Authentication Systems for Securing Clinical Documentation Workflows

 

 Buy Article Permissions and Reprints

Summary

Context: Integration of electronic signatures embedded in health care processes in Germany challenges health care service and supply facilities. The suitability of the signature level of an eligible authentication procedure is confirmed for a large part of documents in clinical practice. However, the concrete design of such a procedure remains unclear.

Objective: To create a summary of usable user authentication systems suitable for clinical workflows.

Data Source: A Systematic literature review based on nine online bibliographic databases. Search Keywords included authentication, access control, information systems, information security and biometrics with terms user authentication, user identification and login in title or abstract. Searches were run between 7 and 12 September 2011. Relevant conference proceedings were searched manually in February 2013. Backward reference search of selected results was done.

Selection: Only publications fully describing authentication systems used or usable were included. Algorithms or purely theoretical concepts were excluded. Three authors did selection independently.

Data Extraction and Assessment: Semi-structured extraction of system characteristics was done by the main author. Identified procedures were assessed for security and fulfillment of relevant laws and guidelines as well as for applicability. Suitability for clinical workflows was derived from the assessments using a weighted sum proposed by Bonneau.

Results: Of 7575 citations retrieved, 55 publications meet our inclusion criteria. They describe 48 different authentication systems; 39 were biometric and nine graphical password systems. Assessment of authentication systems showed high error rates above European CENELEC standards and a lack of ap -plicability of biometric systems. Graphical passwords did not add overall value compared to conventional passwords. Continuous authentication can add an additional layer of safety. Only few systems are suitable partially or entirely for use in clinical processes.

Conclusions: Suitability strongly depends on national or institutional requirements. Four authentication systems seem to fulfill requirements of authentication procedures for clinical workflows. Research is needed in the area of continuous authentication with biometric methods. A proper authentication system should combine all factors of au -thentication implementing and connecting secure individual measures.

