Spatial-Temporal Access Control for E-health Services

The transformation of healthcare from human-based to online services can expose e-health to the security threats as other online applications. The identities of legitimate e-health users need to be verified cautiously before the access privileges are granted. Since each treatment service of a patient occurs within a time interval and specific location, we propose to make use of time as well as the location as additional parameters in verifying that legitimate users are involved in services. In particular, we develop and implement a prototype of the Spatial-Temporal Access Control to authenticate and authorize users of e-health services, termed STAC-eHS. STAC-eHS is beneficial for e-health services since it allows system users to define the spatial and/or temporal constraints for e-health authentication and authorization decisions, thus, improving e-health system security and protection of patient’s privacy. We also perform experiments to evaluate STAC-eHS. The results show that STAC-eHS increases the accuracy of the detection of illegitimate users in an e-health system by about 3-12%, as compared to traditional RBAC, with a small delay of less than two seconds.