A PROJECT REPORT ON CLOUD ASSISTED PRIVACY PRESERVING MOBILE HEALTH MONITORING

1. 1
1. INTRODUCTION
1.1 Introduction To The Project
To facilitate our discussion, we first elaborate our cloud assisted mHealth
monitoring system (CAM). CAM consists of four parties: the cloud server (simply the
cloud), the company who provides the mHealth monitoring service (i.e., the healthcare
service provider), the individual clients (simply clients), and a semi-trusted authority
(TA). The company stores its encrypted monitoring data or program in the cloud server.
Individual clients collect their medical data and store them in their mobile devices, which
then transform the data into attribute vectors. The attribute vectors are delivered as inputs
to the monitoring program in the cloud server through a mobile (or smart) device. A
semi-trusted authority is responsible for distributing private keys to the individual clients
and collecting the service fee from the clients according to a certain business model such
as pay-as-you-go business model. The TA can be considered as a collaborator or a
management agent for a company (or several companies) and thus shares certain level of
mutual interest with the company. However, the company and TA could collude to obtain
private health data from client input vectors. We assume a neutral cloud server, which
means it neither colludes with the company nor a client to attack the other side.
1.2 Objective
Cloud-assisted mobile health (mHealth) monitoring, which applies the prevailing
mobile communications and cloud computing technologies to provide feedback decision
support, has been considered as a revolutionary approach to improving the quality of
healthcare service while lowering the healthcare cost. Unfortunately, it also poses a
serious risk on both clients’ privacy and intellectual property of monitoring service
providers, which could deter the wide adoption of mHealth technology.
1.3 Scope
CAM consists of four parties: the cloud server (simply the cloud), the company who
provides the mHealth monitoring service (i.e., the healthcare service provider), the
individual clients (simply clients), and a semi-trusted authority (TA). The company stores
its encrypted monitoring data or program in the cloud server.

2. 2
2. LITERATURE SURVEY
Literature survey is the most important step in software development process.
Before developing the tool it is necessary to determine the time factor, economy n
company strength. Once these things are satisfied, then next steps are to determine which
operating system and language can be used for developing the tool. Once the
programmers start building the tool the programmers need lot of external support. This
support can be obtained from senior programmers, from book or from websites. Before
building the system the above consideration are taken into account for developing the
proposed system.
Overview
mHealth (also written as m-health or mobile health) is a term used for the
practice of medicine and public health, supported by mobile devices. The term is most
commonly used in reference to using mobile communication devices, such as mobile
phones, tablet computers and PDAs, for health services and information, but also to affect
emotional states. The mHealth field has emerged as a sub-segment of eHealth, the use of
information and communication technology (ICT), such as computers, mobile phones,
communications satellite, patient monitors, etc., for health services and information.
mHealth applications include the use of mobile devices in collecting community and
clinical health data, delivery of healthcare information to practitioners, researchers, and
patients, real-time monitoring of patient vital signs, and direct provision of care (via
mobile telemedicine).
While mHealth certainly has application for industrialized nations, the field has
emerged in recent years as largely an application for developing countries, stemming
from the rapid rise of mobile phone penetration in low-income nations. The field, then,
largely emerges as a means of providing greater access to larger segments of a population
in developing countries, as well as improving the capacity of health systems in such
countries to provide quality healthcare.

3. 3
Within the mHealth space, projects operate with a variety of objectives, including
increased access to healthcare and health-related information (particularly for hard-to-
reach populations); improved ability to diagnose and track diseases; timelier, more
actionable public health information; and expanded access to ongoing medical education
and training for health workers.
Branching Program
Formally describe the branching programs, which include binary classification or
decision trees as a special case. We only consider the binary branching program for the
ease of exposition since a private query protocol based on a general decision tree can be
easily derived from our scheme. Let v=(v1, · · · , vn) be the vector of clients’ attributes.
To be more specific, an attribute component vi is a concatenation of an attribute index
and the respective attribute value. For instance, A||KW1 might correspond to “blood
pressure: 130”. Those with a blood pressure lower than 130 are considered as normal, and
those above this threshold are considered as high blood pressure. Each attribute value is
an C-bit integer. In this paper, we choose C to be 32, which should provide enough
precision in most practical scenarios. A binary branching program is a triple ⟨{p1, · · · ,
pk}, L,R⟩. The first element is a set of nodes in the branching tree. The non-leaf node pi
is an intermediate decision node while leaf node pi is a label node. Each decision node is
a pair (ai, ti), where ai is the attribute index and ti is the threshold value with which vai is
compared at this node. The same value of ai may occur in many nodes, i.e., the same
attribute may be evaluated more than once. For each decision node i, L(i) is the index of
the next node if vai≤ ti; R(i) is the index of the next node if vai>ti. The label nodes are
attached with classification information. To evaluate the branching program on some
attribute vector v, we start with p1. If va1 ≤t1, seth= L(1), else h = R(1). Repeat the
process recursively for ph, and so on, until one of the leaf nodes is reached with decision
information.
Medinet: Personalizing the self-care process for patients with diabetes
and cardiovascular disease using mobile telephony
This paper describes MediNet, a mobile healthcare system that is being developed
to personalize the self-care process for patients with both diabetes and cardiovascular

