1 / 18

Proximity Based Access Control for Smart-Emergency Departments *

Proximity Based Access Control for Smart-Emergency Departments *. Sandeep Gupta*, T. Mukherjee*, K. Venkatasubramanian* and T. Taylor + *Department of Computer Science & Engineering Ira A. Fulton School of Engineering Arizona State University Tempe, Arizona, USA http://impact.asu.edu

galia
Download Presentation

Proximity Based Access Control for Smart-Emergency Departments *

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proximity Based Access Control for Smart-Emergency Departments* Sandeep Gupta*, T. Mukherjee*, K. Venkatasubramanian* and T. Taylor+ *Department of Computer Science & Engineering Ira A. Fulton School of Engineering Arizona State University Tempe, Arizona, USA http://impact.asu.edu +Mediserve Information Systems Tempe, Arizona, USA *Work done in collaboration with MediServe Information Systems

  2. Overview • Motivation - Emergency Department Workflow • Proximity Based Access Control (PBAC) • Proximity zone design • Positioning system • Levels of Resource Access • PBAC Model • PBAC Policy Specifications • Administrative Policies • Access Control Policies • Prototype Development • Conclusions

  3. Emergency Department - Background • Emergency Departments (ED) help people experiencing medical emergencies which are life-threatening or can cause disabilities. • Primary focus of ED is to provide patient care. • ED procedures which minimizes distraction for caregivers is essential for its effectiveness.

  4. Triage Area Waiting Area out Left Without Treatment ED Treatment Area out Discharged Home Patient Logged IN Triage in Room Needs In-Patient care Transfer to Another Facility out Immediate Surgery Admitted to Hospital Emergency Department- Problem Statement • Patients follow well defined service paths in ED workflow. • Several data systems need to be accessed, here, requiring unique log-in process. • Such explicit session log-in/out process causes distraction for caregivers and result in vulnerabilities Areas where automated access to resources improves efficiency Automation of mundane access related tasks can improve ED efficiency.

  5. Proximity Based Access Control (PBAC) • Principal Idea is to automatically provide access to resources when a subject comes within its proximity. • Challenges • Design of proximity zone to a resource. • Determination of proximity to a resource. • Enforce appropriate information access policy. PROXIMITY-BASED ACESS TO RESOURCE

  6. Design of Proximity Zone Zone 2 • Definition of proximity is essential for PBAC • Proximity zones characteristics: • Number • Shape (circle, square ..) • Size (radius, length of sides.. ) • Factors influencing proximity zone: • The access control policies for the resource. • The geometry of the area. • The accuracy of the positioning system. • Radio environment of the area. Zone 1 PROXIMITY ZONES AROUND RESOURCES

  7. Sample Proximity Zone Design • The application (resource, access policy) mandates • Sapp shape of the proximity zone • Rapp  parameters for the shape • Physical Zone Design: • Based on the accuracy positioning system, we set • Ri Ri + Δ, for every i  Rapp • Δ is the average error in the accuracy of the positioning system. • Based on the geometry of the area , we set • Sapp Sgeo’ • Sgeo’ is the new shape. Application mandated shape and size Actual Shape & size Δ

  8. Determination of Proximity • Proximity detection directly tied to accuracy of underlying positioning system. • The radio environment plays an important role in positioning system accuracy. • Need a system which works accurately indoors. • Positioning system classification: • RF based • RF and ultra-sound based • Ultra-Wide Band based Winner:Ultra-Wide Band, because…

  9. Ultra-Wide Band (UWB) based positioning • Better performance for indoor environments e.g. ED. • Short signal pulse makes it less vulnerable to multipath-effects. • Any interference noise is normalized over a wide signal band keeping the SNR high. • UWB operated at 3-10 GHz frequency range where few other devices work, minimizing interference.

  10. Access to Resources in PBAC • Subjects have varying degrees of access privileges. • If multiple subjects in resource proximity: • Common set of privileges should be provided. • Should not include access to subject specific information. • Subject in proximity without intent of access should be recognized.

  11. Levels of Access • Authentication is a means of ensuring enforcement of appropriate privileges. • Three levels of authentication: • No-Auth: access restricted to publicly available information. • Level – I: single challenge/response session, guarantees privileges corresponding to their organizational domain (ED, Trauma center). All subjects in the domain have common set of privileges. • Level – II: additional challenge/response session required, allows access to sensitive information (patient data). Role Specific (Level II Auth) Domain Specific (Level I Auth) Public (No Auth)

  12. PBAC - Model • Access to resources provided based on: • Proximity • Current Level of Authentication • Privileges given to subjects using Role Based Access Control (RBAC) model. • Two types of roles: • Organizational (OR): role assigned when subject joins the system, doctor in hospital. • Group (GR): role assigned based on subject’s domain of work, surgeon in ED.

  13. PBAC - Model Implementation • Each resource maintains a list of roles (resource roles (RR)) and associated privileges called Access Control List (ACL). • Subjects’ Group/ Organizational roles mapped on to RR in ACL by resource for access. • Context information provides information on: • Proximity • Level of Authentication • Others in Subject’s Domain and their privileges Context Group/ Org Role f ACL Privileges RR Role 1 Privileges for Role 1 Role 2 Privileges for Role 2 Privileges for Role N Role N

  14. PBAC- Policy Specifications • Specify rules for accessing service provided by resource, using PBAC. • Two types of policies: • Administrative • Define the rules for administrative function within the system. • Access Control • Define the rules based on which access is given to subjects in proximity of resources.

  15. Administrative Policies Specification • Two principal policy classifications: • Assigning Roles • OR • GR (can be given only to subjects with OR) • Removing Roles • OR (cannot be removed until all associated GRs for a subject are removed) • GR Administrative Policies Assigning Roles Removing Roles OR GR

  16. Access Control Policies Specification Access Control Policies Access to Unoccupied Resources Access to Occupied Resources Single Subject Multiple Subjects Single Subject Multiple Subjects Direct access Wait for Resource to free Random Choice Log-in Initiate Actual Proximity

  17. Prototype • Built a preliminary prototype for PBAC using a commercially available UWB-based positioning system from Ubisense Inc. • Tested the accuracy of the positioning system at a Level-I Trauma Center ED in the Phoenix Area. • Positioning accuracy of the system was within 2-8 inches. • Implemented the PBAC specifications using the Ubisense™ positioning simulator and tested it in different scenarios (using 3 subjects): • Single subject accessing un-occupied resource. • Multiple subjects accessing un-occupied resource • Subject is proximity without intent of access • Temporary absence of a logged-in subject.

  18. Conclusions • Improving efficiency of ED necessary to provide better care to patients. • Automating resource access in ED allows care-givers to focus on patients. • Proximity-based Access Control (PBAC) useful for this purpose. • We presented specifications for the PBAC and built a prototype to test its working.

More Related