A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM FOR MEDICAL TREATMENT EXAMINATION REPORTS. Received January 2010; revised May 2010

Transcription

1 International Journal of Innovative Computing, Information and Control ICIC International c 2011 ISSN Volume 7, Number 5(A), May 2011 pp A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM FOR MEDICAL TREATMENT EXAMINATION REPORTS Chin-Ling Chen 1, Yeong-Lin Lai 2, Chih-Cheng Chen 2 and Ying-Luen Chen 1 1 Department of Computer Science and Information Engineering Chaoyang University of Technology 168, Jifeng E. Rd., Wufong District, Taichung 41349, Taiwan clc@mail.cyut.edu.tw; love @yahoo.com.tw 2 Department of Mechatronics Engineering National Changhua University of Education Changhua 50007, Taiwan yllai@cc.ncue.edu.tw; d @mail.ncue.edu.tw Received January 2010; revised May 2010 Abstract. In many countries, the use of electronic health care and medical treatment services have become essential components of efforts to provide citizens with a high level of service that promises the advantages of convenience, mobility and time saving. On the other hand, hospitals require efficient management of medical treatment. In this paper, we combine these requirements and propose a smart card-based mobile medical treatment examination report transaction system to achieve a secure transaction model. We apply cryptography mechanisms to reduce cost, share medical treatment resources, mobilize services and simplify examination procedures. With this product, both supply merchants and retailers can find their niche. Moreover, users can share the mobile medical treatment examination resources saving much valuable time. Keywords: Mobile medical treatment, Smart card, Secure transaction, Security 1. Introduction. With an aging society, changes in population structure and medical challenges, issues that relate to the introduction of new health care initiatives and the management of medical treatment must be addressed. For instance, how patients can be provided with convenient medical services is an important question worthy of being researched. According to Business Weekly magazine (March, 2007) [1], population trends will dominate the discussion of global economic development in the coming twenty-five years. The medical treatment industry is expanding rapidly. The Market Intelligence Center (MIC) predicts that the value of the global health care industry will rise to US$597 billion by In Taiwan, expenditures in the health care industry will reach US$18 billion [2]. As such, mobile medical treatment is recognized as an important future trend in medical and technological industry. The smart card is an important facet of the public key infrastructure integrated into the Windows platform by Microsoft. Smart cards can enhance software solutions, such as the client identification and log-in. Smart cards contain the following features: (1) The capability to operate, access control and store. (2) The ability to perform repetitive writing and deleting. (3) They provide safe protection to hardware, limiting access data to a smart card without authorization. (4) Algorithms such as DES, RSA and Hash are built into smart cards for encryption and decryption to assure the security of data transmission. (5) Through security systems such as RSA, smart cards can generate the corresponding digital signatures for electronic transactions, which can be used as the authorization basis 2257

