資訊管理學報
黃志文;侯廷偉;
頁: 91-110
日期: 2005/03
摘要: 本研究主要是整合全民健保IC卡系統架設的虛擬和有網路之相關技術,以突破現有安全性限制。使用的方法為,在任何全民健保IC卡系統內,連結的虛擬私有網路節點間,配合健保IC卡狀態驗證機制,建立一條唯一,且隨門診運作流程需求開啟的安全通訊通道。此安全通訊通道能依卡片運作狀態,動態調整對送收的通訊封包的過濾條件。 就作者對相關論文的研讀範圍內,目前尚無相關的研究與此論文創意方向有任何相重疊。本文並將此創意想法引用在,先前已經逐步完成的全民健保IC卡模擬系統中。在微軟作業系統內,網路驅動程式介面基礎上,撰寫並建立一個初步應用雛形驅動程式,並將其定名為”IC卡輔助防火牆”。IC卡輔助防火牆係藉由中央健保局認證發行的標準”控制軟體”,做卡片運作狀態參數的傳遞,並將卡片運作狀態提供給IC卡輔助防火牆,作為封包過濾條件的認證準則。該雛型系統運作,確實為全民健保IC卡系統內連結的虛擬和有網路節點提供了一個既經濟又有效的防病毒、駭客攻擊的解決方案;此方案也同時為未來全民健保加值服務建立一個安全可靠的應用方向。
關鍵字: 虛擬私有網路;非對稱性數位用戶迴路;積體電路卡;醫療資訊系統;IC卡輔助防火牆;
Abstract: The paper focuses on integrating a set of technologies to construct a more secure National Health Insurance (NHI) Virtual Private Network (VPN). The novel idea suggests that any NHI VPN site can establish communication tunnels between each other only by a secure mechanism, which requires a NHI Healthcare Integrated Circuit (IC) card state machine to certificate. A tunnel is then built. In addition, it dynamically filters packets according to the IC card running states and filter statements. There are no related researches similar to the proposed approach, as the authors know in the literature. A feasible prototype is built on an emulated NHI VPN. The key component is a Card-Assisted Firewall (CAF) for a site. A prototype is built, based on the Network Driver Interface Specification in Microsoft Windows Driver Development Kits. The CAF accesses IC cards by invoking Control Software, which is distributed by Bureau of NHI as a standard interface to invoke NHI IC cards. The prototype demonstrates that CAF can not only dynamically build tunnels but also filter out illegal messages. The overhead in performance degradation is negligible. In addition, it also prevents the site from broadcasting virus attacks. The efficient and secure tunnel would support more potential NHI added-value applications.
Keywords: Virtual Private Network;Asymmetric Digital Subscriber Line;Integrated Circuit card;Hospital Information System;Card-Assisted Firewall;
瀏覽次數: 11103 下載次數: 223
引用 導入Endnote
頁: 91-110
日期: 2005/03
摘要: 本研究主要是整合全民健保IC卡系統架設的虛擬和有網路之相關技術,以突破現有安全性限制。使用的方法為,在任何全民健保IC卡系統內,連結的虛擬私有網路節點間,配合健保IC卡狀態驗證機制,建立一條唯一,且隨門診運作流程需求開啟的安全通訊通道。此安全通訊通道能依卡片運作狀態,動態調整對送收的通訊封包的過濾條件。 就作者對相關論文的研讀範圍內,目前尚無相關的研究與此論文創意方向有任何相重疊。本文並將此創意想法引用在,先前已經逐步完成的全民健保IC卡模擬系統中。在微軟作業系統內,網路驅動程式介面基礎上,撰寫並建立一個初步應用雛形驅動程式,並將其定名為”IC卡輔助防火牆”。IC卡輔助防火牆係藉由中央健保局認證發行的標準”控制軟體”,做卡片運作狀態參數的傳遞,並將卡片運作狀態提供給IC卡輔助防火牆,作為封包過濾條件的認證準則。該雛型系統運作,確實為全民健保IC卡系統內連結的虛擬和有網路節點提供了一個既經濟又有效的防病毒、駭客攻擊的解決方案;此方案也同時為未來全民健保加值服務建立一個安全可靠的應用方向。
關鍵字: 虛擬私有網路;非對稱性數位用戶迴路;積體電路卡;醫療資訊系統;IC卡輔助防火牆;
An IC Card-Certificated Secure Tunnel over NHI VPN Framework
Abstract: The paper focuses on integrating a set of technologies to construct a more secure National Health Insurance (NHI) Virtual Private Network (VPN). The novel idea suggests that any NHI VPN site can establish communication tunnels between each other only by a secure mechanism, which requires a NHI Healthcare Integrated Circuit (IC) card state machine to certificate. A tunnel is then built. In addition, it dynamically filters packets according to the IC card running states and filter statements. There are no related researches similar to the proposed approach, as the authors know in the literature. A feasible prototype is built on an emulated NHI VPN. The key component is a Card-Assisted Firewall (CAF) for a site. A prototype is built, based on the Network Driver Interface Specification in Microsoft Windows Driver Development Kits. The CAF accesses IC cards by invoking Control Software, which is distributed by Bureau of NHI as a standard interface to invoke NHI IC cards. The prototype demonstrates that CAF can not only dynamically build tunnels but also filter out illegal messages. The overhead in performance degradation is negligible. In addition, it also prevents the site from broadcasting virus attacks. The efficient and secure tunnel would support more potential NHI added-value applications.
Keywords: Virtual Private Network;Asymmetric Digital Subscriber Line;Integrated Circuit card;Hospital Information System;Card-Assisted Firewall;
瀏覽次數: 11103 下載次數: 223
引用 導入Endnote