The use of Trusted Third Parties for secure telemedical traffic over the Web

Amsterdam 23 April 1998 The Internet is an open network. If you want to establish a telemedical information society (TIS) by using the World Wide Web as the common and global communication protocol, you have to integrate the necessary security components and measures to avoid unauthorised access and malicious manipulation of the local or remote medical data. In order to safeguard the patient's privacy, the EUROMED-ETS initiative, supported by the European Commission within the INFOSEC programme, has tackled the multiple security issues through the special installation of Trusted Third Parties services (TTPs) over a secure Web. At the ITIS'98 Conference, Dr. Despina Polemi of the National Technical University of Athens (NTUA) described the different EUROMED-ETS activities, which are complementary to the Euromed project, in a physical, human and theoretical context.

Advertisement

The Internet is an open network. If you want to establish a telemedical information society (TIS) by using the World Wide Web as the common and global communication protocol, you have to integrate the necessary security components and measures to avoid unauthorised access and malicious manipulation of the local or remote medical data. In order to safeguard the patient's privacy, the EUROMED-ETS initiative, supported by the European Commission within the INFOSEC programme, has tackled the multiple security issues through the special installation of Trusted Third Parties services (TTPs) over a secure Web. At the ITIS'98 Conference, Dr. Despina Polemi of the National Technical University of Athens (NTUA) described the different EUROMED-ETS activities, which are complementary to the Euromed project, in a physical, human and theoretical context.

The three components of a Web based security are integrity, confidentiality, and authenticity. The Euromed project has identified three underlying infrastructure levels for the TIS, which consist of the Hierarchical Communications Network (HCN), the Hierarchical Computing Facilities Infrastructure (HCFI), and the Hierarchical Medical Facilities Infrastructure (HMFI). EUROMED-PC, the personal computer software platform, designed by the complementary security project, has concentrated on both the HCN and the HMFI hierarchies to provide a solution for safe communication among users of telemedical networks. Technical considerations involved the application of biometric smart cards, firewall and Web technologies, internet session and mail security, as well as electronic commerce protocols.

For the introduction of Trusted Third Parties, services which have no interest whatsoever in the actual content of the telemedical messages sent over the Web, but only take care of their secure travel, EUROMED-PC has included the five following tools:

  • a Secure Socket Layer (SSL) aware Web browser used to access information
  • a Directory System Agent (DSA) software allowing the generation, maintenance and operation of a DSA
  • a Certificate Management Server software tool with SSL capabilities to implement TTP functions
  • a Medical Database Software offering the import and management of medical images
  • a HTTP server and interface software supporting SSL for real time directory look up
Once these tools were developed, the TTPs based application, operating on Local Area Networks (LANs) directly connected to the Internet, was tested during the pilot phase at four different locations in Europe, namely Athens and Samos in Greece, Magdeburg in Germany, and Calabria in Italy.

Experience has shown that Trusted Third Parties services should be established at national levels for optimised results. There also exists a need for various payment and business protocol initiatives. The legal and regulatory issues are dealt with by a wide range of official authorities, such as the European Committee for Banking Standards, the Convention on Human Rights, the Council of Europe (Convention 108), the Recommendation R, and the EU Directive 95/46/EC (Article 17). The EUROMED-ETS concluded in December 1997 with a positive outcome proving that TTPs can provide the necessary security and interoperability in telemedical Web applications. In the future, the health care providers and consumers possibly will dispose of multipurpose smart cards enabling secure and private access to the medical data required by them.

The final results of the EUROMED-ETS project will be made available before the end of this year. You can already consult some detailed information at the Euromed Web site. In the November 1997 issue of the Virtual Medical Worlds Magazine, you can find a general introduction to EUROMED-ETS in the article "EUROMED proposes cure for health care security".


Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]