2 2258 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN for both sides of a transaction. (6) Users must simultaneously introduce a smart card and the corresponding personal ID to further access data. (7) Be suitable for off-line systems and reduce costs. (8) It must be portable and convenient. (9) They must not be affected by any outside magnetic field. Applications for smart cards can be combined with the basic structure of a public key and related cryptosystems to achieve the following goals: (1) Protect the private key and other personal information while providing storage for the prevention of distortion. (2) Provide a judgment system for security settings, including identity authentication and digital signature. (3) Provide portability for personal data or certificate stored in the office, at home or in a computer. It is both the variety of forms and the features of portability that make for the popularity of the developmental system Related works. A review of smart card-related literature shows its use for authentication of a remote user. We propose a mobile medical treatment examination secure transaction that utilizes smart cards. In 1981, Lamport [3] provided the first remote user authentication scheme; however, an encryption technique was not used. Subsequently, researchers proposed similar schemes to promote efficiency and security. In 2000, Huang and Li [4] pointed out that in Lamport s scheme, a modified password might still pass authentication. So, a new remote user authentication design was proposed using smart cards that did not require a table to check the authenticity of a registration number. Chien et al. [5], Huang and Wei [6] also proposed an efficient and practical solution for remote User Authentication Protocol using smart cards. Subsequently, in 2004, Ku and Chen [7] pointed out that Chien and Tseng s scheme might suffer from replay and insider attacks. In response, an enhanced scheme was proposed. In 2004, Kumar [8] asserted that Ku and Chen s scheme could easily be exposed to a guessing or insider attack. In 2005, Chang and Lee [9] pointed out that attackers could enter the remote system at random in Wu and Chieu s 2003 scheme [10]. They proposed a highly-efficient, user-friendly and secure authentication scheme, whereby both users and remote systems allow mutual authentication, as well as adding the capability for users to choose their password. In the same year, Yoon and Yoo [11] discovered that a project by Lee et al. [12] easily came under forging attack by a server; it had problems transmitting private keys and did not maintain a secure password change. They also asserted that even when a private key or password is stolen or changed, it is still secure. In addition, it takes little time for the user to become aware that the wrong password had been entered. In 2004, Awassthi and Lal [13] suggested that a dynamic ID-based remote user authentication scheme by Das et al. [14] was not secure. In that system, the user was free to login or logout of the server without passwords. Then in 2006, Misbahuddin et al. [15], building on Das et al. in 2003, proposed an efficient ID-based remote user authentication scheme. They declared that this method was not subject to theft, guessing attack, insider attack, forging attack or replay attack. Instead, users had the freedom to choose their own password and change it with a secure mutual authentication. Finally, drawing from Ku and Chen s scheme [7] and Yoon and Yoo s scheme [11], Wang et al. in [16] determined that it was still exposed to guessing attack, DOS attack, forging attack and lacked efficiency. They then improved the two schemes above and proposed an efficient system to assure security, in which an incorrect password from the user can be immediately discovered. However, as it has been demonstrated by Yoon and Yoo [11], Wang et al. s scheme still does not provide perfect forward secrecy and is susceptible to both guessing attack and Denning-Sacco attack. From PCs to mobile phones to access to control devices, biometrics provides a convenient, reliable and cost-effective means for providing high levels of security and other value-added benefits to the end-user. Despite this, biometrics holds some privacy and security shortcomings; many researchers have proposed schemes to overcome these obstacles

3 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2259 as in [17]. Mobile devices, such as: notebooks, mobile phones and personal digital assistants are increasingly used. Moreover, fingerprint sensors embedded into mobile devices is a future trend. In recent years, smart card-based application systems [18,19] have been proposed for mobile secure transaction. On the basis of Wang s scheme, we propose an improvement smart card-based mobile secure transaction system for medical treatment examining reports. In our scheme, users can employ a smart card for a medical examination. The proposed scheme adopts the basic operational ability of the smart card. It combines cryptography technology [19,20] when the user receives a smart card from the retailer and has his physiological condition measured by the physiological equipment provided by suppliers. Later, this data will be transmitted to a hospital medical information system and for online consultation by doctors. The PIN code mechanism must achieve the following goals: (1) authentications, (2) low cost, (3) it must share medical examination resources, (4) it must be mobile and (5) must simplify medical treatment examinations System requirements. The smart card-based medical treatment management system can provide a portable medical treatment report for the reduction of medical waste and the enhancement of access control security. The proposed system focuses on integrating the medical treatment equipment supplier, the retailer management system and the hospital information system into the medical treatment management system to reduce the cost and share resources. As this system adopts a client server model, the necessary requirements are as follows: (1) Prevention of spoofing attack: A spoofing attack occurs when a person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage. Hence, both the server and client must complete mutual authentication. (2) Prevention of forging attack: A well designed system can identify the legality of transmitted messages via effective verification, thus detecting illegal users. (3) High efficiency password verification: When a user enters a password at the login phase, it is easy and efficient to immediately verify the legality. (4) Prevention of replay attack: A replay attack is a network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts data and retransmits it. (5) Prevention of denial-of-service attack: A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. (6) Two-factor issues: In order to enhance security, password and fingerprint functions occur at the login phase. The proposed protocol will be introduced in Section 2, the security analysis and discussion of the protocol in Section 3 and the conclusion in Section Our Schema. The primary processes of our system are shown in Figure 1. An introduction to system roles follows: (1) Medical treatment equipment supplier (S): the manufacturer of both medical treatment examination equipment and the smart cards. (2) Retailer (R): one who provides a location for the medical treatment examination equipment and sells the smart cards. (3) User (U): one who uses medical examination equipment. (4) Hospital Server (HS): the server is set up in the hospital. As a result of the cooperation between the hospital and the medical treatment equipment supplier, the server can transfer all useful data to the doctors for reference. (5) Doctor (D): one who is responsible for interpreting medical information and making medical suggestions to patients.

