This document discusses smart card applications in telemedicine. It proposes storing encrypted medical information like patient records, images, and test results on smart cards. This would allow portable storage and retrieval of data on any computer. The technology for this has been developed indigenously and could have applications beyond healthcare like secure e-commerce. It reviews an existing medical data compression and transmission protocol called ANAHITA. Smart cards provide secure authentication, user identification, and transaction records. Medical data from various sources can be compressed and stored on smart cards for easy sharing while maintaining security.

1. COMPUTERS IN HEALTH-CARE INFORMATICS – Smart Card Applications in
Telemedicine
by
Dr. A. Mukherji
Emeritus Professor, Dept. of Electrical Engineering, Academy of Technology
Synopsis
Much has been written and discussed in this country about the effect of Telemedicine in Health-Care Delivery, especially
over the last two years, and many protocols and projects identified in the process. In the meanwhile, there has been a
paradigm shift, with Medical Diagnoses being more and more outsourced from Western countries to India rather than the
other way around. The wheel of Medical Informatics, it seems, has turned a full circle-and the remorseless process of
BPO apparently is affecting this area also. It is in this context, we are proposing the introduction of a new technology,
which could be the next step in Telemedicine: smart-card based storage of medical information – and data – in a
condensed and encrypted form, but retrievable any personal computer. Thus, the need for specialized systems could
disappear leading to an open system, ideally suited for easy encoding, analysis, storage, transmission and retrieval. The
significance of this project is that both the hardware and the software have been developed indigenously, and thus could
have wider ramifications than Medical Informatics alone(e.g. personal data encryption, secure e-commerce, universal
identification/medical card, etc.). In another sense, it is a firmware carry-over of the A.N.A.H.I.T.A. protocol presented in
an earlier conference, and could form the foundation for a new Indian standard in this field.
1. Introduction
Some years have passed since the first Conference on Telemedicine was held in Sikkim, as part of the ICMR-
WHO Workshop on Accessing information in Medicine, in which the author had presented a glimpse of a
standardization system we were working on at that time, under the generic name of the “A.N.A.H.I.T.A.”
protocol (Acquisition & Networking Algorithms for Health Information Transmission & Archiving). This had
to do with acquisition and pre-processing of medical text, data, images and waveforms, followed by near loss-
less compression for transmission and reception on the Internet. Since then, many developments technologically
have taken place the world over, with increasing emphasis being placed on (i) storage and correlating multi-
modal data in hospital computers in a secure manner for physicians and administrators,(ii) interfacing medical
equipment directly with the Internet, for data-transmission and fault-finding, and (iii) compressing and
encrypting medical data, with the principle aim of storing on universally readable smart-cards. Shorn of
technical jargon, the present paper addresses the third problem, taking into account the importance being
attached by the Government and the Medical profession alike, in making available unique smart-cards available
to all citizens in the future for multivariate information to be stored and retrieved in a secure and efficient
manner. The technology for this has already arrived on the scene in commercial fields : it is now to be seen how
it could be harnessed in the field of medical informatics for health-care delivery.
2. Review of the ANAHITA Protocol
ACQUISITION & NETWORKING ALGORITHMS for HEALTH-CARE INFORMATION
TRANSFERRENCE & ARCHIVING
The project is a culmination of multi-modal Health Care Information and Analysis Modules.
The Object is to have an integrated, secured and web-based transmission of patient data system which could be
communicated for expert opinion, life-saving decision making, and collaborative health research, in near real-
time, and with minimum storage/software overheads.
The integrated modules will allow hospitals/ health care units to have patient’s clinical information on
electronic records, which will be efficiently compressed, securely managed, and easily accessible to authorized
users, who can store it securely in their own VPNs (Virtual Private Networks).

2. -2-
The software so designed is to be Hardware and Operating System “independent”, which makes Java the
obvious choice of an universal platform.
A. This integrated module currently developed consists of the following:
• Patient’s Personal Information
• Patient’s Medical History
• Patient’s Pathological Record
• Patient’s Medical Images ( X - Ray, CT-Scan, Ultra Sound, MRI) etc.
• Patient’s ECG up to 12 Leads
B. The Software system will also provide the following analysis capabilities:
• Medical Image Analysis for better detection of the abnormalities.
• ECG Arrhythmia Analysis to detect abnormalities of the heart’s functioning
• Data-acquisition system modalities, from medical equipment
C. Filtering and enhancement of the raw Medical Data:
• Images to be enhanced for better visualization from the Radiologists’ console (incl. colouring)
• ECG signal filtering to reduce errors in the wave form; to add in future ECG analyses algorithms
D. Single module and Loss- Less Compression of the Entire Data Files:
• A proprietary, secured and compressed file will include the entire data
Overall Status of the Research:
The project is currently at a very advanced stage. All of the above except for the ECG analysis is successfully
implemented, and can be demonstrated as required.
The compression algorithm is already completed for all except for Medical
Images. So far we have been able to compress the data to a remarkable 86%.
The software development work for the same on Medical images is in progress.
A web-centric front end of some of the results are provided for reference;
compressed data files demonstrating loss-less compression may be provided when required.
While the basic research work has been successfully completed till date, implementation of data-
acquisition, presentation & packaging is in progress, including incorporation into indigenously developed
smart-card read/write facilities , described in Section 3 & 4 below.
This is being set to parallel testing on different hardware, and operating systems. Testing was performed on
Linux, and Windows Operating systems with diverse Web browsers on Unix Workstations, PCs and a portable
notebook computer.
Leads I, II, and III of ECG data has been compressed to :
Test1.crf [3.2 KB] , which is the multi-modal Patient Data File with a proprietary extension “.crf” which means
Clinical Record File”

3. The Web- centric front end was designed keeping in mind a Net -communicable stand-alone version, as well as
extensible full-fledged enterprise version. This is currently being integrated and packaged with the back-end. A
sample “snapshot” of 12-lead ECG from a Holter recording is shown below in Figure-1; the actual memory
occupied is 81KB. Similarly, the CT-scan of the bony tissue shown in Figure -2 occupies 148 KB of memory,
and would normally require image compression.
-3-
FIGURE-1 A DIGITIZED 12-LEAD ECG RECORDING
CRF -ECG Application :
This is a universal gateway Medical ECG application which is aimed at serving as an unified container for ECG
waveforms, including Holter or similar long term examination based records.This application serves as a proof
of a concept to demonstrate digital data archiving, visualization, analysis and compression.
In order to achieve the most neutral data structure, the application assumes as retrieved data to be in ASCII (X-
Y i.e. frequency/amplitude) format. Several ECG equipment suppliers provide the computer interface of their
data in their own proprietary equipment. However, the study reveals that the data culture adopted in this
application serves the most neutral format and the application can be integrated with any vendors hardware with
an added ADC interface that converts analogue signals into the accepatable (frequency/amplitude) mode,
mimicking a standard ECG strip-chart recording.
This application is Java based, as mentioned, and thus truly implementable in any Operating System.
On Screen Fundamentals:

4. The application supports ECG analysis whereby one can analyze a single lead waveform at a time. One needs
to double click and the entire ECG strip would pop-up in a separate window, and then again double-clicking on
the mouse to analyze the ECG record. Data of all 12 leads is archived into a single proprietary format ( .ecg),
for security.
-4-
FIGURE-2
A DIGITAL (CT)
SCAN OF BONY
TISSUE
The Pathological
slide of the Lung
Biopsy shown
digitized in Figure-3 occupies 160 KB and the Pulmonary function test-report for the same patient, requiring
181 KB memory, is shown in Figure-4.