4. 4
disease. These two diseases were chosen based on their interrelationship. Patients with
diabetes are at least twice as likely to have heart disease or a stroke as compared to
persons without diabetes. Furthermore, persons with diabetes also tend to develop heart
disease or have strokes at an earlier age than other people. MediNet uses a reasoning
engine to make recommendations to a patient based on current and previous readings
from monitoring devices connected to the patient and on information that is known about
the patient. It caters for the uniqueness of each patient by personalizing its
recommendations based on individual level characteristics of the patient, as well as on
characteristics that groups of patients tend to share.
Wireless technology in disease management and medicine
Healthcare information, and to some extent patient management, is progressing
toward a wireless digital future. This change is driven partly by a desire to improve the
current state of medicine using new technologies, partly by supply-and-demand
economics, and partly by the utility of wireless devices. Wired technology can be
cumbersome for patient monitoring and can restrict the behavior of the monitored
patients, introducing bias or artifacts. However, wireless technologies, while mitigating
some of these issues, have introduced new problems such as data dropout and
“information overload” for the clinical team. This review provides an overview of current
wireless technology used for patient monitoring and disease management. We identify
some of the major related issues and describe some existing and possible solutions. In
particular, we discuss the rapidly evolving fields of telemedicine and mHealth in the
context of increasingly resource-constrained healthcare systems.
Efficient protocol for privacy-preserving evaluation of diagnostic
programs, represented as binary decision trees or branching programs
We present an efficient protocol for privacy-preserving evaluation of diagnostic
programs, represented as binary decision trees or branching programs. The protocol
applies a branching diagnostic program with classification labels in the leaves to the
user's attribute vector. The user learns only the label assigned by the program to his
vector; the diagnostic program itself remains secret. The program's owner does not learn

5. 5
anything. Our construction is significantly more efficient than those obtained by direct
application of generic secure multi-party computation techniques.
We use our protocol to implement a privacy-preserving version of the Clarify system for
software fault diagnosis, and demonstrate that its performance is acceptable for many
practical scenarios.
Medinet: personalizing the self-care process for patients with diabetes
and cardiovascular disease using mobile telephony
Diagnostic and classification algorithms play an important role in data analysis,
with applications in areas such as health care, fault diagnostics, or benchmarking.
Branching programs (BP) is a popular representation model for describing the underlying
classification/diagnostics algorithms. Typical application scenarios involve a client who
provides data and a service provider (server) whose diagnostic program is run on client’s
data. Both parties need to keep their inputs private.
Present new, more efficient privacy-protecting protocols for remote evaluation of such
classification/diagnostic programs. In addition to efficiency improvements, we generalize
previous solutions – we securely evaluate private linear branching programs (LBP), a
useful generalization of BP that we introduce. Finally, we discover and fix a subtle
security weakness of the most recent remote diagnostic proposal, which allowed
malicious clients to learn partial information about the program.
Secure evaluation of private linear branching programs with medical
applications
This project investigates a novel computational problem, namely the Composite
Residuosity Class Problem, and its applications to public-key cryptography. We propose
a new trapdoor mechanism and derive from this technique three encryption schemes: a
trapdoor permutation and two homomorphic probabilistic encryption.

6. 6
Multidimensional range query over encrypted data
Present an identity-based cryptosystem that features fully anonymous cipher texts
and hierarchical key delegation. We give a proof of security in the standard model, based
on the mild Decision Linear complexity assumption in bilinear groups. The system is
efficient and practical, with small cipher texts of size linear in the depth of the hierarchy.
Applications include search on encrypted data, fully private communication, etc.
Our results resolve two open problems pertaining to anonymous identity-based
encryption, our scheme being the first to offer provable anonymity in the standard model,
in addition to being the first to realize fully anonymous HIBE at all levels in the
hierarchy.
Improved proxy re-encryption schemes with applications to secure
distributed storage
In a proxy re-encryption scheme a semi-trusted proxy converts a cipher text for
Alice into a cipher text for Bob without seeing the underlying plaintext. A number of
solutions have been proposed in the public-key setting. In this paper, we address the
problem of Identity-Based proxy re-encryption, where cipher texts are transformed from
one identity to another. Our schemes are compatible with current IBE deployments and
do not require any extra work from the IBE trusted-party key generator. In addition, they
are non-interactive and one of them permits multiple re-encryptions. Their security is
based on a standard assumption (DBDH) in the random oracle model.
Privacy is consideredone of the key challenges when moving services to
the Cloud.
Solution like access control are brittle, while fully homomorphic encryption that
is hailed as the silver bullet for this problem is far from practical. But would fully
homomorphic encryption really be such an effective solution to the privacy problem?
And can we already deploy architectures with similar security properties? We propose
one such architecture that provides privacy, integrity and leverages the Cloud for
availability while only using cryptographic building blocks available today.

7. 7
3. SYSTEMANALYSIS
3.1 Existing System
Existing Cloud-assisted mobile health (mHealth) monitoring, which applies the
prevailing mobile communications and cloud computing technologies to provide
feedback decision support, has been considered as a revolutionary approach to
improving the quality of healthcare service while lowering the healthcare cost.
Unfortunately, it also poses a serious risk on both clients’ privacy and intellectual
property of monitoring service providers, which could deter the wide adoption of
mHealth technology.
Disadvantages
1. Existing privacy laws such as HIPAA (Health Insurance Portability and
Accountability Act) provide baseline protection for personal health record, they are
generally considered not applicable or transferable to cloud computing
environments.
3.2 Proposed System
CAM consists of four parties: the cloud server (simply the cloud), the company
who provides the mHealth monitoring service (i.e.,the healthcare service provider), the
individual clients (simply clients), and a semi-trusted authority (TA). The company stores
its encrypted monitoring data or program in the cloud server. Individual clients collect
their medical data and store them in their mobile devices, which then transform the data
into attribute vectors. The attribute vectors are delivered as inputs to the monitoring
program in the cloud server through a mobile (or smart) device. A semi-trusted authority
is responsible for distributing private keys to the individual clients and collecting the
service fee from the clients according to a certain business model such as pay-as-you-go
business model. The TA can be considered as a collaborator or a management agent for a
company (or several companies) and thus shares certain level of mutual interest with the
company. However, the company and TA could collude to obtain private health data
from client input vectors.

