Abstract
In medical information systems, there are a lot of confidential information about patient privacy. It is therefore an important problem how to prevent patient’s personal privacy information from being disclosed. Although traditional security protection strategies (such as identity authentication and authorization access control) can well ensure data integrity, they cannot prevent system’s internal staff (such as administrators) from accessing and disclosing patient privacy information. In this paper, we present an effective scheme to protect patients’ personal privacy for a medical information system. In the scheme, privacy data before being stored in the database of the server of a medical information system would be encrypted using traditional encryption algorithms, so that the data even if being disclosed are also difficult to be decrypted and understood. However, to execute various kinds of query operations over the encrypted data efficiently, we would also augment the encrypted data with additional index, so as to process as much of the query as possible at the server side, without the need to decrypt the data. Thus, in this paper, we mainly explore how the index of privacy data is constructed, and how a query operation over privacy data is translated into a new query over the corresponding index so that it can be executed at the server side immediately. Finally, both theoretical analysis and experimental evaluation validate the practicality and effectiveness of our proposed scheme.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Domingo-Ferrer, J., New privacy homomorphism and applications. Inf. Process. Lett. 5(60):277–282, 1994.
Easttom, C., Computer security fundamentals. 2nd edn. Upper Saddle River: Prentice Hall, 2011.
Grau, S., Allen, T., and Sherkat, N., Silog: Speech input logon. Knowl.-Based Syst. 7(22):535–539, 2009.
Hakan, H., Bala, L., and Chen, L., Executing sql over encrypted data in the database service provider model. In: Proceedings of SIGMOD’ 02, pp. 216–227, 2002.
Popa, R. A., Redfield, C. M. S., Zeldovich, N., and Balakrishnan, H, CryptDB: Protecting confidentiality with encrypted query processing. In: Proceedings of SOSP’ 11, pp. 85–100, 2011.
Wu, Z., Xu, G., Zong, Y., Yi, X., Chen, E., and Zhang, Z., Executing sql queries over encrypted character strings in the database-as-service model. Knowl.-Based Syst. 12(35):332–348, 2012.
He, D. B., Chen, J. H., and Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 3(36):1989–1995, 2012.
Hwang, M. S., and Li, L. H., A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 1(46):28–30, 2012.
Lee, J. K., Ryu, S. R., and Yoo, K. Y., Fingerprint-based remote user authentication scheme using smart cards. Electron. Lett. 12(38):554–555, 2002.
Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 3(37):9941–9948, 2013.
Li, C. T., Secure smart card based password authentication scheme with user anonymity. Inform. Technol. Control. 2(40):157–162, 2011.
Murugesan, M., and Clifton, C., Providing privacy through plausibly deniable search. In: Proceedings of SIAM’ 09, pp. 768–780, 2009.
Rivest, R., Adleman, L., and Dertouzos, M. L., On data banks and privacy homomorphism: Foundation of secure computation. New York: Academic Press, 1978.
Sandhu, R. S., and Samarati, P., Access control: Principles and practice. IEEE Commun. Mag. 9(32): 40–48, 1994.
Wei, J., Hu, X., and Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 6(36):3597–3604, 2012.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., and Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 3(36):1529–1535, 2012.
Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 6(36): 3833–3841, 2012.
Acknowledgments
The work in this paper is supported by grants from the National Natural Science Foundation of China (Nos.61202171, 61272018 and 61303113), the China Postdoctoral Science Foundation funded projects (Nos.2012M521251 and 2013T60623) and the Zhejiang Provincial Natural Science Foundation of China (Nos. LY12F01016 and Q13F020034).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lu, C., Wu, Z., Liu, M. et al. A Patient Privacy Protection Scheme for Medical Information System. J Med Syst 37, 9982 (2013). https://doi.org/10.1007/s10916-013-9982-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-013-9982-z