Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/66857
Full metadata record
???org.dspace.app.webui.jsptag.ItemTag.dcfield??? | Value | Language |
---|---|---|
dc.contributor.advisor | 賴飛羆 | |
dc.contributor.author | Dailun Chiang | en |
dc.contributor.author | 江岱倫 | zh_TW |
dc.date.accessioned | 2021-06-17T01:09:41Z | - |
dc.date.available | 2025-02-04 | |
dc.date.copyright | 2020-02-04 | |
dc.date.issued | 2020 | |
dc.date.submitted | 2020-01-17 | |
dc.identifier.citation | 1. U. S. Department of Health and Human Services Personal health records and the HIPAA privacy rule. 2008; Available from: http://www.hhs.gov.
2. S. S. Shete and C. S. Kulkarni, “Database Security using Role-Based Access Control System,” International Journal of Engineering Science and Computing, Vol. 6, No. 6, pp. 8047-5053, 2016. 3. C. C. Chang, I. Lin, H. Tsai, and H. Wang, “A Key Assignment Scheme for Controlling Access in Partially Ordered User Hierarchies,” International Conference on Advanced Information Networking and Application (AINA'04), Vol. 2, pp. 376-379, 2004. 4. D. E. Denning, S. G. Akl, M. Morgenstern, and P. G. Neumann, “Views for Multilevel Database Security,” IEEE Symposium on Security and Privacy, Oakland, Vol. 13, No. 2, pp. 129-140, 1987. 5. D. A. Albertini, B. Carminati and E. Ferrari, “An Extended Access Control Mechanism Exploiting Data Dependencies,” International Journal of Information Security,Vol. 16, No. 1, pp. 75-89, 2016. 6. F. Karimi and M. Esmaeilpour, “A Dynamic Media Access Control Protocol For Controlling Congestion In Wireless Sensor Network By Using Fuzzy Logic System And Learning Automata,” International Journal of Computer Science and Information Security, Vol. 14, No. 4, pp. 445-460, 2016. 7. Y. Zhou, E. Peng, C. Guo, “A Random-Walk Based Privacy-Preserving Access Control for Online Social Networks,” International Journal of Advanced Computer Science and Applications, Vol. 7, No. 2, pp. 74-79, 2016. 8. J. McHugh, and A. P. Moore, “A Security Policy and Formal Top Level Specification for a Multilevel Secure Local Area Network,” IEEE Symposium on Security and Privacy, pp. 34-39, 1986. 9. K. Onarliogluamd and W. Robertson, “Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems,” International Conference on Dependable Systems and Networks, pp. 443-454, 2016. 10. L. J. Fraim, “A Solution to Multilevel Security Problem,” IEEE Transactions on Computers, Vol. 16, No. 7, pp. 26-34, 1983. 11. P. Xiao, J. H. He, and Y. F. Fu, “Distributed Group Key Management in Wireless Mesh Networks,” International Journal of Security and Its Applications, Vol. 6, No. 2, pp. 115-120, 2012. 12. K. V. Babu, O. S. Rao, and Dr. M. K. Prasad, “Secured Tree Based Key Management in Wireless Broadcast Services,” International Journal of Engineering Science and Technology, Vol. 4, No. 2, pp. 523-529, 2012. 13. E. Bertino, N. Shang, and S. S. Wagstaff, “An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting,” IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 2, pp. 65-70, 2008. 14. B. Thuraisingham, “Security and Privacy for Multimedia Database Management Systems,” Multimedia Tools and Applications, Vol. 33, No. 1, pp. 13-29, 2007. 15. J. Bogaerts, B. Lagaisse and W. Joosen, “Idea: Supporting Policy-Based Access Control on Database Systems,” International Symposium on Engineering Secure Software and Systems, pp. 251-259, 2016. 16. Z. Zhao, B. Liu, and J. Li, “Research and Design of Database Encryption System Based on External DBMS,” Computer Engineering and Design, Vol. 29, No. 12, pp. 3030-3032, 2008. 17. N. C. Rathore and S. Tripathy, “A Trust-based Collaborative Access Control Model with Policy Aggregation for Online Social Networks,” Social Network Analysis and Mining, Vol. 7, No. 7, 2017. 18. M. Ni, Y. Zhang, W. Han and J. Pang, “An Empirical Study on User Access Control in Online Social Networks,” Proceedings of the 21st ACM Symposium on Access Control Models and Technologies, pp. 13-23, 2016. 