Authentication in Health Services
Kirsi Helkala defended her doctoral thesis about authentication in health services this week.
-A superior aim with the research has been to identify use of authentication in health services, possible improvements and to develop new or improve existing mechanisms for authentication, Helkala says.
The health sector has, as the rest of the society, undergone an electronic revolution over the last years. But the health sector differs from other sectors by medical records makes a very complex system with a large number of users and sensitive medical information. From Autumn 2009 it was allowed to create a national database for medical records, and the database may be a reality within a few years.
A national database with medical records may save lives, but it is also a risk that sensitive medical information can be exposed. Therefore such a register needs to be strongly protected, where access control and authentication play an important part. Authentication is verification of alleged identity, and is used by logon to computers and access to information in a database. There are three main categories of authentication mechanisms and the categories can be characterized as something a user knows (password), something a user has (smartcard) or something a user is (fingerprints).
The research Helkala has done shows that traditional password authentication is the most common in the health corporation that was examined. -The challenge with password authentication is the poor quality of human
generated passwords. This may be the user's fault, but often the criteria for passwords defined in the systems are to general and the passwords can be weak, Helkala emphasizes.
The thesis presents a method for comparison of products that take user-, environment and maintenance characteristics into consideration. This makes it possible to consider products from different categories and a possibility to find the correct authentification product for a shown user situation. The thesis approaches the challenge with weak passwords by defining guidelines for three different password categories. The thesis presents a password quality measurement tool, a useful tool when passwords are generated.
In addition the thesis investigates two possible methods of biometrics that could be suitable for the health service environment; gait recognition and face recognition.
Kirsi Helkala defended her thesis at Faculty of Mathematics and Natural Sciences at University of Oslo. And she has performed her work regarding to the doctoral thesis at Norwegian Information Security laboratory at Gjøvik University College.
