The solution, according to R. ‘Doc’ Vaidhyanathan, vice president of product management for Arcot Systems in Sunnyvale, is to maintain encryption keys in a central store, than have doctors, pharmacists, and drug companies authenticate themselves to the store in order to reach the keys.
This is at the heart of Signatures and Authentication For Everyone (SAFE)-Biopharma which Arcot is now supporting with its SignFort application, resulting in a Roaming Digital ID.
With Arcot maintaining digital signatures, security on those signatures can keep pace with hackers. The present system uses 140 bit encryption, and can quickly be rolled out to 155 bits and beyond when necessary, said Vaidhyanathan.
"The doctor can then sign from any location they’re used to using, and doesn’t have to worry about carrying the key."
Pharmacists, clinics, hospitals and drug companies can also join the system, he said. This enables ePrescriptions, where patients don't have to carry prescription blanks to the drug store, as well as eRequisitions, which simplifies the ordering of tests or the tracking of drug samples.
Past systems have required large investments in infrastructure, he said, meaning their use was limited to only certain doctors, hospitals, or pharmacy chains. Centralized key management makes implementation cheap, and open to all.
"The key we were pushing toward with SAFE began 3-4 years ago. The challenge became distributing the keys to users, and educating doctors on how to manage them securely," he said.
"Our solution is to hold signing keys on our FIPS-140-2 device, then have you authenticate to that device. The doctor can then sign from any location they’re used to using, and doesn’t have to worry about carrying the key using any method they currently use, because they’re authenticating to the signing server rather than entering the key."
This is not all proprietary to Arcot. SAFE has several vendor partners, including Adobe, IBM, and CyberTrust. Microsoft joined the group in February.
An open technology platform, which anyone can join cheaply, is the only way to prevent hospitals, pharmacies, insurers or drug companies from taking proprietary advantage of the resulting system. But whether even this group is powerful enough to push through toward universal implementation remains up in the air.