User Authentication in Smartphones for Telehealth

Authors

DOI:

https://doi.org/10.5195/ijt.2017.6226

Abstract

Many functions previously conducted on desktop computers are now performed on smartphones. Smartphones provide convenience, portability, and connectivity.  When smartphones are used in the conduct of telehealth, sensitive data is invariably accessed, rendering the devices in need of user authentication to ensure data protection. User authentication of smartphones can help mitigate potential Health Insurance Portability and Accountability Act (HIPAA) breaches and keep sensitive patient information protected, while also facilitating the convenience of smartphones within everyday life and healthcare. This paper presents and examines several types of authentication methods available to smartphone users to help ensure security of sensitive data from attackers. The applications of these authentication methods in telehealth are discussed. 

Keywords: Authentication, Biometrics, HIPAA, Mobile security, Telehealth

  

Author Biographies

Leming Zhou, University of Pittsburgh

Assistant Professor, Department of Health Information Management

Valerie J.M. Watzlaf, University of Pittsburgh

Associate Professor, Department of Health Information Management

References

Al Ayubi, S. U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V., & Bourgeois, F. C. (2016). A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of “Bring Your Own Devices” Policies. JMIR mHealth uHealth, 4(2). https://doi.org/10.2196/mhealth.4424

Anjarwalla, T. Inventor of cell phone: We knew someday everybody would have one. Retrieved February 12, 2016, from http://www.cnn.com/2010/TECH/mobile/07/09/cooper.cell.phone.inventor/index.html

Apple. (2017). About Touch ID advanced security technology. Retrieved from https://support.apple.com/en-us/HT204587

Arora, S., Yttri, J., & Nilse, W. (2014). Privacy and Security in Mobile Health (mHealth) Research. Alcohol Research : Current Reviews, 36(1), 143–51. Retrieved from http://www.ncbi.nlm.nih.gov/pubmed/26259009

Barrett, C. (2011). Healthcare Providers May Violate HIPAA by Using Mobile Devices to Communicate with Patients. Retrieved July 25, 2017, from https://www.americanbar.org/newsletter/publications/aba_health_esource_home/aba_health_law_esource_1110_barrett.html

Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. The 2015 Network and Distributed System Security (NDSS) Symposium. https://doi.org/10.14722/usec.2015.23003

Clarke, N. L., & Furnell, S. M. (2007). Advanced user authentication for mobile devices. Computers & Security, 26(2), 109–119. https://doi.org/10.1016/j.cose.2006.08.008

Crawford, H., & Renaud, K. (2014). Understanding user perceptions of transparent authentication on a mobile device. Journal of Trust Management, 1(7), 1–29. https://doi.org/10.1186/2196-064X-1-7

Farhan Alam Zaidi, S., Ali Shah, M., Kamran, M., Javaid, Q., & Zhang, S. (2016). A Survey on Security for Smartphone Device. (IJACSA) International Journal of Advanced Computer Science and Applications, 7(4), 206–219. https://doi.org/10.14569/IJACSA.2016.070426

Fernandez-Aleman, J. L., Belen Sanchez Garcia, A., Garcia-Mateos, G., & Toval, A. (2015). Technical solutions for mitigating security threats caused by health professionals in clinical settings. In 2015 37th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC). Milan, Italy: IEEE. https://doi.org/10.1109/EMBC.2015.7318628

Gabriel, M., Charles, D., Henry, J., & Wilkins, T. L. (2015). State and National Trends of Two-Factor Authentication for Non-Federal Acute Care Hospitals. Retrieved July 31, 2017, from https://dashboard.healthit.gov/evaluations/data-briefs/hospital-two-factor-authentication.php

Guven, A., & Sogukpinar, I. (2003). Understanding users’ keystroke patterns for computer access security. Computers and Security, 22(8), 695–706. https://doi.org/10.1016/S0167-4048(03)00010-5

Jiang, L., & Meng, W. (2017). Smartphone User Authentication Using Touch Dynamics in the Big Data Era: Challenges and Opportunities. In R. Jiang, S. Al-maadeed, A. Bouridane, P. D. Crookes, & A. Beghdadi (Eds.), Biometric Security and Privacy: Opportunities {&} Challenges in The Big Data Era (pp. 163–178). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-47301-7_7

Kate, K., Hake, J., Ahire, S., & Shelke, H. (2017). International Journal of Science Technology Management and Research Authentication of Smartphone Users Using Behavioral Biometrics And OPass Technique, 2(1). Retrieved from http://www.ijstmr.com/wp-content/uploads/2017/01/IJSTMR_V2I1_0360.pdf

Koong, C.-S., Yang, T.-I., & Tseng, C.-C. (2014). A User Authentication Scheme Using Physiological and Behavioral Biometrics for Multitouch Devices. The Scientific World Journal, 2014, 1–12. https://doi.org/10.1155/2014/781234

Laghari, A., Waheed-ur-Rehman, & Memon, Z. A. (2016). Biometric authentication technique using smartphone sensor. 2016 13th International Bhurban Conference on Applied Sciences and Technology (IBCAST), 381–384. https://doi.org/10.1109/IBCAST.2016.7429906

Landi, H. (2017). HHS OCR Launches Revised HIPAA Breach Reporting Tool. Retrieved July 31, 2017, from https://www.healthcare-informatics.com/news-item/cybersecurity/hhs-ocr-launches-revised-hipaa-breach-reporting-tool

Lee, J. D., Jeong, Y. S., & Park, J. H. (2014). A rhythm-based authentication scheme for smart media devices. Scientific World Journal, 2014. https://doi.org/10.1155/2014/781014

