The Journal of Korean Institute of Information Technology (한국정보기술학회논문지)

Korean Institute of Information Technology (한국정보기술학회)
권호 표지

Security Protocol of u-Healthcare User Information based on i-PIN

아이핀 기반의 유헬스케어 사용자 정보 보호 프로토콜

  • 정윤수 (한남대학교 산업기술연구소) ;
  • 김용태 (한남대학교 멀티미디어학부)
  • Published : 2011.10.31
⟨ Previous Next ⟩

Abstract

Nowadays, IT fusion Health-care service technology has been changed a lot because IT technology is put together with medical service followed by development of IT technology. But the problem of attacking user's privacy and leaking user's delicate medical information is increasing with the fusion of IT technology and Health-care. This paper proposes the protocol for protecting U-healthcare user's information based on I-pin that prevents user's medical information from U-healthcare from third person accessing illegally to it. The proposed protocol gets new secrete key of certification server whenever user accesses to U-healthcare service and after that it gets related information which is organized with user's identification number and saves it with authority information from U-healthcare service into database in certification server. Also, By using security recognizer from certification server organizing I-pin and authority information, it prevents patients' information from illegally accessing by the third person if user's I-pin information is leaked out.

최근 IT 기술의 급속한 발전으로 인하여 IT 기술이 의료서비스에 접목되면서 IT 융합 헬스케어 서비스 기술은 많은 변화가 이루어지고 있다. 그러나, IT 기술이 헬스케어와 융합되면서 사용자의 민감한 의료정보가 유출되고 사용자의 프라이버시가 침해되는 문제 또한 증가되고 있다. 본 논문에서는 유헬스케어 서비스를 제공받는 사용자의 의료 건강 정보를 제 3자가 불법적으로 접근하는 것을 사전에 예방하기 위한 아이핀 기반의 유헬스케어 사용자 정보 보호 프로토콜을 제안한다. 제안 프로토콜은 사용자가 유헬스케어 서비스에 접근할 때마다 인증 서버의 비밀키를 새로 부여받아 사용자의 주민번호와 조합한 연계정보를 매번 발급받아 유헬스케어 서비스에 주어진 권한 정보와 쌍으로 묶어 인증서버내 데이터베이스에 저장한다. 또한 아이핀 정보와 권한정보를 인증서버가 조합한 보안 인식자를 사용자가 사용함으로써 사용자의 아이핀 정보가 유출되더라도 제3자가 환자 정보에 불법적으로 접근하는 것을 예방할 수 있다.

Keywords

References

  1. Y. S. Jeong and Y. T. Kim, "An Authentication and Integrity Guarantee Mechanism of Flooding Packet based on Double Hash Chain", The Journal of Korea Institute of Information Technology, Vol. 9, No. 1, pp. 147-158, Jan. 2011.
  2. D. G. Kim and I. G. Song, "Need and Develop- ment of u-Healthcare Service", Korean Society for Internet Information, Vol. 1, No. 3, pp. 9-17, Sep. 2009.
  3. D. H. Sin, B. J. Han, H. J. Lee, and H. C. Jung, "Analysis of Security Threat in u-Healthcare Service", The Korean Institute of Information Scientists and Engineers 2010 Conferences, Vol. 37, No. 1(D), pp. 52-55, Jun. 2010.
  4. S. Y. Song and H. J. Hwang, "u-Healthcare Application Framework for Medical Gateway", Korean Society for Internet Information Conference, pp. 349-353, May 2009.
  5. J. E. Song, S. H. Kim, M. A. Chung, and K. I. Chung, "Security Issues and Its Technology Trends in u-Healthcare", Electronics and Telecommunications Trend Analysis Vol. 22, No. 1, pp. 70- 86, Feb. 2007.
  6. J. H. You and M. S. Jun, "A Mechanism to Prevent RP Phishing in OpenID System", 9th International Conference on Computer and Information Science(ICIS), 2010 IEEE/ACIS, pp. 876-880, Aug. 2010.
  7. S. Oh and S. Park, "Task-Role Based Access Control(T-RBAC) : An Improved Access Control Model for Enterpirse Environment", Proceedings of the 11th Internaotnal Conference on Database and Expert Systems Applications(DEXA 2000), pp. 264-273, Sep. 2000.
  8. Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, "Privacy-aware Role Based Access Control", The Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 41- 50, Jun. 2007.
  9. Q. Ni, D. Lin, E. Bertino, and J. Lobo, "Conditional Privacy-aware Role Based Access Control", The Proceedings of the 12th European Symposium on Research in Computer Security, LNCS 4734, pp. 72-89, 2007.
  10. J. W. Byun, E. Bertino, and N. Li, "Purpose based access control of complex data for privacy protection", Proceedings of the tenth ACM symposium on Access control models and technologies (SACMAT'05), pp. 102-110. Jun. 2005.
  11. Q. Ni, E. Bertino, and J. Lobo, "An Obligation Model Bridging Access Control Policies and Privacy Policies", SACMAT'08, pp. 133-142, Jun. 2008.
  12. B. H. Lee and H. S. Cho, "Role-based User Access Contorl with Working Status for u- Healthcare System", Journal of Korea Information Processing Society - C, Vol. 17-C, No 2, pp. 173-180, Apr. 2010.