The Community for Technology Leaders
RSS Icon
Issue No.06 - June (2010 vol.21)
pp: 754-764
Jinyuan Sun , University of Florida, Gainesville
Yuguang Fang , University of Florida, Gainesville
Cross-organization or cross-domain cooperation takes place from time to time in Electronic Health Record (EHR) system for necessary and high-quality patient treatment. Cautious design of delegation mechanism must be in place as a building block of cross-domain cooperation, since the cooperation inevitably involves exchanging and sharing relevant patient data that are considered highly private and confidential. The delegation mechanism grants permission to and restricts access rights of a cooperating partner. Patients are unwilling to accept the EHR system unless their health data are guaranteed proper use and disclosure, which cannot be easily achieved without cross-domain authentication and fine-grained access control. In addition, revocation of the delegated rights should be possible at any time during the cooperation. In this paper, we propose a secure EHR system, based on cryptographic constructions, to enable secure sharing of sensitive patient data during cooperation and preserve patient data privacy. Our EHR system further incorporates advanced mechanisms for fine-grained access control, and on-demand revocation, as enhancements to the basic access control offered by the delegation mechanism, and the basic revocation mechanism, respectively. The proposed EHR system is demonstrated to fulfill objectives specific to the cross-domain delegation scenario of interest.
Cross domain, delegation, electronic health record, privacy, security.
Jinyuan Sun, Yuguang Fang, "Cross-Domain Data Sharing in Distributed Electronic Health Record Systems", IEEE Transactions on Parallel & Distributed Systems, vol.21, no. 6, pp. 754-764, June 2010, doi:10.1109/TPDS.2009.124
[1] M.C. Rash, "Privacy Concerns Hinder Electronic Medical Records," Business J. Greater Triad Area, Apr. 2005.
[2] R. Pear, "Warnings over Privacy of US Health Network," New York Times, Feb. 2007.
[3] P. Ray and J. Wimalasiri, "The Need for Technical Solutions for Maintaining the Privacy of EHR," Proc. 28th IEEE EMBS Ann. Int'l Conf., pp. 4686-4689, Sept. 2006.
[4] U. Sax, I. Kohane, and K.D. Mandl, "Wireless Technology Infrastructures for Authentication of Patients: PKI That Rings," J. Am. Medical Informatics Assoc., vol. 12, no. 3, pp. 263-268, 2005.
[5] M.C. Mont, P. Bramhall, and K. Harrison, "A Flexible Role-Based Secure Messaging Service: Exploiting IBE Technology for Privacy in Health Care," Proc. 14th Int'l Workshop Database and Expert Systems Applications (DEXA), 2003.
[6] W.-B. Lee and C.-D. Lee, "A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations," IEEE Trans. Information Technology in Biomedicine, vol. 12, no. 1, pp. 34-41, Jan. 2008.
[7] C.C. Tan, H. Wang, S. Zhong, and Q. Li, "Body Sensor Network Security: An Identity-Based Cryptography Approach," Proc. ACM Conf. Wireless Network Security (WiSec '08), Apr. 2008.
[8] S. Gupta, K.K. Venkatasubramanian, and A. Banerjee, "Ekg-Based Key Agreement in Body Sensor Networks," Proc. Mission Critical Networks Workshop (MCN '08), Apr. 2008.
[9] S.-D. Bao, Y.-T. Zhang, and L.-F. Shen, "Physiological Signal Based Entity Authentication for Body Area Sensor Networks and Mobile Healthcare Systems," Proc. 28th IEEE EMBS Ann. Int'l Conf., pp. 58-65, Sept. 2005.
[10] M. Katzarova and A. Simpson, "Delegation in a Distributed Healthcare Context: A Survey of Current Approaches," Proc. Information Security Conf. (ISC '06), S.K. Katsikas et al., eds. 2006.
[11] O.S.S.T. Committee, SAML V2.0, committees /, 2009.
[12] O. eXstensible Access Control Markup Language Committee, XACML V2.0, www.oasis-open.orgcommittees/, 2009.
[13] V. Welch, I. Foster, C. Kesselman, O. Mulmo, L. Pearlman, S. Tuecke, J. Gawor, S. Meder, and F. Siebenlist, "X.509 Proxy Certificates for Dynamic Delegation," Proc. Third Ann. PKI R&D Workshop, 2004.
[14] A. Boldyreva, A. Palacio, and B. Warinschi, "Secure Proxy Signature Schemes for Delegation of Signing Rights," Cryptology ePrint Archive, Report 2003/096,, 2003.
[15] L. Zhang, G.J. Ahn, and B.T. Chu, "A Rule-Based Framework for Role-Based Delegation and Revocation," ACM Trans. Information and System Security, vol. 6, no. 3, pp. 404-441, 2003.
[16] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, "Role-Based Access Control Models," Computer, vol. 29, no. 2, pp. 38-47, Oct. 1996.
[17] R.K. Thomas, "Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments," Proc. Second ACM Workshop Role-Based Access Control, pp. 13-19, 1997.
[18] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairings," Advances in Cryptology—Asiacrypt 2001, pp. 514-532, Springer-Verlag, 2001.
[19] C. Gentry and A. Silverberg, "Hierarchical Id-Based Cryptography," Proc. Int'l Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 548-556, Dec. 2002.
[20] D. Boneh, G.D. Crescenzo, R. Ostrovsky, and G. Persiano, "Public Key Encryption with Keyword Search," Proc. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT), 2004.
[21] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing. Extended Abstract in CRYPTO 2001," SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
[22] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, J. Malone-Lee, G. Neven, P. Paillier, and H. Shi, "Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions," Proc. Int'l Cryptology Conf. (CRYPTO), V. Shoup, ed., 2005.
[23] S.S. Al Riyami and K.G. Paterson, "Certificateless Public Key Cryptography," Proc. Int'l Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT '03), pp. 452-487, 2003.
[24] "Liberty Alliance Project," http:/, 2009.
[25] "Electronic Health Record," Electronic_health_record , 2009.
[26] U.D. of Health & Human Services Website "Health Information Technology," http://www.hhs.govhealthit/, 2009.
[27] H.W. Lim and K.G. Paterson, "Identity-Based Cryptography for Grid Security," Proc. First IEEE Int'l Conf. e-Science and Grid Computing (e-Science '05), H. Stockinger, R. Buyya, and R. Perrott, eds., 2005.
[28] A. Menezes, P.V. Oorschot, and S. Vanston, Handbook of Applied Cryptography. CRC Press, 1996.
[29] J. Sun, C. Zhang, and Y. Fang, "A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks," Proc. IEEE INFOCOM, pp. 1687-1695, Apr. 2008.
[30] F. Hess, "Efficient Identity-Based Signature Schemes Based on Pairings," Selected Areas in Cryptography, pp. 310-324, Springer-Verlag, 2002.
[31] J. Baek, R. Safiavi-Naini, and W. Susilo, "Public Key Encryption with Keyword Search Revisited," Cryptology ePrint Archive, Report 2005/191,, 2005.
[32] J. Camenisch and A. Lysyanskaya, "Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials," Proc. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '02), pp. 61-76, 2002.
[33] L. Nguyen and R. Safavi-Naini, "Dynamic K-Times Anonymous Authentication," Applied Cryptography and Network Security, pp. 318-333, Springer, 2005.
[34] T. Ristenpart, G. Maganis, A. Krishnamurthy, and T. Kohno, "Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs," Proc. 17th USENIX Security Symp., pp. 275-290, July 2008.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool