User Authentication in Smartphones for Telehealth

Authors

DOI:

https://doi.org/10.5195/ijt.2017.6226

Abstract

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity.  When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. 

Keywords: Authentication, Biometrics, HIPAA, Mobile security, Telehealth

  

Author Biographies

Leming Zhou, University of Pittsburgh

Assistant Professor, Department of Health Information Management

Valerie J.M. Watzlaf, University of Pittsburgh

Associate Professor, Department of Health Information Management

References

Al Ayubi, S. U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V., & Bourgeois, F. C. (2016). A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of “Bring Your Own Devices” Policies. JMIR mHealth uHealth, 4(2). https://doi.org/10.2196/mhealth.4424

Anjarwalla, T. Inventor of cell phone: We knew someday everybody would have one. Retrieved February 12, 2016, from http://www.cnn.com/2010/TECH/mobile/07/09/cooper.cell.phone.inventor/index.html

Apple. (2017). About Touch ID advanced security technology. Retrieved from https://support.apple.com/en-us/HT204587

Arora, S., Yttri, J., & Nilse, W. (2014). Privacy and Security in Mobile Health (mHealth) Research. Alcohol Research : Current Reviews, 36(1), 143–51. Retrieved from http://www.ncbi.nlm.nih.gov/pubmed/26259009

Barrett, C. (2011). Healthcare Providers May Violate HIPAA by Using Mobile Devices to Communicate with Patients. Retrieved July 25, 2017, from https://www.americanbar.org/newsletter/publications/aba_health_esource_home/aba_health_law_esource_1110_barrett.html

Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. The 2015 Network and Distributed System Security (NDSS) Symposium. https://doi.org/10.14722/usec.2015.23003

Clarke, N. L., & Furnell, S. M. (2007). Advanced user authentication for mobile devices. Computers & Security, 26(2), 109–119. https://doi.org/10.1016/j.cose.2006.08.008

Crawford, H., & Renaud, K. (2014). Understanding user perceptions of transparent authentication on a mobile device. Journal of Trust Management, 1(7), 1–29. https://doi.org/10.1186/2196-064X-1-7

Farhan Alam Zaidi, S., Ali Shah, M., Kamran, M., Javaid, Q., & Zhang, S. (2016). A Survey on Security for Smartphone Device. (IJACSA) International Journal of Advanced Computer Science and Applications, 7(4), 206–219. https://doi.org/10.14569/IJACSA.2016.070426

Fernandez-Aleman, J. L., Belen Sanchez Garcia, A., Garcia-Mateos, G., & Toval, A. (2015). Technical solutions for mitigating security threats caused by health professionals in clinical settings. In 2015 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC). Milan, Italy: IEEE. https://doi.org/10.1109/EMBC.2015.7318628

Gabriel, M., Charles, D., Henry, J., & Wilkins, T. L. (2015). State and National Trends of Two-Factor Authentication for Non-Federal Acute Care Hospitals. Retrieved July 31, 2017, from https://dashboard.healthit.gov/evaluations/data-briefs/hospital-two-factor-authentication.php

Guven, A., & Sogukpinar, I. (2003). Understanding users’ keystroke patterns for computer access security. Computers and Security, 22(8), 695–706. https://doi.org/10.1016/S0167-4048(03)00010-5

Jiang, L., & Meng, W. (2017). Smartphone User Authentication Using Touch Dynamics in the Big Data Era: Challenges and Opportunities. In R. Jiang, S. Al-maadeed, A. Bouridane, P. D. Crookes, & A. Beghdadi (Eds.), Biometric Security and Privacy: Opportunities {&} Challenges in The Big Data Era (pp. 163–178). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-47301-7_7

Kate, K., Hake, J., Ahire, S., & Shelke, H. (2017). International Journal of Science Technology Management and Research Authentication of Smartphone Users Using Behavioral Biometrics And OPass Technique, 2(1). Retrieved from http://www.ijstmr.com/wp-content/uploads/2017/01/IJSTMR_V2I1_0360.pdf

Koong, C.-S., Yang, T.-I., & Tseng, C.-C. (2014). A User Authentication Scheme Using Physiological and Behavioral Biometrics for Multitouch Devices. The Scientific World Journal, 2014, 1–12. https://doi.org/10.1155/2014/781234

