基于XML的电子病历安全体系的研究与设计
|
摘要
病历是病人病情、诊断与处理方法的记录,是医护人员进行医疗活动的信息传播媒介和执行依据。随着医疗信息化的深入,病历逐渐地从纸张过渡到电子病历(EMR)。电子病历是医疗信息化的核心技术,它既是病人医疗信息的集合,又是信息共享的载体,所以研究电子病历的安全就十分重要,本课题对医疗信息事业有较大的理论和现实意义。本论文较为系统的分析了电子病历系统存在的安全隐患,并根据先行的规范和所掌握的技术提出了一种电子病历安全体系。在此基础上,对电子病历文档的规范定义、XML安全技术、XML密钥管理技术都进行了较为系统的试验研究。
电子病历的安全性包括病历文档的完整性、机密性和不可否认性等方面。电子病历安全的实现需要法律、管理与技术三方面的帮助。加密、数字签名等技术为电子病历的安全提供了技术保障。本文依托“军字一号”(第三军医大学新桥医院的电子病历系统)系统,探讨了XML安全技术在电子病历系统中的应用与实现。
电子病历文档在系统中采用XML文件的形式进行存储和传输。XML文件的结构化与可扩展性非常适合描述含有复杂内容的病历文档。本系统根据XML电子病历文档的特点,使用XML Schema模式库来规范病历文档的结构和内容,使病历在不同医院的无缝链接成为可能。此外,本系统使用W3C的XML加密与数字签名规范为医师提供信息加密与数字签名的组件。本论文设计了一种电子病历安全系统,给出了其中的关键模块,分析了加密和数字签名使用的时机,并重点讨论了数字签名器和加密器的设计和工作流程。同时,本文根据“军字一号”电子病历系统的应用现状,提出了一种全新的电子病历多重签名方案,具有一定的可行性。
XML密钥管理规范XKMS可以提供新一代的密钥管理服务,通过结合传统PKI可以实现低成本、易部署的PKI应用。本系统使用XKMS服务来管理加密和数字签名组件所需要使用的密钥。本文为“军字一号”系统构建了一个基于Web Service的XKMS服务框架;根据应用的特点给出了XKMS的信任服务,包括密钥注册、密钥撤消、密钥定位等方法;使用XKMS来部署医院的PKI认证中心。
综上所述,本论文利用基于XKMS的加密和数字签名技术为电子病历的安全给出了一种可行的解决方案。
Medical record includes information that the patient provides concerning his or her symptoms and medical history, the results of examinations, reports of x rays and laboratory tests, diagnoses, and treatment plans. It is the media and executing gist of healthcare activities, it is also the information source of medical research and education. With the development of Hospital Information System, a transition from paper-based patients records to electronic medical records has taken place.EMR is the core technique of Medical Information, it is not only a collection of patient medical information,but also a vector of information sharing,therefore the security of EMR becomes very important, this issue causes a great theoretical and practical significance on the project of Medical Information.This paper analysis the potential safety problems of the electronic medical records system. According to norms and technology presents this paper design a security system for EMR, and on this basis making a more systematic study on the standard definition of EMR file, XML security technology, XML Key Management technology.
Confidentiality, integrity and non-repudiation are three basic requirements for the security of EMR. The security of EMR is based on laws、management and technology. Encryption and electronic signature technology are based on asymmetric cryptography method, they provide solutions for the security of EMR. This paper relies on“Junweiyihao”system(The EMR system used in Xinqiao hospital of Third Military Medical University),and discusses XML security technology in the application and implementation of an EMR system.
EMR system used for storage and transmission in the form of XML documents.The structure and expanded of XML document is very appropriate description of the contents of the medical documents containing complex. According to the characteristics of XML_based EMR, this system use XML schema models for Developing the structure and content of medical documents, and make sure the medical documents can be linked smoothly between different hospitals. Furthermore, this system provides encryption and signature components which used encryption and signature standards followed by W3C. This paper tells how to develop EMR security system, and then analysis some key modules. Focused on the design and workflow of encryption and signature, this paper analyses the timing for encryption and signature. Furthermore, relies on“Junweiyihao”system, this paper give us a new and feasible solution which use Muti-signature on EMR.
