The SePTIS ’ 07 The SePTIS ’ 07 -1- ::: ETRI, The Future Wave ::: Information Security Research Division Information Security Research Division Dec. 18, 2007 Byung Gil Lee Privacy Management for Medical Service Applicati using Mobile Phone collaborated with RFID Reade
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The SePTIS ’ 07The SePTIS ’ 07
-1-::: ETRI, The Future Wave ::: Information Security Research Division
Information Security Research Division
Dec. 18, 2007
Byung Gil Lee
Privacy Management for Medical Service Application using Mobile Phone collaborated with RFID Reader Privacy Management for Medical Service Application using Mobile Phone collaborated with RFID Reader
The SePTIS ’ 07The SePTIS ’ 07
-2-::: ETRI, The Future Wave ::: Information Security Research Division
Contents
Introduction Background of research
Proposed u–Intelligent Hospital Service Model Service Requirement Service Architecture
Design and Implementation of u-IHS System Scenarios and system architecture for privacy managed medical service Trial service in hospital
Conclusion
The SePTIS ’ 07The SePTIS ’ 07
-3-::: ETRI, The Future Wave ::: Information Security Research Division
Introduction Background of research
Recently, RFID/sensor network technologies are increasingly being used in various applications, such as SCM(supply chain management) , warehouse management.
And also has great potential in medical and healthcare service.
In the hospital, most of medical accidents around patients are depended on mis-identification of patient or medical articles.
The accidents can be reduced, if information about the patient is managed automatically.
The SePTIS ’ 07The SePTIS ’ 07
-4-::: ETRI, The Future Wave ::: Information Security Research Division
Introduction (Cont.) Background of research(cont.)
Privacy intrusion situation example :On the department store, bar, hotel, train etc, a malicious person sitting/standing next to you can read your belongings (with unprotected tags) information to know how much you carry in your wallet, the credit card number, the size and the brand name of your underwear, the medicine you are taking and what kind of disease you have, etc. without being known to you [Information-Privacy] plus, adversary also trace you everywhere you go.[Location-Privacy]
Several approaches to RFID security and anonymity have been reported,
but privacy-aware security and user centric privacy control mechanism is not clearly defined.
In privacy aspect, unless these systems are properly designed and constructed, they can cause massive collateral damage to user’s privacy.
So, we propose a structure of protecting the privacy breach using by a profile based privacy management and customizing privacy preference in real-time.
As a useful application, we applied our system to the medical service in the hospital and related area by using privacy aware security system and privacy management mechanism.
Adversary
Department storeBar
Hotel
Adversary
Department storeBar
Hotel
Adversary
Department storeBar
Hotel
The SePTIS ’ 07The SePTIS ’ 07
-5-::: ETRI, The Future Wave ::: Information Security Research Division
RFID system is consist of 4 ~ 6 basic elements, RFID tag embedded products, reader, RFID middle-ware, IS (Information Server) for product business data with code and the another accessing application
We can add to ONS (Object Name Service) system for IS lookup. Sensor network is consist of 3 ~ 4 basic elements, sensor node, sink node
Basic RFID System and Sensor Basic RFID System and Sensor NetworkNetwork
Sink Node
Sensor Network
USN Middleware
Basic Sensor Network
Basic RFID System
The SePTIS ’ 07The SePTIS ’ 07
-6-::: ETRI, The Future Wave ::: Information Security Research Division
For user’s specific and interactive RFID service and user centric sensor network service, we also include a mobile terminal, integrated with RFID reader which is read RFID tag and perform the linked service.
Users can get the information resolve it by inquiring to a network through mobile network.
In the platform, WIPI(a kind of Korea’s mobile standard platform. It is based on Java platform) is used as a RFID and sensor platform.
Introduction
User ID
CDMAWLANWiBro Local ODS
National ODS
Mobile RFIDMobile RFIDService DiscoveryService Discovery
Secure Mobile RFID PortalSecure Mobile RFID Portal
Information ServiceSecure M/W
Security Lib
RFID Reader
Secure Tag
Sensor Network
Networked mobile RFID System Networked mobile RFID System and Sensor Networkand Sensor Network
Connected to networked Mobile RFID middlewareConnected to networked Mobile RFID middleware
The SePTIS ’ 07The SePTIS ’ 07
-7-::: ETRI, The Future Wave ::: Information Security Research Division
Avoid collecting unnecessary private information in the ubiquitous system Employ a controllable access control mechanism to the data collected in the RFID and sensor based system Real-time and user centric privacy aware information processing User auditable privacy management
Requirements Requirements of the Service in the Privacy Aspect
Adversary
Approach Strategy Approach Strategy
▣ Strategy◈ First step : Access control of patient information by default privacy policy
(result of privacy impact assessment)
◈ Second step : User controllable profile based privacy protection
◈ Third step : Auditable privacy management
The SePTIS ’ 07The SePTIS ’ 07
-8-::: ETRI, The Future Wave ::: Information Security Research Division
Proposed Customizing Ubiquitous Hospital Model
▣ System for u-IHS consists of the following elements ◈ RFID patient Tag and sensor
RFID asset Tag for easy finding of the asset location, . Capturing event : User, asset, etc.
