Abstract
For personal health record storage systems in the cloud where the information must be encrypted before storage, we propose splitting the decryption key into two parts, where the user owns one part that is called an ownership code or a right-to-decrypt code, while the other part, called a substitute-key-half code, is stored in the system. The decryption key can only be recovered using these two separate secret parts, and the information stored in the system will not disclose any clues that could lead to guessing the decryption key, thus strengthening information protection and ensuring that the personal health records will not be disclosed to anyone without authorization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AHIMAe-HIM Personal Health Record Work Group (2005) Defining the personal health record. J AHIMA 76(6):24–25
Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4:224–274
Kaelber DC, Jha AK, Johnston D, Middleton B, Bates DW (2008) A research agenda for personal health records (Phrs). J Am Med Inform Assoc 15:729–736
AHIMA e-HIM Personal Health Record Work Group (2011) myPHR. http://www.myphr.com/. Accessed 20 Aug 2011
Google Inc (2011) “Google Health,” http://www.google.com/intl/zh-TW/health/about/. Accessed 22 Aug 2011
Microsoft Corporation (2011) “HealthVault,” http://www.microsoft.com/en-us/healthvault/. Accessed 22 Aug 2011
Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2008) Cloud computing and emerging it platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener Comput Syst 25(6):599–616
Weinhardt C, Anandasivam A, Blau B, Borissov N, Meinl T, Michalk W, Stößer J (2009) Cloud computing–a classification, business models, and research directions. Bus Inf Syst Eng 1(5):391–399
Cushman R, Froomkin M, Cava A, Abril P, Goodman KW (2010) Ethical, legal and social issues for personal health records and applications. J Biomed Inform 43(5 Supp. 1):S51–S55
Parakh A, Kak S (2009) Online data storage using implicit security. Inf Sci 179(19):3323–3333
Wang M, Lau C, Matsen FA III, Kim Y (2004) Personal health information management system and its application in referral management. IEEE Trans Inf Technol Biomed 8(3):287–297
Markle Foundation (2003) Connecting for Health. The Personal Health Working Group Final Report
Markle Foundation (2011) Connection Consumers CP8: Consumer Obtainment and Control of Information, http://www.markle.org/health/markle-common-framework/connecting-consumers/cp8. Accessed 25 Aug 2011
Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput App 34:1–11
US National Institute of Standards and Technology (1993) Data encryption standard, Federal Information Processing Standard (FIPS) publication 46–2
US National Institute of Standards and Technology (2001) Advanced encryption standard, Federal Information Processing Standard (FIPS) publication 197
Rivest R, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126
Miller V, (1986) Uses of elliptic curves in cryptography, Advances in cryptology–CRYPTO ‘85, Lecture Notes in Computer Science 218: 417–426
Sandhu RS, Samarati P (1994) Access control: principle and practice. IEEE Commun Mag 32(9):40–48
Hwang JJ (2009) Partition and recovery of a verifiable digital secret. US Patent No. 7,596,704
Acknowledgements
We are grateful for the support of the National Science Council of Taiwan Government (Project Number NSC 99-2410-H-182 -025 -MY2)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this paper
Cite this paper
Hsu, YC., Hwang, JJ. (2012). Controlling Decryption of Personal Health Records in the Cloud. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_6
Download citation
DOI: https://doi.org/10.1007/978-94-007-2911-7_6
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2910-0
Online ISBN: 978-94-007-2911-7
eBook Packages: EngineeringEngineering (R0)