Zhengxing Huang,Xudong Lu,Huilong Duan,Haomin Li

DOI: https://doi.org/10.1109/icbbe.2007.300

2007-01-01

Abstract:One of the key technologies in electronic medical record (EMR) is electronic signature which allows healthcare practitioners to sign off on electronic healthcare records. In order to implement electronic signature in clinical environment, two main factors should be considered: how to preserve the electronic signature data and the related contextual information in the EMR documents; how to introduce the tasks of EMR document electronic signature and validation into routing clinical workflow without disarranging well accepted working processes. This paper presents an enhanced CDA structure which extends HL7's CDA with the signature data presentation based on XML Digital Signature standard. In addition, the optimized workflow of clinical document with electronic signature has been designed. The enhanced CDA and related workflow has been used in the EMR system and implemented in the actual clinical environment. The result shows it can well solve the above problems and satisfy the applicable demands.

胡伟清,童春杰,陈德人,李子臣,寇卫东

DOI: https://doi.org/10.3785/j.issn.1008-973X.2004.11.011

2004-01-01

Abstract:A common digital watermark system does not provide watermark inserting and detecting services on Internet. In order to make wider application of digital watermark, a new scheme to make traditional watermark available as Web Services was presented. It was based upon Web Services for inserting watermark and detecting watermark and used simple object access protocol (SOAP) to exchange messages between service requester and service provider. Based on digital certificate and extensible markup language (XML) encryption and digital signature technology, a secure interaction between the requester and the provider was provided. This scheme reduces cost and protects digital products effectively on open networks.

Baolong Liu,Joan Lu,Jim Yip

DOI: https://doi.org/10.48550/arXiv.0906.3772

2009-06-20

Software Engineering

Abstract:Data integrity is the fundamental for data authentication. A major problem for XML data authentication is that signed XML data can be copied to another document but still keep signature valid. This is caused by XML data integrity protecting. Through investigation, the paper discovered that besides data content integrity, XML data integrity should also protect element location information, and context referential integrity under fine-grained security situation. The aim of this paper is to propose a model for XML data integrity considering XML data features. The paper presents an XML data integrity model named as CSR (content integrity, structure integrity, context referential integrity) based on a concatenated hash function. XML data content integrity is ensured using an iterative hash process, structure integrity is protected by hashing an absolute path string from root node, and context referential integrity is ensured by protecting context-related elements. Presented XML data integrity model can satisfy integrity requirements under situation of fine-grained security, and compatible with XML signature. Through evaluation, the integrity model presented has a higher efficiency on digest value-generation than the Merkle hash tree-based integrity model for XML data.

Yanyan Li,Mengjun Xie,Jiang Bian

DOI: https://doi.org/10.1109/EMBC.2014.6944620

2014-01-01

Abstract:Electronic consent becomes increasingly popular in the healthcare sector given the many benefits it provides. However, security concerns, e.g., how to verify the identity of a person who is remotely accessing the electronic consent system in a secure and user-friendly manner, also arise along with the popularity of electronic consent. Unfortunately, existing electronic consent systems do not pay sufficient attention to those issues. They mainly rely on conventional password based authentication to verify the identity of an electronic consent user, which is far from being sufficient given that identity theft threat is real and significant in reality. In this paper, we present a security enhanced electronic consent model called USign. USign enhances the identity protection and authentication for electronic consent systems by leveraging handwritten signatures everyone is familiar with and mobile computing technologies that are becoming ubiquitous. We developed a prototype of USign and conducted preliminary evaluation on accuracy and usability of signature verification. Our experimental results show the feasibility of the proposed model.

