EP4079018A1 - Verfahren und system zur verwaltung des datenaustausches im rahmen einer medizinischen untersuchung - Google Patents

Verfahren und system zur verwaltung des datenaustausches im rahmen einer medizinischen untersuchung

Info

Publication number
EP4079018A1
EP4079018A1 EP20829945.3A EP20829945A EP4079018A1 EP 4079018 A1 EP4079018 A1 EP 4079018A1 EP 20829945 A EP20829945 A EP 20829945A EP 4079018 A1 EP4079018 A1 EP 4079018A1
Authority
EP
European Patent Office
Prior art keywords
terminal
probe
platform
certificate
verification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP20829945.3A
Other languages
English (en)
French (fr)
Inventor
Claude Cohen-Bacrie
Adrien BESSON
Frederic WINTZENRIETH
Luc Bertrand
Eric GUIFFARD
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
E Scopics
Original Assignee
E Scopics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by E Scopics filed Critical E Scopics
Publication of EP4079018A1 publication Critical patent/EP4079018A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices

Definitions

  • the present invention relates to the general technical field of service security.
  • the present invention relates to a method allowing:
  • a terminal capable of communicating with the probe by means of wired or wireless communication means, said terminal comprising a memory containing a terminal digital certificate including a terminal public key,
  • This session key is used to symmetrically encrypt session data transmitted between the probe, the terminal and the platform after the authentication procedure has been completed.
  • the session data exchanged can consist of:
  • control data ie control instructions
  • o control data ie control instructions
  • the first phase includes the following stages:
  • the first phase further comprises the following steps:
  • the step of exchanging verification information comprises the sub-steps consisting in: o the extraction, by the probe, of the terminal public key contained in the terminal digital certificate, o the generation, by the probe , a verification information, o the asymmetric encryption, by the probe, of the verification information with the terminal public key, o the sending, by the probe, of a response message including the verification encrypted with the terminal public key, o reception, by the terminal, of the response message and decryption of the verification information using a terminal private key stored in the terminal's memory, o sending, by the terminal, a confirmation message containing the decrypted verification information, o the reception, by the probe, of the confirmation message, o the comparison, by the probe, of the decrypted verification information contained in the confirmation with v information erification contained in the response message sent by the probe, to define whether said verification information is identical or different, and if the verification information is identical, emission of
  • the second phase comprises the following stages:
  • the second phase also includes the following steps:
  • the terminal sends an alarm message
  • the step of exchanging verification information comprises the sub-steps consisting of: o the extraction, by the terminal, of the probe public key contained in the probe digital certificate, o the generation, by the terminal , of verification information, o asymmetric encryption, by the terminal, of the verification information using the probe public key, o sending, by the terminal, of a justification message including the information verification encrypted with the probe's public key, o reception, by the probe, of the justification message and decryption of the verification information using a private probe key stored in the probe's memory, o sending , by the probe, of a proof message containing the decrypted verification information, o the reception, by the terminal, of the proof message, o the comparison, by the terminal, of the verification information contained in the message proof with verification information contained in the justification message sent by the terminal, to define whether said verification information is identical or different, and o if the verification information is identical, transmission of a validation message representative of a successful authentication, o if the verification information is different, emission of an
  • the terminal sends the platform an examination request message including a probe identifier, a terminal identifier, and the terminal public key
  • the platform sends the terminal a pairing authorization message including a platform certificate including a platform public key and a terminal certificate including the terminal public key.
  • said probe comprising a memory containing a digital probe certificate including a public probe key
  • terminal capable of communicating with the probe by means of wired or wireless communication means, said terminal comprising a memory containing a terminal digital certificate including a terminal public key,
  • a remote platform capable of communicating with the terminal via a computer network such as the Internet, said platform being configured to: o deliver the digital probe certificate to the probe, o deliver the digital terminal certificate to the terminal , remarkable in that the probe, the terminal and the platform comprise means adapted for the implementation of an authentication procedure, prior to the implementation of the examination procedure, the authentication procedure comprising the following phases:
  • FIG. 1 is a schematic representation of a system for the exchange of data (i.e. order data, control data and / or data of a medical nature) during a patient examination procedure,
  • data i.e. order data, control data and / or data of a medical nature
  • FIG. 2 is a schematic representation of a first phase of dialogue between a probe and a terminal, said first phase being implemented during an authentication procedure
  • Symmetric cryptography is suitable for a dialogue within a single transmitter / receiver pair with mutual trust because the transmitter and the receiver secretly share the same key.
  • Asymmetric cryptography is best suited for establishing a dialogue with many potential stakeholders.
