{"title":"在台湾的NHI VPN框架上,具有成本效益的附加价值卡辅助防火墙。","authors":"Jyh-Win Huang, Ting-Wei Hou","doi":"10.1080/14639230601135497","DOIUrl":null,"url":null,"abstract":"<p><p>Besides the overall budget for building the infrastructure of a healthcare-service-based virtual private network (VPN) in Taiwan, two issues were considered critical for its acceptance by the country's 17,000 plus medical institutions. One was who was to pay for the network (ADSL or modem) connection fee; the other was who was to pay for the firewall/anti-virus software. This paper addresses the second issue by proposing an efficient freeware firewall, named card-assisted firewall (CAF), for NHI VPN edge-hosts, which is also an add-on-value application of the National Healthcare IC card that every insurant and medical professional has. The innovative concept is that any NHI VPN site (edge-host) can establish diversified secure-authenticated connections with other sites only by an authentication mechanism, which requires a NHI Java card state machine and the Access Control List of the host. It is different from two-factor authentication cards in four ways: (1) a PIN code is not a must; (2) it requires authentication with the remote IC card Data Centre; (3) the NHI cards are already available, no modification is needed, and there is no further cost for the deployment of the cards; (4) although the cards are in the reader, the communication cannot start unless the cards are in the corresponding states; i.e. the states allow communication. An implementation, on a Microsoft Windows XP platform, demonstrated the system's feasibility over an emulation of the NHI VPN framework. It maintained a high line speed, the driver took up 39 KB of disk space, installation was simple, not requiring any extra hardware or software, and the average packet processing time of the CAF driver measured was 0.3084 ms. The average overhead in comparing the Access Control List predefined routing in card, in an FTP testing experiment, was 5.7 micros (receiving) and 8 micros (sending).</p>","PeriodicalId":80069,"journal":{"name":"Medical informatics and the Internet in medicine","volume":"32 2","pages":"103-16"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/14639230601135497","citationCount":"2","resultStr":"{\"title\":\"A cost-effective add-on-value card-assisted firewall over Taiwan's NHI VPN framework.\",\"authors\":\"Jyh-Win Huang, Ting-Wei Hou\",\"doi\":\"10.1080/14639230601135497\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Besides the overall budget for building the infrastructure of a healthcare-service-based virtual private network (VPN) in Taiwan, two issues were considered critical for its acceptance by the country's 17,000 plus medical institutions. One was who was to pay for the network (ADSL or modem) connection fee; the other was who was to pay for the firewall/anti-virus software. This paper addresses the second issue by proposing an efficient freeware firewall, named card-assisted firewall (CAF), for NHI VPN edge-hosts, which is also an add-on-value application of the National Healthcare IC card that every insurant and medical professional has. The innovative concept is that any NHI VPN site (edge-host) can establish diversified secure-authenticated connections with other sites only by an authentication mechanism, which requires a NHI Java card state machine and the Access Control List of the host. It is different from two-factor authentication cards in four ways: (1) a PIN code is not a must; (2) it requires authentication with the remote IC card Data Centre; (3) the NHI cards are already available, no modification is needed, and there is no further cost for the deployment of the cards; (4) although the cards are in the reader, the communication cannot start unless the cards are in the corresponding states; i.e. the states allow communication. An implementation, on a Microsoft Windows XP platform, demonstrated the system's feasibility over an emulation of the NHI VPN framework. It maintained a high line speed, the driver took up 39 KB of disk space, installation was simple, not requiring any extra hardware or software, and the average packet processing time of the CAF driver measured was 0.3084 ms. The average overhead in comparing the Access Control List predefined routing in card, in an FTP testing experiment, was 5.7 micros (receiving) and 8 micros (sending).</p>\",\"PeriodicalId\":80069,\"journal\":{\"name\":\"Medical informatics and the Internet in medicine\",\"volume\":\"32 2\",\"pages\":\"103-16\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1080/14639230601135497\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Medical informatics and the Internet in medicine\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/14639230601135497\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Medical informatics and the Internet in medicine","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/14639230601135497","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
除了在台湾建设基于医疗服务的虚拟专用网(VPN)基础设施的总体预算外,还有两个问题被认为是该国17,000多家医疗机构接受的关键问题。一个是谁来支付网络(ADSL或调制解调器)连接费用;另一个问题是谁来支付防火墙/杀毒软件的费用。本文通过为NHI VPN边缘主机提出一种高效的免费软件防火墙(称为卡辅助防火墙(CAF))来解决第二个问题,这也是每个投保人和医疗专业人员都拥有的国家医疗保健IC卡的附加价值应用。其创新理念是,任何一个NHI VPN站点(边缘主机)只需要一个认证机制,就可以与其他站点建立多种安全认证的连接,这种连接需要一个NHI Java卡状态机和主机的访问控制列表。它与双因素认证卡的不同之处在于四个方面:(1)PIN码不是必须的;(2)需要用远程IC卡认证的数据中心;(3)全民健康保险卡已经可用,不需要修改,也不需要部署卡的额外费用;(4)虽然卡在读写器中,但只有卡处于相应状态才能开始通信;也就是说,各州允许通信。在Microsoft Windows XP平台上,通过仿真NHI VPN框架,验证了该系统的可行性。它保持了较高的线路速度,驱动程序占用了39 KB的磁盘空间,安装简单,不需要任何额外的硬件或软件,并且测量的CAF驱动程序的平均数据包处理时间为0.3084 ms。在FTP测试实验中,比较Access Control List预定义路由的平均开销为5.7微米(接收)和8微米(发送)。
A cost-effective add-on-value card-assisted firewall over Taiwan's NHI VPN framework.
Besides the overall budget for building the infrastructure of a healthcare-service-based virtual private network (VPN) in Taiwan, two issues were considered critical for its acceptance by the country's 17,000 plus medical institutions. One was who was to pay for the network (ADSL or modem) connection fee; the other was who was to pay for the firewall/anti-virus software. This paper addresses the second issue by proposing an efficient freeware firewall, named card-assisted firewall (CAF), for NHI VPN edge-hosts, which is also an add-on-value application of the National Healthcare IC card that every insurant and medical professional has. The innovative concept is that any NHI VPN site (edge-host) can establish diversified secure-authenticated connections with other sites only by an authentication mechanism, which requires a NHI Java card state machine and the Access Control List of the host. It is different from two-factor authentication cards in four ways: (1) a PIN code is not a must; (2) it requires authentication with the remote IC card Data Centre; (3) the NHI cards are already available, no modification is needed, and there is no further cost for the deployment of the cards; (4) although the cards are in the reader, the communication cannot start unless the cards are in the corresponding states; i.e. the states allow communication. An implementation, on a Microsoft Windows XP platform, demonstrated the system's feasibility over an emulation of the NHI VPN framework. It maintained a high line speed, the driver took up 39 KB of disk space, installation was simple, not requiring any extra hardware or software, and the average packet processing time of the CAF driver measured was 0.3084 ms. The average overhead in comparing the Access Control List predefined routing in card, in an FTP testing experiment, was 5.7 micros (receiving) and 8 micros (sending).