XML Key Management Specification XKMS can provide new key management services, combined with traditional PKI it can implement PKI application which cost less and develop easily. This system uses XKMS services to manage the keys which are used by encryption and signature components. This system constructs a web-based service framework using XKMS services, and gives the XKMS trust services following by the applications, including key register, key revoke, key locate and some other methods. It uses XKMS PKI Authentication Center for deployment.
In short, this paper develops a workable solution for the security of EMR by using encryption and signature technology based on XKMS services.
电子病历的安全性包括病历文档的完整性、机密性和不可否认性等方面。电子病历安全的实现需要法律、管理与技术三方面的帮助。加密、数字签名等技术为电子病历的安全提供了技术保障。本文依托“军字一号”(第三军医大学新桥医院的电子病历系统)系统,探讨了XML安全技术在电子病历系统中的应用与实现。
电子病历文档在系统中采用XML文件的形式进行存储和传输。XML文件的结构化与可扩展性非常适合描述含有复杂内容的病历文档。本系统根据XML电子病历文档的特点,使用XML Schema模式库来规范病历文档的结构和内容,使病历在不同医院的无缝链接成为可能。此外,本系统使用W3C的XML加密与数字签名规范为医师提供信息加密与数字签名的组件。本论文设计了一种电子病历安全系统,给出了其中的关键模块,分析了加密和数字签名使用的时机,并重点讨论了数字签名器和加密器的设计和工作流程。同时,本文根据“军字一号”电子病历系统的应用现状,提出了一种全新的电子病历多重签名方案,具有一定的可行性。
XML密钥管理规范XKMS可以提供新一代的密钥管理服务,通过结合传统PKI可以实现低成本、易部署的PKI应用。本系统使用XKMS服务来管理加密和数字签名组件所需要使用的密钥。本文为“军字一号”系统构建了一个基于Web Service的XKMS服务框架;根据应用的特点给出了XKMS的信任服务,包括密钥注册、密钥撤消、密钥定位等方法;使用XKMS来部署医院的PKI认证中心。
综上所述,本论文利用基于XKMS的加密和数字签名技术为电子病历的安全给出了一种可行的解决方案。
Medical record includes information that the patient provides concerning his or her symptoms and medical history, the results of examinations, reports of x rays and laboratory tests, diagnoses, and treatment plans. It is the media and executing gist of healthcare activities, it is also the information source of medical research and education. With the development of Hospital Information System, a transition from paper-based patients records to electronic medical records has taken place.EMR is the core technique of Medical Information, it is not only a collection of patient medical information,but also a vector of information sharing,therefore the security of EMR becomes very important, this issue causes a great theoretical and practical significance on the project of Medical Information.This paper analysis the potential safety problems of the electronic medical records system. According to norms and technology presents this paper design a security system for EMR, and on this basis making a more systematic study on the standard definition of EMR file, XML security technology, XML Key Management technology.
Confidentiality, integrity and non-repudiation are three basic requirements for the security of EMR. The security of EMR is based on laws、management and technology. Encryption and electronic signature technology are based on asymmetric cryptography method, they provide solutions for the security of EMR. This paper relies on“Junweiyihao”system(The EMR system used in Xinqiao hospital of Third Military Medical University),and discusses XML security technology in the application and implementation of an EMR system.
EMR system used for storage and transmission in the form of XML documents.The structure and expanded of XML document is very appropriate description of the contents of the medical documents containing complex. According to the characteristics of XML_based EMR, this system use XML schema models for Developing the structure and content of medical documents, and make sure the medical documents can be linked smoothly between different hospitals. Furthermore, this system provides encryption and signature components which used encryption and signature standards followed by W3C. This paper tells how to develop EMR security system, and then analysis some key modules. Focused on the design and workflow of encryption and signature, this paper analyses the timing for encryption and signature. Furthermore, relies on“Junweiyihao”system, this paper give us a new and feasible solution which use Muti-signature on EMR.
XML Key Management Specification XKMS can provide new key management services, combined with traditional PKI it can implement PKI application which cost less and develop easily. This system uses XKMS services to manage the keys which are used by encryption and signature components. This system constructs a web-based service framework using XKMS services, and gives the XKMS trust services following by the applications, including key register, key revoke, key locate and some other methods. It uses XKMS PKI Authentication Center for deployment.