  • any sending system can encrypt data using the public key and transmit it to the receiving entity: only the receiving entity can. decrypt the data using the private key. This ensures the confidentiality of the transmitted document.
  • the private key is held by the issuing entity, it is the only one that can encrypt the data. Any receiving entity can decrypt the data using the public key: this with the assurance that the sending entity that transmitted the data is the one that has the private key.
  • a disadvantage of using the asymmetric encryption technique comes from the transmission of the public key. If it is not secure, a malicious third party entity can position itself between a trusted entity and its public by distributing false public keys (through a fake website for example) then intercepting all communications, allowing it to usurp the identity of the trusted entity. This type of attack is commonly known as the "middle man attack”.
  • an electronic certificate (also called a “digital certificate” or “public key certificate”) constitutes a “digital identity card” used to:
  • An electronic certificate is made up of a set of data containing:
  • the signing entity is the only authority making it possible to trust (or not) the accuracy of the information in the certificate.
  • FIG. 1 there is illustrated an example of a system in which the authentication method described below can be implemented prior to the exchange of data between the different entities of the system.
  • the system consists of three separate entities:
  • an acquisition probe 1 - a local terminal 2 connected to the probe by means of wired or wireless communication, and
  • a remote platform 3 connected to terminal 2 via a computer network such as the Internet.
  • the probe 1 allows the recording of medical data representative of a region of interest of a patient (internal structures, organ, etc.).
  • Terminal 2 allows the possible processing of certain medical data acquired by probe 1 and / or the display of images of the region of interest.
  • the platform 3 also allows the generation of certificates for the probe and the terminal, as will be described in more detail below.
  • the platform 3 also includes a storage unit comprising one (or more) memory (s) which can be a ROM / RAM memory, a USB key, a memory of a central server.
  • a storage unit comprising one (or more) memory (s) which can be a ROM / RAM memory, a USB key, a memory of a central server.
  • the storage unit In addition to storing data associated with the medical examination (medical data, control data, etc.), the storage unit also makes it possible to store programming code instructions intended to perform certain steps of the authentication process. described below.
  • the platform constitutes a certification authority making it possible to guarantee the origin of the certificates assigned to the probe on the one hand, and to the terminal on the other hand.
  • platform 3 is characterized by:
  • - a platform private key known only to the platform, and used to sign: the probe certificate assigned to the probe during its manufacture, and the terminal certificate assigned to the terminal when the customer subscribes to a customer account by the user.
  • the platform private key is stored only in the platform storage unit 3.
  • the probe 1 and the terminal 2 can verify the authenticity of the certificates sent by the platform 3 using the platform public key, and no software entity can substitute for the platform 3 to generate fraudulent certificates.
  • the platform 3 storage unit includes a table listing all of the probes 1 manufactured and / or belonging to the organization.
  • each probe 1 is characterized by:
  • the probe certificate includes in particular:
  • probe ID The probe ID, probe public and private keys, probe certificate, and platform public key are stored in probe memory during manufacture.
  • the probe ID, the probe public key and the probe certificate are stored in the probe table contained in the platform storage unit 3.
  • probe 1 Only probe 1 has the probe private key to decrypt messages encrypted from the probe public key. In other words, the probe's private key is stored only in the memory of probe 1.
  • Terminal 2 does not belong to the same organization. It is able to work with different probes 1. It belongs to a user who has a customer account with the platform 3 and which allows him to identify himself.
  • terminal ID When registering for a customer account, a terminal ID, terminal private key, terminal public key, and terminal certificate are generated.
  • the terminal public and private keys are generated by the terminal, while the certificate and terminal identifier are generated by the platform 3.
  • the terminal 2 when subscribing to a customer account, the terminal 2 generates public and private terminal keys.
  • the terminal public key is transmitted to the platform 3 in a subscription request message.
  • the subscription request message may also include the identifier of the probe intended to be combined with the terminal to carry out tests. exams.
  • This allows the platform to associate the terminal with a probe of the probe table contained in the storage unit. As will be described in more detail below, such an association eliminates the need for the probe or the terminal to transmit to the platform a session key generated following the identification protocol described below.
  • the identifier of the probe intended to be combined with the terminal for carrying out an examination can be sent to the platform after the subscription of a customer account, in particular a few minutes before the implementation of an examination.
  • the platform 3 In response to the subscription request message, the platform 3 generates a terminal identifier, and produces a terminal certificate including:
  • This certificate is sent to the terminal. It can be encrypted from the terminal public key.
  • the platform certificate including the platform public key is also sent to the terminal.
  • Terminal ID, terminal public and private keys, platform public key, and terminal certificate are stored in the memory of terminal 2.
  • Terminal ID, terminal public key, and terminal certificate are stored in the memory of terminal 2. kept in a table stored in the storage unit of platform 3.
