DISCUSSION - A Randomized, Prospective Comparative Study to Evaluate the Efficacy and Safety of

PCASSO uses SSLv3, which is widely accepted in healthcare as a strong mechanism for transmitting health data over the Internet (Baker & Masys, 1999).

In a resource constraint setting, some of the reviewed authentication technologies may not be appropriate to preserve patient’s privacy. Authentication technologies such as smart cards and physical USB keys are expensive in terms of cost and maintenance (Dagorn, Bernard &

Varrette, 2005; Chadwick, 1999). Additionally, smart card technologies don’t support mobility (mobility is only possible if the machine that the user accesses has a smart card reader attached, and some machines don’t support the same standard of smart card readers). Similarly, physical USB-keys present privacy issues when the USB is stolen (Kao, Luo, Lin, Huang, & Yuan, 2011).

Similarly, all the authentication-based PHR systems described above relies on an online server that maintains an access control authorities. The server only grants access to the user (s) when user’s attributes corresponds to the characteristics of the information maintained by the server.

The drawback of this approach is that it is designed primarily for online PHR systems only.

means such as computing devices for accessing the information should be available to end-users whenever the need arises (Adesina et al., 2011).

3.14.1 Public Key Cryptography

According to Akdeniz (1996), cryptography is the science and study of secret writing. It concerns the ways in which data can be encoded to prevent disclosure of their contents through eavesdropping or message interception (Diffie & Hellman, 1976). Cryptography provides technologies that store sensitive information, and transmit it across insecure Internet such that no one can read, write or modify the information except the intended recipient (Diffie &

Hellman, 1976; Akdeniz, 1996). Previous studies by Narayan et al. (2010) and, Sun, Zhu, Zhang and Fang (2011) demonstrate that the most security protocols for electronic health records are based on public key cryptography.

3.14.2 Overview of Public Key Cryptography

The concept of Public Key Cryptography was introduced by Diffie and Hellman in 1975 to solve the problem of key distribution (Diffie & Hellman, 1976). The aim was to make key distribution easier in a multi-user communication network. Public key cryptography is an asymmetric scheme that uses a pair of keys: a public key, which encrypts data, and a private key or secret key for decryption. Users obtain both keys, with the private key kept secret (to provide privacy) and public key publically known. Figure 3.9 illustrates the process of public key cryptography. A user publishes his public key while keeping the private key secret. Any person with a copy of the user’s public key can encrypt the information. The primary benefit of public key cryptography is that it allows users without pre-existing security arrangement to exchange records securely. This means that the sender and receiver share the secret keys with no secure channel dependency. Communication involves only the public key and no private key is ever transmitted (Diffie & Hellman, 1976; Goldreich, 2004).

Similarly, Public Key Cryptography provides technologies\methods that support digital signature and digital certificate (ElGamal, 1985). Digital signatures allow the recipient to verify the authenticity of the information's origin and ensure that the information is intact (ElGamal, 1985; Goldreich, 2004). This therefore means that public key digital signatures provide authentication, data integrity and non-repudiation.

The drawback of the earlier technologies of digital signature is that it is slow, and produces enormous volume of data (Ferguson & Schneier, 2003). It is therefore because of this reason that Diffie and Hellman (1976) introduced the concept of one-way hash function. A one-way hash function takes the variable length as an input. The message of any length produces a fixed-length output (n-bits). The goal is to ensure that, if the message is changed in any way, an entirely different output value will be produced and thus causing digital signature verification process to fail.

Figure 3.9: The process of Public Key Encryption 3.14.3 Digital Certificates

The greatest challenge with public key cryptosystems is to ensure that the public key to which the sender is encrypting the data is in fact the public key of the intended recipient (ElGamal, 1985; Naor & Yung, 1990). Similarly, if the sender of the information wishes to exchange the information with the people he has never met; it becomes impossible to assume that the sender has the correct key. Digital certificates were introduced to simplify these tasks by establishing whether a public key truly belongs to the purported owner. A digital certificate is a signed assertion about a public key. More specifically, a digital certificate is information embedded with a user’s public key to help other beneficiaries verify that a key is genuine or valid. They function much like a physical certificate such as the user’s driving permit, social security card

or birth certificate. Each of these certificates has some information that identifies the owner, and authorisation showing that someone else has confirmed the owner’s identity.

Digital certificates consist of three major components;

1. A public Key

2. Certificate information that identifies the owner such as ID, or name of the owner 3. One or more digital signatures

Thus, a digital certificate basically is a collection of identifiable information bound together with a public key, and signed by a trusted third party to prove the authenticity of the owner.

This means that for a group of people wishing to communicate securely, it is necessary to put more structured systems in place to provide additional key management features. These systems called Public Key Infrastructure contain the certificate storage facilities and provide certificate management facilities (such as issuing, revoking, storage and retrieval). The main feature of the Public Key Infrastructure (PKI) is the introduction of the Certification Authority (CA). A Certificate Authority is responsible for creating certificates and digitally signs them using the CA’s private key (Sax et al., 2005; Lysyanskaya, Rivest, Sahai, & Wolf, 2000).

3.14.4 PKI for Encryption

Certificates in Public Key Infrastructure systems are used to bind encryption keys to user identities via the registration process. The process is combined with digital signing technologies in order to produce a digital certificate. When this process is tightly controlled, a digital certificate can provide an assurance that intended users can access the encrypted data with the key contained in the certificate. The potential sender of the encrypted data must obtain the certificate of the recipient in order to communicate securely with the certificate holder (Szolovits & Kohane, 1994; Sax et al., 2005). Figure 3.10 describes the process of certificate-based encryption scheme.

Figure 3.10: The process of Certificate-Based Encryption

From Figure 3.10, certificates are authenticated data structures that tie a receiver’s identity to a public key. Because they are authenticated, certificates are stored on distributed untrusted directory. This splits the key management server into a public facing directory and a Certifying Authority. The Certifying Authority is the only trusted component responsible for creating certificates.

While PKI is well suited to underpin strong authentication and encryption mechanism, it is not an ideal infrastructure for healthcare service particularly in developing countries. The hurdles are over overwhelming, and are all linked to the complexity of managing user certificates and key management. The issuance, verification and revocation of digital certificates are critical tasks and can introduce management burdens, especially for hospital administrators and end-users including the patients. This was well recognised by Shamir far back in 1984, and the concept of Based Encryption (IBE) was introduced (Shamir, 1984). With Identify-Based Encryption, user identities such as email address, phone number and date of birth are used as encryption keys (Shamir, 1984). This completely obviates the need for key management and digital certificates (Shamir, 1984; Garson & Adams, 2008).

In document A Randomized, Prospective Comparative Study to Evaluate the Efficacy and Safety of Lurasidone and Risperidone in Treatment of Schizophrenia (Page 85-91)