Laghari, A., Waheed-ur-Rehman, & Memon, Z. A. (2016). Biometric authentication technique using smartphone sensor. 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), 381–384. https://doi.org/10.1109/IBCAST.2016.7429906

Landi, H. (2017). HHS OCR Launches Revised HIPAA Breach Reporting Tool. Retrieved July 31, 2017, from https://www.healthcare-informatics.com/news-item/cybersecurity/hhs-ocr-launches-revised-hipaa-breach-reporting-tool

Lee, J. D., Jeong, Y. S., & Park, J. H. (2014). A rhythm-based authentication scheme for smart media devices. Scientific World Journal, 2014. https://doi.org/10.1155/2014/781014

Luxton, D. D., Kayl, R. a., & Mishkind, M. C. (2012). mHealth Data Security: The Need for HIPAA-Compliant Standardization. Telemedicine and E-Health, 18(4), 284–288. https://doi.org/10.1089/tmj.2011.0180

Main Line Health. Multi-Factor Authentication Registration. Retrieved from https://www.mainlinehealth.org/employees/multi-factor-authentication-registration

Martinez-Perez, B., de la Torre-Diez, I., & Lopez-Coronado, M. (2014). Privacy and Security in Mobile Health Apps: A Review and Recommendations. Journal of Medical Systems, 39(1). https://doi.org/10.1007/s10916-014-0181-3

Office for Civil Rights. The Security Rule | HHS.gov. Retrieved September 26, 2016, from https://www.hhs.gov/hipaa/for-professionals/security/index.html

Office of the National Coordinator for Health Information Technology. Five steps organizations can take to manage mobile devices used by health care providers and professionals. Retrieved from https://www.healthit.gov/providers-professionals/five-steps-organizations-can-take-manage-mobile-devices-used-health-care-pro

Office of the National Coordinator for Health Information Technology. (2016). Breaches of Unsecured Protected Health Information. Retrieved July 25, 2017, from https://dashboard.healthit.gov/quickstats/pages/breaches-protected-health-information.php

Olmstead, K., & Smith, A. (2017). Americans and Cybersecurity. Pew Research Center, 1–5. Retrieved from http://www.pewinternet.org/2017/1/26/americans-and-cybersecurity/

Pennsylvania State University. Two-Factor Authentication (2FA). Retrieved July 31, 2017, from http://www.identity.psu.edu/services/authentication-services/two-factor/

Pew Research Center. (2017). Demographics of Mobile Device Ownership and Adoption in the United States | Pew Research Center. Retrieved July 19, 2017, from http://www.pewinternet.org/fact-sheet/mobile/

Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in Computing (5th Edition). Upper Saddle River, NJ: Prentice Hall Press. Retrieved from http://dl.acm.org/citation.cfm?id=2756777

Shafique, U., Khan, H., Sher, A., Zeb, A., Shafi, U., Ullah, R., … Ali Shah, M. (2017). Modern Authentication Techniques in Smart Phones : Security and Usability Perspective Sabah - ud - din Waqar. IJACSA ) International Journal of Advanced Computer Science and Applications, 8(1). https://doi.org/10.14569/IJACSA.2017.080142

Sharma, S., Pathik, B., & Sahu, S. K. (2017). Review of Malware Data Classification and Detection in Smart Devices, 202–209.

Shen, C., Yu, T., Yuan, S., Li, Y., & Guan, X. (2016). Performance analysis of motion-sensor behavior for user authentication on smartphones. Sensors (Switzerland), 16(3). https://doi.org/10.3390/s16030345

Souppaya, M., & Scarfone, K. (2013). Guidelines for Managing the Security of Mobile Devices in the Enterprise. https://doi.org/10.6028/NIST.SP.800-124r1

Suarez-Tangil, G., Tapiador, J. E., Lombardi, F., & Pietro, R. Di. (2016). Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware. IEEE Transactions on Mobile Computing, 15(4), 789–802. https://doi.org/10.1109/TMC.2015.2444847

Teh, P. S., Teoh, A. B. J., & Yue, S. (2013). A Survey of Keystroke Dynamics Biometrics, A Survey of Keystroke Dynamics Biometrics. The Scientific World Journal, The Scientific World Journal, 2013, 2013, e408280. https://doi.org/10.1155/2013/408280, 10.1155/2013/408280

