For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
20
views
21
references
 Top references
cited by
1
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
0 collections
    0
    shares
      175
      similar
       All similar
      • Record: found
      • Abstract: found
      • Article: not found

      Access Control based on Attribute Certificates for Medical Intranet Applications

      research-article

      Read this article at

      ScienceOpenPublisherPMC
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Background

          Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications.

          Objectives

          To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications.

          Methods

          We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC.

          Results

          Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework.

          Conclusions

          Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

          Related collections

          Most cited references21

          • Record: found
          • Abstract: not found
          • Article: not found

          A baseline security policy for distributed healthcare information systems

          Dimitris Gritzalis (1997)
          Article 0 comments Cited 4 times – based on 0 reviews     Review now
            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Defining Access Control Mechanisms for Privacy Protection in Distributed Medical Databases

            I Mavridis, G Pangalos, M Khair (1999)
            Article 0 comments Cited 1 times – based on 0 reviews     Review now
              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              An Internet Attribute Certificate Profile for Authorization, IETF Group, Internet Draft: draft.ietf.pkix.ac509prof-03.txt, work in progress

              S Farrel, R. Housley (2000)
              Article 0 comments Cited 1 times – based on 0 reviews     Review now
                Bookmark
                All references

                Author and article information

                Contributors
                :
                Informatics and Information Security LaboratoryComputers DivisionFaculty of TechnologyAristotle University of ThessalonikiThessaloniki 54006Greeceimav@eng.auth.gr
                Journal
                Journal ID (nlm-ta): J Med Internet Res
                Journal ID (publisher-id): JMIR
                Title: Journal of Medical Internet Research
                Publisher: Gunther Eysenbach (Centre for Global eHealth Innovation, Toronto, Canada )
                ISSN (Electronic): 1438-8871
                Publication date Collection: Jan-Mar 2001
                Publication date (Electronic): 17 March 2001
                Volume: 3
                Issue: 1
                Electronic Location Identifier: e9
                Affiliations
                [1] 1simpleInformatics Laboratory simpleComputers Division simpleFaculty of Technology simpleAristotle University of Thessaloniki ThessalonikiGreece
                [2] 2simpleDepartment of Computer Science simpleFaculty of Natural and Applied Sciences simpleNotre Dame University LouaizeLebanon
                Article
                Publisher ID: v3i1e9 Medline ID: 21578016
                DOI: 10.2196/jmir.3.1.e9
                PMC ID: 1761880
                PubMed ID: 11720951
                SO-VID: f648054b-e64d-4ace-b988-3ad6fb45bf98
                Copyright © © Ioannis Mavridis, Christos Georgiadis, George Pangalos, Marie Khair. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 17.3.2001. Except where otherwise noted, articles published in the Journal of Medical Internet Research are distributed under the terms of the Creative Commons Attribution License (http://www.creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited, including full bibliographic details and the URL (see "please cite as" above), and this statement is included.
                History
                Date received : 4 October 2000
                Date revision requested : 18 January 2001
                Date accepted : 25 January 2001
                Categories
                Subject: Original Paper

                ScienceOpen disciplines: Medicine
                Keywords: computer security,medical records systems, computerized,distributed access control,attribute certificates,digital certificates
                Data availability:
                ScienceOpen disciplines: Medicine
                Keywords: computer security, medical records systems, computerized, distributed access control, attribute certificates, digital certificates

                Comments

                Comment on this article