Presentation is loading. Please wait.

Presentation is loading. Please wait.

Single Sign-on for Healthcare Catherine Waldron, Novell Field Sales Executive Gabriel Waters, Carefx Channel Director.

Published byHenry Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "Single Sign-on for Healthcare Catherine Waldron, Novell Field Sales Executive Gabriel Waters, Carefx Channel Director."— Presentation transcript:

1 Single Sign-on for Healthcare Catherine Waldron, Novell Field Sales Executive Gabriel Waters, Carefx Channel Director

2 © March 9, 2004 Novell Inc. 2 The Healthcare Security Problem A Multitude of Applications and Access Points ICU, Labs, Pharmacy, X-Ray, Billing, Scheduling…Kiosks in hospitals and clinics, personal workstations in offices and homes Patient Safety Administration of user ids, passwords, and access across so many applications with such a complex user population is a challenge. Users Need Easy and Quick Access Physicians particularly will not use computerized systems otherwise. Multiple user ids and passwords create security problems and cost time. HIPAA Regulations As many as 150 people including doctors, nurses, x-ray technicians and billing clerks have access to a patient’s medical record. Access must be secure and audited.

3 © March 9, 2004 Novell Inc. 3 Secure Identity Management User Complexity – Multiple ID’s and passwords

4 © March 9, 2004 Novell Inc. 4 The Business Case “Password management products provide a high, easily demonstrated return on investment (ROI) and meet various business goals, including user convenience, system security and reduced IT or help desk overhead.” (Giga, May 2002) A quantifiable ROI can be achieved with Secure Identity Management and CCOW. Addresses the HIPAA requirements and minimizes the regulatory impact.

5 © March 9, 2004 Novell Inc. 5 Solution Set User Management Users Roles Security Policies Centralized admin Healthcare Security – Identity Management Auditing Patient Record Access User management Application Management Web model where possible Desktop mgmt (ZenWorks) Single Sign-On API-Integrated (Carefx) Automated (Novell) Firewall issues (iChain)

6 © March 9, 2004 Novell Inc. 6 Achieving single sign-on CCOW enabled applications provide the single sign-on and context management, but require the application to be CCOW-enabled, which may not make sense for all applications Single sign-on products provide single sign-on to legacy applications, but aren’t CCOW aware Until now …

7 © March 9, 2004 Novell Inc. 7 The Novell ® & Carefx solution – Providing single sign-on to health care By bringing together enterprise single sign-on and the context management, organizations can have single sign-on to all their applications.

8 © March 9, 2004 Novell Inc. 8 Novell and Carefx solution features User logs in once User gets single sign-on to all CCOW and non-CCOW applications Fusion User Channel sets user context for CCOW applications Novell SecureLogin sets user context for non-CCOW applications CCOW user authentication application Obtains user id from Novell Client™ for Windows (configurable) Or can obtain user id from Microsoft Windows™ login Leverages familiar Windows and Novell login

9 © March 9, 2004 Novell Inc. 9 How we enable single sign-on Novell SecureLogin for enterprise applications Web Windows Terminal server/Citrix Host/Terminal Emulator-base Java applications and applets based on Swing and AWT Carefx Fusion User Channel CCOW enabled applications

10 © March 9, 2004 Novell Inc. 10 How it works: Login experience – before NSL Application Server Client Workstation Credential Challenge 2 Launch Application 11 2 Provide Credentials 3 Log-in 3 Application Starts 4 4

11 © March 9, 2004 Novell Inc. 11 How it works: Login experience – with NSL Directory Application Server Client Workstation Authenticate to eDirectory 1 1 SecureLogin retrieves credentials from directory 2 2 Launch application 33 Credential challenge 4 NSL presents credentials to application 55 4

12 © March 9, 2004 Novell Inc. 12 Does this mean I have one userid and password for all the applications that a user may access? No, Novell SecureLogin manages a unique set of credentials for each application the user accesses Passwords are not synchronized, allowing the enforcement of a password policy specific to each application One userid and password is used to authenticate to the directory and the user’s credential store Management of unique credentials

