OUP user menu

★ Position Paper ★

Wireless Technology Infrastructures for Authentication of Patients
PKI that Rings

Ulrich Sax, Isaac Kohane, Kenneth D. Mandl
DOI: http://dx.doi.org/10.1197/jamia.M1681 263-268 First published online: 1 May 2005


As the public interest in consumer-driven electronic health care applications rises, so do concerns about the privacy and security of these applications. Achieving a balance between providing the necessary security while promoting user acceptance is a major obstacle in large-scale deployment of applications such as personal health records (PHRs). Robust and reliable forms of authentication are needed for PHRs, as the record will often contain sensitive and protected health information, including the patient's own annotations. Since the health care industry per se is unlikely to succeed at single-handedly developing and deploying a large scale, national authentication infrastructure, it makes sense to leverage existing hardware, software, and networks. This report proposes a new model for authentication of users to health care information applications, leveraging wireless mobile devices. Cell phones are widely distributed, have high user acceptance, and offer advanced security protocols.

The authors propose harnessing this technology for the strong authentication of individuals by creating a registration authority and an authentication service, and examine the problems and promise of such a system.

More than seven years after the National Academy of Sciences and the National Research Council called for more stringent authentication measures for access to electronic medical records,1 most medical applications still rely on simple username and password for identification and authentication of the patient.2,–10 More advanced authentication methods, such as public key encryption, have failed to gain a foothold, never achieving user acceptance, nor spawning the massive infrastructure required. Implementing increasingly secure approaches will be particularly challenging for the evolving suite of consumer health applications, since the technology must be accessible even to citizens with very limited experience using computers. The efforts to develop a robust infrastructure for consumer-driven health applications, such as personally controlled health records,516 in the absence of a universal health care identifier17,18 bring the problem of authentication to the forefront of challenges in medical informatics.

Conventional wisdom dictates that secure authentication requires the user to meet at least two of the following criteria: to present something she knows, something indicating where she is located, something related to who she is, or something she carries.4 An increasing portion of the population carries wireless mobile devices, mostly cellular telephones.19,20 Access to this rapidly advancing equipment cuts a broad swath across the socioeconomic spectrum.21 Cell phones are currently in use in several health care projects and are being used for data display and even basic authentication.2225

Cell phone technology represents a potentially viable way of solving the authentication problem at local, regional, and national levels. This report proposes a new model for authentication of users to health care information applications leveraging wireless mobile devices and critically examines its problems and promise.

State of the Art Authentication Methods

Authentication is the identification of a person or machine and the subsequent verification of that identity claim. The first generation of consumer health applications, including personally controlled health records, rely solely on username and password, the most basic and least secure method to verify a claim of identity.510,14,26 Protocols for assigning and maintaining user names (identifying a user to the system) and passwords (a shared secret to verify the identity of the user) are standard. Consumers familiar with a host of non–health care–related websites readily understand their use. Passwords, however, can be easily compromised, using social engineering27 or simple attack methods such as key loggers and password crackers.28,29

Strong authentication, on the other hand, enables users to provide evidence that they know a particular secret without actually revealing that secret.30 The most well known strong authentication system is pubic key encryption and the related public key infrastructure (PKI).31 PKI provides a method to ensure that the sender can encrypt a message, which the receiver can decrypt, while preventing anyone who intercepts the message from reading it.32 The sender and receiver get a pair of public and private keys. These keys are mathematically related. To encrypt a message for a certain receiver, the sender uses the receiver's public key for encryption. Only the intended receiver can decrypt this message with his private key. PKI requires a certification authority for issuing digital certificates, a registration authority maintaining the records of the PKI users in a directory service, a policy framework governing certificate issuance and cancellation, and PKI-enabled applications.

It was long assumed that PKI would be widely adopted; however, to date, the technology has proven expensive and too complex for information technology (IT) professionals and end users.3337 Several electronic health record projects encountered substantial difficulties implementing PKI, the most challenging being key distribution and end user support.33,38 The 2002 Medical Records Institute Status Report on Electronic Health Records in the United States10 found only 10% of the respondents using public key encryption for health record authentication.

