Smart and connected point-of-care (POC) medical devices are becoming ever more ubiquitous and have the potential to radically improve disease diagnosis and health monitoring. This emerging connectivity can potentially create serious security issues where patient privacy can be easily compromised. Protection of patient data from malicious cyber-physical attackers requires radical solutions at the BioMEMS level. Ideally, the information exchange between the patient and practitioner is an automated and transparent process for the patient. In practice, this exchange requires both the patient and the test results to be authenticated and validated respectively on the storage service to ensure that the medical diagnostic results are properly stored and their access is protected. This secure authentication phase is particularly critical for medical diagnostics: patient data exposure could lead to negative social effects. This work focuses on providing a transparent authentication mechanism for patient blood tests performed using impedance flow cytometry. The goal is twofold: first, to alleviate the user from security procedures, precisely an authentication step, while using the medical device; second, to provide a unique identifier for the test results when stored in a remote server. This paper describes a domain specific authentication method for impedance flow cytometry devices. We spike into the blood samples synthetic micro-beads of different sizes, at determined concentrations, to generate a unique authentication string that uniquely identify a test result on the remote storage service. These authentication strings are embedded in the test devices and can be used as a convenient alternative to generic authentication methods, such as logins and passwords. This alternative method removes the authentication burden from the user and protects patient's privacy further by preventing them from linking their personal information to their test results.
Keywords: Authentication; BioMEMS; Cytocoded passwords; Microfluidic Device; Passwords; Point-of-Care.