KR20170032705A - The secure automatic permission delegation system and method at emergency - Google Patents

The secure automatic permission delegation system and method at emergency Download PDF

Info

Publication number
KR20170032705A
KR20170032705A KR1020150130394A KR20150130394A KR20170032705A KR 20170032705 A KR20170032705 A KR 20170032705A KR 1020150130394 A KR1020150130394 A KR 1020150130394A KR 20150130394 A KR20150130394 A KR 20150130394A KR 20170032705 A KR20170032705 A KR 20170032705A
Authority
KR
South Korea
Prior art keywords
emergency
patient
delegation
information
role
Prior art date
Application number
KR1020150130394A
Other languages
Korean (ko)
Other versions
KR101754659B1 (en
Inventor
이상호
박찬선
Original Assignee
충북대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 충북대학교 산학협력단 filed Critical 충북대학교 산학협력단
Priority to KR1020150130394A priority Critical patent/KR101754659B1/en
Publication of KR20170032705A publication Critical patent/KR20170032705A/en
Application granted granted Critical
Publication of KR101754659B1 publication Critical patent/KR101754659B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services; Handling legal documents
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/22Social work

Abstract

In an automatic permission delegation method providing a medical information of a patient to an emergency medical technician at a site where the patient is present, an embodiment of the present invention provides an automatic permission delegation method including the following steps of: receiving authentication information of the patient and the emergency medical technician to generate IDs of the patient and the emergency medical technician; generating an activation time and an emergency delegation role for the ID of the patient on the basis of the IDs of the patient and the emergency medical technician; requesting the medical information of the patient during the activation time on the basis of the permission of the emergency delegation role to provide the medical information to the emergency medical technician; and withdrawing the emergency delegation role when the activation time elapses to block access to the medical information of the patient. Accordingly, as the medical information necessary to stably performing a first aid for an emergency patient when an emergency situation occurs is acquired, a high quality medical service can be provided. In addition, invasion of the medial information and privacy can be minimized.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system and a method for delegating secure automatic authorization in an emergency rescue,
The present invention relates to an automatic entitlement delegation system and method for assisting a patient in protecting medical information in rescuing an emergency patient.
With the integration of IT technology into the medical field, medical information is also computerized and transmitted online. In the past, emergency medical services, which were not well communicated, had difficulty in grasping patient information before arriving at the hospital. They focused on urgent patient transfer and first aid after arrival. However, It is now possible to obtain information. Emergency treatment before arrival in the hospital is getting attention. [1]
Emergency rescue instructors have differentiated the stages of patient evaluation in the emergency procedures due to the importance of patient evaluation. However, in reality, it is virtually impossible without a patient's consciousness because it depends on questions to identify the patient or to identify the patient's medical history. Therefore, the emergency medical system should be able to identify the patient regardless of the severity of the patient.
Medical informatization contributes to the improvement of patients' convenience by providing high quality medical services to patients, but the possibility that medical information, which is sensitive information, is misused, abused and leaked is increased by storing and processing personal medical information in a large amount Personal privacy violations are also increasing. [3]
In the developed countries, security legislation and standards have been established to safeguard personal medical information. In order to minimize medical accidents, it has been institutionalizing the authorization function of the base authorization and the log data. Medical information becomes sensitive information to individual patients. In addition to this, it should be thoroughly audited for role-specific authorization and access control of resources [4]
The use of electronic medical records system in medical institutions, the management of access rights to control the authorization and authority of accessing medical information of patients to users in medical institutions is important for protecting the privacy of patients. All of these rights are based on Role-Based Access Control (RBAC) and are accessed according to the role of the user. Authorization of access is granted to roles and access to resources for the execution of roles. The basic concept of the RBAC model is that privileges are related to roles and users are granted as members of roles and add related privileges. This concept has greatly simplified the role authority management, and roles are created according to the functions of various tasks within the organization and are given to users based on their responsibilities and qualifications. However, these policies are insufficient to effectively manage the actual situation in which tasks are increased or the roles are subdivided. Therefore, we have studied the technique of delegating RBAC-based roles or privileges to other users.
Due to the development of medical environment and the development of information communication, the medical information system system is changing from medical center to patient center. The demand for first aid based on the patient 's medical information is also rising in the patient - centered emergency medical system. This change enables access control by detailed restriction of emergency patient information in case of emergency.
In a situation where information transfer between medical institutions is frequent, standardization should be done not only in laws and systems for protecting medical information but also in terms of technical aspects. It is also necessary to control access to medical records through identification of users accessing medical information, and to protect medical information according to the permission of the user.
In an emergency, emergency medical personnel must be able to quickly arrive at the emergency site to identify emergency patients and have quick access to the patient's emergency medical information. It should be able to flexibly delegate to unanticipated emergencies using the technique of automatic delegation. In addition, a model is needed to safeguard patient medical information.
Korean Patent Publication No. 10-2015-0041600 (Publication date 2014.04.16.)
[1] Park. H. J "Implementation of the Smart Emergency Medical System", The Journal of Korea Navigation Institute Vol. 15, No. 4, pp. 646-654, 2011 [2] Lee, JM, Lee, JH, Park, SJ, Lee, YH, Oh, GY, "Necessity of Education for Improvement of Patient Evaluation and Early Symptoms of Stroke in Emergency Patients" Vol.38 No.2, pp.130 - 141, 2013 [3] Research Report on "Management and Protection of Personal Medical Information" by the Institute for Policy Research 2013. 12 [4] Simone Fischer-Hubner, "IT-Security and Privacy", Lecture notes in computer science (1958), pp. 331-351, 2001
It is an object of the present invention to provide an automatic authorization delegation system and method for assisting the patient in protecting medical information in rescuing an emergency patient.
The embodiment includes an authentication module for receiving authentication information of a patient and an emergency medical staff to perform authentication, an automatic authority delegation module for generating an emergency delegation role for the patient according to an authentication result of the authentication module, And a role-based access control module for providing the medical information of the patient according to the health information.
The automatic privilege delegation system may store log information at the time of the authentication module, the automatic privilege delegation module, and the role based access control module.
The automatic authority delegation module may activate and recover the emergency delegation role for a specific time period.
The specific time may be the time from when the authentication information is received to the nearest emergency room in the field.
The emergency delegation role may be a subset of the role of the patient.
The authentication information may include the emergency medical history or the fingerprint information of the patient or the RFID information.
The automatic entitlement delegation system can be installed in the form of an application in the terminal of the emergency relief staff.
According to another aspect of the present invention, there is provided an automatic authority delegation method for providing medical information of a patient to an emergency medical staff in a field where an emergency patient is present, the method comprising: receiving authentication information of the patient and the emergency medical staff, Generating an emergency delegation role and an activation time for the patient ID according to the emergency medical ID and the patient ID, requesting the medical information of the patient during the activation time according to the authority of the emergency delegation role Providing the medical information to the emergency rescue staff and blocking the access to the medical information of the patient by withdrawing the emergency delegation role when the activation time has elapsed, More.
The specific time may be the time from when the authentication is completed to the nearest emergency room in the field.
The emergency delegation role may be created to meet a subset of the patient's role.
The authentication information may include the emergency medical history or the fingerprint information of the patient or the RFID information.
And storing the log information in each of the steps.
In the embodiment, when the emergency medical staff and the patient are successfully authenticated, the authority for accessing the emergency medical information of the emergency patient is automatically delegated for the period based on the travel time from the emergency area to the nearest emergency room, can do.
Therefore, it is possible to provide a high-quality medical service by acquiring essential medical information for supporting emergency treatment of an emergency patient stably when an emergency occurs.
In addition, medical information and privacy violation problems can be minimized.
Therefore, it can be applied to the protection of medical information in advanced medical environment such as smart healthcare.
Fig. 1 is an overall configuration diagram of an automatic authority delegation system in the emergency structure of the present invention.
2 is a detailed configuration diagram of an automatic authority delegation system.
Figure 3 is an overall flowchart of the automatic entitlement delegation method.
4 is a detailed flowchart of the authentication step of FIG.
5 is a detailed flowchart of the automatic privilege delegation step of FIG.
6 is a conceptual diagram of an access control system.
7 is a conceptual diagram showing a relationship between RBAC models.
8 shows a configuration of the RBAC96 model.
FIG. 9 shows the delegation relationship of the RDM 2000.
FIG. 10 shows the assignment relation of each element of the PBDM0 model.
Figure 11 shows the emergency medical system.
12 shows an emergency medical system diagram.
13 is a configuration diagram of an RFID system.
Fig. 14 shows a model proposed by the present invention.
Fig. 15 shows the authority delegation relationship of the proposed model.
16 shows an operation process of the proposed model.
17 shows an authentication step.
18 shows the process of the owner authentication and the patient authentication of the emergency terminal held by the emergency rescue personnel during the user access control process of the proposed model.
FIG. 19 shows a process in which an emergency delegation role is inherited.
20 is a conceptual diagram for delegating authority.
21 shows emergency information attributes stored in the emergency medical information DB.
22 shows the activation time of the role scope of the proposed model.
