Presentation is loading. Please wait.

Presentation is loading. Please wait.

Infrastructure for Secure Sharing Between Picture Archiving and Communication System and Image enabled Electronic Health Records Krupa Anna Kuriakose MASc.

Published byBenjamin Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "Infrastructure for Secure Sharing Between Picture Archiving and Communication System and Image enabled Electronic Health Records Krupa Anna Kuriakose MASc."— Presentation transcript:

1 Infrastructure for Secure Sharing Between Picture Archiving and Communication System and Image enabled Electronic Health Records Krupa Anna Kuriakose MASc Candidate Dept. Electrical, Computer and Software Engineering UOIT Krupa.Kuriakose@uoit.ca Supervisor : Dr. Kamran Sartipi February 22, 2013 1

2 Overview Drawbacks of the existing PACS Proposed solution Introduction to OpenID and OAuth Case Study : E-health Services with Secure Mobile Agent 2

3 Current security issues in PACS Lack the following features : Infrastructure for Federated Identity Management (FIM ) Common set of access control policies Integration of patient consent directives with the security policies User authentication and audit to data is local to each system and not federated “ PACS have no means to integrate and interoperate with common infrastructure” 3

4 Solution to address the issue A token based User Registry to initially authenticate users A Consent Registry that holds the consent directives defined by patients A Health Information Access Layer with a standard messaging and communication protocol 4

5 Research Area 5

6 Proposed Solution Stage 1 : Token based authentication of the user prior to sending access request to EHR Stage 2 : Agent managed behaviour based access control infrastructure 6

7 Stage 1: PACS Authenticating with the user registry to use the designed infrastructure 7 Registration Service ( RS ) Registration Service ( RS ) Token Providing Service (TPS ) User Registry User ( PACS ) (1) User request registration (2) RS return RT (3) User sends RT to TPS (4) TPS issues AGT to user RT : Registration Ticket AGT : Access Grant Token

8 Policy Guideline Policy Guideline PACS Primitive Sets Regulations Primitive Sets Regulations Repository Representation (Role, Context, Resources, policy, etc.) User Behavior Behavior Constructor Decision Making Engine Authentication Access Request Access Response Behavior Check Behavior Check Agent HIAL Stage 2 : Agent managed behaviour based access control infrastructure

9 Policy Guideline Policy Guideline PACS Primitive Sets Regulations Primitive Sets Regulations Repository Representation (Role, Context, Resources, policy, etc.) User Behavior Behavior Constructor Decision Making Engine Authentication Access Request Access Response Behavior Check Behavior Check Agent HIAL User Registry Complete Architecture

10 Introduction to OpenID 10

11 Need for OpenID Lots of websites, lots of accounts… Facebook Twitter Email Message Boards Blogs MyUCSC Bank Accounts Calendar Gaming E- Commerce Social Bookmarking Photo Sharing

12 OpenID Solution Use one identity for all the internet service (OpenID enabled)

13 An OpenID is a URL URL are Globally unique. OpenId allows proving ownership of an URL People already have identity at URLS via blogs, photos, Myspace and Facebook Etc

14 Main Components End-user ◦ The person who assert his or her identity to a site. Identifier ◦ The URL chosen by the end- user as their OpenID identifier Identity provider or OpenID provider ◦ A service provider offering the service of registering OpenID URLs ◦ E.g. Yahoo, Blogger, etc Relying party ◦ Site that wants to verify the end-user's identifier : "service provider". 14

15 Website Benefits Increased conversion rates from “site visitors” to “registered users” Reduced customer care cost and frustration with forgotten passwords Accelerated adoption of “community” features Limited password sharing issues Facilitated single sign-on across multiple company and partner websites

16 User Benefits Faster & easier registration and login Reduced frustration from forgotten user name/password Maintain personal data current at preferred sites Minimize password security risks

17 Challenges Though you have one, there are not many places to use it (yet) None of the big players — AOL, MS, Google, Yahoo!, MySpace — accept OpenID The sign-in process can be very confusing and jarring to users Security Concerns have not been fully resolved : subject to phishing attacks Unrealized loss of Anonymity 17

18 Introduction to OAuth 18

19 Function of OAuth “OAuth provides a way to grant access to your data on some website to a third website, without needing to provide this third website with your authentication information for the original website." 19

20 oAuth Overview oAuth Overview Security protocol that allows users to grant third-party access to their web resources without sharing their passwords. The heart of OAuth is an authorization token. OAuth is an open protocol Manages handshake between applications Used when an API publisher wants to know who is communicating with the system.

