臺灣博碩士論文加值系統

隨著數位科技與網際網路的普及化，不僅使大眾的消費模式由原本的實體店面購買轉變成網路虛擬店鋪交易，雖然交易型態的改變帶來便利的生活及購物環境，但是對於網路交易的資訊安全以及產品服務品質皆存在著疑慮。然而，現今醫療資訊系統的轉變也陸續將實體紙本資料以數位資訊的方式呈現或保存，提供使用者透過網路快速分享並取得資訊。
在數位化的發展模式下，各醫療機構的傳統紙本資訊，包含病歷資料、護理資料、藥劑資料也逐漸發展成各種便於管理的資訊系統模式；如何將這些電子化的資訊妥善管理並整合成有用的資訊，以提供給合法授權的醫療人員使用，使醫療人員能夠更有效率的執行各種決策與管理，是目前最重要的議題。醫療資訊的內容，包含個人資料、醫療資訊等機密資訊，只要透過網路存取資料，就可能存在遭受攻擊或竊取資料的風險；倘若遭受線上惡意攻擊或資料遭竊取，非但個人隱私不保，甚至可能遭受財產或名譽損失。因此，隨著智慧型行動裝置愈加普及，所衍伸出的資安防護需求也開始於市場醞釀，該如何進行權限管控，保護存取的安全性，將是資訊分享是否得以有效獲得推展的關鍵，為了防範惡意的網路攻擊，必須建立一個有效且安全的存取控制系統。
本論文運用行動代理人的優點來克服異質性的系統環境，建構一個虛擬整合的醫療資訊分享模式，並且透過行動代理人收集分散在各個醫療機構的醫療資訊，達到跨醫療院所醫療資訊分享的目的，使用公開金鑰密碼系統和 Lagrange插值法提出一個存取控制與金鑰管理機制，來確保醫療資訊分享的安全性與機密性。此外，基於個人健康紀錄(PHR)均為患者自身的健康醫療資訊，因此，其隱私設定及存取權限則必須嚴格控管，個人健康紀錄系統除了提供具有存取權限之使用者合理存取之外，也需要避免無持有權限的單一使用者或是團體非法入侵存取。因此，本系統的安全性分析是以網路攻擊者的角度分析，且根據本論文分析結果顯示文中所提出的存取控制與金鑰管理機制可以有效率且安全地保護各醫療院所所分享的醫療資訊。

A procedure is with the digital technology and the internet become more and more common, they make people change their original consumption pattern. Originally, people purchase at physical stores while they change the way to internet virtual shops. Even though this kind of transaction type brings convenient life and shopping environment, internet transaction still exists some problems about information security and product’s quality. However, medical information system also replaces the paper data to digital information for presenting and storing. This provides users to share and acquire information immediately through internet.
Under the development of digitalization, the traditional paper information which includes medical records, nursing information, and pharmaceutical information. This information gradually develops into different kinds of information system modes and easily to manage; otherwise, how to properly store and integrate this electronic information into available information in order to offer the legal and authorized medical staff. This makes medical staff could implement the decision and manage efficiently. It becomes the most important issue recently. The content of medical information which includes confidential information such as personal and medical information might have been attacked or stolen through internet. If we suffer from hostility attack or data stolen, this situation would cause personal information be stolen and even lose property and reputation. Therefore, with the smart mobile devices become more and more common, the needs of information security also brew among the market. This form a problem that how to control the authority and protect the security will be the pivotal key to acquire effective develops. In order to prevent hostility attack form internet, we need to build an effective and secure system to store and control.
This paper uses the action agent’s benefit to overcome heterogeneous system environment to establish a medical information sharing mode which is virtual and integrated. Through action agent, we can collect each medical institution’s medical information in order to approach the purpose of sharing the information across medical facilities. Using the public key cryptography system and the Lagrange interpolation method to propose an access control and key management mechanism to ensure the safety and confidentiality of medical information sharing. Otherwise, Personal health records are the information of patient; therefore, the privacy settings and access must be strictly controlled. Besides providing access to users with access rights, the PHR system also needs to avoid unauthorized access to a single user or group without permission. Therefore, the security analysis of the system is based on the analysis of network attackers. According to the analysis of the results of this paper, it shows that the proposed access control and key management mechanism can be efficient and safe to protect the medical institutions to share the information.

