SPM-HealSer: Hierarchical Identity-Based Encryption for Scalable and Privacy-Preserving Mobile Health Services

Mobile health (mHealth) services offer transformative potential for healthcare delivery in underserved communities, yet face critical challenges in ensuring privacy and access control under resource constraints and intermittent connectivity. This paper presents SPM-HealSer, a system architecture leveraging Hierarchical Identity-Based Encryption (HIBE) to enable scalable, privacy-preserving mobile health services. Our design integrates the Boneh-Boyen HIBE construction with an offline-first synchronization mechanism, enabling continued operation during network unavailability while enforcing hierarchical access control aligned with health-care organizational structures. We provide a comprehensive threat model addressing network adversaries, malicious users, device compromise, and backend attacks, demonstrating that the system achieves confidentiality, hierarchical access control, and key isolation under standard cryptographic assumptions. Empirical evaluation shows practical performance on resource-constrained devices: encryption completes in 205.7ms, decryption in 167.7ms for typical health records, with constant-time key generation (367–460ms) across five hierarchy levels validating the scheme’s scala-bility. The architecture satisfies HIPAA and GDPR requirements through end-to-end encryption, audit capabilities, and consent-based access control. SPM-HealSer demonstrates that HIBE-based access control is practically deployable for mHealth in challenging environments, providing a foundation for secure health data management in underserved communities.