Medical data IoT communication protocol?
We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the
EU Regulation on the protection of personal data
The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.
Is there a particular communications protocol we should be considering?
communication protocols
asked yesterday
SeanJSeanJ
744316
add a comment |
We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the
EU Regulation on the protection of personal data
The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.
Is there a particular communications protocol we should be considering?
communication protocols
asked yesterday
SeanJSeanJ
744316
add a comment |
We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the
EU Regulation on the protection of personal data
The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.
Is there a particular communications protocol we should be considering?
communication protocols
asked yesterday
SeanJSeanJ
744316
We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the
EU Regulation on the protection of personal data
The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.
Is there a particular communications protocol we should be considering?
communication protocols
communication protocols
asked yesterday
SeanJSeanJ
744316
asked yesterday
SeanJSeanJ
744316
asked yesterday
SeanJSeanJ
744316
asked yesterday
SeanJSeanJ
744316
asked yesterday
SeanJSeanJ
744316
744316
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).
One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.
You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.
This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.
In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.
answered yesterday
oh.dae.suoh.dae.su
16114
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "666"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fiot.stackexchange.com%2fquestions%2f3852%2fmedical-data-iot-communication-protocol%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).
One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.
You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.
This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.
In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.
answered yesterday
oh.dae.suoh.dae.su
16114
add a comment |
I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).
One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.
You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.
This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.
In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.
answered yesterday
oh.dae.suoh.dae.su
16114
add a comment |
I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).
One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.
You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.
This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.
In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.
answered yesterday
oh.dae.suoh.dae.su
16114
I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).
One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.
You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.
This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.
In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.
answered yesterday
oh.dae.suoh.dae.su
16114
answered yesterday
oh.dae.suoh.dae.su
16114
answered yesterday
oh.dae.suoh.dae.su
16114
answered yesterday
oh.dae.suoh.dae.su
16114
16114
add a comment |
add a comment |
Thanks for contributing an answer to Internet of Things Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fiot.stackexchange.com%2fquestions%2f3852%2fmedical-data-iot-communication-protocol%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