Another approach to authentication is biometrics, identifying individuals by their anthropometric characteristics as measured by fingerprint, iris, or retinal scan; facial recognition; patterns of speech; keyboard strokes; or handwriting dynamics.39 Evaluating the output of a typical biometric device is much more complex and has much higher failure rates than simple username password schemes.40 In addition, a concern with biometric methods is that individual characteristics cannot be revoked or changed if compromised, as we have a limited number of biometric characteristics. It has been shown that many biometric methods, especially fingerprint recognition, are highly susceptible to security breaches.41

The use of biometrics in medical record authentication is rare. Only 2.4% of the responders to the 2002 Medical Records Institute survey used biometrics for health record authentication.10 A major problem with the use of biometrics in consumer applications is that, as with the use of smart cards—a failed approach for health care applications in the United States37,42 —the system necessarily relies on wide distribution, support, and maintenance of hardware.

Wireless Authentication Infrastructure

Since the health care industry is unlikely to spawn and maintain a distinct, hardware-based authentication infrastructure, it makes sense for health care applications to rely on existing hardware, software, and networks. PKI implementations, to date, have failed in the United States, but the technology may be resuscitated if piggybacked on a successful existing infrastructure. At least 62% of all adults owned a mobile phone in 200143,44 and by 2003, 66% of all U.S. households owned mobile phones.21,43 As with all costly technologies, there looms the concern of a digital divide. Low-income families are more likely to have no or suboptimal cell phones.4345 However, even among families of underrepresented minorities, the penetration rate of this technology is high.20,21

In the United States, four incompatible cellular phone systems compete for market share. Of these, the Global System for Mobile Communications (GSM) and General Packet Radio Service (GPRS) offer authentication capabilities, using a built-in Subscriber Identity Module (SIM) card to store a secret key. The GSM or GPRS currently covers only 11% of U.S. cell phone subscribers but is trending upwards.46 Third-generation (3G) cellular equipment with much faster connections and the Universal SIM (USIM) card will likely gain a large share of the market in the near future.47 The 3G cell phone system was developed by a worldwide consortium and is accepted internationally. Many U.S. cell phone providers plan to upgrade from their respective technologies toward 3G.48

Form Factors of PKI-Related Devices

PKI-related information, such as keys and key certificates, may be stored on different devices, each with advantages and disadvantages. In Table 1 we compare features across various methods for distribution of PKI certificates and keys. Each form factor contains a cryptographic key and a corresponding key certificate. In the first case, key files on a computer, these files are stored directly on a hard or floppy disk. Cryptographic hardware stores and protects these files in a dedicated electronic circuit. Smartcards as well as USB tokens store the files on a standardized chip,4951 which can be interfaced with a computer. There are a variety of smartcards in use. Storage cards, including some older European health insurance cards, can be copied easily; protected storage cards like prepaid telephone cards cannot be copied. Smartcards with a cryptographic coprocessor offering PKI functionality are commonly deployed in cell phones.

View this table:
Table 1

Assessment of Several Form Factors of PKI-Related Devices

Form Factor of PKI Device
Key-file/PC*Crypto Hardware/PC§Smart Card/PCUSB Token/PCMobile Equipment with SIMMobile Equipment with USIM
SecurityLow HighHighHighModerateHigh
FunctionalityHighHighHighModerate# HighHigh
UsabilityHighLow Low Moderate# HighHigh
PortabilityModerate LowModerate Moderate** HighHigh
UbiquityHighLowModerateHighModerate†† Low§§
PKI abilityModerateModerateHighHighLow‡‡ High
  • * The cryptographic key is not stored on a device like a Smart Card, but in a simple ASCII file.

  • A key file can be copied or deleted.

  • Portable if on external storage media, needs PKI client software.

  • § A device like a computer plug in card containing a crypto processor.

  • Limited to use with a single computer from a particular vendor.

  • Card reader and driver needed.

  • # No card reader needed (USB port) but additional driver needed.

  • ** Still driver needed, additional device to handle.

  • †† Almost 2/3 of all US adults own a cell phone, GSM phones currently have a 11% market share.

  • ‡‡ Due to short key length and cracked cryptographic algorithms the SIM chip is not adequate for secure authentication.

  • §§ First 3G phones are available now in Europe and Japan, but do not have market penetration in the US yet.

