A Secure Cross-Domain Access Control Scheme for Internet of Medical Things.

As a new medical information technology, the Internet of Medical Things (IoMT) is developing rapidly and being widely applied. However, the security of massive medical data and personal privacy information involved in IoMT has become a focus of attention. It has become an urgent problem to achieve secure management and sharing of medical data in IoMT while protecting privacy. To address these issues, we propose a secure and cross-domain access control scheme. The scheme, with data security as its core, uses three-factor(password, smart card, and biometric authentication) authentication to achieve privacy protection for cross-domain access. The core of the scheme lies in the utilization of the mix algorithm to ensure bitwise dependence among the data. The mix algorithm which is based on ANOT (All-or-Nothing transform) possesses a critical feature known as the ”all-or-nothing” property. This imply that it allows for either full access to the decrypted original data or provides no useful information whatsoever. It does not require a trusted third party and eliminates the need for key management. Moreover, it even reduces the security requirements for cloud servers, which significantly lowering medical costs.