Greene Emily, Proctor Patrick, Kotz David
6211 Sudikoff Lab, Dartmouth College, Hanover NH 03755-3510.
Smart Health (Amst). 2019 Apr;12:49-65. doi: 10.1016/j.smhl.2018.01.003. Epub 2018 Apr 17.
Owners of mobile-health apps and devices often want to share their mHealth data with others, such as physicians, therapists, coaches, and caregivers. For privacy reasons, however, they typically want to share a limited subset of their information with each recipient according to their preferences. In this paper, we introduce ShareHealth, a scalable, usable, and practical system that allows mHealth-data owners to specify access-control policies and to cryptographically enforce those policies so that only parties with the proper corresponding permissions are able to decrypt data. The design and prototype implementation of this system make three contributions: (1) they apply cryptographically-enforced access-control measures to stream-based (specifically mHealth) data, (2) they recognize the temporal nature of mHealth data streams and support revocation of access to part or all of a data stream, and (3) they depart from the vendor- and device-specific silos of mHealth data by implementing a secure end-to-end system that can be applied to data collected from a variety of mHealth apps and devices.
移动健康应用程序和设备的所有者通常希望与他人共享他们的移动健康数据,比如医生、治疗师、教练和护理人员。然而,出于隐私考虑,他们通常希望根据自己的偏好,向每个接收者共享其信息的有限子集。在本文中,我们介绍了ShareHealth,这是一个可扩展、易用且实用的系统,它允许移动健康数据所有者指定访问控制策略,并通过加密方式执行这些策略,以便只有具有相应适当权限的各方才能解密数据。该系统的设计和原型实现有三个贡献:(1)它们将加密强制访问控制措施应用于基于流的(特别是移动健康)数据;(2)它们认识到移动健康数据流的时间特性,并支持撤销对部分或全部数据流的访问;(3)它们通过实现一个安全的端到端系统,打破了移动健康数据的供应商和设备特定的孤岛,该系统可应用于从各种移动健康应用程序和设备收集的数据。
