A System for Real Time Data Encryption
The present invention relates to a system for the recording and real time encryption of multiple data streams before storing the data streams on a storage facility.
It is apparent that patient safety and the monitoring of clinical competence are of ever increasing importance. The impact of clinical negligence, in an extremely litigious environment, is becoming increasingly burdensome to the medical profession and the healthcare industry as a whole.
The presence of professional chaperones during potentially intimate examinations is common practice in most hospitals. Chaperones or nurses seconded from their normal duties are present during patient examinations specifically to protect both the patient and the practitioner from the risk of spurious charges.
There are many environments outside of the hospital including GP consulting rooms, osteopath or physiotherapist rooms, dental surgeries and alternative healthcare surgeries where a one-to-one interface in potentially intimate situations exposes the healthcare profession to risk.
It is desirable to have a fully integrated, real time visual and audio recording, data collection and retrieval system that offers the medical professions and healthcare industry the benefit of monitoring a procedure. A data recording system provides essential backup that will reduce the number of spurious claims, potentially reduce medical defence premiums and create an environment within
which the healthcare profession and the patient will feel comfortable and protected.
In order to protect the identity of the subjects within the recorded procedure and maximise the security of sensitive data it is advantageous to encrypt all data before storing.
PCT/GBOl/03801 describes a data recording system in which multiple data streams are stored centrally on a data storage device. The system monitors the execution of a procedure within a predetermined environment using multiple recording devices including cameras and microphones. The data streams are synchronised and stored. The procedure may be reviewed by downloading the data from the storage device.
Embodiments of the present invention provides a self contained data recorder capable of monitoring a procedure using multiple data streams in which the data streams are encrypted before being stored directly to DVD. Storing the data directly to DVD negates the need for large processors or hard disc space. Encryption is typically executed using a key system to maximise confidentially. The encrypted data streams may be accessed from the storage facility using decoding keys in order to review the monitored procedure.
The invention is defined in its various aspects in the appended claims to which reference should now be made.
Embodiments of the present invention will now be described with reference to the accompanying drawings in which;
Figure 1 is a block diagram showing the path of multiple data streams within an embodiment of the present invention;
Figure 2 shows the hardware included in an embodiment of the invention;
Figure 3 shows the data flow within an embodiment of the present invention;
Figure 4 is a block diagram of an embodiment of the present invention including data connections;
Figure 5 is block diagram of an embodiment of the present invention including data connections .
Figure 1 shows a consulting or examination room 10 which is monitored by audio recording equipment 12 and video recording equipment 14.
Multiple digital video signals 16 are recorded from multiple video cameras 12 positioned around the monitored area. Multiple video signals are helpful in giving different views of the environment but in some applications only one video signal may be required. Sometimes the video signals are not recorded at all.
Audio ambient and directional signals 18 are recorded by one or more audio receivers 14 positioned around the monitored area 10. These signals may be recorded by static microphones or microphones attached to subjects within the consulting or examination room 10. Sometimes the audio signals are not recorded at all.
Further embodiments of the invention include sensors to record other types of information including movement or the output from equipment used during the procedure.
This further information increases the detail available during a review of the procedure.
The audio and video signals are processed and compressed at 20 and 22 respectively. The compressed signals are then encrypted at 24 and 26. Encryption is typically executed using private and / or public key systems. The encrypted signals are then transferred and stored at an integral DVD recorder 28. It is also possible to replace the DVD recorder using any suitable data storage medium. It is also possible to simultaneously store the data on multiple storage facilities.
The data stored at 28 may be downloaded and stored onto further storage devices 30 or onto the internet 32.
The data may only be accessed and reviewed through use of decryption codes at 34. Access is only be available to those data streams to which the user has the decryption codes . The encryption programme ensures that review of the recording is only undertaken with the consent of the clinician and the patient. An independent, third party regulatory body may hold the final key to the data and provide the access protocols.
After review the data may be re-encrypted and re-stored at 36.
Figure 2 shows the hardware layout for a real time compression and encryption system used in an embodiment of the present invention. The system includes a PCI plug in board 40 with a single chip encryption processor. The encryption card 42 is linked to an IDE 44. The IDE 44 is then linked to a PCI bus 40 which is connected to the host PC 46.
