An increasing need for data exchange among different parties involved in a care cycle ranging from traditional healthcare to home healthcare and wellness services has made secure management of health data a real issue. Other application fields have also seen an increasing interest in secure data transmission and management. Current approaches to health data management are based on traditional security mechanisms complemented with physical and administrative procedures. This combination results in a limited availability of health information and cumbersome exchange of health records. Digital policy management and enforcement technologies outperform the traditional mechanisms and procedures by offering (1) end-to-end privacy and security in heterogeneous networks, protecting data independently of the infrastructure over which the data travel and of institutional boundaries; (2) usage control on top of attribute-based access control mechanisms, which is important in healthcare applications; and (3) simple interoperable security architecture that allows systems to be developed in a network agnostic way, obviating the need for network specific security provisions and hence reducing implementation and maintenance costs. However, the cryptographic algorithms that are needed in secure data exchange may be computationally intensive.
J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-Policy Attribute-Based Encryption”, Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 321-334, 2007, discloses a digital data security and management system based on an attribute-based encryption scheme (ABE), such as a ciphertext-policy ABE scheme (CP-ABE). In this scheme data are encrypted according to an access structure, also referred to as access control policy, so that only the users with the correct attributes can decrypt the data. To be able to decrypt the data, a user gets from the trusted authority a specific private key that corresponds to the set of certified attributes he/she possesses.
Joseph A. Akinyele et al., “Self-Protecting Electronic Medical Records Using Attribute-Based Encryption”, http://eprint.iacr.org/2010/565. pdf, discloses an implementation of a CP-ABE scheme on a portable device for protection of electronic medical records.
M. Green, S. Hohenberger, B. Waters, “Outsourcing the Decryption of ABE Ciphertexts”, Proceedings of USENIX Security, 2011, discloses a method comprising a user providing the cloud with a single transformation key that allows the cloud to translate any ABE ciphertext satisfied by that user's attributes into an El Gamal-style ciphertext, without the server being able to read the user's messages. The resulting El Gamal-style ciphertext is then transmitted to the user, and the user can decrypt it.