23 is a conceptual diagram in which all the flows performed in the pre-hospital stage of the emergency medical personnel are log-recorded.
Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a configuration diagram of an entire system including an automatic authority delegation system in the emergency structure of the present invention, and FIG. 2 is a detailed configuration diagram of an automatic authority delegation system.
Referring to FIG. 1, an overall system including an automatic entitlement delegation system 100 (hereinafter, referred to as 'automatic entitlement server 100') according to an embodiment of the present invention includes an emergency terminal 200 An automatic authorization delegation server 100, a medical information database 300, and a patient authentication unit 250.
The present invention is for efficiently accessing first-aid treatment by accessing personal medical information of a patient while protecting the privacy of a patient when an emergency medical technician arrives at the site in case of an emergency such as unconsciousness .
The emergency terminal 200 is a terminal 200 for an emergency rescue person to access the automatic authorization delegation server 100 and to receive and display medical information of the patient in the role of emergency delegation for the patient from the automatic delegation server 100 , Smart phones, notebooks or tablet PCs.
The emergency terminal 200 may be carried by an emergency rescue person or may be provided in a vehicle of an emergency rescue staff, that is, an ambulance, and includes an authentication unit (not shown) for authentication of emergency rescue personnel.
The authentication unit may include a scanner for fingerprint recognition of emergency medical personnel, or may alternatively include a reader for RFID tags of emergency medical personnel.
When the emergency terminal 200 is a portable device such as a smart phone, a notebook, or a tablet PC, a scanning application for fingerprint recognition may be installed to operate as an authentication unit.
The emergency terminal 200 is connected to the automatic authorization delegation server 100 through a wireless network, and the wireless network may include wifi, Bluetooth, and the like.
In addition, the emergency terminal 200 may further include a patient authentication unit 250 for performing authentication of a patient.
The patient authentication unit 250 is connected to the emergency terminal 200 through a wired or wireless Internet, receives the authentication information of the patient, and transmits the authentication information to the emergency terminal 200.
The patient authentication unit 250 may include a reader that reads an RFID tag worn by a patient and transmits authentication information of the patient, and may be configured to include a scanner that recognizes a fingerprint of the patient.
Accordingly, the emergency terminal 200 receives the authentication information of the patient from the patient authentication unit 250, receives the authentication information of the emergency rescue staff from the authentication unit, transmits the authentication information to the automatic authority delegation server 100, do.
In addition, the emergency terminal 200 may further include a display device capable of displaying the medical information.
When the automatic authorization delegation and medical information provision request is received from the emergency terminal 200 via the wireless Internet, the automatic authority delegation server 100 performs authentication of the emergency rescue party and the patient to delegate authority limited to the emergency rescue staff So that the emergency medical personnel can access the patient ' s medical information in a limited environment.
That is, the automatic rights delegation server 100 protects the privacy of the patient by restricting the medical information of the patient to access to the emergency medical staff only while the patient is moving to the hospital with the nearest emergency room in the field .
Referring to FIG. 2, the automatic rights delegation server 100 may include an authentication module 110, a log module 140, a rights delegation generation module 120, and a role-based access control module 130.
The authentication module 110 may receive the emergency medical history information and patient authentication information from the emergency terminal 200 and may perform authentication by matching the information with the personal information of the authentication database 115. [
When the authentication unit 110 recognizes the fingerprint of the emergency rescue staff and transmits the fingerprint information, the authentication module 110 determines whether the fingerprint information of the emergency rescue staff stored in the authentication database 115 is the same fingerprint information as the corresponding fingerprint information Can be performed.
When the patient authentication unit 250 reads and transmits the RFID information held by the patient, it verifies whether or not the patient information of the RFID information exists and authenticates the patient.
The authentication module 110 interlocks with the authority delegation generation module 120 and the authentication database 115. When the authentication is completed, the authentication module 110 can transmit the emergency ID and the patient ID.
The authority delegation generation module 120 receives the emergency medical ID and the patient ID, creates a new emergency delegation role, and inherits some partial privileges of viewing the patient's medical information.
In addition, the authority delegation generation module 120 may generate an activation time from when the authentication is completed to the closest hospital, and transmits the activation time to the role-based access control module 130 to perform the access request .
The activation time can be calculated as the time taken until the vehicle arrives at the hospital having the nearest emergency room by referring to the position and the road condition of the vehicle on which the patient is boarding.
The authority delegation generation module 120 may automatically retrieve the delegated authority to prevent the emergency medical staff from accessing the personal medical information of the patient when the activation time ends or the patient arrives at the hospital before the activation time have.
In this manner, the authority delegation generation module 120 can delegate some of the patient's authority to the emergency medical staff so that the patient's privacy can be protected while the patient's first medical care can be performed smoothly.
The role-based access control module 130 may receive the corresponding emergency delegation role and activation time, and may request information in the medical information database 300 to provide the patient's medical information according to the role of the emergency delegation.
The role-based access control module 130 regulates access rights to various information according to a role. In this embodiment, the authority is restricted so that information can be viewed only within the activation time.
The medical information database 300 may include information required for first aid treatment, such as patient's age, blood type, medical history, side effect medication, medication being taken, and guardian contact information And the like can be provided for browsing.
On the other hand, the log module 140 receives a log for all the events performed during the entire emergency operations of the emergency medical personnel, and stores the log in the log database 145.
The log information includes log information at all stages of the emergency rescue party authentication, patient authentication, automatic delegation of authority, access to emergency medical information, and automatic delegation release.
In this manner, the log module 140 can record the log information for each event, and can later track related actions.
Hereinafter, the operation of the automatic authorization delegation system of the present invention will be described with reference to FIG. 3 to FIG.
FIG. 3 is an overall flowchart of the automatic authorization delegation method, FIG. 4 is a detailed flowchart of the authentication step of FIG. 3, and FIG. 5 is a detailed flowchart of the automatic authorization delegation of FIG.
3 to 5, when the operation of the automatic entitlement delegation system is started, the authentication module 110 receives the emergency medical history information and the authentication information of the patient from the emergency terminal 200 and performs authentication (S100 ).
Referring to FIG. 4, the authentication module 110 first obtains the authentication information of the emergency rescue staff (S110), and requests the authentication information of the patient to obtain the authentication information of the patient from the emergency terminal 200 (S120) .
When the authentication module 110 receives both the emergency medical history information and the patient authentication information, if the authentication information is the RFID information and the fingerprint information, the information is matched with the information stored in the authentication database 115, (S130).
If there is the matching emergency rescue party and the patient, the ID of the patient and the emergency rescue party is selected and transmitted to the authority delegation generation module 120 as an authentication result, and the authentication is terminated (S140).
Next, the automatic delegation operation of the authority delegation generation module 120 proceeds (S200).
5, when the emergency ID and the patient ID are received from the authentication module 110 in step S210, the authority delegation generation module 120 assigns emergency IDs and emergency IDs to the patient's role (RR) A role (EDTR) is generated (S220).
In addition, the authority delegation generation module 120 generates an authorization delegation termination time tf at which the activation time has elapsed from when the authentication is completed to the hospital having the nearest emergency room (S220).
Next, it is determined whether the Emergency Delegation Role (EDTR) of the emergency rescue staff is a subset of the RR of the patient (S230).
(EDTR) and the authority delegation end time (tf) of the emergency rescue personnel and outputs an automatic authority delegation creation (tf) if the emergency delegation role (EDTR) of the emergency rescue party is a subset of the role (S240).
Meanwhile, when the authority delegation generation module 120 outputs the role of emergency delegation of the emergency relief delegate and the authority delegation termination time to the role based access control module 130, the access control module 130 accesses the corresponding emergency delegation role Information to the medical information database 300 and provides the corresponding information to the emergency terminal 200 from the medical information database 300 at step S300.
Next, the authority delegation generation module 120 terminates and automatically recovers the emergency delegation role when the activation delegation termination time (tf) elapses after the activation time has elapsed, and the operation of the automatic delegation server 100 Lt; / RTI >
Alternatively, the authority delegation generation module 120 terminates and retrieves the emergency delegation role (EDTR) when the patient arrives at the hospital before the authority delegation end time and new log information is recognized (S400).
The access to the medical information for the patient is permitted for the limited time, and when the patient arrives at the hospital, the access right is recovered, thereby preventing the emergency medical personnel from accessing the medical information of the patient after the emergency care.
Therefore, it is possible to quickly cope with the emergency treatment by utilizing the medical information of the patient while protecting the privacy of the patient.
In the above description, the automatic rights delegation server 100 is configured separately from the emergency terminal 200 and transmits / receives information over the wireless Internet. Alternatively, In the form of an application.
That is, the emergency terminal 200 may be provided with an application for implementing the automatic entitlement delegation system 100, and may receive the authentication information from the patient authentication unit 250 and the authentication unit, The delegation system 100 application can be driven to directly receive the corresponding medical information from the medical information database 300. [