8. 8
Advantages
1. Reducing the computational and communication burden on clients and the cloud.
2. The cloud cannot know anything about the user’s search privacy, access privacy.
3.3 Module Description
Branching Program
Formally describe the branching programs, which include binary classification
or decision trees as a special case. We only consider the binary branching program for the
ease of exposition since a private query protocol based on a general decision tree can be
easily derived from our scheme. Let v be the vector of clients’ attributes. To be more
specific, an attribute component vi is a concatenation of an attribute index and the
respective attribute value. For instance, A||KW1 might correspond to “blood pressure:
130”. Those with a blood pressure lower than 130 are considered as normal, and those
above this threshold are considered as high blood pressure. The first element is a set of
nodes in the branching tree. The non-leaf node pi is an intermediate decision node while
leaf node pi is a label node. Each decision node is a pair (ai, ti), where ai is the attribute
index and ti is the threshold value with which vai is compared at this node. The same
value of ai may occur in many nodes, i.e., the same attribute may be evaluated more than
once. For each decision node i, L(i) is the index of the next node if vai≤ ti; R(i) is the
index of the next node if vai>ti. The label nodes are attached with classification
information. Repeat the process recursively for ph, and so on, until one of the leaf nodes
is reached with decision information.
Token Generation
To generate the private key for the attribute vector v=(v1, · · · , vn), a client first
computes the identity representation set of each element in v and delivers all the n
identity representation sets to TA. Then TA runs the AnonExtract(id, msk) on each
identity id ∈ Svi in the identity set and delivers all the respective private keys skvi to the
client.
Query
A client delivers the private key sets obtained from the TokenGen algorithm to
the cloud, which runs the AnonDecryption algorithm on the cipher text generated in the

9. 9
Store algorithm. Starting from p1, the decryption result determines which cipher text
should be decrypted next. For instance, if v1 ∈[0, t1], then the decryption result indicates
the next node index L(i). The cloud will then use skv(L(i)) to decrypt the subsequent
cipher textCL(i). Continue this process iteratively until it reaches a leaf node and decrypt
the respective attached information.
Semi Trusted Authority
A semi-trusted authority is responsible for distributing private keys to the
individual clients and collecting the service fee from the clients according to a certain
business model such as pay-as-you-go business model. The TA can be considered as a
collaborator or a management agent for a company (or several companies) and thus
shares certain level of mutual interest with the company. However, the company and TA
could collude to obtain private health data from clientinput vectors.
3.4 System Architecture
Fig 3.4: CAM Architecture

10. 10
Cloud assisted mHealth monitoring system (CAM). CAM consists of four parties:
the cloud server (simply the cloud), the company who provides the mHealth monitoring
service ( i.e., the healthcare service provider), the individual clients ( simply clients), and
a semi-trusted authority (TA). The company stores its encrypted monitoring data or
program in the cloud server. Individual clients collect their medical data and store them
in their mobile devices, which then transform the data into attribute vectors. The attribute
vectors are delivered as inputs to the monitoring program in the cloud server through a
mobile (or smart) device. A semi-trusted authority is responsible for distributing private
keys to the individual clients and collecting the service fee from the clients according to a
certain business model such as pay-as-you-go business model.
3.5 Requirement Specifications
H/W System Configuration
Processor - Pentium –III
Speed - 1.1 Ghz
RAM - 256 MB(min)
Hard Disk - 20 GB
Floppy Drive - 1.44 MB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
S/W System Configuration
Operating System : Windows XP
Application Server : Tomcat5.0/6.X
Front End : HTML, Java, Jsp
Scripts : JavaScript.
Server side Script : Java Server Pages.
Database : Mysql
Database Connectivity : JDBC.

11. 11
3.6 Feasibility Study
3.6.1 Introduction
A feasibility study is a high-level capsule version of the entire System analysis
and Design Process. The study begins by classifying the problem definition. Feasibility is
to determine if it’s worth doing. Once an acceptance problem definition has been
generated, the analyst develops a logical model of the system. A search for alternatives is
analyzed carefully.There are 3 parts in feasibility study.
3.6.2 Technical Feasibility
Evaluating the technical feasibility is the trickiest part of a feasibility study. This
is because, at this point in time, not too many detailed design of the system, making it
difficult to access issues like performance, costs on (on account of the kind of technology
to be deployed) etc. A number of issues have to be considered while doing a technical
analysis. Understand the different technologies involved in the proposed system before
commencing the project we have to be very clear about what are the technologies that are
to be required for the development of the new system. Find out whether the organization
currently possesses the required technologies. Is the required technology available with
the organization.
3.6.3 Economic Feasibility
Economic feasibility attempts to weigh the costs of developing and implementing
a new system, against the benefits that would accrue from having the new system in
place. This feasibility study gives the top management the economic justification for the
new system. A simple economic analysis which gives the actual comparison of costs and
benefits are much more meaningful in this case. In addition, this proves to be a useful
point of reference to compare actual costs as the project progresses. These could include
increased customer satisfaction, improvement in product quality better decision making
timeliness of information, expediting activities, improved accuracy of operations, better
documentation and record keeping, faster retrieval of information, better employee
morale.

12. 12
3.6.4 Operational Feasibility
Proposed project is beneficial only if it can be turned into information systems
that will meet the organizations operating requirements. Simply stated, this test of
feasibility asks if the system will work when it is developed and installed. Are there
major barriers to Implementation? Here are questions that will help test the operational
feasibility of a project:
Is there sufficient support for the project from management from users? If the
current system is well liked and used to the extent that persons will not be able to see
reasons for change, there may be resistance.
Are the current business methods acceptable to the user? If they are not, Users
may welcome a change that will bring about a more operational and useful systems.