13 © March 9, 2004 Novell Inc. 13 Defends against the rogue administrator When a user’s eDirectory password is reset, access to the application secrets are locked The user must provide a pass phrase answer to gain access to the secrets, or SecretStore administrator can unlock passwords If an administrator were to try to copy a users secret to another user object, the secrets are locked Credentials are encrypted with 168-bit 3DES encryption with a unique key for each credential How does Novell SecureLogin defend against the rogue administrator?

14 © March 9, 2004 Novell Inc. 14 How does Novell SecureLogin prevent inappropriate access to applications? Protects access to the applications When used with NMAS ™, the AAVerify capability enables NSL to challenge for another authentication before SecureLogin will pass the credentials to the application Supports any combination of Novell Modular Authentication Service partners biometric, smart card, token, digital certificate, proximity card, or password for authentication Provides password policy enforcement

15 © March 9, 2004 Novell Inc. 15 With the Secure Workstation component of SecureLogin... Secure Workstation Administrators can setup policy in the directory to secure the workstation Automatically locking the workstation based on a trigger such as Inactivity Proximity card removal Smart card removal Single click Automatically shut down applications, logout user, and present new login dialog for next user

16 © March 9, 2004 Novell Inc. 16 With the Quick Login/Logout GUI, users can... Quick login/logout Login or out with a single event Proximity card removal Smart card removal Single click Have applications automatically closed and the user logged out

17 © March 9, 2004 Novell Inc. 17 Clinical Context Object Workgroup (API-Integrated Single Sign-On) Health Level 7 (HL7) Standard (ISO Organization) Context Management Architecture Synchronize participating applications at the point of use by establishing a common clinical context The user accessing the applications The patient whose data the user is accessing A particular encounter the user is accessing Other relevant clinical ‘subjects’ The application must be ‘CCOW-enabled’

18 © March 9, 2004 Novell Inc. 18 Carefx Context Manager Carefx provides a context manager implementing the HL7 CCOW standard that Synchronizes diverse applications around a common clinical desktop context Enables users to control the context creating a patient- centered, user-driven clinical workspace Coordinates fat client, Citrix/WTS, and web-based applications on the same desktop Provides single sign-on and common patient selection to CCOW-enabled applications

19 © March 9, 2004 Novell Inc. 19 2. Kevin starts NorthMed-Labs. Kevin’s user id is already set. Kevin’s Windows desktop appears. Fusion User Channel user experience

20 © March 9, 2004 Novell Inc. 20 Fusion User Channel client setup Fusion User Channel (Fuser) shortcut is installed in Startup Folder for All Users. At Windows login time, Fusion User Channel starts, locates the context manager, joins the context and sets the user to the Novell login id. Fusion User Channel is installed on each client desktop.

21 © March 9, 2004 Novell Inc. 21 Setup Login script edited to start Fusion User Channel Sync ( FuserSync) when a Novell login occurs. This program will notify Fusion User Channel of the login event. ConsoleOne is used to set up the Novell login script for users.

22 © March 9, 2004 Novell Inc. 22 API-Integrated Single Sign-On With Carefx’s Context Manager (CCOW Standard) Context Manager Login to 1 app, no login prompt for other apps No script necessary Applications must be CCOW enabled (to talk to Context Manager) Applications can switch to new user on the fly HL7 Standards based (Clinical Context Object Workgroup) Client Workstation Launch application 1 Application obtains user id from context manager 2 A new user logs in, all applications switch to new user. 3 2

23 © March 9, 2004 Novell Inc. 23 Automated Single Sign-On With Novell Secure Login (NSL) Must create single sign-on script for each application Suitable for legacy applications that will not be upgraded DirectoryClient Workstation Launch application 1 Credential challenge 2 NSL retrieves credentials from directory 3 NSL fills in credentials 4 2 4