[ Example ]
RBAC-based delegation of authority allows one user to delegate his or her authority to another authenticated user and become a member of the same role as the delegated authority. Representative models of such delegation of authority are called Role-Based Delegation Model (RBDM) and Permission-Based Delegation Model (PBDM). In the delegation model, there is a problem that can occur when delegating authority. In RBDM, since the unit of delegation of authority is the role, it delegates all of the authority assigned to the role. This can lead to abuse of authority. In PBDM, because the delegation unit is a role rather than a role, it can prevent the security problems caused by RBDM. However, there are more rights for many users and roles in a real system. This is because system delegation increases complexity and efficiency if privilege delegation for each role is frequent.
In emergency situations, the patient's medical information is directly related to the patient's life, so efficient access control is needed. However, as system complexity increases, patient identification and critical emergency medical information can not be identified quickly. In addition, if the patient is unconscious, he or she can not deliver his or her important medical information.
Therefore, the present invention analyzes the emergency medical system and proposes an applicable automatic delegation model. Also, by analyzing the authentication method using the tag of RFID, it is possible to authenticate the patient regardless of the degree of emergency of the emergency patients. The concrete contents and method are as follows.
First, we investigate the access control technique, especially the access control technique of RBAC. We investigate the delegation method in RBAC, derive the requirements for emergency situations, analyze the delegation policy and the constraint method to solve it, and propose a model automatically delegated authority.
Second, the role of emergency medical personnel in the emergency medical system is analyzed, and the problem of provision of emergency medical information of the emergency patients at the pre - hospital stage is identified. We analyze the authentication method using RFID tag and reader, and the emergency technician arrives at the emergency site so that it can be applied at the emergency site, authenticates the owner of the emergency terminal by using his fingerprint information, and proposes authentication technique to identify the patient do.
Third, we analyze the security of the proposed authentication scheme and prove that the proposed scheme is an efficient technique in the security domain.
Fourth, the proposed model uses the authority - based delegation method to prevent information leakage that may occur in the role - based delegation method. It is proved to be an efficient technique compared with existing delegation method.
In the present embodiment, first, the existing access control concept and delegation method are introduced, and RBDM0 and PBDM0, which are basic delegation models based on RBAC and RBAC, are analyzed. ( A ) Analyze the emergency medical system and analyze the components and operation method of the RFID system that identifies the user. ( A ).
( B ) We propose a method of identifying and certifying patients by emergency medical personnel at an emergency site, and a model in which certified emergency medical personnel are automatically authorized to access emergency medical information.
In addition, we analyze the proposed authentication method according to the attack type and evaluate the method of delegation of automatic entitlement compared with the existing model ( C ).
Finally, summarize the results and describe future directions ( D ).
A.
In the present invention, after analyzing the existing access control method, the authority delegation method based on the RBAC and the emergency medical system are investigated, and the requirements in the automatic authorization delegation model suitable for the emergency environment are summarized.
A.1 Access control system
6 is a conceptual diagram of an access control system.
Referring to FIG. 6, an access control system (ACS) is a mechanism for granting or denying access to a resource. The ACS is composed of two parts.
The policy decision point (PDD) analyzes the subject's access request and decides whether to approve the request. It is implemented as a function that returns a decision indicating whether the request is allowed by the policy. The Policy Enforcement Point (PEP) submits and approves requests for access to requests based on the PDD's decision. The most well-known models for these PDD definitions are Bell-LaPadula and RBAC models. These models have access to objects in the Subject-centered if the user has sufficient credentials to access them. In conclusion, you can not access an object if there is not enough qualified subjects. These limitations can be life-threatening situations in situations where you can not access certain objects such as medical records or military information. There are two ways to solve this problem.
First, define the authorization policy according to the situation. Define a specific priority policy (Break The Glass) to be applied when an emergency occurs. However, this policy has nothing to do with the existence or possibility of a qualified subject. This extends the portion of the access permit during the emergency period.
Second, delegation techniques are used. When a subject does not have access to an authorized resource, it can delegate authority to another subject. This approach requires delegation that can be activated in advance.
A.2 RBAC Concepts
Among the role-based access control models, we analyze RBAC96, the most representative standard reference model of NIST proposed by Ravi S. Sandhu.
7 is a conceptual diagram showing a relationship between RBAC models.
Referring to FIG. 7, RBAC0 is divided into RBAC0, RBAC1, RBAC2, and RBAC3 from the bottom. RBAC1 and RBAC2 have characteristics of RBAC0, and RBAC3 is a model synthesizing the characteristics of RBAC1 and RBAC2. As you move up to the next level, you will include the features of each step.
8 shows a configuration of the RBAC96 model.
Referring to FIG. 8, the central concept of the RBAC is that a user can not arbitrarily access resources of a corporation or an organization, access rights are assigned to roles, users belong to appropriate roles, . Authority grants the owner of the authority the ability to perform certain actions. RBAC0 has a many-to-many relationship between user-role assignment (UA) and privilege-role assignment (PA). RBAC1 is a concept in which a role hierarchical relationship (RH) is added to RBAC0. RBAC2 is a structure that places constraints on RBAC0. Constraints can be applied to all components, and the characteristics of each component are described by constraints or conditions. RBAC3 adds the PA requirements to RBAC2.
Role-based access control is policy neutral and provides three security policies. First, a user assigned to a role with a least privilege assigns only the privileges necessary for the execution of the process to the role. Second, as a separation of duty, the information managed in the security system maintains security characteristics by controlling the users assigned to the roles that affect the integrity. Mission separation policy is the principle of security that users should not give sensitive rights to one person but distribute them to several people in order to prevent abuse and misuse of user authority and to prevent open competition. Types of mission separation include static separation of duty, dynamic separation of duty, and operational separation of duty. Static Mission Separation can not grant more than one role to a user at the same time in a mission separation relationship. Dynamic mission separation is a policy that allows users to simultaneously assign two roles in a mission separation relationship, but not simultaneously activate them. Mission separation on an operation When a task is composed of several steps, one user can not perform all the steps. Third, the data abstraction allows the resource access permission mode to be abstracted rather than the lower level rights provided by the operating system, such as read, write, and execute, which are used in other access control policies. In the commercial environment, It is possible to provide the convenience of design and implementation.
A.3 Authority Delegation Model
Delegation is a technique that allows some or all of the privileges of an object to be granted to a third object so that the object can perform the delegated privileges.
The Role Based Delegation Model (RBDM) model and the RDM2000 model are based on role delegation, and the Permission Based Delegation Model (PBDM) is based on authority delegation. Both of these are RBAC-based authorization delegation models.
A.3.1 RBDM0
In order to efficiently manage the relationships among the roles in the organization, the proposed RBDM0 is based on the RBAC0 series RBAC0 and is delegated in the simplest form. Delegation between users with the same role is not allowed and only one-level delegation is possible. One-step delegation means that the delegated role can no longer be delegated. In this delegation method, each role is divided into members originally assigned to the role and delegated members by the system administrator. The extended RDM 2000 returns the depth of the delegation path to Depth as shown in FIG.
FIG. 9 shows the delegation relationship of the RDM 2000.
Referring to FIG. 9, the relation between the user, the delegation role, the delegated user, and the delegated role components is expressed in the user delegation of the RDM 2000. The delegation path always starts with the original user role assignment. The same original user role assignment delegation path can build parent delegation trees. For example, (USER1, RE2, USER2, QE2) means that USER1 role RE2 is activated to delegate role QE2 to USER2. Delegation relationships are categorized into original user delegation (ODLGT) and delegated user delegation (DDLGT).
A.3.2 PBDM0
The authority-based delegation model delegates authority based rather than role to solve the problem that full authority that can occur in RBDM0 is delegated.
FIG. 10 shows the assignment relation of each element of the PBDM0 model.
Referring to FIG. 10, an assignment relation of each element of PBDM0, a model for delegation based on authority, is shown, which shows a regular role (RR) and a delegation role (DTR). The assignment relation between the user and the regular role is represented by UAR, and the assignment with the delegation role is represented by UAD. Also, assignment of authority and assignment of regular role and authority is indicated by PAR, and assignment relation of delegation role and authority is represented by PAD.
That is, in PBDM0, roles are divided into regular role and delegation role, and the assignment relation is established according to roles.
A.4 Study on Emergency Medical System
In the present invention, the concept of medical information as a patient's personal information, the emergency medical system to be executed when an emergency occurs, the analysis of the transfer as a pre-hospital stage, and the authority of the medical information of the patient .
A.4.1 Patient's Personal Health Information
The term "personal information" in Item 6 of Article 2, "Justice," refers to "information about a person who is alive" (Article 20, Law No. 13014 of the Act on the Promotion of Information and Communication Network Utilization and Information Protection, etc.) (Including information such as codes, letters, voices, sounds, and images that can identify a specific individual by resident registration number, etc.) .
Medical information refers to accumulated data as a result of diagnosis, treatment, and treatment as the doctor and the medical staff perform medical treatment to the patient. Physical and mental condition and rehabilitation of the patient, medical records, research results, medical information, and maternal information. Other personal family situations, genetic information, medical history, drug use history, etc. are included in the sensitive information. However, in terms of the patient's basic rights, such medical information can not be accessed by anyone. Such medical information should be able to be utilized as medical information by overcoming the personal characteristics of individual patients in consideration of the protection of the patient's personal information. The medical information includes the patient basic information created by the patient's first visit to the hospital, the medical information such as the patient's symptoms and the result of the examination, the medical information including the doctor's diagnosis and treatment, and the prescription, . The usual medical information can be classified as shown in [Table 1].
