The document outlines guidelines for technological development in e-health applications, emphasizing the need for improved data management and security. It discusses the role of the University of L'Aquila in researching cloud computing solutions, user authentication, user authorization, and data encryption. Additionally, it highlights the necessity of a multi-tenant architecture for data isolation and assures legal compliance in handling sensitive information.

1.
Guidelines for the technological
development in the e-health
application domain
Ivano Malavolta
Università degli Studi dell’Aquila

2. Introduction
Great progress in the health sector applied to
etc.
However, the health sector currently lags behind other sectors in
the use of advanced data management software à there is great
potential for rapid, sustained growth
image acquisition
image elaboration
robotics

3. Introduction
The E-Health Technology project focusses on
Remote assistance via mobile devices
Modernization of business processes
Design of new services in the cloud

4. Introduction
The role of University of L’Aquila in the project
Research
Prototypes
development
Research actions
State of the art
Architectural
solutions

5. Introduction
In this talk we will present the main solutions for architecting an
e-health software system in terms of its
Security engineering
Reliability assurance
etc.
Data management infrastructure

6.
Remainder of the talk
• Introduction
• Cloud computing
• User authentication
• User authorization
• Data encryption
• Sensitive data separation
• Conclusions

7. Cloud computing
The use of computing power that is located “elsewhere”à in the cloud
Advantages:
no infrastructure
elasticity
low risk

8. Cloud computing
Challenges in the e-health application domain:
Who can enter the system?
Who can do what in the system?
Who can read my data?
Where is my data?

9. User authentication
Strong authentication is mandatory
• one possible implementation: two-factor + challenge-response
Something you know
Something you have
ex. username and password
ex. card or security token
+

10. OATH1
Open standard for the interoperability of authentication methods
• Supports both hardware and software implementations
http://www.openauthentication.org/
Advantages:
• always with the user
• low investment risk
• scalable
• customizable
• no waiting time for issuing a
new token

11. User authorization
Access control is the basis of Information Security
prevent disclosure to unauthorized users
prevent modification by unauthorized users
Confidentiality
Integrity

12. XACML
Open standard proposing
• a declarative language for defining access control policies
• a run-time architecture for enforcing the policies
defining
enforcing

13. Data encryption
Data encryption is the process of encoding messages or
information in such a way that only authorized parties can read it
In our project we encrypt data at two levels:
prevent information disclosure while sending data
prevent reading saved data in the database
Communication
Database

14. Sensitive data separation
Multi-tenant architecture with a dedicated database for each agency
Advantages:
• data isolation ( required by law)
• customized services
• easy disaster recovery

15. Conclusions (i)

16. Conclusions (ii)
What is not covered in this talk:
• digital documents with legal validity
• Analog copies of digital documents
• Graphometric signatures with legal
validity
These aspects are covered in
our research article*
* available also in English

17.
Contact
Ivano Malavolta
Università degli Studi dell’Aquila
ivano.malavolta@univaq.it
http://www.di.univaq.it/malavolta

18. Images credits
• http://www.tutorialspoint.com/shorttutorials/cloud-computing-from-the-home
• https://www.tcnp3.com/home/cloud-technology/what-is-cloud-computing-infographic/
• http://www.carestreamdental.com/it/it-it/computedradiography
• http://www.kavo.it/Prodotti/Imaging-Radiologia/Tomografia-volumetrica-3D.aspx
• http://www.siriweb.com/wp/?product_cat=ecograf_multi
• http://cdn.bills.com/images/articles/originals/rate-lock.jpg
• http://www.ftsafe.com/product/otp/hotp
• https://www.hidglobal.com/partner-products/single-button-time-based-oath-otp
• http://www.solidpass.com/authentication-methods/time-synchronized-security-token.html
• http://www.partnerdata.it/prodotti/identificazione/one-time-pw/modelli-epass/
• http://www.telos.com/secure-communications/secure-unified-directory/