4 2260 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN Figure 1. A flow chart of the mobile medical treatment examining report transaction system based on smart cards The flowchart depicting the entire transaction system is described as follows: Step 1: The medical treatment supplier will set up the medical treatment examination equipment at the retailer location; the retailer can then sell the tamperproof smart cards with the use of the medical treatment examination equipment. Step 2: The user purchases a smart card from the retailer. The valid use number stored on the smart card can be accessed by the medical treatment examination equipment. The user simply inserts his/her smart card to begin a medical examination. When an examination is finished, the valid use number of the smart card will be subtracted by the examination equipment. When the examination is finished, the result will be stored on the smart card for the user to take away. The user may then transfer the data to a cooperating hospital to analyze the examination result. Step 3: After a user finishes the medical treatment examination, he can insert the smart card into the card reader and input the fingerprint PIN code sending the information to the HS for mutual authentication. The server will use the public key for the medical treatment equipment supplier to verify the legality of the smart card. Step 4: If a smart card is legal, the server will modify the data into useful information and send it to the doctor for diagnosis. Step 5: The doctor will make a diagnosis using the information from the server; he/she will make a medical suggestion and send it to the user with a signature. Step 6: The medical treatment equipment suppliers and the retailers will settle fees regularly. Step 7: The Both hospital authorities and medical treatment equipment suppliers will settle fees Notations. Below is an introduction to notations that will be used in our scheme. SK X : X s private key. P K X : X s public key. S SKX (m): use X s private key SK X to produce a signature for message m.

5 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2261 SG X : the signature for X. V P KX (): use X s public key P K X to verify a doctor s signature. U i : the i th user. ID i : the identity code of the i th user. ID s : the identity of a smart card. P W i : the password for a user s fingerprint i. HS: the hospital server. h(): the one-way hash function. T 1, T 2, T 3, T 4 : time stamps. T : a valid time interval. : exclusive or operation. X, Y : two secret parameters selected by the server and user respectively. E K (): encrypt information with the symmetric key K. D K (): decrypt information with the symmetric key K. A? =B: determines whether A is equal to B. The systematic protocol of the smart card considered in this research can be categorized into 4 phases: the registration phase, login phase, verification phase and password modification phase Registration phase. After purchasing the smart card from the retailer, the user must register his/her information and record fingerprints from the server (We assume the communication channel has been secured during the register phase). Then, the HS will execute the following steps. A flow chart detailing the registration phase is shown in Figure 2. Figure 2. A registration phase flow chart phase Step 1: User U i selects password P W i, Y and then, sends his identity ID i, P W i, Y and ID s to the HS via secure channel. Step 2: The HS selects a secret parameter X, and then, calculates the following parameters: K 1 = h(id i P W i ID s X Y ) (1) R = K 1 h(p W i ID s Y ) (2) V = h(k 1 R) (3) P = h(r V ) Y (4) Step 3: The HS saves K 1, R, V, user s ID i, ID s and P W i in the data server.

