Aragón Institute of Engineering Research, University of Zaragoza, Zaragoza, Spain.
J Biomed Inform. 2013 Feb;46(1):142-51. doi: 10.1016/j.jbi.2012.07.007. Epub 2012 Aug 9.
This paper proposes a SCP-ECG security extension after having analyzed the features of this standard, its security requirements and the current measures implemented by other medical protocols. Our approach permits SCP-ECG files to be stored safely and proper access to be granted (or denied) to users for different purposes: interpretation of the test, consultation, clinical research or teaching. The access privileges are scaled by means of role-based profiles supported by cryptographic elements (ciphering, digital certificates and digital signatures). These elements are arranged as metadata into a new section which extends the protocol and protects the remaining sections. The application built to implement this approach has been extensively tested, showing its capacity to authenticate users and to protect the integrity of files and the privacy of sensitive data, with a low impact on file size and access time. In addition, this solution is compatible with any version of the SCP-ECG and can be easily integrated into e-health platforms.
本文在分析了 SCP-ECG 标准的特点、安全要求以及其他医疗协议所采用的现有措施后,提出了一个 SCP-ECG 安全扩展。我们的方法允许安全地存储 SCP-ECG 文件,并根据不同的目的(测试解释、咨询、临床研究或教学)适当授予(或拒绝)用户访问权限。访问权限通过基于角色的配置文件进行扩展,这些配置文件由加密元素(加密、数字证书和数字签名)支持。这些元素被组织为元数据,扩展了协议并保护了其余部分。为实现这一方法而构建的应用程序已经经过了广泛的测试,证明了其能够对用户进行身份验证,保护文件的完整性和敏感数据的隐私,同时对文件大小和访问时间的影响很小。此外,该解决方案与 SCP-ECG 的任何版本都兼容,并且可以轻松集成到电子健康平台中。
