AUTHENTICATION SYSTEM FOR MOBILE DEVICES FOR EXCHANGING MEDICAL DATA

摘要

An authentication system, a mobile electronic device, an instantiating unit and a method, as well as a computer program product are disclosed for the authentication of a patient against a central registry which exchanges data with a repository for the storage of medical data records. In an embodiment, an individualised application is loaded and installed on the mobile radio device in order to sign messages to the registry with a signature. The signature can be triggered in the registry to check the authenticity of the remote patient in order to provide data access.

主权项

1. An authentication system for the authentication of a respective mobile device from a plurality of mobile devices against a central server for the secure exchange of medical data between device and server, wherein the server is able to access a repository containing the medical data, comprising:
a central instantiating unit, to respectively instantiate a respective one of the plurality of mobile devices, wherein the instantiating unit is configured to respectively install an individualized device-specific application as an encryption unit on the respective mobile device and wherein the application is configured to store a key and a device ID in hidden form in a program memory of the respective mobile device, wherein the central instantiating unit is configured to store an association between device ID and key in a central protected memory; an encryption unit, installed locally on the respective mobile device, configured to generate a digital signature, wherein the digital signature is encrypted using the key stored by the instantiating unit and is generated from a signature prototype, comprising at least the device ID and a time stamp, and wherein the encryption unit is furthermore configured to send at least the digital signature and the device ID to the server; and a decryption unit, installed on the central server and including an access module to the central protected memory, configured to receive the digital signature sent by the respective mobile device with the device ID and configured to read out the respective associated key for decryption from the device ID by accessing the central protected memory in order to decrypt the received signature using the key and from the signature prototype to read out the device ID as a decryption result, wherein the decryption unit is further configured to compare the decryption result with the device ID for a match and when a match is found, the decryption unit is further configured to execute an access to the repository using the device ID which has been read out.