• References

• 1 Apfelbaum S. Transformation im Notariat [Transformation at civil law notaries]. Conference talk: Fachkonferenz: Rechtssichere elektronische Archivierung [Lawful electronic archiving], Dez 13, 2007, Berlin. Kassel: Kassel University; 2007. [in German]
  Google Scholar
• 2 Wilke D. Rechtsfragen der Transformation [Questions of law of transformation]. Conference talk: Fachkonferenz: Rechtssichere elektronische Archivierung [Lawful electronic archiving], Dez 13, 2007, Berlin. Kassel: Kassel Univerity; 2007. [in German]
  Google Scholar
• 3 Roßnagel A. Transformation beim Scannen - Rechtsfragen und Lösungen [Transformation by scanning - Questions of law and solutions]. Conference talk: Fachkonferenz: Rechtssichere elektronische Archivierung [Lawful electronic archiving], Dez 13, 2007, Berlin. Kassel: Kassel University; 2007. [in German]
  Google Scholar
• 4 Roßnagel A, Fischer-Dieskau S, Jandt S, Knopp M. Langfristige Aufbewahrung elektronischer Dokumente [Long-term keeping of electronic documents]. Baden-Baden; Nomos: 2007. [in German]
  Google Scholar
• 5 Signaturgesetz vom 16. Mai 2001 (BGBl. I S 876), das zuletzt durch Artikel 4 des Gesetzes vom 17. Juli 2009 (BGBl. I S. 2091) geändert worden ist; 2009. [Signature law of May 16, 2001 (BGBl. I, p 876), last changed by the 4th act of the law of July 17, 2009 (BGBl. I, p 2091). 2009
  PubMedGoogle Scholar
• 6 Signaturverordnung vom 16. November 2001 (BGBl. I S 3074), die zuletzt durch Artikel 1 der Verordnung vom 15. November 2010 (BGBl. I S. 1542) geändert worden ist; 2010. [Signature decree of November 17, 2001 (BGBl. I, p 3074), last changed by the 1st act of the decree of November 15, 2010 (BGBl. I p. 1542). 2010
  PubMedGoogle Scholar
• 7 Seidel C, Kosock H, Brandner A, Balfanz J, Schmücker P. Empfehlungen für den Einsatz elektronischer Signaturen und Zeitstempel in Versorgungseinrichtungen des Gesundheitswesens [Advices for application of electronic signatures and timestamps in health care institutions]. Braunschweig: Competence center for the electronic signature in health care e.V. CCESigG 2010
  PubMedGoogle Scholar
• 8 Miller B. Vital signs of identity [biometrics]. Spectrum, IEEE 1994; 31 (02) 22-30.
  PubMedGoogle Scholar
• 9 Morris R, Thompson K. Password security: a case history. Commun ACM 1979; 2 (011) 594-597.
  PubMedGoogle Scholar
• 10 Porter NS. A password extension for improved human factors. Computers and Security 1982; 1 (01) 54-56.
  CrossrefPubMedGoogle Scholar
• 11 Almulhem A. A Graphical Password Authentication System. In 2011 World Congress on Internet Security (WorldCIS-2011); Feb 21–23, 2011. London: Curran Association; 2011. pp 223-225.
  Google Scholar
• 12 Niinuma K, Jain AK. Continuous User Authentication Using Temporal Information. In: Proceedings of the SPIE - The International Society for Optical Engineering; April 14,. 2010. Orlando, Florida: 2010. p 10
  Google Scholar
• 13 Jain A, Bolle R, Pankanti S. Biometrics: personal identification in a networked society. The Kluwer international series in engineering and computer science. Kluwer 1999
  PubMedGoogle Scholar
• 14 Jain A, Ross A, Prabhakar S. An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 2004; 14 (01) 4-20.
  CrossrefPubMedGoogle Scholar
• 15 Jagadeesan H, Hsiao MS. A Novel Approach To Design Of User Re-Authentication Systems. IEEE 3rd International Conference on Biometrics: Theory, Applications, and Systems - BTAS; Sept 28-30. 2009. Washington, DC.: Curran Association; 2009. p 6
  Google Scholar
• 16 Federal Office for Information Security. IT-Grundschutz Kataloge 11. Ergänzungslieferung. Bonn: Federal Office for Information Security 2009 [in German]
  PubMedGoogle Scholar
• 17 Decree 1999/93/EG of the European Parliament of Dezember 13, 1999 about common regulations for electronic signatures 2000
  PubMed
