0
 	
  
Guidelines for the technological
development in the e-health
application domain 
Ivano Malavolta
Università degli St...
Introduction

Great progress in the health sector applied to












 etc.







However, the health sector currently...
Introduction

The E-Health Technology project focusses on






Remote assistance via mobile devices
Modernization of busi...
Introduction

The role of University of L’Aquila in the project
Research
Prototypes
development
Research actions
State of ...
Introduction

In this talk we will present the main solutions for architecting an
e-health software system in terms of its...
 	
  
Remainder of the talk

•  Introduction
•  Cloud computing
•  User authentication
•  User authorization
•  Data encry...
Cloud computing


The use of computing power that is located “elsewhere”à in the cloud

Advantages:

no infrastructure
el...
Cloud computing


Challenges in the e-health application domain:
Who can enter the system?
Who can do what in the system?
...
User authentication


Strong authentication is mandatory
•  one possible implementation: two-factor + challenge-response
S...
OATH1


Open standard for the interoperability of authentication methods
•  Supports both hardware and software implementa...
User authorization


Access control is the basis of Information Security






 
 
 
 
 prevent disclosure to unauthorized...
XACML


Open standard proposing
•  a declarative language for defining access control policies
•  a run-time architecture f...
Data encryption


Data encryption is the process of encoding messages or
information in such a way that only authorized pa...
Sensitive data separation


Multi-tenant architecture with a dedicated database for each agency

Advantages:

•  data isol...
Conclusions (i)
Conclusions (ii)


What is not covered in this talk:
•  digital documents with legal validity
•  Analog copies of digital ...
 	
  
Contact


Ivano Malavolta
Università degli Studi dell’Aquila

ivano.malavolta@univaq.it
http://www.di.univaq.it/mala...
Images credits


•  http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home
•  https://www.tcnp3.com/ho...
Upcoming SlideShare
Loading in...5
×

Guidelines for the technological development in the e-health application domain

471

Published on

Slides of the talk I gave the 18th of July 2014 about the activities I coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Published in: Health & Medicine
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
471
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Guidelines for the technological development in the e-health application domain"

  1. 1.     Guidelines for the technological development in the e-health application domain Ivano Malavolta Università degli Studi dell’Aquila
  2. 2. Introduction Great progress in the health sector applied to etc. However, the health sector currently lags behind other sectors in the use of advanced data management software à there is great potential for rapid, sustained growth image acquisition image elaboration robotics
  3. 3. Introduction The E-Health Technology project focusses on Remote assistance via mobile devices Modernization of business processes Design of new services in the cloud
  4. 4. Introduction The role of University of L’Aquila in the project Research Prototypes development Research actions State of the art Architectural solutions
  5. 5. Introduction In this talk we will present the main solutions for architecting an e-health software system in terms of its Security engineering Reliability assurance etc. Data management infrastructure
  6. 6.     Remainder of the talk •  Introduction •  Cloud computing •  User authentication •  User authorization •  Data encryption •  Sensitive data separation •  Conclusions
  7. 7. Cloud computing The use of computing power that is located “elsewhere”à in the cloud Advantages: no infrastructure elasticity low risk
  8. 8. Cloud computing Challenges in the e-health application domain: Who can enter the system? Who can do what in the system? Who can read my data? Where is my data?
  9. 9. User authentication Strong authentication is mandatory •  one possible implementation: two-factor + challenge-response Something you know Something you have ex. username and password ex. card or security token +
  10. 10. OATH1 Open standard for the interoperability of authentication methods •  Supports both hardware and software implementations http://www.openauthentication.org/ Advantages: •  always with the user •  low investment risk •  scalable •  customizable •  no waiting time for issuing a new token
  11. 11. User authorization Access control is the basis of Information Security prevent disclosure to unauthorized users prevent modification by unauthorized users Confidentiality Integrity
  12. 12. XACML Open standard proposing •  a declarative language for defining access control policies •  a run-time architecture for enforcing the policies defining enforcing
  13. 13. Data encryption Data encryption is the process of encoding messages or information in such a way that only authorized parties can read it In our project we encrypt data at two levels: prevent information disclosure while sending data prevent reading saved data in the database Communication Database
  14. 14. Sensitive data separation Multi-tenant architecture with a dedicated database for each agency Advantages: •  data isolation ( required by law) •  customized services •  easy disaster recovery
  15. 15. Conclusions (i)
  16. 16. Conclusions (ii) What is not covered in this talk: •  digital documents with legal validity •  Analog copies of digital documents •  Graphometric signatures with legal validity These aspects are covered in our research article* * available also in English  
  17. 17.     Contact Ivano Malavolta Università degli Studi dell’Aquila ivano.malavolta@univaq.it http://www.di.univaq.it/malavolta
  18. 18. Images credits •  http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home •  https://www.tcnp3.com/home/cloud-technology/what-is-cloud-computing-infographic/ •  http://www.carestreamdental.com/it/it-it/computedradiography •  http://www.kavo.it/Prodotti/Imaging-Radiologia/Tomografia-volumetrica-3D.aspx •  http://www.siriweb.com/wp/?product_cat=ecograf_multi •  http://cdn.bills.com/images/articles/originals/rate-lock.jpg •  http://www.ftsafe.com/product/otp/hotp •  https://www.hidglobal.com/partner-products/single-button-time-based-oath-otp •  http://www.solidpass.com/authentication-methods/time-synchronized-security-token.html •  http://www.partnerdata.it/prodotti/identificazione/one-time-pw/modelli-epass/ •  http://www.telos.com/secure-communications/secure-unified-directory/
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×