Hospital Automation using RFID Technology

University of Colorado at Colorado Springs

College of Engineering & Applied Science

Gustavo Florentino

Objectives

Speed up processes in the laboratory.

Use smart cards to store patient’s information and to perform authentication.

Use RFID tags to identify sample recipients.

Reduce faults on exams regarding to data flow in the laboratory.

Create a system which is simple for hospital employees to operate.

System features Authentication on the system is done through

smart cards.

Information can be stored on patient’s card. Like: blood type, allergies, hypertension, diabetics, and so on.

The identification of chemistry tubes is performed through RFID tags (not covered).

Problems

Many smartcards → low cost.

The smart card used does not have processor to process user programs.

Then, many authentication algorithms proposed in literature cannot be used. Ex: challenge-response.

Security requirements

We have to: Avoid non-authorized people from reading the

information stored on the card.

Use the card as an authentication device.

Ensure that the data on the card has not been tampered.

Architecture

Database

Server

Physician Administrator

BiochemistAnalysis

LaboratoryLaboratoryReception

Smart card memory structure

2 Kbits cards;

32 blocks of 8 bytes.

Memory mapping

6: memory manager version.

7: user id.

Data on shadowed blocks are ciphered

Version id

User id

User data

User data

User data

User data

User data

User data

Block

Data formatting

Markup language Back-slash followed by 3 ASCII characters.

Markup language: \beg, \rnd, \crc, \usr, \bty, \dia, \hpt,

\ale, \end.

Example:

\beg\rnd37026\crcb80e\usrJoseph Jr\btyAB+\diaT\hptF\aleAcetylsalicylic acid\end

Security

Symmetric key cryptography: AES Faster than an asymmetric algorithm.

At first, only the system is capable of reading and writing on the card.

One key is used for each card.

System security doesn’t rely on manufacturer’s specific mechanisms. So we can easily change the reader and card model or manufacturer if necessary.

Authentication protocol

\beg\rnd37026\crcb80e\usrJosé Teodoro da Fonseca\tsgAB+\diaT\hptF\aleácido acetil salicílico, dipirona\end

1. The class MemoryManagerFactory checks the version id on block 6 and instantiates the proper MemoryManager.

2. Block 7 is read to get the user id.

3. The secret key is retrieved from the database and the user data area is deciphered.

4. Finally, \rnd value is compared to the one existing on the database. If they match, the user is successfully authenticated to the system.

Version id

User id

User data

User data

User data

User data

User data

User data

Data integrity

A cyclic redundancy check code is used to verify integrity of the data contained on the card.

Stronger message digests weren’t employed due to memory constraints.

While data is read from the card, it’s checked if the CRC calculated matches the one read from the card.

This procedure avoids changes of the data on the card by malicious users.

Conclusions

Due to severe memory and processing constraints, many techniques found on the literature cannot be applied to this system.

The solution was to make use of digital signature concepts.