In short, this paper develops a workable solution for the security of EMR by using encryption and signature technology based on XKMS services.
引文
[1] 张继先. 电子病历特征及其设计方法探讨.中国医院管理,2003(5): 44-45
[2] 夏位. 基于HL7 CDA的电子病历信息交换研究.合肥.合肥工业大学,2006: 1-2
[3] 刘玉亭. 电子病历——医院信息化建设的核心. 江苏卫生事业管理,2007.1.3-4
[4] 罗坡.医院信息系统之综述篇.中国计算机报,2004(9)
[5] 国内外医院信息系统发展概况.http://www.jyfy.com.cn/yssllysypc_yyxx.htm,2005
[6] 王延青. 电子病历与医院信息化管理.中国卫生统计,2006(6): 5-6
[7] 徐国利,孙绪芳,楼林等.“军卫工程”电子病历使用中常见的问题及解决方法,医学信息.2001(12)
[8] 吴孟雄. 关于电子病历系统的研究[学位论文].广东.广东工业大学,2005
[9] 王延青. 电子病历与医院信息化管理.中国卫生统计,2006(2): 5-6
[10] 金宪珊. 电子病历的安全控制.医疗设备信息,2006(2): 16-18
[11] 易应萍.制约电子病历发展的几个主要问题.中国医院,2004(2)
[12] 赵建国. 如何使电子病历成为有效的法律证据,2004(6)
[13] 郑重. 数字签名在电子病历系统中的应用研究和实现[学位论文].北京.解放军总医院,2005
[14] 张翔. 电子商务环境下信息系统安全研究.计算机安全,2006(12)
[15] 原仓周,柳重堪,张其善. 一种电子病历系统的安全化方案.计算机工程,2004(9)
[16] W3C. XML http://www.xml.org.cn/index.html
[17] XML Information http://www.w3china.org/translation/infoset_20040204_cn.htm
[18] W3C. XML Schema http://www.w3.org/XML/Schema
[19] 万常选. DTD与Schema在电子商务应用中的比较研究.计算机应用研究,2002(9)
[20] W3C. XML Signature Syntax and Processing. http: //www.w3.org/TR/XMLDSIG,2003
[21] Blake Dournaee.XML安全基础, 清华大学出版社, 2003
[22] W3C. XML Encryption [R]. http://www.w3.org/Encryption/2001/
[23] 严维良,于津. XML 在电子病历中的应用.汕头大学学报,2003(3): 35-39
[24] K.Y.Fung XSLT精要, 清华大学出版社, 200210
[25] 李岚.基于BASE64编码的电子支付系统安全性分析.微计算机信息,2006(7)
[26] 肖德琴,祁明,彭丽芳.电子商务安全保密技术与应用[M].华南理工大学出版社,2003.9.
[27] Shivaram H.Mysore.XML Key Management Specification (XKMS 2.0)[S], 2005.6. http://www.w3.org/TR/2005/REC-xkms2-20050628/
[28] ITAKURAK,NAKAMURAK A public-key cryptosys-tem suitable for digital multisignatures. NEC Researchand Development,1993(7): 1-8
[29] WUTC, HUANGCC, GUANDJ. Delegated multi-signature schema with document decomposition .The Journal of Systems and Software, 2001(55): 321-328.
[30] W3C. XML Key Management [R].http://www.w3.org/2001/XKMS/
[31] 李文奇.XML密钥管理系统研究及实现[学位论文].上海.上海交通大学,2004: 40-80
[32] Verisign,Trust Services Integration Kit, http://www.xmltrustcenter.org/developer/verisign/tsilc/index.htm,2004.04
[33] XML-based security protocol wins key approval from OASIS. John Fontana. NetworkWorld, 2002
[34] Carot.Joan,Securing WebServices using XKMS,http://www.cswl.com/whiteppr/tech/ xkms. html, 2003(3)
[35] Canonical XML Version 1.0 W3C Recommendation.2001.5.http://www.w3.org/TR/2001 /REC-xml-c14n-20010315
[36] Microsoft.net framework[R].http: //msdn.microsoft/netframework/security,2002
[37] BoyerJ.Canonical XML Version 1.0[S].RFC 3076,March 2001.