5. FIGURE – 3 PATHOLOGICAL SLIDE OF A LUNG BIOPSY
-5-
FIGURE -4 PULMONARY FUNCTION ANALYSIS
3. All about Smart Cards
Microprocessor-based embedded Smart cards provide an acceptable method for authenticating devices,
identifying users, their preferences, and keeping records. Any e-commerce transaction requires privacy,
integrity, authenticity verification and non-repudiation, which are of vital importance in various types of
secure transactions over the Internet. With encryption and/or Biometrics (highlighted in Section 6 below), e-
commerce users can use smart cards with more confidence.
Although credit and debit cards look more or less like smart cards in size and shape, these are not smart cards,
which, according to the definition by International Standard Organization, is a plastic strip with a printed and

6. integrated circuit – a chip with a tiny computer embedded in it that includes a memory as well as a processor.
Technically, a smart card is called a “chip card” and also an IC card. The operating system used on this tiny
embedded computer is called a Card Operating System. This COS is very reliable in providing network
security, data and transaction security.
The input/output of data from and to the smart card is made through card readers which are also called Card
Acceptance Devices or Interface Device (see Section 4 below). The card-readers are divided into different
categories according to the type of the card needed to be read, the various functions it can offer, the applications
carried out and the various PC ports. Smart cards may be contact-based or contact-less. When contact-based
cards are inserted into a smart card reader, the data transmission takes place through physical contact points on
the gold-plated surface of the card. Contact-less cards can work without direct physical contact although these
demand a close proximity to the card reader. The contact is made through antenna using Radio Frequency.
There are also combination reader-writers that can read both contact-based and contact-less cards.
Most contact-less cards obtain their power source from the electromagnetic field that sets up the contact.
Alternatively, the card is normally kept in a container, which has both battery and antenna (a clumsy solution).
Another alternative is that the card itself has an embedded battery. Smart card batteries are very tiny, no thicker
than the card or, to be precise, a fraction of a millimeter for a three-volt rechargeable battery. For some
applications, the batteries have to withstand sub-zero temperatures to more than 100° C.
The USA is planning to introduce smart cards in passports that will contain chips in the covers which will hold
facial and fingerprint recognition data for biometrics, and some other personal information. Similarly, e-visa
has also been planned in many countries. The market is growing. Gartner Dataquest predicts the global smart
card market will reach 1.16 billion units in 2004. At an average cost of seven dollars a unit at present, the
market is estimated at $ 8 billion, though the prices of both smart-cards as well as card-readers will fall
drastically once they become industry standards for PCs, and widely acceptable to users, Government agencies,
and commercial organizations.
-6-
A basic smart card standard follows ISO 7816 specification (described later in Section 5) but other standards are
emerging with modified features. Philips has brought out a Non Field Communication-based Bluetooth enabled
contact-less smart cards with a data transfer rate of 1 Mbit/sec over a distance of 20 cm while the usual rate is
about 200 Kbit/sec. An entirely different range of smart cards is being experimented with for moving vehicles
and products in an assembly line, which may work at a distance of several metres. Contact-less smart card
readers must additionally adhere to the ISO standard 14443 (10 cm distance between reader and smart card) or
ISO 15693 (150 cm distance between reader and smart card).
On the basis of computing capability, contact-based cards are of two types: memory card and processor card.
Memory cards can store a large volume of data related to critical information like Biometric identification of a
person, driving license number, personal index number used at ATMs, credit card number, digital signature key
and related algorithm. Processor cards contain both memory and processor, and other features. An indegenous
Smart Card/Reader system is shown below in Figure-5 below, as developed by the ASPECT technology group
(cf. Section 4).

