This paper proposes a SCP-ECG security extension after having analyzed the features of this standard, its security requirements and the current measures implemented by other medical protocols. Our approach permits SCP-ECG files to be stored safely and proper access to be granted (or denied) to users for different purposes: interpretation of the test, consultation, clinical research or teaching. The access privileges are scaled by means of role-based profiles supported by cryptographic elements (ciphering, digital certificates and digital signatures). These elements are arranged as metadata into a new section which extends the protocol and protects the remaining sections. The application built to implement this approach has been extensively tested, showing its capacity to authenticate users and to protect the integrity of files and the privacy of sensitive data, with a low impact on file size and access time. In addition, this solution is compatible with any version of the SCP-ECG and can be easily integrated into e-health platforms.
Copyright © 2012 Elsevier Inc. All rights reserved.