24 © March 9, 2004 Novell Inc. 24 Mixed Single Sign-on Solution DirectoryClient Workstation Mixed environment of automated and API-integrated single sign-on apps Combines Novell and Carefx technologies Context Manager User logs in to Directory and user id is sent to Context Manager 1 User launches a automated single sign-on app, NSL fills in credentials 2a User launches an api- integrated single sign-on app, app fetches user id from Context Manager 2b 1

25 25 Novell iChain Novell SecureLogin Novell Modular Authentication Service Novell/Carefx architecture Browser-based apps Carefx User Channel CCOW app Carefx Context Manager Novell Nsure Resources/DirXML Authentication Applications & Context Management Provisioning Non-CCOW Web, Win32, Citrix/TS, and host- Based apps

26 26 Fusion Architecture With Novell SSO Novell eDirectory™ (LDAP) CM-ProxyCM-Director Fusion User Channel CCOW I/F Fusion Context Server (CCOW Context Manager) COM Http NDS/LDAP Fusion User Channel Sync Novell I/F Obtains the Novell login through system calls. Sets the user context. Executes when Novell login occurs and notifies Fusion User Channel. Web App Win32 App CCOW I/F Client Box

27 © March 9, 2004 Novell Inc. 27 Directory Server Corporate Scripts Password Policies User Scripts User Credentials SecureLogin Client Main Module TLaunch Notes Script Engine WinSSO WebSSO Fusion User Channel Local cache Novell Single Sign-on Architecture iChain ® Proxy Browser Web Server 1 Web Server 2 Web Server 3 Context Manager User and Patient Context Fusion CM Director

28 © March 9, 2004 Novell Inc. 28 Why Carefx and Novell? Experience Domain Knowledge Healthcare Information Systems Over 100+ collective years of experience in the health care industry Understanding of Clinical Environment A common goal of designing solutions that help clinicians navigate more easily and securely to their applications and data Market focused solution Breadth of Solutions Secure Access Solution to network and applications Portal Infrastructure --- Real-time access to specific patient information Partners with the leading HIT and access vendors

29 © March 9, 2004 Novell Inc. 29 Why Carefx and Novell? Experience Implementation Success Carefx and Novell will work with you to ensure a successful implementation Carefx assigns project managers whose sole responsibility it is to see that the project is a success Strong client references Partnerships Strong partnerships with key vendors

30 © March 9, 2004 Novell Inc. 30 Why Carefx and Novell? Features Improved End-User Experience Graceful logoff allows automated or single event-trigger logout of a user from all applications leveraging that applications native mechanism Application Support Novell’s maturity as a single sign-on vendor results in application support that surpasses the competitions ‐ Supports more terminal emulators, Java applications, Win32, and web applications ‐ Has provided single sign-on to more applications than the competition ‐ Supports complex application characteristics such as combo boxes, drop down lists, radio buttons, and menu items ‐ Supports recognition of multiple and/or subsequent events within an application

31 © March 9, 2004 Novell Inc. 31 Why Carefx and Novell? Architecture Directory integration The competition requires a separate identity store separate from your existing directory infrastructure ‐ All the directory design must be recreate for a proprietary directory that is far inferior to the leading directories on the market ‐ Multi-master replicas ‐ Partitioning Carefx and Novell use your existing LDAP directory ‐ Allows your organization to leverage best of breed directory Citrix/Netilla/Terminal Server For those environments where a workstation can’t have client software and must provide access to the Citrix/Terminal Server environment ‐ The competition requires software on the client ‐ Carefx and Novell can provide full functionality in the Citrix environment without software on the client ‐ Roaming sessions Hardware Carefx and Novell are flexible with hardware requirements and support most server class hardware configurations

