DOI QR코드

DOI QR Code

Design of Personal Information Security Model in U-Healthcare Service Environment

유헬스케어 서비스 환경 내 개인정보 보호 모델 설계

  • Lee, Bong-Keun (Division of Fire Protection&Safety, College of Busan Kyungsang) ;
  • Jeong, Yoon-Su (Industry Technical Research Institute, Hannam University) ;
  • Lee, Sang-Ho (Dep. Computer Science, College of Electrical & Computer Engineering, Chungbuk National University)
  • 이봉근 (부산경상대학 소방안전계열) ;
  • 정윤수 (한남대학교 산업기술연구소) ;
  • 이상호 (충북대학교 전자정보대학 소프트웨어학과)
  • Received : 2011.06.01
  • Accepted : 2011.08.25
  • Published : 2011.11.30

Abstract

With rapid development and contribution of IT technology IT fushion healthcare service which is a form of future care has been changed a lot. Specially, as IT technology unites with healthcare, because delicate personal medical information is exposed and user's privacy is invaded, we need preperation. In this paper, u-healthcare service model which can manage patient's ID information as user's condition and access level is proposed to protect user's privacy. The proposed model is distinguished by identification, certification of hospital, access control of medical record, and diagnosis of patient to utilize it efficiently in real life. Also, it prevents leak of medical record and invasion of privacy by others by adapting user's ID as divided by user's security level and authority to protect privacy on user's information shared by hospitals.

IT 기술의 급속한 발전과 보급에 힘입어 미래의 의료형태인 IT 융합 헬스케어 서비스 기술은 많은 변화가 이루어지고 있다. 특히, IT 기술이 헬스케어와 융합되면서 사용자의 민감한 의료정보가 유출되고 사용자 프라이버시가 침해되는 문제가 발생되면서 그에 따른 대비책이 필요하다. 본 논문에서는 유헬스케어 환경에서 사용자의 프라이버시를 보호하기 위해서 환자의 ID 정보를 사용자 상태 및 접근 레벨에 따라 통합/분할 관리할 수 있는 유헬스케어 서비스 모델을 제안한다. 제안된 모델은 실 환경에서 효과적으로 활용할 수 있도록 사용자 신분확인, 병원 권한확인, 진료기록 접근제어, 환자진단 등의 기능으로 구분한다. 또한, 사용자의 ID가 중앙의 서버에서 통합 관리되는 동시에 병원간 공유되는 사용자의 정보에 대한 프라이버시를 보호하기 위해서 사용자의 보안 레벨 및 권한에 따라 사용자의 ID를 병원에 분할 적용하여 제 3자에 의한 사용자의 프라이버시 침해 및 의료정보 유출을 예방한다.

Keywords

References

  1. T. M. Song, S. H, Jang, "u-Healthcare : Issue and Research Trends", Korea Institute for Health and Social Affairs, pp. 119-129, Jan. 2011.
  2. K. J. Kim, S. P. Hong, "Privacy Information Prot ection Model in e-Healthcare Environment", Korean Society for Internet Information, Vol. 10, N., 2, pp. 29-40, Apr. 2009.
  3. D. G. Kim, I. G. Song, "Need and Development of u-Healthcare Service", Korean Society for Internet Information, Vol. 1, No. 3, pp. 9-17, Sep. 2009.
  4. D. H. Sin, B. J. Han, H. J. Lee, H. C. Jung, "Analysis of Security Threat in u-Healthcare Service", The Korean Institute of Information Scientists and Engineers 2010 Conferences, Vol. 37, No. 1(D), pp. 52-55, Jun. 2010.
  5. S. Y. Song, H. J. Hwang, "u-Healthcare Application Framework for Medical Gateway", Korean Society for Internet Information Conference, pp. 349-353, May. 2009.
  6. IHE, http://www.himss.org.
  7. ITI Technical Committee, "IHE Security-XDS as a Case Study", IHE, 2006.
  8. J. E. Song, S. H. Kim, M. A. Chung, K. I. Chung, "Security Issues and Its Technology Trends in u-Healthcare", Electronics and Telecommunications Trend Analysis Vol. 22, No. 1, pp. 70-86, Feb. 2007.
  9. Z. Omary, f. Mtenzi, B. Wu, C. O'Driscoll, "Accessing sensitive patient information in ubiquitous healthcare systems", 2010 International conference for internet Technology and Secured Transactions(ICITST), pp. 1-3, Nov. 2010.
  10. D. W. Bang, J. S. Jeong, J. H. Lee, "An imple mentation of privacy security for PHR framework supporting u-healthcare service", 2010 6th International conference on Networked Computing(INC), pp. 1-4, May. 2010.
  11. E. Y. Kim, M. Lee, "Multi-agent-based U-healthcare system for Managing Hypertension", International Conference on convergence Information Technology, pp. 1694-1699, Nov. 2007.
  12. Crypto++ 5.6.0 Benchmarks, http://www.cryptopp.com/benchmarks.html
  13. Q. Ni, A. Trombetta, E. Bertino and J. Lobo, "Privacy-aware Role Based Access Control", The Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 41-50, Jun. 2007.
  14. Q. Ni, D. Lin, E. Bertino and J. Lobo, "Conditional Privacy-aware Role Based Access Control", The Proceedings of the 12th European Symposium on Research in Computer Security, LNCS 4734, pp. 72-89, 2007.
  15. J. W. Byun, E. Bertino and N. Li, "Purpose based access control of complex data for privacy protection", Proceedings of the tenth ACM symposium on Access control models and technologies (SACMAT'05), pp. 102-110. Jun. 2005.
  16. N. Gustaf, S. Mark, "An Approach to Engineer and Enforce Context Constraints in an RBAC Environment", Symposium on Access Control Models and Technologies(SACMAT 2003), pp. 65-79, Jun. 2003.