Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Qualcomm Life Connect 2013: 2net System Overview, Security and Privacy

  1. 1. #CONNECT2013 2net System Overview, Security and Privacy Rajeev Rajan Sr. Director, Product Management, Qualcomm Life
  2. 2. Session Agenda 2   •  Qualcomm  Life,  2net,  Healthy  Circles,  Qualcomm  Life   Ecosystem…High-­‐Level  Overview   •  2net  Product  Overview…The  Body’s  Systems   •  2net  Security  &  Privacy  Overview…The  Immune   System  
  3. 3. Our Mission Mobilize healthcare Our Vision A world with access to healthcare anytime, anywhere 3  
  4. 4. Low Energy 2net    Cloud   Pla-orm   Home    Hub   Sample  Scenario     Bill’s  blood  pressure  reading  is  collected  over  short-­‐ range  radio,  and  wirelessly  communicated  over  3G  by   his  2net  Home  Hub  to  the  2net  Cloud  Pla@orm,  to  be   delivered  to  his  doctor  thru  2net’s  Customers/Partners.   2net Customers/ PartnersCellular   3G   2net Use-Case 4  
  5. 5. Customer/In-­‐House   HealthyCircles ConnecIng  the  Care  Team  Accelerates  AdopIon   HIE/EHR   Clinical     Data   Lab  Results   Rx  Data   Tradi=onal  Healthcare  Se?ngs   EMR1   EMR2   5  
  6. 6. Qualcomm Life Ecosystem Note:  Both  the  2net  Hub  and  PlaUorm    are  (1)  FDA  listed  Class  I  MDDS  (US)  (2)  CE  registered,  Class  I  listed  MDD  under  EU  DirecIve  93/42/EEC  (Europe)  (3)  Class  I  listed  CMDCAS  (Canada).   6  
  7. 7. #CONNECT2013 2net Product Overview … The Body’s Systems
  8. 8. Disease Management Kits Diabetes COPD / AsthmaCHF Wellness/Prevention 8  
  9. 9. 2net Hub : High level Data Flows 1   2   4   6   3   5   Legend   2   Biometric  data  flow   Device  command  flow   Data  flow  step  number   2net  Service   Pla-orm/   Cloud   2net  Hub   2net   Customer   Pla-orm   /Cloud   9  
  10. 10. High Level System Design Hub Cellular Data Network 2net Service Platform Internet Dashboard   Visualization/ Analysis Customer data  handling 2net   Connect Server Biometric data 10   1.  Captures  the  biometric  measurement  data  from  health  care   and  fitness  data  from  customer  or  collaborator  wireless  devices   2.  Stores  the  biometric  measurement  data  in  a  secure  system   3.  Delivers  the  data  to  integrated  portals/databases    
  11. 11. Carrier Network Data Connectivity Plan • Customer application InternetDevice Agents Hub Software Customer Interface Cellular Carrier Portal Customer Care (Tier 2/3) Device Agents Pharma Fitness Medical USE Consumer  and/or   Payer  Billing   Provisioning Carrier Transaction Billing Device Agents Hub App Software Firmware/OS Customer 1 Contract Manufacturer Venture Corp (Singapore/Malaysia) Hub Design … Internet Buy Hubs Relationships (Carriers, OEMs, Licensees, CM/ODMs etc.) • TransacIons   • Data    Storage,     Databases   2net End-to-End (E2E) Architecture HUB PLATFORM  San  Diego,  USA OTHER  CUSTOMERS/PARTNERS CUSTOMER/PARTNER     Hub Software Hub Configurations Hub Config File (Authorization) Home 11  
  12. 12. Biometric Data Flow : End-to-End TransacIon  Storage   (Encrypted)   Device  Customer   Portal   Decrypt   Server   Adapter   Device  specific  “Agents”  (DAs)are   installed  on  the  2net  hub.    These   agents  iniIate  data  transfers  from  the   devices  using  short-­‐range  radios  (BT,   BTLE,  Wi-­‐Fi,  etc.).   Data  is  uploaded  to  the  2net   Cloud  PlaUorm  over  the  cellular   network.    The  data  is   transmieed  over  authenIcated   SSL  connecIons.   Internet     Device   TransacIons   2net  Cloud  Pla-orm   Device  data  is  decrypted  and   transmieed  to  the  customer.     Thru  Server  Adapters  (SAs),   including  non-­‐standard   interfaces)   … 2net  CUSTOMERS 12   2net Hub Encrypted Hub Software Radio Manager Device Agent For  data  delivery,  the  2net     Cloud  stores  the  encrypted  data   for  transmission  to  the   customers.   Cellular   Data     Network  
