Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Conceptual Design and Analysis of a Mobile Digital Identity for eHealth Applications

 
: Spychalski, Dominik; Rode, Olaf; Ritthaler, Markus; Raptis, Georgios

:

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Engineering in Medicine and Biology Society -EMBS-:
IEEE-EMBS International Conference on Biomedical and Health Informatics, BHI 2021. Conference Proceedings : Jointly organized with the IEEE EMBS International Conference on Wearable and Implantable Body Sensor Networks (BSN 2021), Virtual Conference, July 27-30, 2021
Piscataway, NJ: IEEE, 2021
ISBN: 978-1-6654-4770-6
ISBN: 978-1-6654-0358-0
4 S.
International Conference on Biomedical and Health Informatics (BHI) <2021, Online>
International Conference on Wearable and Implantable Body Sensor Networks (BSN) <17, 2021, Online>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()
digital identity; mobile security; eHealth; authentication scheme; identity management

Abstract
As mobile technology continues to improve, more and more professional services are being offered as mobile apps. This paradigm shift also affects eHealth applications. Digital identities in nation-wide eHealth infrastructures are often realized via smart cards, which however, do not support mobile applications well. In this paper we propose a concept of a mobile eID for eHealth based on smartphones with embedded secure hardware, an mobile authenticator app and an account manager as well as an Identity Provider (IdP) as backend services. The practical applicability of the concept is shown using the example of the German eHealth infrastructure. Our method generates a cryptographic key pair in secure hardware on the user’s smartphone, registers it on the IdP and uses it to authenticate on the IdP. The security of the private key and the integrity of the smartphone is also validated and attestated. The user’s established smartcard-based identity "Electronic Health Card" (EHC) forms the trust anchor. To authenticate against specialist eHealth apps the IdP issues standard-compliant OAuth2.0/OIDC tokens with a limited period of validity. Furthermore, in our security analysis we demonstrate that based on specific security requirements for smartphones and operating systems, at least the eIDAS security level "substantial" related to the technical security aspects of the system can be achieved. On the basis of this research German legislation was adjusted and "digital identities" supplementary to the smartcard-based EHC will be issued from 2023 in the German eHealth infrastructure.

: http://publica.fraunhofer.de/dokumente/N-638761.html