Methods Inf Med 2014; 53(01): 3-13
DOI: 10.3414/ME12-01-0078
Review Article
Schattauer GmbH

Authentication Systems for Securing Clinical Documentation Workflows

A Systematic Literature Review
J. Schwartze
1   Peter L. Reichertz Institute for Medical Informatics, University of Braunschweig – Institute of Technology and Hanover Medical School, Braunschweig, Germany
,
B. Haarbrandt
1   Peter L. Reichertz Institute for Medical Informatics, University of Braunschweig – Institute of Technology and Hanover Medical School, Braunschweig, Germany
,
D. Fortmeier
2   University of Luebeck, Institute of Medical Informatics, Luebeck, Germany
,
R. Haux
1   Peter L. Reichertz Institute for Medical Informatics, University of Braunschweig – Institute of Technology and Hanover Medical School, Braunschweig, Germany
,
C. Seidel
3   Medical Center Braunschweig, Department for Information Technology and Business Development, Braunschweig, Germany
› Author Affiliations
Further Information

Publication History

received: 23 August 2012

accepted: 12 September 2013

Publication Date:
20 January 2018 (online)

Summary

Context: Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear.

Objective: To create a summary of usable user authentication systems suitable for clinical workflows.

Data Source: A Systematic literature review based on nine online bibliographic databases. Search Keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done.

Selection: Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently.

Data Extraction and Assessment: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau.

Results: Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of ap -plicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes.

Conclusions: Suitability strongly depends on national or institutional requirements. Four authentication systems seem to fulfill requirements of authentication procedures for clinical workflows. Research is needed in the area of continuous authentication with biometric methods. A proper authentication system should combine all factors of au -thentication implementing and connecting secure individual measures.