Diana Berbecaru,Antonio Lioy,Marius Marian

DOI: https://doi.org/10.48550/arXiv.1910.07945

2019-10-17

Cryptography and Security

Abstract:The efficiency and service quality in public administration can be improved by using electronic documents (or e-docs) and digital signature to speed up their activity and at the same time to better satisfy customer needs. This paper presents an XML-based document exchange system that integrates a platform for the management (creation, search, storage) of e-docs and a secure trustworthy environment for digitally signing e-docs. The framework provides security services, like privacy, authorization, authentication and non-repudiation. Possibly a mobile terminal equipped with a smartcard reader and integrating WYSIWYS features could be used for viewing and signing e-docs. The proposed system can be easily integrated with the infrastructure (e.g. database system) already in use at each administration site. It is described also the use of the system in a real world service.

Zongda Wu,Jian Xie,Xinze Lian,Jun Pan

DOI: https://doi.org/10.1108/el-05-2019-0127

2019-10-11

The Electronic Library

Abstract:Purpose The security of archival privacy data in the cloud has become the main obstacle to the application of cloud computing in archives management. To this end, aiming at XML archives, this paper aims to present a privacy protection approach that can ensure the security of privacy data in the untrusted cloud, without compromising the system availability. Design/methodology/approach The basic idea of the approach is as follows. First, the privacy data before being submitted to the cloud should be strictly encrypted on a trusted client to ensure the security. Then, to query the encrypted data efficiently, the approach constructs some key feature data for the encrypted data, so that each XML query defined on the privacy data can be executed correctly in the cloud. Findings Finally, both theoretical analysis and experimental evaluation demonstrate the overall performance of the approach in terms of security, efficiency and accuracy. Originality/value This paper presents a valuable study attempting to protect privacy for the management of XML archives in a cloud environment, so it has a positive significance to promote the application of cloud computing in a digital archive system.

information science & library science

LIANG Zhi-wei,LU Yu-bo,LUO Yun-jian,CHENG Zhi-de,LI Xiao-hua,LIU Bao-yan,CHENG Yi-yu

DOI: https://doi.org/10.3969/j.issn.1006-1959.2007.06.001

2007-01-01

Abstract:Objective Compared among several typical techniques which possesses potential and presentative benefits to hospital information system (HIS), to establish a systematic solution for the electronic signature (ES) and the encryption for sea-like amount of information on HIS. Methods the protocol of X.509, massage abstract (ABS), permanent pad for distributed system (PPDS) and extensible markup language (XML) was use; Digital certificate formed with XML was designed and recommended; A software packet with component and control for ES and message-encryption was researched and developed. Results The systematic solution for ES with PPDS and ABS, and its application-case solved various kinds of message security problem existing on HIS, including ES and the encryption for electronic medical record. It may be technically satisfy to the requirement being asked from law concerning to the authentication, integrity check, non-repudiation and guarantee of privacy. Conclusion Electronic signature, security storage and transmission for medical document as well as the system of certificate authority is important and practicable for hospital information administration and is going to become a new area of the research and development on HIS.

郑晓梅,张天

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.08.045

2010-01-01

Computer Science

Abstract:This paper firstly analysed the typical application of the XML multi-party communication chain business in the current Web server architecture and built up the corresponding research model.Based on the model,this paper proposed a new encryption technology named untied signature,which can solve the problems of the reduplicate signature and not strict information association using the traditional signature technology.This paper also analysed the limitations of using current XML specification to fulfill the encryption technology,and then raised the implementation scheme of XML untied signature.Finally,this paper presented the syntax definition of XML united signature.