19. Y. Cheng, J. Park and R. Sandhu, “An Access Control Model for Online Social Networks Using User-to-User Relationships,” IEEE Transactions on Dependable and Secure Computing, Vol. 13, No. 4, pp. 424-436, 2016. 20. K. W. Kongsgard, N. A. Nordbotten, F. Mancini, and P. E. Engelstad, “Data Loss Prevention Based on Text Classification in Controlled Environments,” International Conference on Information Systems Security, pp. 131-150, 2016. 21. D. E. Marcinko, and H. R. Hetico, “Dictionary of Health Information Technology and Security,” Springer Publishing Company, New York, 2007. 22. D. Michael and M. D. Ries, “Electronic Medical Records: Friends or Foes?,” Clinical Orthopedics and Related Research, Vol. 472, No. 1, pp. 16-21, 2014. 23. C. H. Chang, T. H. Lee, Y. J. Chang, K. C. Chang, M. Shieh, and Y. Shieh, “ Novel Electronic Medical Record-Based Stroke Registry System,” 2014 IEEE International Conference on Consumer Electronics (ICCE), pp.185-186, 2014. 24. J. S. Alpert, “The Electronic Medical Record in 2016: Advantages and Disadvantages,” Digital Medicine, Vol. 2, No. 2, pp. 48-51, 2016. 25. C. Safran and H. Goldberga, “Electronic Patient Records and the Impact of the Internet,” International Journal of Medical Informatics, Vol. 60, No. 2, pp. 77-83, 2000. 26. L. L. Dimitropoulos, “Privacy and Security Solutions for Interoperable Health Information Exchange: Interim Assessment of Variation Executive Summary,” Research Triangle Institute International, pp. 1-2, 2007. 27. P. Ray and J. Wimalasiri, “The Need for Technical Solutions for Maintaining the Privacy of HER,” Engineering in Medicine and Biology Society, Vol. 1, pp. 4686-4689, 2006. 28. I. Vaghefi, J. B. Hughes, S. Law, M. Lortie, C. Leaver, L. Lapointe, “Understanding the Impact of Electronic Medical Record Use on Practice-Based Population Health Management: A Mixed-Method Study,” Journal of Medical Internet Research Medical Informatics, Vol. 4, No. 2, 2016. 29. M. Y. Becker and P. Sewell, “Cassandra: Flexible Trust Management, Applied to Electronic Health Records,” Proceedings of the 17th IEEE workshop on Computer Security Foundations, pp. 139, June 28-30, 2004. 30. J. Jin, G. J. Ahn, H. Hu, M. J. Covington and X. Zhang, “Patient-centric Authorization Framework for Sharing Electronic Health Records,” Proceedings of the 14th ACM Symposium on Access Control Models and Technologies SACMAT 09, pp. 125-134, 2009. 31. P. C. Tang, et al., “Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption,” Journal of the American Medical Informatics Association, Vol. 13, No. 2, pp. 121-126, 2006. 32. Z. Gao, D. Y. Wang, S. H. Wan, H. Zhang, & Y. L. Wang, “Cognitive-inspired Class-statistic Matching with Triple-constrain for Camera Free 3D Object Retrieval,” Future Generation Computer Systems, Vol. 94, pp. 641-653, 2019. 33. Y. Xia, S. Qu, & S. Wan, “Scene Guided Colorization Using Neural Networks,” Neural Computing and Applications, pp. 1-14, 2018. 34. B. Adida, and I. S. Kohane, “GenePING: Secure, Scalable Management of Personal Genomic Data,” BMC genomics, Vol. 7, No. 1, pp. 93, 2006. 35. I. C. Señor, J. L. Fernández-Alemán, and A. Toval, “Are Personal Health Records Safe? A Review of Free Web-accessible Personal Health Record Privacy Policies,” Journal of Medical Internet Research, Vol. 14, No. 4, 2012. 36. D. A. Jones, et al., “Characteristics of Personal Health Records: Findings of the Medical Library Association/national Library of Medicine Joint Electronic Personal Health Record Task Force,” Journal of the Medical Library Association: JMLA, Vol. 98, No. 3, pp. 243, 2010. 37. L. Fernandez-Luque, R. Karlsen, and J. Bonander, “Review of Extracting Information from the Social Web for Health Personalization,” Journal of Medical Internet Research, Vol. 13, No. 1, 2011. 38. World Health Organization. Preventing chronic diseases: a vital investment. Geneva: World Health Organization, 2005. 