论文信息 - Interoperability among healthcare organizations acting as certification authorities

Interoperability among healthcare organizations acting as certification authorities

One of the main problems in public key infrastructures (PKI) is currently the lack of interoperability at international level, which is greatly dependent on the automation of the cross-certification procedure using certificate policies (CP). This paper addresses the aforementioned need by presenting a method for the automated development and comparison of CPs, with main emphasis on healthcare environments. The basic elements of this method include standardization of the CP content for healthcare, a prototype decision-making algorithm for CPs comparison, representation of CPs in extensible markup language, as well as a JAVA-based CP comparison tool. The final aim of the paper is to contribute toward the technical implementation of an on-line automated cross-certification service, yielding PKI interoperability and promoting information exchange between healthcare establishments.

D. Polemi | D. Koutsouris | A. Bourka

[1] Bernd Blobel. Analysis, Design and Implementation of Secure and Interoperable Distributed Health Information Systems , 2002, Studies in Health Technology and Informatics.

[2] Carlisle M. Adams,et al. Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[3] Bernd Blobel,et al. Security standards for healthcare information systems: a perspective from the EU ISIS MEDSEC project , 2002 .

[4] Donald E. Eastlake,et al. XML-Signature Syntax and Processing , 2001, RFC.

[5] Adi Shamir,et al. On Digital Signatures and Public-Key Cryptosystems. , 1977 .

[6] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[7] Evangelos Triantaphyllou,et al. Multi-criteria Decision Making Methods: A Comparative Study , 2000 .

[8] C. M. Sperberg-McQueen,et al. Extensible markup language , 1997 .

[9] Warwick Ford,et al. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[10] Nineta Polemi,et al. An Overview in Healthcare Information Systems Security , 2001, MedInfo.