On Tue, 28 Feb 2006 22:25, Andrew McIntyre wrote: > For medico-legal purposes signing all incoming documents with a > location key would make them fairly secure against tampering and > provide absolute integrity checking, this is something we can do. If > you do that with scanned documents and follow the other storage > requirements then its a legally valid document as per the HIC > guidelines.
Doubt it very much. Firstly, signing an incoming document with your location key proves absolutely *nothing* - since you can set your own computer's date at will and sign whatever you want whenever you want it. And whether you store your document on DVDs on the moon or on a harddisk in your waiting room again changes - zilch. The only possible way of proving document content and integrity as per a certain date is per *external* certification - anything that gets stored by a third party outside of your reach What I proposed several years ago (the gnotary system) was a peer to peer based solution: in intervals every users determines himself, the system generates hashes of files he wants to certify, and transfers these hashes to other systems where he cannot access them. As "payment", he receives and stores hashes from other systems. Advantages: 1.) costs nothing (other than a tiny bit of bandwidth and some digital storage space 2.) The further the hashes get replicated, the less likely anybody could ever modify them all regardless of effort 3.) reliability through redundancy - if your hashes get transferred to hundreds of systems it is most unlikely all of them will have failed by the time you need the proof 4.) Full control of the owner of the data what gets certified when 5.) No patient related information ever leaves the system - no privacy issues Alas, nobody here seemed to understand why they would want such thing and participation was near zero (3 or 4 GPs participated for some time in Oz, but it has taken off in Germany and Holland and is rather widely used there now) Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
