Guidelines for the technological
development in the e-health application domain
Ivano Malavolta Università degli Studi dell’Aquila
Introduction
Great progress in the health sector applied to
etc.
However, the health sector currently lags behind other sectors in the use of advanced data management software à there is great potential for rapid, sustained growth
image acquisition
image elaboration robotics
Introduction
The E-Health Technology project focusses on
Remote assistance via mobile devices
Modernization of business processes
Design of new services in the cloud
Introduction
The role of University of L’Aquila in the project
Research Prototypes
development
Research actions
State of the art Architectural
solutions
Introduction
In this talk we will present the main solutions for architecting an
e-health software system in terms of its
Security engineering
Reliability assurance
etc.
Data management infrastructure
Remainder of the talk
• Introduction
• Cloud computing
• User authentication
• User authorization
• Data encryption
• Sensitive data separation
• Conclusions
Cloud computing
The use of computing power that is located “elsewhere”à in the cloud
Advantages: no infrastructure
elasticity low risk
Cloud computing
Challenges in the e-health application domain:
Who can enter the system?
Who can do what in the system?
Who can read my data?
Where is my data?
User authentication Strong authentication is mandatory
• one possible implementation: two-factor + challenge-response
Something you know Something you have
ex. username and password ex. card or security token
+
OATH1
Open standard for the interoperability of authentication methods
• Supports both hardware and software implementations
http://www.openauthentication.org/
Advantages: • always with the user • low investment risk • scalable • customizable • no waiting time for issuing a
new token
User authorization Access control is the basis of Information Security
prevent disclosure to unauthorized users
prevent modification by unauthorized users
Confidentiality
Integrity
XACML Open standard proposing
• a declarative language for defining access control policies
• a run-time architecture for enforcing the policies
defining
enforcing
Data encryption Data encryption is the process of encoding messages or information in such a way that only authorized parties can read it In our project we encrypt data at two levels:
prevent information disclosure while sending data
prevent reading saved data in the database
Communication
Database
Sensitive data separation
Multi-tenant architecture with a dedicated database for each agency
Advantages: • data isolation ( required by law) • customized services • easy disaster recovery
Conclusions (i)
Conclusions (ii) What is not covered in this talk:
• digital documents with legal validity
• Analog copies of digital documents
• Graphometric signatures with legal
validity
These aspects are covered in our research article*
* available also in English
Contact
Ivano Malavolta
Università degli Studi dell’Aquila
[email protected] http://www.di.univaq.it/malavolta
Images credits • http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home
• https://www.tcnp3.com/home/cloud-technology/what-is-cloud-computing-infographic/
• http://www.carestreamdental.com/it/it-it/computedradiography
• http://www.kavo.it/Prodotti/Imaging-Radiologia/Tomografia-volumetrica-3D.aspx
• http://www.siriweb.com/wp/?product_cat=ecograf_multi
• http://cdn.bills.com/images/articles/originals/rate-lock.jpg
• http://www.ftsafe.com/product/otp/hotp
• https://www.hidglobal.com/partner-products/single-button-time-based-oath-otp
• http://www.solidpass.com/authentication-methods/time-synchronized-security-token.html
• http://www.partnerdata.it/prodotti/identificazione/one-time-pw/modelli-epass/
• http://www.telos.com/secure-communications/secure-unified-directory/