1 Federated, Secure Trust Networks for Distributed Healthcare IT Services Alfred Weaver Samuel Dwyer Andrew Snyder Jim Van Dyke Tim Mulholland James Hu.

Slides:



Advertisements
Similar presentations
Lecture 6 User Authentication (cont)
Advertisements

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Lab4 Part2 Lau Ting Nga Virginia Tsang Pui Yu Wong Sin Man.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
FIT3105 Smart card based authentication and identity management Lecture 4.
FIT3105 Biometric based authentication and identity management
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Biometrics and Authentication Shivani Kirubanandan.
Biometrics Kyle O'Meara April 14, Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.
Various Types of Health Information Systems Health Informatics 489 Spring 2015.
Marjie Rodrigues
Security-Authentication
Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Geoff Lacy. Outline  Definition  Technology  Types of biometrics Fingerprints Iris Retina Face Other ○ Voice, handwriting, DNA  As an SA.
1 Achieving Data Privacy and Security Using Web Services Alfred C. Weaver Professor of Computer Science University of Virginia Charlottesville, Virginia,
Alternative Input Devices. Digital Camcorder View recordings on a regular TV or copy them to VHS tape Send MPEG video clips by way of to a mobile.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
1 Distributed Data Security for Factory Automation Alfred C. Weaver Professor of Computer Science University of Virginia.
Karthiknathan Srinivasan Sanchit Aggarwal
Zachary Olson and Yukari Hagio CIS 4360 Computer Security November 19, 2008.
Biometrics. Outline What is Biometrics? Why Biometrics? Physiological Behavioral Applications Concerns / Issues 2.
Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
CSE 4482, Fall 2009, D Chan Session 2 – Common Security Techniques.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Alternative Input Devices Part B There will be a test on this information (both part a & b).
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
Chapter 5 Input By: Matthew D McCoog What Is Input? Any data or instructions entered into the memory of a computer.
1 Dynamic Context-Aware Access Control for Protecting Medical Records Junzhe Hu July 26, 2004 Master's Project Presentation.
 The advancement of science and technology is directly proportional to the advancement of time.  As we are swimming in the current of time we are gradually.
Chapter 2 Standards for Electronic Health Records McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
BIOMETRICS FOR RECOGNITION. Presentation Outlines  Traditional methods of security  Need for biometrics  Biometrics recognition techniques  How biometrics.
Biometrics Authentication Technology
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
ICT in Healthcare. Electronic prescription service GPs and nurses can send electronic prescriptions to a dispenser (pharmacy) of the patients choice.
Power Point Project Michael Bennett CST 105Y01 ONLINE Course Editor-Paulette Gannett.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Biometric Technologies
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Mobile Electronic Medical Records James T. Monastra Virginia Wesleyan College August 6, 2007.
1 Figure 2-8: Access Cards Magnetic Stripe Cards Smart Cards  Have a microprocessor and RAM  More sophisticated than mag stripe cards  Release only.
1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.
Biometrics Chuck Cook Matthew Etten Jeremy Vaughn.
1 The e-Logistics of Securing Distributed Medical Data Andrew M. Snyder Alfred C. Weaver.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Biometrics By Rachel Borazio. What is biometrics? Biometrics is a security measure used to identify physical features of people to allow access to a system.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Information Systems Design and Development Security Precautions Computing Science.
An Introduction to Biometrics
Biometrics Security in Banking Systems Image processing in ATM
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Electronic Medical Record (EMR)
Authentication.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
INTEGRATED ELECTRONIC HEALTH RECORD SYSTEM
Biometric technology.
A SEMINAR REPORT ON BIOMETRICS
COEN 351 Authentication.
Presentation transcript:

1 Federated, Secure Trust Networks for Distributed Healthcare IT Services Alfred Weaver Samuel Dwyer Andrew Snyder Jim Van Dyke Tim Mulholland James Hu Xiaohui Chen Andrew Marshall

2 Industrial Informatics Applied to Healthcare Health Insurance Portability and Accountability Act of 1996 privacy of patient encounters security of patient data encryption of medical information when stored or transmitted access controls to retrieve information audit logs of data access

3 Healthcare Informatics Portal Common medical data portal doctors, patients, staff see a customized view allied health services exchange information electronically Authentication of users biometric and conventional methods Authorization of access role-based access control model Strong encryption of all data All built on a web services model