  • the probe identifier In the event that the probe identifier is also transmitted to the platform, the latter stores the identifiers of the probe in a probe / terminal correspondence table and the terminal to be combined for the implementation of an examination session.
  • terminal public and private keys were generated by terminal 2:
  • terminal private key allows terminal 2 to decrypt the received messages that have been encrypted using the terminal public key
  • the terminal public key allows the entities holding the terminal certificate to encrypt the messages intended for the terminal.
  • the platform certificate and a terminal certificate were sent to terminal 2 by the remote platform, and stored in the terminal memory.
  • the platform certificate contains in particular the platform public key; this platform public key allows the terminal to verify the authenticity of the certificates produced by the platform, and possibly to encrypt the messages intended for platform 3.
  • the terminal certificate contains:
  • the terminal public key which allows the entities holding the terminal certificate to encrypt the messages intended for the terminal
  • the memory of the probe 1 contains: o the private key of the probe allowing the decryption of messages encrypted with the public key of the probe, o the platform public key, allowing to possibly encrypt the messages intended for the platform 3 and verify the authenticity of the signature of the certificates issued by the platform, and o the probe certificate containing:
  • the memory of terminal 2 contains: o the private key of the terminal making it possible to decrypt the messages encrypted with the public key of the terminal, o the platform certificate containing the public platform key, possibly making it possible to encrypt the messages intended for the platform 3 and to verify the authenticity of the signature of the certificates issued by the platform, and o the terminal certificate containing:
  • the platform 3 storage unit contains: o a probe table including the identifier of each probe 1 of the organization and the probe certificate associated with each probe identifier, o a terminal table including the identifier of each terminal 2 and the terminal certificate associated with each terminal identifier, o a probe / terminal correspondence table including the probe and terminal identifiers to be combined for the implementation of an examination session, o the platform private key used to sign certificates and decrypt messages encrypted with the platform public key.
  • the authentication process consists of two phases:
  • the user When the user wishes to carry out an examination, he enters on the input means of the terminal 2 information concerning the examination, and in particular the identifier of the probe intended to be used for the examination.
  • This information and other information such as:
  • exam data (date of acquisition of exam data, type of exam, etc.) are included in an exam request message.
  • This examination request message is sent to platform 3 which records it in the storage unit and updates the probe / terminal correspondence table by associating the probe and terminal identifiers with it.
  • the examination request message can be encrypted from the platform public key. This limits the risk of critical information being obtained by a malicious third party who has intercepted all communications, for example to impersonate terminal 2.
  • Platform 3 verifies that the user has rights to use the system according to the terminal identifier. If the user has user rights, the platform issues a pairing authorization message, otherwise, the platform issues an error message prohibiting pairing.
  • the authorization message sent by the platform 3 can be encrypted using the terminal public key. Encrypting the authorization message using the terminal's public key avoids the risk of fraudulent interception of system-critical information, which is encrypted and therefore unusable as it is. This also allows the platform to ensure that the terminal 2 that generated the request and that the terminal associated with the identifier contained in the request do indeed constitute a single entity (only the terminal whose identifier has been indicated in the request with the private terminal key enabling the platform message to be decrypted).
  • the first dialogue phase 100 allows the probe 1 to authenticate the terminal 2.
  • the terminal 2 sends 110 a pairing request to the probe 1.
  • This pairing request contains the terminal certificate that will be used by the probe 1 to verify that the terminal is indeed an entity of trust.
  • Probe 1 receives 120 the pairing request, and extracts the terminal certificate.
  • Probe 1 verifies 130 the authenticity of the terminal certificate by comparing the signature of the terminal certificate to the platform public key stored in memory during its manufacture.
  • the probe 1 extracts 140 the terminal public key contained in the terminal certificate, and stores it in its internal memory. This terminal key will be used to generate a “session key” as will be described in more detail below. If the terminal certificate is not genuine, an error message is issued 135.
  • Probe 1 generates verification information (eg, a random sequence of digits), encrypts it using the terminal public key, and integrates it into a response message. This response message is sent 150 by the probe 1 to the terminal 2.
  • verification information eg, a random sequence of digits
  • Terminal 2 receives 160 the response message, and decrypts the verification information using the terminal private key.
  • This terminal private key known only to terminal 2, is the only one able to decrypt the verification information. Indeed, as recalled in point 1.1.1, in the case of asymmetric encryption, information encrypted using a public key cannot be decrypted using this same public key: only the private key associated with this public key can be used to decrypt this information.
  • Terminal 2 integrates the verification information into a confirmation message.
  • the confirmation message is sent 170 by terminal 2 to probe 1.
  • the probe 1 receives 180 the confirmation message and extracts the verification information from the confirmation message.
  • the probe then compares 190:
  • the probe 1 sends 200 an authentication validation message to the terminal 2.
  • the second dialogue phase 300 can be implemented.
