ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Rendezvous-based access control for medical records in the pre-hospital environment
Full text PdfPdf (205 KB)
Source
International Conference On Mobile Systems, Applications And Services archive
Proceedings of the 1st ACM SIGMOBILE international workshop on Systems and networking support for healthcare and assisted living environments table of contents
San Juan, Puerto Rico
SESSION: Access and security table of contents
Pages: 1 - 6  
Year of Publication: 2007
ISBN:978-1-59593-767-4
Authors
Feike W. Dillema  University of Tromsø
Simone Lupetti  University of Tromsø
Sponsors
ACM: Association for Computing Machinery
SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 87,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1248054.1248057
What is a DOI?

ABSTRACT

We present rendezvous-based access control for access control in the pre-hospital environment. Rendezvous-based access control is a simple cryptographic access control method that provides access if and only if patient and health worker meet in the physical world. Access is provided locally and does not depend on connectivity with remote systems. It is therefore suitable in an environment with small mobile devices that have local connectivity but may be disconnected now and then from remote systems. It is designed to protect against aggregation threats without letting the patients carry their own medical data. A system can then be implemented where the tokens carried by the patients are simple and robust which is easily managed. We believe that our mechanism provides a useful alternative to remote access to a centralized system and to patients carrying their own medical record (on a smartcard e.g.).


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
R. Anderson. Security in clinical information systems. Published by the British Medical Association, 1996.
 
2
R. J. Anderson. NHS-wide networking and patient confidentiality. BMJ, 311(6996):5--6, 1995.
 
3
R. J. Anderson. Clinical system security: interim guidelines. BMJ, 312(7023):109--111, 1996.
 
4
R. J. Anderson. A security policy model for clinical information systems. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. IEEE Computer Society, 1996.
 
5
T. Beale, S. Heard, D. Kalra, and D. Lloyd. openEHR Architecture Overview. http://www.openEHR.org Mar 2006.
 
6
S. B. Davidson, H. Garcia-Molina, and D. Skeen. Consistency in a partitioned network: a survey. ACM Comput. Surv., 17(3):341--370, 1985.
 
7
M. A. C. Dekker and S. Etalle. Audit-based access control for electronic health records. Electron. Notes Theor. Comput. Sci., 168:221--236, 2007.
 
8
J. Dennis and E. V. Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143--155, Mar. 1966.
 
9
Department of Defense. DoD 5200. 28-STD: Department of defense (DoD) trusted computer system evaluation criteria (TCSEC), 1985.
 
10
M. Eichelberg, T. Aden, J. Riesmeier, A. Dogac, and G. B. Laleci. A survey and analysis of electronic healthcare record standards. ACM Comput. Surv., 37(4):277--315, 2005.
 
11
P. G. Goldschmidt. HIT and MIS: implications of health information technology and medical information systems. Commun. ACM, 48(10):68--74, 2005.
 
12
V. R. Joan Daemen. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer Verlag, 2002.
 
13
B. Lampson. Protection. In Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, pages 437--443, Princeton University, Mar. 1971. Reprinted in ACM Operating Systems Review, 8, 1, January 1974, pp. 18--24.
 
14
J. M. McCune, A. Perrig, and M. K. Reiter. Seeing-is-believing: Using camera phones for human-veri?able authentication. In SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 110--124, Washington, DC, USA, 2005. IEEE Computer Society.
 
15
B. Neuman. Proxy-based authorization and accounting for distributed systems. In Proceedings of the 13th International Conference on Distributed Computing Systems, pages 283--291, Pittsburgh, May 1993.
 
16
B. Schneier. Description of a new variable-length key, 64-bit block cipher (blow ?sh). In Fast Software Encryption, Cambridge Security Workshop, pages 191--204, London, UK, 1994. Springer-Verlag.
 
17
A. Tanenbaum, S. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference on Distributed Computing Systems (ICDCS), pages 558--563, Washington, DC, 1986. IEEE Computer Society.
 
18
M. Wilkes and R.Needham. The Cambridge CAP computer and its operating system. Operating and Programming System Series. Elsevier, North Holland, 1979.

INDEX TERMS

Primary Classification:
  J. Computer Applications
  J.3 LIFE AND MEDICAL SCIENCES

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Design, Security


Keywords:
aggregation threat, capabilities, electronic health records, pre-hospital environment, security model

Collaborative Colleagues:
Feike W. Dillema: colleagues
Simone Lupetti: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player