Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

TL;DR

This paper introduces a bio-cryptography framework using fingerprint and iris features to enhance key security in cryptography-based electronic health records, significantly improving efficiency and reducing false acceptance.

Contribution

It presents a novel bio-cryptography system for EHRs that leverages biometric features to secure cryptographic keys, addressing key management weaknesses.

Findings

Zero false acceptance rate for fuzzy vault and fuzzy commitment

Improved time efficiency in cryptographic EHR systems

Fuzzy vault outperforms fuzzy commitment in key reconstruction

Abstract

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction.