Download presentation.


Published on

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Download presentation.

  1. 1. Information Security Research Division Information Security Research Division Dec. 18, 2007 Byung Gil Lee Privacy Management for Medical Service Application using Mobile Phone collaborated with RFID Reader
  2. 2. Contents <ul><li>Introduction </li></ul><ul><ul><li>Background of research </li></ul></ul><ul><li>Proposed u–Intelligent Hospital Service Model </li></ul><ul><ul><li>Service Requirement </li></ul></ul><ul><ul><li>Service Architecture </li></ul></ul><ul><li>Design and Implementation of u-IHS System </li></ul><ul><ul><li>Scenarios and system architecture for privacy managed medical service </li></ul></ul><ul><ul><li>Trial service in hospital </li></ul></ul><ul><li>Conclusion </li></ul>Information Security Research Division
  3. 3. Introduction <ul><li>Background of research </li></ul><ul><ul><li>Recently, RFID/sensor network technologies are increasingly being used in various applications , such as SCM(supply chain management) , warehouse management. </li></ul></ul><ul><ul><li>And also has great potential in medical and healthcare service. </li></ul></ul><ul><ul><li>In the hospital, most of medical accidents around patients are depended on mis-identification of patient or medical articles. </li></ul></ul><ul><ul><li>The accidents can be reduced, if information about the patient is managed automatically. </li></ul></ul>Information Security Research Division
  4. 4. Introduction (Cont.) <ul><li>Background of research(cont.) </li></ul><ul><ul><li>Privacy intrusion situation example : On the department store, bar, hotel, train etc, a malicious person sitting/standing next to you can read your belongings (with unprotected tags) informatio n to know how much you carry in your wallet, the credit card number, the size and the brand name of your underwear, the medicine you are taking and what kind of disease you have , etc. without being known to you [Information-Privacy] plus, adversary also trace you everywhere you go .[Location-Privacy] </li></ul></ul><ul><ul><li>Several approaches to RFID security and anonymity have been reported, </li></ul></ul><ul><ul><li>but privacy-aware security and user centric privacy control mechanism is not clearly defined. </li></ul></ul><ul><ul><li>In privacy aspect, unless these systems are properly designed and constructed, they can cause massive collateral damage to user’s privacy. </li></ul></ul><ul><ul><li>So, we propose a structure of protecting the privacy breach using by a profile based privacy management and customizing privacy preference in real-time. </li></ul></ul><ul><ul><li>As a useful application, we applied our system to the medical service in the hospital and related area by using privacy aware security system and privacy management mechanism. </li></ul></ul>Information Security Research Division
  5. 5. Information Security Research Division <ul><li>RFID system is consist of 4 ~ 6 basic elements, RFID tag embedded products, reader, RFID middle-ware, IS (Information Server) for product business data with code and the another accessing application </li></ul><ul><li>We can add to ONS (Object Name Service) system for IS lookup. </li></ul><ul><li>Sensor network is consist of 3 ~ 4 basic elements, sensor node, sink node middleware and information server. </li></ul>Introduction Basic RFID System and Sensor Network Sink Node Sensor Network USN Middleware Basic Sensor Network Basic RFID System
  6. 6. Information Security Research Division <ul><li>For user’s specific and interactive RFID service and user centric sensor network service, we also include a mobile terminal, integrated with RFID reader which is read RFID tag and perform the linked service. </li></ul><ul><li>Users can get the information resolve it by inquiring to a network through mobile network. </li></ul><ul><li>In the platform, WIPI(a kind of Korea’s mobile standard platform. It is based on Java platform) is used as a RFID and sensor platform. </li></ul>Introduction Local ODS National ODS Mobile RFID Service Discovery Gateway (Service Adaptation) Secure Mobile RFID Portal Information Service Secure M/W Security Lib RFID Reader Secure Tag Sensor Network Networked mobile RFID System and Sensor Network User ID CDMA WLAN WiBro Connected to networked Mobile RFID middleware
  7. 7. Information Security Research Division <ul><ul><li>Avoid collecting unnecessary private information in the ubiquitous system </li></ul></ul><ul><ul><li>Employ a controllable access control mechanism to the data collected in the RFID and sensor based system </li></ul></ul><ul><ul><li>Real-time and user centric privacy aware information processing </li></ul></ul><ul><ul><li>User auditable privacy management </li></ul></ul>Requirements <ul><li>Requirements of the Service in the Privacy Aspect </li></ul>Approach Strategy <ul><li>Strategy </li></ul><ul><ul><li>First step : Access control of patient information by default privacy policy (result of privacy impact assessment) </li></ul></ul><ul><ul><li>Second step : User controllable profile based privacy protection </li></ul></ul><ul><ul><li>Third step : Auditable privacy management </li></ul></ul>Adversary
  8. 8. Information Security Research Division Proposed Customizing Ubiquitous Hospital Model <ul><li>System for u-IHS consists of the following elements </li></ul><ul><ul><li>RFID patient Tag and sensor RFID asset Tag for easy finding of the asset location, . Capturing event : User, asset, etc. </li></ul></ul><ul><ul><li>. Sensing : User’s Location, user’s temperature, pulsation rate, blood sugar, etc. </li></ul></ul><ul><ul><li>RFID middleware/ Mobile RFID middleware </li></ul></ul><ul><ul><li>Sensor Middleware </li></ul></ul><ul><ul><li>IS server for RFID and sensor network </li></ul></ul><ul><ul><li>IHS Server </li></ul></ul><ul><ul><li>. Notifying : Patient’s emergency condition to doctor, patient’s 1 st aid information to 1 st aid staff </li></ul></ul><ul><ul><li>patient’s medical history information to 1 st aid or other hospital patient or asset Location to doctor, </li></ul></ul><ul><ul><li>results of the audit and user’s obligation to user(patient) </li></ul></ul><ul><ul><li>. Controlling : heating or air conditioning device, lighting device etc. </li></ul></ul>
  9. 9. Information Security Research Division Proposed Customizing Ubiquitous Hospital Model EMR PACS ERP CRM HL7 Information System Intra-Hospital App. Networked Emergency App. Networked Inter-Hospital App. Registration IS Consent by Patient Decision by doctor as a urgent patient Issue Tagged Card Patient Identification Privacy Profile Configure Access Control and Authorization RPS(RFID Privacy Service Manager) (for example : heart disease, cerebral hemorrhage) Service Architecture(Registration) <ul><li>RFID attached medical card can be issued, if a user has urgent disease and consent to issuing and privacy policy of the RFID emergency card for fast 1 st aid service </li></ul><ul><li>T he tag owner sets up his (or her) privacy policy for the tag in policy manager. The policy is consist of authority of access and the level of the privacy protection. </li></ul><ul><li>And back-end medical information server receive the query information and then analyzes the data received from the requester and provides information in accordance with the privacy level set previously in policy manager. </li></ul>
  10. 10. Networ k Check Tag Identification Medical Examination & Treatment Tag Recipient for comprehensive medical examination Proposed Customizing Ubiquitous Hospital Model Service Architecture 1(Comprehensive Medical Examination) Notify next examination room User : 1. Compare previous examination history 2. Check the next examination information 3. Check the related medical information
  11. 11. Information Security Research Division Service Architecture 2(1 st aid) Proposed Customizing Ubiquitous Hospital Model <ul><li>Registered urgent patient tag  captured by authorized emergency transportation staff ‘s reader . </li></ul><ul><li>Medical history based 1 st aid service is provided in the emergency situation </li></ul><ul><li>② Using the bio-sensor and RFID, patient’s medical real-time information is transfer to hospital and the doctor’s message is transfer to EV( transportation staff). </li></ul><ul><li>③ Using the RFID patient Tag, patient is verified for protection of medical error in treatment </li></ul><ul><li>④ The chartless service is performed by mobile RFID treatment terminal (Reader) in history in health inspection, ER/OR, word in hospital </li></ul>Network Patient Hospital (IS) Notification Service (GPS) MSDG Request Emergency Vehicular Location is displayed ! First 1 st aid message 2nd Medical History 3th Doctor ’ s Message CDMA SMS Privacy SMS Location Arrival to ER First aid service for emergency situation Medical Treatment Chartless Service By Mobile RFID Treatment Terminal Auth Check Coming in and out Transfer EV ’ s Location Emergency Room Medical Kiosk <ul><li>The target of this model is for successful emergency rescue service by making use of the patient tag and mobile RFID reader </li></ul>
  12. 12. RFID Privacy Management Service(RPS) <ul><li>Procedure to notify a privacy policy to application server and inquire procedure </li></ul><ul><li>Major Function of the RPS - Real-time notification - Profile and policy management - Registration and authentication - Obligation management - Audit Management </li></ul><Architecture of the RPS> Design and Implementation of the System
  13. 13. Information Security Research Division Mobile RFID Network Configuration Mobile Terminal Gateway Directory Hospital Emergency Transportation system(911) Privacy Management <ul><li>- IS(OIS) : (Object) Information Server </li></ul><ul><li>- ODS : Object Directory Service </li></ul><ul><li>MSDG : Medical Service Discovery Gateway </li></ul><ul><li>ET : Emergency Transportation - DI : Diagnosis and Inspection </li></ul><ul><li>ER : Emergency Room </li></ul><ul><li>PG : Payment Gateway </li></ul><ul><li>M/W : RFID middleware </li></ul>Fixed Terminal Fixed M/W System RFID (RPS) <ul><li>Consist of 6 parts </li></ul>Design and Implementation of the System
  14. 14. Ubiquitous Network Registration Hospital A Hospital B / Emergency agecy Medical Privacy Manager CERTIFICATE Audit : Policy and Result Setup Obligation 2. General Medical Privacy Manager Hospital CERTIFICATE Hospital CERTIFICATE Medical Privacy Manager CERTIFICATE Public Key /Private key 3. Medical Service Discovery Gateway 4. PKI Certificate Service Manager 1. RFID and Sensor based Ubiquitous Medical Service Broker (Audit, User Policy etc.) (Result etc.) (Result etc.) (Audit, User Policy etc.) Hospital CERTIFICATE (Request shared Medical Record) Hospital CERTIFICATE (Result) Security Association Model <ul><li>Compatibility and scalability in medical application may cause problems </li></ul>Context aware Model Design and Implementation of the System
  15. 15. Information Security Research Division Design and Implementation of the System Field Trial Service : Ulgi Hospital in Daejeon, Korea (2007) Comprehensive Medical Exam. In-Out Mgmt. in ER Patient Verification - PDA History Inquiry for Medical Exam. RFID KIOSK Result of Data Inquiry by Privacy Policy
  16. 16. Information Security Research Division <Management System of Emergency Room> <Auto Identification and Alarm> RFID Reader is installed in the Entrance of the ER. Check the Patient’s coming in and out and movement Design and Implementation of the System Patient’s Location, Discovered by LBS by Mobile Phone <Emergency Transportation IS> <Patient’s Medical Information for 1 st aid> Privacy Information Controlled by User’s Policy Caution Information in the 1 st aid Service for Special Patient ER and ET systems <ul><li>Patient management in ER </li></ul><ul><li>Alarm notification </li></ul><ul><li>Query of patient’s information in ET </li></ul>
  17. 17. Information Security Research Division <Kiosk> <Monitoring System> <Privacy Management System> Design and Implementation of the System Kiosk and RPS <ul><li>Kiosk for issue /kill of tag </li></ul><ul><li>Monitoring system and Privacy management </li></ul>
  18. 18. Information Security Research Division Conclusion <ul><li>We designed an intelligent medical application service by using privacy aware RFID and Sensor network system . </li></ul><ul><li>The advantages of this system are as follows : first, we provide privacy protection for personal data in medical environment. </li></ul><ul><li>And, user centric privacy management scheme can be achieved. </li></ul><ul><li>Second, advanced automatic identification processing in emergency situation can save the life of patient . </li></ul><ul><li>Third, medical working conditions are improved by utilizing the auto-identification of patient. </li></ul><ul><li>The suggested mechanism and system are effective solution for medical service in the ubiquitous environment . </li></ul>
  19. 19. Information Security Research Division Reference material
  20. 20. Information Security Research Division <ul><li>Freedom from intrusion </li></ul><ul><li>Control of information about oneself </li></ul><ul><li>Freedom from surveillance </li></ul>Privacy
  21. 21. Information Security Research Division <ul><li>PITs </li></ul><ul><ul><li>Invisible information gathering based on RFID tag </li></ul></ul><ul><ul><li>Secondary use, </li></ul></ul><ul><ul><li>Location privacy </li></ul></ul>Protecting Privacy Laws and Regulations Requiring Specific Consent Policies Businesses must us an opt-in policy Businesses must obtain consumer consent for each use of their personal information <ul><li>PETs </li></ul><ul><li>Encryption </li></ul><ul><li>Right to control his own information </li></ul>