Figure 3 shows the software dataflow within an embodiment of the present invention. The data from the preocedure is forwarded from an integrated drive electronics (IDE) 50 to the encryption driver 52 where the data is encrypted. The encryption driver has a dedicated processor which facilitates real-time encryption of high bandwidth data channels such as streaming media including video and audio. The system utilises one time only hardware and driver installation which makes all software application security enabled.
The embodiment of figure 3 emulates a virtual disk for the windows operating system. Any data written to the virtual disk is encrypted in real time and stored to an integrated storage media 54 for example floppy disk, hard disk, CDR or DVD-R. The system uses public key technology 56 and private key technology 58 and allows the user to exchange data with other parties. No decrypted data is stored on any physical media in order to provide added system level protection.
Once stored on the storage device 54 data streams can only be decrypted using public keys 56 or private keys 58. The user can also exchange data with other parties. If a user does not have the required key to access a particular data stream, that data stream will not be decrypted and will be unreadable to the user. The system is easy to set up and once installed it enables multiple software applications 60 with disk access to have a secure route of storing security sensitive data. The system is fully network compatible and can turn a share network drive fully secure. The system is also fully compatible with the Internet and can also be used for secure transmission of data through the Internet.
Figure 4 is a block diagram an embodiment of the present invention. Figure 4 includes the hardware included in
the system and shows the power connections between each component .
The system is powered by an ATX power supply 72 which is powered by the mains at 70. The ATX power supply has multiple power outputs including a 12 V output, 5 V output 74 and an ATX output 76.
The ATX output is used to power a single board computer 78 at the ATX input 80. The ON/OFF state of the single board computer is determined by the state of the ON/OFF switch 82 which is connected to the ATX CTRL at 84. A CPU fan 100 and ventilation fan 102 are powered through the single board computer.
The remaining hardware components in this embodiment are powered by the 12 V, 5 V output from the ATX power supply. The system includes a controller 86, an inverter 88, a TFT LCD display 90, a DVD RAM drive 92, a hard disk drive 94, a camera 96 and a video connector 98 all of which are powered by the 12 V / 5 V output 74 of the ATX power supply 72.
Figure 5 shows the data connections within an embodiment of the present invention. The information is first recorded by the camera 96. The data streams from the camera are forwarded to the video connector 98. The data streams are then forwarded to the MPEG2 card 100 where they are converted into digital signals. The MPEG2 card is connected to a peripheral component interconnect (PCI) 102 on the single board computer 78. A second PCI 104 within the single board computer 78 transfers the digital data streams to an encryption card 106. Further embodiments of the invention may include facilities to record other types of information. The corresponding data streams can also be connected to the encryption card at 106. The digital signals are encrypted at 106 and
forwarded to the real time data compression and encryption unit 108. The encrypted' data stored within the data compression and encryption unit 108 may be downloaded onto a further storage facility. The embodiment of figure 5 includes a DVD RAM drive 92 and a hard disk drive 94 onto which the encrypted data can be downloaded from the data compression and encryption unit 108.
The DVD RAM drive 92 and hard disk drive 94 are connected to the single board computer 78 via integrated drive electronics (IDE) at 112 and 110 respectively. These connections facilitate downloading of the data for review from the DVD RAM drive 92 and hard disk drive 94. The data may be accessed using a touch screen 114 which is connected to the controller 86. The controller 86 is connected to the single board computer 78 using an RS232 connection 116. The accessed data is displayed on the TFT LDC display 90 via the TTL connection 118.
It is clear from the above description that embodiments of the present invention provide a means for comprehensively monitoring a particular environment . Multiple data streams are recorded, encrypted in real time and stored on a data storage facility. No data is stored which is not encrypted in order to maximise the security of sensitive data. The data streams can only be decoded using the associated private or public keys.
It is understood that the methods employed by this invention extend beyond medical practice and facilitate a means for monitoring a variety of environments . When monitoring a preferred environment, sensors and data streams suitable for use in that environment should be employed.