Diana Berbecaru,Antonio Lioy,Marius Marian,Diana Marano

DOI: https://doi.org/10.48550/arXiv.1910.09027

2019-10-17

Abstract:The efficiency and service quality in a medical environment can be improved by using electronic documents (or e-docs) and digital signatures to speed up both doctors' activity and to provide in the same time easy retrieval and use of needed data without loosing convenience. Our proposed solution satisfies these needs by making use of the AIDA system and many cutting-edge techniques to build a digitalized management system. To be more specific, we present firstly the AIDA document exchange framework for the management (creation, search, storage) of e-docs expressed in XML format. The framework provides security services, like privacy, authorization, authentication and non-repudiation. We describe next the use of AIDA in a real world medical service, namely the creation of electronic medical records (e- MRs). Doctors can use mobile devices that embed a secure trustworthy environment defined also in AIDA for digitally signing the e-MRs. Technically speaking a handheld PC equipped with a smart-card reader and integrating What You See Is What You Sign (WYSIWYS) features will be used for viewing and signing the e-MRs. Furthermore the proposed system is easily integrated with the infrastructure (e.g., database system) already in use at hospital's administration site and allows easy handling and updating of data processed on the mobile devices. The use of web interface for the operations to be executed on the mobile device or for those executed on the remote part of the system makes the whole application homogeneous and easy to use.

Cryptography and Security

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Marcos Da Silveira,Stefan Benzschawel

2011-02-23

Abstract:This paper describes a national eHealth platform concept with a multi-level privacy protection in order to improve the security and privacy of medical information on their storage locations as well as during the exchanging/sharing processes. The key idea is to classify and split-up data into different servers. A Trusted Third Party server manages personal identifying data together with the related pseudonyms while the medical information server manages the related medical data assigned to pseudonyms. The well known IHE-XDS profiles are enriched by Public Key Infrastructure, symmetric and asymmetric encryption together with pseudonymization methods. IHE-XDS promote the interoperability level and the extensions increase the security level. Keywords— eHealth; Patient Privacy; Electronic Health Records; Secure Patient Data Storage

Computer Science,Medicine

Iulian Aciobăniței,Ștefan-Ciprian Arseni,Emil Bureacă,Mihai Togan

DOI: https://doi.org/10.3390/electronics13040757

IF: 2.9

2024-02-15

Electronics

Abstract:The current shift towards digital transactions emphasizes the need for robust Qualified Electronic Signature (QES) frameworks that safeguard integrity and privacy. Having the potential to become the leading type of adopted QES, the main challenge that Remote QESs present to end users is choosing between transmitting the entire document or only its digest to the Trust Service Provider (TSP). The first option compromises the document's confidentiality, while the second one requires the development of signature applications compliant with advanced signature formats, a task that often needs additional time and resources. In this paper, we introduce a comprehensive strategy for remote QESs, designed for seamless integration with current client applications, while simultaneously maintaining user privacy. The main topics approached in this paper are the following: a comprehensive architecture for privacy-aware remote QES systems, relevant standards and legislation, integration scenarios for clients, and remote QES standard protocols to assure communication between client and TSP environments. Furthermore, we also explore the integration of our proposed solution with an enhanced long-term preservation service that uses Ethereum smart contracts and methodologies to implement signature applications with advanced electronic signatures via open-source libraries while ensuring document privacy. The main result of this work is a flexible on-premise module that provides the ability to sign, validate, and preserve documents, with a minimal integration effort.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yixiang Ding,Tao Peng,Minghua Jiang

2008-01-01

International Journal of Security and Its Applications

Abstract:The Prevalent use of XML highlights an increasing need that publishing XML documents should meet precise security requirements, without revealing sensitive information to unauthorized users. We consider data-publishing applications where the publisher specifies what information is sensitive and should be protected. Hiding the sensitive information is no enough and the users can use common knowledge (e.g. "all patients in the same ward have the same disease") to infer more data, which can cause leakage of sensitive information. We formulate the process how users can infer data using three types of common XML constraints and several functional dependencies. We develop a novel paradigm for finding a max partial document without causing information leakage when we publish several related XML documents, while allowing publishing as much data as possible. The experiments on real data sets show that effect of inference on data security, and how the paradigm can prevent leaking the sensitive information.

