Skip to main content
Springer Nature Link
Log in

Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment

  • ORIGINAL PAPER
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

RFID technology is widely used in healthcare environments to ensure patient safety. Therefore, the testing of RFID tags, such as performance tests and security evaluations, is necessary to ensure inter-operational functional compatibility with standards. A survey of the literature shows that while standards that are around RFID performance tests have been addressed, but the same is not true for security evaluations. Therefore, in this paper, we introduce the Common Criteria security evaluation methodology, also known as ISO/IEC 15408, for the security evaluation of RFID tags and propose a framework as a minimal requirement for RFID tags to improve security assurance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Roberts, C. M., Radio frequency identification (RFID). Comput Secur 25(1):18–26, 2006.

    Article  Google Scholar 

  2. Klaus, F., RFID handbook: fundamentals and applications in contactless smart cards and identification. Wiley, Second Edition, 2003.

  3. Shim, H., Uh, Y., Lee, S. H., and Yoon, Y. R., A new specimen management system using RFID technology. Journal of Medical Systems, doi:10.1007/s10916-009-9417-z, Published online, Jan. 2010.

  4. Rogers, A., Jones, E., and Oleynikov, D., Radio frequency identification (RFID) applied to surgical sponges. Surg Endosc 21:1235–1237, 2007.

    Article  Google Scholar 

  5. Della Vecchia, G., and Esposito, M., A pervasive system for nuclear medicine department. Wireless Pervasive Communications, doi:10.1007/s11277-009-9789-x, Published online, Jul. 2009.

  6. Lai, C.-L., Chien, S.-W., Chang, L.-H., Chen, S.-C., Fang, K., Enhancing medication safety and healthcare for inpatients using RFID. Portland International Center for Management of Engineering Technology 2007, Proceedings on 7th PICMET 2007, pp. 2783–2790, Aug. 2007.

  7. Yu, Y.-C., Should & how RFID system be evaluated against CC v3.1?. 8th International Common Criteria Conference, Sep, 2007.

  8. ISO/IEC, 2006, Radio frequency Identification device performance test methods, ISO/IEC 18046:2006.

  9. ISO/IEC, 2007, Radio frequency Identification device performance test methods—Part 3: Test methods for tag performance, ISO/IEC 18046-3:2007.

  10. ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 2: test methods for air interface communication at 135 KHz, ISO/IEC TR 18047-2:2006.

  11. ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 3: test methods for air interface communication at 13.56 MHz, ISO/IEC TR 18047-3:2006.

  12. ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 4: test methods for air interface communication at 2.54 GHz, ISO/IEC TR 18047-4:2004.

  13. ISO/IEC, 2006, Radio frequency Identification device performance test methods—part 6: test methods for air interface communication at 860 MHz to 960 MHz, ISO/IEC TR 18047-6:2006.

  14. ISO/IEC, 2005, Radio frequency Identification device performance test methods—part 7: test methods for air interface communication at 433 MHz, ISO/IEC TR 18047-4:2004.

  15. Cugini, J., The common criteria: On the road to international harmonization. Comput Stand Interfaces 17(4):315–320, 1995.

    Article  Google Scholar 

  16. ISO/IEC, 2005, Common Criteria for Information Technology Security Evaluation—Part 1: Introduction and general model, ISO/IEC 15408:2005.

  17. ISO/IEC, 2005, Common Criteria for Information Technology Security Evaluation—Part 2: Security Functional Requirements, ISO/IEC 15408:2005.

  18. ISO/IEC, 2005, Common Criteria for Information Technology Security Evaluation—Part 3: Security Assurance Requirements, ISO/IEC 15408:2005.

  19. Weis, S. A., Sarma, S. E., Rivest, R. L., and Engels, D. W., Security and privacy aspects of low-cost radio frequency identification systems. Secur Pervasive Comput 2802:201–212, 2004.

    Article  Google Scholar 

  20. Chien, H.-Y., and Chen, C.-H., Mutual authentication protocol for RFID conforming to EPC Class-1 generation 2 Standard. Comput Stand Interface 29(2):254–259, 2007.

    Article  MathSciNet  Google Scholar 

  21. EPC™ Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz–960 MHz Version 1.0.9. EPCglobal Inc, 2005

  22. The EPCglobal Architecture Framework Version 1.2, EPCglobal Inc, Sep, 2007

  23. EPCglobal Certificate Profile Version 1.0.1, EPCglobal Inc, May, 2008.

  24. EPC Information Services (EPCIS) Version 1.0.1, EPCglobal Inc, Sep, 2007.

  25. Low Level Reader Protocol (LLRP), Version 1.0.1, EPCglobal Inc, Aug, 2007

  26. Reader Protocol Standard, Version 1.1, EPCglobal Inc, Jun, 2006.

  27. Cynthia, F., Information assurance technology framework, release 3.1. National Security Agency, Sep., 2002.

  28. Farn, K.-J., Lin, S.-K., and Lo, C.-C., A study on e-Taiwan information system, security classification and implementation. Comput Stand Interface 30(1–2):1–7, 2008.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Engineering Science, National Cheng Kung University, Tainan, Taiwan

    Yao-Chang Yu & Ting-Wei Hou

  2. Department of Medical Informatics, National Cheng Kung University Hospital, Tainan, Taiwan

    Ting-Wei Hou

Authors
  1. Yao-Chang Yu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Ting-Wei Hou
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Ting-Wei Hou.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yu, YC., Hou, TW. Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment. J Med Syst 36, 1689–1696 (2012). https://doi.org/10.1007/s10916-010-9629-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-010-9629-2

Keyword