• 18 Federal Office for Information Security. IT-Grundschutz Kataloge 12. Ergänzungslieferung. Bonn: Federal Office for Information Security 2011 [in German]
  PubMedGoogle Scholar
• 19 Tsalakanidou F, Malassiotis S, Strintzis MG. A 3D Face And Hand Biometric System For Robust User-Friendly Authentication. Pattern Recognition Letters 2007; 28 (016) 2238-2249.
  CrossrefPubMedGoogle Scholar
• 20 Tsalakanidou F, Dimitriadis C, Malassiotis S. A Secure And Privacy Friendly 2D+3D Face Authentication System Robust Under Pose And Illumination Variations. In: Proceedings of the 4th International Symposium on Image and Signal Processing and Analysis - ISPA; Sept 15–17, 2005. pp 203-208.
  PubMedGoogle Scholar
• 21 Tsalakanidou F, Malassiotis S. Application And Evaluation Of A 2D+3D Face Authentication System. In: Proceedings of 3DTV-CON, May 7–9, 2007. Kos Island.: Curran Associates; 2007. p 4
  Google Scholar
• 22 Gandossi AJ, Liu W, Tjahyadi R, Xu L. A Biometric Approach To Linux Login Access Control. In: 9th International Conference on Control, Automation, Robotics and Vision - ICARCV ’06; Dec 5–6, 2006;. Grand Hyatt Singapore, Singapore.: Curran Associates; 2006. p 5
  Google Scholar
• 23 Zhou J, Su G, Jiang C, Deng Y, Li C. A Face And Fingerprint Identity Authentication System Based On Multi-Route Detection. Neurocomputing 2007; 70 (04) (06) 922-931.
  CrossrefPubMedGoogle Scholar
• 24 Hiew B Y, Teoh A B J, Yin O S. A Secure Digital Camera Based Fingerprint Verification System. Journal of Visual Communication and Image Representation 2010; 21 (03) 219-231.
  CrossrefPubMedGoogle Scholar
• 25 Ravikanth C, Kumar A. Biometric Authentication Using Finger-Back Surface. In: IEEE Computer Society Conference on Computer Vision and Pattern Recognition, CVPR’07. Biometrics Research Laboratory, Department of Electrical Engineering, Indian Institute of Technology Delhi, Hauz Khas, New Delhi 110 016, India 2007; p 7
  PubMedGoogle Scholar
• 26 Savic T, Pavesic N. Personal Recognition Based On An Image Of The Palmar Surface Of The Hand. Pattern Recognition 2007; 40 (011) 3152-3163.
  CrossrefPubMedGoogle Scholar
• 27 Rowe RK, Uludag U, Demirkus M, Parthasaradhi S, Jain AK. A Multispectral Whole-Hand Biometric Authentication System. In: 2007 Biometrics Symposium, BSYM. Lumidigm Inc. 2007; p 5
  PubMedGoogle Scholar
• 28 Sun X, Lin CY, Li MZ, Lin HW, Chen QW. A Dsp-Based Finger Vein Authentication System. In: 4th International Conference on Intelligent Computation Technology and Automation, ICICTA 2011. Bd. 2. Sun Yat-Sen University, Guangzhou; Guang- dong, 510080, China: 2011. pp 333-336.
  Google Scholar
• 29 Rybnik M, Tabedzki M, Saeed K. A Keystroke Dynamics Based System For User Identification. 7th Computer Information Systems and Industrial Management Applications (CISIM 2008) 2008; 1 (02) 6.
  PubMedGoogle Scholar
• 30 Fang WP, Lee HR, Line FP. An Novel Two Layer User Identification Method. IEEE International Conference on Intelligence and Security Informatics (ISI 2008) 2008; 3 (07) 2.
  PubMedGoogle Scholar
• 31 Hwang S, Lee H, Cho S, Chen H, Wang FY, Yang CC. et al Improving Authentication Accuracy Of Unfamiliar Passwords With Pauses And Cues For Keystroke Dynamics-Based Authentication. In: Intelligence and Security Informatics International Workshop, WISI 2006 Proceedings (Lecture Notes in Computer Science Vol 3917) 2006; 5 (012) 6.
  PubMedGoogle Scholar
• 32 Tseng CW, Liu FJ, Lin TY. Design And Implementation Of A RFID-Based Authentication System By Using Keystroke Dynamics. In: IEEE International Conference on Systems, Man and Cybernetics, SMC 2010. Department of Information Management, Cheng Shiu University, Kaohsiung County, Taiwan 2010; pp 3926-3929.
  PubMedGoogle Scholar
• 33 Eltahir WE, Salami MJE, Ismail AF, Lai WK. Design And Evaluation Of A Pressure-Based Typing Biometric Authentication System. EURASIP Journal on Information Security 2008; 4 (09) 15
  PubMedGoogle Scholar