13. 13
4. SYSTEM DESIGN
4.1 UML Diagrams
Introduction to Unified Modeling Language
UML stands for Unified Modeling Language. It represents a unification of the
concepts. It is a common language for creating models of objects oriented computer
software. The UML notation is rich and full bodied. It is comprised of two major
subdivisions. There is a notation for modeling the static elements of a design such as
classes, attributes, and relationships. There is also a notation for modeling the dynamic
elements of a design such as objects, messages, and finite state machines.
Relationships in General
Relationships are used in structural models to show semantic connections between
model elements. A dependency is what The Unified Modeling Language.
User Guide calls a "using" Relationship one in which the connection between two
things means that if one changes. it affects the other Dependencies can be used to identify
connections between a variety of model elements, packages being a notable example.
These are unidirectional relationships.
Dependency
A generalization is a relation between two elements, in which one is a more
general form of the there. Class inheritance is represented this way, but generalization
can be used more generally. Again, packages are an example.
Generalization

14. 14
An association is what the UML calls a structural relationship, mapping one
object to another set of objects. It is also used to identify the communication path
between an actor and a use case.
Association
A realization is a type of dependency relationship that identifies a contractual link
between elements—a realizing element. For example, a class implements the behaviors in
a specifying element; in this case, it is an interface .A realization also links use cases and
collaborations.
Realization
A composition is an aggregation that has strong ownership of its parts. Therefore,
if the whole element disappears.
Composition
An aggregation represents a whole-part relationship. This contrasts with a plain
association, which shows a relationship among/between peers, depending on the number
in an aggregation, one element is the whole and the other(s) are the parts.
Aggregation
4.1.1 Usecase Diagram
The Use case diagram is used to identify the primary elements and processes that
form the system. The primary elements are termed as "actors" and the processes are
called "use cases".

15. 15
A use case diagram is a graph of actors, a set of use cases enclosed by a system
boundary, communication (participation) associations between the actors and users and
generalization among use cases. The use case model defines the outside (actors) and
inside (use case) of the system’s behavior.
The Use case diagram shows which actors interact with each use case. For use case-
driven development, the use case diagram is the keystone of the modeling effort.
These include the following
 Associations between the actors and the use cases.
 Generalizations between the actors.
 Generalizations, extends, and includes relationships among the use cases.
Use cases
A use case describes a sequence of actions that provide something of measurable
value to an actor and is drawn as a horizontal ellipse.
Actor
An actor is a person, organization, or external system that plays a role in one or
more interactions with your system. Actors are drawn as stick figures.
Association
Associations between actors and use cases are indicated in use case diagrams by
solid lines. An association exists whenever an actor is involved with an interaction
described by a use case.
Association
Use case relationships can be one of the following
Include

16. 16
When a use case is depicted as using the functionality of another use case in a
diagram, this relationship between the use cases is named as an include relationship. An
include relationship is depicted with a directed arrow having a dotted shaft. The
stereotype "<<include>>" identifies the relationship as an include relationship.
Extend
In an extend relationship between two use cases, the child use case adds to the
existing functionality and characteristics of the parent use case.
An extend relationship is depicted with a directed arrow having a dotted shaft,
similar to the include relationship. The stereotype "<<extend>>" identifier
Fig: 4.1.1: use case diagram
generateToken
STA
viewUsersearch
graphicalView
extractResult
sendQuery USER
addPost
addDescription
addTitles
PROVIDER

17. 17
This figure illustrates the various types of actions performed by the user ,sta and
provider.
4.1.2 Class Diagram
UML Class diagram shows the static structure of the model. The class diagram is
a collection of static modeling elements, such as classes and their relationships,
connected as a graph to each other and to their contents. For traditional object-oriented
development, the class diagram is the keystone for the system model. In UML terms, it is
a view of the static structural model. The purpose of a class diagram is to depict the
classes within a model. In an object oriented application, classes have attributes (member
variables), operations (member functions) and relation-ships with other classes.

18. 18
Fig 4.1.2: Class Diagram
This Figure illustrates the variables and functions of the classes login,sta and provider.

19. 19
4.1.3 Sequence Diagram
Sequence diagram are an easy and intuitive way of describing the behavior of a
system by viewing the interaction between the system and its environment. A Sequence
diagram shows an interaction arranged in a time sequence. A sequence diagram has two
dimensions: vertical dimension represents time; the horizontal Dimension represents
different objects. The vertical line is called is the object’s life line. The lifeline represents
the object’s existence during the interaction.
Fig 4.1.3: Sequence diagram
This figure illustrates the actions from one object to another object. The objects
are user, sta and provider. The messages are shown above.
4.1.4 Collaboration Diagram
The collaboration diagram represents a collaboration, which is a set of objects,
Related in a particular context, and interaction, which is a set of messages exchanged
among the objects within the collaboration to achieve a designed Outcome.
useruser stasta cloudcloud providerprovider
addTitle
addDescription
addPost
sendQuery
generateToken
viewToken
extractResult
userDetails
graphicalView
userSearch

20. 20
Fig 4.1.4: Collaboration Diagram
The Fig 4 is same as the Fig 5 is also the illustrates the messages from one object
to another object.
4.1.5 Activity Diagram
The purpose of activity diagram is to provide a view of flows and what is going
on inside a use case or among several classes. Activity diagram can also be used to
represent a class’s method implementation. A token represents an operation. An activity
is shown as a round box containing the name of the operation. An outgoing solid arrow
attached to the end of activity symbol indicates a transition triggered by the completion.
user sta
cloud provider
4: sendQuery
6: viewToken
7: extractResult
9: graphicalView
5: generateToken
1: addTitle
2: addDescription
3: addPost
8: userDetails
10: userSearch

