Developing secure Web-based medical applications

Medical Informatics and the Internet in Medicine

Volumn 24, Issue 1, 1999, Pages 75-90

  Gritzalis, S ^a,b   Iliadis, J ^a   Gritzalis, D ^c   Spinellis, D ^b   Katsikas, S ^b  

^a UNIVERSITY OF WEST ATTICA   (Greece)

^b UNIVERSITY OF THE AEGEAN   (Greece)

^c ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Cryptography; Digital signatures; Security; Trusted third parties

Indexed keywords

CERTIFICATION; DIGITAL COMPUTER; GENERAL PRACTITIONER; HEALTH CARE ORGANIZATION; INFORMATION SCIENCE; INTERNET; INTERPERSONAL COMMUNICATION; MEDICAL INFORMATION; ORGANIZATION AND MANAGEMENT; REVIEW;

ALGORITHMS; COMPUTER SECURITY; EUROPE; HUMANS; INFORMATION STORAGE AND RETRIEVAL; INTERNET; PILOT PROJECTS; SOFTWARE; TELEMEDICINE; USER-COMPUTER INTERFACE;

EID: 0032988049     PISSN: 14639238     EISSN: None     Source Type: Journal    
DOI: 10.1080/146392399298537     Document Type: Review

References (24)

1. SMEETS, B., and JOHANSSON, T., 1997, Secure Storage and Retrieval in Medical Information Systems (Lund: Lund University Press).
2. SPINELLIS, D., GRITZALIS, S., ILIADIS, J., GRITZALIS, D., KATSIKAS, S., POLEMI, D., VARVITSIOTIS, A., VELENTZAS, S., MARSH, A., UZUNOGLOU, N., DIMITRIADIS, D., BLOBEL, B., PHAROW, P., DE LUCA, L., and BARBER, B., 1997, Trusted Third Party Services for Healthcare in Europe, DGXIII/INFOSEC Project 20820 EUROMED-ETS final deliverable, http://www.math.aegean.gr/info-sec/projects/.
3. INTERNATIONAL STANDARDS ORGANISATION, 1988, ISO/TC97 7498-2, Information Processing Systems - OSI Reference Manual Part 2: Security Architecture (Geneva: ISO).
4. GRITZALIS, S., and SPINELLIS, D., 1997, Addressing threats and security issues in World Wide Web technology. Proceedings of the 3rd IFIP International Conference on Communications and Multimedia Security, edited by S. Katsikas (London: Chapman & Hall), pp. 33-46.
5. MEYER, K., SCHAEFFER, S., and BAKER, D., 1995, Addressing threats in World Wide Web technology. Proceedings of the 11th IEEE Annual Computer Security Applications Conference (Los Alamitos: IEEE), pp. 123-132.
6. BROWN, A., GRAY, G., LAMBERT, O., MULLER, P., CASTELL, S., and BALOUET, V., 1993, User Requirements for TTP services, DGXIII/INFOSEC Project S2101 S01 deliverable, http://www.cordis.lu/infosec/src/down.htm.
7. RENSBURG, A., and SOLMS, B., 1977, A comparison of schemes for certification authorities. Proceedings of the IFIP SEC'97 International Information Security Conference (London: Chapman & Hall), pp. 222-240.
8. ZIMMERMANN, P., 1995, PGP Source Code and Internals (Cambridge, MA: MIT Press).
9. MILLEN, J., NEUMAN, C., SCHILLER, J., and SALTZER, J., 1987, Kerberos Authentication and Authorization System, Project Athena Technical Plan, Section E2.1 (Cambridge, MA: MIT Press).
10. KENT, S., 1993, Privacy Enhancement for Internet Electronic Mail: Part 2: Certificate Based Key Management, Request For Comments RFC 1422, http://www.ietf.org/.
11. TESTFIT - TTP & ELECTRONIC SIGNATURE TRIAL FOR INTER-MODALTRANSPORT, 1995, DGXIII/ INFOSEC Project S2303, Final deliverable, http://www.cordis/lu/infosec/src/down.htm.
12. MASTERCARD, VISA, 1996, Secure Electronic Transaction Specification, Book1 : Business Description, VISA Corporation.
13. MULLER, P., 1993. Functional model of trusted third party services. DGXIII/INFOSEC Project S2101 S03 deliverable, http://www.cordis/lu/infosec/src/down.htm.
14. CCITT, 1988, Recommendations X.500-X.521, Data Communication Networks Directory (Geneva: CCITT).
15. YEONG, W., HOWES, T., and Kille, S., 1995, Lightweight Directory Access Protocol, University of Michigan, ISODE Consortium, Request For Comments RFC 1777, http://www.ietf.org/.
16. FREIER, A., KARLTON, P., and KOCHER, P., 1996, http://home.netscape.com/newsref/std/ SSL.html.
17. MICHIGAN UNIVERSITY RESEARCH TEAM, 1997, http://Web.umich.edu/∼dirsvcs/dap/.
18. CCITT BLUE BOOK, 1988, Recommendation X.509 and ISO 9594-8, Information Processing Systems - OSI - The Directory Authentication Framework (Geneva: CCITT).
19. RSA DATA SECURITY INC., 1995, S/MIME Implementation Guide, Interoperability Profile, Ver.1. (Massachusetts: RSA Inc.).
20. EUROPEAN COMMISSION, 1997, COM(97)503, Ensuring Security and Trust in Electronic Communication: Towards a European Framework for Digital Signatures and Encryption (Brussels: DG XIII).
21. COUNCIL OF EUROPE, 1981, Convention for the Protection of individuals with regard to automatic processing of personal data, Convention No. 108 (Strasbourg: CoE).
22. COUNCIL OF EUROPE, 1977. Council of Europe Recommendation R(97)5, On the Protection of Medical Data (Strasbourg: CoE).
23. RIVEST, R., 1992, The RC4 Encryption Algorithm (Massachusetts: RSA Inc.).
24. RIVEST, R., and DUSSE, S., 1992, The MD5 Message-Digest Algorithm, Request For Comments RFC 1321, http://www.ietf.org/.