Figure pat00001
The medical information described in the medical record is information that should not be handled by another person as it corresponds to the patient's privacy. The information that corresponds to the patient's personal secret belongs to the right of privacy and must be protected by the criminal law and civil law. Since the contents included in personal health information are collected and utilized for individual's physical condition, past diseases, and current lifestyle, the leakage of personal health information has a great influence on an individual's social life as a whole. Therefore, a medical practitioner who has leaked medical information of a patient becomes a problem of criminal responsibility and becomes an illegal act.
A.4.2 Emergency medical services
Figure 11 shows the emergency medical system.
Referring to FIG. 11, the Emergency Medical Service System (EMSS) is an emergency medical service system in which all elements such as personnel, equipment, and resources necessary for providing emergency services for the treatment of emergency patients are effectively and rapidly responded to emergency situations And a medical system that integrates and integrates emergency medical knowledge.
In general, the emergency medical system is classified into the pre-hospital and hospital stages. The pre-hospital stages are divided into the report reception phase and the on-site emergency treatment phase and the transfer phase. In the report acceptance stage, an ambulance is dispatched when an emergency patient occurs, and a service such as emergency consultation of a medical consultant, an emergency medical consultation, and a hospital guide suitable for a patient is provided until an ambulance arrives at the site. The field emergency treatment stage is to identify the information and the patient's condition which have been obtained by the emergency medical staff arriving at the site and to perform emergency treatment according to the patient's situation. The transfer step is a step for quickly and safely transfering the emergency patient to the medical institution.
A.4.3 Composition of emergency medical system
In the Emergency Patient definition of Article 2 of the Emergency Medical Service Act 13106 (Partial amendment 2015.28.), An "Emergency Patient" means an emergency patient who is injured or injured due to illness, childbirth, Refers to a person who can not preserve life unless he / she receives necessary first aid treatment, or who is likely to cause serious physical or mental harm or a person equivalent thereto who is determined by the Ordinance of the Ministry of Health and Welfare. However, the occurrence of emergency patients can occur in unpredictable circumstances.
12 shows an emergency medical system diagram.
Referring to FIG. 12, the emergency medical care system generally includes a pre-hospital emergency medical service system, a hospital emergency medical service system, and a communication system connecting these steps.
When an emergency occurs, the emergency vehicle is dispatched when it is notified, and the stage where the emergency vehicle arrives at the site corresponds to the field stage. Until the ambulance is dispatched and the patient arrives at the site, the telephone counselor advises emergency treatment, counsels emergency medical care, and provides a service to guide emergency hospitals to appropriate hospitals. The transfer phase involves transferring the emergency patients to the medical institution while the emergency medical personnel in the field and ambulance are instructed by the guidance physician using the communication and prompt and appropriate treatment of the patient using the medical equipment in the ambulance vehicle to be. The hospital stage is the stage of receiving medical care by specialists after the emergency patients are transferred to the hospital.
A.5 RFID System Components and Operation Principle
In the present invention, an RFID system component used for authenticating objects and an operation principle thereof will be described.
A.5.1 RFID system components
13 is a configuration diagram of an RFID system.
Referring to FIG. 13, the RFID system includes an RFID reader, an RFID tag, and a back-end database server DB. The tag has a built-in memory that can be read and written. It is a very small chip with information storage and sending function. Each tag stores identification information
Figure pat00002
). A Reader communicates with each tag via a wireless channel. The DB contains an identifier for each tag (
Figure pat00003
), A secret key
Figure pat00004
) And information aggregation.
A.5.2 Operation principle of RFID system
The operation principle of the RFID system is as follows. First, the reader transmits query information to the tag. A tag having unique identifier information transmits its identifier information to the reader at the request of the reader. The reader receives the identifier information sent by the tag, and then transmits it to the DB server. The DB server authenticates the tag using its own DB information and information received from the reader, and informs the reader of the information corresponding to the tag.
RFID systems should be provided with the following security requirements.
1) Mutual authentication procedure is needed to verify that the reader and the tag are mutually legitimate entities.
2) Communication between the reader and the tag Identify the tag from the contents of the message (
Figure pat00005
) Can not be estimated.
3) Only authenticated users should be accessible, and data integrity should be provided to prevent forgery and tampering
4) Confidentiality should be ensured so that only authenticated and authorized users can view the contents of the transmitted data.
5) Prevent fake responses from security attacks such as retransmission attacks from being recognized as legitimate tags.
A.6 Evaluation
As an evaluation of existing related techniques in terms of emergency patients, the user in RBAC can access the object if assigned to a role with permission to access the object.
Several policies based on RBAC define the access of these objects in the form of delegation. Assigning privileges to roles within an organization in RBAC is used to reduce complexity, cost, and the likelihood of errors, to enforce security policies on the Web, and to enable multi-domain environments.
An appropriate form of role-based RBAC model is needed for the emergency medical system, which is to establish safe access control according to the role. In addition, additional constraints on the patient's privacy protection are needed. This also protects the patient's medical information and increases the security of the system.
In case of emergency, access authority of patient 's medical information needs to add automatic delegation policy and limit activation time of emergency delegation role. This prevents exposure of the patient's medical information and prevents the abuse of the authority of emergency medical personnel. Security is very important because it deals with patient's life and access control of sensitive information. The role-based delegation model requires a new model that excludes the risks and unnecessary factors of delegation and inheritance and emphasizes patient privacy.
In the emergency medical environment, as in the advanced medical environment, the patient's medical profile should be used to accurately identify the patient as a way to reduce medical malpractice. Emergency medical information of the patient should be provided regardless of the emergency level of the patient in the emergency environment. A delegation model is needed to securely and efficiently authenticate users and protect emergency patient personal information. There is a need for a robust and secure way to adapt to these emergencies and protect privacy and privacy against unauthorized access.
B. Automatic Authorization Model for Emergency Patients
In the present invention, the process of accessing the emergency medical information of the emergency patient arriving at the site at the hospital in the case of an emergency is analyzed. In this process, we propose a model that securely certifies emergency medical personnel and patients and automatically delegates the authority of emergency patients.
B.1 Definitions of the proposed model
The component elements and the function expressions proposed by the present invention are defined.
Fig. 14 shows a model proposed by the present invention.
Referring to FIG. 14, the correlation between the components of the model proposed by the present invention is shown. The present invention is based on the RBAC96 model proposed by R. Sandhu et al. As a basic model. Define the components and functions of the proposed model.
B.1.1 Components
The components of the proposed model include users, roles, privileges, sessions, user assignments, rights assignments, and constraints. This is explained in detail as follows.
1) Users
A user is a subject who can access information in a medical information system through a computer system. One user corresponds to one user. Users can exercise their rights by being assigned to a role rather than being assigned directly to the privilege. The proposed model consists of emergency patients (user_p) and emergency rescue personnel (user_m), which are the subjects in case of emergency.
2) Roles
It is composed of authority and responsibility assigned to a role as a semantic structure defined on the basis of a job function defined in a given environment. Each role consists of a set of privileges that can be performed, and the privileges assigned to roles are defined by the organization's rules and rules. In the proposed model, the role consists of the Regular Role (RR) and the Emergency Delegation Temporal Role (EDTR), which is a temporary delegation role that assigns a set of authority to access the patient's emergency medical information in emergency situations. do.
3) Permissions
A privilege consists of a set of possible access modes for an information object. Authorizations, access rights, and privileges are used in the same context.
4) Sessions
A session is a mapping to possible roles for a user, and a user creates a session while performing some of the roles. The privileges available to the user represent a collection of privileges from all the roles performed in that session. In the proposed model, the emergency medical officer generates the emergency delegation role (EDTR), which limits the activation time of the emergency delegation role when delegated.
5) User Assignment (UA)
User assignment specifies the roles that a user can perform. Have a multi-to-many relationship.
6) Permission Assignment
Privilege assignment is the assignment of the privileges that a role can perform. The proposed model is divided into Permission-Regular Role Assignment (PAR) and Permission-Emergency Delegation Role Assignment (PAED).
7) Constraints
Constraints can be applied to all the components defined above, and the characteristics of each component describe constraints or conditions. The proposed model has a temporal constraint.
B.1.2 Defining the structure of the proposed model
Access control of the proposed model can follow RBAC96. It is desirable that the proposed model is based on the basic structure of basic RBAC96 and the PBDM0 model, which is a delegation model of RBAC. The basic components of the proposed model and the relationship function definitions are as follows.
[Definition 1] Proposed model base component
Users, Roles, Sessions, Permissions
Users are a set of users (U) to access, Roles are roles (R), Sessions are sessions (S), and Permissions are sets of privileges (P).
[Definition 2] Component set relationship of the proposed model
UA ⊆ U × R
A role assignment (UA) is a user-to-role assignment that is a subset of a user-role multiplication in a multi-to-many relationship.
PA ⊆ P × R
A rights assignment (PA) is a subset of the product of a role and a privilege.
PAR ⊆ RR × P
Regular Role Assignment (PAR) is a subset of a set of regular roles and privileged products that are assigned to an authorized role and authority.
PAED ⊆ EDTR × P
Emergency Delegation Role Assignment (PAED) is a subset of a set of emergency delegation roles and privilege multipliers that are assigned to an emergency delegation role and authority.
