Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

27.3 Privacy and Security in E-Health Care > 27.3.3 Authentication - Pg. 683

CHAPTER 27 Security and Privacy for Mobile Health-Care (m-Health) Systems 683 Anonymization is indispensable for data min- ing performed by parties such as researchers and insurance providers who possess access rights only to the de-identifying or sensitive informa- tion of EHRs. The anonymization may be car- ried out by the patient as the EHR owner or by the primary physician who can act on the patient's behalf. Encryption is another option and is more precise in restricting the access. The patient and primary physician can simply encrypt the EHR portion(s) to be accessed by a role lever- aging role-based encryption (i.e., the public key used for encryption indicates a role). This mani- fests another merit of role-based technique, being that the encryption can be performed in advance without knowing the identity of the potential recipient. affiliation. Moreover, patients having business or research relationships with a domain will possess a key pair for that domain. In the inter-domain authentication scenario, communications involve two independent domains, the key pairs of which cannot mutually authenticate. As a result, a com- mon certificate authority (CA) need be found in certificate-based PKI or the hierarchical identity- based cryptosystem (HIDC) need be adopted in identity-based PKI. Nevertheless, the certificate- based PKI is inappropriate in the e-health-care context because it renders the role-based tech- niques introduced in the previous section infea- sible. We will later demonstrate the possibility of finding common trust for inter-domain authenti- cation in e-healthcare leveraging HIDC. 27.3.4. Confidentiality and Integrity 27.3.3. Authentication Confidentiality and integrity are with respect to