Secure spontaneous emergency access to personal health record

Keoh, S.L. , Asim, M., Kumar, S.S. and Lenoir, P. (2011) Secure spontaneous emergency access to personal health record. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI/SPMU), San Francisco, CA, USA, 12 Jun 2011,

85533.pdf - Published Version


Publisher's URL:


We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient.

Item Type:Conference Proceedings
Glasgow Author(s) Enlighten ID:Keoh, Dr Sye Loong
Authors: Keoh, S.L., Asim, M., Kumar, S.S., and Lenoir, P.
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2011 The Authors
Publisher Policy:Reproduced with the permission of the publisher

University Staff: Request a correction | Enlighten Editors: Update this record