Clear Sky Science
Evidence-based, jargon-light explanations

Clear Sky Science · en

BBAS: A blockchain-based authentication system for e-health with multi-factor authentication, access control, and post-quantum security

· Back to index

Why protecting digital health records matters

More of our medical lives now live online, from scan results to prescriptions and even data from wearable devices. That convenience comes with risk: health records are among the most valuable targets for cyber‑criminals, and tomorrow’s quantum computers could break many of today’s security tools. This paper introduces BBAS, a new system that aims to keep digital health information both easy to use and very hard to steal, even in a future where quantum attacks are possible.

Figure 1
Figure 1.

Keeping health logins strong and simple

At the heart of BBAS is the way it checks who you are. Instead of relying on a simple username and password, the system combines three kinds of evidence: something you know (a password), something you have (a one‑time code generated on your phone or token), and something you are (a biometric reading such as a fingerprint or facial pattern). When a patient or clinician tries to log in through a web or mobile app, all three factors are checked together. The password is converted into a one‑way digital fingerprint so the original text is never stored. The one‑time code is valid only for a short window, and the biometric is compared mathematically to a stored template so that small differences—like a slightly shifted finger—are tolerated without opening the door to impostors.

Using shared ledgers instead of central gatekeepers

BBAS then turns to blockchain technology to avoid a single, all‑powerful server that could be hacked or abused from within. Once the multi‑factor check passes, the system wraps the result into a digital credential and sends it to a private blockchain network run by authorised healthcare parties. Smart contracts—small programs on the blockchain—automatically verify the credential and record the outcome as a permanent, tamper‑evident log entry. Every authentication attempt, successful or not, leaves a cryptographic trace that cannot be quietly altered later, which is important for both forensic investigations and legal audits.

Making room for privacy and flexible access

Health data is large and sensitive, so BBAS carefully separates where information is stored from how access is decided. Instead of placing full medical records on the blockchain, the system stores those records in a distributed file network and keeps only compact digital fingerprints of each file on the chain. If someone later retrieves a record, the system re‑computes its fingerprint and checks that it matches what the blockchain expects, revealing any tampering. At the same time, BBAS uses a two‑layer access model. One layer looks at a user’s role—doctor, nurse, administrator or patient—while the other considers context such as department, time of day, location and device type. Only when both the role and the situation are appropriate is access granted, giving hospitals fine‑grained control that mirrors real‑world policies.

Figure 2
Figure 2.

Preparing today for tomorrow’s quantum threats

A distinctive feature of BBAS is that it is built with the coming era of quantum computing in mind. Many current digital signature schemes, which vouch that a message really came from a given person, could be broken by powerful quantum machines. BBAS instead uses a newer family of signatures, recently standardised, that are designed to resist known quantum attacks. These signatures protect the credentials travelling between users, servers and the blockchain, and they also seal each access‑control decision so that no one can later deny what happened or silently rewrite history.

What the tests say about speed and safety

The researchers implemented BBAS using Ethereum smart contracts on a permissioned network and simulated 500 rounds of logins. In these tests, the system authenticated users successfully in more than 98% of attempts, processed around nineteen thousand requests per second, and responded in just fractions of a second—fast enough for busy hospitals. It required less computing "fuel" on the blockchain than comparable designs, confirmed blocks in about ten seconds, and kept on‑chain storage tiny by pushing bulky data off‑chain. The biometric component showed very low rates of both wrongly accepted impostors and wrongly rejected legitimate users, suggesting that the design improves security without burdening staff or patients.

What this means for future digital care

Put in everyday terms, BBAS is a blueprint for logging in to e‑health systems that is harder to cheat, easier to audit and ready for the next wave of computing power. By combining three‑step identity checks, shared ledgers, flexible access rules and quantum‑resistant signatures, it shows how hospitals and clinics could share vital information quickly without sacrificing privacy or long‑term safety. While the current results come from controlled simulations rather than live hospital deployments, the work points toward authentication systems that can keep up with both expanding digital care and the rising sophistication of cyber‑attacks.

Citation: Latif, R., Yakubu, B.M., Jamail, N.S.M. et al. BBAS: A blockchain-based authentication system for e-health with multi-factor authentication, access control, and post-quantum security. Sci Rep 16, 9163 (2026). https://doi.org/10.1038/s41598-026-39415-5

Keywords: e-health security, blockchain authentication, multi-factor login, post-quantum cryptography, biometric verification