39. G. Ford, M. Compton, G. Millett, and A. Tzortzis, “The Role of Digital Disruption in Healthcare Service Innovation,” Service Business Model Innovation in Healthcare and Hospital Management, pp. 57-70, 2016. 40. P. Zhang, et al., “Fhir Chain: Applying Blockchain to Securely and Scalable Share Clinical Data,” Computational and Structural Biotechnology Journal, Vol. 16, pp. 267-278, 2018. 41. S. Ding, S. Qu, Y. Xi, & S. Wan, “A Long Video Caption Generation Algorithm for Big Video Data Retrieval,” Future Generation Computer Systems, Vol. 93, pp. 583-595, 2019. 42. Y. Zhao, H. Li, S. Wan, A. Sekuboyina, X. Hu, G. Tetteh, M. Piraud, and B. Menze, “Knowledge-aided Convolutional Neural Network for Small Organ Segmentation,” IEEE Journal of Biomedical and Health Informatics. 43. I. Masood, et al., “Towards Smart Healthcare: Patient Data Privacy and Security in Sensor-Cloud Infrastructure,” Wireless Communications and Mobile Computing, 2018. 44. P. Thummavet, and S. Vasupongayya, “A Novel Personal Health Record System for Handling Emergency Situations,” International Computer Science and Engineering Conference (ICSEC), 2013. 45. P. Thummavet, and S. Vasupongayya, “Privacy-preserving Emergency Access Control for Personal Health Records,” Maejo International Journal of Science and Technology, Vol. 9, No. 1, pp. 108-120, 2015. 46. E. Bierman, T. Pretoria, and E. Cloete, “Classification of Malicious Host Threats in Mobile Agent Computing,” The South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, pp. 141-148, 2002. 47. J. H. Li, “Hierarchy-Based Key Assignment Scheme with Date-Constraint,” Master Thesis, Feng Chia University, Taichung, 2004. 48. D. E. Knuth, 《The Art of Computer Programming》, 3rd Ed., Addison-Wesley, Reading, MA, 1998. 49. Kai-Po Yang, “Constraint and Role-Based Access Control Model in Service Oriented Architecture for Healthcare Services,” Master Thesis, Tzu Chi University, 2012. Available from: https://hdl.handle.net/11296/ft4msd 50. D. E. Knuth, “Seminumerical Algorithms, Vol. 2, The Art of Computer Programming,” 3rd edition, Addison-Wesley, 1998 51. N. Bruce and Hoon Jae Lee, 'Cryptographic computation of private shared key based mutual authentication protocol: Simulation and modeling over wireless networks,' The International Conference on Information Networking 2014 (ICOIN2014), pp. 578-582. doi: 10.1109/ICOIN.2014.6799747 52. I. Indu and P. M. R. Anand, 'Hybrid Authentication and Authorization Model for Web-based Applications,' 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2016, pp. 1187-1191. doi: 10.1109/WiSPNET.2016.7566324 | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/66857 | - |
dc.description.abstract | 資訊科技在臨床的應用已行之有年,醫療資訊系統不僅能減少醫護人員之醫療疏失、即時提供個人就醫紀錄史,還能提高就醫品質。維護醫療資訊需仰賴醫療資訊系統服務,避免洩漏重要個資和不當使用。現今越來越多的醫療組織需要強大且完善的醫療資訊管理系統,以提供優質的醫療服務,進而提升客戶滿意度,因此資訊管理者的任務就在於建立醫療組織可靠資料儲存平台。
已開發國家建立相關組織規範電子病歷的準則,有助於個人健康紀錄的推展。結合網際網路以及可攜式媒體發展出新興型態之個人健康紀錄,以提供完整且無誤的個人健康與醫療歷史資訊。當智慧型行動裝置愈加普及,其衍伸出的資訊安全防護需求也開始於市場醞釀,為防範網路上的惡意攻擊,必需建立一個有效且安全的存取機制。其中檔案管理機制成為資訊分享過程的關鍵。 本論文使用存取控制和Lagrange插值法以提出一個存取控制機制,來確保醫療資訊分享的安全性與機密性。個人健康紀錄 (PHR) 為患者相當隱私的健康醫療資訊,其隱私設定及存取權限必須嚴格控管。此外,個人健康紀錄系統讓合法使用者存取以外,也必須避免無權限或外部使用者非法存取。 因此,本論文是以攻擊者的角度進行安全性分析;本論文所提出的存取控制與金鑰管理機制可有效且全面性地保護各醫療院所分享的醫療資訊。 | zh_TW |
dc.description.abstract | As information technology has been applied to clinics for years, medical information systems have revolutionized medical matters to instantly provide a history of personal medical records, which brings a new breakthrough in avoiding mistakes and also improves the quality of medical services at the same time. Well-designed medical information systems are required by a lot of health care institutions than before for providing high-quality health care services and enhancing customer satisfaction. Therefore, information managers are entrusted to build reliable data storage platforms for health care institutions.
