| Ubiquitous home health system has the features of medical services industry and ubiquitous computing. Medical services industry is an information-intensive area, and information security is particularly important. As the third wave of computing paradigm, the signifigant characteristic in ubiquitous computing is the context-awareness. Applying this feature to home health care system changes the service concept of the entire medical services industry, and makes individuals'real-time health status and medical diagnostic data available any time, any where. So, it will greatly improve the quality of services of medical care. Compared with traditional health care service, ubiquitous home health care service has the ability of context-awareness. At the same time, this ability makes users'privacy disclosed or modified without the user's permission. So, it brings the enormous threat to users'privacy and impedes univeral large-scale deployment of the ubiquitous home heath system and applications. Therefore, how to preserve users'privacy in ubiquitous home heath system is a big challenge.This thesis investigates and studies the privacy issue of ubiquitous home heath environment. First, this thesis studies the privacy leakage ways. Then, it proposes a model uPPM (Ubiquitous home medical system Authentication Privacy Preserving Model) to preserve users'privacy in the process of authentication for ubiquitous home heath systems. The model uses uP3P (Ubiquitous Platform for Privacy Preference) standard technology, improved role-based access control policy and credible third-party organization. The credible third-party can prevent service provider from disclosing or abusing users'privacy. The uP3P privacy protection technology is used to prevent illegal collection of personal information, and it allows users to set their own privacy policies to strictly control the private information. Improved RBAC strategies for ubiquitous heath system hide users'private information behind the users' role completely. Its basic idea is to add context-aware and user operation object table to traditional RBAC. Context-aware makes uP3P to be suitable for ubiquitous environment, and the operation object table is used to specify users'illegal permission. Combining these three techniques, the proposed model uPPM cuts off the root of privacy disclosure and tampering, and gives the user ability to control privacy information to preserve user's privacy.Finally, the proposed model uPPM is analyzed by using the BAN logic formal analysis method. The results indicate that uPPM can preserve users'privacy in the process of authentication. What's more, uP3P is correct and secure. Meanwhile, the thesis makes comprehensive qualitative analysis of uPPM in its feasibility and efficiency. |
PDF Full Text Request