A new method for constructing dynamic VPN cooperating with OpenFlow control technology and healthcare PKI

In dealing with medical information of patients through the network, high-level security is required. In Japan, the Ministry of Health, Labor and Welfare has issued the Security Guidelines for Health Information Systems which stipulates that proper measures should be taken for the network to preserve the patient data. The guideline also state that the management of the network must clarify demarcation of responsibility between network service providers including user. To keep the security regulation in communicating with external organizations, many medical institutions use several managed-VPN service lines separately according to the usages. It is because to avoid the risk of forming a virtual detour which can be used to leak the patient data. This makes the hospital bear the cost and inconvenience. To solve this problem, we propose a new secure network implementation method using single-line VPN network service for small-scale medical institution by arranging OpenFlow control technology with Healthcare PKI. The network works over a dynamic on-demand VPN with control based on the user certification responding their qualification, such as a medical doctor, written in the HPKI digital certificates. We developed a simple network system adopting our new method, and confirmed the validity and the effectiveness of our idea through the experiment.