Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometrics in Pharma: Politics and Privacy Daniel Shapiro * and Sidney Shapiro + * School of Information Technology and Engineering, University of Ottawa.

Published byDebra Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "Biometrics in Pharma: Politics and Privacy Daniel Shapiro * and Sidney Shapiro + * School of Information Technology and Engineering, University of Ottawa."— Presentation transcript:

1 Biometrics in Pharma: Politics and Privacy Daniel Shapiro * and Sidney Shapiro + * School of Information Technology and Engineering, University of Ottawa Email: dshap092@site.uottawa.ca + Department of Political Science, Laurentian University Email: sx_shapiro@laurentian.ca

2 Overview 1.Prescription of Controlled Substances 2.Trends in Google Searches, News, Regions 3.Spam and Other Marketing 4.Biometric Prescriptions: Practical, Political, and Privacy Issues 5.The Impact of Technology 6.Conclusions

3 Prescription of Controlled Substances The Drug Enforcement Agency (DEA) has announced the implementation of the use of both computerized and biometric security protocols in the electronic prescription of controlled substances. Electronic prescriptions which were up until this point not allowed to be prescribed by electronic means will now be easier for physicians and the DEA to monitor and prescribe.

4 USA Google Searches 2004-2010 Raw Data with ±5% ErrorTrends Pharmacy searches ↑ Prescription, privacy searches ↓ Implication is ↑ use of illegal online pharmacies in the USA In 2004, ¼ of Americans had looked online for drug information, and four percent purchased drugs online [Fox04]

5 Breakdown by Region

6 News Coverage in USA Raw Data with ±5% ErrorTrends News coverage of privacy and prescriptions is ↑ News coverage of pharmacy is ↑ too “Prescription drugs online” 2004 indicates ↑ use of online pharmacies [Fox04] pharmacy prescriptionprivacy

7 Spam and Other Marketing

8 Biometric Prescriptions: Practical, political, and privacy issues Practical Biometrics Issues: Non-repudiation Improved accountability Delegation prevention Possible increased cost Possible information security concerns False acceptance and false rejection cases Possible serious medical consequences when a drug cannot be obtained due to failed biometric authentication. Political / Privacy Biometrics Issues: RiteAid installs fingerprint scanners in their pharmacies 2004 Less privacy (summarizing data) Policy issues (HIPAA/ETP/PIPEDA/others) Legal issues (selling prescription data) Human factors (fear, misconceptions)

9 The Impact of Technology Cryptography and Systems Service interruptions due to power failures or DDoS. Biometrics systems would be unable to function without access to communication and information unless the data was stored locally, negating the usefulness of a large scale distributed system. PKI is slow but secure. Biometrics Degraded biometric Combination of several biometrics in order to improve accuracy A certificate authority cannot reissue a biometric. Fingerprint scanners can identify fake fingerprint attempts using sensors to observe the finger temperature, pulse, oxygenation, blood pressure, movement, and electrical resistance.

10 The Impact of Technology Cryptography and Systems Certificates are preferred over scans due to data size. Digital signatures disallowed in many jurisdictions. Risk-based approach for data encryption. Clearly a prescription for a controlled substance would fall under the category of a high-risk, and would be heavily encrypted. Hardware failure in any component in the system including cameras, fingerprint scanners, barcode readers, and computers. Biometrics Hackers could begin harvesting biometric information from poorly secured e-health system. Setting up a fake service with the express purpose of aggregating biometric information. Sometimes it is cheaper to pay off the bad guys. Biometric software failure due to a bug in the implementation.

11 The Impact of Technology Cryptography and Systems DEA says you need 2 IDs + biometric. This is like saying you need a biometric + password… Then why use the biometric? As we said earlier, combining certificates reduces false accept/reject. Biometrics A replay attack is a case where a biometric has been copied by a third party and is being used (fraudulently) to authenticate. Picture of a doctor's face in the parking lot, and then displaying the photo to a biometric face scanner. Secure authentication, secure data transmission, cost-effective security, and fast execution of security mechanisms are all highly desirable when implementing biometrics and electronic prescriptions on a large scale.

12 The Impact of Technology Impact of Artificial "Gummy" Fingers on Fingerprint Systems Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino Graduate School of Environment and Information Sciences, Yokohama National University 79-7 Tokiwadai, Hodogaya, Yokohama 240-8501, Japan, email: tsutomu@mlab.jks.ynu.ac.jptsutomu@mlab.jks.ynu.ac.jp ABSTRACT Potential threats caused by something like real fingers, which are called fake or artificial fingers, should be crucial for authentication based on fingerprint systems. Security evaluation against attacks using such artificial fingers has been rarely disclosed. Only in patent literature, measures, such as "live and well" detection, against fake fingers have been proposed. However, the providers of fingerprint systems usually do not mention whether or not these measures are actually implmented in emerging fingerprint systems for PCs or smart cards or portable terminals, which are expected to enhance the grade of personal authentication necessary for digital transactions. As researchers who are pursuing secure systems, we would like to discuss attacks using artificial fingers and conduct experimental research to clarify the reality. This paper reports that gummy fingers, namely artificial fingers that are easily made of cheap and readily available gelatin, were accepted by extremely high rates by particular fingerprint devices with optical or capacitive sensors. We have used the molds, which we made by pressing our live fingers against them or by processing fingerprint images from prints on glass surfaces, etc. We describe how to make the molds, and then show that the gummy fingers, which are made with these molds, can fool the fingerprint devices.

13 Conclusions Online pharmacy popularity ↑ using legal prescriptions Practical, political, and privacy concerns must be addressed in tandem. Market acceptance is possible (RiteAid) Biometric, hardware, cryptographic mechanisms for securing prescriptions are complex

14 Questions?

15 References Background image: http://minnesota.publicradio.org/display/web /2006/11/28/eprescriptions/# http://minnesota.publicradio.org/display/web /2006/11/28/eprescriptions/#

Download ppt "Biometrics in Pharma: Politics and Privacy Daniel Shapiro * and Sidney Shapiro + * School of Information Technology and Engineering, University of Ottawa."

Similar presentations

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.

Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
By Aidan Summerville.  The process inn which a person’s unique physical and other traits are detected and recorded by an electronic device or system.

By Aidan Summerville.  The process inn which a person’s unique physical and other traits are detected and recorded by an electronic device or system.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
U.S. Department of Justice Drug Enforcement Administration Office of Diversion Control Electronic Prescriptions for Controlled Substances Michelle Ferritto,

U.S. Department of Justice Drug Enforcement Administration Office of Diversion Control Electronic Prescriptions for Controlled Substances Michelle Ferritto,
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Liveness Testing Shivankush Aras. Threats to Biometric System Artificially created biometrics: e.g. image of a face or iris, lifted latent fingerprints,

Liveness Testing Shivankush Aras. Threats to Biometric System Artificially created biometrics: e.g. image of a face or iris, lifted latent fingerprints,
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

Similar presentations

Ads by Google