  • probe 1 issues an error message 195 and refuses the pairing between probe 1 and terminal 2.
  • the first dialogue phase 100 therefore allows the probe to authenticate terminal 2 using the terminal certificate including the terminal public key:
  • the verification of the signature of this certificate - using the platform public key - allows the probe to confirm that the certificate was issued by a trusted authority (i.e. the platform),
  • the second dialogue phase 300 allows terminal 2 to authenticate probe 1.
  • the terminal 2 sends 310 a certificate request message to the probe 1.
  • the probe 1 receives 320 the certificate request message, and generates a result message including the probe certificate.
  • the result message can be encrypted using the terminal public key in order to limit the risks of interception of the information it contains by a fraudulent third party entity.
  • Probe 1 sends 330 the result message to terminal 2
  • Terminal 2 receives the result message, decrypts it and extracts the probe certificate. Terminal 2 verifies 340 the authenticity of the probe certificate by comparing the signature of the probe certificate to the platform public key stored in memory when subscribing to the customer account.
  • the terminal 1 extracts 350 the probe public key contained in the probe certificate, and saves it in its internal memory. This probe key will be used to generate the "session key”. If the terminal certificate is not genuine, an error message is issued 345.
  • Terminal 2 generates verification information (eg, a random sequence of digits), encrypts the verification information using the probe public key, and integrates it into a justification message.
  • This justification message is sent 360 by terminal 2 to probe 1.
  • Probe 1 receives 370 the justification message, and decrypts the verification information using the private probe key known only to probel.
  • the probe 1 integrates the verification information into a proof message.
  • the proof message is sent 380 by the probe to terminal 2.
  • the terminal 390 receives the proof message and extracts the verification information from the proof message.
  • the terminal then compares 400:
  • the terminal 2 sends 410 an authentication validation message to the probe 1.
  • the probe and the terminal are paired.
  • terminal 2 sends 405 an error message and refuses the pairing between probe 1 and terminal 2.
  • probe 1 and terminal 2 are paired.
  • a pairing confirmation message can be sent by probe 1 or terminal 2 to platform 3.
  • Each entity in the system then generates the session key from the probe and terminal public keys. Indeed, the public keys of probe and terminal are stored:
  • the public probe key is recorded during the manufacture of the probe, and the public terminal key is recorded during the implementation of the first dialogue phase 100
  • - in the terminal's memory the public probe key is recorded in the memory of terminal 2 when the second dialogue phase is implemented, and the terminal's public key is stored in the terminal's memory during subscription customer account
  • the public probe and terminal keys are contained in the probe and terminal tables, and the probe / terminal correspondence table is used to define which probe is associated with each terminal).
  • the same session key is generated independently by the probe, the terminal and the platform. This session key is therefore not transmitted between the different entities, which limits the subsequent risks of fraud.
  • the session key is used to encrypt / decrypt the data exchanged according to a symmetric cryptography mode (the session key is used both to encrypt and decrypt the data).
  • the session key will be used during the implementation of the exam to:
  • the period of validity of the session key depends on the type of application concerned. It can be a few tens of minutes for an examination for a patient, or several hours / days for an imaging session in an emergency vehicle (on the move).
  • the public and private probe keys can be used for the exchange of sensitive information between the platform 3 and the probe 1, via the terminal 2, without the terminal having access to this sensitive information.
  • This sensitive information consists for example of instructions for controlling the probe.
  • the probe configuration sequence (s) (for data acquisition in the context of the examination) cannot be sent directly from platform 3 to probe 1, in particular because of the limited memory capacity of probe 1.
  • terminal 2 can be used to store this (or these) sequence (s), and to transmit it (or them) sequentially by piece to probe 1.
  • By encrypting asymmetrically these control instructions using the public and private probe keys it is possible to transmit them via the terminal without the latter being able to have access to them.
  • the fact that the terminal cannot access asymmetrically encrypted driving instructions ensures the integrity of the data driving the delivery of ultrasound energy to the patient's biological tissues.
  • the end of the exam can be programmed by the user using the terminal 2.
  • the terminal 2 sends to the probe 1 and to the platform 3 an end of exam command message. If certain medical data relating to the examination have not been acquired by probe 1 and / or have not been processed by platform 3, probe 1 and platform 3 can send an acceptance message indicating that the end of examination order has been taken into account and that it will be effective as soon as the acquisition and / or processing of medical data by probe 1 and / or platform 3 is finalized.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Public Health (AREA)
  • Epidemiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Ultra Sonic Daignosis Equipment (AREA)
  • Mobile Radio Communication Systems (AREA)
EP20829945.3A 2019-12-20 2020-12-21 Verfahren und system zur verwaltung des datenaustausches im rahmen einer medizinischen untersuchung Withdrawn EP4079018A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1915204A FR3105682B1 (fr) 2019-12-20 2019-12-20 Procede et systeme de gestion d’echange de donnees dans le cadre d’un examen medical
PCT/EP2020/087458 WO2021123431A1 (fr) 2019-12-20 2020-12-21 Procede et systeme de gestion d'echange de donnees dans le cadre d'un examen medical

