RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Slides:



Advertisements
Similar presentations
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Advertisements

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 10: Authentication Guide to Computer Network Security.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Information Security for Managers (Master MIS)
Information Security Technological Security Implementation and Privacy Protection.
Session 11: Security with ASP.NET
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Types of Electronic Infection
MINISTRY OF SOCIAL AFFAIRS AND HEALTH 1 The Finnish National Electronic Patient Record Archive
Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.
Privacy, Confidentiality, and Security Component 2/Unit 8c.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.
Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
CHCS MAILMAN USER REFERENCE GUIDE UPDATED MARCH 2014
Chapter 19 Manager of Information Systems. Defining Informatics Process of using cognitive skills and computers to manage information.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
CSCE 201 Identification and Authentication Fall 2015.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Policies and Security for Internet Access
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
BOPS – Biometric Open Protocol Standard Emilio J. Sanchez-Sierra.
Mary Trauner Senior Research Scientist Georgia Institute of Technology Middleware for Video.
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
Technology & Private Practice: Understanding the Legal & Ethical Challenges Bianca Puglia, Ph.D., LPC, NCC/Puglia Counseling Services Panagiotis Markopoulos,
Electronic Banking & Security Electronic Banking & Security.
CASE STUDY: ELECTRONIC BANKING By: Sarah Baig, Laura Logan, Agyakwa Tenkorang.
Information Management System Ali Saeed Khan 29 th April, 2016.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
1 Authentication Celia Li Computer Science and Engineering York University.
Audit Trail LIS 4776 Advanced Health Informatics Week 14
Identity and Access Management
Trust Profiling for Adaptive Trust Negotiation
DATA SECURITY FOR MEDICAL RESEARCH
Grid Security.
Virtual Private Networks (VPN)
Multifactor Authentication & First Time Login
County HIPAA Review All Rights Reserved 2002.
Drew Hunt Network Security Analyst Valley Medical Center
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Session 1 – Introduction to Information Security
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University of Connecticut, Storrs

RIVERA SÁNCHEZ-2 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

RIVERA SÁNCHEZ-3 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

RIVERA SÁNCHEZ-4 CSE 5810 Background – HIT Systems EHR PHR/PPHR EMR  Kareo EHR OFFICE EMR  Capzule PHR 

RIVERA SÁNCHEZ-5 CSE 5810 Background-User Authentication   Definition:  “Process of determining whether someone is, in fact, who or what is declared to be.” [1]  “Process of identifying an individual, usually based on a username and password.” [2]   Examples:  Username/Password combination, tokens, biometrics.

RIVERA SÁNCHEZ-6 CSE 5810 Background – User Authentication (Cont.)  Secure Sockets Layer (SSL)  Transmit data through network. Public key and private key.   Multi-factor Authentication:  Knowledge factor  Username/Password  Personal Identification Number (PIN)  Possession factor  Digital Signature  Digital Certificate  X.509 Certificate  Inherence factor  Biometrics

RIVERA SÁNCHEZ-7 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

RIVERA SÁNCHEZ-8 CSE 5810 Who needs it and why is it important?   Who needs user authentication?  Patients and Medical Providers   Why is it important?  Smartphones  important source of healthcare information for many.  In 2012, about 95 million Americans used their mobile phones either as healthcare tools or to find health-related information according to [3].  Mobile healthcare applications are increasing everyday (20,000+).  Sensitivity and confidentiality of healthcare data.

RIVERA SÁNCHEZ-9 CSE 5810 Problem   People want to have access to their healthcare data in a secure and easy way.   There exists a lot of mobile healthcare applications to do this, but… are they secure?.   What approach could we use to secure user authentication in mobile healthcare applications?.

RIVERA SÁNCHEZ-10 CSE 5810 Goal   Find and describe different approaches to do secure user authentication for mobile healthcare applications.