7. FIGURE-5 The ASPECT Smart-Card Reader/Writer System
A modern technology is the Java card technology, which is platform independent. These Java cards are more
versatile compared to the other smart cards. The typical Java card contains 16 KB of Read Only Memory, 8 KB
of Electrically Erasable Programmable ROM and 256 KB of Random Access Memory. It can load programmes
so Java cards also offer compatibility to run different third-party applications that also satisfy ISO norms. Other
manufacturers have come out with 1 MB smart-cards, though in India cards up to 256 KB memory only are
available at present.
Thus, smart cards are gradually expected to replace typical credit cards that have limited use. A smart card may
contain a database which is upgradeable and as a result, a mammoth distributed database can be handled to
reduce network traffic and processing overhead on the main computer, especially using VPN (Virtual Private
Network). The price of a chip is also falling, making smart cards cost-effective and affordable. In fact, credit
and debit cards of the future will actually be smart cards. But although smart cards do provide a more secure
transaction, hacking in cyberspace cannot be fully ruled out, unless Biometrics is incorporated (as shown in
Section 6).
The importance of the advent of Smart Card technology in India can be gauged from the fact that the
Department of Information Technology of the ITC Ministry, Govt. of India sponsored the 6th
Smart Cards Expo
in Delhi early September 2004, in which some hundred national and international organizations participated.
Part of the current work depends on the latest technologies show-cased at the Expo preceding this Conference.
At the same time, embedded-chip technology has taken such a giant leap forward, that 128MB micro-cards,
with concomitant readable attachments on PCI-MC slots of Desktop PCs (and most Laptops) are becoming
commonplace at increasingly affordable prices (in the order of Rs 1000-2000). Considering the fact that
-7-
digitized medical images (radiography as well as pathology slides) require approximately 200-400 KB of data
memory per frame –without compression – and 12-lead electrocardiography of 4 sec duration requires a mere
12-48 KB nominally, it is technically feasible to store abundant biomedical data on both smart-cards as well as
micro-cards even without compression; the text part of the patient-data, in the form of clinical observation,
identity, even graphical inputs like Pulmonary function tests or Stress-tests, occupy comparable memory space.
With encryption and compression, it should be possible to store Biomedical, Biometric, and
personal/commercial information in the same card, in a short time.
In theory, it should be possible to encrypt even banking/financial information in a 512 KB Smart card, (and
possibly even obviate the need for voting cards and driving licenses in the future), also making medical
diagnostic and billing possible via the same media as the medical data card, using e-commerce protocols. All
that is left then, in theory, is to have access to low-cost read/write card-readers, on the one hand, and universally
acceptable standards, on the other, for Medial Smart Cards to become a universal reality, in the same sense as
floppy-discs, CD-ROMs, ZIP-drives, or DVDs.

8. 4. The ASPECT technology
A few years back, a small group of computer professionals from Kolkata precisely achieved this. The acronym,
standing for ‘A Smart Product Ensemble for Commencing Trends’, was meant originally as a pre-cursor to
an universal system- not originally meant for medical applications in particular – but aimed at employee-ID,
club-membership, tourist-related, salary or wage card, cash-card, banking and customer-service. Health/Medical
insurance was an additional benefit, but in the long run, it is likely to prove the most important of all the
applications, given adequate memory capacity: after all, health and medical data are a necessary and universal
requirement, while all other applications are optional, secondary, or could be subsumed into a Smart Card
which has enough memory to hold the rest of information. The schematic diagram of the
Telemedicine/Internet/Smart-Card interface is shown in Figure-5 below, and the general characteristics of the
ASPECT system is given in Figure-6. From the point of view of Medical Technology, what is of importance to
note is that (a) the card reader-writer systems can be miniaturized; (b) they can transfer data through a standard
bus; and hence, (c) in principle, it could be embedded into the main-frame of a standard desk-top Personal
Computer, at low cost and complexity, by removing the exteriors, power-supplies, wiring etc.
This is especially applicable for ASM-19 type Smart-Card reader-writer, shown in Figure- 7. Thus, one can
foresee such a simple indigenous technology to become a standard part of any Hospital Computer – and in the
future, hopefully for any PC, given the availability of Smart Cards of sufficiently high memory and low cost.
Enhancement into Lap-top & Palm-top PCs will have to wait for necessary miniaturization of the mechatronics.
FIGURE 6 : TELEMEDICINE – SMART CARD INTERFACE
MEDICAL
INSTRUMENTATION
DATA
ACQUISITION
SYSTEM
HOSPITAL
COMPUTER
NETWORK
P
A
T
I
E
N
T
REMOTE
PHYSICIAN’S
P C
D
I
A
G
N
O
S
I
S
FEEDBACK
TO
PATIENT
I
N
T
E
R
N
E
T
ENCRYPTION
AND
COMPRESSION
DECRYPTION AND
DECOMPRESSION
SMART CARD WRITER /READER
ANY
P C

9. FIGURE – 7 COMMON USAGES OF SMART CARD TECHNOLOGIES
Some Smart-Card reader-writer applications, comprising of hand-held, wall-mounted, desk-top and miniature
systems is given in Figure-7 below.

