Presentation is loading. Please wait.

Presentation is loading. Please wait.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Published byJonathan Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University."— Presentation transcript:

1 RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University of Connecticut, Storrs

2 RIVERA SÁNCHEZ-2 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

3 RIVERA SÁNCHEZ-3 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

4 RIVERA SÁNCHEZ-4 CSE 5810 Background – HIT Systems EHR PHR/PPHR EMR  Kareo EHR OFFICE EMR  Capzule PHR 

5 RIVERA SÁNCHEZ-5 CSE 5810 Background-User Authentication   Definition:  “Process of determining whether someone is, in fact, who or what is declared to be.” [1]  “Process of identifying an individual, usually based on a username and password.” [2]   Examples:  Username/Password combination, tokens, biometrics.

6 RIVERA SÁNCHEZ-6 CSE 5810 Background – User Authentication (Cont.)  Secure Sockets Layer (SSL)  Transmit data through network. Public key and private key.   Multi-factor Authentication:  Knowledge factor  Username/Password  Personal Identification Number (PIN)  Possession factor  Digital Signature  Digital Certificate  X.509 Certificate  Inherence factor  Biometrics

7 RIVERA SÁNCHEZ-7 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

8 RIVERA SÁNCHEZ-8 CSE 5810 Who needs it and why is it important?   Who needs user authentication?  Patients and Medical Providers   Why is it important?  Smartphones  important source of healthcare information for many.  In 2012, about 95 million Americans used their mobile phones either as healthcare tools or to find health-related information according to [3].  Mobile healthcare applications are increasing everyday (20,000+).  Sensitivity and confidentiality of healthcare data.

9 RIVERA SÁNCHEZ-9 CSE 5810 Problem   People want to have access to their healthcare data in a secure and easy way.   There exists a lot of mobile healthcare applications to do this, but… are they secure?.   What approach could we use to secure user authentication in mobile healthcare applications?.

10 RIVERA SÁNCHEZ-10 CSE 5810 Goal   Find and describe different approaches to do secure user authentication for mobile healthcare applications.

11 RIVERA SÁNCHEZ-11 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

12 RIVERA SÁNCHEZ-12 CSE 5810 Check, Assurances, Protection (CAP) Framework   Directed towards:  Ensuring secure interactions between mobile applications by encrypting healthcare data when it is been exchanged.  Utilizing strong authentication protocols in order to determine what data needs to be exposed/stored on a system.   Proposed SSL and Shared Certificates combined with CIA (security tenets: confidentiality, integrity, availability) to do authentication.

13 RIVERA SÁNCHEZ-13 CSE 5810 HealthPass   Secure access control model for PPHRs.   Extended digital certificate.   Dynamic interactions without using a classical authorization and authentication approach like username and password. Overall PPHR architecture with XML-based PHR – PHR certificate (HealthPass) issuing

14 RIVERA SÁNCHEZ-14 CSE 5810 Generic Bootstrap Architecture   Mutual authentication of users and network applications.   Directed toward EHRs.   Mutual authentication  Use of SIM card credentials.   PIN number in order to unlock the token. GBA Reference Model

15 RIVERA SÁNCHEZ-15 CSE 5810 Two-Factor Authentication   Encryption and a two- factor authentication method.   Secure authentication and communication between a mobile device and a healthcare service provider.   Provides multi-factor authentication without the need to have an authentication token. Reference model of security architecture for mobile access to information from patient’s medical record

16 RIVERA SÁNCHEZ-16 CSE 5810 Three-factor user authentication   Use of smartphone as whole identity  No need for token.   Three-factor authentication: username/password combination, biometrics and smartphone.   Secure and hassle-free authentication. Patient Authentication Framework

17 RIVERA SÁNCHEZ-17 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

18 RIVERA SÁNCHEZ-18 CSE 5810 Medisoft   Requires the user to login with a username and password.   User can setup a time span where the application will automatically log off after that amount of time.   User can setup a four-digit security code (a PIN number) to login to the app again once the time span has expired.   HIPAA compliant.

19 RIVERA SÁNCHEZ-19 CSE 5810 PatientKeeper   Users have to enter a PIN/Password to gain access to the application.   Incorrect password several times  System can lock the user out of the account and could delete all the information that is stored in the device.   Encrypts the data that is sent to the device. It remains encrypted until the user accesses such data from the application.   AES + SSL/TLS = Secure transfer of data   HIPAA compliant.

20 RIVERA SÁNCHEZ-20 CSE 5810 Dr. Chrono   Authenticates a user utilizing the username/password combination.   Auto-logoff feature  Automatically logs off users that are logged into the account but have been inactive for a certain period of time.   Digital certificate  Used to verify that the user is authenticated correctly and is in the correct site.   HIPAA compliant.

21 RIVERA SÁNCHEZ-21 CSE 5810 Overview   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations & Conclusion

22 RIVERA SÁNCHEZ-22 CSE 5810 Limitations   Authentication:  Passwords:  Widely used and acceptable by users.  Doubts of level of security.  More difficult for users to remember them.  Tokens:  Use of digital certificates.  Falsifying digital certificates.  Biometrics:  Is currently limited.  Privacy concerns: misuse of data, tracking, additional data, etc.

23 RIVERA SÁNCHEZ-23 CSE 5810 Limitations (Cont.)   Patient’s EHR might be fragmented and accessible from several places (they could be in different hospitals, providers, etc.).   Security defects on these systems could cause the disclosure of information to unauthorized users.   Difficulties in maintaining data privacy.  Example: Administrative staff could access the information without the patient’s consent.

24 RIVERA SÁNCHEZ-24 CSE 5810 Conclusion   Presented different authentication methods.   Problems and goals.   Discussed other approaches that researchers have done.   Existing mobile applications.   Limitations.   Still a long way to go…

25 RIVERA SÁNCHEZ-25 CSE 5810 References   [1] http://searchsecurity.techtarget.com/definition/authentication   [2] http://www.webopedia.com/TERM/A/authentication.html   [3] Laurie A. Jones, Annie I. Antón, and Julia B. Earp. “Towards understanding user perceptions of authentication technologies”. In Proceedings of the 2007 ACM workshop on Privacy in electronic society (WPES '07). ACM, New York, NY, USA, 91-98. 2007.

26 RIVERA SÁNCHEZ-26 CSE 5810 Questions?   Background   User Authentication  Problem  Goal   Approaches   Existing Mobile Applications   Limitations   Conclusion

Download ppt "RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)

Similar presentations

Ads by Google