隨著數位科技與網際網路的普及化,大部分的實體資料都以數位資訊呈現或保存,提供使用者透過網路快速分享並取得資訊。在數位化的發展模式下,各醫療機構的傳統紙本資訊,包含病歷資料、護理資料、藥劑資料也逐漸發展成各種便於管理的資訊系統模式;如何將這些電子化的資訊妥善管理並整合成有用的資訊,以提供給合法授權的醫療人員使用,使醫療人員能夠更有效率的執行各種決策與管理,是目前最重要的議題。醫療資訊的內容,包含個人資料、醫療資訊等機密資訊,只要透過網路存取資料,就可能存在遭受攻擊或竊取資料的風險;倘若遭受線上惡意攻擊或資料遭竊取,非但個人隱私不保,甚至可能遭受財產或名譽損失。因此,如何進行權限管控,保護存取的安全性,將是資訊分享是否得以有效獲得推展的關鍵,為了防範惡意的網路攻擊,必須建立一個有效且安全的存取控制系統。本論文運用行動代理人的優點來克服異質性的系統環境,建構一個虛擬整合的醫療資訊分享模式,並且透過行動代理人收集分散在各個醫療機構的醫療資訊,達到跨醫療院所醫療資訊分享的目的,並且使用公開金鑰密碼系統和 Lagrange插值法提出一個存取控制與金鑰管理機制,來確保醫療資訊分享的安全性與機密性。本系統的安全性分析以網路攻擊者的角度,分析常見的四種攻擊方式,分別為外部攻擊、內部攻擊、協同攻擊,與方程式攻擊。根據本論文分析結果顯示,證實論文中提出的存取控制與金鑰管理機制可以有效率且安全地保護各醫療院所所分享的醫療資訊。本論文之成果在提升醫療品質的同時,也避免醫療資源的過度耗用,讓醫療資源獲得適當配置。 When the digital technology and the Internet are getting popular, most entity data are presented or kept with digital information for users rapidly sharing and acquiring information through the Internet. Under the development model of digitalization, traditional paper-based information, including medical records, nursing data, and medicine data, in various medical institutions have developed different information systems for easy management. It therefore becomes a primary issue to well manage such electronic information and integrate them into useful information for the use of legally authorized medical personnel so as to make the decision-making and management be more efficient. Medical information covers confidential information of personal data and medical information, which present the risks in being attacked or stolen when accessing to the data through the Internet. When encountering online malicious attacks or data theft, personal privacy is divulged and even the property or fame is lost. Right management to protect the access security therefore is the key in effectively promoting information sharing. To prevent from malicious online attacks, it is necessary to establish an effective and secure access scheme.By applying the advantage of mobile agents overcoming the environment with heterogeneous systems, a virtually integrated medical information sharing model is established, which collects the medical information in various medical institutions through mobile agents for sharing cross-hospital medical information. Moreover, public-key cryptosystems and Lagrange interpolation are utilized for an access control and key management scheme in order to ensure the security and confidentiality of medical information.Regarding the security analysis of this scheme, four common attacks of external attacks, internal attacks, coordinated attacks, and formula attacks are analyzed from the aspect of online attackers. The analysis results prove that the proposed access control and key management scheme could efficiently and securely protect the shared medical information of hospitals. The research outcome presents the proper distribution of medical resources and avoid the overuse of medical resources while enhancing the medical quality.