21. 21
Fig 4.1.5: Activity Diagram
This figure illustrates the activities of user, sta and provider.
start
sendQuery
viewToken
resultExtra
ct
graphicalVi
ew
viewToken
Request
generateTo
ken
sendTokent
ouser
addTitle
addDescrip
tion
addPost
userSearch
userDetails
staLogin
userLogin providerLogin
endProcess

22. 22
5. IMPLEMENTATION
Implementation is the stage of the project when the theoretical design is turned
out into a working system. Thus it can be considered to be the most critical stage in
achieving a successful new system and in giving the user, confidence that the new system
will work and be effective.
The implementation stage involves careful planning, investigation of the existing
system and it’s constraints on implementation, designing of methods to achieve
changeover and evaluation of changeover methods.
5.1 Introduction To Java
About Java
Initially the language was called as “oak” but it was renamed as “java” in
1995.The primary motivation of this language was the need for a platform-independent
(i.e. architecture neutral) language that could be used to create software to be embedded
in various consumer electronic devices.
The Java programming language is a high-level language that can be
characterized by all of the following buzzwords: Simple, Architecture neutral, Object
oriented, Portable, Distributed, High performance, Interpreted, Multithreaded, Robust,
Dynamic and Secure.
Simple
Java was designed to be easy for the Professional programmer to learn and to use
effectively. If you are an experienced C++ Programmer. Learning Java will oriented
features of C++. Most of the confusing concepts from C++ are either left out of Java or
implemented in a cleaner, more approachable manner. In Java there are a small number
of clearly defined ways to accomplish a given task.
Object oriented
Java was not designed to be source-code compatible with any other language. This
allowed the Java team the freedom to design with a blank state. One outcome of this was
a clean usable, pragmatic approach to objects. The object model in Java is simple and
easy to extend, while simple types, such as integers, are kept as high-performance non-
objects.

23. 23
Robust
The multi-platform environment of the web places extraordinary demands on a
program, because the program must execute reliably in a variety of systems. The ability
to create robust programs was given a high priority in the design of Java. Java is strictly
typed language; it checks your code at compile time and runtime. Java virtually
eliminates the problems of memory management and deal location, which is completely
automatic. In a well-written Java program, all run-time errors can and should be managed
by your program.
With most programming languages, you either compile or interpret a program so
that you can run it on your computer. The Java programming language is unusual in that
a program is both compiled and interpreted. With the compiler, first you translate a
program into an intermediate language called Java byte codes —the platform-
independent codes interpreted by the interpreter on the Java platform. The interpreter
parses and runs each Java byte code instruction on the computer. Compilation happens
just once; interpretation occurs each time the program is executed. The following figure
illustrates how this works.
Fig 5.1: compiling and interpreting java source code
Importance of Java to the Internet
Java has had a profound effect on the Internet. This is because; java expands the
Universe of objects that can move about freely in Cyberspace. In a network, two
categories of objects are transmitted between the server and the personal computer. They
are passive information and Dynamic active programs. in the areas of Security and

24. 24
probability. But Java addresses these concerns and by doing so, has opened the door to an
exciting new form of program called the Applet.
Applications and applets
An application is a program that runs on our Computer under the operating system of
that computer. It is more or less like one creating using C or C++ .Java’s ability to create
Applets makes it important. An Applet I san application, designed to be transmitted over
the Internet and executed by a Java-compatible web browser. An applet I actually a tiny
Java program, dynamically downloaded across the network, just like an image. But the
difference is, it is an intelligent program, not just a media file. It can be react to the user
input and dynamically change.
How Will Java Technology Change My Life?
We can’t promise you fame, fortune, or even a job if you learn the Java
programming language. Still, it is likely to make your programs better and requires less
effort than other languages. We believe that Java technology will help you do the
following:
Get started quickly: Although the Java programming language is a powerful object-
oriented language, it’s easy to learn, especially for programmers already familiar with C
or C++.
Write less code: Comparisons of program metrics (class counts, method counts, and so
on) suggest that a program written in the Java programming language can be four times
smaller than the same program in C++.
Write better code: The Java programming language encourages good coding practices,
and its garbage collection helps you avoid memory leaks. Its object orientation, its
JavaBeans component architecture, and its wide-ranging, easily extendible API let you
reuse other people’s tested code and introduce fewer bugs.

25. 25
Develop programs more quickly: Your development time may be as much as twice as
fast versus writing the same program in C++. Why? You write fewer lines of code and it
is a simpler programming language than C++.
Avoid platform dependencies with 100% Pure Java: You can keep your program
portable by avoiding the use of libraries written in other languages. The 100% Pure Java
TM Product Certification Program has a repository of historical process manuals, white
papers, brochures, and similar materials online.
Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
Distribute software more easily: You can upgrade applets easily from a central server.
Applets take advantage of the feature of allowing new classes to be loaded “on the fly,”
without recompiling the entire program.
5.2 SERVLETS/JSP
Introduction
A Servlet is a generic server extension. A Java class that can be loaded
dynamically to expand the functionality of a server. Servlets are commonly used with
web servers. Where they can take the place CGI scripts. A servlet is similar to proprietary
server extension, except that it runs inside a Java Virtual Machine (JVM) on the server,
so it is safe and portable Servlets operate solely within the domain of the server. Unlike
CGI and Fast CGI, which use multiple processes to handle separate program or separate
requests, separate threads within web server process handle all servlets. This means that
servlets are all efficient and scalable.
Servlets are portable both across operating systems and also across web servers.
Java Servlets offer the best possible platform for web application development. Servlets
are used as replacement for CGI scripts on a web server, they can extend any sort of
server such as a mail server that allows servelts extend its functionality perhaps by
performing virus scan on all attached documents or handling mail filtering tasks.

