臺灣博碩士論文加值系統

資訊科技的日新月異以及不斷進步的醫療技術，從原本就診時所使用的傳統紙本病歷，逐漸發展成耗費低成本的電子病歷。如今，電子病歷的廣泛應用，從中逐漸又發展出一種醫療資訊交換模型，稱之為個人健康紀錄(Personal health records, PHR)，是為一種由使用者本人管理以及維護的個人健康醫療資訊。
基於個人健康紀錄(Personal health records, PHR)均為患者自身的健康醫療資訊，因此，其隱私設定及存取權限則必須嚴格控管，PHR系統除了提供具有存取權限之使用者合理存取之外，也需要避免無持有權限的單一使用者或是團體非法入侵存取。
本論文運用公開金鑰密碼系統(Public-Key Cryptosystems)的概念以及Lagrange插值多項式的數學工具，建構出一個具有高度安全性且又具有效率之加密方法，使得PHR使用者能在一個安全的環境下執行存取系統。

The changing information technology and the constant progress of medical technologies have gradually changed traditional paper-based medical records into low-cost electronic health records. The broad application of electronic health records allows a medical information exchange model being developed, called personal health record (PHR), which are the personal health medical information managed and maintained by the user.
In consideration of personal health records (PHR) being a patient’s health medical information, the privacy setting and the access authority have to be strictly controlled. In addition to providing users with reasonable access authorities, the PHR system has to avoid the illegal access of unauthorized single users or groups.
The idea of Public-Key Cryptosystems and Lagrange interpolating polynomial are applied to construct a high-security and efficient encryption scheme so that PHR users could execute the access system in a secure environment.

致謝II
論文摘要III
目錄V
表目錄VIII
圖目錄VIII
第一章 緒論1
1.1前言1
1.2研究動機2
1.3研究目的2
1.4研究架構3
第二章 文獻探討4
2.1個人健康紀錄(PERSONAL HEALTH RECORD, PHR)概述4
2.1.1電子病歷(Electronic Medical Record, EMR)4
2.1.2電子健康紀錄(Electronic Health Record, EHR)5
2.1.3個人健康紀錄(Personal Health Record, PHR)6
2.2密碼學概述7
2.2.1基礎密碼學7
2.2.2 秘密金鑰密碼系統(Secret-Key Cryptosystems)9
2.2.3 公開金鑰密碼系統(Public-Key Cryptosystems)9
2.3 LAGRANGE插值多項式10
第三章 相關研究12
3.1 TS CHEN(2012)方法論12
3.1.1 方法論12
3.1.2範例16
3.2 TS CHEN(2012)方法之不安全性18
3.2.1 多項式A_i (x) B_i (y)之數學特性18
3.2.2使用A_i (x) B_i (y)之數學特性破解解密多項式G(x,y)19
第四章 研究方法21
4.1使用者權限設定21
4.2改良TS CHEN(2012)方法論22
4.2.1方法設立22
4.2.2解密多項式之安全性檢測23
4.2.3解密多項式G^((r) ) (x,y)之安全性檢測24
4.3範例26
4.3.1範例一：使用者具有合法權限存取26
4.3.2範例二：使用者不具有合法權限存取29
4.3.3範例三：使用非授權之任意金鑰存取30
第五章 使用者及檔案動態存取控制31
5.1使用者變更：新增成員31
5.2使用者變更：移除成員34
5.3變更使用者之存取權限36
5.4機密檔案變更：新增檔案38
5.5機密檔案變更：移除檔案39
第六章 安全性分析42
6.1外部攻擊(EXTERNAL ATTACK)42
6.2內部攻擊(INSIDER ATTACK)42
6.3協同攻擊(COLLABORATIVE ATTACK)45
6.4方程式攻擊(EQUATION ATTACK)49
第七章 結論與未來展望51
參考文獻52