Publications (1)

Publication Number Publication Date
EP4079018A1 true EP4079018A1 (de) 2022-10-26

Family

ID=71094421

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20829945.3A Withdrawn EP4079018A1 (de) 2019-12-20 2020-12-21 Verfahren und system zur verwaltung des datenaustausches im rahmen einer medizinischen untersuchung

Country Status (8)

Country Link
US (1) US20230016828A1 (de)
EP (1) EP4079018A1 (de)
JP (1) JP2023507651A (de)
KR (1) KR20220134751A (de)
CN (1) CN115136545B (de)
FR (1) FR3105682B1 (de)
IL (1) IL294053A (de)
WO (1) WO2021123431A1 (de)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102833909B1 (ko) * 2022-11-03 2025-07-16 이오플로우(주) 약액 주입 장치의 제어 방법
US12047778B2 (en) * 2021-08-11 2024-07-23 Texas Instruments Incorporated Wireless battery management system setup

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6987855B1 (en) * 1999-09-10 2006-01-17 Cisco Technology, Inc. Operational optimization of a shared secret Diffie-Hellman key exchange among broadcast or multicast groups
US7386878B2 (en) * 2002-08-14 2008-06-10 Microsoft Corporation Authenticating peer-to-peer connections
US7545932B2 (en) * 2004-10-29 2009-06-09 Thomson Licensing Secure authenticated channel
EP2043731A4 (de) * 2006-07-13 2010-07-21 St Jude Medical Medizinisches informationsmanagement in einem patienteninformations-hubsystem
WO2008051939A2 (en) * 2006-10-24 2008-05-02 Medapps, Inc. Systems and methods for medical data transmission
CN101521883B (zh) * 2009-03-23 2011-01-19 中兴通讯股份有限公司 一种数字证书的更新和使用方法及系统
DE102013202494A1 (de) * 2013-02-15 2014-08-21 Siemens Aktiengesellschaft Authentifizierung von medizinischen Clientgeräten in einem Geräteverbund
US9769658B2 (en) * 2013-06-23 2017-09-19 Shlomi Dolev Certificating vehicle public key with vehicle attributes
CN104144049B (zh) * 2014-03-11 2016-02-17 腾讯科技(深圳)有限公司 一种加密通信方法、系统和装置
US9716716B2 (en) * 2014-09-17 2017-07-25 Microsoft Technology Licensing, Llc Establishing trust between two devices
JP2017192117A (ja) * 2016-04-15 2017-10-19 富士通株式会社 センサ装置、情報収集システム、および情報収集方法
US10623188B2 (en) * 2017-04-26 2020-04-14 Fresenius Medical Care Holdings, Inc. Securely distributing medical prescriptions
US11153076B2 (en) * 2017-07-17 2021-10-19 Thirdwayv, Inc. Secure communication for medical devices
US10958446B2 (en) * 2018-01-11 2021-03-23 Intel Corporation Secure wireless network association
CN110445614B (zh) * 2019-07-05 2021-05-25 创新先进技术有限公司 证书申请方法、装置、终端设备、网关设备和服务器
CN110351727B (zh) * 2019-07-05 2020-06-02 北京邮电大学 一种适于无线传感网络的认证与密钥协商方法
CN110535656A (zh) * 2019-07-31 2019-12-03 阿里巴巴集团控股有限公司 医疗数据处理方法、装置、设备及服务器