RIVERA SÁNCHEZ-11 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

RIVERA SÁNCHEZ-12 CSE 5810 Check, Assurances, Protection (CAP) Framework   Directed towards:  Ensuring secure interactions between mobile applications by encrypting healthcare data when it is been exchanged.  Utilizing strong authentication protocols in order to determine what data needs to be exposed/stored on a system.   Proposed SSL and Shared Certificates combined with CIA (security tenets: confidentiality, integrity, availability) to do authentication.

RIVERA SÁNCHEZ-13 CSE 5810 HealthPass   Secure access control model for PPHRs.   Extended digital certificate.   Dynamic interactions without using a classical authorization and authentication approach like username and password. Overall PPHR architecture with XML-based PHR – PHR certificate (HealthPass) issuing

RIVERA SÁNCHEZ-14 CSE 5810 Generic Bootstrap Architecture   Mutual authentication of users and network applications.   Directed toward EHRs.   Mutual authentication  Use of SIM card credentials.   PIN number in order to unlock the token. GBA Reference Model

RIVERA SÁNCHEZ-15 CSE 5810 Two-Factor Authentication   Encryption and a two- factor authentication method.   Secure authentication and communication between a mobile device and a healthcare service provider.   Provides multi-factor authentication without the need to have an authentication token. Reference model of security architecture for mobile access to information from patient’s medical record

RIVERA SÁNCHEZ-16 CSE 5810 Three-factor user authentication   Use of smartphone as whole identity  No need for token.   Three-factor authentication: username/password combination, biometrics and smartphone.   Secure and hassle-free authentication. Patient Authentication Framework

RIVERA SÁNCHEZ-17 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

RIVERA SÁNCHEZ-18 CSE 5810 Medisoft   Requires the user to login with a username and password.   User can setup a time span where the application will automatically log off after that amount of time.   User can setup a four-digit security code (a PIN number) to login to the app again once the time span has expired.   HIPAA compliant.

RIVERA SÁNCHEZ-19 CSE 5810 PatientKeeper   Users have to enter a PIN/Password to gain access to the application.   Incorrect password several times  System can lock the user out of the account and could delete all the information that is stored in the device.   Encrypts the data that is sent to the device. It remains encrypted until the user accesses such data from the application.   AES + SSL/TLS = Secure transfer of data   HIPAA compliant.

RIVERA SÁNCHEZ-20 CSE 5810 Dr. Chrono   Authenticates a user utilizing the username/password combination.   Auto-logoff feature  Automatically logs off users that are logged into the account but have been inactive for a certain period of time.   Digital certificate  Used to verify that the user is authenticated correctly and is in the correct site.   HIPAA compliant.

RIVERA SÁNCHEZ-21 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations & Conclusion

RIVERA SÁNCHEZ-22 CSE 5810 Limitations   Authentication:  Passwords:  Widely used and acceptable by users.  Doubts of level of security.  More difficult for users to remember them.  Tokens:  Use of digital certificates.  Falsifying digital certificates.  Biometrics:  Is currently limited.  Privacy concerns: misuse of data, tracking, additional data, etc.

RIVERA SÁNCHEZ-23 CSE 5810 Limitations (Cont.)   Patient’s EHR might be fragmented and accessible from several places (they could be in different hospitals, providers, etc.).   Security defects on these systems could cause the disclosure of information to unauthorized users.   Difficulties in maintaining data privacy.  Example: Administrative staff could access the information without the patient’s consent.

RIVERA SÁNCHEZ-24 CSE 5810 Conclusion   Presented different authentication methods.   Problems and goals.   Discussed other approaches that researchers have done.   Existing mobile applications.   Limitations.   Still a long way to go…

RIVERA SÁNCHEZ-25 CSE 5810 References   [1]   [2]   [3] Laurie A. Jones, Annie I. Antón, and Julia B. Earp. “Towards understanding user perceptions of authentication technologies”. In Proceedings of the 2007 ACM workshop on Privacy in electronic society (WPES '07). ACM, New York, NY, USA,

RIVERA SÁNCHEZ-26 CSE 5810 Questions?   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.