Patients privacy protection with anonymous access to medical services - PowerPoint PPT Presentation
1 / 15
Title:
Patients privacy protection with anonymous access to medical services
Description:
Patient's privacy protection with anonymous access to medical services ... Anonymous authentication and access to Healthcare service providers (HSP) ... – PowerPoint PPT presentation
Number of Views:108
Avg rating:3.0/5.0
Title: Patients privacy protection with anonymous access to medical services
1
Patients privacy protection with anonymous
access to medical services
- Dasun Weerasinghe, Kalid Elmufti, M Rajarajan,
Veselin Rakocevic - Mobile Networks Research Group
- School of Engineering and Mathematical Sciences
- City University
- London
2
Outline of the Presentation
- Motivation factor
- Anonymous access medial environment
- Propose protocol
- Security tokens
- Risk analysis
- Conclusion
3
Motivation factor
- Overstretched and under budgeted health sector
- Data transmission in the Internet/mobile network
- Sensitive medical information
- Possibility of selling medical information
- Patients privacy
- Patients anonymity
4
Anonymous Access Medical Environment
5
Protocol
- Anonymous authentication and access to Healthcare
service providers (HSP) - Patients access medications over the Internet or
Mobile networks - Assumptions
- Patients register with Healthcare Service Unit
(HSU) - HSP are registered with HSU
- 2 phases in the protocol
- Patient registration with the HSP
- Patient authentication and anonymous service
access
6
Patient registration with the HSP
RRT eHSP (sHSU UIDTStsKKeyLifeTime)
HSP
HSP
HSU
HSP
Patient
- RT eHSP (sHSU UIDTS)
7
Security Tokens in Registration
- Registration Token
- RT eHSP (sHSU UIDTS)
- ltRegistrationTokengt
- ltUIDgtStringlt/UIDgt
- ltTimeStampgtTimestamplt/TimeStampgt
- lt/RegistrationTokengt
- Registration Request Token
- RRT eHSP (sHSU UIDTStsKKeyLifeTime)
- ltRegistrationRequestTokengt
- ltUIDgtStringlt/UIDgt
- ltTimeStampgtTimestamplt/TimeStampgt
- ltTempSessionKeygtKeylt/TempSessionKeygt
- lt/RegistrationRequestTokengt
8
Patient authentication and anonymous service
access
HSU
HSP
HSU
HSP
HSU
HSP
UT eHSP (sHSU TUIDTStsKKeyLifeTime)
Patient
9
Security Tokens in Request Access
- User Token
- UT eHSP (sHSU TUIDTStsKKeyLifeTime)
- ltUserTokengt
- ltTempUIDgtStringlt/TempUIDgt
- ltTimeStampgtTimestamplt/TimeStampgt
- ltTempSessionKeygtKeylt/TempSessionKeygt
- ltKeyLifeTimegtTimeltKeyLifeTimegt
- lt/UserTokengt
10
Risk Analysis
- User Anonymity
- HSP identifies patient with a temporary identity
- Temporary identity doesnt relate with the true
identity - Message Privacy
- Patients health information doesn't relate with
true identities - Message confidentiality
- Messages are encrypted
- User Authentication and Authorization
- Secure authentication credentials are used
- User tokens are generated by HSU
11
Risk Analysis (Contd.)
- Replay Attacks
- Unable to reuse the previous login authentication
messages - Attackers are unable to alter timestamps
- Audit trials
- HSU logs login and service access requests
- HSP logs service requests
- Reverse identity track
- HSU maintains mapping between a temporary
identity and the true identity - In a critical medical situation
12
Prototype development
- Fully developed this protocol as a prototype
- Functional with
- Temporary identity
- XML Signature
- XML Encryption/Decryption
- Key management
- Technology and standards
- XML Security
- Single-Sign-On (SSO)
- Liberty Alliance standards
- If anyone interested then I can do a demo
13
Conclusion
- Patient access the medical environment without
providing the identity - Anonymous access medical environment
- Protocol with message formats
- Security tokens for authentication and
authorization - Risk analysis of the protocol
14
Q A ??????
15
Thank you !!!!!
Recommended
CrystalGraphics Presentations
