Abstract
This paper describes the design and implementation of a PKI-based eHealth authentication architecture. This architecture was developed to authenticate eHealth Professionals accessing RTS (Rede Telemática da Saúde), a regional platform for sharing clinical data among a set of affiliated health institutions. The architecture had to accommodate specific RTS requirements, namely the security of Professionals’ credentials, the mobility of Professionals, and the scalability to accommodate new health institutions. The adopted solution uses short lived certificates and cross-certification agreements between RTS and eHealth institutions for authenticating Professionals accessing the RTS. These certificates carry as well the Professional’s role at their home institution for role-based authorization. Trust agreements between health institutions and RTS are necessary in order to make the certificates recognized by the RTS. The implementation was based in Windows technology and as a general policy we avoided the development of specific code; instead, we used and configured available technology and services.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Cunha, J.P.: RTS Network: Improving Regional Health Services through Clinical Telematic Web-based Communication System. In: eHealth Conference 2007, Berlin (2007)
Comissão Nacional de Protecção de Dados, Relatório de Auditoria ao Tratamento de Informação de Saúde nos Hospitais. Guerra, A. (ed.) (2004), http://www.cnpd.pt/bin/relatórios/ outros/Relatorio_final.pdf
Bourka, A., Polemi, N., Koutsouris, D.: An Overview in Healthcare Information Systems Security. In: MEDINFO 2001, London (2001)
Ribeiro, C., Silva, F., Zúquete, A.: A Roaming Authentication Solution for Wifi using IPSec VPNs with client certificates. In: TERENA Networking Conference 2004, Rhodes, Greece (2004)
Zúquete, A., Ribeiro, C.: A flexible, large-scale authentication policy for WLAN roaming users using IPSec and public key certification. In: 7a Conferência sobre Redes de Computadores (CRC 2004), Leiria, Portugal (2004)
RSA Laboratories, PKCS #11 v2.20: Cryptographic Token Interface Standard (2004), ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
Microsoft TechNet, Microsoft Windows Server TechCenter, Supported Hardware, http://technet2.microsoft.com/windowsserver/en/library/ 73cfb9ef-0f4c-4a40-ac8d-f0af056431581033.mspx?mfr=true
Microsoft TechNet, Windows Server 2003 Technical Reference, How CA Certificates Work, http://technet2.microsoft.com/windowsserver/en/library/ 0e4472ff-fe9b-4fa7-b5b1-9bb6c5a7f76e1033.mspx?mfr=true
Lloyd, S., et al.: CA-CA Interoperability. PKI Forum (2004), http://www.pkiforum.org/resources.html
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.1, RFC 4346, IETF (2006)
Microsoft Technical Support, Http.sys registry settings for IIS, http://support.microsoft.com/kb/820129/en-us
Cunha, J.P.S., et al.: BING: The Portuguese Brain Imaging Network GRID, IberGRID 2007. Santiago de Compostela. pp. 268–276 (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gomes, H., Cunha, J.P., Zúquete, A. (2007). Authentication Architecture for eHealth Professionals. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. OTM 2007. Lecture Notes in Computer Science, vol 4804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76843-2_33
Download citation
DOI: https://doi.org/10.1007/978-3-540-76843-2_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76835-7
Online ISBN: 978-3-540-76843-2
eBook Packages: Computer ScienceComputer Science (R0)