Also Published As

Publication number Publication date
JP2023507651A (ja) 2023-02-24
US20230016828A1 (en) 2023-01-19
KR20220134751A (ko) 2022-10-05
WO2021123431A1 (fr) 2021-06-24
FR3105682B1 (fr) 2022-05-13
CN115136545B (zh) 2024-03-12
IL294053A (en) 2022-08-01
FR3105682A1 (fr) 2021-06-25
CN115136545A (zh) 2022-09-30

Similar Documents

Publication Publication Date Title
EP2441207B1 (de) Kryptografisches verfahren für anonyme authentifizierung und separate identifizierung eines benutzers
KR101976027B1 (ko) 암호 화폐의 전자 지갑 생성 및 백업 방법 및 이를 이용한 단말 장치와 서버
EP1282288A1 (de) Verfahren und System zur Authentifizierung
WO2018131004A2 (fr) Procédés et systèmes pour l'exécution de programmes dans des environnements sécurisés
CN101479987A (zh) 生物测定凭证验证框架
EP1192608A2 (de) Verfahren und vorrichtung zur elektronischen bezahlung
EP1549011A1 (de) Kommunikationsverfahren und System zwischen einem Endgerät und mindestens einer Kommunikationsvorrichtung
WO2010046565A2 (fr) Procédé de signature numérique en deux étapes
WO2013021107A1 (fr) Procede, serveur et systeme d'authentification d'une personne
FR3048530B1 (fr) Systeme ouvert et securise de signature electronique et procede associe
CN107506635B (zh) 身份证网上功能开通方法、手机、可信终端和验证服务器
US12348635B2 (en) System and methods for interactive document sharing and authentication with privacy guarantee
CA2969495A1 (fr) Procede mis en oeuvre dans un document d'identite et document d'identite associe
CN116170143A (zh) 一种基于国密算法的智慧社区数据安全传输、存储及融合使用系统
WO2021123431A1 (fr) Procede et systeme de gestion d'echange de donnees dans le cadre d'un examen medical
CN101521665A (zh) 认证设备、生物体信息管理装置、认证系统以及认证方法
US20210248863A1 (en) Method, system, and device for selecting a winner of a raffle based on content from raffle tickets
EP2509025A1 (de) Zugriffsverfahren auf eine geschützte Quelle einer gesicherten persönlichen Vorrichtung
EP1514377A1 (de) Schnittstellenverfahren- und einrichtung zum online-austausch von inhaltsdaten auf sichere weise
FR2980011A1 (fr) Procede de mise en oeuvre, a partir d'un terminal, de donnees cryptographiques d'un utilisateur stockee dans une base de donnees distante
WO2003060841A1 (fr) Procede cryptographique de revocation a l'aide d'une carte a puce
WO2016156737A1 (fr) Procede d'obtention d'une liste d'au moins une donnee sensible
WO2024022988A1 (fr) Procédé de traitement de données dans l'informatique en nuage
CN113536333B (zh) 一种可提高商保理赔效率的医疗商保方法
CN113315749B (zh) 用户数据上链、用户数据使用方法、匿名系统和存储介质

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220621

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
111Z Information provided on other rights and legal means of execution

Free format text: AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

Effective date: 20250414

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20250701