6 2262 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN Step 4: The HS sends R, V, P to User U i smart card save Login phase. The user inserts his/her smart card into the card reader and inputs the fingerprint PIN code to login. A login phase flow chart is shown in Figure 3. Figure 3. A login phase flow chart Step 1: The user inputs the smart card identity ID S, secret parameter Y and password P W i ; the smart card will calculate the parameters of K 2 and C 1 in T 1 time. and K 2 = R h(p W i ID s Y ) (5) C 1 = h(h(p W i ID s Y )) (6) The system will verify C 1 = V. If verified, the smart card will calculate, otherwise it will terminate the process. Step 2: User U i sends ID i, T 1, and C 2 to the HS. Y = P h(r V ) (7) C 2 = (C 1 Y T 1 ) (8) 2.4. Verification phase. After the HS receives the i th User s login request, it will execute the verification steps. A verification phase flow chart is shown in Figure 4. Step 1: When the HS receives the User request message in T 2, it will check the user identity ID i in the database server and verify whether the formula (T 2 T 1 ) T is correct. If ID i is invalid or the formula (T 2 T 1 ) T is not formed, the HS will refuse the i th User request. Otherwise, the HS will pick up the corresponding V from the database to calculate W = (V Y T 1 ), and then, verify the formula W = C 2. If the value is equal, the HS will accept the User request U i, and calculate Z = h(k 1 T 3 ) in T 3. Step 2: The HS sends (Z, T 3 ) to User U i. Step 3: After User U i receives the message in T 4, the system will verify whether the formula (T 4 T 3 ) T is correct. If it is not, the U i will terminate the process. Otherwise, U i will calculate the formula C 3 = h(r h(p W ID s Y ) T 3 ), and verify that C 3 is equal to Z. If the value is equal, this signifies that U i has verified the HS. Step 4: The user transfers the examination report stored on the smart card to the HS. The HS will change this specific report format into an examination message msg, and then, transfer it to the doctor for diagnosis.

7 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2263 Figure 4. A verification phase flow chart Step 5: After diagnoses the examination message msg, the doctor will place a signature SG D = S SKD (msg, M) on the suggestive medical message M and on the examination information with his private key SK D. Later, the doctor sends the msg, M and SG D to U i for reference. Anyone can use the doctor s public key to verify the signature as follows: V P KD (SG D )? =(msg, M) (9) 2.5. Password modification phase. If a user wants to modify his password, he/she can choose a new fingerprint from another finger and send it to the HS to change the password. A password modification phase flow chart is shown in Figure 5. Figure 5. A password modification flow chart Step 1: U i makes a request to modify the password, and inputs ID S, the old password P W i, Y and the new password new P W i. The smart card will calculate K 1 = R h(p W i ID s Y ) (10)

8 2264 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN C 4 = E K1 (new P W i, V ) (11) and send ID i and C 4 to the HS. Step 2: The HS can decrypt C 4 with the corresponding K 1 of the legal users ID i to get a new P W i and V as follows: D K1 (C 4 ) = (new P W i, V ) (12) Only the legal user s secret parameter V is equal to V that is stored in the HS. The HS computes and stores new K 1, new R and new V as follows. new K 1 = h(id i new P W i ID s X Y ) (13) new R = new K 1 h(new P W i ID s Y ) (14) new V = h(new K 1 new R) (15) Step 3: The HS sends new V and new R to User U i. 3. Security Analysis and Discussions Security analysis. (1) Spoofing attack: The HS sends the message (Z, T 3 ) to the user in Step 2 of the verification phase. If an attacker intercepts the message and recreates (Z, T 3) for the user, the user will verify C 3 = Z in Step 3 of the verification phase. Both the HS and the users can prevent the false HS from communicating through mutual verification with the user. (2) Forging attack: If a message is intercepted by an attacker as (ID i, T 1, C 2 ) a user is sending it to a hospital server in the login phase, the message will be changed to (ID i, T 1, C 2) and sent to the server. Because an attacker cannot recognize Y, the server will verify W C 2, where W = h(v Y T 1) in Step 1 of the verification phase. Thus, the illegal user will be detected. (3) High efficiency password verification: When a user enters an incorrect password P W i (or inputs the wrong fingerprint) in the login phase, the smart card will calculate K 2 = R h(p W i ID s Y ) and C 1 = h(h(p W i ID s Y )) to verify the result C 1 V. The verification in these two steps shows that the incorrect password is not workable. When the wrong password is entered, the error will be discovered immediately. (4) Replay attack: Through a time-stamp mechanism, messages in Steps 1 and 2 of the verification phase will determine whether they are transmitted to the receiver within a valid timeframe. Any intention to pass the transaction with the old message is not workable. (5) Denial of service attack: When verifying whether W = C 2 is correct in Step 1 of the verification phase, if the verification fails, the server will terminate the operation. (6) Two-factor issues: Due to the fact that we involve a unique fingerprint as a verifiable factor, if the user possesses neither factor (smart card and the fingerprint password), misuse of lost data by a malicious adversary will not exist in our scheme. The attackers will not forge a legal user. Moreover, it is impossible for attackers to intercept sensitive information during a doctor s examination; it can only be accessed when the user agrees that the doctors can diagnose his or her condition, i.e., when the user puts his or her finger on the tamperproof fingerprint identification machine, the doctor can retrieve the anamnesis. The proposed scheme involves a two-factor authentication mechanism to prevent illegal access and ensure user privacy. For the same reason, our scheme can also prevent a guessing attack and a Denning-Sacco attack while providing perfect forward secrecy. Our system is a clear improvement on that of Wang et al.