目錄
中文摘要...........................................V
ABSTRACT.........................................VII
誌謝..............................................IX
List of Figures.................................XIII
List of Table....................................XIV
Chapter 1 Introduction...........................1
1.1 Overview...................................4
1.1.1 The Introduction of Electronic Medical Record
(EMR), Electronic Health Record (EHR), Personal
Health Record (PHR).....................6
1.1.2 National Health Insurance and Electrical
Patient Record Transmit Protocol........11
1.1.3 The Introduction of Mobile Agent........12
1.2 Research Motivation and Objectives.........15
1.3 Organization of the Dissertation...........18
Chapter 2 Mathematical Backgrounds...............20
2.1 Mobile Agents Background...................20
2.2 Lagrange Interpolation.....................23
2.3 Secure Dynamic Access Control scheme of PHR
Methodology................................25
2.4 Hash Function..............................29
2.5 Elliptic Curve Cryptosystems...............29
Chapter 3 Access Scheme for Controlling Mobile Agents and Its Application to Share Medical Information.....31
3.1 Integrated Medical Information System......31
3.2 The Process of Key Production..............34
3.3 The Process of Key’s Derivation............35
3.4 The Description of Example.................35
3.4.1 The Process of Deriving Permits Access
Polynomial..............................36
3.4.2 The Process of Key Derivation...........37
3.5 Security Analysis..........................39
3.5.1 External Collective Attack..............39
3.5.2 Reverse Attack .........................40
3.5.3 Collusion Attack........................42
3.5.4 Equation Breaking Attack................43
3.6 Summary....................................44
Chapter 4 Security Control Access of Personal Health Records in Healthcare Service....................45
4.1 Insecurity of Secure Dynamic access control scheme
of PHR.....................................46
4.1.1 Mathematical characteristics of polynomial
Ai(x)Bi(y)..............................46
4.1.2 The Mathematical Characteristics of Ai(x)Bi(y)
in Decrypting Polynomial ...............47
4.2 The Process of User Authority Setting......48
4.2.1 The Procedures of Methodology Approach
Establishment...........................49
4.2.2 The Evidence of Decryption Polynomial Security
Examination.............................50
4.2.3 The Security Examine of Decryption Polynomial
Gr(x,y).................................51
4.3 The Example of Member Access Demonstration.53
4.4 The Dynamic Access Control.................57
4.4.1 User Modification: Adding Member........58
4.4.2 User Modification: Removing Member......59
4.4.3 User Access: Authority Modification.....59
4.4.4 Confidential File Modification: Appending
File....................................60
4.4.5 Confidential File Modification: Removing
File....................................60
4.5 Security Analysis..........................61
4.5.1 External Attack.........................62
4.5.2 Insider Attack..........................63
4.5.3 Collaborative Attack....................66
4.5.4 Equation Attack.........................69
4.6 Summary....................................70
Chapter 5 Conclusion.............................72
Reference........................................74

Reference
[1]V.K. Nigam, S. Bhatia, “Impact of Cloud Computing on Health Care,” International Research Journal of Engineering and Technology (IRJET), Vol.3, No.5, pp.2804-2809.
[2]H. Ahmadi, M. Nilashi, L. Shahmoradi, O. Ibrahim, “Hospital Information System Adoption: Expert Perspectives on an Adoption Framework for Malaysian Public Hospitals,” Computers in Human Behavior, Vol.67, pp.161-189.
[3]J. Zang, V. L. Patel and T. R. Johnson, “Medical Error: Is Solution Medical or Cognitive?” Journal of the American Medical Informatics Association, Vol.9, pp.75–77, 2002.
[4]H. Sulaiman, and N. Wickramasinghe, “Assimilating Healthcare Information Systems in a Malaysian Hospital,” Communications of the Association for Information Systems, Vol.34, No.1, pp.66, 2014.
[5]S. Tsumoto, S. Hirano, Y. Tsumoto, “Quantitative Estimation of Software Quality in Hospital Information System,” Neuroscience and Biomedical Engineering, Vol. 4, No. 1, pp. 57-66, 2016.
[6]S. C. Chao, R. J. Chen, C. L. Wu, L. X. Li, and R. C. Chen, “Laboratory Integration,” Bulletin of Taiwan Society of Laboratory Medicine ,Vol.20 No.3, pp. 19-27, 2005.
