An Innovative Information Integrity Verification Method and Its Applications

  • Hwang, Jing-Jang (PI)

Project: National Science and Technology CouncilNational Science and Technology Council Academic Grants

Project Details

Abstract

The major application area of the standard of electronic pedigree (or ePedigree) established by the EPCGlobal, Inc. is in the source identification and tracing of medicines. The content of electronic pedigree documents increases as the number of transactions does. Electronic pedigree documents completely keep track of processes of manufacturing and supply chain of the healthcare industry. The use of ePedigree documents might reduce the probability that consumers purchase or take counterfeit medicines. Electronic medical records (EMR), which are also critical to consumers’ welfare, share similar characteristics that the content of EMR increases as the number of the patient’s visits does. EMR is an important reference when physicians treat patients. Furthermore, EMR provides critical and important evidence based on which negligence in healthcare processes can be determined and medical dispute might be settled. Because ePedigree documents and EMR involve critical issues, it is necessary to have a reliable method to examine the integrity of their contents: the authenticity, correctness, and completeness. That is, the integrity of contents of ePedigree documents and EMR should not be compromised with unauthorized modification. The verification of information integrity is an essential component of information systems auditing. Besides, when disputes regarding the content arise, in addition to verifying the authenticity of records, a reliable method is needed in order to identify the accountability of information creators who compromise the information integrity. Currently, digital signature is the major technique for creating methods for verifying the information integrity. Digital signature can provide evidence of non-repudiation for business transactions so that those who are involved in the transaction could be held accountable when disputes arise. The Department of Health, Executive Yuan officially requires that healthcare givers must sign digital signatures for EMR that they enter. The format of ePedigree documents includes digital signatures signed by vendors who are involved in the transaction so they will be responsible for the content they add. As a result, both types of documents accumulate multiple digital signatures signed with private keys. In order to verify each digital signature, it is necessary to use the public key corresponding to the private key and examine the certificate to assure the authenticity of the public key. Such a verification process is relatively complex. Also, it is quite time-consuming and cannot meet the need for efficiency of applications because the execution of complex calculations for such a verification process is a function of the number of digital signatures. This shortcoming must be remedied with an innovative method. In our preliminary study, we believe that one feasible approach is to separate the attribution of accountability from the verification of information integrity. That is, the attribution of accountability of the information creator could be determined only when the information integrity of documents has been verified as “compromised with unauthorized modification”. As for the determination of accountability for compromised information integrity, we believe that the implementation of a well-designed management system could significantly reduce the need for the use of digital signature. One-way hash function, an alternative to digital signature, is another technology that is frequently used to design verification methods for information integrity. In general, a method based on one-way hash function is applicable to the verification of a single record or document. This might meet the efficiency need for practical uses. Nevertheless, ePedigree and EMR records are documents that are accumulative and may come from multiple sources. Because of those characteristics, when developing a verification method with one-way hash function, it will be necessary to customize the method to accommodate those characteristics. In addition, the project will examine new issues resulting from these types of documents, including verifying temporal sequence of document segments added at different points in time, the efficiency issue of constantly growing documents, and the need for selective inspection of segmented contents. The principal investigator of the proposal has been devoted to research into the issue of information integrity. Through his long-term dedicated effort in this area, the PI has obtained insightful expertise of the need for information integrity verification and the design of non-digital signature-based verification methods. Recently, the PI extended his research areas into the study on the framework and relevant standards of EMR and ePedigree documents and identified the need for addressing the above research issues. The title of the proposed project is “An innovative information integrity verification method and its applications”. The proposed project is expected to finish in three years: The study focus of the first year will be on the development of an efficient and low-cost verification method for information integrity. We plan to address issues surrounding information integrity and privacy in supply chains and develop feasible solutions. In the second year, based on the findings of the first year’s research, we will apply the verification method to address issues related to EMR. The research objective is to extend the information integrity verification method with the consideration of patient’s privacy as well as to develop a credible auditing framework. The focus is to address information integrity and privacy issues in healthcare systems and propose feasible solutions. In the third year, we intend to identify an innovative business model and conduct a feasibility study for implementing a fair mechanism to resolve disputes occurring in electronic commerce transactions. The expected outcomes of the proposed project include an innovative information integrity verification method and a business model. The innovative method is capable of verifying the information integrity of a single segment of an ePedigree and EMR document and is able to examine temporal sequence of content segments added at different points in time. Additionally, it takes into account the efficiency issue resulted from progressive addition of contents to the document. Another feature of the method is that it meets the need for selective inspection of segmented contents. The expected business model will provide services to accounting firms, law firms or government agencies that frequently face the need to assure the information integrity of documents. Furthermore, the business model can provide an unbiased mechanism to settle disputes in case they arise.

Project IDs

Project ID:PF9806-1156
External Project ID:NSC98-2410-H182-002
StatusFinished
Effective start/end date01/08/0931/07/10

Keywords

  • Information Integrity
  • EPCglobal
  • Electronic Pedigree
  • Electronic MedicalRecord
  • Compound Document
  • Audit

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.