PA = PAR ∪ PAED
A PA is a union of rights assignments of a set of regular roles and a set of rights of a set of emergency delegation roles.
In the proposed model, rights and users are assigned to roles temporarily created in case of emergency. The function expressing this assignment relation is defined as [Definition 3] below.
[Definition 3] Assignment relation function of component set
assign_user_r (r: Roles) →
Figure pat00006
A function that maps a regular role to a set of users,
assign_user_r (r) = {u ∈ U | (u, r) ∈ UA}.
assign_permit_rr (r: RR) →
Figure pat00007
A function that maps a regular role to a permission set,
assign_permit_rr (r) = {p ∈ P | ∃r '≤ r · (r', p) ∈ PAR}.
assign_permit_edtr (r: EDTR) →
Figure pat00008
A function that maps an emergency delegation role to a permission set,
assign_permit_edtr (r) = {p ∈ P | ∃r '≤ r · (r', p) ∈ PAED}.
assign_sessions_user (u: Users) →
Figure pat00009
A function that maps user u to a session set,
assign_sessions_user (u) = {s ∈ S | (u, s) ∈ U × S}.
assign_roles_session (s: Sessions) →
Figure pat00010
A function that maps session S to a set of roles,
assign_roles_session (s) = {r ∈ R | (s, r) ∈ S × R}.
assign_edtr_user (u: Users) →
Figure pat00011
Emergency delegation role A function that maps a user to an EDTR,
Figure pat00012
(user_p, user_m ∈ U, edtr ∈ EDTR) (user_p ≠ user_m) ∧ (edtr ∈ assign_edtr_user (user_p) ∧ edtr ∈ assign_edtr_user (user_m)).
[Definition 4] Role hierarchy of the proposed model
RH ⊆ R × R,
role
Figure pat00013
Figure pat00014
Figure pat00015
, Assign_permit_role (
Figure pat00016
) ⊆ assign_permit_role (
Figure pat00017
)to be. That is,
Figure pat00018
Role
Figure pat00019
Higher role, and higher role is given more authority than lower role.
In the proposed model, the role inheritance relation is automatically made in case of emergency. The Emergency Delegation Role (EDTR) is inherited from the Regular Role (RR). Thus, when an emergency user (user_p) creates an emergency delegation role to delegate some or all of the authority to the emergency medical staff (user_m), the set of authority of the emergency patient is inherited.
Fig. 15 shows the authority delegation relationship of the proposed model.
Referring to FIG. 15, an authorized emergency relief engineer creates an emergency delegation role to form a temporal constraint session to activate the emergency delegation role. The created Emergency Delegation role is assigned with the authority to automatically delegate the Emergency Patient in case of an emergency.
In FIG. 15, the automatic delegation step in the event of an emergency occurs as shown in [Table 2].
Figure pat00020
[Table 2] defines the definition of the emergency delegation role as the delegation role during the automatic delegation process [Definition 5].
[Definition 5] Creation of Emergency Delegation Role
create_edtr (r: RR) -> EDTR
∀r, edtr ∈ R, ∀user_m ∈ U, user_m ∈ assign_user_r (r), and edtr ∈ assign_edtr_user (u). A paramedic (user_m) assigned to a regular role (RR) generates an emergency delegation role (EDTR).
In [Definition 5], a paramedical user (user_m) is assigned to the regular role (RR) of the emergency patient (user_p) and is authorized to create an emergency delegation role (EDTR). Emergency technicians create delegated role EDTRs and are assigned users. At the same time, a subset of the role of an emergency patient's RR is automatically inherited as a set of authority of the delegation role EDTR.
To activate the Emergency Delegation role created in FIG. 15, the Emergency Delegation role must be assigned to the session. The definition of the process of assigning the emergency delegation role created during the automatic delegation process of [Table 2] to the set of sessions is the same as [Definition 6]. Sessions are time-limited.
[Definition 6] is a function that assigns an emergency delegation role to a set of sessions.
[Definition 6] Assigning a set of emergency delegation roles to session s
assign_roles_session (s) → EDTR
In the proposed model, the time range of the session is automatically withdrawn and revoked at the end of the pre-hospital phase where the emergency staff transfers the emergency patient to the hospital from the time the emergency staff is authenticated and the authority is automatically delegated. For this, time constraints are imposed on activation of emergency delegation role after the session of emergency delegation role is established.
Figure pat00021
Is the point at which the emergency medical personnel are automatically delegated the authority of emergency patients.
Figure pat00022
Is the time at which the emergency relief worker finishes work at the pre-hospital level. That is, the time when the automatically delegated authority ends.
Figure pat00023
Wow
Figure pat00024
Is defined as TS. If this is formally redefined, it is the same as [Definition 7].
[Definition 7] Activation time range function of delegation role
T = {(tb, tf) | tb, tf} ∈ N,
∀b, f ∈ N, ∀tb, tf ∈ T, and b <f ⇔ tb <tf.
Therefore, the time range TS = {(tb, tf) | tb, tf ∈ T, b <f}.
B.1.3 Operation Overview
16 shows an operation process of the proposed model.
Referring to FIG. 16, the emergency medical personnel are delegated authority of the emergency patient through the authentication step, and the emergency delegated authority is terminated when the patient arrives at the hospital after the emergency medical data is accessed and the appropriate emergency medical staff is performed.
In the authentication process, the emergency resident arriving at the emergency site authenticates the owner with the fingerprint recognition function of the emergency terminal. Emergency patient identification is performed to identify emergency patients. It is assumed that the emergency patient always carries the tag value of the RFID system in the form of a smart band. Emergency medical personnel use the emergency terminal to transmit and receive the patient's Tag value to authenticate the patient.
The automatic authority delegation process automatically assigns the set of privileges of emergency patients by creating a role of emergency delegate in order to access the emergency medical information of emergency patients.
The process of accessing emergency medical information is based on the accurate emergency medical information of the emergency patients, and the emergency medical staff performs the task of selecting appropriate first aid and transfer hospital.
The delegation termination is automatically abolished when the emergency patient arrives at the hospital, and the authority automatically delegated to the emergency resident is automatically discarded to prevent abuse of authority.
B.2 Authentication
17 shows an authentication step.
Referring to FIG. 17, the owner authentication is performed by the fingerprint recognition function of the emergency terminal owned by the emergency rescue party arriving at the emergency site, and the patient is authenticated through the RFID tag of the RFID worn by the emergency patient.
The proposed model controls access control of emergency medical information through authentication. The emergency resident certifies the owner. A third person who is not a paramedic owns the emergency terminal to prevent identification of the patient's tag. The secret key of each patient's tag
Figure pat00025
Is securely registered with the server in the hospital through the encryption algorithm. [Table 3] are parameters used in the authentication of the present invention.
Figure pat00026
18 shows the process of the owner authentication and the patient authentication of the emergency terminal held by the emergency rescue personnel during the user access control process of the proposed model.
① Emergency terminal → Server: {
Figure pat00027
}
The fingerprint information value encrypted with the fingerprint function of the emergency terminal owned by the emergency resident
Figure pat00028
) To the server. Emergency terminals should be used by a paramedic to arrive at the emergency site and certify the patient. To do this, the emergency terminal is checked to see if it is owned by the emergency rescue staff.
② Server → Emergency terminal: Owner authentication or error
The server
Figure pat00029
And stored in the server
Figure pat00030
Value. If they match, they authenticate the owner or send an error message.
③ Emergency terminal → Patient tag: {Query, time}
An emergency terminal owned by an authorized emergency relief agent generates a time stamp and transmits it to the tag owned by the patient as a query. The timestamp is the time value to be used in the response time to confirm that the emergency medical technician is located near the emergency patient. This compares the timestamp of sending the query with the timestamp of the response time. A threshold is placed between the request time and the response time to determine if they fall within that range. This confirms that the emergency medical technician met the emergency patient directly.
④ Patient tag → Emergency terminal:
Figure pat00031
The tag of the emergency patient is random value
Figure pat00032
From the prng () to generate the identifier P-ID and the secret key
Figure pat00033
The random hash value
Figure pat00034
To the emergency terminal together with the time stamp.
⑤ Emergency terminal → Server:
Figure pat00035
The emergency terminal verifies by timestamping whether the response has arrived within a predetermined threshold time, and verifies that the emergency medical staff has met the emergency patient. To server
Figure pat00036
Send value and timestamp.
⑥ Server → Emergency terminal: Patient identification or error
The server receives the transmission from the emergency terminal
Figure pat00037
And stored
Figure pat00038
Wow
Figure pat00039
Received from the emergency terminal using the pair
Figure pat00040
Value that matches
Figure pat00041
Wow
Figure pat00042
Search for pairs to see if they match. If there is a match, the patient is authenticated, otherwise an error message is sent.
The following [Table 4] shows the algorithm for the authentication process. Emergency patients are authenticated after the emergency terminal owns the emergency terminal.
Figure pat00043
B.3 Authorization Authorization
The role of a paramedic in the emergency phase of the emergency medical system is to quickly identify the patient and identify the patient's medical information. Based on the identified emergency medical information, select the appropriate first aid and appropriate transfer hospital. The present invention proposes a model that operates in the pre-hospital stage of the emergency medical system according to the tasks of the emergency medical staff.
FIG. 19 shows a process in which an emergency delegation role is inherited.
Referring to FIG. 19, the authority subset of the role RR is inherited by the authorized emergency resident to the delegation role EDTR.
The actual role unit in an emergency is the work of a paramedic. Thus, a role contains one or more tasks. There are tasks with various characteristics, and access control is required according to their characteristics.
The role of the proposed model implies a set of tasks for emergency medical personnel. It is possible to delegate part of the authority by subdividing the work of the emergency relief agent. Since the proposed model is a delegation model based on the authority, it can delegate only the corresponding authority.
20 is a conceptual diagram for delegating authority.
Referring to FIG. 20, when delegating only the authority of r2 among the privileges of user_p, since the role hierarchy is subdivided in the proposal model, only desired r2 can be delegated.
In the automatic delegation of the proposed model, a new emergency delegation role is created, and a subset of the authority is inherited and the emergency delegation role is activated from the authenticated time to the arrival of the hospital. [Table 5] shows the algorithm in which the authority of the emergency patient is automatically delegated after being authenticated.
Figure pat00044
In the Auto-Delegation Algorithm in [Table 5], automatic authorization delegation between emergency medical personnel and emergency patients authenticated with Authentication Algorithm is performed. That is, an authorized emergency medical staff creates an emergency delegation role that automatically inherits the role of the emergency patient role. The timestamp at this time corresponds to the start of automatic delegation.
B.4 Access to emergency medical information