Qiu Zhang,Yinxia Sun,Yang Lu,Guoqiang Zhang

DOI: https://doi.org/10.1016/j.jisa.2024.103892

IF: 4.96

2024-10-24

Journal of Information Security and Applications

Abstract:Cloud computing has revolutionized in the healthcare industry, particularly in the management and accessibility of Electronic health records (EHR). However, maintaining the integrity and authenticity of EHR in cloud environments remains a crucial concern. To tackle this challenge, certificateless proxy re-signature is a promising cryptographic primitive for developing a practical EHR sharing system in the cloud. User revocation is a necessary issue in such system, but revocation introduces a new challenge, namely the continued validity of signatures from revoked users. A conventional method to solve this problem is to make the unrevoked users re-sign those valid EHR by using their current signing keys, which brings a lot of burden to the users. Therefore, we should establish an efficient mechanism to ensure that only signatures of valid data from non-revoked users can pass verification. In this paper, we propose a notion called revocable certificateless proxy re-signature with signature evolution (RCLPRS-SE), which allows for dynamic management of users and the ability to update signatures efficiently in accordance with evolving data requirements. We present a concrete construction of RCLPRS-SE and provide formal security proofs in the standard model. Compared with the existing related works, our scheme has a significant advantage in terms of signature updating efficiency.

computer science, information systems

Yonghua Zhan,Bixia Yi,Yang Yang,Rui Shi,Chen Dong,Minming Huang

DOI: https://doi.org/10.1016/j.sysarc.2023.102939

IF: 5.836

2023-07-13

Journal of Systems Architecture

Abstract:Electronic health record (EHR) sharing schemes are widely used in healthcare, medical, and research. However, privacy may be a concern for patients with EHRs. In this paper, a secure EHR sharing scheme with sanitizable signature is proposed to protect patients' privacy and enhance accountability. Our proposed scheme makes the following contributions: (1) doctors can specify patients to modify some fields before the expiration time; (2) patients can convert the original signature into a new and unlinkable signature for the modified record without interacting with the doctor; (3) the scheme satisfies traceability and can distinguish the generator of a given signature. In contrast to existing approaches, we introduce a new limited sanitizable signature scheme as the main ingredient, which allows the signer not only to decide which message blocks can be modified, but also to determine the maximum number of modifiable blocks and the expiration time for sanitization. Finally, the security analysis and experimental results show that the security and efficiency of our scheme can be approved.

computer science, software engineering, hardware & architecture

REN Zhi-jian,REN Zhi-qiang,GAN Hong-hua

DOI: https://doi.org/10.3969/j.issn.1006-1959.2007.02.009

2007-01-01

Abstract:Embarks from the practical application of information system for the medical service at present, in order to improve the Clinical Pharmacist grade,release the potential of service, promote to use the medicine on the clinical with reasonable. According to the detail of the clinical pharmacists' concrete work, we propose the method using the XML technology to realize the Electronic Medication Record. This paper in detail introduces the characteristic, the excellence of the XML, the structure, the store, the operation, the integration, the processing of the information, the exchange and the security problem of the electronic medicine experience based on the XML technology

Ling Feng,Willem Jonker

DOI: https://doi.org/10.1007/978-3-540-39962-9_72

2003-01-01

Abstract:Metadata management is a key issue in intelligent Web-based environments. It plays an important role in a wide spectrum of areas, ranging from semantic explication, information handling, knowledge management, multimedia processing to personalized service delivery. As a result, security issues around metadata management needs to be addressed in order to build trust and confidence to ambient environments. The aim of this paper is to bring together the worlds of security and XML-formatted metadata management in such a way that, on the one hand the requirement on secure metadata management is satisfied, while on the other other hand the efficiency on metadata processing can still be guaranteed. To this end, we develop an effective approach to enable efficient search on encrypted XML metadata. The basic idea is to augment encrypted XML metadata with encodings which characterize the topology and content of every tree-structured XML metadata, and then filter out candidate data for decryption and query execution by examining query conditions against these encodings. We describe a generic framework consisting of three phases, namely, query preparation, query pre-processing and query execution, to implement the proposed search strategy.

