Keoh, S.L. , Asim, M., Kumar, S.S. and Lenoir, P. (2011) Secure spontaneous emergency access to personal health record. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI/SPMU), San Francisco, CA, USA, 12 Jun 2011,
|
Text
85533.pdf - Published Version 542kB |
Publisher's URL: http://www.medien.ifi.lmu.de/iwssi2011/papers/keoh-spmu2011.pdf
Abstract
We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient.
Item Type: | Conference Proceedings |
---|---|
Status: | Published |
Refereed: | Yes |
Glasgow Author(s) Enlighten ID: | Keoh, Dr Sye Loong |
Authors: | Keoh, S.L., Asim, M., Kumar, S.S., and Lenoir, P. |
College/School: | College of Science and Engineering > School of Computing Science |
Copyright Holders: | Copyright © 2011 The Authors |
Publisher Policy: | Reproduced with the permission of the publisher |
University Staff: Request a correction | Enlighten Editors: Update this record