Personalised healthcare made cyber secure

In Japan, NICT (National Institute of Information and Communications Technology) and partners have demonstrated a technology for greatly enhanced security of personalised healthcare data. The system is the first in the world able to store genome data from many individuals in multiple locations and used for medical treatment and healthcare via a quantum key distribution (QKD) link, a secret sharing system and personal authentication technology.

Data decryption and reconstruction are performed by using personal authentication and individual consent. The system prevents so-called “store now and decrypt later” attacks in which an intruder would steal data in an encrypted form in the hope of being able to decrypt it later. Also, the system prevents data leaks, falsification, and loss of genome data. The system is expected to contribute to the realisation and spread of personalised healthcare.

Individual consent is always required

Advances in genome data analysis are opening the way to personalised healthcare that combines an individuals’ genetic information with environmental factors, particularly lifestyle patterns, and then calculates risk of disease, and advises on optimal preventive measures. However, personalised healthcare requires strict security in transmission, storage, and utilisation of personal health data.

In Japan, for example, genome data is recognised as a personal identification code that must be treated and protected under the Amended Act on the Protection of Personal Information. Thus, personalised healthcare must be supported by a framework that can accommodate genome data analysis technology, plus secure data transmission and storage of genome data associated with individual IDs, and data decryption, reconstruction and use can be done only with individual consent.

Built on quantum mechanics

In July 2021, Toshiba, ToMMo (Tohoku University Tohoku Medical Megabank Organization), Tohoku University Hospital, and NICT demonstrated the world’s first experimental backup of large-scale genome analysis data to multiple sites, and their successful reconstruction. This was achieved by combining the QKD link, which is grounded in quantum mechanics and makes encrypted communications secure against any attempt at wiretapping or decoding using a secret sharing system, which creates secure data storage by converting original data into multiple distributed fragments (shares) that look like random numbers.

However, this backup method focused on bulk transmission and the storage of large-volume data. Managing individual genome data for many people is much more difficult. In addition, the functions of the QKD and secret sharing systems were implemented and carried out independently.

The next step was clear: to develop a technology for the efficient operation of large-scale systems. The four partners have now done this by developing an integrated key management and share control system. This work was partly supported by Council for Science, Technology and Innovation (CSTI), Cross-ministerial Strategic Innovation Promotion Program (SIP), “Photonics and Quantum Technology for Society 5.0” (Funding agency: QST).

Enables reconstruction if data is lost

The integrated platform provides unified management and operation of quantum cryptography, secret sharing, and personal authentication. It integrates functions for generating cryptographic keys and random numbers, which are used in large numbers in quantum cryptography and secret sharing and achieves unified operation of data transmission and storage. As it provides cryptographic keys and random numbers in the same format, and they can be used interchangeably, it results in the highly efficient operation of a large-scale system.

In summary, the four parties have established a personalised healthcare system. Authentication of individuals and personal genome data sharing and reconstruction is based on an individual ID card. Genome analysis data cannot be reconstructed at medical centres without the cardholder’s consent, preventing information leakage.

Demonstrations at ToMMo and Tohoku University Hospital have confirmed the feasibility of the system. Further, the system will even be able to reconstruct data from shares stored at other sites if data is lost at one site.

The text is inspired by the article “Toshiba, ToMMo, Tohoku University Hospital, and NICT link quantum security and personal authentication, successfully deliver secure personalized healthcare use case” at the NICT website.