[7]W. S. Jian, Y. C. Li, D. D. Tang, and C. H. Hu, “Building A Prototype Of Medical Information Exchange Center,” The Journal of Taiwan Association for Medical Informatics, Vol.6, pp.54-66,1997.
[8]Ministry of Health and Welfare- Electronic Medical Record Exchange Center, Report Retrieved 2014/04/30, from http://eec.mohw.gov.tw/.
[9]H. R. Hassen, A. Bouabdallah, H. Bettahar, and Y. Challal, “Key Management for Content Access Control in a Hierarchy,” Computer Network, Vol. 51, No. 11, pp. 3197-3219, 2007.
[10]S. S. Shete and C. S. Kulkarni, “Database Security using Role-Based Access Control System,” International Journal of Engineering Science and Computing, Vol.6, No.6, pp.8047-5053,2016.
[11]C. C. Chang, I. Lin, H. Tsai, and H. Wang, “A Key Assignment Scheme for Controlling Access in Partially Ordered User Hierarchies,” International Conference on Advanced Information Networking and Application (AINA'04), Vol. 2, pp. 376-379, 2004.
[12]D. E. Denning, S. G. Akl, M. Morgenstern, and P. G. Neumann, “Views for Multilevel Database Security,” IEEE Symposium on Security and Privacy, Oakland, Vol. 13, No. 2, pp. 129-140, 1987.
[13]D.A. Albertini, B. Carminati and E. Ferrari, “An Extended Access Control Mechanism Exploiting Data Dependencies,” International Journal of Information Security,Vol.16, No.1, pp.75-89, 2016.
[14]F. Karimi and M. Esmaeilpour, “A Dynamic Media Access Control Protocol For Controlling Congestion In Wireless Sensor Network By Using Fuzzy Logic System And Learning Automata,” International Journal of Computer Science and Information Security, Vol.14, No.4, pp.445-460, 2016.
[15]Y Zhou, E Peng, C Guo, “A Random-Walk Based Privacy-Preserving Access Control for Online Social Networks,” International Journal of Advanced Computer Science and Applications, Vol.7, No.2,pp.74-79, 2016.
[16]J. McHugh, and A. P. Moore, “A Security Policy and Formal Top Level Specification for a Multilevel Secure Local Area Network,” IEEE Symposium on Security and Privacy, pp. 34-39, 1986.
[17]K. Onarliogluamd and W. Robertson, “Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems,” International Conference on Dependable Systems and Networks, pp.443-454, 2016.
[18]L. J. Fraim, “A Solution to Multilevel Security Problem,” IEEE Transactions on Computer, Vol. 16, No. 7, pp. 26-34, 1983.
[19]P. Xiao, J. H. He, and Y. F. Fu, “Distributed Group Key Management in Wireless Mesh Networks,” International Journal of Security and Its Applications, Vol. 6, No. 2, pp. 115-120, 2012.
[20]K. V. Babu, O. S. Rao, and Dr. M. K. Prasad, “Secured Tree Based Key Management in Wireless Broadcast Services,” International Journal of Engineering Science and Technology, Vol. 4, No. 2, pp. 523-529, 2012.
[21]E. Bertino, N. Shang, and S. S. Wagstaff, “An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting,” IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 2, pp. 65-70, 2008.
[22]B. Thuraisingham, “Security and Privacy for Multimedia Database Management Systems,” Multimedia Tools and Applications, Vol. 33, No. 1, pp. 13-29, 2007.
[23]J. Bogaerts, B. Lagaisse and W. Joosen, “Idea: Supporting Policy-Based Access Control on Database Systems,” International Symposium on Engineering Secure Software and Systems, pp.251-259,2016.
[24]Z. Zhao, B. Liu, and J. Li, “Research and Design of Database Encryption System Based on External DBMS,” Computer Engineering and Design, Vol. 29, No. 12, pp. 3030-3032, 2008.
[25]N. C. Rathore and S Tripathy, “A Trust-based Collaborative Access Control Model with Policy Aggregation for Online Social Networks,” Social Network Analysis and Mining, Vol.7, No.7, 2017.
[26]M. Ni, Y. Zhang, W. Han and J. Pang, “An Empirical Study on User Access Control in Online Social Networks,” Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, pp.13-23,2016.
