On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

Abstract: The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among … Show more

“…Since we suppose that no Internet connection is available between the consumer/source and the registry/repository, we integrate XDS with XDM, a profile specifically devised for dealing with such settings. In this way, the requirement for having strong authentication in XDS transactions (i.e., a matching X509 certificate between the TLS handshake and the key inside the token, as in [10]) can be relaxed. Indeed, the channel representing the cartransportation system is able to transport only one message in only one direction, hence the TLS handshake cannot be performed.…”

“…Notably, a token permits only one operation via the portable media. The token issuance process is assumed to be performed according to [10] and is not detailed here for the sake of simplicity (for this reason, it is indicated as step 0 in the protocol). It is, however, worth noticing that a one-to-one correspondence exists between the token issued during the process and the WS-Trust [23] context ctx, that is a unique identifier computed by the STS .…”

“…If both tests succeed, clinic B validates the assertion to its STS B through message 3,, as in [10], and writes in its local ARR B the following knowledge: "someone, probably A, at time ts2 , sent a message with identifier ctx for a document represented by the signed…”

“…the adoption of EHR systems and the US government has published the Health Insurance Portability and Accountability Act (HIPAA) [9] with a similar aim. However using the stateof-the-art international standards, as required by most of the above projects has a significant drawback: some proposed methodologies have not been sufficiently analyzed from a security point of view (as we show in [10]). …”

“…Then we define a threat model where a hypothetical attacker (e.g., [11], [12]) can seriously damage the health of patients 1 The solution to this problem in presence of Internet connection is shown in [3] and formally studied in [10]. 2 IHE is an initiative by healthcare professionals and industry that strictly follows such international guidelines as HIPAA and EU commission reports.…”

A standard-driven communication protocol for disconnected clinics in rural areas

“…Since we suppose that no Internet connection is available between the consumer/source and the registry/repository, we integrate XDS with XDM, a profile specifically devised for dealing with such settings. In this way, the requirement for having strong authentication in XDS transactions (i.e., a matching X509 certificate between the TLS handshake and the key inside the token, as in [10]) can be relaxed. Indeed, the channel representing the cartransportation system is able to transport only one message in only one direction, hence the TLS handshake cannot be performed.…”

“…Notably, a token permits only one operation via the portable media. The token issuance process is assumed to be performed according to [10] and is not detailed here for the sake of simplicity (for this reason, it is indicated as step 0 in the protocol). It is, however, worth noticing that a one-to-one correspondence exists between the token issued during the process and the WS-Trust [23] context ctx, that is a unique identifier computed by the STS .…”

“…If both tests succeed, clinic B validates the assertion to its STS B through message 3,, as in [10], and writes in its local ARR B the following knowledge: "someone, probably A, at time ts2 , sent a message with identifier ctx for a document represented by the signed…”

“…the adoption of EHR systems and the US government has published the Health Insurance Portability and Accountability Act (HIPAA) [9] with a similar aim. However using the stateof-the-art international standards, as required by most of the above projects has a significant drawback: some proposed methodologies have not been sufficiently analyzed from a security point of view (as we show in [10]). …”

“…Then we define a threat model where a hypothetical attacker (e.g., [11], [12]) can seriously damage the health of patients 1 The solution to this problem in presence of Internet connection is shown in [3] and formally studied in [10]. 2 IHE is an initiative by healthcare professionals and industry that strictly follows such international guidelines as HIPAA and EU commission reports.…”

A standard-driven communication protocol for disconnected clinics in rural areas

A Formal Approach to the Engineering of Domain-Specific Distributed Systems

On the Usage of SAML Delegate Assertions in an Healthcare Scenario with Federated Communities