Yonghua Zhan,Yang Yang,Bixia Yi,Renjie He,Rui Shi,Xianghan Zheng

DOI: https://doi.org/10.1016/j.comcom.2024.107935

IF: 5.047

2024-09-13

Computer Communications

Abstract:With the widespread use of mobile communication and smart devices in the medical field, mobile healthcare has gained significant attention due to its ability to overcome geographical limitations and provide more efficient and high-quality medical services. In mobile healthcare, various instruments and wearable device data are collected, encrypted, and uploaded to the cloud, accessible to medical professionals, researchers, and insurance companies, among others. However, ensuring the security and privacy of healthcare data in the context of mobile networks has been a highly challenging issue.Certificateless signature schemes allow patients to conceal their respective privacy information for different sharing needs. Nevertheless, existing mobile healthcare data protection solutions suffer from costly certificate management and the inability to restrict signature verifiers. This paper proposes a certificateless designated verifier sanitizable signature for mobile healthcare scenarios, aiming to enhance the security and privacy of mobile healthcare data. This scheme enables the sanitization of sensitive data without the need for certificate management and allows for the specification of signature verifiers. This ensures the confidentiality of medical data, protects patient privacy, and prevents unauthorized access to healthcare data.Through security analysis and experimental comparisons, it is demonstrated that the proposed scheme is both efficient and effectively ensures data security and user privacy. Therefore, it is well-suited for privacy protection in mobile healthcare data.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yang, Xiaodong,Wei, Lizhen,Li, Songyu,Wang, Caifen

DOI: https://doi.org/10.1007/s12083-024-01769-w

IF: 3.488

2024-07-26

Peer-to-Peer Networking and Applications

Abstract:To enhance the security of medical data, the government and healthcare institutions must collect and analyze vast amounts of information, enabling the prompt detection of irregular patterns and timely issuance of accurate warnings. This is crucial for preventing and containing potential threats to medical data security. However, securely sharing and converting these data poses a significant challenge, particularly in open wireless access networks within healthcare settings. Proxy re-signature (PRS) offers not only signature conversion capabilities but also anonymity, safeguarding data reliability and authenticity. Nonetheless, current proxy re-signature techniques overlook the potential for algorithm substitution attacks (ASA). Therefore, we introduce a novel proxy re-signature scheme, leveraging cryptographic reverse firewall (CRF) technology, tailored specifically for the medical domain. Furthermore, we conducted rigorous security analysis and simulation experiments to validate the practical effectiveness of our scheme. This approach addresses the need for secure data sharing among various entities, including medical institutions, management centers, and research facilities, ensuring the integrity and confidentiality of critical medical information.

computer science, information systems,telecommunications

Yilong Yang,Quan Zu,Peng Liu,Defang Ouyang,Xiaoshan Li

DOI: https://doi.org/10.7150/ijbs.24617

2018-06-07

Abstract:This paper takes up the problem of medical resource sharing through MicroService architecture without compromising patient privacy. To achieve this goal, we suggest refactoring the legacy EHR systems into autonomous MicroServices communicating by the unified techniques such as RESTFul web service. This lets us handle clinical data queries directly and far more efficiently for both internal and external queries. The novelty of the proposed approach lies in avoiding the data de-identification process often used as a means of preserving patient privacy. The implemented toolkit combines software engineering technologies such as Java EE, RESTful web services, JSON Web Tokens to allow exchanging medical data in an unidentifiable XML and JSON format as well as restricting users to the need-to-know principle. Our technique also inhibits retrospective processing of data such as attacks by an adversary on a medical dataset using advanced computational methods to reveal Protected Health Information (PHI). The approach is validated on an endoscopic reporting application based on openEHR and MST standards. From the usability perspective, the approach can be used to query datasets by clinical researchers, governmental or non-governmental organizations in monitoring health care and medical record services to improve quality of care and treatment.

Software Engineering