Enabling the provision of secure web based m-health services utilizing XML based security models

Summary It has been generally agreed that the security of electronic patient records and generally e-health applications must meet or exceed the standard security that should be applied to paper medical records, yet the absence of clarity on the proper goals of protection has led to confusion. The primary purpose of this study was to investigate appropriate security mechanisms, which will help clinical professionals and patients discharge their ethical and legal responsibilities by selecting suitable systems and operating them safely and in short order. Thus, in this paper we propose a security model based on XML with the intention of developing a fast security policy mostly intended for mobile healthcare information systems. The proposed schema consists of a set of principles based on XML security models through the use of partial encryption, signature and integrity services and it was implemented by means of a web-based m-health application in a centralized three-tier architecture utilizing wireless networks environment. Several experiments took place with the aim of measuring the client response time implementing a number of m-health scenarios. The results showed that the response times required for the fulfilment of a client request with the XML security model are smaller compared to those corresponding to the conventional security mechanisms such as the application of SSL. By selectively applying confidentiality and integrity services either to the medical information as a whole or to some sensitive parts of it, the obtained results clearly demonstrate that XML security mechanisms overwhelm those of SSL and they are suitable for deployment in m-health applications. Copyright # 2008 John Wiley & Sons, Ltd.

[1]  Muttukrishnan Rajarajan,et al.  XML Security based Access Control for Healthcare Information in Mobile Environment , 2006, 2006 Pervasive Health Conference and Workshops.

[2]  Vasilios Pasias,et al.  Pervasive E-health Services Using the DVB-RCS Communication Technology , 2007, Journal of Medical Systems.

[3]  Doan B. Hoang Wireless Technologies and Architectures for Health Monitoring Systems , 2007, First International Conference on the Digital Society (ICDS'07).

[4]  Leonidas Kazatzopoulos,et al.  Enabling Collaborative Medical Diagnosis Over the Internet via Peer-to-Peer Distribution of Electronic Health Records , 2006, Journal of Medical Systems.

[5]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[6]  Ing Widya,et al.  A Flexible Vital Sign Representation Framework for Mobile Healthcare , 2006, 2006 Pervasive Health Conference and Workshops.

[7]  Burton S. Kaliski,et al.  PKCS #7: Cryptographic Message Syntax Version 1.5 , 1998, RFC.

[8]  B. Erfianto,et al.  A Flexible Vital Sign Representation Framework for Mobile Healthcare , 2006, 2006 Pervasive Health Conference and Workshops.

[9]  Ilias Maglogiannis,et al.  Image, signal, and distributed data processing for networked eHealth applications. , 2007, IEEE engineering in medicine and biology magazine : the quarterly magazine of the Engineering in Medicine & Biology Society.

[10]  Ramon Martí,et al.  Security specification and implementation for mobile e-health services , 2004, IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004.

[11]  C Finch,et al.  Mobile computing in healthcare. , 1999, Health management technology.

[12]  Amnon Shabo,et al.  Model Formulation: HL7 Clinical Document Architecture, Release 2 , 2006, J. Am. Medical Informatics Assoc..

[13]  Ilias Maglogiannis,et al.  Design and Implementation of a Calibrated Store and Forward Imaging System for Teledermatology , 2004, Journal of Medical Systems.

[14]  G Kambourakis,et al.  PKI-based secure mobile access to electronic health services and data. , 2005, Technology and health care : official journal of the European Society for Engineering and Medicine.

[15]  Emil Jovanov,et al.  Guest Editorial Introduction to the Special Section on M-Health: Beyond Seamless Mobility and Global Wireless Health-Care Connectivity , 2004, IEEE Transactions on Information Technology in Biomedicine.

[16]  Eric S. Hall,et al.  Enabling remote access to personal electronic medical records. , 2003, IEEE engineering in medicine and biology magazine : the quarterly magazine of the Engineering in Medicine & Biology Society.

[17]  Elaine Lawrence,et al.  Wireless and wearable overview: stages of growth theory in medical technology applications , 2005, International Conference on Mobile Business (ICMB'05).

[18]  Guozhen Zhang,et al.  Scalable information sharing utilizing decentralized P2P networking integrated with centralized personal and group media tools , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[19]  Ilias Maglogiannis,et al.  Image and Signal Processing for Networked eHealth Applications (Synthesis Lectures on Biomedical Engineering) , 2006 .

[20]  Wei-Bin Lee,et al.  A Self-Concealing Mechanism for Authentication of Portable Communication Systems , 2008, Int. J. Netw. Secur..

[21]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[22]  John Hughes,et al.  Security Assertion Markup Language (SAML) 2.0 Technical Overview , 2004 .

[23]  Simon Josefsson,et al.  The Base16, Base32, and Base64 Data Encodings , 2003, RFC.

[24]  Mohd Fadlee A. Rasid,et al.  Bluetooth telemedicine Processor for multichannel biomedical signal transmission via mobile cellular networks , 2005, IEEE Transactions on Information Technology in Biomedicine.