Skip to main content
Springer Nature Link
Log in

A Reliable User Authentication and Key Agreement Scheme for Web-Based Hospital-Acquired Infection Surveillance Information System

  • Original Paper
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

With the rapid development of the Internet, both digitization and electronic orientation are required on various applications in the daily life. For hospital-acquired infection control, a Web-based Hospital-acquired Infection Surveillance System was implemented. Clinical data from different hospitals and systems were collected and analyzed. The hospital-acquired infection screening rules in this system utilized this information to detect different patterns of defined hospital-acquired infection. Moreover, these data were integrated into the user interface of a signal entry point to assist physicians and healthcare providers in making decisions. Based on Service-Oriented Architecture, web-service techniques which were suitable for integrating heterogeneous platforms, protocols, and applications, were used. In summary, this system simplifies the workflow of hospital infection control and improves the healthcare quality. However, it is probable for attackers to intercept the process of data transmission or access to the user interface. To tackle the illegal access and to prevent the information from being stolen during transmission over the insecure Internet, a password-based user authentication scheme is proposed for information integrity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Richards, M. J., Edwards, J. R., Culver, D. H., and Gaynes, R. P., Nosocomial infections in combined medical-surgical intensive care units in the United States. Infect. Control Hosp. Epidemiol. 21:510–515, 2000.

    Article  Google Scholar 

  2. Tambyah, P. A., Knasinski, V., and Maki, D. G., The direct costs of nosocomial catheter-associated urinary tract infection in the era of managed care. Infect. Control Hosp. Epidemiol. 23:27–31, 2002.

    Article  Google Scholar 

  3. Rosenthal, V. D., Maki, D. G., Mehta, A., Alvarez-Moreno, C., Leblebicioglu, H., Higuera, F., et al., International nosocomial infection control consortium report, data summary for 2002–2007, issued January 2008. Am. J. Infect. Control 36:627–637, 2008.

    Article  Google Scholar 

  4. Rosenthal, V. D., Maki, D. G., and Graves, N., The international nosocomial infection control consortium (INICC): goals and objectives, description of surveillance methods, and operational activities. Am. J. Infect. Control 36:e1–e12, 2008.

    Article  Google Scholar 

  5. Haley, R. W., Quade, D., Freeman, H. E., and Bennett, J. V., Study on the efficacy of nosocomial infection control (Senic Project) - summary of study design. Am. J. Epidemiol. 111:472–485, 1980.

    Google Scholar 

  6. Gastmeier, P., Geffers, C., Brandt, C., Zuschneid, I., Sohr, D., Schwab, F., et al., Effectiveness of a nationwide nosocomial infection surveillance system for reducing nosocomial infections. J. Hosp. Infect. 64:16–22, 2006.

    Article  Google Scholar 

  7. Chung, Y. F., Wu, Z. Y., and Chen, T. S., Ring signature scheme for ECC-based anonymous signcryption. Comput Stand Interfaces 31(4):669–674, 2009.

    Article  Google Scholar 

  8. Ball, E., Chadwick, D. W., and Mundy, D., “Patient privacy in electronic prescription transfer,” Security & Privacy. IEEE 1:77–80, 2003.

    Google Scholar 

  9. Yee, G., Korba, L., and Song, R., “Ensuring privacy for e-health services,” in Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on, 2006, pp. 8.

  10. Yoon, E.-J. and Yoo, K.-Y., “An efficient password authentication schemes without using the server public key for grid computing,” In: H. Zhuge and G. Fox, (Eds.), Grid and Cooperative Computing - GCC 2005. vol. 3795, ed: Springer Berlin/Heidelberg, 2005, pp. 149–154.

  11. Lamport, L., “Password authentication with insecure communication,”. Commun. ACM 24:770–772, 1981.

    Article  Google Scholar 

  12. Wu, Z. Y., Chung, Y. F., Lai, F., and Chen, T. S., "A password-based user authentication scheme for the integrated EPR information system," Journal of Medical Systems, doi:10.1007/s10916-010-9527-7, Available online May 27, 2010.

  13. Lee, N.-Y., and Chiu, Y.-C., Improved remote authentication scheme with smart card. Comput Stand Interfaces 27:177–180, 2005.

    Article  Google Scholar 

  14. Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32:583–585, 2009.

    Article  Google Scholar 

  15. M. Meg, “Strategies for the successful implementation of workflow systems within healthcare: a cross case comparison,” in The 36th Annual Hawaii International Conference on System Sciences, 2003, pp. 166–175.

  16. R. Bunge, S. Chung, B. Endicott-Popovsky, and D. McLane, “An operational framework for service oriented architecture network security,” presented at the Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences, 2008.

  17. Pierce, M., Fox, G., Youn, C., Mock, S., Mueller, K., and Balsoy, O., “Interoperable web services for computational portals,” presented at the Proceedings of the 2002 ACM/IEEE conference on Supercomputing. Baltimore, Maryland, 2002.