Teh, P. S., Zhang, N., Teoh, A. B. J., & Chen, K. (2016). A survey on touch dynamics authentication in mobile devices. Computers and Security, 59, 210–235. https://doi.org/10.1016/j.cose.2016.03.003

Thacker, M. J., & Wilson, W. W. (2015). Telephony choices and the evolution of cell phones. Journal of Regulatory Economics, 48(1), 1–25. https://doi.org/10.1007/s11149-015-9274-2

U.S. Department of Health & Human Services - Office for Civil Rights. (n.d.). Retrieved July 31, 2017, from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

University of Miami. Multi-Factor Authentication. Retrieved July 31, 2017, from http://it.miami.edu/a-z-listing/multi-factor-authentication/

University of Pittsburgh. Multifactor Authentication at Pitt. Retrieved July 31, 2017, from http://technology.pitt.edu/services/multifactor-authentication-pitt

Yildirim, N., & Varol, A. (2015). Android Based Mobile Application Development for Web Login Authentication Using Fingerprint Recognition Feature. International Journal of Computer Science and Mobile Computing, 5(10). https://doi.org/10.1109/SIU.2015.7130436

Zubaydi, F., Saleh, A., Aloul, F., & Sagahyroon, A. (2015). Security of mobile health (mHealth) systems. 2015 IEEE 15th International Conference on Bioinformatics and Bioengineering, BIBE 2015, (November), 1–5. https://doi.org/10.1109/BIBE.2015.7367689

Downloads

Published

2017-11-20

How to Cite

Smith, K. A., Zhou, L., & Watzlaf, V. J. (2017). User Authentication in Smartphones for Telehealth. International Journal of Telerehabilitation, 9(2), 3–12. https://doi.org/10.5195/ijt.2017.6226

Issue

Vol. 9 No. 2 (2017)

Section

Privacy and Security

License

Authors who publish with this journal agree to the following terms:

  1. The Author retains copyright in the Work, where the term “Work” shall include all digital objects that may result in subsequent electronic publication or distribution.
  2. Upon acceptance of the Work, the author shall grant to the Publisher the right of first publication of the Work.
  3. The Author shall grant to the Publisher and its agents the nonexclusive perpetual right and license to publish, archive, and make accessible the Work in whole or in part in all forms of media now or hereafter known under a Creative Commons Attribution 4.0 International License or its equivalent, which, for the avoidance of doubt, allows others to copy, distribute, and transmit the Work under the following conditions:
    1. Attribution—other users must attribute the Work in the manner specified by the author as indicated on the journal Web site;
    with the understanding that the above condition can be waived with permission from the Author and that where the Work or any of its elements is in the public domain under applicable law, that status is in no way affected by the license.
  4. The Author is able to enter into separate, additional contractual arrangements for the nonexclusive distribution of the journal's published version of the Work (e.g., post it to an institutional repository or publish it in a book), as long as there is provided in the document an acknowledgement of its initial publication in this journal.
  5. Authors are permitted and encouraged to post online a prepublication manuscript (but not the Publisher’s final formatted PDF version of the Work) in institutional repositories or on their Websites prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work. Any such posting made before acceptance and publication of the Work shall be updated upon publication to include a reference to the Publisher-assigned DOI (Digital Object Identifier) and a link to the online abstract for the final published Work in the Journal.
  6. Upon Publisher’s request, the Author agrees to furnish promptly to Publisher, at the Author’s own expense, written evidence of the permissions, licenses, and consents for use of third-party material included within the Work, except as determined by Publisher to be covered by the principles of Fair Use.
  7. The Author represents and warrants that:
    1. the Work is the Author’s original work;
    2. the Author has not transferred, and will not transfer, exclusive rights in the Work to any third party;
    3. the Work is not pending review or under consideration by another publisher;
    4. the Work has not previously been published;
    5. the Work contains no misrepresentation or infringement of the Work or property of other authors or third parties; and
    6. the Work contains no libel, invasion of privacy, or other unlawful matter.
  8. The Author agrees to indemnify and hold Publisher harmless from Author’s breach of the representations and warranties contained in Paragraph 6 above, as well as any claim or proceeding relating to Publisher’s use and publication of any content contained in the Work, including third-party content.

Revised 7/16/2018. Revision Description: Removed outdated link. 

Most read articles by the same author(s)