 
  • References

  • 1 Apfelbaum S. Transformation im Notariat [Transformation at civil law notaries]. Conference talk: Fachkonferenz: Rechtssichere elektronische Archivierung [Lawful electronic archiving], Dez 13, 2007, Berlin. Kassel: Kassel University; 2007. [in German]
  • 2 Wilke D. Rechtsfragen der Transformation [Questions of law of transformation]. Conference talk: Fachkonferenz: Rechtssichere elektronische Archivierung [Lawful electronic archiving], Dez 13, 2007, Berlin. Kassel: Kassel Univerity; 2007. [in German]
  • 3 Roßnagel A. Transformation beim Scannen - Rechtsfragen und Lösungen [Transformation by scanning - Questions of law and solutions]. Conference talk: Fachkonferenz: Rechtssichere elektronische Archivierung [Lawful electronic archiving], Dez 13, 2007, Berlin. Kassel: Kassel University; 2007. [in German]
  • 4 Roßnagel A, Fischer-Dieskau S, Jandt S, Knopp M. Langfristige Aufbewahrung elektronischer Dokumente [Long-term keeping of electronic documents]. Baden-Baden; Nomos: 2007. [in German]
  • 5 Signaturgesetz vom 16. Mai 2001 (BGBl. I S 876), das zuletzt durch Artikel 4 des Gesetzes vom 17. Juli 2009 (BGBl. I S. 2091) geändert worden ist; 2009. [Signature law of May 16, 2001 (BGBl. I, p 876), last changed by the 4th act of the law of July 17, 2009 (BGBl. I, p 2091). 2009
  • 6 Signaturverordnung vom 16. November 2001 (BGBl. I S 3074), die zuletzt durch Artikel 1 der Verordnung vom 15. November 2010 (BGBl. I S. 1542) geändert worden ist; 2010. [Signature decree of November 17, 2001 (BGBl. I, p 3074), last changed by the 1st act of the decree of November 15, 2010 (BGBl. I p. 1542). 2010
  • 7 Seidel C, Kosock H, Brandner A, Balfanz J, Schmücker P. Empfehlungen für den Einsatz elektronischer Signaturen und Zeitstempel in Versorgungseinrichtungen des Gesundheitswesens [Advices for application of electronic signatures and timestamps in health care institutions]. Braunschweig: Competence center for the electronic signature in health care e.V. CCESigG 2010
  • 8 Miller B. Vital signs of identity [biometrics]. Spectrum, IEEE 1994; 31 (02) 22-30.
  • 9 Morris R, Thompson K. Password security: a case history. Commun ACM 1979; 2 (011) 594-597.
  • 10 Porter NS. A password extension for improved human factors. Computers and Security 1982; 1 (01) 54-56.
  • 11 Almulhem A. A Graphical Password Authentication System. In 2011 World Congress on Internet Security (WorldCIS-2011); Feb 21–23, 2011. London: Curran Association; 2011. pp 223-225.
  • 12 Niinuma K, Jain AK. Continuous User Authentication Using Temporal Information. In: Proceedings of the SPIE - The International Society for Optical Engineering; April 14,. 2010. Orlando, Florida: 2010. p 10
  • 13 Jain A, Bolle R, Pankanti S. Biometrics: personal identification in a networked society. The Kluwer international series in engineering and computer science. Kluwer 1999
  • 14 Jain A, Ross A, Prabhakar S. An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 2004; 14 (01) 4-20.
  • 15 Jagadeesan H, Hsiao MS. A Novel Approach To Design Of User Re-Authentication Systems. IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems - BTAS; Sept 28-30. 2009. Washington, DC.: Curran Association; 2009. p 6
  • 16 Federal Office for Information Security. IT-Grundschutz Kataloge 11. Ergänzungslieferung. Bonn: Federal Office for Information Security 2009 [in German]
  • 17 Decree 1999/93/EG of the European Parliament of Dezember 13, 1999 about common regulations for electronic signatures 2000
  • 18 Federal Office for Information Security. IT-Grundschutz Kataloge 12. Ergänzungslieferung. Bonn: Federal Office for Information Security 2011 [in German]
  • 19 Tsalakanidou F, Malassiotis S, Strintzis MG. A 3D Face And Hand Biometric System For Robust User-Friendly Authentication. Pattern Recognition Letters 2007; 28 (016) 2238-2249.
  • 20 Tsalakanidou F, Dimitriadis C, Malassiotis S. A Secure And Privacy Friendly 2D+3D Face Authentication System Robust Under Pose And Illumination Variations. In: Proceedings of the 4th International Symposium on Image and Signal Processing and Analysis - ISPA; Sept 15–17, 2005. pp 203-208.
  • 21 Tsalakanidou F, Malassiotis S. Application And Evaluation Of A 2D+3D Face Authentication System. In: Proceedings of 3DTV-CON, May 7–9, 2007. Kos Island.: Curran Associates; 2007. p 4