10. FIGURE-8 SOME SMART-CARD APPLICATIONS DEVELOPED BY THE “ASPECT” TECHNOLOGY

11. -10-
5. A brief note ISO-7816 Smart-Card Standards
ISO 7816-1 (Part1): this deals with Physical Charcteristics of Integrated Circuit Cards
This part describes the physical charcteristics of integrated circuit cards. It includes accomodation of exposure
limits for a number of electromagnetic phenomena such as X-rays, UV light, elacromagnetic fields, static
electrical fields, and ambient temperature of the card.
Furthermore ISO 7816-1 defines the characteristics of a card when it is bent or flexed. This is to make sure that
plastic cards with embedded chips are manufactured in a way that guarantees flawless operation over the
expected life time of a card. Connections between the surface connectors and the I/O pins of the embedded
silicon die must be maintained and withstand mechanical stress. Bending and flexing procedures are
standardized in ISO 7816.
This part of ISO 7816 is important for card manufacturers. They are the ones that choose the materials and
establish a process that embeds the integrated circuit into the card.
ISO 7816-2 (Part 2): This deals with Dimensions and Location of the Contacts
ISO 7816 part 2 defines the dimensions and location of the contacts. This part includes standards about number,
function and position of the electrical contacts.
The integrated circuit card (ICC) has 8 electrical contacts. They are referred to as C1 through C8. However, not
all 8 contacts are electrically connected to the embedded microprocessor chip and therefore unused at the
present time.
Some smart cards issued before 1990 were adherent to a different standard for the contact location and therefore
can't be used with today's ISO7816-2 compliant smart card readers. These cards were deployed primarily in
Europe.
ISO 7816-3 (Part 3): This deals with Electronic Signals and Transmission Protocols
This part describes electronic signals and transmission protocols of integrated circuit cards, and is a version that
is available on the Internet. If you need the official version of this part, please contact ISO in Switzerland.
Most of ISO 7816- 3 is important for reader manufacturers or developers who want to establish a
communication with a smart card on a very low level, the signal level. Going through ISO 7816-3 one can see
what's involved in writing one’s own I/O software. This can be either to communicate from a micro-controller
or a PC's serial/parallel/USB/PCMCIA port. Even if one does not intend to go that far, it is interesting to read
about what one can get out of an Answer to Reset (ATR).
There are many tools out there to read an ATR. Even on the Smart Card Web- site
http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-1.aspx, a remote version of a free ATR
probing tool is available, that reads and interprets an ATR over the Internet. All one need is a PCSC compliant
Smart Card reader attached to a PC with an Internet connection.
6. Biometric Applications of Smart Cards
Once a Smart-Card reader-writer system is in place, the next important application is an universal identity-card
incorporating Biometrics : a personal data format that incorporates one or more salient features of the user, if
required in a compressed and/or encrypted format. This could encompass one or more of such pictorial features
as a photograph /fingerprint, and auditory features like speech-recording & voice-print, though some
commercial applications prefer an image of the iris (blood-vessel connections of the retina) as the preferred
mode.

12. -11-
In all cases, these constitute unique features of the user, which cannot be duplicated. A typical photograph, as
shown in the Figure 8 (A) below in JPEG format, requires about 49KB of memory, while the finger-print next
to it (B) requires about 44KB, in an uncompressed mode. Both of these could be stored and analyzed using
optical pattern recognition algorithms.
(A) (B) (C)
(D)
Figure 9. Photograph, fingerprint speech-file and voice-print samples storable in a Smart-card (137 KB
total). Double-click the mouse on the speaker symbol over (C) to hear the name as recorded speech.
Similarly, a voice signal recording of the user, as shown by the media-player symbol alongside (in C ) in
hypertext-mode - and playable simply by clicking a mouse over it in the soft copy of this file - is about 2.8 sec
signal length in 8-bit PCM mode, sampled at 15K/sec to create a 44KB wave (.wav) file. This can be stored in
the card and later compared with the microphone output connected to the PC when the genuine user repeats the
phrase (in this case, his own name), using standard pattern-recognition techniques. Alternatively, a voice-print
could be created of the wave-file (as shown in D) using a standard software such as Sound Forge, and this
could be the Biometric template for the user. A combination file of all these formats can virtually ensure total
security for any person, with a reasonable amount of digital memory requirement and software overhead even
in an uncompressed mode, especially with the availability of 256KB and 512 KB embedded-chip memory
smart-cards in a short time.

