Fine-grained access control with decentralized delegation for collaborative healthcare systems

IF 8 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-07-18 DOI:10.1016/j.jnca.2025.104273

Minghui Li , Jingfeng Xue , Yong Wang , Tianwei Lei , Zixiao Kong

{"title":"Fine-grained access control with decentralized delegation for collaborative healthcare systems","authors":"Minghui Li , Jingfeng Xue , Yong Wang , Tianwei Lei , Zixiao Kong","doi":"10.1016/j.jnca.2025.104273","DOIUrl":null,"url":null,"abstract":"<div><div>Collaborative treatment has emerged as a crucial approach for improving the quality and efficiency of medical services in modern healthcare systems. To support this paradigm, secure access control over electronic health records (EHR) and flexible delegation of patient permissions are essential for enabling efficient, privacy-preserving data sharing. This paper proposes a fine-grained access control scheme with decentralized permission delegation tailored for medical collaboration scenarios. To ensure fine-grained access control, we adopt a hybrid encryption scheme that combines a dual-key regression tree with Identity-Based Encryption with Wildcard Key Derivation (WKD-IBE) for efficient and scalable key management. This integration enables access control based on data attributes rather than user identities and adheres to the principle of minimal data disclosure. To support decentralized permission delegation, we extend the WKD-IBE scheme to enable patients to authorize multiple doctors to grant access permissions collaboratively. This extension ensures controlled delegation by enforcing a predefined threshold of doctors and requiring consensus on the requested access scope. Additionally, we provide both theoretical and practical security analyses, along with an implementation to demonstrate the scheme’s real-world applicability. Experimental results demonstrate that our scheme achieves lower authorization latency and better scalability in collaborative healthcare scenarios while maintaining comparable encryption efficiency.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104273"},"PeriodicalIF":8.0000,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525001705","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Collaborative treatment has emerged as a crucial approach for improving the quality and efficiency of medical services in modern healthcare systems. To support this paradigm, secure access control over electronic health records (EHR) and flexible delegation of patient permissions are essential for enabling efficient, privacy-preserving data sharing. This paper proposes a fine-grained access control scheme with decentralized permission delegation tailored for medical collaboration scenarios. To ensure fine-grained access control, we adopt a hybrid encryption scheme that combines a dual-key regression tree with Identity-Based Encryption with Wildcard Key Derivation (WKD-IBE) for efficient and scalable key management. This integration enables access control based on data attributes rather than user identities and adheres to the principle of minimal data disclosure. To support decentralized permission delegation, we extend the WKD-IBE scheme to enable patients to authorize multiple doctors to grant access permissions collaboratively. This extension ensures controlled delegation by enforcing a predefined threshold of doctors and requiring consensus on the requested access scope. Additionally, we provide both theoretical and practical security analyses, along with an implementation to demonstrate the scheme’s real-world applicability. Experimental results demonstrate that our scheme achieves lower authorization latency and better scalability in collaborative healthcare scenarios while maintaining comparable encryption efficiency.

查看原文本刊更多论文

具有分散委托的细粒度访问控制，用于协作医疗保健系统

在现代医疗体系中，协作治疗已成为提高医疗服务质量和效率的重要途径。为了支持这种范例，对电子健康记录（EHR）的安全访问控制和灵活的患者权限授权对于实现高效、保护隐私的数据共享至关重要。本文提出了一种针对医疗协作场景的细粒度访问控制方案，该方案具有分散的权限授权。为了确保细粒度的访问控制，我们采用了一种混合加密方案，该方案将双密钥回归树与基于身份的加密和通配符密钥派生（WKD-IBE）相结合，以实现高效和可扩展的密钥管理。这种集成支持基于数据属性而不是用户身份的访问控制，并遵循最小化数据泄露的原则。为了支持分散的权限委托，我们扩展了WKD-IBE方案，使患者能够授权多个医生协作授予访问权限。这个扩展通过强制医生的预定义阈值和要求对请求的访问范围达成共识来确保受控委托。此外，我们还提供了理论和实践安全性分析，以及演示该方案在现实世界中的适用性的实现。实验结果表明，我们的方案在保持相当的加密效率的同时，在协作医疗场景中实现了更低的授权延迟和更好的可扩展性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.