  • 22 Gandossi AJ, Liu W, Tjahyadi R, Xu L. A Biometric Approach To Linux Login Access Control. In: 9th International Conference on Control, Automation, Robotics and Vision - ICARCV ’06; Dec 5–6, 2006;. Grand Hyatt Singapore, Singapore.: Curran Associates; 2006. p 5
  • 23 Zhou J, Su G, Jiang C, Deng Y, Li C. A Face And Fingerprint Identity Authentication System Based On Multi-Route Detection. Neurocomputing 2007; 70 (04) (06) 922-931.
  • 24 Hiew B Y, Teoh A B J, Yin O S. A Secure Digital Camera Based Fingerprint Verification System. Journal of Visual Communication and Image Representation 2010; 21 (03) 219-231.
  • 25 Ravikanth C, Kumar A. Biometric Authentication Using Finger-Back Surface. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition, CVPR’07. Biometrics Research Laboratory, Department of Electrical Engineering, Indian Institute of Technology Delhi, Hauz Khas, New Delhi 110 016, India 2007; p 7
  • 26 Savic T, Pavesic N. Personal Recognition Based On An Image Of The Palmar Surface Of The Hand. Pattern Recognition 2007; 40 (011) 3152-3163.
  • 27 Rowe RK, Uludag U, Demirkus M, Parthasaradhi S, Jain AK. A Multispectral Whole-Hand Biometric Authentication System. In: 2007 Biometrics Symposium, BSYM. Lumidigm Inc. 2007; p 5
  • 28 Sun X, Lin CY, Li MZ, Lin HW, Chen QW. A Dsp-Based Finger Vein Authentication System. In: 4th International Conference on Intelligent Computation Technology and Automation, ICICTA 2011. Bd. 2. Sun Yat-Sen University, Guangzhou; Guang- dong, 510080, China: 2011. pp 333-336.
  • 29 Rybnik M, Tabedzki M, Saeed K. A Keystroke Dynamics Based System For User Identification. 7th Computer Information Systems and Industrial Management Applications (CISIM 2008) 2008; 1 (02) 6.
  • 30 Fang WP, Lee HR, Line FP. An Novel Two Layer User Identification Method. IEEE International Conference on Intelligence and Security Informatics (ISI 2008) 2008; 3 (07) 2.
  • 31 Hwang S, Lee H, Cho S, Chen H, Wang FY, Yang CC. et al Improving Authentication Accuracy Of Unfamiliar Passwords With Pauses And Cues For Keystroke Dynamics-Based Authentication. In: Intelligence and Security Informatics International Workshop, WISI 2006 Proceedings (Lecture Notes in Computer Science Vol 3917) 2006; 5 (012) 6.
  • 32 Tseng CW, Liu FJ, Lin TY. Design And Implementation Of A RFID-Based Authentication System By Using Keystroke Dynamics. In: IEEE International Conference on Systems, Man and Cybernetics, SMC 2010. Department of Information Management, Cheng Shiu University, Kaohsiung County, Taiwan 2010; pp 3926-3929.
  • 33 Eltahir WE, Salami MJE, Ismail AF, Lai WK. Design And Evaluation Of A Pressure-Based Typing Biometric Authentication System. EURASIP Journal on Information Security 2008; 4 (09) 15
  • 34 Ali H, Wahyudi Salami M. Keystroke Pressure Based Typing Biometrics Authentication System By Combining Ann- And Anfis-Based Classifiers. 5th International Colloquium on Signal Processing & Its Applications (CSPA 2009) 2009; 5 (013) 5.
  • 35 Martono W, Ali H, Salami MJE. Keystroke Pressure-Based Typing Biometrics Authentication System Using Support Vector Machines. In: International Conference on Computational Science and its Applications, ICCSA. 2007. Kuala Lumpur; Malaysia: 2007. pp 85-93.
  • 36 Aksari Y, Artuner H. Active Authentication By Mouse Movements. In: 24th International Symposium on Computer and Information Sciences, ISCIS 2009. Department of Computer Engineering, Hacettepe University, Beytepe Campus, 06532, Ankara, Turkey 2009; pp 571-574.
  • 37 Bours P, Fullu CJ. A Login System Using Mouse Dynamics. In: 5th International Conference on Intelligent Information Hiding and Multimedia Signal Processing. Gjvik University College, Norwegian Information Security Laboratories, Gjvik, Norway 2009; pp 1072-1077.
  • 38 Chang TY, Yang YJ, Peng CC. A Personalized Rhythm Click-Based Authentication System. Information Management & Computer Security 2010; 18 (02) 72-85.
  • 39 Hamdy O, Traore I, Georgescu S, Heikkinen S, Popescu M. Cognitive-Based Biometrics System For Static User Authentication. In: Fourth International Conference on Internet Monitoring and Protection (ICIMP 2009); May 24–28, 2009; Venice/Mestre. pp 90-97.
  • 40 El-Bendary N, Al-Qaheri H, Zawbaa HM, Hamed M, Hassanien AE, Zhao Q. HSAS - Heart Sound Authentication System. In: 2nd World Congress on Nature and Biologically Inspired Computing, NaBIC 2010. Arab Academy for Science, Technology and Maritime Transport, Cairo; Egypt: 2010. pp 351-356.
