Digital Certificate Management System for eHealth and mHealth Practitioners in Sri Lanka to Secure Medical Data

Abstract

eHealth and mHealth systems are getting more popular today; yet, vulnerabilities are much higher when the sensitive medical data being transferred through public networks. Therefore, it is essential to have a digital identification and authentication mechanism to authenticate peers in a digital world. Especially, it will help to avoid attacks such as man-in-the-middle attack. Although the digital certificates can solve this issue, it has not been used by the general public yet to protect their digital data. This is mainly due to their limited knowledge in IT and the complexity of the process. Thus, it is required to have a simple security tool to support encryption, digital signature, digital authentication, and integrity verification. However, we have developed a digital certificate management system to facilitate all these features including creating asymmetric key pairs, generating, signing, chaining and revoking certificates, and signing and verifying digital contents. Because it is a Java based application, it is platform independent; thus portable. In backend, it uses OpenSSL library. Moreover, it is capable of managing present RSA based certificates as well as the novel Elliptic Curve (EC) based certificates. Thus, it is more robust, future-proof and well-suited for mobile devices. However, a usability test was performed to evaluate its usability, efficiency and the effectiveness. 47 undergraduate and postgraduate students were voluntarily attended for the test and their responses were critically analysed. Compare to the conventional command line based method, 100% of user satisfaction has been gained by the developed tool. In conclusion, it is a simple, free and open source software for the public to secure their digital data.