    Google Scholar 

  18. Lewis, G. A., Morris, E., Simanta, S., Wrage, L., “Common Misconceptions about Service-Oriented Architecture,” presented at the Proceedings of the Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems, 2007, pp. 123–130.

  19. Ko, L.-F., Lin, J.-C., Chen, C.-H., Chang, J.-S., Lai, F., Hsu, K.-P., et al., “HL7 middleware framework for healthcare information system,” in e-Health Networking, Applications and Services, 2006. HEALTHCOM 2006. 8th International Conference on, 2006, pp. 152–156.

  20. Hsieh, S. H., Hsieh, S. L., Weng, Y. C., Yang, T. H., Feipei, L., Cheng, P. H., et al., “Middleware based inpatient healthcare information system,” presented at the Bioinformatics and Bioengineering, 2007. BIBE 2007. Proceedings of the 7th IEEE International Conference on, 2007.

  21. Yang, T. H., Cheng, P. H., Yang, C. H., Lai, F., Chen, C. L., Lee, H. H., et al., “A scalable multi-tier architecture for the National Taiwan University Hospital Information System based on HL7 Standard,” presented at the Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems, 2006.

  22. Health Leval Seven, “HL7 Standard v2.5,” ed, 2003, p. 14.

  23. Horan, T. C., Andrus, M., and Dudeck, M. A., CDC/NHSN surveillance definition of health care-associated infection and criteria for specific types of infections in the acute care setting. Am. J. Infect. Control 36:309–332, 2008.

    Article  Google Scholar 

  24. Tseng, Y.-J., Chen, Y.-C., Lin, H.-C., Wu, J.-H., Chen, M.-Y., and Lai, F., “A web-based hospital-acquired infection surveillance information system,” in Information Technology and Applications in Biomedicine (ITAB), 2010 10th IEEE International Conference on, 2010, pp. 1–4.

  25. Kristof, S., Sofie Van, H., Kristof, T., Kristof, L., Filip De, T., Kirsten, C., et al., “Design of software services for computer-based infection control and antibiotic management in the intensive care unit,” in International Conference on eHealth, Telemedicine, and Social Medicine, 2009, pp. 87–92.

  26. Wu, J.-H., Chen, Y.-C., Hsieh, S. h., Lin, H.-C., Chen, Y.-Y., Cheng, P.-H., et al., “Real-time automated MDRO surveillance system.,” presented at the The 2009 International Conference on Bioinformatics & Computational Biology, Monte Carlo Resort, Las Vegas, Nevada, USA, 2009.

  27. Lu, R., Cao, Z., Chai, Z., and Liang, X., A simple user authentication scheme for grid computing. International Journal of Network Security 7:202–206, 2008.

    Google Scholar 

  28. Hsiang, H.-C., and Shih, W.-K., Weaknesses and improvements of the Yoon–Ryu–Yoo remote user authentication scheme using smart cards Weaknesses and improvements of the Yoon–Ryu–Yoo remote user authentication scheme using smart cards. Comput. Commun. 32(4):649–652, 2009.

    Article  Google Scholar 

  29. Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728, 2009.

    Article  Google Scholar 

  30. Liu, J. Y., Zhou, A. M., and Gao, M. X., A new mutual authentication scheme based on nonce and smart cards. Comput. Commun. 31(10):2205–2209, 2008.

    Article  Google Scholar 

  31. Stallings, W., “Cryptography and network security: principal and practices,” 5th Edition. Prentice Hall, 2010.

Download references

Acknowledgement

The authors would like to acknowledge the work of the members of the Center for Infection Control in National Taiwan University Hospital who assisted us to evaluate the WHISS. The research was in part supported by grants DOH 98-DC-1007 from the Center for Disease Control, Department of Health, Taiwan.

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Engineering, National Taiwan University, Taipei, Taiwan

    Zhen-Yu Wu & Feipei Lai

  2. Graduate Institute of Biomedical Electronics and Bioinformatics, National Taiwan University, Taipei, Taiwan

    Yi-Ju Tseng & Feipei Lai

  3. Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan

    Feipei Lai

  4. Department of Electrical Engineering, Tunghai University, Taipei, Taiwan

    Yufang Chung

  5. Center for Infection Control, National Taiwan University Hospital, Taipei, Taiwan

    Yee-Chun Chen

  6. Department of Internal Medicine, National Taiwan University Hospital and College of Medicine, Taipei, Taiwan

    Yee-Chun Chen

Authors
  1. Zhen-Yu Wu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Yi-Ju Tseng
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Yufang Chung
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Yee-Chun Chen
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Feipei Lai
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Zhen-Yu Wu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wu, ZY., Tseng, YJ., Chung, Y. et al. A Reliable User Authentication and Key Agreement Scheme for Web-Based Hospital-Acquired Infection Surveillance Information System. J Med Syst 36, 2547–2555 (2012). https://doi.org/10.1007/s10916-011-9727-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10916-011-9727-9

Keywords