  • 41 Harada A, Isarida T, Mizuno T, Nishigaki M. A User Authentication System Using Schema Of Visual Memory. In: 2nd International Workshop on Biologically Inspired Approaches to Advanced Information Technology, BioADIT 2006. Japan: Shizuoka University; 2006. pp 338-345.
  • 42 Chiasson S, Van Oorschot PC, Biddle R. Graphical Password Authentication Using Cued Click Points. In: 12th European Symposium on Research in Computer Security, ESORICS 2007. Ottawa; Canada: 2007. pp 359-374.
  • 43 Almuairfi S, Veeraraghavan P, Chilamkurti N. IPAS: Implicit Password Authentication System. In: Proceedings of the 25th IEEE International Conference on Advanced Information Networking and Applications Workshops (WAINA 2011); March 22–25 2011; Biopolis. pp 430-435.
  • 44 Van Oorschot PC, Wan T. Twostep: An Authentication Method Combining Text And Graphical Passwords. In: E-Technologies: Innovation in an Open World, 4th International Conference, MCETECH 2009 May 4–6 2009. Ottawa; Canada. Springer: 2009. pp 233-239.
  • 45 ogon: Simplifying SignIn Experience [Internet]. Beijing: Worry Communications Information Technology Co.; c2009 [cited 11/29/2011]. Available from. http://www.51logon.com/
  • 46 Sasamoto H, Christin N, Hayashi E. Undercover: Authentication Usable In Front Of Prying Eyes. In: 26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008. CMU/CyLab, Sharp Corporation; Japan: 2008. pp 183-192.
  • 47 Oka M, Kato K, Xu Y, Liang L, Wen F. Scribble-A-Secret: Similarity-Based Password Authentication Using Sketches. In: 19th International Conference on Pattern Recognition, ICPR 2008. University of Tsukuba; Japan: 2008. p 4
  • 48 Weiss R, Luca AD. Passshapes-Utilizing Stroke Based Authentication To Increase Password Memorability. In: NordiCHI 2008Building Bridges -5th Nordic Conference on Human-Computer Interaction. Munich; Germany: 2008. pp 383-392.
  • 49 Yap RHC, Sim T, Kwang GXY, Ramnath R. Physical Access Protection Using Continuous Authentication. IEEE Conference on Technologies for Homeland Security (THS ’08); May 12–13. 2008. Waltham, MA; USA.: pp 510-512.
  • 50 Kumar S, Sim T, Janakiraman R, Zhang S. Using Continuous Biometric Verification To Protect Interactive Login Sessions. Proceedings 21st Annual Computer Security Applications Conference. 2006. IEEE Computer Society; Washington, DC, USA.: pp 441-450.
  • 51 Niinuma K, Park U, Jain AK. Soft Biometric Traits For Continuous User Authentication. IEEE Transactions on Information Forensics and Security 2010; 5 (04) 771-780.
  • 52 Rodwell PM, Furnell SM, Reynolds PL. A Non-Intrusive Biometric Authentication Mechanism Utilising Physiological Characteristics Of The Human Head. Computers and Security 2007; 26 (07) (08) 468-478.
  • 53 The HUMABIO Project [Internet]. Stuttgart (Germany): Fraunhofer Institute for Industrial Engineering IAO c2007 [cited 11/22/2011]. Available from http://www.humabio-eu.org
  • 54 The HUMABIO Project [Internet]. Stuttgart (Germany): Fraunhofer Institute for Industrial Engineering IAO; c2007 [cited 11/22/2011]. Pilot Tests; [about 4 pages]. Available from http://www.humabio-eu.org/pilot_tests.html
  • 55 Ferro M, Pioggia G, Tognetti A, Carbonaro N, De Rossi D. A Sensing Seat For Human Authentication. IEEE Transactions on Information Forensics and Security 2009; 4 (03) 771-780.
  • 56 Lorussi F, Scilingo EP, Tesconi M, Tognetti A, De Rossi D. Strain sensing fabric for hand posture and gesture monitoring. IEEE Transactions on Information Technology in Biomedicine 2005; 9 (03) 372-81.
  • 57 Ferro M, Pioggia G, Tognetti A, Dalle Mura G, De Rossi D. Event Related Biometrics: Towards an Unobtrusive Sensing Seat System for Continuous Human Authentication. In: 9th International Conference on Intelligent Systems Design and Applications, ISDA ’09 2009; pp 679-682.
  • 58 Lofthouse S. ePassport Extended Access Control. Temporal S. Limited 2006 [Whitepaper, 5 p.]
  • 59 Kinneging TAF. PKI for Machine Readable Travel Documents offering ICC Read-Only Access. International Civil Aviation Organization 2004
  • 60 Maiorana E, Campisi P, Neri A. Biometric signature authentication using radon transform-based watermarking techniques. In: 2007 Biometrics Symposium, BSYM. Nr. 3.; Sept 11–13 2007. Baltimore, MD; USA: 2007. p 6
  • 61 Spillane R. Keyboard apparatus for personal identification. IBM Technical Disclosure Bulletin 1975; 17: 3346