[27]Y. Cheng, J. Park and R Sandhu, “An Access Control Model for Online Social Networks Using User-to-User Relationships,” IEEE Transactions on Dependable and Secure Computing, Vol.13, No.4, pp.424-436,2016.
[28]K. W. Kongsgard, N. A. Nordbotten, F. Mancini, and P. E. Engelstad, “Data Loss Prevention Based on Text Classification in Controlled Environments,” International Conference on Information Systems Security, pp.131-150,2016.
[29]D. E. Marcinko, and H. R. Hetico, “Dictionary of Health Information Technology and Security,” Springer Publishing Company, New York, 2007.
[30]D. Petrakaki, E. Klecun, and T. Cornford, “Changes in Healthcare Professional Work Afforded by Technology: The Introduction of a National Electronic Patient Record in an English Hospital,” Organization, pp.1-21, 2014.
[31]D. Michael and M.D. Ries, “Electronic Medical Records: Friends or Foes?,” Clinical Orthopedics and Related Research, Vol.472, No.1, pp.16-21, 2014.
[32]C. H. Chang, T. H. Lee, Y. J. Chang, K. C. Chang, M. Shieh, and Y. Shieh,“Novel Electronic Medical Record-Based Stroke Registry System,” 2014 IEEE International Conference on Consumer Electronics (ICCE), pp.185-186, 2014.
[33]J. S Alpert, “The Electronic Medical Record in 2016: Advantages and Disadvantages,” Digital Medicine, Vol.2, No.2, pp.48-51, 2016.
[34]C. Safran and H. Goldberga, “Electronic Patient Records and the Impact of the Internet,” International Journal of Medical Informatics, Vol. 60, Issue 2, 1, pp. 77-83, 2000.
[35]L. L. Dimitropoulos, “Privacy and Security Solutions for Interoperable Health Information Exchange: Interim Assessment of Variation Executive Summary”, Research Triangle Institute International, pp.1-2, 2007.
[36]P. Ray and J. Wimalasiri, “The Need for Technical Solutions for Maintaining the Privacy of HER,” Engineering in Medicine and Biology Society, Vol. 1, pp. 4686-4689, 2006.
[37]I. Vaghefi, J. B. Hughes, S. Law, M. Lortie, C. Leaver, L. Lapointe, “Understanding the Impact of Electronic Medical Record Use on Practice-Based Population Health Management: A Mixed-Method Study,” Journal of Medical Internet Research Medical Informatics, Vol.4, No.2, 2016.
[38]M. Y. Becker and P. Sewell, “Cassandra: Flexible Trust Management, Applied to Electronic Health Records,” Proceedings of the 17th IEEE workshop on Computer Security Foundations, pp. 139, June 28-30, 2004.
[39]J. Jin, G. J. Ahn, H. Hu, M. J. Covington and X. Zhang, “Patient-centric Authorization Framework for Sharing Electronic Health Records,” Proceedings of the 14th ACM symposium on Access control models and technologies SACMAT 09, pp. 125-134, 2009.
[40]K. Carberry, Z. Landman, M. Xie, T. Feeley, J. Henderson, Jr. C. Fraser, “Incorporating Longitudinal Pediatric Patient-centered Outcome Measure Mention to the Clinical Workflow Using a Commercial Electronic Health Record: a Step toward Increasing Value for the Patient,” Journal of the American Medical Informatics Association,Vol.23, No.1,pp.88-93, 2016.
[41]M. J. Rho, S. R. Kim, S. H. Park, K. S. Jang, B. J. Park, J. Y. Hong, and I. Y. Choi, “Common Data Model for Decision Support System of Adverse Drug Reaction to Extract Knowledge from Multi-center Database,” Information Technology and Management,Vol.17, No.1, pp.57-66, 2016.
[42]S. L. West, W. Johnson, W. Visscher, M. Kluckman, Y. Qin, and A .Larsen, “The Challenges of Linking Health Insurer Claims with Electronic Medical Records,” Health Informatics Journal, Vol.20, No.1, pp.22-34, 2014.
[43]D. M. Rind, C. Safran, R. S. Phillips, Q. Wang, D. R. Calkins, T. L. Delbanco H. L. Bleich, and W. V. Slack, “Effect of Computer-Based Alerts on the Treatment and Outcomes of Hospitalized Patients,” Archives of Internal Medicine journal, Vol.154, No.13,pp.1511-1517,1994.
