Medical data IoT communication protocol?












3















We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the




EU Regulation on the protection of personal data




The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.



Is there a particular communications protocol we should be considering?










share|improve this question



























    3















    We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the




    EU Regulation on the protection of personal data




    The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.



    Is there a particular communications protocol we should be considering?










    share|improve this question

























      3












      3








      3








      We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the




      EU Regulation on the protection of personal data




      The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.



      Is there a particular communications protocol we should be considering?










      share|improve this question














      We are considering connecting a medical device into a hospital patient system we are developing. We are based in the EU and must adhere to the




      EU Regulation on the protection of personal data




      The most important things for us, is that the data we receive is correct data integrity and that it cannot be viewed data security.



      Is there a particular communications protocol we should be considering?







      communication protocols






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      SeanJSeanJ

      744316




      744316






















          1 Answer
          1






          active

          oldest

          votes


















          2














          I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).



          One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.



          You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.

          This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.

          In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "666"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fiot.stackexchange.com%2fquestions%2f3852%2fmedical-data-iot-communication-protocol%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).



            One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.



            You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.

            This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.

            In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.






            share|improve this answer




























              2














              I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).



              One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.



              You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.

              This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.

              In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.






              share|improve this answer


























                2












                2








                2







                I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).



                One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.



                You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.

                This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.

                In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.






                share|improve this answer













                I do not think the whole topic of complying with the GDPR legislation in Europe can be addressed in a single SE question. Therefore, I will simply stick to the question, which communication protocol will provide data integrity and data confidentiality (or data security as you have called it).



                One well established state-of-the-art way to go would be to use TLS (transport layer security) on top of TCP/IP. Then you have addressed the topics of data integrity and data confidentiality and you need not worry about the application layer protocol used on top of TCP/IP + TLS.



                You need to take care that the node receiving the critical information is authenticated in the TLS handshake, when establishing a TLS connection.

                This means, if the medical device sends the security critical information to the hospital management system, the hospital management system needs to be authenticated via public key cryptography, just like a webserver needs to authenticate itself in https to a browser.

                In case security critical information is sent in both directions, you will have to go with mutual authentication in the TLS handshake.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered yesterday









                oh.dae.suoh.dae.su

                16114




                16114






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Internet of Things Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fiot.stackexchange.com%2fquestions%2f3852%2fmedical-data-iot-communication-protocol%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                    Alcedinidae

                    Origin of the phrase “under your belt”?