Internet of Medical Things (IoMT) deals with a patient-data-rich segment, which makes security and privacy a severe concern for patients. Therefore, access control is a significant aspect of ensuring trust in the IoMT. However, deploying existing authentication and authorization solutions to the Internet of Medical Things (IoMT) is not straightforward because of highly dynamic and possibly unprotected environments and untrusted supply chain for the IoT devices. In this article, we propose Soter, a Zero-Trust based authentication system for the IoMT. Soter Incorporates trust negotiation mechanisms within the Zero Trust framework to enable dynamic trust establishment. When a user or device seeks access to a resource, initiate a trust negotiation process. During this process, credentials, attributes, and contextual information are exchanged between the requester and the resource owner. Soter defines access rules based on various factors, including user identity, device health, and location. Access is granted or denied based on these conditions.

翻译：医疗物联网（IoMT）涉及患者数据密集型领域，这使得安全性和隐私成为患者严重关切的问题。因此，访问控制是确保IoMT信任的重要方面。然而，由于高度动态且可能未受保护的环境以及物联网设备供应链的不可信性，将现有认证与授权解决方案直接应用于医疗物联网（IoMT）并非易事。本文提出了一种基于零信任的IoMT认证系统Soter。Soter在零信任框架内融入信任协商机制，以实现动态信任建立。当用户或设备请求访问资源时，会启动信任协商过程。在此过程中，请求方与资源所有者之间会交换凭证、属性及上下文信息。Soter根据用户身份、设备健康状态和位置等多种因素定义访问规则，并根据这些条件授予或拒绝访问权限。