9 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM Discussions and comparisons. (1) Convenience: We have proposed a mobile medical treatment examination report transaction system using smart cards. With the smart cards, users can obtain their medical examination at a retail location where medical treatment examination equipment has been set up, instead of going to the hospital. This method will provide patients with a convenient medical service that promotes the output value of the related industry. (2) Cost reduction: In this paper, efficiency, the quality of medical service and the internal procedures of a hospital can be improved to enhance efficiency for patients seeking medical treatment. By doing so, doctors in various departments can retrieve medical records to make a thorough diagnosis. The promotion of electronic medical records can lower costs and prevent errors. Because user examination reports are stored in the memory card, it can help a user understand his/her health condition. In addition, when a user requests a follow-up treatment in the hospital, he/she can reduce an unnecessary physical examination to increase the convenience of medical treatment. (3) Sharing medical treatment examination resources: This examination report can achieve the requirement for sharing information between hospitals and help integrate a medical treatment network, the division between prescribing and dispensing, mobile medical treatment and remote diagnosis. Meanwhile, we can take advantage of information technology to achieve market segmentation, such as an online registration service, medical treatment consultation, comments and responses and a physiological diagnosis expert system. A new service can be developed as well, one that might include instant interaction with patients. We propose that the suppliers of medical treatment equipment, the hospital and retailers cooperate to share medical treatment examination resources. (4) Mobility: The mobile care medical treatment service focuses not only on the development of new technology, but integrates current services and information. The ultimate goal of boosting mobile medical service is to accelerate the birth of a mobile health selfmanagement service. This fully combines related information as well as a communication system service that creates an omnibearing mobile health care environment. User medical treatment information can be made mobile by smart cards allowing users to carry the measured information for a necessary medical diagnosis. An examination procedure, therefore, is not limited to time and space. (5) Simplification of medical treatment examinations: Simplifying the medical service process, enhancing the convenience of seeking medical treatment and reducing a patient s burden yields twice the results with half the effort. In our method, users do not have to conduct a regular procedure to complete a medical examination in the hospital. Instead, they can have the medical examination at a retail location. This will ensure that even though one is not in the hospital, one can still have a medical examination. (6) Comparisons: We compared our approach with that of Kardas and Tunali s scheme [19] and Markovic s scheme [21] in Table 1. Kardas and Tunali pointed out that their schemes involved authentication and signature, while Markovic proposed four authentication methods that included: PIN Code, PKI smart card, smart card biometric characteristics and challenge responses. Of these systems, only our proposal can achieve e-health mobility while applying a business model. Although Markovic s scheme employs different signatures and user end authentications, they do not propose an application and business model. In Table 1, our scheme is shown not only to perform a mobile medicine query and a mobile medical examining report interchange, but also that it can be applied to a business model. 4. Conclusions. We have proposed a secure, smart card-based, mobile medical treatment examination report transaction system to provide an alternative for patients than