  • 62 CENELEC. European Standard EN 50133–1: Alarm systems. Access control systems for use in security applications. Part 1: System requirements Standard Number EN 50133–1:1996/A1:2002 Technical Body CLC/TC 79. European Committee for Electrotechnical Standardization 2002
  • 63 Mansfield T, Kelly G, Chandler D, Kane J. Biometric Product Testing Final Report. CESG 2001
  • 64 Killourhy KS, Maxion RA. Comparing anomaly-detection algorithms for keystroke dynamics. In: International Conference on Dependable Systems & Networks 2009. DSN’09. IEEE/IFIP. IEEE 2009; pp 125-134.
  • 65 O’Gorman L. Comparing passwords tokens and biometrics for user authentication. Proceedings of the IEEE 2003; 91 (012) 2021-2040.
  • 66 Blackburn D, Bone M, Phillips P. Face recognition vendor test 2000; Evaluation report. DTIC Document 2001
  • 67 Maio D, Maltoni D, Cappelli R, Wayman J, Jain A. FVC2000: fingerprint verification competition. IEEE Transactions on Pattern Analysis and Machine Intelligence 2002; 24 (03) 402-412.
  • 68 Martin A, Przybocki M. The NIST 1999 Speaker Recognition Evaluation - An Overview. Digital Signal Processing 2000; 10 (01) (03) 1-18.
  • 69 Bonneau J, Herley C, van Oorschot P, Stajano F. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In: IEEE Symposium on Security and Privacy (SP);May 20–23,. 2012. San Francisco, CA; USA.: pp 553-567.
  • 70 Dantcheva A, Dugelay JL. Frontal-to-side face re-identification based on hair skin and clothes patches. In: 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance (AVSS); Aug 30- Sep 2,. 2011. Klagenfurt; Austria.: pp 309-313.
  • 71 Osadchy M, Pinkas B, Jarrous A, Moskovich B. SCiFI - A System for Secure Face Identification. In: IEEE Symposium on Security and Privacy (SP); May 16–19. 2010. Oakland, CA, USA.: pp 239-254.
  • 72 Daugman J. New Methods in Iris Recognition. IEEE Transactions on Systems Man and Cybernetics Part B. Cybernetics 2007; 37 (05) 1167-1175.
  • 73 Si Y, Mei J, Gao H. Novel Approaches to Improve Robustness Accuracy and Rapidity of Iris Recognition Systems. IEEE Transactions on Industrial Informatics 2012; 8 (01) 110-117.
  • 74 Kumar A, Passi A. comparison and combination of iris matchers for reliable personal authentication. Pattern Recogn 2010; 43: 1016-1026.
  • 75 Mock K, Hoanca B, Weaver J, Milton M. Real-time continuous iris recognition for authentication using an eye tracker. In: Proceedings of the 2012 ACM conference on Computer and communications security. CCS ’12. New York NY USA: ACM; 2012. pp 1007-1009.
  • 76 Monro DM, Rakshit S, Zhang D. DCT-Based Iris Recognition. IEEE Transactions on Pattern Analysis and Machine Intelligence 2007; 29 (04) 586-595.
  • 77 Jiang CH, Shieh S, Liu JC. Keystroke statistical learning model for web authentication. In: Proceedings of the 2nd ACM symposium on Information computer and communications security. ASIACCS ’07. New York, NY, USA: ACM; 2007. pp 359-361.
  • 78 Mustafiæ T, Messerman A, Camtepe SA, Schmidt AD, Albayrak S. Behavioral biometrics for persistent single sign-on. In: Proceedings of the 7th ACM workshop on Digital identity management. DIM ’11. New York, NY, USA: ACM; 2011. pp 73-82.
  • 79 Ahmed AAE, Traore I. A New Biometric Technology Based on Mouse Dynamics. IEEE Transactions on Dependable and Secure Computing 2007; 4 (03) 165-179.
  • 80 Nakkabi Y, Traore I, Ahmed AAE. Improving Mouse Dynamics Biometric Performance Using Variance Reduction via Extractors With Separate Features. IEEE Transactions on Systems Man and Cybernetics Part A: Systems and Humans 2010; 40 (06) 1345-1353.
  • 81 Pusara M, Brodley CE. User re-authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. VizSEC/DMSEC ’04. New York, NY, USA: ACM; 2004. p 8
  • 82 Schulz DA. Mouse Curve Biometrics. In: Special Session on Research at the Biometric Consortium Conference 2006. Biometrics Symposium; Sept 19 to Aug 21,. 2006. Baltimore, MD, USA.: p 6
  • 83 Zheng N, Paloski A, Wang H. An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM conference on Computer and communications security. CCS ’11. New York, NY, USA: ACM; 2011. pp 139-150.
  • 84 Gamboa H, Fred A. A behavioral biometric system based on human-computer interaction. In: Proceedings of SPIE. vol. 5404 2004; pp 381-392.
  • 85 Roth V, Richter K, Freidinger R. A PIN-entry method resilient against shoulder surfing. In: Proceedings of the 11th ACM conference on Computer and communications security. CCS ’04. New York, NY, USA: ACM; 2004. pp 236-245.