  13. 13. #CONNECT2013 2net Security and Privacy … The Immune System
  14. 14. FRB  Feature  Request  Board   ES  Engineering  Sample   FC  Feature  Complete   CS  Commercial  Sample   CPL  Customer  Product  Line   14   Qualcomm Product Security Initiative
  15. 15. Deliver  world-­‐class  cyber  security  and  risk   management  capabiliIes   Qualcomm  IT  :  InformaIon  Security  and  Risk  Management   Overview   Align  cyber  risk  profile   with  desired  level     Informa=on   Deliver  security  capabiliIes  to  advance   Company  business  strategy   Promote  responsible  security   behavior  consistent  with   Company  policies  and  values   15  
  16. 16. Monitoring & Response " Advanced security monitoring for attacks, data theft, policy violations, and vulnerabilities " Subjective analysis, triage, and coordination Threat Management " Intelligence and counter intelligence gathering, analysis, and sharing inside and outside the company " Proactively address threat trends " Hunter-killer Application Security " Secure coding practices, training and testing Cyber  Security  and  Threat  Management   16  
  17. 17. Focus  on  ProacIve  Data  ProtecIon   Business  Security  Engineering   "   Partner  with  engineering  and  business  leaders  to  manage  cyber  risk  profiles,  including   improvements  to  technical  and  administraIve  processes   "   Drive  security-­‐related  business  knowledge  into  IT  pracIces     Security  Architecture     "   Strategic  development,  direcIon  segng,  evangelizing,  and  knowledge  transfer  of   enterprise  security  architecture  standards,  policies,  concepts,  and  roadmaps     "   Oien  assigned  as  security  SMEs  on  non-­‐security  driven  projects   "   Special  projects  ex.  predicIve  analyIcs   Compliance   "   Support  compliance  with  laws,  regulaIons,  industry  standards  (ex:  ISO,  ITAR,  Privacy,   PCI,  HIPAA),  and  contractual  requirements   "   Contract  reviews  with  Legal  and  Procurement     17  
  18. 18. Education and Awareness " Educate employees and increase their cyber security awareness through development and maintenance of the Company security awareness program Policies and Guidelines " Partner, develop, and maintain: " Corporate cyber policies (ex. E-media, CCI, Conduct) " Internal cyber security standards such as hardening and logging requirements Focus on Proactive Data Protection contd. 18  
  19. 19. Leveraging Qualcomm’s Unmatched Expertise •  OperaIng  for  over  25  years   •  4  con=nents,  40  countries,  8  dedicated  Network  Opera=ons  Centers     •  Helping  over  10,000  businesses  manage  millions  of  mission  criIcal  devices   A Premier Enterprise Wireless Data Platform 19  
  20. 20. End-­‐to-­‐end  SoluIon  Leverages  Qualcomm’s  Network  OperaIons  Center     §  Device integration support §  QCL built device agents for each medical device §  Test and Validation with each medical device §  Integration to device logistics partners §  Device design §  Development §  Certifications §  Adaptive for future med device integration §  Global roadmap §  Test and validation §  CM selection, onboarding §  ISO 13485 §  FDA-Listed Class I Device (MDDS) §  CE registered, Class I MDD (Europe) §  Integration to device logistics partners §  International Operators §  Global data plans §  Integration to NOC §  Technical knowledge of respective architectures §  Reliable delivery of data to the customer applications through a single simple interface §  Two-way device communication §  OTA updates, provisioning, device agent pushes §  PCI compliant data centers §  Designed for HIPAA compliance, privacy and security §  Access to healthcare data platform for “mix and match” of devices and applications §  3rd party apps §  2net portal §  Web services §  FDA-Listed Class 1 Device (MDDS) §  CE registered, Class I MDD (Europe) §  Activation & provisioning §  OTA software updates and agent mgmt §  Device management, version control, CM §  Network management §  Active network monitoring §  Timely enterprise support §  Direct carrier engineering support §  Fraud detection, Carrier billing reconciliation §  End-to-end enterprise management of message delivery §  Reliability, Redundancy Medical Devices Hub Networks Network Management Data Management Customer Applications 20  
  21. 21. QCL – 2netTM – Security and Privacy Highlights On  Hub   Biometric  data  encrypIon  :  Advanced  EncrypIon  Standard  (AES)  128     Cellular  Network   Private  Network  (APN)     Transport  Layer  (Over  Cellular  and    Internet)   Secure  Sockets  Layer  (SSL)  via  heps  (MulIple  cerIficate  authoriIes)     Server/Database   Rack/Servers  in  secure  area   Oracle  naIve  (if  needed)     Data  Integrity   Security  Hash  Algorithm  (SHA)-­‐256  Hash  for  every  Hub  to  2netTM  Service  PlaUorm  (SP)/Cloud     transmission     Cloud  Data-­‐center  Controls   Located  in  ISO  27001  cerIfied  and  PCI  compliant  datacenters  (excluding  UK)   HIPAA  Security  Rule  Compliance  Checklist     Underlying  Protocols   TCP/IP   UMTS   Multi-Level Controls Upper  ApplicaIon  Layers   XML   1EEE  11073/   HTTPS   SSL   TCP/IP   UMTS   21  
  22. 22. Service Security Database,  OLTP Customer Services Hub Communications -­‐  data -­‐  SMS Hubapp  and   DA  software 2net  Service   Platform Data  Posting Data SA REST  Services 2net   Customer Data   handling Firmware Android HUBAPPDA Encryption AES128 HTTPS SSL Private APN UMTS/EDGE/GPRS Cellular END TO END DATA INTEGRITY: Secure  Hash  Algo SHA-256 Server system certifications: ·∙   Located in ISO 27001 certified and PCI compliant datacenters (excluding UK) ·∙   Limited physical and logical access to servers ·∙   Firewall, Intrusion Detection Systems, Audit logging ·∙   HIPAA Security Rule Compliance Checklist Decryption HTTPS Internet (SSL) 22  
  23. 23. Service Security Component   Security   Hub     –  Data  encrypIon  with  Advanced  EncrypIon  Standard  (AES)  128   Over-­‐the-­‐Air  (OTA)     and  Internet     –  Private  cellular  data  network  (Private  APN)   –  Secure  Sockets  Layer  (SSL)  via  HTTPS  (mulIple  cerIficate  authoriIes)   SP  Server,  Database     and  Cloud   –  Limited  physical  and  logical  access  to  servers   –  Located  in  ISO  27001  cerIfied  and  PCI  compliant  datacenters  (excluding  UK)   –  Firewall,  Intrusion  DetecIon  Systems,  Audit  logging   –  HIPAA  Security  Rule  Compliance  Checklist   –  Oracle  naIve  database  security  (if  required)   Data  Integrity   –  Security  Hash  Algorithm  (SHA)-­‐256  hash  for  every  hub  to  Service  PlaUorm/Cloud   transmission   Underlying  Protocols   –  Internet  transacIons  over  TCP/IP     –  Wireless  link  between  hub  and  cellular  carrier  uses  UMTS  or  EDGE/GPRS   23  
  24. 24. © 2013 Qualcomm Life. All rights reserved. #CONNECT2013 Thank you