The patient's medical information is computerized. By this computerization, the medical information of the patient is conveniently shared and utilized by medical practitioners such as doctors, nurses, and pharmacists. However, there is medical information that infringes privacy of the patient's medical information. For example, a history of psychiatric illness among patients diagnosed or treated is sensitive information to the patient. However, in a life-critical emergency, the patient's medical records should be accessible. If the patient is in an unconscious emergency situation, first aid treatment should be performed using all the medical information of the patient.
Before the patient emerges from the emergency,
Figure pat00045
(1). n is the number of patients' attributes that the patient will use basically in the hospital. This includes important information that you should be aware of in an emergency. It is important information for minimizing the medical accidents that may occur during first aid in case of emergency. Age, blood type, medical history, side effects, emergency medications, and contact information for emergency care providers.
Emergency medical information that is required to be disclosed to emergency medical personnel in emergency situations.
Figure pat00046
=
Figure pat00047
--- (1)
(Eq. 1), the patient's emergency medical information
Figure pat00048
Are emergency medical information attributes that are inevitably disclosed at an emergency in a relatively low level of privacy.
Figure pat00049
--- (Equation 2)
(Equation 2) are emergency medical information with privacy infringement when unconditionally disclosed in case of emergency of the patient. However, in situations where the patient is unconscious, unable to communicate, or in a life-threatening situation, information that infringes on privacy should also be accessible for first aid and rapid transfer of hospitals.
In the present invention, emergency medical information, which is often infringed by privacy when storing emergency medical information in a DB, is encrypted instead of plain text.
21 shows emergency information attributes stored in the emergency medical information DB.
Referring to FIG. 21, when the emergency patient can not make a decision by himself or in the unconscious state, the patient medical information attribute having a high privacy intrusion rating
Figure pat00050
.
B.5 Termination of automatic delegation
The authority automatically delegated to the emergency rescue staff is recovered and discarded after the emergency rescue staff sends the patient's vital signs after arrival at the emergency hospital which is the last stage of the hospital. This prevents abuse of authority.
22 shows the activation time of the role scope of the proposed model.
Referring to FIG. 22, the proposed model is an automatic delegation of authority between an emergency patient and an emergency resident at the pre-hospital stage in an emergency.
B.6 Audit log
The proposed model is dynamically assigned to the authenticated user when delegating automatic privilege. In the event of an emergency, authorization is automatically delegated through certification and the authorization is revoked at the end of the transfer phase.
23 is a conceptual diagram in which all the flows performed in the pre-hospital stage of the emergency medical personnel are log-recorded.
Referring to FIG. 23, the emergency medical staff arriving at the emergency site performs owner authentication through the emergency terminal. The patient is authenticated through the patient's Tag. Emergency medical personnel are automatically delegated access to emergency medical information. The active time of the emergency delegation role is time constrained from the time of the automatic delegation through the authentication step to the time when the emergency patient arrives at the hospital.
The audit log records the user's information related to information access and the time of access. In particular, records of access to emergency medical information with sensitive information should be recorded in more detail. The form of the audit log is (Equation 3).
<User, Acc-List, Event-type, Access__time> --- (Equation 3)
User is the identifier to access. The AccL-List is a list of emergency medical information accessed by the user, and the Event-type is the approach type. Access_time represents the date and time of access.
Logging is important for the privacy and privacy of emergency patients. By recording the type and time of access to the emergency medical information by the emergency medical personnel, it is possible to check the emergency medical information access list accessed by the emergency medical personnel at the pre-hospital stage and prevent unnecessary abuse of authority.
C. Evaluation
In the present invention, the safety of the authentication method is analyzed, scenarios are presented for validation of the proposed model, and automatic authority delegation of the proposed model is evaluated in comparison with the existing model.
C.1 Authentication safety analysis
The RFID authentication process is safe for spoofing attacks, replay attacks, spoofing attacks, location privacy, and tag key outbreaks, and provides tag anonymity as follows.
1) Impersonation Attack
An attacker can possess an emergency terminal and make a camouflage attack. However, the authentication of the owner of the emergency terminal is made to the fingerprint recognition function. By transmitting the fingerprint information of the emergency rescue personnel safely, it is possible to prevent the camouflage attack by certifying that the emergency terminal is owned by the emergency rescue person.
2) Replay attack
An attacker can eavesdrop on information transmitted between an emergency terminal and a tag in an arbitrary session and then perform a retransmission attack in an attempt to disguise the emergency terminal or tag in the next session. However, in the proposed authentication, a new time stamp generated by the emergency terminal and a random value
Figure pat00051
, The random values are easily detected when the attacker retransmits, so that a retransmission attack can not be performed.
3) Spoofing attack
If an attacker uses a shared secret key between the server and the tag (
Figure pat00052
), You can succeed in a spoofing attack. However, in the authentication scheme of the proposed model, a secure one - way hash function can not be used to securely store the secret key. Therefore, spoofing attacks can not be done.
4) Tag anonymity
The emergency terminal generates a timestamp and transmits it to the tag. The tag stores the received timestamp and the random value
Figure pat00053
And the identifier
Figure pat00054
Wow
Figure pat00055
Calculated as a secure one-way hash function
Figure pat00056
Lt; / RTI &gt; The attacker
Figure pat00057
Even if you eavesdrop on a secret key
Figure pat00058
If you do not know
Figure pat00059
Can not be predicted.
Figure pat00060
Through the tag
Figure pat00061
To provide anonymity of the tag.
C.2 Comparative analysis and evaluation of automatic authorization delegation model
In the medical environment, role - based access control is applied to decide whether to access information according to role. In the emergency situation of the proposed model, this role narrows down to emergency relief workers. In other words, the access right of the patient's medical information is quickly delegated to the emergency rescue staff, so that safe first aid treatment and selection of the transfer hospital can be accelerated before the hospital.
Figure pat00062
[Table 6] is an emergency scenario. In the scenario, the emergency resident arriving at the emergency site authenticates the owner of the emergency terminal using his / her fingerprint information and authenticates the patient through the patient tag. At the same time, the patient's authority is automatically delegated to the paramedics. An emergency medical officer checks the emergency medical information and confirms that there is a history of asthma and that there is a side effect on the specific bronchodilator. Record the patient's vital signs such as blood pressure, pulse, and respiratory rate. Emergency rescue personnel under the direction of the guidance physician within the scope of the legal first aid qualification of the emergency medical personnel, the first-aid resident will take emergency measures to administer the inhalation bronchodilator, which has no side effects, at Golden Time.
In the proposed model, the role of emergency delegation, which is generated only in emergency situations, is activated by time constraint, and the efficiency of assignment of rights is increased by using RBAC among subject - based access control methods. When comparing the delegation models, several comparison criteria can be presented, but how well they reflected the concept of delegation under emergency medical conditions. We also compared the ease and efficiency of management by adding an evaluation item on delegation rights revocation. [Table 7] is the evaluation standard with the existing model.
Figure pat00063
Based on the proposed evaluation items, we compare the proposed model with the RBDM0 and PBDM0 delegation models based on RBAC. Table 8 compares the existing model with the proposed delegation model.
Figure pat00064
In [Table 8], the proposal delegation model can be automatically delegated. In addition, activation constraints can be made by setting time constraints on the role to which the delegated authority is assigned. Automatically delegated authority can be automatically recovered and revoked according to time constraints. Since RBDM0 delegates the whole role, it can be seen that the principle of separation of duties and the principle of least authority are not considered. In PBDM0, since the delegation is done by authority unit, it satisfied the principle of least privilege. In the proposed model, it is possible to delegate the partial authority delegation of PBDM0 to the principle of least authority and to enable the principle of dynamic task separation.
D. Conclusion
It is possible to access medical information of emergency patients at all stages of hospital by emergency medical system by computerization of medical information. First aid treatment rate and hospital transfer rate are increasing in the pre - hospital stage due to appropriate first - aid and proper hospital selection based on medical information.
Accordingly, the present invention proposes an automatic authorization model for emergency patients that protects the emergency medical information and privacy of emergency patients. The proposed model protects the emergency medical information from the camouflage attack through the certification of the emergency terminal owner of emergency medical personnel. In the authentication scheme, one-way hash and random value securely protect the emergency terminal when communicating with the emergency terminal. In order to confirm whether the emergency medical staff has met the patient, a time stamp is used between the tag and the emergency terminal to verify the range of the threshold value.
Automatic entitlement delegation is automatically delegated to emergency medical personnel when emergency medical personnel and the patient are authorized. The proposal delegation model extends the automatic delegation function and the time constraint to the PBDM0 model which is the authority delegation model based on RBAC96. Also, the set of privileges of the emergency delegation role generated by the emergency medical personnel automatically inherits the set of authority of the emergency patients. It is possible to delegate roles as authority units by subdividing them into work units of emergency rescue personnel. That is, it is possible to delegate the authority subset, so that the principle of least privilege and the principle of separation of duties are possible. Automatically delegated authority can be automatically withdrawn and discarded when an emergency patient whose pre-hospital phase ends is transferred to the hospital.
The automatic authorization delegation model for emergency patients proposed by the present invention protects emergency patients from medical errors in case of emergency in an advanced medical environment to provide a high level of medical service and enables appropriate first aid treatment. It also protects medical information and privacy breaches, and can be used in advanced medical environments such as smart healthcare.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention as defined in the following claims. There will be.
100: Automatic Authorization Delegation Server
200: emergency terminal
250: Patient Authentication Section
300: Medical Information Database

