Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

An Fingerprint Authentication Model of ERM System using Private Key Escrow Management Server

개인키 위탁관리 서버를 이용한 전자의무기록 지문인증 모델

  • Received : 2019.05.02
  • Accepted : 2019.06.07
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

의료정보는 환자에게 중요한 개인정보로써 반드시 보호되어야 하는 중요 정보이다. EMR((Electronic Medical Records) 시스템은 개인정보와 의료정보가 유출될 경우, 환자의 사생활 침해 등 매우 심각한 피해를 초래할 수 있어 EMR 시스템의 의료정보는 사용자 접근에 관한 제어 및 통제 강화 등 높은 보안성이 요구되는 시스템이다. 특히 의료인이 전자의무기록에 접근할 때, 보안이 강화된 신원확인에 대한 인증방식이 반드시 필요하다. 그러나 기존의 공인인증서 기반의 인증모델은 개인키 관리, 권한위임 등의 문제로 인해 전자의무기록의 보안 특성을 반영하지 못하였다. 본 연구에서는 기존의 전자의무기록(EMR) 시스템 접근 시 문제점을 해결할 수 있는 보안이 강화된 지문인식 기반 인증 모델을 제안한다. 제안한 인증 모델은 PEMS(Private-key Escrow Management Server)를 이용한 EMR 지문인증 모델로서, 개인키 위탁 프로토콜과 개인키 인출 프로토콜을 적용하여, 개인키 관리와 권한위임 문제를 해결할 수 있도록 하였다. 제안한 인증 모델은 성능 실험을 통해 기존의 공인인증서 기반 인증에 비해 수행시간 단축된 것을 확인할 수 있었고, 기존 전자서명 비밀번호 방식을 대체 가능하며, 사용자의 편의성이 증가된 장점이 있다.

Keywords

SHGSCZ_2019_v20n6_1_f0001.png 이미지

Fig. 1. Process for issuing public certificate of EMR system

SHGSCZ_2019_v20n6_1_f0002.png 이미지

Fig. 2. Process for authentication based on public certificate of EMR system

SHGSCZ_2019_v20n6_1_f0003.png 이미지

Fig. 3. Fingerprint registration process for fingerprint recognition-based EMR system

SHGSCZ_2019_v20n6_1_f0004.png 이미지

Fig. 4. Fingerprint Certification Process of the fingerprint recognition-based EMR system

SHGSCZ_2019_v20n6_1_f0005.png 이미지

Fig. 5. Private Key Escrow Protocol

SHGSCZ_2019_v20n6_1_f0006.png 이미지

Fig. 6. Private key fetch protocol

Table 1. Result of EMR digital signature

SHGSCZ_2019_v20n6_1_t0001.png 이미지

Table 2. Result of EMR fingerprint recognition

SHGSCZ_2019_v20n6_1_t0002.png 이미지

References

  1. C. S. Kruse, B. Smith, H. Vanderlinden, A. Nealand, "Security Techniques for the Electronic Health Records", Journal of Medical Systems, Vol.41, No.8, pp.127-139, July 2017. DOI: https://doi.org/10.1007/s10916-017-0778-4
  2. J. S. Lee, H. J. Kim, M. S. Jun, "A Study on a Secure Internet Service Provider Model Using Smart Secure-Pad," Journal of the Korea Academia-Industrial, Vol.14, No.3, pp.1428-1438, 2015. DOI: http://dx.doi.org/10.5762/KAIS.2013.14.3.1428
  3. J. W. Kim, J. H. Park, M. S. Jun, "A Design of Smart Banking System using Digital Signature based on Biometric Authentication", Journal of the Korea Academia-Industrial, Vol.16, No.9, pp.6282-6289, 2015. DOI: http://dx.doi.org/10.5762/KAIS.2015.16.9.6282
  4. G. D. Mogli, "Fingerprint-based crypto-biometric system for network security", Journal on Information Security, Vol.2, No.4, pp.156-165, 2011. DOI: http://dx.doi.org/10.4038/sljbmi.v2i4.2245
  5. S. Y. Min, B. W. Jin, "Design of Integrated Authentication Scheme for Safe Personal Information Management in a U-Health Environment," Journal of the Korea Academia-Industrial, Vol.15, No.6, pp.3865-3871, 2014. DOI: http://dx.doi.org/10.5762/KAIS.2014.15.6.3865
  6. S. Barman, D. Samanta, S. Chattopadhyay, "Role of Biometrics in healthcare privacy and security management system", Journal of Bio-Medical Informatics, Vol.2015, No.3, pp.1-12, April 2015. DOI: https://doi.org/10.1186/s13635-015-0020-1
  7. H. Chao, S. Twu, C. Hsu, "A Patient-Identity Security Mechanism For Electronic Medical Records (EMRs) During Transit and At Rest", Journal of Medical Informatics and the Internet in Medicine, Vol.30, No.3, pp.227-240, July 2009. DOI: https://doi.org/10.1080/14639230500209443
  8. W. Yang, S. Wang, J. Hu, G. Zheng, C. Valli, "Security and accuracy of fingerprint-based biometrics: A review", International Journal of Symmetry, Vol.11, No.2, pp.141-150, 2019. DOI: https://doi.org/10.3390/sym11020141
  9. N. Lo, C. Wu, Yo. Chuang, "An authentication and authorization mechanism for long-term electronic health records management", Journal of Procedia Computer Science, Vol.111, pp.145-453, 2017. DOI: https://doi.org/10.1016/j.procs.2017.06.021
  10. Zhou, X. Lin, X. Dong, Z. Cao, "PSMPA: Patient Self-controllable and Multi-level Privacy-preserving Cooperative Authentication in Distributed m-Healthcare Cloud Computing System", IEEE Transactions on Parallel and Distributed Systems, Vol.26, No.6, pp.1693-1703, 2015. DOI: https://doi.org/10.1109/TPDS.2014.2314119
  11. M. Vigil, D. Cabarcas, J. Buchmann, J. Huang, "Assessing trust in the long-term protection of documents", 2013 IEEE Symposium on Computers and Communication(ISCC),Split, Croatia, 7-10 July 2013. DOI: https://doi.org/10.1109/ISCC.2013.6754943
  12. W. Lei, Y. Li, Y. Sang, H. Shen, "A Secure Anonymous Authentication Scheme for Electronic Medical Records Systems", 2016 IEEE 13th International Conference on e-Business Engineering (ICEBE), pp. 48-55, Macau, China, Nov. 2016. DOI: https://doi.org/10.1109/ICEBE.2016.019
  13. V. Liu, M. Musen,T. Chou, "Data Breaches of Protected Health Information in the United States", Journal of the American Medical Association, Vol.313, No.14, pp.1471-1473, 2015. DOI: https://doi.org/10.1001/jama.2015.2252
  14. H. Ma, R. Zhang, G. Yang, Z. Song, K. He, Y. Xiao, "Efficient Fine-Grained Data Sharing Mechanism for Electronic Medical Record Systems with Mobile Devices", IEEE Transactions on Dependable and Secure Computing, pp.1-11, June 2018. DOI: https://doi.org/10.1109/TDSC.2018.2844814