26. 26
Servlets provide a Java-based solution used to address the problems currently associated
with doing server-side programming including inextensible scripting solutions platform-
specific API’s and incomplete interface.
Servlets are objects that conform to a specific interface that can be plugged
into a Java-based server. Servlets are to the server-side what applets are to the server-
side what applets are to the client-side-object byte codes that can be dynamically loaded
off the net. They differ form applets in than they are faceless objects(with out graphics or
a GUI component).They serve as platform independent, dynamically loadable,plugable
helper byte code objects on the server side that can be used to dynamically extend
server-side functionality.
Advantages of the Servlet API
One of the great advantages of the servlet API is protocol independent. It assumes
nothing about:
 The protocol being used to transmit on the net.
 How it is loaded.
Features of Servlets
 Servlets are persistent. Servlet are loaded only by the web server and can maintain
services between requests.
 Servlets are fast. Since servlets only need to be lloaded once, they offer much
better performance over their CGI counterparts.
 Servlets are platform independent.
 Servlets are extensible Java is a robust, object-oriented programming language,
which easily can be extended to suit your needs.
 Servlets are secure
 Servlets are used with a variety of client.
Servlets are classes and interfaces from tow packages, javax .servlet and
javax.servlet.http. Thejava.servlet package contains classes t support generic, protocol-
independent servlets.The classes in the javax.servelt.http package To and HTTP specific
functionality extend these classes

27. 27
Every servlet must implement the javax.serveltinterface. Most servlets implement it
by extending one of two classes.javax.servlet.GenericServlet or
javax.servlet.http.HttpServlet.A protocol-independent servlet should subclass Generic-
Servlet.while an Http servlet should subclass HttpServlet, which is itself a subclass of
Generic-servlet with added HTTP-specific functionality.
Unlike a java program, a servlet does not have a main() method,Instead the server in
the process of handling requests invoke certain methods of a servlet.Each time the server
dispatches a request to a servlet, it invokes the servelts Service() method,
A generic servlet should override its service() method to handle requests as
appropriate for the servlet.The service() accepts two parameters a request object and a
response object .The request object tells the servlet about the request, while the response
object is used to return a response
In Contrast.anHttp servlet usually does not override the service() method.Instead it
overrides doGet() to handle GET requests and doPost() to handle Post requests. An Http
servlet can override either or both of these modules the service() method of Http Servlet
handles the setup and dispatching to all the doXXX() methods.which is why it usually
should not be overridden.
The remainders in the javax.servlet and javax.servlet.http.package are largely support
classes .The ServletRequest and ServletResponse classes in javax.servlet provide access
to generic server requests and responses while HttpServletRequest and
HttpServletResponse classes in javax.servlet provide access to generic server requests
and responses while and HttpServletResponse in javax.servlet.http provide access a
HTTP requests and responses . The javax.servlet.http provide contains an HttpSession
class that HttpServletRequest provides built-in session tracking functionality and Cookie
class that allows quickly setup and processing HttpCookies.
Loading Servlets
Servlets can be loaded from their places. From a directory that is on the
CLASSPATH. The CLASSPATH of the JavaWebServer includes service root/classes/,
which is where the system classes reside
From the <SERVICE_ROOT/servlets/directory.This is not in the server’s
classpath. A class loader is used to create servlets form this directory. New servlets can

28. 28
be added-existing servlets can be recompiled and the server will notice these changes.
From a remote location.For this a code base like http://nine.eng/classes/foo/ is required in
addtion to the servlet’s class name.Refer to the admin Gui docs on servlet section to see
how to set this up.
 Loading Remote Servlets
 Remote servlets can be loaded by:
 Configuring the admin Tool to setup automatic loading of remote servlets.
 Selecting up server side include tags in .html files
 Defining a filter chain Configuration.
Invoking Servlets
A servlet invoker is a servlet that invokes the “server” method on a named servlet.If
the servlet is not loaded in the server,then the invoker first loades the servlet(either form
local disk or from the network) and the then invokes the “service” method.Also like
applets,local servlets in the server can be identified by just the class name.In other
words, if a servlet name is not absolute.it is treated as local.
 A Client can Invoke Servlets in the Following Ways:
 The client can ask for a document that is served by the servlet.
 The client(browser) can invoke the servlet directly using a URL, once it
has been mapped using the SERVLET ALIASES Section of the admin
GUI.
 The servlet can be invoked through server side include tags.
 The servlet can be invoked by placing it in the servlets/directory
 The servlet can be invoked by using it in a filter chain
The Servlet Life Cycle
The Servlet life cycle is one of the most exciting features of Servlets.This life cycle is
a powerful hybrid of the life cycles used in CGI programming and lower-level NSAPI
and ISAPI programming.The servlet life cycle allows servlet engines to address both the
performance and resource problems of CGI and the security concents of low level server
API programming.Servlet life cycle is highly flexible Servers hava significant leeway in
how they choose to support servlets.The only hard and fast rule is that a servlet engine
must confor to the following life cycle contact:

