搜索
ORIGINALPAPERARFIDGroupingProofProtocolforMedicationSafetyofInpatientHsieh-HongHuang&Cheng-YuanKuReceived:29May2008/Accepted:14August2008/Publishedonline:3September2008#SpringerScience+BusinessMedia,LLC2008AbstractInordertoprovideenhancedmedicationsafetyforinpatients,themedicalmechanismwhichadoptsthemodifiedgroupingproofprotocolisproposedinthispaper.Byusingthegroupingproofprotocol,themedicalstaffscouldconfirmtheauthenticationandintegrityofagroupofRadio-FrequencyIdentification(RFID)tagswhichareembeddedoninpatientbraceletsandthecontainersofdrugs.ThismechanismisdesignedtobecompatiblewithEPCglobalClass-1Generation-2standardwhichisthemostpopularspecificationofRFIDtags.Duetothelight-weightcomputationalcapacityofpassivetags,onlythepseudo-randomnumbergenerator(PRNG)andcyclicredundancycode(CRC)areallowedtobeusedinthecommunicationprotocol.Furthermore,apracticalscenarioofusingthisproposedmechanisminhospitaltoexaminethemedicationsafetyisalsopresented.KeywordsGroupingproof.RadioFrequencyIdentification.Class-1Generation-2standard.Pseudo-randomnumbergenerator.CyclicredundancycodeIntroductionMedicationerrorscausemanydeathseverydayandinjureevenmorepeopleallovertheworld.Hence,correctlyidentifyingpatientsanddrugsinhospitalbecomesmoreandmoreimportantbecauseitcanhelptopreventmedicationerrors[5].Castleetal.suggestedthatthebar-codeorsimilarITtoolcouldbeimplementedinnursingpractice,sothenursescoulddiscoveranyerroneoususeofdrugsimmediately[3].Recently,RFIDtechnologywithgroupingproofwasproposedtoreachintegratedauthenticationinmanyapplications.TheU.S.FoodandDrugAdministration(FDA)hadalsorecommendedpharmaceuticalmanufac-turerstoattachRFIDtagsinordertoimprovetrackingabilities.Nowadays,RFIDtechnologyhasbecomepopularduetoitsadvantagesoverotherautomaticdata-capturetechnology.ManyorganizationsinvariousindustrieshavegraduallyimplementedRFIDtechnologyintheirbusinessprocesses.Forexample,Walmart,U.S.DepartmentofDefense(DoD),andFDAarethemostfamouscases.Especiallyinthedomainofhealthcare,manyresearchershadnoticedthepotentialdevelopmentofRFIDtechnologyinpractice.Withtheprogressofcommunicationtechnolo-gy,RFIDcouldhelptocollectobjects’informationinordertoimprovethemedicalmanagement,suchasthepatientidentification,assetmanagement,preventionofmedicationerror…etc.Moreover,thereducedcostandimprovedqualityofRFIDdeviceshasmadeitsimplementationmorefeasible.AlotofRFIDresearchersnotonlyfocusedonRFIDapplicationsbutalsoonitssecurityandprivacyissues.Someofthemdesignedthecryptographicalgorithmstodefensevarioustypesofattack,suchaseavesdropping,man-in-the-middle,spoofing…andsoon.However,inJMedSyst(2009)33:467–474DOI10.1007/s10916-008-9207-zH.-H.Huang:C.-Y.Ku(*)DepartmentofInformationManagement,NationalChungChengUniversity,168,UniversityRoad,Min-Hsiung,Chia-Yi62102,Taiwane-mail:cooperku@mis.ccu.edu.twH.-H.Huange-mail:kory@dwu.edu.twH.-H.HuangDepartmentofInformationManagement,DiwanUniversity,87-1,Nanshih,Madou,Tainan72153,Taiwanordertofulfilltheabove-mentionedpurpose,therequire-mentofcomputationalcapacityisprettysignificant[10,24].Infact,theproblemofaccuracyandintegrityaremoreimportantthantheissuesofattackinhospitalundersomesituation.Forexample,RFIDcouldplayanimportantroletoassistmedicalstaffstodoublechecktheconsistenceandintegrityofagroupofobjects,suchasequipments,drugs,orevenpatients.ThisisapromisingwaytoreducetheprobabilityofmedicalerrorasmanyRFIDprofessionalspredict.In2004,Juelsfirstinitiatedtheconceptofgroupingproof,namedyoking-proof,andaimedtoproposeanoff-lineverifiableprotocolforthepurposeofmaintainingintegrity[13,14].MuchfurtherresearchwaspublishedafterJuels’spapers.Tothebestofourknowledge,mostofthesestudiesadoptedcryptographicalgorithmstodesignthecommunica-tionprotocols.However,EPCglobalClass-1Gen-2specifi-cationwhichisthemostpopularlight-weightRFIDtagsnowadaysdoesnotsupportcryptographicfunctionssuchashashfunction,symmetric-cipheralgorithmsandasymmetric-cipheralgorithms.Forthepurposeofpreventingmedicationerrors,wedesignapracticalauthenticationprotocolwhichiscompatiblewiththewide-usedClass-1Gen-2standard.Theproposedmechanism,eventhoughsimpler,stillkeepssomerequiredlevelofsecuritystrengthandintegrity.Thebuilt-infunctionsofClass1Gen-2standard,suchaspseudo-randomnumbergenerator(PRNG)andcyclicredundancycode(CRC)areusedtoimplementthegroupingproof.Finally,ascenariodescribinghowtheproposedprotocolworksandpreventsmedicationerrorispresented.BackgroundHowtoimprovepatientsafetyMedicationerrorsoccurfrequentlyandhowtopreventthemisquiteimportantmissionforhealthcareorganiza-tions.Inearlydays,mostofthecorrespondingresearchfocusedondesignofmanagerialmechanism,suchaszerodefectsphilosophy,qualitymodel,…andsoon[7].Aswellknown,humanalwaysmakesmistakes.Therefore,theinformationtechnologywasthenseriouslyconsideredtodecreasetheratesofmedicationerrors.OnemajorwayofenhancingpatientsafetystatedbyJointCommissiononAccreditationofHealthcareOrganization(JCAHO)istoimprovetheaccuracyofpatientidentification.Fortunately,theemergingautomaticidentificationtechnology,suchasRFIDanditsapplication,ha