CrossRef Link).