Claims (12)

  1. An authentication module for receiving the authentication information of the patient and the emergency rescue party and performing authentication,
    An authority delegation generation module for generating an emergency delegation role for the patient according to the authentication result of the authentication module, and
    And a role-based access control module for providing the medical information of the patient according to the authority of the emergency delegation role.
  2. The method according to claim 1,
    The automatic entitlement delegation system
    And a log module for storing log information at the time of logging of the authentication module, the authority delegation generation module, and the role based access control module.
  3. The method according to claim 1,
    Wherein the authority delegation generation module activates and recovers the emergency delegation role for a specific period of time.
  4. The method of claim 3,
    Wherein the specific time is a time required to move the vehicle from the time when the authentication is completed to the nearest emergency room in the field.
  5. 5. The method of claim 4,
    Wherein the emergency delegation role is a subset of the role of the patient.
  6. 6. The method of claim 5,
    Wherein the authentication information includes the emergency medical staff or the fingerprint information of the patient or the RFID information.
  7. The method according to claim 1,
    Wherein the automatic entitlement delegation system is installed in the form of an application in a terminal of an emergency relief agent.
  8. Claims [1] A method for delegating automatic authorization for providing medical information of a patient to a paramedical staff in a field having an emergency patient,
    Receiving the authentication information of the patient and the emergency rescue party and performing authentication to generate an emergency rescue party ID and a patient ID,
    Generating an emergency delegation role and an activation time for the patient ID according to the emergency ID and the patient ID,
    Requesting the medical information of the patient during the activation time according to the authority of the emergency delegation role and providing the medical information to the emergency medical staff; and
    And recovering the emergency delegation role and blocking access to the medical information of the patient when the activation time has elapsed.
  9. 9. The method of claim 8,
    Wherein the specific time is a time required for moving the vehicle from the time when the authentication is completed to the nearest emergency room in the field.
  10. 10. The method of claim 9,
    Wherein the emergency delegation role is created to meet a subset of the role of the patient.
  11. 11. The method of claim 10,
    Wherein the authentication information includes the emergency medical staff or the fingerprint information of the patient or the RFID information.
  12. 9. The method of claim 8,
    And storing the log information in each of the steps.
KR1020150130394A 2015-09-15 2015-09-15 The secure automatic permission delegation method at emergency KR101754659B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150130394A KR101754659B1 (en) 2015-09-15 2015-09-15 The secure automatic permission delegation method at emergency