10 2266 C.-L. CHEN, Y.-L. LAI, C.-C. CHEN AND Y.-L. CHEN Table 1. A comparison of related smart card-based systems Smart card-based Kardas and Turhan System Tunali s scheme [19] Markovic s scheme [21] Our system What to be based Smart Card Based Smart Card Based Smart Card Based Solution Issue Healthcare Mobility of Information E-health System Medical Exam. System 1. PIN Code Yes 2. PKI smart card Yes User end (using PIN code 3. Smart card biometric (using PIN code Authentication and fingerprints) characteristic and fingerprint) 4. Challenge response Signature Mechanism DSA PKI PKI Proposed Application Yes N/A Yes Mobility Yes N/A Yes Business Model N/A N/A Yes Exam. Report Interchangeable N/A N/A Yes attending a hospital for health checkups. Instead, the user purchases a smart card from a retailer and can therefore be examined by medical treatment equipment to. Through a process of mutual authentication between the smart card and the server, timestamp and password mechanism, the security of a transaction can be guaranteed. By doing so, requirements that include the sharing of medical treatment examination resources, mobility, a prompt interactive model and a low cost requirement can be satisfied. Examinees can also eliminate significant waiting time. Hence, our system is practical and workable. Acknowledgment. This work is partially supported by the National Science Council, Taiwan, under contract No. NSC E The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation. REFERENCES [1] Business Weekly, [2] MIC (Market Intelligence Center), [3] L. Lamport, Password authentication with insecure communication, Communication of the ACM, vol.24, no.11, pp , [4] M. S. Hwang and L. H. Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.1, no.46, pp.28-30, [5] H. Y. Chien, J. K. Jan and Y. M. Tseng, An efficient and practical solution to remote authentication: Smart card, Computers & Security, vol.4, no.21, pp , [6] H.-F. Huang and W.-C. Wei, A new efficient and complete remote user authentication protocol with smart card, International Journal of Innovative Computing, Information and Control, vol.4, no.11, pp , [7] W. C. Ku and S. M. Chen, Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronic, vol.1, no.50, pp , 2004.

11 A SMART CARD-BASED MOBILE SECURE TRANSACTION SYSTEM 2267 [8] M. Kumar, On the weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards, Cryptology eprint Archive: Report 163, /complete/. [9] C. C. Chang and J. S Lee, A smart-card-based remote authentication scheme, Proc. of the 2nd International Conference on Embedded Software and Systems, [10] S. Y. Wu and B. C. Chieu, A user friendly remote authentication scheme with smart cards, Computers & Security, vol.6, no.22, pp , [11] E. J. Yoon and K. Y. Yoo, More efficient and secure remote user authentication scheme using smart cards, Proc. of the 11th International Conference, [12] S. W. Lee, H. S. Kim and K. Y. Yoo, Improved efficient remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol.2, no.50, pp , [13] A. K. Awasthi and S. Lal, Comment on a dynamic ID-based remote user authentication scheme, Transaction on Cryptology, vol.2, no.1, pp.15-17, [14] M. L. Das, A. V. Saxena and P. Gulati, A dynamic ID-based remote user authentication scheme, IEEE Trans. Consumer Electronics, vol.2, no.50, pp , [15] M. Misbahuddin, M. A. Ahmed, A. A. Rao, C. S. Bindu and M. A. M. Khan, A novel dynamic ID-based remote user authentication scheme, 2006 Annual India Conference, pp.1-5, [16] X. M. Wang, W. F. Zhang, J. S. Zhang and M. K. Khan, Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards, Computer Standards & Interfaces, vol.29, no.5, pp , [17] Fujitsu Company, index.html. [18] C.-L. Chen, An All-In-One mobile DRM system design, International Journal of Innovative Computing, Information and Control, vol.6, no.3(a), pp , [19] G. Kardas and E. T. Tunali, Design and implementation of a smart card based healthcare information system, Computer Methods and Programs in Biomedicine, vol.81, no.1, pp.66-88, [20] C.-L. Chen, Y.-Y. Chen and Y.-H. Chen, Group-based authentication to protect digital content for business applications, International Journal of Innovative Computing, Information and Control, vol.5, no.5, pp , [21] M. Markovic, On secure e-health systems, Lecture Notes in Computer Science, vol.4302, no.5, pp , 2006.