Yu-Fang Chung

A Secure Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. In recent years, the increased availability of lower-cost telecommunications systems and custom made physiological monitoring devices for patients have made it possible to bring the advantages of telemedicine directly into the patient’s home. These systems are moving towards an environment where automated patient medical records and electronically interconnected telecare facilities are prevalent. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. Many schemes based on cryptography have been proposed for the goals. However, much of the schemes are vulnerable to various attacks, and are neither efficient, nor user friendly. Specially, in terms of efficiency, some schemes need the exponential computation resulting in high time cost. Therefore, we propose a novel authentication scheme that is added the pre-computing idea within the communication process to avoid the time-consuming exponential computations. Finally, it is shown to be more secure and practical for telecare medicine environments.

Efficient migration for mobile computing in distributed networks

The speed and convenience of the Internet makes it advantageous to online applications. Basing on the elliptic curve cryptosystem, this study proposes a hierarchical mobile agent framework for handling key management and access control problems between mobile agent and host. It raises the security of key management, and also controls access to distributed environment in non-specific network. The proposed method successfully secures the accessing relationship between the mobile agent and the host while economizing the exhaust of storage space. Such an achievement lets the mobile agent operate efficiently, and puts in order a secure execution environment for mobile computing.

Evaluating Self-Management Behaviors of Diabetic Patients in a Telehealthcare Program: Longitudinal Study Over 18 Months

Background Self-management is an important skill for patients with diabetes, and it involves frequent monitoring of glucose levels and behavior modification. Techniques to enhance the behavior changes of diabetic patients have been developed, such as diabetes self-management education and telehealthcare. Although the patients are engaged in self-management activities, barriers to behavior changes remain and additional work is necessary to address the impact of electronic media and telehealthcare on patient self-care behaviors. Objective The aims of this study were to (1) explore the behaviors of diabetic patients interacting with online applications, (2) determine the impact of a telehealthcare program among 7 self-care behaviors of the patients, and (3) determine the changes in glycosylated hemoglobin (HbA1c) levels. Methods A telehealthcare program was conducted to assist the patients with 7 self-care activities. The telehealthcare program lasted for 18 months and included the use of a third-generation mobile telecommunications glucometer, an online diabetes self-management system, and a teleconsultant service. We analyzed the data of 59 patients who participated in the telehealthcare program and 103 who did not. The behavioral assessments and the HbA1c data were collected and statistically analyzed to determine whether the telehealthcare services had an impact on the patients. We divided the 18-month period into 3 6-month intervals and analyzed the parameters of patients assisted by the telehealthcare service at different time points. We also compared the results of those who were assisted by the telehealthcare service with those who were not. Results There was a significant difference in monitoring blood glucose between the beginning and the end of the patient participation (P=.046) and between the overall period and the end of patient participation (P<.001). Five behaviors were significantly different between the intervention and control patients: being active (P<.001), healthy eating (P<.001), taking medication (P<.001), healthy coping (P=.02), and problem solving (P<.001). Monitoring of blood glucose was significantly different (P=.02) during the 6-12 month stage of patient participation between the intervention and control patients. A significant difference between the beginning and the 6-12 month stage of patient participation was observed for the mean value of HbA1c level (P=.02), and the differences between the overall HbA1c variability and the variability of each 6-month interval was also significant. Conclusions Telehealthcare had a positive effect on diabetic patients. This study had enhanced blood glucose monitoring, and the patients in the program showed improvements in glycemic control. The self-care behaviors affect patient outcomes, and the changes of behavior require time to show the effects.

A Password-Based User Authentication Scheme for the Integrated EPR Information System

With the rapid development of the Internet, digitization and electronic orientation are required in various applications of our daily life. For e-medicine, establishing Electronic patient records (EPRs) for all the patients has become the top issue during the last decade. Simultaneously, constructing an integrated EPR information system of all the patients is beneficial because it can provide medical institutions and the academia with most of the patients’ information in details for them to make correct decisions and clinical decisions, to maintain and analyze patients’ health. Also beneficial to doctors and scholars, the EPR system can give them record linkage for researches, payment audits, or other services bound to be developed and integrated into medicine. To tackle the illegal access and to prevent the information from theft during transmission over the insecure Internet, we propose a password-based user authentication scheme suitable for information integration.

A conference key agreement protocol with fault-tolerant capability

Secure communication is of utmost importance to participants of Internet conferences. Secure communication thwarts eavesdropping. In an Internet conference, all conference participants together establish a common conference key to enable multi-party and secure exchange of messages. However, malicious conference participants may try to obtain the conference key through unfair means, and this could result in the generation of different conference keys. This paper is intended as a proposal of a new form of conference key agreement protocol. It emphasizes the filtering of malicious participants at the beginning of the conference to ensure that all participants obtain the same conference key. The proposed method also has fault-tolerant capability. Efficiency and security of a protocol is important in practice. The security of the proposed protocol is based on discrete logarithm problem assumption. The protocol is executed in computationally secure environment. The secret information of a user cannot be determined from its corresponding public information and therefore ensures privacy. Since efficiency of a protocol depends on low computation cost, the protocol attempts to achieve lower computation cost without compromising on security.

