Using the internet to access confidential patient records: a case studyBMJ 2000; 321 doi: https://doi.org/10.1136/bmj.321.7261.612 (Published 09 September 2000) Cite this as: BMJ 2000;321:612
Appendix: The security infrastructure
Conventional cryptography, also called symmetric encryption, uses a single encryption key that is known to both the communicating parties. Asymmetric encryption, however, relies on two keys that work together as a pair—an encryption key and a decryption key. If a user generates a pair of keys and makes the decryption key public but keeps the encryption key private, then only the user can encrypt a message but anyone with the public key may decrypt it and know that the message must have come from the user, as he or she is the only holder of the private key. The recipient can thereby be assured of the sender’s real identity. Digitally signing a message is the process of encrypting the hashed summary of the message with the private key of the signatory. The hashed summary is the equivalent of an electronic fingerprint of the message as it is unique to that message. The hashed summary of a message is encrypted, rather than the message itself, for two reasons: firstly, the message is still readable by anyone even if he or she is not capable of validating the signature, and, secondly, asymmetric encryption is very slow to compute, so a long message would take an inordinate amount of time to encrypt, whereas hashed summaries are typically very short (128 bits).
Careful management of public keys is essential. If a hacker successfully substitutes his or her public key for that of a genuine user the hacker could masquerade as that user, since the recipients of the hacker’s messages would be able to decrypt the message and believe that the message came from the user. In this way, the hacker could gain access to a hospital information system, since the system would think that the genuine user had encrypted the message. Public keys are therefore managed by an entity know as a certification authority. This is a trusted third party that authenticates users and digitally signs their public keys to validate (certify) them. These digital certificates are the validated combination of: a user’s public key, the authenticated name of the user, the validity time of the certificate (period of its validity), and the name of the certification authority that is attaching its digital signature to the certificate. The Entrust system allows the management and use of public key certificates to be centrally controlled by the trusted third party. Such rigorous authentication procedures ensure that hackers cannot masquerade as a legitimate user.
- This Week In The BMJ Published: 09 September 2000; BMJ 321 doi:10.1136/bmj.321.7261.0/g
- Letter Published: 24 March 2001; BMJ 322 doi:10.1136/bmj.322.7288.731
- How routine NHS diabetes care can catch up after covid-19BMJ August 31, 2021, 374 n1927; DOI: https://doi.org/10.1136/bmj.n1927
- Diabetes: BMI cut-offs designed to trigger action are too high for some ethnic populations, say researchersBMJ May 12, 2021, 373 n1217; DOI: https://doi.org/10.1136/bmj.n1217
- Drug company Servier is found guilty of manslaughter and aggravated deceit over Mediator diabetes drugBMJ March 31, 2021, 372 n873; DOI: https://doi.org/10.1136/bmj.n873
- Rammya Mathew: Where are we letting our patients down?BMJ October 20, 2020, 371 m3980; DOI: https://doi.org/10.1136/bmj.m3980
- Partha Kar: NICE needs better support to do its jobBMJ September 15, 2020, 370 m3549; DOI: https://doi.org/10.1136/bmj.m3549
- Using internet to access confidential patient records