Secure information authentication protocol between patients and medical staff in a hospital environment

Recently, it has become possible for the hospital environment to provide medical services to patients anywhere by integrating IT technology in medical devices. However, medical services in the current environment face a problem in that identifiable patient information cannot be safely transferred to the medical staff when the patient is receiving medical services. In this paper, we propose a mandate-based signature authentication protocol that can safely deliver the personal information of patients to the medical personnel providing the medical services. In the proposed protocol, the patient information being delivered is encrypted with a signature key and random-generated number in order to avoid exposure to a third party capable of identifying the information of the patient. In addition, the proposed protocol maintains the synchronization between patients and staff based on the rating of the medical personnel in order to prevent the illegal abuse of patient information from a third party. In particular, the proposed protocol ensures access only to staff members who have received a mandate from the hospital to care for the patient. The performance and security of the proposed protocol are evaluated separately. In the performance evaluation, the proposed protocol‘s authentication latency showed an average improvement of 6.5% over the previous protocol. Throughtput was 8% higher than the previous protocol, and the authentication overhead improved by an average of 5.3%.