[44]S.J. McPhee, J. A. Bird, D. Fordham, J. E. Rodnick, and E. H. Osborn,“ Promoting Cancer Prevention Activities by Primary Care Physicians Results of a Randomized, Controlled Trial,” The Journal of the American Medical Association,Vol.266, No.4, pp.538-544, 1991.
[45]I. Reychav, R. Kumi, R. Sabherwal, and J. Azuri,“Using tablets in medical consultations: Single loop and double loop learning processes,” Computers in Human Behavior, Vol.61, pp.415-426,2016.
[46]Congressional Budget Office. Evidence on the costs and benefits of health information technology, 2008. Available at: http://www.cbo.gov/ftp docs/91xx/doc9168/05-20-healthit. Pdf.
[47]C. P. Waegemann, Status Report 2002: Electronic Health Records: Medical Records Institute; 2002.
[48]S. Bowman, “Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications,” Perspectives in Health Information Management, 10(Fall), 2013.
[49]N. G. Weiskopf, and C. Weng, “Methods and Dimensions of Electronic Health Record Data Quality Assessment: Enabling Reuse for Clinical Research,” Journal of the American Medical Informatics Association, Vol.20, No.1, pp.144–151, 2013.
[50]J. S. Kahn, V. Aulakh and A. Boswort, “What it Takes: Characteristics of the Ideal Personal Health Record,” Health Affairs (Millwood), Vol.28, No.2, pp.369-376, 2009.
[51]W. B. Lober, B. Zierler, A. Herbaugh, S. E. Shinstrom, A. Stolyar, E. H. Kim, and Y. Kim, “Barriers to the Use of a Personal Health Record by an Elderly Population,”pp.514-518,2006.
[52]I. Iakovidis, “Towards Personal Health Record: Current Situation, Obstacles and Trends in Implementation of Electronic Healthcare Record in Europe,” International Journal of Medical Informatics, Vol.52, No.1, pp.105-115, 1998.
[53]World Health Organization. Preventing chronic diseases: a vital investment. Geneva: World Health Organization, 2005.
[54]G Ford, M Compton, G Millett, and A Tzortzis, “The Role of Digital Disruption in Healthcare Service Innovation,” Service Business Model Innovation in Healthcare and Hospital Management, pp.57-70, 2016.
[55]L. Jarvenpaa, M. Lintinen, A. L. Mattila, T. Mikkonen, K. Systa, J. P. Voutilainen, “Mobile Agents for the Internet of Things,” In: 17th International Conference on System Theory, Control and Computing (ICSTCC), pp. 763–767, 2013.
[56]M. G. Geruti, “Mobile Agent in Network-Centric Warfare,” Autonomous Decentralized Systems 2001, Proceedings 5th International Symposium, pp.243-246, 2001.
[57]E. Bierman, T. Pretoria and E. Cloete, “Classification of Malicious Host Threats in Mobile Agent Computing,” Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, No. 5, pp. 34-49, 2002.
[58]P. Mell and T. Grance, “Effectively and Securely Using the Cloud Computing Paradigm,” National Institute of Standards and Technology, 2009.
[59]K. Julisch and M. Hall, “Security and Control in the Cloud,” Information Security Journal: A Global Perspective, Taylor & Francis, Vol. 19, No. 6, pp. 299-309, 2010.
[60]M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica and M. Zaharia, “Above the Clouds: A Berkeley View of Cloud Computing,” EECS Department, University of California, Berkeley, 2009.
[61]E. Bierman, T. Pretoria, and E. Cloete, “Classification of Malicious Host Threats in Mobile Agent Computing,” The South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, pp. 141-148, 2002.
[62]N. Borselius, “Mobile Agent Security,” Electronics & Communication Engineering Journal, pp.211-218, 2002.
[63]A. Vijayalakshmi, T. G. Palanivelu, “Enhanced Security for Wireless Sensor Networks Using Smart Mobile Agents,” Indian Journal of Science and Technology,Vol.39, No.35, pp.1-5, 2016.
[64]N. Borselius, “Mobile Agent Security,” Electronics & Communication Engineering Journal, Vol.14, No.5, pp.211-218, 2002.
[65]N. M. Karnik and A. R. Tripathi, “Design Issues in Mobile-Agent Programming Systems,” IEEE Concurrency, Vol.6, Issue.3, pp.52-61, 1998.