[38] 马永恒,熊前兴,杨金娥. W3C XML Schema模式的设计方法研究. 计算机应用研究,2006(05): 12-14
[39] 张勇,冯玉才. XML数字签名技术及其在java中的具体实现.计算机应用,2003(9): 14-19
[40] 李浩,孙统风,孟现飞,等.基于面向对象思想构建XML Schema.微机发展,2003,13(6): 59-64.
[41] Mark Bartel,John Boyer,Barb Fox 等.XML-Signature Syntax and Processing.2002.2 http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[42] Takeshi Imamura, Blair Dillaway, Ed Simon等.XML Encryption Syntax and Processing . 2002.12. http://www.w3.org/TR12002/REC-xmlenc-core-20021210/
[43] Extensible Access Control Markup Language(XACML)Version 1.0 OASIS Standard[.2002.02 http://www.oasis-open.org/xacml/
[44] Matthew MacDonald Handbook.Wrox Press Erik Johansso.C# Data Security Handbook, 2003:27-31
[45] T.Berners-Lee,R.Fielding,L.Masinter.RFC2396.Uniform Resource Identifiers(URI): Generic Syntax.1998.8 http://www.ietf.org/rfc/rfc2396.txt
[46] Gwan-HwanHwang},Tao-Ku Chang.Document Security Language (DSL)and an Efficient Automatic Securing Tool for XML Documents[J]. http://bashful.ice.ntnu.edu.tw/ ghhwanglpapers/IC2001_cameraready_fina1.4.22.doc
[47] Outsourcing security.Dan Blacharski.Network Magazine, 2002(2)
[48] An Introduction to XML Digital. Ed Simon,Paul Madsen and Carlisle Adam.Signature. http://www.xml.com/publal2001/08/08/Xmldsig.html
[49] W3C.org.Web Services Description Language (WSDL)1.1. http://www.w3.orgITR/2001/NOTE-wsdI-20010315,2001,03
[50] Public-KeyInfrastructure(X.509)(PKIX),.http://www.ietf.org/.html.charters/pkixchar-ter.html,2003(9)
[51] Kashif Manzoor,Introductionto.NET,dotnet.asp 2003. http://www.codeproject.com/dotnet/
[52] Dither Martin等著.李品,严春莹,马琳等译.XML高级编程,机械工业出版社,2001.1
[2] 夏位. 基于HL7 CDA的电子病历信息交换研究.合肥.合肥工业大学,2006: 1-2
[3] 刘玉亭. 电子病历——医院信息化建设的核心. 江苏卫生事业管理,2007.1.3-4
[4] 罗坡.医院信息系统之综述篇.中国计算机报,2004(9)
[5] 国内外医院信息系统发展概况.http://www.jyfy.com.cn/yssllysypc_yyxx.htm,2005
[6] 王延青. 电子病历与医院信息化管理.中国卫生统计,2006(6): 5-6
[7] 徐国利,孙绪芳,楼林等.“军卫工程”电子病历使用中常见的问题及解决方法,医学信息.2001(12)
[8] 吴孟雄. 关于电子病历系统的研究[学位论文].广东.广东工业大学,2005
[9] 王延青. 电子病历与医院信息化管理.中国卫生统计,2006(2): 5-6
[10] 金宪珊. 电子病历的安全控制.医疗设备信息,2006(2): 16-18
[11] 易应萍.制约电子病历发展的几个主要问题.中国医院,2004(2)
[12] 赵建国. 如何使电子病历成为有效的法律证据,2004(6)
[13] 郑重. 数字签名在电子病历系统中的应用研究和实现[学位论文].北京.解放军总医院,2005
[14] 张翔. 电子商务环境下信息系统安全研究.计算机安全,2006(12)
[15] 原仓周,柳重堪,张其善. 一种电子病历系统的安全化方案.计算机工程,2004(9)
[16] W3C. XML http://www.xml.org.cn/index.html
[17] XML Information http://www.w3china.org/translation/infoset_20040204_cn.htm
[18] W3C. XML Schema http://www.w3.org/XML/Schema
[19] 万常选. DTD与Schema在电子商务应用中的比较研究.计算机应用研究,2002(9)
[20] W3C. XML Signature Syntax and Processing. http: //www.w3.org/TR/XMLDSIG,2003
[21] Blake Dournaee.XML安全基础, 清华大学出版社, 2003
[22] W3C. XML Encryption [R]. http://www.w3.org/Encryption/2001/
[23] 严维良,于津. XML 在电子病历中的应用.汕头大学学报,2003(3): 35-39
[24] K.Y.Fung XSLT精要, 清华大学出版社, 200210
[25] 李岚.基于BASE64编码的电子支付系统安全性分析.微计算机信息,2006(7)
[26] 肖德琴,祁明,彭丽芳.电子商务安全保密技术与应用[M].华南理工大学出版社,2003.9.