21 OAuth terminology The resource owner (original OAuth name: user) – that’s you, me, or anyone with something private they want to share The server (original OAuth name: service provider) – that’s the service where the private resources reside The client (original OAuth name: consumer) – that’s the service we’d like to use. It needs access to the resources

22 Example Scenario User has Twitter account and he wants to use a service such as TwitPic or yfrog to upload a photo and tweet it. Twitter account (or specific actions on twitter account like reading, posting etc) is the private resource and it should be protected 22

23 Resource owner has to authorise the client (TwitPic or yfrog) to access protected resources (twitter API actions) on the server. Client asks the server to authenticate User grant or deny access to specific resources on the server Client is issued with a token that can be presented to the server to access those resources in future. 23

24 Case Study Case Study E-health Services with Secure Mobile Agent Rossilawati Sulaiman, Xu Huang, Dharmendra Sharma Department of Information Science & Engineering University of Canberra Australia 24

25 Main Focus “ How Sender can securely transfer sensitive information to Recipient while still maintaining control over it ” Introduces mobile agents to Multilayer Communication ( MLC ) layer in the model Sender keeps the key for decryption at his/her side until the agent needs it A token is carried by the agent to obtain the key for decryption processes 25

26 Main Components Agent Key Token 26

27 Security Token Security Token It is an encrypted random number carried by the mobile agent to the Recipient’s host Agent sends back the token to the Sender to retrieve the information for data decryption 27

28 Security mechanisms Data Security Channel security Protect the database from unauthorized access 28 Ensures security of a given communication channel, regardless of the information that is transferred over that channel

29 Classification and Security Mechanisms in the MLC Approach Layer of communication Security Mechanism Layer 1 : Extremely sensitive data Doctor  Doctor Doctor  Patient Doctor  Nurse Nurse  Patient Data and Channel security Layer 2 : Highly sensitive data Paramedic  Sys Coordinator Data security ( using wireless network ) Layer 3 : Medium sensitive dataChannel security or Data security Layer 4 : Low sensitive dataChannel security or Data security Layer 5 : Non sensitive data or public data The public Secure open channel, ID and password 29

30 Example Scenario : Communication between Doctor and Patient DoctorPatient 30

31 Steps involved Step 1Step 2 Layer of communication (com_layer) is identified Choosing the appropriate security mechanism 31

32 Lo Value to choose the MLC layer RoleLo Value Doctor Patient Nurse Layer 1 Paramedic Coordinator System CoordinatorLayer 2 Social WorkerLayer 3 System AdministratorLayer 4 32

33 Finding com_layer value Lo Value :Com_layer Value Sender = RecipientSender’s L0 / Recipient’s L0 Sender > RecipientSender’s L0 Sender < RecipientRecipient’s L0 33

34 Appropriate Layer and Corresponding Security mechanism 34

35 Security Architecture Doctors Host Patient Host 35 Plain Text Additional Information Data File MA PA DA (1) (2) Send additional information (3) Dispatches mobile agent

36 Process flow 36

37 Conclusion Research implements a common infrastructure for secure sharing between PACS and the diagnostic image repository of EHR Agent based methodology can be used to implement this solution in the HIAL layer of EHR 37

38 Thank You & Questions? 38

Download ppt "Infrastructure for Secure Sharing Between Picture Archiving and Communication System and Image enabled Electronic Health Records Krupa Anna Kuriakose MASc."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Electronic Data Interchange (EDI)

Electronic Data Interchange (EDI)
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.

Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.

Similar presentations

Ads by Google