Access Control by Secure Multi-Party EPR Decryption in the Medical Scenario

S. Eskeland (Norway)

Keywords

Cryptographic protocols, threshold cryptography, secure multi-party computations, cryptographic access control.

Abstract

Due to that medical patient data may be highly confiden tial, it is essential that electronic patient records (EPR) are properly protected. Accordingly, only legitimate medical personnel should be allowed access to relevant patient data. In this regard, it is reasonable that patients should be able to exert control over their own medical data. In this paper, we propose a security scheme that allows electronic patient records or specific EPR modules to be stored encrypted at the EPR server where each EPR is encrypted with a unique and secret key. In order to obtain access to the protected medical data, medical teams collaborate with the concern ing patient in order to blindly reconstruct EPR cryptokeys for decryption at the EPR server. The scheme prohibits the secret EPR cryptokeys from being disclosed to any party, and it is privacy-preserving in the sense that the collabo rating parties are able to perform the computations without revealing their private inputs to each other.

Important Links:



Go Back