2012 Seventh International Conference on Availability, Reliability and Security (2008)
Mar. 4, 2008 to Mar. 7, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.178
Electronic patient records (EPR) may contain highly confidential and sensitive medical data, and it is therefore essential that such information is properly protected. Medical teams that are providing care to a patient has a legitimate need to access the medical dataof the concerning patient, and this could be a valid criteria for medical professionals to obtain access to such data. Moreover, since teams consist of more than one individual, the consent or agreement among a number of the members of a medical team could by itself be a proper basis for trust and therefore a legitimate basis for medical teams to acquire access to medical data.In this paper, we present three closely related cryptographic protocols for secure team-based EPR access acquisition where the cryptographically verifiable mutual consent from some minimum number of participants of a medical team is the granting criteria for the team to acquire EPR access. The schemes are based on thresholdcryptography and are moreover broadcast-oriented, and are thus well-suitable for wireless networks. All schemes do also provide secure transfer of medical data.
Broadcast-oriented threshold decryption, Secure EPR acquisition, Access control
Vladimir Oleshchuk, Sigurd Eskeland, "Secure Team-Based EPR Access Acquisition in Wireless Networks", 2012 Seventh International Conference on Availability, Reliability and Security, vol. 00, no. , pp. 943-949, 2008, doi:10.1109/ARES.2008.178