[27] Shivaram H.Mysore.XML Key Management Specification (XKMS 2.0)[S], 2005.6. http://www.w3.org/TR/2005/REC-xkms2-20050628/
[28] ITAKURAK,NAKAMURAK A public-key cryptosys-tem suitable for digital multisignatures. NEC Researchand Development,1993(7): 1-8
[29] WUTC, HUANGCC, GUANDJ. Delegated multi-signature schema with document decomposition .The Journal of Systems and Software, 2001(55): 321-328.
[30] W3C. XML Key Management [R].http://www.w3.org/2001/XKMS/
[31] 李文奇.XML密钥管理系统研究及实现[学位论文].上海.上海交通大学,2004: 40-80
[32] Verisign,Trust Services Integration Kit, http://www.xmltrustcenter.org/developer/verisign/tsilc/index.htm,2004.04
[33] XML-based security protocol wins key approval from OASIS. John Fontana. NetworkWorld, 2002
[34] Carot.Joan,Securing WebServices using XKMS,http://www.cswl.com/whiteppr/tech/ xkms. html, 2003(3)
[35] Canonical XML Version 1.0 W3C Recommendation.2001.5.http://www.w3.org/TR/2001 /REC-xml-c14n-20010315
[36] Microsoft.net framework[R].http: //msdn.microsoft/netframework/security,2002
[37] BoyerJ.Canonical XML Version 1.0[S].RFC 3076,March 2001.
[38] 马永恒,熊前兴,杨金娥. W3C XML Schema模式的设计方法研究. 计算机应用研究,2006(05): 12-14
[39] 张勇,冯玉才. XML数字签名技术及其在java中的具体实现.计算机应用,2003(9): 14-19
[40] 李浩,孙统风,孟现飞,等.基于面向对象思想构建XML Schema.微机发展,2003,13(6): 59-64.
[41] Mark Bartel,John Boyer,Barb Fox 等.XML-Signature Syntax and Processing.2002.2 http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[42] Takeshi Imamura, Blair Dillaway, Ed Simon等.XML Encryption Syntax and Processing . 2002.12. http://www.w3.org/TR12002/REC-xmlenc-core-20021210/
[43] Extensible Access Control Markup Language(XACML)Version 1.0 OASIS Standard[.2002.02 http://www.oasis-open.org/xacml/
[44] Matthew MacDonald Handbook.Wrox Press Erik Johansso.C# Data Security Handbook, 2003:27-31
[45] T.Berners-Lee,R.Fielding,L.Masinter.RFC2396.Uniform Resource Identifiers(URI): Generic Syntax.1998.8 http://www.ietf.org/rfc/rfc2396.txt
[46] Gwan-HwanHwang},Tao-Ku Chang.Document Security Language (DSL)and an Efficient Automatic Securing Tool for XML Documents[J]. http://bashful.ice.ntnu.edu.tw/ ghhwanglpapers/IC2001_cameraready_fina1.4.22.doc
[47] Outsourcing security.Dan Blacharski.Network Magazine, 2002(2)
[48] An Introduction to XML Digital. Ed Simon,Paul Madsen and Carlisle Adam.Signature. http://www.xml.com/publal2001/08/08/Xmldsig.html
[49] W3C.org.Web Services Description Language (WSDL)1.1. http://www.w3.orgITR/2001/NOTE-wsdI-20010315,2001,03
[50] Public-KeyInfrastructure(X.509)(PKIX),.http://www.ietf.org/.html.charters/pkixchar-ter.html,2003(9)
[51] Kashif Manzoor,Introductionto.NET,dotnet.asp 2003. http://www.codeproject.com/dotnet/
[52] Dither Martin等著.李品,严春莹,马琳等译.XML高级编程,机械工业出版社,2001.1
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |