XML Security based Access Control for Healthcare Information in Mobile Environment - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

XML Security based Access Control for Healthcare Information in Mobile Environment

Description:

XML Security based Access Control for Healthcare Information in Mobile Environment Dasun Weerasinghe, Kalid Elmufti, M Rajarajan, Veselin Rakocevic – PowerPoint PPT presentation

Number of Views:127
Avg rating:3.0/5.0
Slides: 19
Provided by: DasunWee2
Category:

less

Transcript and Presenter's Notes

Title: XML Security based Access Control for Healthcare Information in Mobile Environment


1
XML Security based Access Control for Healthcare
Information in Mobile Environment
  • Dasun Weerasinghe, Kalid Elmufti, M Rajarajan,
    Veselin Rakocevic
  • Mobile Networks Research Group
  • School of Engineering and Mathematical Sciences
  • City University
  • London

2
Outline of the Presentation
  • Motivation
  • Security Issues
  • Technologies used
  • Proposed Mobile Healthcare Architecture
  • Advantages

3
Motivation
4
Security Issues
  • Authenticate mobile devices to healthcare service
    operator
  • Confidentiality of the patients health
    information
  • Protect health information from integrity
  • Stockholders in the healthcare service operator
    should be responsible for information sent
  • Different access levels to health information at
    the healthcare service operator

5
Technologies Used
  • XML - eXtensible Markup Language
  • XML Encryption
  • XML Signature
  • XML Key Management Specification

6
XML Encryption
  • Provides end-to-end confidentiality
  • Encryption is based on XML formats
  • Solution to Confidentiality and Authentication
  • Advanced features
  • Partial Encryption
  • Multiple Encryption

7
XML Encryption ( Contd. )
  • Patients blood pressure count in a XML message
  • Blood pressure count has to be encrypted

8
XML Encryption ( Contd. )
  • Encrypted XML Message

9
XML Signature
  • Technology for data Integrity
  • XML Signature specification defines electronic
    signature formats using XML
  • Solution to Authentication, Integrity and
    Non-repudiation
  • Advanced features
  • Partial Signature
  • Multiple Signature

10
XML Signature ( Contd.)
  • Patients blood pressure count is with XML
    signature

11
Mobile Healthcare Architecture
Service Providers
Stakeholders
Insurance Service
Doctor
Private Medical Centre
Nurse
Administrator
Healthcare Service
Pharmacy
Lab
Patient
Healthcare Operator / IdP
Existing Relation
Mobile Operator
12
Protocol for Mobile Health
  • Protocol Addresses
  • Authentication
  • Data Integrity
  • Confidentiality
  • Non- Repudiation
  • Data Access level control
  • Messages are in XML format
  • Communication is based on Web Services

13
Protocol Authentication phase
Service Providers
Mobile Operator
Patient
Healthcare Operator / IdP
Request Access
Request for BSP
Initiate BSP
B-TID
B-TID
B-TID
Ks
RAND Challenge
Challenge Response
UT
B-TID String of based 64 random data
Ks Key material to secure the communication
14
Protocol Authentication to SP
Service Providers
Mobile Operator
Patient
Healthcare Operator / IdP
Request Access to SP, SPID, UT
SPUT, tsK
SPUT
Login confirmation msg
Service Request
SPUT SPID, tsK, TS, PID encrypted by SPs
public key and signed by HO/IdPs private key
15
Protocol - Data Access Level
Service Providers Healthcare Service
Patient
Doctor
Lab
Nurse
Admin
Pharmacy
Service Req
XML Msg
Append message to patient signed by Nurses IK
encrypted by HSs CK
XML Msg
Append message to Admin about billing signed by
Pharmacys IK encrypted by Admins CK
Decrypts all the messages which are encrypted in
HSs CK and append those to XML Encrypt the full
message in tsK
XML Msg
XML Msg
XML Msg
Request Msg encrypted in tsK
XML Msg
XML Msg
Append Lab Results signed by Labs IK encrypted
by Doctors CK
Append XML message to Nurse health
information Signed by Doctors IK and encrypted
by Nurses CK Append XML message to Pharmacy
about drugs Signed by Doctors IK and encrypted
by Pharmacy s CK Append XML message to Patient
doctors comments Signed by Doctors IK and
encrypted by HS s CK
Append data reading for Lab signed by Doctors
IK encrypted by Labs CK
Append Health information encrypted by Doctors
CK Append Patient information encrypted by
Admins CK Msg signed by HSs IK
XML Msg
Append invoice signed by Admins IK encrypted
by HSs CK
IK private key CK public key
16
Protocol - Data Access Level ( Contd.)
  • Same XML document is manipulated over different
    user levels.
  • Data access is restricted using XML elements.
  • Same XML message can be sent to external service
    providers.
  • HS appends information required for external
    parties signed by HSs private key and encrypted
    by receivers public key

17
Advantages
  • Healthcare information is protected in the mobile
    environment
  • Stockholders in the Healthcare service operator
    are responsible for information sent
  • Different access levels are defined in a single
    healthcare information document for different
    user levels

18
Thank You !
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "XML Security based Access Control for Healthcare Information in Mobile Environment" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!