29. 29
 Create and initialize the servlets.
 Handle zero or more service from clients.
 Destroy the servlet and then garbage Collects it.
It’s perfectly legal for a servlet t be loaded, created an initialzed in its own
JVM,only to be destroyed an dgarbage collected without hancdling any clientrequest or
after handling just one request.The most common and most sensible life cycle
implemntations for HTTP servelts are:
Single java virtual machine and astatine persistence.
Init and Destroy
Just like Applets servlets can define init() and destroy() methods, A servlets
init(ServiceConfig) method is called by the server immediately after the server constructs
the servlet’s instance.Depanding on the server and its configuration, this can be at any of
these times
 When the server states.
 When the servlet is first requested, just before the service() method is
invoked.
 At the request of the server administrator.
In any case, Init() is guaranteed to be called before the servlet handles its first
request.Theinit( ) method is typically used to perform servlet initialization creating or
loading objects that are used by the servlet in handling of its request. In order to
providing a new servlet any information about itself and its environment, a server has to
call a serveltsinit( ) method and pass an object that implement the ServletConfig
interface.
This ServletConfig object supplies a servlet with information about its
initialization parameters.These parameters are given to the servlets and are not associated
with any single request.They can specify initial values, such as where a counter should
begin counting, or default values, perhaps a template .
5.3 JDBC
In an effort to set an independent database standard API for Java; Sun
Microsystems developed Java Database Connectivity, or JDBC. JDBC offers a generic

30. 30
SQL database access mechanism that provides a consistent interface to a variety of
RDBMSs. This consistent interface is achieved through the use of “plug-in” database
connectivity modules, or drivers. If a database vendor wishes to have JDBC support, he
or she must provide the driver for each platform that the database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC.
As you discovered earlier in this chapter, ODBC has widespread support on a variety of
platforms. Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market
much faster than developing a completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public
review that ended June 8, 1996. Because of user input, the final JDBC v1.0 specification
was released soon after.
The remainder of this section will cover enough information about JDBC for you to know
what it is about and how to use it effectively. This is by no means a complete overview of
JDBC. That would fill an entire book.
JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that,
because of its many goals, drove the development of the API. These goals, in conjunction
with early reviewer feedback, have finalized the JDBC class library into a solid
framework for building database applications in Java.
The goals that were set for JDBC are important. They will give you some insight as to
why certain classes and functionalities behave the way they do. The eight design goals
for JDBC are as follows:
SQL Level API: The designers felt that their main goal was to define a SQL interface for
Java. Although not the lowest database interface level possible, it is at a low enough level
for higher-level tools and APIs to be created. Conversely, it is at a high enough level for
application programmers to use it confidently. Attaining this goal allows for future tool
vendors to “generate” JDBC code and to hide many of JDBC’s complexities from the end
user.

31. 31
SQL Conformance: SQL syntax varies as you move from database vendor to database
vendor. In an effort to support a wide variety of vendors, JDBC will allow any query
statement to be passed through it to the underlying database driver. This allows the
connectivity module to handle non-standard functionality in a manner that is suitable for
its users.
JDBC can be implemented on top of common interface: The JDBC SQL API must
“sit” on top of other common SQL level APIs. This goal allows JDBC to use existing
ODBC level drivers by the use of a software interface. This interface would translate
JDBC calls to ODBC and vice versa.
Provide a Java interface that is consistent with the rest of the Java system: Because
of Java’s acceptance in the user community thus far, the designers feel that they should
not stray from the current design of the core Java system.
Keep it simple: This goal probably appears in all software design goal listings. JDBC is
no exception. Sun felt that the design of JDBC should be very simple, allowing for only
one method of completing a task per mechanism. Allowing duplicate functionality only
serves to confuse the users of the API.
Use strong, static typing wherever possible: Strong typing allows for more error
checking to be done at compile time; also, less error appear at runtime.
Keep the common cases simple: Because more often than not, the usual SQL calls used
by the programmer are simple SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these
queries should be simple to perform with JDBC. However, more complex SQL
statements should also be possible.

32. 32
5.4 HTML
Hypertext Markup Language(HTML), the languages of the world wide web(WWW),
allows users to produces web pages that included text, graphics and pointer to other web
pages (Hyperlinks).HTML is not a programming language but it is an application of ISO
Standard 8879,SGML(Standard Generalized Markup Language),but Specialized to
hypertext and adapted to the Web. The idea behind Hypertext one point to another point.
We can navigate through the information based on out interest and preference. A markup
language is simply a series of items enclosed within the elements should be displayed.
Hyperlinks are underlined or emphasized works that load to other documents or some
portions of the same document.Html can be used to display any type of document on the
host computer, which can be geographically at a different location. It is a versatile
language and can be used on any platform or desktop
HTML provides tags(special codes) to make the document look attractive.
HTML provides are not case-sensitive. Using graphics, fonts, different sizes, color,
etc..canenhance the presentation of the document.
That is not a tag is part of the document itself.
Basic Html Tags
<!-- --> Specific Comments.
<A>………</A> Creates Hypertext links.
<B>………</B> Creates hypertext links.
<Big>……..</Big> Formats text in large-font
<Body>…….</Body> contains all tags and text in the Html-document
<Center>……</Center> Creates Text
<DD>………..</DD> Definition of a term.
<TABLE>……</TABLE> creates table
<Td>………..</Td> indicates table data in a table.
<Tr>………..</Tr> designates a table row
<Th>……….</Th> creates a heading in a table.

33. 33
Advantages
 A HTML document is small and hence easy to send over the net.It is small
because it does not include formatted information.
 HTML is platform independent.
 HTML tags are not case-sensitive.
Java Script
The Java Script Language
JavaScript is a compact , object-based scripting language for developing client
and server internet applications. Netscape Navigator 2.0 interprets JavaScript statements
embedded directly in an HTML page. and Livewire enables you to create server-based
applications similar to common gateway interface(cgi) programs. In a client application
for Navigator, JavaScript statements embedded in an HTML Page can recognize and
respond to user events such as mouse clicks formInput, and page navigation. For
example, you can write a JavaScript function to verify that users enter valid information
into a form requesting a telephone number or zip code. Without any network
transmission, an Html page with embedded Java Script can interpret the entered text and
alert the user with a message dialog if the input is invalid or you can use JavaScript to
perform an action (such as play an audio file, execute an applet, or communicate with a
plug-in) in response to the user opening or exiting a page.

