1 / 18

XML Security based Access Control for Healthcare Information in Mobile Environment

XML Security based Access Control for Healthcare Information in Mobile Environment. Dasun Weerasinghe, Kalid Elmufti, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group School of Engineering and Mathematical Sciences City University London. Outline of the Presentation.

mliss
Download Presentation

XML Security based Access Control for Healthcare Information in Mobile Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XML Security based Access Control for Healthcare Information in Mobile Environment Dasun Weerasinghe, Kalid Elmufti, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group School of Engineering and Mathematical Sciences City University London

  2. Outline of the Presentation • Motivation • Security Issues • Technologies used • Proposed Mobile Healthcare Architecture • Advantages

  3. Motivation

  4. Security Issues • Authenticate mobile devices to healthcare service operator • Confidentiality of the patient’s health information • Protect health information from integrity • Stockholders in the healthcare service operator should be responsible for information sent • Different access levels to health information at the healthcare service operator

  5. Technologies Used • XML - eXtensible Markup Language • XML Encryption • XML Signature • XML Key Management Specification

  6. XML Encryption • Provides end-to-end confidentiality • Encryption is based on XML formats • Solution to Confidentiality and Authentication • Advanced features: • Partial Encryption • Multiple Encryption

  7. XML Encryption ( Contd. ) • Patient’s blood pressure count in a XML message • Blood pressure count has to be encrypted

  8. XML Encryption ( Contd. ) • Encrypted XML Message

  9. XML Signature • Technology for data Integrity • XML Signature specification defines electronic signature formats using XML • Solution to Authentication, Integrity and Non-repudiation • Advanced features • Partial Signature • Multiple Signature

  10. XML Signature ( Contd.) • Patient’s blood pressure count is with XML signature

  11. Mobile Healthcare Architecture Service Providers Stakeholders Insurance Service Doctor Private Medical Centre Nurse Administrator Healthcare Service Pharmacy Lab Patient Healthcare Operator / IdP Existing Relation Mobile Operator

  12. Protocol for Mobile Health • Protocol Addresses • Authentication • Data Integrity • Confidentiality • Non- Repudiation • Data Access level control • Messages are in XML format • Communication is based on Web Services

  13. Protocol – Authentication phase Service Providers Mobile Operator Patient Healthcare Operator / IdP Request Access Request for BSP Initiate BSP B-TID B-TID B-TID Ks RAND Challenge Challenge Response UT B-TID = String of based 64 random data Ks = Key material to secure the communication

  14. Protocol – Authentication to SP Service Providers Mobile Operator Patient Healthcare Operator / IdP Request Access to SP, SPID, UT SPUT, tsK SPUT Login confirmation msg Service Request SPUT = SPID, tsK, TS, PID; encrypted by SP’s public key and signed by HO/IdP’s private key

  15. Protocol - Data Access Level Service Providers: Healthcare Service Patient Doctor Lab Nurse Pharmacy Admin Service Req XML Msg Append message to patient: signed by Nurse’s IKencrypted by HS’s CK XML Msg Append message to Admin: about billing signed by Pharmacy’s IK encrypted by Admin’s CK Decrypts all the messages which are encrypted in HS’s CK and append those to XML Encrypt the full message in tsK XML Msg XML Msg XML Msg Request Msg: encrypted in tsK XML Msg XML Msg Append Lab Results: signed by Lab’s IKencrypted by Doctor’s CK Append XML message to Nurse: health information Signed by Doctor’s IK and encrypted by Nurse’s CK Append XML message to Pharmacy: about drugs Signed by Doctor’s IK and encrypted by Pharmacy’s CK Append XML message to Patient: doctors comments Signed by Doctor’s IK and encrypted by HS’s CK Append Health information: encrypted by Doctor’s CK Append Patient information: encrypted by Admin’s CK Msg : signed by HS’s IK Append data reading for Lab: signed by Doctor’s IK encrypted by Lab’s CK XML Msg Append invoice: signed by Admin’s IK encrypted by HS’s CK IK: private key CK: public key

  16. Protocol - Data Access Level ( Contd.) • Same XML document is manipulated over different user levels. • Data access is restricted using XML elements. • Same XML message can be sent to external service providers. • HS appends information required for external parties; signed by HS’s private key and encrypted by receiver’s public key

  17. Advantages • Healthcare information is protected in the mobile environment • Stockholders in the Healthcare service operator are responsible for information sent • Different access levels are defined in a single healthcare information document for different user levels

  18. Thank You !

More Related