Privacy-preserving Distributed Access Control for Medical Data

Christian Maulany, Majid Nateghizad, Bart Mennink, Zekeriya Erkin
2018 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications   unpublished
The availability of wearable devices such as smartwatches and fitness trackers are a recent development. Among other things, these devices can measure the activity and vital signs of their wearers. As the types of data these devices are able to gather increases the potential for them to be used as a source of data grows. This calls for a secure method of controlling the digital exchange of medical data between wearables and healthcare providers, and healthcare providers in general. By enforcing
more » ... neral. By enforcing the exchange of data to go through a central authority, a patient can be given more control over who is able to access his medical data. This central authority is then given the task of monitoring access and ensuring that all access requirements are met. Though effective, this solution relies on a highly trusted central authority. In this work, we propose a scheme using Polymorphic Encryption and Pseudonomysation and Secret Sharing to provide anonymous data storage and data exchange. Our proposal removes the need for a central authority, and instead uses a group of authorities, of which a quorum is needed to facilitate the exchange of data.
doi:10.5220/0006841403220331 fatcat:vih5m2xunndwdoahpjpoh2kb3q