Clovertech

field encryption

Clovertech Forums Read Only Archives Cloverleaf Cloverleaf field encryption

  • Creator
    Topic
  • March 19, 2007 at 7:36 pm #49147
    Gene Salay
    Participant

      For a state disease surveillance interface, we are request to de-identify the patients, but provide an encrypted mrun that could be decrypted by the hospital if need be.

      Can anyone suggest an algorithm?   The original mrun is 6 digits; no field length is specified for the encrypted version.

      Thanks,

      Gene

    • Creator
      Topic
    Viewing 3 reply threads
    • Author
      Replies
      • March 20, 2007 at 11:27 am #60891
        Dennis Pfeifer
        Participant

          A simple one that I like is to xor each character with 0x7F or 127 decimal.

          visually people can not determine the encoding, but it’s farily easy to decode, and should the knowledge of the ‘method’ become lost, most deciphering system will be able to identify it …

          this is not DOD coding, but is very simple and easy to maintain.

          An alternative, is to use something totally unrelated to the MRN, but traceable to the patient .. e.g. visit number ..

          Dennis

        • March 20, 2007 at 1:26 pm #60892
          David Barr
          Participant

            If you’re going to bother encrypting the data, you might as well use a good encryption method.  There are some good encryption routines in Tcllib, which is now shippped with Cloverleaf.  It is easy to install it in Cloverleaf if you’re running an older version.

            Here are the encryption algorithms that are available:

            http://tcllib.sourceforge.net/doc/index.html#DIVid81a2338

            I’d probably use Blowfish.  It is very secure, and there is a simple example provided in the documentation.

            Here’s my own example:

            Code:

            package require blowfish
            package require base64
            set encrypted [base64::encode [blowfish::blowfish -mode ecb -dir
             encrypt -key secret01 “hello, world!”]]
            echo encrypted = $encrypted
            set decrypted [blowfish::blowfish -mode ecb -dir decrypt -key
             secret01 [base64::decode $encrypted]]
            echo decrypted = $decrypted

          • March 20, 2007 at 5:18 pm #60893
            Jared Parish
            Participant

              I just recently went through this with our disease surveillance interface.  When I was first contacted about this they used the word

              - Jared Parish

            • August 2, 2011 at 5:46 pm #60894
              Jim Kosloskey
              Participant

                Note if you are on Cloverleaf 5.6 (and probably earlier) you need to pad the data to be encrypted to a multiple of 8 characters.

                There are multiple techniques for padding one of which is simply using spaces. Some others involve using null (binary zeros) which might be an issue if the message is decrypted an not unpadded then moved through Cloverleaf as Cloverleaf has an issue with messages which contain binary zeros.

                If I remember correctly the message truncates at the first instance of binary zeros.

                The reason you need to pad is because the Tcllib distributed with Cloverleaf at 5.6 and below is not the most current so the doc you see on the web for the Tcllib modules will not match exactly what you have. Thus encryption will occur seemingly without issue but the decryption will not return exactly the same result as the data to be encrypted.

                email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

            • Author
              Replies
            Viewing 3 reply threads
            • The forum ‘Cloverleaf’ is closed to new topics and replies.