The Enhancement of Security in Healthcare Information Systems

With the progress and the development of information technology, the internal data in medical organizations have become computerized and are further established the medical information system. Moreover, the use of the Internet enhances the information communication as well as affects the development of the medical information system that a lot of medical information is transmitted with the Internet. Since there is a network within another network, when all networks are connected together, they will form the “Internet”. For this reason, the Internet is considered as a high-risk and public environment which is easily destroyed and invaded so that a relevant protection is acquired. Besides, the data in the medical network system are confidential that it is necessary to protect the personal privacy, such as electronic patient records, medical confidential information, and authorization-controlled data in the hospital. As a consequence, a medical network system is considered as a network requiring high security that excellent protections and managerial strategies are inevitable to prevent illegal events and external attacks from happening. This study proposes secure medical managerial strategies being applied to the network environment of the medical organization information system so as to avoid the external or internal information security events, allow the medical system to work smoothly and safely that not only benefits the patients, but also allows the doctors to use it more conveniently, and further promote the overall medical quality. The objectives could be achieved by preventing from illegal invasion or medical information being stolen, protecting the completeness and security of medical information, avoiding the managerial mistakes of the internal information system in medical organizations, and providing the highly-reliable medical information system.

An agent-based English auction protocol using Elliptic Curve Cryptosystem for mobile commerce

Rapid development of the Internet and the extensive use of mobile phones have increased demand for mobile devices in Internet auctions. This trend is acting as an incentive to develop an auction model for mobile-based environment. Recently, Kuo-Hsuan Huang proposed a mobile auction agent model (MoAAM), which allows the bidders to participate in online auctions through a mobile agent. He used modular exponentiation operations in his method. As a result, the processing time for key generation, bidding, and verification were long. Thus, we propose to add the concept of Elliptic Curve Cryptosystem (ECC) onto MoAAM, because ECC has low computation amount and small key size, both of which will aid to increase the speed in generating keys, bidding, and verification. In terms of reduction of computation load on mobile devices and auction-manager server, the proposed method will make online auction system more efficient as well as more convenient to use. This paper mainly uses the English auction protocol as the key auction protocol. The protocol consists of four entities: Registration Manager (RM), Agent House (AH), Auction House (AUH), and Bidders (B). The Registration Manager registers and verifies Bidder identity. The Agent House manages the agents and assigns public transaction keys to Bidders. The Auction House provides a place for auction and maintains all necessary operations for a smooth online auction. Bidders are buyers who are interested in purchasing items at the auction. Our proposed method conforms to the requirements of an online auction protocol in terms of anonymity, traceability, no framing, unforgetability, non-repudiation, fairness, public verifiability, unlinkability among various auction rounds, linkability within a single auction round, efficiency of bidding, one-time registration, and easy revocation.

Redactable Signatures for Signed CDA Documents

The Clinical Document Architecture, introduced by Health Level Seven, is a XML-based standard intending to specify the encoding, structure, and semantics of clinical documents for exchange. Since the clinical document is in XML form, its authenticity and integrity could be guaranteed by the use of the XML signature published by W3C. While a clinical document wants to conceal some personal or private information, the document needs to be redacted. It makes the signed signature of the original clinical document not be verified. The redactable signature is thus proposed to enable verification for the redacted document. Only a little research does the implementation of the redactable signature, and there still not exists an appropriate scheme for the clinical document. This paper will investigate the existing web-technologies and find a compact and applicable model to implement a suitable redactable signature for the clinical document viewer.

A novel application of grey system theory to information security (Part I)

This study applies the grey data generating techniques in grey system theory on a novel cryptosystem, which is guiding a new research in the field of information security. In this paper, we present the concepts of sum-lock, difference-lock, sum-ladder, and difference-ladder. Using these concepts, we can obtain a cryptosystem with lock generation and sum-difference mixed ladder. The cryptographic algorithms for our cryptosystem are also presented and an illustrative example is used to verify it.

A Study on Agent-Based Secure Scheme for Electronic Medical Record System

Patient records, including doctors’ diagnoses of diseases, trace of treatments and patients’ conditions, nursing actions, and examination results from allied health profession departments, are the most important medical records of patients in medical systems. With patient records, medical staff can instantly understand the entire medical information of a patient so that, according to the patient’s conditions, more accurate diagnoses and more appropriate in-depth treatments can be provided. Nevertheless, in such a modern society with booming information technologies, traditional paper-based patient records have faced a lot of problems, such as lack of uniform formats, low data mobility, slow data transfer, illegible handwritings, enormous and insufficient storage space, difficulty of conservation, being easily damaged, and low transferability. To improve such drawbacks, reduce medical costs, and advance medical quality, paper-based patient records are modified into electronic medical records and reformed into electronic patient records. However, since eletronic patient records used in various hospitals are diverse and different, in consideration of cost, it is rather difficult to establish a compatible and complete integrated electronic patient records system to unify patient records from heterogeneous systems in hospitals. Moreover, as the booming of the Internet, it is no longer necessary to build an integrated system. Instead, doctors can instantly look up patients’ complete information through the Internet access to electronic patient recoreds as well as avoid the above difficulties. Nonetheless, the major problem of accessing to electronic patient records cross-hospital systems exists in the security of transmitting and accessing to the records in case of unauthorized medical personnels intercepting or stealing the information. This study applies the Mobile Agent scheme to cope with the problem. Since a Mobile Agent is a program, which can move among hosts and automatically disperse arithmetic processes, and moves from one host to another in heterogeneous network systems with the characteristics of autonomy and mobility, decreasing network traffic, reducing transfer lag, encapsulating protocol, availability on heterogeneous platforms, fault-tolerance, high flexibility, and personalization. However, since a Mobile Agent contacts and exchanges information with other hosts or agents on the Internet for rapid exchange and access to medical information, the security is threatened. In order to solve the problem, this study proposes a key management scheme based on Lagrange interpolation formulas and hierarchical management structure to make Mobile Agents a more secure and efficient access control scheme for electronic patient record systems when applied to the access of patients’ personal electronic patient records cross hospitals. Meanwhile, with the comparison of security and efficacy analyses being the feasibility of validation scheme and the basis of better efficiency, the security of Mobile Agents in the process of operation can be guaranteed, key management efficacy can be advanced, and the security of the Mobile Agent system can be protected.