[1] 張家築(2010)，《電子病歷有助於提升醫療品質與病人安全嗎?》，臺灣內科醫學會九十九年會員大會學術演講論文。
[2] IoM(2001), Committee on Quality of Health Care in America, Crossing the Quality Chasm, Washington, DC：National Academy Press.
[3] Ming Li, Shucheng Yu, Kui Ren, and Wenjing Lou(2010) Securing personal health records in cloud computing: Patient-Centric and Fine-Grained data access control in multi-owner settings, Security and Privacy in Communication Networks, 89-106.
[4] Mell and Grance(2009), Effectively and Securely Using the Cloud Computing Paradigm, NIST.
[5] TS Chen, CH Liu, TL Chen, CS Chen, JS Bau(2012), Secure Dynamic access control scheme of PHR in cloud computing, Journal of medical, Springer.
[6] Linda T. Kohn, Janet M. Corrigan, and Molla S. Donaldson(1999),.To Err Is Human: Building a Safer Health System, Institute of Medicine, The National Academies Press.
[7] Bloom(2001), Crossing the Quality Chasm：A New Health System for the 21st Century, Institute of Medicine, The National Academies Press.
[8] C. Safran and H. Goldberg(2000), Electronic Patient Records and the Impact of the Internet, International Journal of Medical Informatics, 60,77-83.
[9] 王南燕(1994)，《電腦化病歷》，資療資訊雜誌，第3期，頁29-33。
[10] 范碧玉(2008)，《病歷資訊管理學》(初版)，台北：合記圖書出版社。
[11] L.L. Dimitropoulos(2007), Privacy and Security Solutions for Interoperable Health Information Exchange: Interim Assessment of Variation Executive Summary , RTI International, 1-2.
[12] P. Ray and J. Wimalasiri(2006), The Need for Technical Solutions for Maintaining the Privacy of HER, Engineering in Medicine and Biology Society, Vol. 1, 4686-4689.
[13] M. Y. Becker and P. Sewell(2004), Cassandra: Flexible Trust Management, Applied to Electronic Health Records, Proceedings of the 17th IEEE workshop on Computer Security Foundations, 139.
[14] J. Jin, G. J. Ahn, H. Hu, M. J. Covington and X. Zhang(2009) Patient-centric Authorization Framework for Sharing Electronic Health Records, Proceedings of the 14th ACM symposium on Access control models and technologies SACMAT 09, 125-134.
[15] Waegemann, C. Peter.(2002) Status Report：Electronic Health Records. Medical Record Institute, unpublished.
[16] 行政院衛生福利部(2005)，《行政院衛生署九十四年度醫療院所病歷電子化現況調查》。
[17] 行政院衛生福利部(2004)，《網路健康服務推動計畫九十四年度計畫》。
[18] James S. Kahn, Veenu Aulakh and Adam Bosworth(2009), What It Takes: Characteristics Of The Ideal Personal Health Record.
[19] Ilias Iakovidis(1998), Towards personal health record: current situation, obstacles and trends in implementation of electronic healthcare record in Europe.
[20] P. C. Tang, J. S. Ash, D. W. Bates, J. M. Overhage, and D. Z. Sands(2006), Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption, Journal of the American Medical Informatics Association, Vol. 13, No. 2, 121 – 126.
[21] WB Lober, B Zierler, A Herbaugh, SE Shinstrom, A Stolyar, EH Kim, and Y Kim(2006), Barriers to the use of a Personal Health Record by an Elderly Population.
[22] W. Stalling(1995), Network and Network Security – Principles and Practice, Prentice Hall International Edition, pp. 1-14.
[23] 黃明祥、林詠章(2014)，《資訊與網路安全概論：看見比特幣》(第五版)。
[24] Delfs, Hans & Knebl, Helmut(2007). Symmetric-key encryption: Introduction to cryptography: principles and applications, Springer.
[25] William Stallings(2010), Operating Systems: Internals and Design Principles, 530.
[26] Mullen. Gary & Mummert. Carl(2007), Finite fields and application,. American Mathematical Society, 112.
[27] Julius Orion Smith III. Lagrange Interpolation, Center for Computer Research in Music and Acoustics (CCRMA), Stanford University.
[28] J. V. Deshpande(1968), On Continuity of a Partial Order, Proceedings of the American Mathematical Society, Vol. 19, No. 2, 383-386.
[29] 紀守程(2014)，《公開金鑰加密法在個人醫療紀錄系統中的應用》，嘉義大學應用數學系研究所碩士論文，未出版。