Rendezvous-based access control for medical records in the pre-hospital environment

We present rendezvous-based access control for access control in the pre-hospital environment. Rendezvous-based access control is a simple cryptographic access control method that provides access if and only if patient and health worker meet in the physical world. Access is provided locally and does not depend on connectivity with remote systems. It is therefore suitable in an environment with small mobile devices that have local connectivity but may be disconnected now and then from remote systems. It is designed to protect against aggregation threats without letting the patients carry their own medical data. A system can then be implemented where the tokens carried by the patients are simple and robust which is easily managed. We believe that our mechanism provides a useful alternative to remote access to a centralized system and to patients carrying their own medical record (on a smartcard e.g.).

[1]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[2]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[3]  R. Anderson,et al.  NHS-wide networking and patient confidentiality , 1995, BMJ.

[4]  Ross J. Anderson,et al.  Clinical system security: interim guidelines , 1996, BMJ.

[5]  T Beale,et al.  openEHR Architecture Architecture Overview , 2006 .

[6]  Maurice V. Wilkes,et al.  The Cambridge CAP computer and its operating system (Operating and programming systems series) , 1979 .

[7]  Robbert van Renesse,et al.  Using Sparse Capabilities in a Distributed Operating System , 1986, ICDCS.

[8]  Hector Garcia-Molina,et al.  Consistency in a partitioned network: a survey , 1985, CSUR.

[9]  Peter G. Goldschmidt,et al.  HIT and MIS , 2005, Commun. ACM.

[10]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[11]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[12]  Ross Anderson,et al.  Security in Clinical Information Systems , 1996 .

[13]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[14]  Sandro Etalle,et al.  Audit-Based Access Control for Electronic Health Records , 2007, Electron. Notes Theor. Comput. Sci..

[15]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[16]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[17]  Marco Eichelberg,et al.  A survey and analysis of Electronic Healthcare Record standards , 2005, CSUR.

[18]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).