test Browse by Author Names Browse by Titles of Works Browse by Subjects of Works Browse by Issue Dates of Works

Advanced Search
& Collections
Issue Date   
Sign on to:   
Receive email
My Account
authorized users
Edit Profile   
About T-Space   

T-Space at The University of Toronto Libraries >
Journal of Medical Internet Research >
Volume 3 (2001) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1807/4608

Title: Access Control based on Attribute Certificates for Medical Intranet Applications
Authors: Mavridis, Ioannis
Georgiadis, Christos
Pangalos, George
Khair, Marie
Keywords: Original Paper
Computer security
Medical records systems, computerized
Distributed access control
Attribute certificates
Digital certificates
Issue Date: 17-Mar-2001
Publisher: Gunther Eysenbach; Centre for Global eHealth Innovation, Toronto, Canada
Citation: Ioannis Mavridis, Christos Georgiadis, George Pangalos, Marie Khair. Access Control based on Attribute Certificates for Medical Intranet Applications. J Med Internet Res 2001;3(1):e9 <URL: http://www.jmir.org/2001/1/e9/>
Abstract: [This item is a preserved copy and is not necessarily the most recent version. To view the current item, visit http://www.jmir.org/2001/1/e9/ ] Background: Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives: To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods: We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results: Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions: Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.
Description: Reviewer: DellaMea, Vincenzo
URI: http://hdl.handle.net/1807/4608
ISSN: 1438-8871
Other Identifiers: doi:10.2196/jmir.3.1.e9
Rights: Copyright (cc) Retained by author(s) under a Creative Commons License: http://creativecommons.org/licenses/by/2.0/
Appears in Collections:Volume 3 (2001)

Files in This Item:

File Description SizeFormat
jmir.html41.3 kBHTMLView/Open

Items in T-Space are protected by copyright, with all rights reserved, unless otherwise indicated.