Guidelines for the technological development in the e-health application domain
Upcoming SlideShare
Loading in...5
×
 

Guidelines for the technological development in the e-health application domain

on

  • 247 views

Slides of the talk I gave the 18th of July 2014 about the activities i coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Slides of the talk I gave the 18th of July 2014 about the activities i coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Statistics

Views

Total Views
247
Views on SlideShare
247
Embed Views
0

Actions

Likes
1
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Guidelines for the technological development in the e-health application domain Guidelines for the technological development in the e-health application domain Presentation Transcript

  •     Guidelines for the technological development in the e-health application domain Ivano Malavolta Università degli Studi dell’Aquila
  • Introduction Great progress in the health sector applied to etc. However, the health sector currently lags behind other sectors in the use of advanced data management software à there is great potential for rapid, sustained growth image acquisition image elaboration robotics
  • Introduction The E-Health Technology project focusses on Remote assistance via mobile devices Modernization of business processes Design of new services in the cloud
  • Introduction The role of University of L’Aquila in the project Research Prototypes development Research actions State of the art Architectural solutions
  • Introduction In this talk we will present the main solutions for architecting an e-health software system in terms of its Security engineering Reliability assurance etc. Data management infrastructure
  •     Remainder of the talk •  Introduction •  Cloud computing •  User authentication •  User authorization •  Data encryption •  Sensitive data separation •  Conclusions
  • Cloud computing The use of computing power that is located “elsewhere”à in the cloud Advantages: no infrastructure elasticity low risk
  • Cloud computing Challenges in the e-health application domain: Who can enter the system? Who can do what in the system? Who can read my data? Where is my data?
  • User authentication Strong authentication is mandatory •  one possible implementation: two-factor + challenge-response Something you know Something you have ex. username and password ex. card or security token +
  • OATH1 Open standard for the interoperability of authentication methods •  Supports both hardware and software implementations http://www.openauthentication.org/ Advantages: •  always with the user •  low investment risk •  scalable •  customizable •  no waiting time for issuing a new token
  • User authorization Access control is the basis of Information Security prevent disclosure to unauthorized users prevent modification by unauthorized users Confidentiality Integrity
  • XACML Open standard proposing •  a declarative language for defining access control policies •  a run-time architecture for enforcing the policies defining enforcing
  • Data encryption Data encryption is the process of encoding messages or information in such a way that only authorized parties can read it In our project we encrypt data at two levels: prevent information disclosure while sending data prevent reading saved data in the database Communication Database
  • Sensitive data separation Multi-tenant architecture with a dedicated database for each agency Advantages: •  data isolation ( required by law) •  customized services •  easy disaster recovery
  • Conclusions (i)
  • Conclusions (ii) What is not covered in this talk: •  digital documents with legal validity •  Analog copies of digital documents •  Graphometric signatures with legal validity These aspects are covered in our research article* * available also in English  
  •     Contact Ivano Malavolta Università degli Studi dell’Aquila ivano.malavolta@univaq.it http://www.di.univaq.it/malavolta
  • Images credits •  http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home •  https://www.tcnp3.com/home/cloud-technology/what-is-cloud-computing-infographic/ •  http://www.carestreamdental.com/it/it-it/computedradiography •  http://www.kavo.it/Prodotti/Imaging-Radiologia/Tomografia-volumetrica-3D.aspx •  http://www.siriweb.com/wp/?product_cat=ecograf_multi •  http://cdn.bills.com/images/articles/originals/rate-lock.jpg •  http://www.ftsafe.com/product/otp/hotp •  https://www.hidglobal.com/partner-products/single-button-time-based-oath-otp •  http://www.solidpass.com/authentication-methods/time-synchronized-security-token.html •  http://www.partnerdata.it/prodotti/identificazione/one-time-pw/modelli-epass/ •  http://www.telos.com/secure-communications/secure-unified-directory/