Koncept privatnosti podataka u elektronskom zdravstvenom sistemu zasnovan na blokčejn tehnologiji

DOI: https://doi.org/10.5937/vojtehg71-45589
Ključne reči: informaciona bezbednost, zdravstveni informacioni sistem, medicinski podaci, primarna i sekundarna upotreba, asimetrična kriptografija, digitalni potpis, blokčejn organizacija, struktura bloka

Sažetak


Uvod/cilj: Napredak u informaciono-komunikacionim tehnologijama omogućio je stvaranje simbiotičkog okruženja ljudi i mašina u kojem ljudi interakcijom sa mašinama poboljšavaju kvalitet svakodnevnog života. U tom kontekstu, problemi informacione bezbednosti i posebno privatnosti podataka izbijaju u prvi plan. U mnogim zemljama postoji zakonska regulativa kojom se taj problem reguliše u smislu obezbeđenja ciljeva koji se moraju realizovati pri manipulaciji privatnim podacima, a sama tehnologija je izbor kreatora informacionih sistema. Blokčejm tehnologija je jedna od metoda izbora za obezbeđenje integriteta podataka i neporecivosti transakcija, dok digitalni sertifikati u sprezi s njom omogućavaju ostvarivanje privatnosti podataka pacijenata. 

Metode: Primenom kriptografskih metoda asimetrične kriptografije realizuje se blokčejn tehnologija i pouzdani metodi identifikacije u sajber prostoru, što omogućava očuvanje privatnosti podataka na visokom nivou. 

Rezultati: Ovaj rad opisuje koncept zaštite privatnosti podataka pacijenata u zdravstvenom sistemu. Zasnovan je na digitalnim sertifikatima kao metodu identifikacije u sajber prostoru i blokčejn tehnologiji kao metodu za očuvanje integriteta transakcija i informacionog sistema zdravstvenog osiguranja. Predloženi koncept omogućava separaciju privatnih i medicinskih podataka tako što je, uz prihvaćeni princip vlasništva pacijenta nad medicinskim podacima, moguće ostvariti primarnu i sekundarnu upotrebu medicinskih podataka bez ugrožavanja privatnosti podataka pacijenta. 

Zaključak: Koncept identifikacije entiteta u zdravstvenom informacionom sistemu i organizacija/čuvanje podataka, u skladu sa principima blokčejn tehnologije, koji su predloženi u ovom radu, omogućavaju ostvarivanje visokog nivoa privatnosti podataka u skladu sa internacionalnim dokumentom European Union General Data Protection Regulation. Pored toga, predloženi koncept omogućava detekciju neregistrovanih uređaja ili entiteta u sistemu i na taj način očuvanje integriteta sistema i povećanje njegove sveukupne informacione bezbednosti.

Reference

Balamurugan, B., Poongodi, T., Manu, M.R., Karthikeyan, S. & Sharma, Y. 2023. Convergence of Blockchain, AI and IoT: A Digital Platform, 1st Edition. New York, NY: Chapman & Hall/CRC. ISBN 9780367495305.

Bhushan, B., Rakesh, N., Farhaoui, Y., Nand, P. & Unhelkar, B. 2022. Blockchain Technology in Healthcare Applications: Social, Economic, and Technological Implications, 1st Edition. Boca Raton: CRC Press. Available at: https://doi.org/10.1201/9781003224075.

Bhushan, B., Sharma, S.K., Saračević, M. & Boulmakoul, A. 2023. Blockchain Technology Solutions for the Security of IoT-Based Healthcare Systems: A volume in Cognitive Data Science in Sustainable Computing. Academic Press. Available at: https://doi.org/10.1016/C2021-0-01904-0.

Boonkrong, S. 2021. Authentication and Access Control: Practical Cryptography Methods and Tools. Apress Berkeley, CA. Available at: https://doi.org/10.1007/978-1-4842-6570-3.

Buchmann, J.A., Karatsiolis, E. & Wiesmaier, A. 2013. Introduction to Public Key Infrastructures. Heidelberg: Springer Berlin. Available at: https://doi.org/10.1007/978-3-642-40657-7.

Chen, L., Moody, D., Regenscheid, A. & Robinson, A. 2023. Digital Signature Standard (DSS). Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology. Available at: https://doi.org/10.6028/NIST.FIPS.186-5.

Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R. & Polk, W. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Standards Track. Tech. rep. [online]. Available at: https://www.rfc-editor.org/rfc/rfc5280.html [Accessed: 15 July 2023].

Diffie, W. & Hellman, M. 1976. New directions in cryptography. IEEE Transactions on Information Theory, 22(6), pp. 644–654. Available at: https://doi.org/10.1109/TIT.1976.1055638.

Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O. & Toval, A. 2013. Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), pp. 541–562. Available at: https://doi.org/10.1016/j.jbi.2012.12.003.

Forsby, F., Furuhed, M., Papadimitratos, P. & Raza, S. 2018. Lightweight X.509 Digital Certificates for the Internet of Things. In: Fortino, G. et al (Eds.) Proceedings of Interoperability, Safety and Security in IoT, Third International Conference, InterIoT 2017, and Fourth International Conference, SaSeIot. Valencia, Spain, vol. 242. pp.123-133, November 6-7. Cham: Springer. Available at: https://doi.org/10.1007/978-3-319-93797-7_14.

Galbraith, S.D. 2012. Mathematics of Public Key Cryptography, 1st Edition. Cambridge University Press. Available at: https://doi.org/10.1017/CBO9781139012843.

Garbis, J. & Chapman, J.W. 2021. Zero Trust Security: An Enterprise Guide. Apress Berkeley, CA. Available at: https://doi.org/10.1007/978-1-4842-6702-8.

Hines, B. 2020. Digital finance: Security tokens and unlocking the real potential of blockchain. Hoboken, New Jersey: Wiley. ISBN 978-1119756309.

Jayabalan, M. & O’Daniel, T. 2016. Access control and privilege management in electronic health record: a systematic literature review. Journal of Medical Systems, 40, art.number:261. Available at: https://doi.org/10.1007/s10916-016-0589-z.

Knuth, D.E. 1998. The art of computer programming, volume 3: (2nd ed.) sorting and searching. Redwood City, CA: Addison-Wesley Pub. Co. ISBN 978-0-201-89685-5.

Kudrati, A. & Pillai, B. 2022. Zero Trust Journey Across the Digital Estate, 1st Edition. Boca Raton: CRC Press. Available at: https://doi.org/10.1201/9781003225096.

Kumar, V., Jain, V., Sharma, B., Chatterjee, J.M. & Shrestha, R. 2022. Smart City Infrastructure: The Blockchain Perspective, 1st Edition. Hoboken, NJ: Willey. ISBN 978-1119785385.

Lee, D. & Deng, R.H. 2018. Handbook of Blockchain, Digital Finance, and Inclusion, Volume 1: Cryptocurrency, FinTech, InsurTech, and Regulation. San Diego, CA: Academic Press. Available at: https://doi.org/10.1016/C2015-0-04334-9.

Liang, Y.C. 2019. Blockchain for Dynamic Spectrum Management. In: Dynamic Spectrum Management. pp.121-146. Singapore: Springer. Available at: https://doi.org/10.1007/978-981-15-0776-2_5.

Mamdouh, M., Awad, A.I., Khalaf, A.A.M. & Hamed, H. 2021. Authentication and Identity Management of IoHT Devices: Achievements, Challenges, and Future Directions. Computers & Security, 111, art.number:102491. Available at: https://doi.org/10.1016/j.cose.2021.102491.

Menezes, A.J., van Oorschot, P.C. & Vanstone, S.A. 1997. Handbook of Applied Cryptography. Boca Raton: CRC Press. Available at: https://doi.org/10.1201/9780429466335.

Murphy, S. 2015. Healthcare Information Security and Privacy, 1st Edition. New York, NY: McGraw-Hill. ISBN 978-071831796.

Nakamoto, S. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. SSRN, 21 August, pp. 1-9. Available at: https://doi.org/10.2139/ssrn.3440802.

Omar, A.A., Bhuiyan, M.Z.A., Basu, A., Kiyomoto, S. & Rahman, M.S. 2019. Privacy-friendly platform for healthcare data in cloud based on blockchain environment. Future Generation Computer Systems, 95, pp. 511–521. Available at: https://doi.org/10.1016/j.future.2018.12.044.

Rais, R., Morillo, C., Gilman, E. & Barth, D. 2024. Zero Trust Networks, 2nd Edition. O’Reilly Media. ISBN 9781492096597.

