Text size
  • Small
  • Medium
  • Large
  • Standard
  • Blue text on blue
  • High contrast (Yellow text on black)
  • Blue text on beige

    Sticky-Policy enabled authenticated OOXML for Health Care

    BCS Health Informatics Scotland (HIS)

    Edinburgh, UK, 7 & 8 October 2015


    Grzegorz Spyra, William J Buchanan & Elias Ekonomou


    This paper presents a secure medical document sharing model, which addresses confidentiality and authenticity concerns related to cloud-based data protection issues. The paper extends the popular Office Open XML (OOXML) document format with eXtensible Access Control Mark-up Language (XACML) data piece, which defines a sticky-policy and is carried by the document package to enforce data owner access preferences in untrusted networks. Furthermore, it uses Identity Based Encryption (IBE) and Authenticated IBE - two ‘next generation’ public key cryptographic techniques - to guarantee shared data security. The defined model amends the original IBE construction properties and uses an XACML policy to construct a public key. Using such configuration, the authenticated encryption - with associated data applied to the model - ensures the protection of sensitive data. Shared data is thus encrypted and signed, while the public key (i.e. sticky-policy) is attached to encrypted data and remains in plain text. While the technologies used for the proposed model are not in-themselves new, our novel research contribution lays in combining these technologies in our proposed model.


    PDF filePDF Version of this Paper (934kb)