• 34 Ali H, Wahyudi Salami M. Keystroke Pressure Based Typing Biometrics Authentication System By Combining Ann- And Anfis-Based Classifiers. 5th International Colloquium on Signal Processing & Its Applications (CSPA 2009) 2009; 5 (013) 5.
  PubMedGoogle Scholar
• 35 Martono W, Ali H, Salami MJE. Keystroke Pressure-Based Typing Biometrics Authentication System Using Support Vector Machines. In: International Conference on Computational Science and its Applications, ICCSA. 2007. Kuala Lumpur; Malaysia: 2007. pp 85-93.
  Google Scholar
• 36 Aksari Y, Artuner H. Active Authentication By Mouse Movements. In: 24th International Symposium on Computer and Information Sciences, ISCIS 2009. Department of Computer Engineering, Hacettepe University, Beytepe Campus, 06532, Ankara, Turkey 2009; pp 571-574.
  PubMedGoogle Scholar
• 37 Bours P, Fullu CJ. A Login System Using Mouse Dynamics. In: 5th International Conference on Intelligent Information Hiding and Multimedia Signal Processing. Gjvik University College, Norwegian Information Security Laboratories, Gjvik, Norway 2009; pp 1072-1077.
  PubMedGoogle Scholar
• 38 Chang TY, Yang YJ, Peng CC. A Personalized Rhythm Click-Based Authentication System. Information Management & Computer Security 2010; 18 (02) 72-85.
  CrossrefPubMedGoogle Scholar
• 39 Hamdy O, Traore I, Georgescu S, Heikkinen S, Popescu M. Cognitive-Based Biometrics System For Static User Authentication. In: Fourth International Conference on Internet Monitoring and Protection (ICIMP 2009); May 24–28, 2009; Venice/Mestre. pp 90-97.
  PubMedGoogle Scholar
• 40 El-Bendary N, Al-Qaheri H, Zawbaa HM, Hamed M, Hassanien AE, Zhao Q. HSAS - Heart Sound Authentication System. In: 2nd World Congress on Nature and Biologically Inspired Computing, NaBIC 2010. Arab Academy for Science, Technology and Maritime Transport, Cairo; Egypt: 2010. pp 351-356.
  Google Scholar
• 41 Harada A, Isarida T, Mizuno T, Nishigaki M. A User Authentication System Using Schema Of Visual Memory. In: 2nd International Workshop on Biologically Inspired Approaches to Advanced Information Technology, BioADIT 2006. Japan: Shizuoka University; 2006. pp 338-345.
  Google Scholar
• 42 Chiasson S, Van Oorschot PC, Biddle R. Graphical Password Authentication Using Cued Click Points. In: 12th European Symposium on Research in Computer Security, ESORICS 2007. Ottawa; Canada: 2007. pp 359-374.
  Google Scholar
• 43 Almuairfi S, Veeraraghavan P, Chilamkurti N. IPAS: Implicit Password Authentication System. In: Proceedings of the 25th IEEE International Conference on Advanced Information Networking and Applications Workshops (WAINA 2011); March 22–25 2011; Biopolis. pp 430-435.
  PubMedGoogle Scholar
• 44 Van Oorschot PC, Wan T. Twostep: An Authentication Method Combining Text And Graphical Passwords. In: E-Technologies: Innovation in an Open World, 4th International Conference, MCETECH 2009 May 4–6 2009. Ottawa; Canada. Springer: 2009. pp 233-239.
  Google Scholar
• 45 ogon: Simplifying SignIn Experience [Internet]. Beijing: Worry Communications Information Technology Co.; c2009 [cited 11/29/2011]. Available from. http://www.51logon.com/
  PubMedGoogle Scholar
• 46 Sasamoto H, Christin N, Hayashi E. Undercover: Authentication Usable In Front Of Prying Eyes. In: 26th Annual CHI Conference on Human Factors in Computing Systems, CHI 2008. CMU/CyLab, Sharp Corporation; Japan: 2008. pp 183-192.
  Google Scholar
• 47 Oka M, Kato K, Xu Y, Liang L, Wen F. Scribble-A-Secret: Similarity-Based Password Authentication Using Sketches. In: 19th International Conference on Pattern Recognition, ICPR 2008. University of Tsukuba; Japan: 2008. p 4
  Google Scholar
• 48 Weiss R, Luca AD. Passshapes-Utilizing Stroke Based Authentication To Increase Password Memorability. In: NordiCHI 2008Building Bridges -5th Nordic Conference on Human-Computer Interaction. Munich; Germany: 2008. pp 383-392.