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150130394A KR101754659B1 (en) 2015-09-15 2015-09-15 The secure automatic permission delegation method at emergency

Publications (2)

Publication Number Publication Date
KR20170032705A true KR20170032705A (en) 2017-03-23
KR101754659B1 KR101754659B1 (en) 2017-07-06

Family

ID=58496294

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150130394A KR101754659B1 (en) 2015-09-15 2015-09-15 The secure automatic permission delegation method at emergency

Country Status (1)

Country Link
KR (1) KR101754659B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190108259A (en) * 2018-03-14 2019-09-24 원광대학교산학협력단 Automatic Authentication Method based on Dynamic Context for Transparent Access for Medical Information
KR20210003560A (en) 2019-07-02 2021-01-12 광운대학교 산학협력단 Emergency Management System For Chronic Disease Patient And Management Method For The Same

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150041600A (en) 2013-10-08 2015-04-16 아이엠에스 헬스 인코포레이티드 Secure method for health record transmission to emergency service personnel

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150041600A (en) 2013-10-08 2015-04-16 아이엠에스 헬스 인코포레이티드 Secure method for health record transmission to emergency service personnel

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
[1] Park. H. J "Implementation of the Smart Emergency Medical System", The journal of Korea Navigation Institute Vol. 15, No. 4, pp. 646-654, 2011
[2] 이정미, 이장열, 박성빈, 이영훈, 오경재 "응급구급대원에서 뇌줄중 조기증상 인지 및 환자평가 향상을 위한 교육 필요성" Journal of agricultural medicine &amp; community health Vol.38 No.2, pp.130 - 141, 2013
[3] 의료정책 연구소 "개인의료정보의 관리 및 보호방안" 연구 보고서 2013. 12
[4] Simone Fischer-Hubner "IT-Security and Privacy", Lecture notes in computer science(1958), pp. 331-351, 2001

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190108259A (en) * 2018-03-14 2019-09-24 원광대학교산학협력단 Automatic Authentication Method based on Dynamic Context for Transparent Access for Medical Information
KR20210003560A (en) 2019-07-02 2021-01-12 광운대학교 산학협력단 Emergency Management System For Chronic Disease Patient And Management Method For The Same

Also Published As

Publication number Publication date
KR101754659B1 (en) 2017-07-06

Similar Documents

Publication Publication Date Title
Fernández-Alemán et al. Security and privacy in electronic health records: A systematic literature review
US9805213B1 (en) Identity validation and verification system and associated methods
US11055390B1 (en) Identity validation and verification system and associated methods
US8984282B1 (en) Identity validation and verification system and associated methods
US7191451B2 (en) Medical system with a management software, database, and a network interface to protect patient information from unauthorized personnel
US20160188805A1 (en) Privacy compliant consent and data access management system and methods
Zuniga et al. Biometrics for electronic health records
US20060004588A1 (en) Method and system for obtaining, maintaining and distributing data
US20110288874A1 (en) System and Method for Providing Authentication of Medical Data Through Biometric Identifier
US8818334B2 (en) Secure data exchange with identity information exchange
Theoharidou et al. Smart home solutions for healthcare: privacy in ubiquitous computing infrastructures
US20180336554A1 (en) Secure electronic transaction authentication
US9092643B2 (en) Secure access to personal health records in emergency situations
van den Braak et al. Trusted third parties for secure and privacy-preserving data integration and sharing in the public sector
KR101754659B1 (en) The secure automatic permission delegation method at emergency
KR101801832B1 (en) Apparatus and method for processing lifelog data
Márquez et al. Security in Telehealth Systems From a Software Engineering Viewpoint: A Systematic Mapping Study
Jabeen et al. Enhanced architecture for privacy preserving data integration in a medical research environment
Milutinovic et al. Ethical aspects in eHealth–design of a privacy-friendly system
Katarahweire et al. Data classification for secure mobile health data collection systems
Alagar et al. Privacy and security for patient-centric elderly health care
Nagamani et al. A mobile cloud-based approach for secure m-health prediction application
KR101047140B1 (en) Unmanned Medical Reception and Information Service System Using Fingerprint Recognition and Its Methods
Ondiege et al. Healthcare professionals’ perception of security of Personal Health Devices
CH713712B1 (en) Encryption-decryption engine for handling sensitive patient data and the corresponding procedure.

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right