Cross-Platform System of Medical Documents Protection Through Digital Signatures

CROSS-PLATFORM SYSTEM OF MEDICAL DOCUMENTS PROTECTION THROUGH DIGITAL SIGNATURES

Fernando Guilherme Ferreira Sousa Project/Dissertation developed under supervising of José Magalhães Cruz (PhD) in Glintt - Healthcare Solutions, S.A.

1. Motivation documents, which are then sent to the server and, consequently, validated and stored in the database. Due to the extreme information sensibility in the Subsequent to this process, each time a document is health area, it is really necessary to be absolutely sure opened to be viewed, for example, a check is made of about who performs certain medical transactions. It a possible change to the same document, in order to must have permission and authority to do so, i.e. be ensure that recurrently its integrity. Through really the right person to do this transaction. In areas cryptography-based security methods of public keys, involving health treatments, marking of exams or it is verified if someone tampered the document or even surgeries and new prescriptions, there must be made it invalid in some way. an extremely effective control to verify effectively that all transactions must be properly carried out, Each platform that the doctor use should read his without any type of deception or illegality. digital certificate, which is contained in a Smart Card and is installed on the machine, once inserted in a One of the biggest motivations is that the patient, in suitable card reader. Then, the digital signature is the future, might be aware that there is a control in performed with the certificate’s associated private the preparation of their medical documents. All key, which certificates the medical document. documents that are prepared on your health are guaranteed, prepared by doctors who signed the document, as with digital signatures, such is possible 3.1. System Architecture to be verified. The objective of the platform was to serve all clients 2. Main Goals Web, so that it can be used by many different operating systems and platforms. The main idea was Based on all this necessary control, comes the to have a WebSite that contains subscription services greatest goal of all, i.e., develop a system to control and validation of documents, that might be sent by a and validate all medical transactions. Since it is a client. To be easily accessible by the most various software system, it will be necessary to verify, in devices the first idea, that emerged, was to create a terms of computer security, the digital signature of platform that allows service to digital signatures on the doctor who makes the transaction. the server. It was performed a study on the use of cryptographic keys on this system, so that the fact This dissertation aims, mainly, to emphasize the need that it is cross platform does not violate any basic to ensure that all transactions in the area of health are principle of computer security and integrity. considered healthy, having been drawn up a Therefore, before the entire system architecture distributed system in which all those involved in the definition, it had to be adjusted to all key security area, with the respective data and digital certificates, principles. have the opportunity to sign a document to ensure, a posteriori, his authorship. 3.2. Study of Private Key 3. Work Description So, to be a Web service where you can sign documents, it must have knowledge of the private key to sign the The Multiplatform System is a Web application that document to encrypt the hash of the document. The provides server-side Web Services, such as the fact that the WebSite (server-side) have knowledge of possibility of someone send a signed document to the the customer's private key is a bad principle. The system the validate and store in database. The system private key must be sent together with the certificate also provides client-side, as the digital signature to the server to be able to perform to the signature, functionality, because they involve the use of doctor's which means that the private key to circulate on the private cryptographic key, and this cannot be used on net. This submission could be sent through a SSL/TLS the server side, as this would require that the key was channel so that the data had been encrypted and safe sent away for the Internet, which would be from capture by subject or entities without access to considered a basic security flaw. such information. Still, it's violated the principle that the private key is only known to the entity that owns The project consists, mainly, on the signature and should only be used locally. If this is sent away, (performed by doctors) of various types of this principle of security is broken. And even if the channel is safe, sending secret data several times is a consists in turning a large amount of data in a small bad practice of security. The alternative in this case is amount of data. Is a method that compresses the data to develop a native application for each operating in such a way that the output generated is unique. It is system, trying to use the most comprehensive also supposed that this information generated is programming technologies, to generalize as much as irreversible, i.e. from it not to be able to find out the possible and have a globalized system architecture. original information. Then, the writer of the For desktop systems it was developed a Java applet to document encrypts the message digest with his perform the digital signatures. private key. This cipher is sent together with the document to the reader. For the reader to ensure that that document is accurate, must also calculate a digest of the document and then decrypt with the 3.3. Mobile Platforms public key of the writer, the digest is sent along with the document. After that compares the digests and if For applications for mobile operating systems, the they are equal is a sign that the document has not user accesses it the same through a Web browser, changed and can be used with confidence. Even however when effects operations of digital signature, though subscriptions to be performed client-side, it is a native application is launched, making the signing intended that these are carried out as quickly as and returning the signed document without any possible, so that the doctor doesn't waste time with interaction with the user. The user interacts with the this procedure and can concentrate on what is really Web application. If the Smart Card has a middleware important to him. The signatures were implemented developed for these operating systems, so the for XML, PDF and Office documents. approach to these systems is this, however for those who have not, we had to consider another approach. 4. Conclusions It is necessary to enter a code which relates to a desktop machine that has a card reader. The doctor As we saw in chapter of architecture, at first the idea inserts this code of the machine and insert the card in was to provide a Web service for digital signature, the same machine. Thus, the signature is performed from which any client with a browser acedia and in the same on the client side, however on a foreign sending a file, receive it, then signed. However, this machine. would imply that the Web application had knowledge of the private key of the doctor you want to sign the 3.4. Smart Card document. The private key must always be with their respective entity and should only be used locally, and should not be sent to the Web. Then, it was necessary The Smart Card selected to support the dissertation to create a digital signature component to the client was the portuguese citizen card. This card has two side, so that the private key of the doctor was only used public-private key pairs, a suitable only for locally and was never sent to the WWW. Developed a authentication and another pair only to be used in Java applet for fixed operating systems and native digital signatures. applications for mobile operating systems. All part of digital signature is based on the same source code, Due to the non-availability of a middleware for based on the Java language. The entire source code of mobile operating systems like Android and iOS, we digital signatures off centered and used equally by all. decided to use the above approach for mobile And more important, combined with all this security, platforms, so that these systems no longer can all interaction with the interface of the system were perform digital signatures, thus ensuring the only with Web application. multiplatform concept.

3.5. Digital Signature

A digital signature allows you to check a possible undue tampering of a document and also associate the document to its author. Thus, the reader of the document knows for sure who was the writer and this can not deny in any way that he wrote such a document. In addition, even the player, you can change the original document without this being detected. Public key algorithms, as we saw in chapter of bibliographical revision, are computationally heavy, and in the case of the document be long there will be some delay during the process. One of the techniques is to create a digest of messages using public key techniques too, but adds this nuance of the digest. This technique consists in calculating a summary / digest of the message, by calculating a hash. There are various techniques of hashing which