Using a WWW-based Mail User Agent for Secure Electronic Mail Service for Health Care Users

T. Kiuchi; K. Ohe; S. Kaihara

doi:10.1055/s-0038-1634539

Methods of Information in Medicine, Table of Contents

Methods Inf Med 1998; 37(03): 247-253
DOI: 10.1055/s-0038-1634539

Original Article

Schattauer GmbH

Using a WWW-based Mail User Agent for Secure Electronic Mail Service for Health Care Users

T. Kiuchi

¹University Medical Information Network Center

²Hospital Computer Center,the University of Tokyo Hospital, Tokyo, Japan

,

K. Ohe

²Hospital Computer Center,the University of Tokyo Hospital, Tokyo, Japan

,

S. Kaihara

²Hospital Computer Center,the University of Tokyo Hospital, Tokyo, Japan

³Current affiliation: Director, National Ookura Hospital, Tokyo, Japan

› Author Affiliations

Abstract

WWW-based user interface is presented for secure electronic mail service for healthcare users. Using this method, communications between an electronic mail (WWW) server and users (WWW browsers) can be performed securely using Secure Socket Layer protocol-based Hypertext Transfer Protocol (SSL-HTIP). The mail can be encrypted, signed, and sent to the recipients and vice versa on the remote WWW server. The merit of this method is that many healthcare users can use a secure electronic mail system easily and immediately, because SSL-compatible WWW browsers are widely used and this system can be made available simply by installing a WWW-based mail user agent on a mail server. We implemented a WWWbased mail user agent which is compatible with PEM-based secure mail and made it available to about 16,000 healthcare users. We believe this approach is effective in facilitating secure network-based information exchange among medical professionals.

Keywords

World Wide Web - Electronic Mail - Security

Full Text

References

REFERENCES
1 Pallen M. Electronic mail. BMJ 1995; 311: 1487-90.
2 Schneider B. E-Mail Security. John Wiley & Sons; 1995
3 Linn J. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. RFC 1421; 1993.
4 Kent S. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. RFC 1422; 1993.
5 Balenson D. Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers. RFC 1423; 1993.
6 Kaliski B. Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services. RFC 1424; 1993.
7 Garfinkei S. Pretty Good Privacy. O'Reilly & Associates; 1994
8 Fielding J, Gettys J, Mogul H, Frystyk T. Berners-Lee Hypertext Transfer Protocol – HTTP/1.1. RFC 2068. 1997.
9 Netscape Communications Corporation. SSL protocol. 1997 ( http://home.netscape.com/newsref/std/SSL.html ).
10 Netscape Communications Corporation. Homepage of Netscape Communications Corporation. 1997 ( http://home.netscape.com /).
11 Microsoft Corporation. Homepage of Microsoft Corporation. 1997 ( http://www.microsoft.com/ ).
12 Oracle Corporation. Homepage of Oracle Corporation. 1997 ( http://www.oracle.com/ ).
13 Fujitsu Laboratory Inc. FJ-PEM 1.2 (software with English documentation). 1995 ( http://ftp.fujitsu.co.jp/pub/security/fjpem/ ).
14 Initiative for Computer Authentication Technology (ICAT). English Homepage of ICAT. 1997 ( http://www.icat.or.jp/English /)
15 Kiuchi T, Sakurai T, Ohe K, Ohashi Y, Kaihara S. University Medical Information Network – Past, Present, and Future. (in press).
16 Gundavaram S. CGI Programming on the World Wide Web. O'Reilly & Associates; 1996