13. -12-
The applications of the above paradigms are limitless : a one-card identification solution for all requirements of
a citizen – from banking to marketing, from e-commerce to e-governance, from taxation to voting. In
particular, it could circumvent problems, costs and logistics involved in the election processes ( local, state or
central), as the user can use it to any PC in the country– or for the matter in the world – through the Internet,
once the built-in card-reader becomes an universally accepted storage device. Personal information can be
added and accessed in text-form for availability on the Net, once the Biometric security barrier has been
successfully overcome.
7. Concluding remarks
So far, Telemedicine technology has been groping for paradigms and solutions for the future, in the expectation
that some form of universally acceptable encoding, encryption, storage/retrieval and transmission system could
be achieved acceptable to all – physicians, hospital administrators, and computer specialists alike. With the kind
of Smart-Card technology described above, the fourth – and equally important – aspect of the problem has been
attempted to be addressed, namely, patient (or user) acceptability and user confidence regarding security and
reliability. The next step, logically, would be to have an integrated protocol to seamlessly integrate Smart Card
and Internet technologies, both for Medical as well as identification usages.
The fact that the technologies presented here have been indigenously developed and affordable, make it an
excellent candidate for real-life applications in the field of Computer applications in Medicine, as well as a
secure all-purpose citizen’s ID card. What is required, during the course of the next few years, is the integration
of three variables : availability or manufacturing of standard card reader-writers using the ASPECT technology
– which can be retro-fitted into all PCs; large memory, low-cost Smart-Cards using embedded chip technology
(e.g. ATMEL); and secure encrypted software like the ANAHITA protocol - goals which are clearly visible
over the horizon.
REFERENCES
1) Critical-care Monitoring (by the author) : The Journal of Gen. Medicine, Vol.8, No.1, Oct-
Dec 1995).
2) You and the Computer : how it could change your life - and that of your
patients Part I (by the author): The Journal of General Medicine, Vol.8, No.2, Jan-Feb 1996.
3) Telemedicine and Hospital Computerization (presentation by the author) :W.H.O.-I.C.M.R.
Workshop on Accessing Medical Informatics (Sikkim-Manipal Institute of Medical Sciences, Sept.
2002).
4) Computers in Medicine – the road ahead in India (presentation by the author): National Conference
on Medical Informatics and C.M.E. on Hospital Management (held at Mahatma Gandhi Institute of
Medical Sciences, Sevagram, Wardha, Sept. 2004).
5) Computers in Medicine – application of Smart-card Technology (by the author): Annual
Conference of the Biomedical Engineering Society of India (held at GITAM Institute of
Technology, Vishakhapatnam, India, Dec.2004)
ACKNOWLEDGEMENTS
The author wishes to acknowledge with thanks the following persons whose research & development work and
assistance has gone into preparing this document :
1. Mr. Kishore Bhattacharyya and colleagues, ASPECT Group, Kolkata, for the smart-card reader-writers
2. Mr. Indrajit Saha of R.M. Sales, Kolkata, for donating the ATMEL smart-card samples & data-sheets
3. Mr. Ranjit Rangan & Mr. Sunil Aggarwal, EVENTS Technologies, Pune, for the Telemedicine protocols
4. Prof. Arun Samaddar, Director, Pailan College of Management & Technology, WB, for parts of the text.
(The author is an Electronics & Control Systems Engineer (I.I.T-Kgp/I.I.T.-B’ba)y, a first-generation Biomedical
Engineer (I.I.T.Madras 1972-75), former Commonwealth Scholar in the U.K .- where he obtained his Ph.D. in Medical
Electronics, a Life-member of the Biomedical Society of India and the Computer Society of India, and has served as R &
D, production and marketing executive in several Indian and multinational Medical Electronics and Automation &
Control Industries like Keltron, Philips, Siemens and Larsen & Toubro, as well as in prominent academia in India and
abroad).