Information Technology Reference
In-Depth Information
mechanism to take authorization decisions.
Three information sources are identified:
◦
tion providing date, time and location
information, (2) personal information
providing general patient information
such as weight, height, age, and med-
ical history, and (3) the patient cur-
rent medical profile containing infor-
mation such as the body temperature,
blood pressure, heart rate, blood glu-
cose concentration, CBC count, etc.
◦
Access control policies:
the access
control policies identify, for each
context situation and user role, the set
of action rights that can be executed
by a medical staff. The access control
policies can be defined by the patient
or by a medical administrator. In all
cases, the policy rules should be vali-
dated by an authoritative healthcare
specialist to prevent any kind of bo-
gus rule specification that may jeop-
ardize the patient's safety or privacy.
2. The access control engine is responsible of
taking the final authorization decision after
analyzing the information from the data layer.
Access control roles:
this informa-
tion source defines the access roles of
the medical staff and the set of rights
assigned to each role. User roles are
protected from tampering by means
digital certificates. Sensor nodes can
authenticate the role specification by
verifying the digital certificate at-
tached to the role.
▪
It should be noted here that this
form of public-key certificate
verification represents a com-
pute-intensive task that affects
the performance and energy ef-
ficiency of the access control
system.
◦
Context information:
the context in-
formation mainly provides feedback
on the health situation of the patient.
In the presented system the context
data is grouped into three main cat-
egories: (1) environmental informa-
Figure 7. Privacy-safety tradeoff representation in BSNs
Search WWH ::
Custom Search