In Table 2 we give an overview of four different approaches for wireless authentication. SIM cards in wireless equipment are well standardized.52 Cell phone providers use them to store items such as the name of the service provider, International Mobile Subscriber Identity (IMSI), ciphering key, and the user's preferred language and telephone numbers.

View this table:
Table 2

Assessment of Approaches for Wireless Authentication

Approach for Wireless Authentication
Mobile Equipment without SIMMobile Equipment with WIMMobile Equipment with SIMMobile Equipment with USIM
Wireless communications standardAll systemsWAP2.0 enabledGSM, GPRS, EDGE3G
Number of keys1 symmetric 1 asymmetric pair1 symmetric 2 symmetric, Many asymmetric pairs
Key lengthn/a* Variable32 bit128 bit symmetric, no length limit for asymmetric
MechanismRSA challenge via SMSWireless Transport Layer Security (WTLS)Cell phone authentication with shared keyMutual authentication, PKI
Authentication strengthModerate StrongWeak Strong
  • * Symmetric key combined with world time called “passcode.”

  • Broadly used in VPN environments.

  • Short key length and compromised, not published algorithm; no authentication of the base station.

An advantage of these plug in cards is that they do not need a dedicated interface to a computer because the card reader is built in. Although already in use for financial transactions, for example at European gas stations,53 SIM authentication is not secure. The key length is insufficient,54,55 and the encryption can be defeated.56 Next-generation 3G phones with USIM remedy these shortcomings and offer high security.57,58 USIM-equipped mobile phones hold substantial promise in terms of security, functionality, usability, portability, and cost.

The rapidly evolving wireless market, which promises ubiquity of these devices, provides an attractive option for the backbone of a health care application authentication infrastructure. A universal health care authentication mechanism relying on these technologies necessitates a staged approach to implementation, accounting for current and future capabilities. To motivate our proposal and serve as a basis for our analysis, we present a usage scenario:Helen arrives at an emergency department and wishes to authorize access to her personally controlled health record.14,59 She uses her cell phone to call the toll free number of an authentication service. A challenge message is sent to her handset. The handset decrypts the message and encrypts it again with the private key stored in the USIM. To enable the USIM to re-encrypt the message, Helen is prompted to key in a personal identification number, which she has chosen and committed to memory. Helen is then prompted to key in the hospital ID number prominently displayed over the triage desk. Responding in the affirmative, the authentication service contacts the PHR, Helen's record appears on the registration screen in the emergency department, and hospital staff is granted web access to portions of the record, set according to Helen's pre-specified preferences.


The first task in establishing a wireless authentication infrastructure—a critical one—is to establish the necessary web of trust for reliably linking each citizen with a mobile device. The existing infrastructure used by telecoms to establish mobile service contracts only partially accomplishes this objective. Mobile subscribers generally are authenticated at the time of enrollment by passport or driver's license and social security number. The information used by telecoms to link citizens to mobile devices is not currently available to the health care system, although future telecom business models may be built around providing such services.23,24

Toward the end of establishing a patient's identity and linking that patient to a piece of equipment, it seems most reasonable to leverage the existing trust relationships that underlie current health care information exchange. The root of trust in health care is and always has been the patient–physician relationship. Patients are known to their primary care and specialty practices; identification of patients is best accomplished in this setting. We are not suggesting that physicians become notaries. Rather, we observe that the existing web of trust upon which the health care system relies tends to preclude the sort of wholesale large-scale fraud that might occur in a system that closes the loop without this human–human interaction required for every new registrant. Hence, we envision patients “signing up” and entering the system in private clinic-based and hospital-based physician offices.

Cryptographic Authentication

The linkage established at a physician's office must be uploaded to a mobile authentication service, which provides a directory service including an international subscriber directory number identifying the phone subscriber and the unique serial number of the cell phone and the plugged-in USIM Chip. When the user (for example in the scenario above) is being contacted by the authentication center, her mobile equipment receives a challenge. The mobile equipment responds to the challenge, and, if successful, the mobile authentication service informs the web portal. A simple response can be made with any mobile phone. A mobile authentication service sends a Short Message Service (SMS) message to the user's phone, which, in turn, responds uniquely after the user keys in a personal identification number. Authentication here relies on the RSA algorithm (Table 2).60

This approach provides strong authentication because it relies on the fact that a user is in the possession of a mobile phone linked to the user as described above and that he knows the corresponding PIN. A more sophisticated response approach requires a smart phone running the Wireless Application Protocol (WAP) 2.0 and utilizes public key encryption to achieve higher security. The cryptographic keys are stored on the Wireless Identity Module (WIM).25,61 Other approaches rely on the SIM card on GSM and GPRS networks and USIM cards on 3G networks. The encryption capabilities provided by the SIM card are limited by its storage capacity; hence, the weak authentication protocol.55 The USIM specification57,58 provides storage capacity for many asymmetric keys without restricting key length, thus, substantially improving the strength of authentication.