Salman, T., Zolanvari, M., Erbad, A., Jain, R. & Samaka, M. 2019. Security Services Using Blockchains: A State of the Art Survey. IEEE Communications Surveys and Tutorials, 21(1), pp. 858–880. Available at: https://doi.org/10.1109/COMST.2018.2863956.

Shoniregun, C.A., Dube, K. & Mtenzi, F. 2010. Electronic Healthcare Information Security. New York, NY: Springer. Available at: https://doi.org/10.1007/978-0-387-84919-5.

Singh, A.K. & Zhou, H. 2022. Medical Information Processing and Security: Techniques and applications. Institution of Engineering and Technology. Available at: https://doi.org/10.1049/PBHE044E.

Smith, S.S. 2020. Blockchain, Artificial Intelligence and Financial Services: Implications and Applications for Finance and Accounting Professionals. Cham: Springer. Available at: https://doi.org/10.1007/978-3-030-29761-9.

Stamp, M. 2011. Information Security: Principles and Practice. Hoboken, NJ: Wiley. Available at: https://doi.org/10.1002/9781118027974.

Stawicki, S.P. 2023. Blockchain in Healthcare: From Disruption to Integration. Cham: Springer. Available at: https://doi.org/10.1007/978-3-031-14591-9.

Summers, A. 2022. Understanding Blockchain and Cryptocurrencies: A Primer for Implementing and Developing Blockchain Projects, 1st Edition. Boca Raton: CRC Press. Available at: https://doi.org/10.1201/9781003187165.

Todorov, D. 2007. Mechanics of User Identification and Authentication: Fundamentals of Identity Management, 1st Edition. New York, NY: Auerbach Publications. Available at: https://doi.org/10.1201/9781420052206.

Vacca, J.R. 2004. Public Key Infrastructure: Building Trusted Applications and Web Services, 1st Edition. New York, NY: Auerbach Publications. Available at: https://doi.org/10.1201/9780203498156.

Wang, Y., Zhang, A., Zhang, P. & Wang, H. 2019. Cloud-Assisted EHR Sharing With Security and Privacy Preservation via Consortium Blockchain. IEEE Access, 7, pp. 136704–136719. Available at: https://doi.org/10.1109/access.2019.2943153.

Zheng, Z. 2022. Modern Cryptography Volume 1: A Classical Introduction to Informational and Mathematical Principle. Singapore: Springer. Available at: https://doi.org/10.1007/978-981-19-0920-7.

Zheng, Z., Tian, K. & Liu, F. 2023. Modern Cryptography Volume 2: A Classical Introduction to Informational and Mathematical Principle. Singapore: Springer. Available at: https://doi.org/10.1007/978-981-19-7644-5.

Objavljeno
2023/12/04
Broj časopisa
Vol. 71 Br. 4 (2023): oktobar-decembar
Rubrika
Originalni naučni radovi

Sva prava zadržana (c) 2023 Dejan B. Cizelj, Tomislav B. Unkašević, Zoran Đ. Banjac

Creative Commons License

Ovaj rad je pod Creative Commons Autorstvo 4.0 međunarodnom licencom.

Vojnotehnički glasnik omogućava otvoreni pristup i, u skladu sa preporukom CEON-a, primenjuje Creative Commons odredbe o autorskim pravima:

Autori koji objavljuju u Vojnotehničkom glasniku pristaju na sledeće uslove:

  1. Autori zadržavaju autorska prava i pružaju časopisu pravo prvog objavljivanja rada i licenciraju ga Creative Commons licencom koja omogućava drugima da dele rad uz uslov navođenja autorstva i izvornog objavljivanja u ovom časopisu.
  2. Autori mogu izraditi zasebne, ugovorne aranžmane za neekskluzivnu distribuciju rada objavljenog u časopisu (npr. postavljanje u institucionalni repozitorijum ili objavljivanje u knjizi), uz navođenje da je rad izvorno objavljen u ovom časopisu.
  3. Autorima je dozvoljeno i podstiču se da postave objavljeni rad onlajn (npr. u institucionalnom repozitorijumu ili na svojim internet stranicama) pre i tokom postupka prijave priloga, s obzirom da takav postupak može voditi produktivnoj razmeni ideja i ranijoj i većoj citiranosti objavljenog rada (up. Efekat otvorenog pristupa).