32 © March 9, 2004 Novell Inc. 32 Why Carefx and Novell? Architecture Context Management Performance The competitions architecture requires that all communication with the context manager go through the primary server ‐ This has proven to be a bottle neck for customers ‐ Creates a single point of failure The Carefx architecture allows clients to communicate with any available context manager Scalability The competitions architecture only supports vertical scaling ‐ Adding bigger servers The Carefx and Novell architecture supports vertical AND horizontal scaling ‐ Adding bigger and more servers Fault Tolerance If one of the competitors server goes down, a standby/hot swap server must be manually booted If a Carefx or Novell server goes down, clients will automatically be redirected to other servers online

33 © March 9, 2004 Novell Inc. 33 Why Carefx and Novell? Architecture Administration The competitions architecture requires the administrator to connect to the client device to configure Carefx and Novell can provide automatic upgrades to client workstations and will work with the leading application delivery vendors Client Impact The competition requires that their client and GINA be installed on the desktop in order to provide single sign- on to non-CCOW applications. ‐ No support for third party advanced authentication vendors ‐ All GINA-based services dependent on a standard client fail

34 Question and Answer

35

36 © March 9, 2004 Novell Inc. 36 General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

Download ppt "Single Sign-on for Healthcare Catherine Waldron, Novell Field Sales Executive Gabriel Waters, Carefx Channel Director."

Similar presentations

Reduce Cost & Complexity Partner logo here Presenters Name (16pt) Presenters Title (14pt) Company/e-mail (14pt) Manage and Deploy Applications using Virtualization.

Reduce Cost & Complexity Partner logo here Presenters Name (16pt) Presenters Title (14pt) Company/ (14pt) Manage and Deploy Applications using Virtualization.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
Nsure ™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.

Nsure ™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Understanding Active Directory

Understanding Active Directory
How to Successfully Cluster GroupWise Gregg A. Hinchman Consultant, Hinchman Consulting Ed Hanley Senior Consultant, Novell.

How to Successfully Cluster GroupWise Gregg A. Hinchman Consultant, Hinchman Consulting Ed Hanley Senior Consultant, Novell.
SAN Design Considerations Hylton Leigh Senior Consultant Novell Consulting, UK Stuart Thompson Senior Consultant Novell Consulting, UK.

SAN Design Considerations Hylton Leigh Senior Consultant Novell Consulting, UK Stuart Thompson Senior Consultant Novell Consulting, UK.
Understanding Active Directory

Understanding Active Directory
How to Implement a Cluster of Clusters Atiq Adamjee Senior Architect Novell, Inc. Brad Rupp Software Engineer Novell, Inc.

How to Implement a Cluster of Clusters Atiq Adamjee Senior Architect Novell, Inc. Brad Rupp Software Engineer Novell, Inc.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.

Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.
Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,

Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,
Developing for Novell ® Nsure ™ SecureLogin Gordon Mathis Senior Software Engineer, Novell Inc.

Developing for Novell ® Nsure ™ SecureLogin Gordon Mathis Senior Software Engineer, Novell Inc.
DIR-835A1 Wireless N750 Dual-Band Router Wireless & Router Product Div. July 2011 D-Link WRPD.

DIR-835A1 Wireless N750 Dual-Band Router Wireless & Router Product Div. July 2011 D-Link WRPD.
Document Management with GroupWise ® Gregg Hinchman Consultant Hinchman Consulting Jerry Winkel Novell Escalation Engineer.

Document Management with GroupWise ® Gregg Hinchman Consultant Hinchman Consulting Jerry Winkel Novell Escalation Engineer.
Nsure ™ Audit: Instrumenting Custom Applications Rick Meredith Jason Arrington Nsure Audit Engineering Novell, Inc.

Nsure ™ Audit: Instrumenting Custom Applications Rick Meredith Jason Arrington Nsure Audit Engineering Novell, Inc.
Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer, Novell Robert Gillette IS Development Manager, City of Los.

Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer, Novell Robert Gillette IS Development Manager, City of Los.
Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/Email (14pt)

Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)

Similar presentations

Ads by Google