4

5

6 Federated, Secure Trust Networks for Distributed Healthcare IT Services Medical Data Portal Web Services Authorization Service Authentication Service Electronic Patient Record Rule Engines

7 Research Issues Authentication who are you? Mobile devices what capabilities do you have? Authorization what can you do? Encryption which algorithm? what length key? Shared trust off-network organizations

8 Authentication Can support legacy techniques user ID and passwords, challenge-response Newer identification technologies smartcards, access keys Biometric identification fingerprints, iris scans signature analysis, voice recognition keyboard dynamics face, hand, finger, ear geometry

9 Fingerprints 70 points of differentiation (loops, whirls, deltas, ridges) Even identical twins have differing fingerprint patterns False positive rate < 0.01% False negative rate < 1.5% Can distinguish a live finger; fast to enroll Inexpensive ($100-$200) for the reader

10 Iris Scans Iris has 266 identification degrees of freedom Identical twins have different iris patterns False positive rate < 0.01% False negative rate < 2% Does take some time and controlled lighting to enroll Pattern is stored as a data template, not a picture Some units control light to detect pupil dilation (prove live eye)

11 Mobile Devices Legitimate access is no longer limited to desktops or in-hospital devices Wave of the future includes PDAs (HP iPAQ Pocket PC h5455 with fingerprint scanner built-in) tablet PCs (handwriting recognition) cell phones (voice recognition) Personal authentication should work using the devices and capabilities available to the legitimate user

12 Fingerprints with Wireless PDA HP iPAQ h5455 with fingerprint scanner Thermal scanner detects live finger We wrote an authentication web service --send fingerprint pattern to service --compare against database of enrollees --confirm or deny identity --send confirmation to web portal --write cookie to device --cookie becomes an identification token containing: --who the individual is --how identity was confirmed --trust level of the identification --e.g., iris scan > fingerprint > password

13 Authorization Now that we know who you are, what are you allowed to do? Use role-based access control Roles for people with different privileges: attending physician referring physician medical fellows medical students physician consultants other healthcare staff (nurses) technologists (diagnostic imagery) technicians (lab results) patient Plus roles for other entities (insurance, pharmacy)

14 Authentication Rule Engine Identity token Access request Rules Hospital administration rule templates Authorization token

15 Authorization Rule Templates Attending Referring Fellow Student Technician Technologist Patient Insurance Billing Pharmacy Med records Can Can not Demographics Clinical notes Lab notes Diagnostic images Psych evaluation WhoAccess Electronic Patient Record

16 Authorization Rule Engine More complicated in practice doctor needs consultation doctor on vacation doctors practicing in groups surgeons, radiologists emergencies

17 Encryption Which encryption method? DES, 3DES, AES, RSA, others what length key? Unintended consequences UVA does 380,000 radiological exams annually produce 9 TB of data every year encrypting one 3 MB chest x-ray is no problem but CT and MR produces slices each slice is a file typical MR is 68 MB What is the workflow impact of encrypting/decrypting a 68 MB file each time it is touched?

18 Trust Networks Trust, legitimately established, should be shared across the enterprise pharmacies insurance companies outpatient services How does trust get quantified? How does trust get shared? WS-Trust does not yet provide guidance

19 Trust Networks 9 8 Identification tokens Authorization tokens Encryption Digital signature Trust credentials Dynamic negotiation of credentials Banks do this with ATMs; we need to do it among cooperating healthcare providers

20 Trust Authority Attribute Criterion 1 Criterion 2 … Criterion N Rating Identification Reliability False positive rate < 0.1% False negative rate < 1.0% Availability > out of 10

21 Electronic Prescriptions 1. Encrypt prescription (doctor, medicine, details) 2. Encrypt physician's identity token 3. Digitally sign message 4. Transmit to pharmacy 4. Check digital signature 5. Decrypt prescription 6. Decrypt physician's identity token 7. Is this a valid physician? 8. Send identity token to trust authority 9. Check how identity was established 10. Recover trust level 11. Is trust level acceptable? 12. Accept or reject

22 Summary of Issues Authentication Mobile access technologies Biometric identification Authorization rule engine Role-based access control Simplified rule administration Trust sharing Dynamic negotiation of trust credentials

23 Acknowledgements Funding for this project provided by: David Ladd and Tom Healy University Research Program Microsoft Research Microsoft Corporation