Luxton, D. D., Kayl, R. a., & Mishkind, M. C. (2012). mHealth Data Security: The Need for HIPAA-Compliant Standardization. Telemedicine and E-Health, 18(4), 284–288. https://doi.org/10.1089/tmj.2011.0180

Main Line Health. Multi-Factor Authentication Registration. Retrieved from https://www.mainlinehealth.org/employees/multi-factor-authentication-registration

Martinez-Perez, B., de la Torre-Diez, I., & Lopez-Coronado, M. (2014). Privacy and Security in Mobile Health Apps: A Review and Recommendations. Journal of Medical Systems, 39(1). https://doi.org/10.1007/s10916-014-0181-3

Office for Civil Rights. The Security Rule | HHS.gov. Retrieved September 26, 2016, from https://www.hhs.gov/hipaa/for-professionals/security/index.html

Office of the National Coordinator for Health Information Technology. Five steps organizations can take to manage mobile devices used by health care providers and professionals. Retrieved from https://www.healthit.gov/providers-professionals/five-steps-organizations-can-take-manage-mobile-devices-used-health-care-pro

Office of the National Coordinator for Health Information Technology. (2016). Breaches of Unsecured Protected Health Information. Retrieved July 25, 2017, from https://dashboard.healthit.gov/quickstats/pages/breaches-protected-health-information.php

Olmstead, K., & Smith, A. (2017). Americans and Cybersecurity. Pew Research Center, 1–5. Retrieved from http://www.pewinternet.org/2017/1/26/americans-and-cybersecurity/

Pennsylvania State University. Two-Factor Authentication (2FA). Retrieved July 31, 2017, from http://www.identity.psu.edu/services/authentication-services/two-factor/

Pew Research Center. (2017). Demographics of Mobile Device Ownership and Adoption in the United States | Pew Research Center. Retrieved July 19, 2017, from http://www.pewinternet.org/fact-sheet/mobile/

Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in Computing (5th Edition). Upper Saddle River, NJ: Prentice Hall Press. Retrieved from http://dl.acm.org/citation.cfm?id=2756777

Shafique, U., Khan, H., Sher, A., Zeb, A., Shafi, U., Ullah, R., … Ali Shah, M. (2017). Modern Authentication Techniques in Smart Phones : Security and Usability Perspective Sabah - ud - din Waqar. IJACSA ) International Journal of Advanced Computer Science and Applications, 8(1). https://doi.org/10.14569/IJACSA.2017.080142

Sharma, S., Pathik, B., & Sahu, S. K. (2017). Review of Malware Data Classification and Detection in Smart Devices, 202–209.

Shen, C., Yu, T., Yuan, S., Li, Y., & Guan, X. (2016). Performance analysis of motion-sensor behavior for user authentication on smartphones. Sensors (Switzerland), 16(3). https://doi.org/10.3390/s16030345

Souppaya, M., & Scarfone, K. (2013). Guidelines for Managing the Security of Mobile Devices in the Enterprise. https://doi.org/10.6028/NIST.SP.800-124r1

Suarez-Tangil, G., Tapiador, J. E., Lombardi, F., & Pietro, R. Di. (2016). Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware. IEEE Transactions on Mobile Computing, 15(4), 789–802. https://doi.org/10.1109/TMC.2015.2444847

Teh, P. S., Teoh, A. B. J., & Yue, S. (2013). A Survey of Keystroke Dynamics Biometrics, A Survey of Keystroke Dynamics Biometrics. The Scientific World Journal, The Scientific World Journal, 2013, 2013, e408280. https://doi.org/10.1155/2013/408280, 10.1155/2013/408280

Teh, P. S., Zhang, N., Teoh, A. B. J., & Chen, K. (2016). A survey on touch dynamics authentication in mobile devices. Computers and Security, 59, 210–235. https://doi.org/10.1016/j.cose.2016.03.003

Thacker, M. J., & Wilson, W. W. (2015). Telephony choices and the evolution of cell phones. Journal of Regulatory Economics, 48(1), 1–25. https://doi.org/10.1007/s11149-015-9274-2

U.S. Department of Health & Human Services - Office for Civil Rights. (n.d.). Retrieved July 31, 2017, from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

University of Miami. Multi-Factor Authentication. Retrieved July 31, 2017, from http://it.miami.edu/a-z-listing/multi-factor-authentication/

University of Pittsburgh. Multifactor Authentication at Pitt. Retrieved July 31, 2017, from http://technology.pitt.edu/services/multifactor-authentication-pitt

Yildirim, N., & Varol, A. (2015). Android Based Mobile Application Development for Web Login Authentication Using Fingerprint Recognition Feature. International Journal of Computer Science and Mobile Computing, 5(10). https://doi.org/10.1109/SIU.2015.7130436

Zubaydi, F., Saleh, A., Aloul, F., & Sagahyroon, A. (2015). Security of mobile health (mHealth) systems. 2015 IEEE 15th International Conference on Bioinformatics and Bioengineering, BIBE 2015, (November), 1–5. https://doi.org/10.1109/BIBE.2015.7367689

Published

2017-11-20

How to Cite

Smith, K. A., Zhou, L., & Watzlaf, V. J. (2017). User Authentication in Smartphones for Telehealth. International Journal of Telerehabilitation, 9(2), 3–12. https://doi.org/10.5195/ijt.2017.6226

Issue

Section

Privacy and Security

Most read articles by the same author(s)