Concept
The architecture is depicted in Figure 1. The concept is based on document servers, which mediate information between service providers and customers over the Internet. In addition to secure connections using the SSL protocol the personal content is separately end-to-end encrypted along the whole path between the sender and the receiver. The solution supports provision of information in structured and standardised form such as the HL7 CDA, which is used for systems integration in health care. Several user authentication methods are possible. Currently authentication is based on either mobile phones or bank passwords. Smart card authentication and electronic signature solution are under development.
The document servers are operated by the service provider or they can be outsourced to trusted third parties such as banks or IT service providers. Currently a document server for testing purposes is operated by VTT.
The PIR concept does not try to replace the www and e-mail services. It provides an alternative solution to transmit information with high security demands. The concept is especially applicable in cases where regular transmission between the parties is needed. Additionally the concept supports structured and semantic information to be sent, which enables automatic processing of the received documents - for example producing summary reports and graphics. Some examples of document types relevant for PIR are:
- financial and stock information
- invoices
- health care documents
- taxation documents
- insurance documents
- consumer information (e.g. energy usage reports)
- car maintenance documents
