|
A Secure ECC-based Electronic Medical Record System
Abstract In recent years, portable devices and wireless communication have been popularly used by people in their everyday lives. In fact, with these facilities, due to their usage convenience and mobility, the instantaneity of inpatient care can be significantly improved. Also, many hospitals utilize cloud systems to store electronic medical records (EMRs). One of the purposes is allowing authorized personnel to access these records anytime and anywhere. Meanwhile, owning to personal privacy, the security of transmitting and accessing these records is one of the critical issues in maintaining and delivering them. In a cryptosystem, when we increase the length of an encryption key, the security level of the protected system will be higher. But the computation time is also lengthened and data transmission performance is then worsened. Compared with a popular cryptosystem, the RSA, under the same security level, Elliptic Curve Cryptography (ECC) requires shorter length of a key than RSA does. That means it is more suitable being used by portable devices to encrypt delivered data. Therefore, in this paper, we propose a secure EMR service system, named the ECC-based Secure EMR System (ESEMR for short) which employs a cloud database, an ECC integration unit, a smart card, and portable devices to provide users with a secure environment for EMR transmission. The ECC integration unit which integrates a 256-bit ECC chip, wireless transceiver, smart card interface, and USB interface for fast computing and reducing the communication load of a portable device can also securely protect the EMRs when they are delivered between the cloud system and the portable device so as to enhance their transmission security and the patient care quality. Keywords: elliptic curve cryptography, electronic medical record, communication security, cloud database +: Corresponding author: Kun-Lin Tsai Department of Electrical Engineering, Tunghai University,
Journal of Internet Services and Information Security (JISIS), 4(1): 47-57, February 2014 [pdf] |