[66]D. Marsh, R. Tynan, D. O’Kane, and G. M. P. O’Hare, “Autonomic Wireless Sensor Networks,” Engineering Applications of Artificial Intelligence, Vol. 17, No. 7, pp. 741–748, 2004.
[67]B. Safarinejadian and K. Hasanpoor, “Multi-sensor Optimal Information Fusion Kalman Filter with Mobile Agents in Ring Sensor Networks,” in Proc.21st ICEE, Mashhad, Iran, pp. 1–6, 2013.
[68]D. Massaguer, C. L. Fok, N. Venkatasubramanian, G. C. Roman, and C. Lu, “Exploring Sensor Networks Using Mobile Agents,” in Proc. AAMAS5th Int. Joint Conf. Auton. Agents Multiagent Syst., New York, pp. 323–325,2006.
[69]A. P. Vu and K. Ahmed, “Mobile Software Agents: An Overview,” IEEE Communications Magazine, Vol.36, Issue.7, pp.26-37, 1998.
[70]T. S. Chen, Y. F. Chung and C. S. Tian, “A Novel Key Management Scheme for Dynamic Access Control in a User Hierarchy,” International Journal of Network Security, Vol. 12, No.3, pp. 178-180, 2011.
[71]N.R. Jennigs, K. Sycara and M. Wooldridge, “A Roadmap of Agent Research and Development,” Autonomous Agents and Multi-Agent Systems, Vol.1, No.1, pp. 7-38, 1998.
[72]B Safarinejadian and K Hasanpour, “Distributed Data Clustering Using Mobile Agents and EM Algorithm,” IEEE Systems Journal,Vol.10, No.1, pp.281-289,2016.
[73]R. Volker, and J. S. Mehrdad, “Access Control and Key Management for Mobile Agents,” Computer and Graphics, Vol. 22, No. 4, pp. 457- 461, 1998.
[74]T. S. Chen, C. H. Liu, T. L. Chen, C. S. Chen amd J. S. Bau, “Secure Dynamic Access Control Scheme of PHR in Cloud Computing,” Journal of Medical Systems, Vol.36, No.6, pp.4005-4020,2012.
[75]J. V. Deshpande, “On Continuity of a Partial Order,” Proceedings of the American Mathematical Society, Vol. 19, No. 2,pp.383-386,1968.
[76]J. H. Li, “Hierarchy-Based Key Assignment Scheme with Date-Constraint,” Master Thesis, Feng Chia University, Taichung, 2004.
[77]D. E. Knuth, The Art of Computer Programming, 3rd Ed., Addison-Wesley, Reading, MA, 1998.
[78]N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, Vol. 48, No. 177, pp. 203-209, 1987.
[79]V. S. Miller, “Use of Elliptic Curves in Cryptography,” Conference on the Theory and Application of Cryptographic Techniques, Vol. 218, pp. 417-426, 1986.
[80]H. B. Chen, W. B. Lee, C. W. Liao, and C. H. Huang, “Efficient Hierarchical Access Control and Key Management for Mobile Agents,” the First International Workshop on Privacy and Security in Agent-based Collaborative Environments, pp. 120-127, 2006.
[81]C. W. Shieh, “An Efficient Design of Elliptic Curve Cryptography Processor,” Master Thesis, Tatung University, Taipei, 2006.
[82]S. T. Wu, “Authentication and Group Secure Communications Using Elliptic Curve Cryptography,” Doctoral Dissertation, National Taiwan University of Science and Technology, Taipei, 2005.
[83]J. S. Cheng, “An Application of Public Key Cryptosystem on Personal Health Records,” National Chiayi University Department of Applied Mathematics, pp.1-30, 2014.
[84]Y. T. Liao, T. L. Chen, Y. F. Chung, Y. X. Chen, and J. H. Hwang, “Access Scheme for Controlling Mobile Agents and Its Application to Share Medical Information,” Journal of Medical Systems, Vol. 40 No. 5, pp. 1-7, 2016.
[85]T. L. Chen, Y. T. Liao, Y. F. Chang, J. H. Hwang, “Security Approach to Controlling Access to Personal Health Records in Healthcare Service,” Security and Communication Networks, Vol. 9, No.7, pp. 652–666, 2016.