Creating an online identity via a username/password does not provide the ability to establish trust with other systems in order to get access to unauthorized information in a time-critical situation. Trust is the ability of two entities to believe one another at some level, so that they can interact in a secure manner, e.g., a physician at one hospital may need to obtain medical data on a patient from another hospital to treat a patient, facilitated if there is a trusted relationship. This chapter explores adaptive trust negotiation that obtains near real-time permission to access a system to which a user has never previously been authorized to, so that the system receiving the request can adjust its security policies depending on the attributes that the requester possesses. To accomplish this, a set of interacting systems (e.g., from different hospitals) can be augmented with identity management and adaptive trust negotiation to create a means where multiple disparate systems can make informed and dynamic security decisions about users relative to their defined security policies.
TopIntroduction
The ability to create, validate, and secure an online identity is a prerequisite for any system that utilizes the user's identity (username/password) to determine access rights to its data and to simultaneously prevent malicious individuals from masquerading as their legitimate service and hijacking user data. Typically, the username/password combination is the system's basis for retrieving and publicly communicating the user's identity and proof of identity to verify that they are the owner of the username and associated identity. In contrast, servers identify themselves by using Public Key Infrastructure (PKI), the domain name system, TLS/SSL, and certificates, which allows users to verify the server's identity. While this model is sufficient for basic client/server interaction involving communication mediums such as email, complex modern time-critical systems necessitate a more robust and responsive system to reach their full potential. For example, the health care domain requires the secure storage and access of information via identity management that has strict requirement on the privacy and security of personal health information (PHI) via the HIPAA standard (HIPAA, 1996). As recently noted (Meyers, 2014), there are increasing attacks on healthcare repositories that contain medical records of patients, including a major attack on a health insurer (Anthem, 2015).
Despite such attacks, there is an increased interested among medical providers (e.g., physicians, clinics, hospitals, imaging centers, testing laboratories, pharmacies, etc.) to share and exchange information (HealthIT.gov, 2014; Kelly, 2013; Mettler & Rohner, 2009) towards quality improvement for timely medical decisions that are able to take advantage of health data stored in multiple locations through the creation and utilization of health information exchange (HIE) (CTDPH, 2013a; JASON, 2014). In such a setting, the username/password combination may be insufficient. For example, a physician using an electronic health record (EHR) to store patient health data and has privileges to see patients at a hospital A which has its own electronic medical record (EMR) for past and current patients. When treating a patient in an emergency situation by a physician at hospital A (authorized to A’s EMR) for a cardiac event may need to see an EKG for the patient taken a week ago at hospital B (not authorized to B’s EMR) to compare the two EKGs as part of the treatment and assessment process. In such a situation, the physician is attempting to access data at another institution (with a different EMR) to which s/he has no username/password identity. This problem is complicated since patients are often treated by a cadre of medical professionals (specialists, therapists, etc., at multiple locations (State of Connecticut, 2013; The President's Council of Advisors on Science and Technology, 2010)), all with their own systems for storing patient data (Eichelberg, et al., 2005).