Hi Dariusz, maybe you want to take a look at http://www.tmf-ev.de/EnglishSite/Home.aspx. As with respect to cryptographic methods, this is usually only part of the Story, moreover, you have to consider privacy right from the beginning and related approaches. I want to say - it is not only manage (all) data technically and look for privacy. At the web site, youi'll find concepts, tools and further links to related concepts and technologies.

Thank you Rolf - suggested website help me find wider aproach to my problem.

Check out Shibboleth http://en.wikipedia.org/wiki/Shibboleth_(Internet2)/ for more info see http://shibboleth.net/ it is used at CERN for authentication and application/data access.

But for a good cryptographic key look into RSA 1024-bit or look into the DES-III types.

RSA 1024 is probably a weak choice today. You may want to have a look at http://www.keylength.com (although all such estimates are of course only, well, estimates). I see no good reason to build a new system with a legacy algorithm like 3DES, either.

Anyway, as Rolf pointed out, the choice of algorithm and keysize is only a tiny part of the problem.

Right, if you are able/allowed to choose your encryption mechanisms by yourself, I agree completely with Francois. If you think about implementing your system in an existing environment, you'll have to look for the "party line" especially if hospitals stick behind/are wound by their IT vendors... :-)

Yes, RSA and 3DES are rather old, but can be combined with other algorithms. I agree Francois, new symmetric key algorithms like NJJSAA are better. I would still look into FIPS 197 dated 2001 for more info ( http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf ), as they state that there are three FIPS-approved symmetric key algorithms: AES, Triple-DES, and Skipjack. But indeed, there are more robust algorithms out with longer key lengths. But are we talking national security or safeguarding medical/client info?

See the draft FIPS-140-3 at http://csrc.nist.gov/groups/ST/FIPS140_3/documents/FIPS_140-3%20Final_Draft_2007.pdf

Thanks a lot, Jonathan - we are talking safeguarding medical/client info only, not national security :-)

There is a lot of medical signals for each patient: from medical imaging throug EEG, evoked potentials, response to stimuli to descriptive features, and drug admission. All they may be transformed into digital format. They may be gathered, processed and analysed using e.g. Hospital Information System (HIS) with subsystems (LIS, RIS, DIS, etc.). It may require application of various standards/recommendations: DICOM, HL7, IISO IDEE/MEDIX, ANSI ASC X12N, CEN TC 251, CEN TC 224 WG 12. Access to aforementioned health record may have not only medical specialists, but administration too (for statistical, organizational or financial purposes). All it need transmission and storing of these data. Thus cryptography is necessary. Even small subsystem as developed by my group now reguires patient's data safety precautions. Thus my question above. I use cryptographic technologies (including own simple soluitions, written e.g. in C and Java) and, separately, medical IT technologies, but newer simultaneously before.

Look at the suite-b suite of algorithms

AES 256 up

ECC

SHA 256 up

Other countries use different names for the suite and some use their own government mandated algorithm but these are universally accepted

As Security aspects there are more than one factors presents

1) Authentication

2) Data security

3) Data integrity

4) Data Reliability

And many more..

If you go with each and every thing you will get a different solution for each factor

As

1) For authentication :

A ) Key Cryptography : RSA , etc.

B ) Password : Hash / MAC

2) For data security :

A) Encryption and decryption : AES , DES , BLow fish or any new & hybrid algorithm

As like and then you will be found out your required series of cryptographic algorithms what you need

If you required more than this I m more than happy to help you in peer 2 peer manner ([email protected])

I think RSA with SHA-1 algorithm cryptographic method is suitable for security,

If interested in state-of-the-art encryption, with which data can be encrypted not in a one-to-one scheme, but one-to-many, I recommend the following resources:

"Securable Personal Health Records using Ciphertext Policy Attribute-Based Encryptioin," http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=06379472

"Privacy-Preserving Personal Health Record System Using Attribute-Based Encryption," http://www.wpi.edu/Pubs/ETD/Available/etd-070311-134150/unrestricted/Yao_Zheng_Thesis.pdf

"Achieving Secure Personal Health Records Using Multiple-Authority Attribute Based Encryption," http://www.ijreat.org/Papers%202013/Volume1/IJREATV1I1009.pdf

MP

Iam Dr. Salah from Taif University you can use Block Cipher

In this method data is encrypted and decrypted if from of blocks. In its simplest mode, you divide the plain text into blocks which are then fed into the cipher system to produce blocks of cipher text.

There are many variances of block cipher, where different techniques are used to strengthen the security of the system. The most common methods are: ECB (Electronic Codebook Mode), CBC (Chain Block Chaining Mode), and OFB (Output Feedback Mode). ECB is the basic form of clock cipher where data blocks are encrypted directly to generate its correspondent ciphered blocks (shown in Fig. 4). CBC mode uses the cipher block from the previous step of encryption in the current one, which forms a chain-like encryption process.

Cryptographic tools or methods do NOT distinguish between the various forms of data being protected. The tools are not dependent on the domain of usage. What is most important is the environment in which the data is generated, stored or transmitted, and threat perception involved. These will affect/get affected by the procedures practices and protocols involved in the end-user community. In general, more than one tool/strategy should be used, to reduce/eliminate the vulnerabilities. And even this is to be chosen after a careful analysis and audit of your environment.

Privacy and integrity of medical data is what is need to be protected. Symmetric Encryption using AES would indeed be suitable to enhance privacy. However, you would also need to use a secure hash, e.g., SHA for ensuring its integrity. Since all such algorithms use a private key, you will also need to deal with how problem of securely exchanging such private encryption keys and public key cryptography based key exchange algorithms are quite effective.