  Google Scholar
• 49 Yap RHC, Sim T, Kwang GXY, Ramnath R. Physical Access Protection Using Continuous Authentication. IEEE Conference on Technologies for Homeland Security (THS ’08); May 12–13. 2008. Waltham, MA; USA.: pp 510-512.
  Google Scholar
• 50 Kumar S, Sim T, Janakiraman R, Zhang S. Using Continuous Biometric Verification To Protect Interactive Login Sessions. Proceedings 21st Annual Computer Security Applications Conference. 2006. IEEE Computer Society; Washington, DC, USA.: pp 441-450.
  Google Scholar
• 51 Niinuma K, Park U, Jain AK. Soft Biometric Traits For Continuous User Authentication. IEEE Transactions on Information Forensics and Security 2010; 5 (04) 771-780.
  CrossrefPubMedGoogle Scholar
• 52 Rodwell PM, Furnell SM, Reynolds PL. A Non-Intrusive Biometric Authentication Mechanism Utilising Physiological Characteristics Of The Human Head. Computers and Security 2007; 26 (07) (08) 468-478.
  CrossrefPubMedGoogle Scholar
• 53 The HUMABIO Project [Internet]. Stuttgart (Germany): Fraunhofer Institute for Industrial Engineering IAO c2007 [cited 11/22/2011]. Available from http://www.humabio-eu.org
  PubMedGoogle Scholar
• 54 The HUMABIO Project [Internet]. Stuttgart (Germany): Fraunhofer Institute for Industrial Engineering IAO; c2007 [cited 11/22/2011]. Pilot Tests; [about 4 pages]. Available from http://www.humabio-eu.org/pilot_tests.html
  PubMedGoogle Scholar
• 55 Ferro M, Pioggia G, Tognetti A, Carbonaro N, De Rossi D. A Sensing Seat For Human Authentication. IEEE Transactions on Information Forensics and Security 2009; 4 (03) 771-780.
  PubMedGoogle Scholar
• 56 Lorussi F, Scilingo EP, Tesconi M, Tognetti A, De Rossi D. Strain sensing fabric for hand posture and gesture monitoring. IEEE Transactions on Information Technology in Biomedicine 2005; 9 (03) 372-81.
  CrossrefPubMedGoogle Scholar
• 57 Ferro M, Pioggia G, Tognetti A, Dalle Mura G, De Rossi D. Event Related Biometrics: Towards an Unobtrusive Sensing Seat System for Continuous Human Authentication. In: 9th International Conference on Intelligent Systems Design and Applications, ISDA ’09 2009; pp 679-682.
  PubMedGoogle Scholar
• 58 Lofthouse S. ePassport Extended Access Control. Temporal S. Limited 2006 [Whitepaper, 5 p.]
  PubMedGoogle Scholar
• 59 Kinneging TAF. PKI for Machine Readable Travel Documents offering ICC Read-Only Access. International Civil Aviation Organization 2004
  PubMedGoogle Scholar
• 60 Maiorana E, Campisi P, Neri A. Biometric signature authentication using radon transform-based watermarking techniques. In: 2007 Biometrics Symposium, BSYM. Nr. 3.; Sept 11–13 2007. Baltimore, MD; USA: 2007. p 6
  Google Scholar
• 61 Spillane R. Keyboard apparatus for personal identification. IBM Technical Disclosure Bulletin 1975; 17: 3346
  PubMedGoogle Scholar
• 62 CENELEC. European Standard EN 50133–1: Alarm systems. Access control systems for use in security applications. Part 1: System requirements Standard Number EN 50133–1:1996/A1:2002 Technical Body CLC/TC 79. European Committee for Electrotechnical Standardization 2002
  PubMedGoogle Scholar
• 63 Mansfield T, Kelly G, Chandler D, Kane J. Biometric Product Testing Final Report. CESG 2001
  PubMedGoogle Scholar
• 64 Killourhy KS, Maxion RA. Comparing anomaly-detection algorithms for keystroke dynamics. In: International Conference on Dependable Systems & Networks 2009. DSN’09. IEEE/IFIP. IEEE 2009; pp 125-134.
  PubMedGoogle Scholar
• 65 O’Gorman L. Comparing passwords tokens and biometrics for user authentication. Proceedings of the IEEE 2003; 91 (012) 2021-2040.
  CrossrefPubMedGoogle Scholar
• 66 Blackburn D, Bone M, Phillips P. Face recognition vendor test 2000; Evaluation report. DTIC Document 2001
  PubMedGoogle Scholar
• 67 Maio D, Maltoni D, Cappelli R, Wayman J, Jain A. FVC2000: fingerprint verification competition. IEEE Transactions on Pattern Analysis and Machine Intelligence 2002; 24 (03) 402-412.
