A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES

Alexandra Dmitrienko; Zecir Hadzic; Hans Löhr; Marcel Winandy; Ahmad-Reza Sadeghi

doi:10.5220/0003171100870096

A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES

Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi

2011

Abstract

Using mobile phones to access healthcare data is an upcoming application scenario of increasing importance in the near future. However, important aspects to consider in this context are the high security and privacy requirements for sensitive medical data. Current mobile phones using standard operating systems and software cannot offer appropriate protection for sensitive data, although the hardware platform often offers dedicated security features. Malicious software (malware) like Trojan horses on the mobile phone could gain unauthorized access to sensitive medical data. In this paper, we propose a complete security framework to protect medical data (such as electronic health records) and authentication credentials that are used to access e-health servers. Derived from a generic architecture that can be used for PCs, we introduce a security architecture specifically for mobile phones, based on existing hardware security extensions. We describe security building blocks, including trusted hardware features, a security kernel providing isolated application environments as well as a secure graphical user interface, and a trusted wallet (TruWallet) for secure authentication to e-health servers. Moreover, we present a prototype implementation of the trusted wallet on a current smartphone: the Nokia N900. Based on our architecture, health care professionals can safely and securely process medical data on their mobile phones without the risk of disclosing sensitive information as compared to commodity mobile operating systems.

Download

Paper Citation

in Harvard Style

Dmitrienko A., Hadzic Z., Löhr H., Winandy M. and Sadeghi A. (2011). A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2011) ISBN 978-989-8425-34-8, pages 87-96. DOI: 10.5220/0003171100870096

in Bibtex Style

@conference{healthinf11,
author={Alexandra Dmitrienko and Zecir Hadzic and Hans Löhr and Marcel Winandy and Ahmad-Reza Sadeghi},
title={A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2011)},
year={2011},
pages={87-96},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003171100870096},
isbn={978-989-8425-34-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2011)
TI - A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES
SN - 978-989-8425-34-8
AU - Dmitrienko A.
AU - Hadzic Z.
AU - Löhr H.
AU - Winandy M.
AU - Sadeghi A.
PY - 2011
SP - 87
EP - 96
DO - 10.5220/0003171100870096