Major Challenges


A secure and acceptable mobile authentication service requires advances in market penetration of 3G cell phones to perform strong authentication. The mobile authentication service has to be run and funded by a trustworthy party because it forms the backbone of trust. Although the mobile communications infrastructure enables a high level of authentication, significant additional investments are required to adapt these technologies for health care needs. Direct costs to support the functionality of the above scenario include improvements to the existing mobile messaging infrastructure beyond the initial costs of the existing authentication-enabled devices, for example, the authentication and registration services.

Furthermore, there are costs associated with issuing and maintaining certificates, and providing the necessary user support. Business models for the operation of the mobile authentication service have to be created and vetted, if “piggy-backing” on existing processes is not possible in the short term. The authentication services would likely offer the greatest return on investment if used for general consumer applications. Hence, they may be bundled with generic services by telecommunications companies or as joint ventures with commercial or governmental organizations within the health care industry.


In the course of launching PHRs and other consumer informatics applications, awareness of security risks associated with protected health care information must be raised among consumers.39,62 There will be technical hurdles to overcome as well. For example, the lag between the log in on the portal site and the availability of the application could pose another problem. Usually it takes about 3 to 5 seconds to receive an SMS. Longer time lags caused by additional procedures would likely decrease the user acceptance.

Backups and Contingency Plans

Because patients will certainly forget to bring, change, and lose their cell phones, no single authentication method will suffice. If a patient loses a cell phone or wants to use a new cell phone (10% of cell phone subscribers in the United States plan to switch their provider within the next year43), the mobile authentication service profile has to be updated very quickly. Also, there are special populations to consider. Children will need to be authenticated by parents or guardians. Patients receiving emergency care may not be able to use their phones. What is needed is a multilayered access control system, allowing the user to choose the level of authentication. For weaker methods, (username and password) additional security may be obtained by adding the additional hurdle of challenge questions (e.g., place of birth, favorite color). An option would be to provide less access for lesser levels of authentication (for example, only access to problem list, medications, and allergies). Users would also have to be given the opportunity to allow emergency access to their record should they be incapacitated. Further, should the process fail because of technical problems, such as network unavailability, fallback infrastructures will need to be in place.


Secure authentication is a critical requirement for a new generation of consumer-driven health care applications, such as PHRs. Because mobile technology may be costly, the concern of a digital divide has to be addressed. Although wireless technology penetration is high even among families of underrepresented minorities,22,45 low-income families are more likely to have no or suboptimal cell phones.43,44 The major issues that need to be addressed to enable a large-scale deployment of the proposed technology are infrastructural, particularly development of a registration process, creation of a trusted mobile authentication service, and provision of user support.

To establish a robust national health information infrastructure, going forward, the health care system must develop standardized methods of authenticating patients. It seems wise to begin leveraging systems that already have wide-scale use and consumer acceptance. There are bold challenges to meet in adapting cell phone networks for this purpose, not the least of which is creating a directory linking people to their mobile equipment. The obstacles notwithstanding, wireless authentication enables use of PKI functionality while avoiding many of the problems that plagued the traditional PKI implementations; there is no need for additional tokens, card readers and drivers, or unfamiliar security procedures. It seems safe to assume that people will be routinely carrying sophisticated wireless devices with them for some time to come. The health care industry should explore this mainstream technology as a potential solution to a decades-old problem.


  • This work was supported by Deutsche Forschungsgemeinschaft (DFG, SA1009/1-1) and by the National Institutes of Health through contract N01-LM-3-3515 from the National Library of Medicine.

  • The authors thank Bill Simons, Pete Szolovits, Matvey B. Palchuk, Teresa Zayas-Cabán, Min Wu, and Peter Pharow for their input.


View Abstract