T-Space at The University of Toronto Libraries >
Journal of Medical Internet Research >
Volume 3 (2001) >
Please use this identifier to cite or link to this item:
|Title: ||Access Control based on Attribute Certificates for Medical Intranet Applications|
|Authors: ||Mavridis, Ioannis|
|Keywords: ||Original Paper|
Medical records systems, computerized
Distributed access control
|Issue Date: ||17-Mar-2001|
|Publisher: ||Gunther Eysenbach; Centre for Global eHealth Innovation, Toronto, Canada|
|Citation: ||Ioannis Mavridis, Christos Georgiadis, George Pangalos, Marie Khair. Access Control based on Attribute Certificates for Medical Intranet Applications. J Med Internet Res 2001;3(1):e9 <URL: http://www.jmir.org/2001/1/e9/>|
|Abstract: ||[This item is a preserved copy and is not necessarily the most recent version. To view the current item, visit http://www.jmir.org/2001/1/e9/ ]
Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications.
To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications.
We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC.
Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework.
Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.|
|Description: ||Reviewer: DellaMea, Vincenzo|
|Other Identifiers: ||doi:10.2196/jmir.3.1.e9|
|Rights: ||Copyright (cc) Retained by author(s) under a Creative Commons License: http://creativecommons.org/licenses/by/2.0/|
|Appears in Collections:||Volume 3 (2001)|
Items in T-Space are protected by copyright, with all rights reserved, unless otherwise indicated.