Integrating the Lightweight Authentication Protocol (LAP) with access control mechanisms in wireless health care information systems

Health information networks are expected to support information exchange that is authentic, accurate, private and available when, where and to whom is needed. With the increase of the shared medical information and resources in healthcare wireless information systems, unauthorized access to the information by illegal users also increases. The security of the transmitted information is a vital issue. In this paper, we report on the development of the Lightweight Authentication Protocol (LAP), which makes a mobile and distributed system more secure and flexible and we implement it in a Health Care Environment where the clinicians use mobile and wireless devices like PDAs. We also provide an indicative example of integrating the LAP with access control mechanisms. Context-based Team Access Control (C-TMAC) model is used in this example, since it provides great flexibility on user-permissions management in collaborative healthcare environments. LAP is indeed capable to support efficiently the advanced authorization procedures of such demanding active security models.