Many developed countries establish relevant organizations with electronic medical record standards that help the development of personal health records. Personal health records are patients’ health care information, which can integrate health records from various sources and provide complete personal health information through the Internet or portable media. Along with the popularity of smart mobile devices, the need for information security protection emerges in medical application. Secure access control promotes the effectiveness of information sharing under secure conditions. A secure access control system plays a major role in the process of sharing data. Through controlling access based on lagrange interpolation, a mechanism suitable for clinic is proposed to ensure the security and confidentiality of health care information mentioned. To protect private information, privacy settings and access authority are strictly controlled. Aside from providing users with access authority for reasonable access, the personal health record system should be able to avoid illegal access from external users or any others without authority. his study reaches the security mechanism from the perspective of hackers. According to the analysis results, the access control management mechanism proposed in this study can protect presonal health record information efficiently and share among different medical institutions. | en |
dc.description.provenance | Made available in DSpace on 2021-06-17T01:09:41Z (GMT). No. of bitstreams: 1 ntu-109-D04945003-1.pdf: 2010689 bytes, checksum: 26f137d59258ebf2e5921b8cfa8240e7 (MD5) Previous issue date: 2020 | en |
dc.description.tableofcontents | 中文摘要 I
Abstract IV Chapter I Introduction 1 1.1 Overview 2 1.1.1 Introduction to Electronic Medical Record, Electronic Health Record, and Personal Health Record 3 1.1.2 National Health Insurance and Electronic Patient Record Transmit Protocol 4 1.2 Research Background 5 1.3 Research Object 7 1.4 Thesis Organization 9 Chapter II Literature Review 11 2.1 Role Based Access Control in Hospital Information System 11 2.2 System Operation in Hospital 14 2.3 Introduction to Access Token 16 2.4 Disadvantages of Web-based Access Control 18 2.5 Hash Function 18 Chapter III Research Method 20 3.1 Usage Scenarios of Medical System on Cloud 20 3.2 Lagrange Interpolation Polynomial 22 3.3 Secure Dynamic Access Control Scheme of PHR Methodology 23 Chapter IV Research System 29 4.1 Establishment of Access Rights for Users and Files 29 4.1.1 System Method Establishment 30 4.2 Dynamic Access Control Mechanism for Users and Files 39 Chapter V Security Analysis 43 5.1 External Attack 43 5.2 Internal Attack 44 5.3 Integrated Attack 47 5.4 Equation Attack 49 Chapter VI Conclusion & Future Work 53 Reference 55 | |
dc.language.iso | en | |
dc.title | 適用於醫療資訊之個人健康紀錄的安全存取控制系統 | zh_TW |
dc.title | Secure Access Control System for Personal Health Record of Medical Information | en |
dc.type | Thesis | |
dc.date.schoolyear | 108-1 | |
dc.description.degree | 博士 | |
dc.contributor.oralexamcommittee | 孫維仁,趙坤茂,周迺寬,陳澤雄,鐘玉芳 | |
dc.subject.keyword | 存取控制,以角色為基礎存取控制,醫療資訊管理,個人健康紀錄,金鑰管理機制, | zh_TW |
dc.subject.keyword | Access Control,Role-Based Access Control,Medical Information Management,Personal Health Records,Key Management Mechanism, | en |
dc.relation.page | 61 | |
dc.identifier.doi | 10.6342/NTU202000110 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2020-01-17 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 生醫電子與資訊學研究所 | zh_TW |
Appears in Collections: | 生醫電子與資訊學研究所 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
ntu-109-1.pdf Restricted Access | 1.96 MB | Adobe PDF |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.