Your SlideShare is downloading. ×
  • Like
Guidelines for the technological development in the e-health application domain
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Guidelines for the technological development in the e-health application domain

  • 336 views
Published

Slides of the talk I gave the 18th of July 2014 about the activities I coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Slides of the talk I gave the 18th of July 2014 about the activities I coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Published in Health & Medicine
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
336
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
8
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1.     Guidelines for the technological development in the e-health application domain Ivano Malavolta Università degli Studi dell’Aquila
  • 2. Introduction Great progress in the health sector applied to etc. However, the health sector currently lags behind other sectors in the use of advanced data management software à there is great potential for rapid, sustained growth image acquisition image elaboration robotics
  • 3. Introduction The E-Health Technology project focusses on Remote assistance via mobile devices Modernization of business processes Design of new services in the cloud
  • 4. Introduction The role of University of L’Aquila in the project Research Prototypes development Research actions State of the art Architectural solutions
  • 5. Introduction In this talk we will present the main solutions for architecting an e-health software system in terms of its Security engineering Reliability assurance etc. Data management infrastructure
  • 6.     Remainder of the talk •  Introduction •  Cloud computing •  User authentication •  User authorization •  Data encryption •  Sensitive data separation •  Conclusions
  • 7. Cloud computing The use of computing power that is located “elsewhere”à in the cloud Advantages: no infrastructure elasticity low risk
  • 8. Cloud computing Challenges in the e-health application domain: Who can enter the system? Who can do what in the system? Who can read my data? Where is my data?
  • 9. User authentication Strong authentication is mandatory •  one possible implementation: two-factor + challenge-response Something you know Something you have ex. username and password ex. card or security token +
  • 10. OATH1 Open standard for the interoperability of authentication methods •  Supports both hardware and software implementations http://www.openauthentication.org/ Advantages: •  always with the user •  low investment risk •  scalable •  customizable •  no waiting time for issuing a new token
  • 11. User authorization Access control is the basis of Information Security prevent disclosure to unauthorized users prevent modification by unauthorized users Confidentiality Integrity
  • 12. XACML Open standard proposing •  a declarative language for defining access control policies •  a run-time architecture for enforcing the policies defining enforcing
  • 13. Data encryption Data encryption is the process of encoding messages or information in such a way that only authorized parties can read it In our project we encrypt data at two levels: prevent information disclosure while sending data prevent reading saved data in the database Communication Database
  • 14. Sensitive data separation Multi-tenant architecture with a dedicated database for each agency Advantages: •  data isolation ( required by law) •  customized services •  easy disaster recovery
  • 15. Conclusions (i)
  • 16. Conclusions (ii) What is not covered in this talk: •  digital documents with legal validity •  Analog copies of digital documents •  Graphometric signatures with legal validity These aspects are covered in our research article* * available also in English  
  • 17.     Contact Ivano Malavolta Università degli Studi dell’Aquila ivano.malavolta@univaq.it http://www.di.univaq.it/malavolta
  • 18. Images credits •  http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home •  https://www.tcnp3.com/home/cloud-technology/what-is-cloud-computing-infographic/ •  http://www.carestreamdental.com/it/it-it/computedradiography •  http://www.kavo.it/Prodotti/Imaging-Radiologia/Tomografia-volumetrica-3D.aspx •  http://www.siriweb.com/wp/?product_cat=ecograf_multi •  http://cdn.bills.com/images/articles/originals/rate-lock.jpg •  http://www.ftsafe.com/product/otp/hotp •  https://www.hidglobal.com/partner-products/single-button-time-based-oath-otp •  http://www.solidpass.com/authentication-methods/time-synchronized-security-token.html •  http://www.partnerdata.it/prodotti/identificazione/one-time-pw/modelli-epass/ •  http://www.telos.com/secure-communications/secure-unified-directory/