  CrossrefPubMedGoogle Scholar
• 68 Martin A, Przybocki M. The NIST 1999 Speaker Recognition Evaluation - An Overview. Digital Signal Processing 2000; 10 (01) (03) 1-18.
  CrossrefPubMedGoogle Scholar
• 69 Bonneau J, Herley C, van Oorschot P, Stajano F. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In: IEEE Symposium on Security and Privacy (SP);May 20–23,. 2012. San Francisco, CA; USA.: pp 553-567.
  Google Scholar
• 70 Dantcheva A, Dugelay JL. Frontal-to-side face re-identification based on hair skin and clothes patches. In: 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance (AVSS); Aug 30- Sep 2,. 2011. Klagenfurt; Austria.: pp 309-313.
  Google Scholar
• 71 Osadchy M, Pinkas B, Jarrous A, Moskovich B. SCiFI - A System for Secure Face Identification. In: IEEE Symposium on Security and Privacy (SP); May 16–19. 2010. Oakland, CA, USA.: pp 239-254.
  Google Scholar
• 72 Daugman J. New Methods in Iris Recognition. IEEE Transactions on Systems Man and Cybernetics Part B. Cybernetics 2007; 37 (05) 1167-1175.
  PubMedGoogle Scholar
• 73 Si Y, Mei J, Gao H. Novel Approaches to Improve Robustness Accuracy and Rapidity of Iris Recognition Systems. IEEE Transactions on Industrial Informatics 2012; 8 (01) 110-117.
  CrossrefPubMedGoogle Scholar
• 74 Kumar A, Passi A. comparison and combination of iris matchers for reliable personal authentication. Pattern Recogn 2010; 43: 1016-1026.
  CrossrefPubMedGoogle Scholar
• 75 Mock K, Hoanca B, Weaver J, Milton M. Real-time continuous iris recognition for authentication using an eye tracker. In: Proceedings of the 2012 ACM conference on Computer and communications security. CCS ’12. New York NY USA: ACM; 2012. pp 1007-1009.
  Google Scholar
• 76 Monro DM, Rakshit S, Zhang D. DCT-Based Iris Recognition. IEEE Transactions on Pattern Analysis and Machine Intelligence 2007; 29 (04) 586-595.
  CrossrefPubMedGoogle Scholar
• 77 Jiang CH, Shieh S, Liu JC. Keystroke statistical learning model for web authentication. In: Proceedings of the 2nd ACM symposium on Information computer and communications security. ASIACCS ’07. New York, NY, USA: ACM; 2007. pp 359-361.
  Google Scholar
• 78 Mustafiæ T, Messerman A, Camtepe SA, Schmidt AD, Albayrak S. Behavioral biometrics for persistent single sign-on. In: Proceedings of the 7th ACM workshop on Digital identity management. DIM ’11. New York, NY, USA: ACM; 2011. pp 73-82.
  Google Scholar
• 79 Ahmed AAE, Traore I. A New Biometric Technology Based on Mouse Dynamics. IEEE Transactions on Dependable and Secure Computing 2007; 4 (03) 165-179.
  CrossrefPubMedGoogle Scholar
• 80 Nakkabi Y, Traore I, Ahmed AAE. Improving Mouse Dynamics Biometric Performance Using Variance Reduction via Extractors With Separate Features. IEEE Transactions on Systems Man and Cybernetics Part A: Systems and Humans 2010; 40 (06) 1345-1353.
  CrossrefPubMedGoogle Scholar
• 81 Pusara M, Brodley CE. User re-authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. VizSEC/DMSEC ’04. New York, NY, USA: ACM; 2004. p 8
  Google Scholar
• 82 Schulz DA. Mouse Curve Biometrics. In: Special Session on Research at the Biometric Consortium Conference 2006. Biometrics Symposium; Sept 19 to Aug 21,. 2006. Baltimore, MD, USA.: p 6
  Google Scholar
• 83 Zheng N, Paloski A, Wang H. An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM conference on Computer and communications security. CCS ’11. New York, NY, USA: ACM; 2011. pp 139-150.
  Google Scholar
• 84 Gamboa H, Fred A. A behavioral biometric system based on human-computer interaction. In: Proceedings of SPIE. vol. 5404 2004; pp 381-392.
  PubMedGoogle Scholar
• 85 Roth V, Richter K, Freidinger R. A PIN-entry method resilient against shoulder surfing. In: Proceedings of the 11th ACM conference on Computer and communications security. CCS ’04. New York, NY, USA: ACM; 2004. pp 236-245.
  Google Scholar