A security scheme for distributing analysis codes supporting CDM-based research in a multi-center environment
- Authors
- Jeon, S.; Shin, C.; Ko, E.; Moon, J.
- Issue Date
- Nov-2022
- Publisher
- Elsevier Ireland Ltd
- Keywords
- Common data model; Kerberos; Multi-centered medical research; Secure distribution-protocol
- Citation
- Computer Methods and Programs in Biomedicine, v.226
- Indexed
- SCIE
SCOPUS
- Journal Title
- Computer Methods and Programs in Biomedicine
- Volume
- 226
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/146974
- DOI
- 10.1016/j.cmpb.2022.107159
- ISSN
- 0169-2607
1872-7565
- Abstract
- Background: Although the common data model (CDM) has achieved a standardization of medical data and a de-identification of personal patient information, hospitals still store CDM data in an on-premises environment, making it difficult for researchers to access medical data. Objective: In this study, for easy access to CDM data in a multi-institutional participatory CDM research environment and to encourage data-driven research, researchers outside hospital networks securely access and analyze CDM data in the target medical center, analyze it, and respond to the results through a public network. We propose an automated security framework that operates on a public network, such as the Internet. Method: The proposed scheme allows authenticated researchers to securely deliver CDM data analysis codes to a medical institution distributed on the network. The institutional servers automatically execute authenticated codes and return the results to the researcher safely. For this purpose, we designed a scheme based on cryptography. The scheme operates on a group of servers consisting of an authentication process, a signing process, a ticket-granting process, a relaying process, and a data analysis process located at the hospital providing medical CDM data. The scheme consists of four phases for a secure medical data analysis in a distributed environment: authentication, code signing, ticket issuing, and distribution and return. Results: Although the CDM has de-identified patient privacy, the issue still needs to be carefully addressed. Therefore, we established four security objectives to verify that the proposed scheme can be operated safely and formally proved them using BAN logic. Conclusion: As a result of the proof using BAN logic, the proposed scheme was verified to achieve the proposed security goal. Although this scheme was designed solely for CDM, it can be applied to systems with similar environments and functional goals. © 2022 Elsevier B.V.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Science and Technology > Department of Electronics and Information Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.