34. 34
6. SCREEN SHOTS
Fig 6.1:CAM branching program

35. 35
Fig 6.2: provider login page

36. 36
Fig 6.3 provider viewing medical details

37. 37
Fig 6.4: view medical details

38. 38
Fig 6.5: provider add medical details

39. 39
Fig 6.6: add medical details

40. 40
Fig 6.7: viewing medical details by provider

41. 41
Fig 6.8: new user registration

42. 42
Fig 6.9: user login page

43. 43
Fig 6.10: user query

44. 44
Fig 6.11: viewing pending token

45. 45
Fig 6.12: sta login page

46. 46
Fig 6.13: token generation by sta

47. 47
Fig 6.14: token generation and sending to appropriate user

48. 48
Fig 6.15: viewing token details

49. 49
Fig 6.16: extracting the query result by using token

50. 50
Fig 6.17: viewing query result and its description by user

51. 51
Fig 6.18: viewing query result and its description in graphical view by user

52. 52
7. SYSTEM TESTING
7.1 Introduction
The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, subassemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.
7.2 Types of Tests
Unit Testing
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program inputs produce valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit
before integration. This is a structural testing, that relies on knowledge of its construction
and is invasive. Unit tests perform basic tests at component level and test a specific
business process, application, and/or system configuration. Unit tests ensure that each
unique path of a business process performs accurately to the documented specifications
and contains clearly defined inputs and expected results.
Integration Testing
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned with
the basic outcome of screens or fields. Integration tests demonstrate that although the
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is specifically
aimed at exposing the problems that arise from the combination of components.
Functional Test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system documentation,
and user manuals.

53. 53
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures : interfacing systems or procedures must be invoked.
Organization and preparation of functional tests is focused on requirements, key
functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes must
be considered for testing. Before functional testing is complete, additional tests are
identified and the effective value of current tests is determined.
System Testing
System testing ensures that the entire integrated software system meets requirements.
It tests a configuration to ensure known and predictable results. An example of system
testing is the configuration oriented system integration test. System testing is based on
process descriptions and flows, emphasizing pre-driven process links and integration
points.
White Box Testing
White Box Testing is a testing in which in which the software tester has knowledge
of the inner workings, structure and language of the software, or at least its purpose. It is
purpose. It is used to test areas that cannot be reached from a black box level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most other
kinds of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document.

54. 54
7.3 Mode of Testing
7.3.1 Unit Testing
Unit testing is usually conducted as part of a combined code and unit test phase of
the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.
Test strategy and approach
Field testing will be performed manually and functional tests will be written in
detail.
Test objectives
 All field entries must work properly.
 Pages must be activated from the identified link.
Features to be Tested
 Verify that the entries are of the correct format
 No duplicate entries should be allowed
 All links should take the user to the correct page.
7.3.2 Integration Testing
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software
applications, e.g. components in a software system or – one step up – software
applications at the company level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
7.3.4 Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires
significant participation by the end user. It also ensures that the system meets the
functional requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

55. 55
7.4 Test Case Reports
TEST CASE
ID
TEST
CASE
NAME
TEST CASE
DESCRIPTION
EXPECTED
RESULT
ACTUAL
RESULT
S
T
A
T
U
S
TC_01 BRANCHIN
G
PROGRAM
WHICH INCLUDES
BINARY
CLASSIFICATION
OR DECISION
TREES
IT REACHES
DECISION
INFORMATION
DECITION
INFORMATION
IS REACHED
P
A
S
S
TC_02 TOKEN
GENERATI
ON
IT GENERATES
PRIVATE KEY TO
THE CLIENTS FOR
EXTRACTING
QUERY RESULTS
IT DELIVERS
THE
PRIVATE KEY
PRIVATE KEY
IS DELIVERED
P
A
S
S
TC_03 QUERY CLIENT DELIVERS
PRIVATE KEY
SETS TO THE
CLOUD
IT DECRYPTS
THE
RESPECTIVE
INFORMATION
RESPECTIVE
INFORMATION
CAN BE
DECRYPTED
P
A
S
S
TC_04 SEMI
TRUSTED
AUTHORIT
Y
TA CAN BE
CONSIDRED AS A
COLLABARATOR
OR
MANAGEMENT
AGENT FOR THE
COMPANIES
DISTRIBUTE
PRIVATE KEYS
TO CLIENTS
AND COLLECT
FEE FROM
CLIENTS
DISTRIBUTED
THE PRIVATE
KEYS TO
CLIENTS AND
THEN
COLLECTED
SERVICE FEE
FROM CLIENTS
P
A
S
S

56. 56
8. CONCLUSION
The design a cloud-assisted privacy preserving mobile health monitoring system,
called CAM, which can effectively protect the privacy of clients and the intellectual
proerty of mHealth service providers. To protect the clients’ privacy, we apply the
anonymous Boneh-Franklin identity based encryption (IBE) in medical diagnostic
branching programs. To reduce the decryption complexity due to the use of IBE, we
apply recently proposed decryption outsourcing with privacy protection to shift clients’
pairing computation to the cloud server. To protect mHeath service providers’ programs,
we expand the branching program tree by using the random permutation and randomize
the decision thresholds used at the decision branching nodes. Finally, to enable resource
constrained small companies to participate in mHealth business, our CAM design helps
them to shift the computational burden to the cloud by applying newly developed key
private proxy re-encryption technique. Our CAM has been shown to achieve the design
objective.