Communications of the ACM
Heartbeat Could Be sed as Password to Access Electronic Health Records
"We strategically reused the ECG signals for the data encryption," says Zhanpeng Jin, assistant professor at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University.
Credit: Binghamton University
Researchers at Binghamton University, State University of New York, have devised a new way to protect personal electronic health records using a patient's own heartbeat.
"The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare. Those systems are gradually replacing clinic-centered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available, and cost-effective," says Zhanpeng Jin, assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. Jin is his co-authors describe their work in "A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems," presented at GLOBECOM 2016, the 59th annual IEEE Global Communications Conference, in December 2016.
Traditional security measures — like cryptography or encryption—can be expensive, time-consuming, and computing-intensive. Binghamton researchers encrypted patient data using a person's unique electrocardiograph (ECG) — a measurement of the electrical activity of the heart measured by a biosensor attached to the skin — as the key to lock and unlock the files.
"The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient's' health," says Jin. "While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added."
Essentially, the patient's heartbeat is the password to access their electronic health records.
The identification scheme is a combination of previous work by Jin using a person's unique brainprint instead of traditional passwords for access to computers and buildings combined with cyber-security work from Guo and Chen.
"This research will be very helpful and significant for next-generation secure, personalized healthcare," says Jin.
Since an ECG may change due to age, illness, or injury — or patients may just want to change how their records are accessed — researchers are currently working out ways to incorporate those variables.
Assistant Professor Linke Guo and Associate Professor Yu Chen, along with Ph.D. candidates Pei Huang and Borui Li, are co-authors of the GLOBECOM 2016 paper.
The work is supported by Binghamton University's Interdisciplinary Collaboration Grant program.
No entries found