Full Text

J Med Syst (2012) 36:16891696 DOI 10.1007/s10916-010-9629-2

ORIGINAL PAPER

Utilize Common Criteria Methodology for Secure Ubiquitous Healthcare Environment

Yao-Chang Yu & Ting-Wei Hou

Received: 1 September 2010 /Accepted: 9 November 2010 /Published online: 18 November 2010 # Springer Science+Business Media, LLC 2010

Abstract RFID technology is widely used in healthcare environments to ensure patient safety. Therefore, the testing of RFID tags, such as performance tests and security evaluations, is necessary to ensure inter-operational functional compatibility with standards. A survey of the literature shows that while standards that are around RFID performance tests have been addressed, but the same is not true for security evaluations. Therefore, in this paper, we introduce the Common Criteria security evaluation methodology, also known as ISO/IEC 15408, for the security evaluation of RFID tags and propose a framework as a minimal requirement for RFID tags to improve security assurance.

Keyword RFID . Common criteria . ISO/IEC 15408 .

Security evaluation . Security assurance

Introduction

RFID (Radio Frequency Identification) [1, 2] is a general term for technology which uses radio waves to transmit identification related data from a responder (a tag) to an integrator (a reader). RFID systems consist of three main components: tags, readers, and host systems. Generally,

RFID can be sorted into two categories, active and passive. An active RFID tag is powered by a battery whereas a passive RFID tag is powered by radio waves. Consequently, the computing capability of an active RFID tag is greater than that of a passive RFID tag, but the former is more expensive and large than the latter.

In recent years, passive RFID has become a rapidly adopted technology in healthcare environments for various purposes, such as Shim et al. proposed to use RFID for automatic management of specimen [3], Rogers et al. applied RFID to surgical sponges to reduced or eliminate instances of gossypiboma [4], Vecchia and Esposito proposed to use RFID technology in Nuclear Medicine Department (NMD) to identify and locate patients [5], and Lai et al. adopted RFID technology to guard inpatient safety [6]. From these proposed papers, it is clear to know that EPCglobal Class-1 RFID is a commonly used device in healthcare environments, due to the advantages of low cost, small size, and portability. However, this new technology...