Guidelines for the technological development in the e-health application domain

  • 308 views
Uploaded on

Slides of the talk I gave the 18th of July 2014 about the activities I coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

Slides of the talk I gave the 18th of July 2014 about the activities I coordinates at the University of L'Aquila (Italy) in the context of the E-Health Technology industrial project.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
308
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
7
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1.     Guidelines for the technological development in the e-health application domain Ivano Malavolta Università degli Studi dell’Aquila
  • 2. Introduction Great progress in the health sector applied to etc. However, the health sector currently lags behind other sectors in the use of advanced data management software à there is great potential for rapid, sustained growth image acquisition image elaboration robotics
  • 3. Introduction The E-Health Technology project focusses on Remote assistance via mobile devices Modernization of business processes Design of new services in the cloud
  • 4. Introduction The role of University of L’Aquila in the project Research Prototypes development Research actions State of the art Architectural solutions
  • 5. Introduction In this talk we will present the main solutions for architecting an e-health software system in terms of its Security engineering Reliability assurance etc. Data management infrastructure
  • 6.     Remainder of the talk •  Introduction •  Cloud computing •  User authentication •  User authorization •  Data encryption •  Sensitive data separation •  Conclusions
  • 7. Cloud computing The use of computing power that is located “elsewhere”à in the cloud Advantages: no infrastructure elasticity low risk
  • 8. Cloud computing Challenges in the e-health application domain: Who can enter the system? Who can do what in the system? Who can read my data? Where is my data?
  • 9. User authentication Strong authentication is mandatory •  one possible implementation: two-factor + challenge-response Something you know Something you have ex. username and password ex. card or security token +
  • 10. OATH1 Open standard for the interoperability of authentication methods •  Supports both hardware and software implementations http://www.openauthentication.org/ Advantages: •  always with the user •  low investment risk •  scalable •  customizable •  no waiting time for issuing a new token
  • 11. User authorization Access control is the basis of Information Security prevent disclosure to unauthorized users prevent modification by unauthorized users Confidentiality Integrity
  • 12. XACML Open standard proposing •  a declarative language for defining access control policies •  a run-time architecture for enforcing the policies defining enforcing
  • 13. Data encryption Data encryption is the process of encoding messages or information in such a way that only authorized parties can read it In our project we encrypt data at two levels: prevent information disclosure while sending data prevent reading saved data in the database Communication Database
  • 14. Sensitive data separation Multi-tenant architecture with a dedicated database for each agency Advantages: •  data isolation ( required by law) •  customized services •  easy disaster recovery
  • 15. Conclusions (i)
  • 16. Conclusions (ii) What is not covered in this talk: •  digital documents with legal validity •  Analog copies of digital documents •  Graphometric signatures with legal validity These aspects are covered in our research article* * available also in English  
  • 17.     Contact Ivano Malavolta Università degli Studi dell’Aquila ivano.malavolta@univaq.it http://www.di.univaq.it/malavolta
  • 18. Images credits •  http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home •  https://www.tcnp3.com/home/cloud-technology/what-is-cloud-computing-infographic/ •  http://www.carestreamdental.com/it/it-it/computedradiography •  http://www.kavo.it/Prodotti/Imaging-Radiologia/Tomografia-volumetrica-3D.aspx •  http://www.siriweb.com/wp/?product_cat=ecograf_multi •  http://cdn.bills.com/images/articles/originals/rate-lock.jpg •  http://www.ftsafe.com/product/otp/hotp •  https://www.hidglobal.com/partner-products/single-button-time-based-oath-otp •  http://www.solidpass.com/authentication-methods/time-synchronized-security-token.html •  http://www.partnerdata.it/prodotti/identificazione/one-time-pw/modelli-epass/ •  http://www.telos.com/secure-communications/secure-unified-directory/