. Notifying : Patient’s emergency condition to doctor, patient’s 1st aid information to 1st aid staff
patient’s medical history information to 1st aid or other hospital patient or asset Location to doctor,
results of the audit and user’s obligation to user(patient)
. Controlling : heating or air conditioning device, lighting device etc.
The SePTIS ’ 07The SePTIS ’ 07
-9-::: ETRI, The Future Wave ::: Information Security Research Division
Proposed Customizing Ubiquitous Hospital Model
EMR
PACS
ERP
CRM
HL7
Information System
Intra-Hospital App.
NetworkedEmergency App.
NetworkedInter-Hospital App.
Registration
IS
Consent by Patient
Decision by doctoras a urgent patient
Issue TaggedCard
PatientIdentification
PrivacyPrivacy
ProfileProfile
Configure Access Control and Authorization
RPS(RFID Privacy Service Manager)
(for example : heart disease, cerebral hemorrhage)
Service Service Architecture(Registration)Architecture(Registration)
▣ RFID attached medical card can be issued, if a user has urgent disease and consent to issuing and privacy policy of the RFID emergency card for fast 1st aid service
▣ The tag owner sets up his (or her) privacy policy for the tag in
policy manager. The policy is consist of authority of access and the level of the privacy protection.
▣ And back-end medical information server receive the query information and then analyzes the data received from the requester and provides information in accordance with the privacy level set previously in policy manager.
The SePTIS ’ 07The SePTIS ’ 07
-10-::: ETRI, The Future Wave :::
NetworNetworkkNetworNetworkk
Check Tag IdentificationMedical Examination & Treatment
Tag
Recipient for comprehensivemedical examination
Proposed Customizing Ubiquitous Hospital Model
Service Architecture 1(Comprehensive Medical Examination) Service Architecture 1(Comprehensive Medical Examination)
Notify next examination room
User : 1. Compare previous examination history 2. Check the next examination information 3. Check the related medical information
The SePTIS ’ 07The SePTIS ’ 07
-11-::: ETRI, The Future Wave ::: Information Security Research Division
Service Architecture 2(1Service Architecture 2(1stst aid) aid)
Proposed Customizing Ubiquitous Hospital Model
① Registered urgent patient tag captured by authorized emergency transportation staff ‘s reader .
Medical history based 1st aid service is provided in the emergency situation
② Using the bio-sensor and RFID, patient’s medical real-time information is transfer to hospital and the doctor’s message is transfer to EV(transportation staff).
③ Using the RFID patient Tag, patient is verified for protection of
medical error in treatment
④ The chartless service is performed by mobile RFID treatment terminal (Reader) in history in health inspection, ER/OR, word in hospital
NetworkNetworkNetworkNetwork
Patient
Hospital (IS)
NotificationService (GPS)
MSDG
RequestEmergencyVehicular
Location is displayed !
First1st aid message
2ndMedical History
3thDoctor’s Message
CDMA
SMS
PrivacyPrivacy
SMSLocation
Arrival to ER
First aid service for emergency situation
Medical Treatment
Chartless ServiceBy Mobile RFID Treatment Terminal Auth Check
Coming in and out
Transfer EV’sLocation
Emergency Room Medical Kiosk
▣ The target of this model is for successful emergency rescue service by making use of the patient tag and mobile RFID reader
The SePTIS ’ 07The SePTIS ’ 07
-12-::: ETRI, The Future Wave :::
RFID Privacy Management Service(RPS)RFID Privacy Management Service(RPS)
▣ Procedure to notify a privacy policy to application server and inquire procedure
▣ Major Function of the RPS- Real-time notification- Profile and policy management- Registration and authentication- Obligation management- Audit Management
<Architecture of the RPS>
Design and Implementation of the System
The SePTIS ’ 07The SePTIS ’ 07
-13-::: ETRI, The Future Wave ::: Information Security Research Division
Mobile RFID Network Mobile RFID Network ConfigurationConfiguration
ET(IS)
dHospital(IS)
DI(IS)
HospitalApp.
ETApp.
ODSCPMS(Customizing Privacy
Management System)
PaymentGateway
MSDGKiosk
ER SecurityMg. IS
M/W
M/W
CPMS Component
CPMS Component
CPMS
Component
ER(IS)PatientApp.
M/W
Medicine(IS)Location
Management
RFID Reader
RFID M/W
Mobile Terminal Gateway
Directory
Hospital
EmergencyTransportation system(911)
Privacy Management
- IS(OIS) : (Object) Information Server- ODS : Object Directory Service- MSDG : Medical Service Discovery Gateway- ET : Emergency Transportation- DI : Diagnosis and Inspection- ER : Emergency Room- PG : Payment Gateway- M/W : RFID middleware
Fixed Terminal Fixed M/W System
RFID (RPS)
▣ Consist of 6 parts
Design and Implementation of the System
The SePTIS ’ 07The SePTIS ’ 07
-14-::: ETRI, The Future Wave :::
Ubiquitous Network
Registration
Hospital A
Hospital B / Emergency agecy
Medical Privacy Manager CERTIFICATE
Audit : Policy and Result
Setup Obligation
2. General Medical Privacy Manager
Hospital CERTIFICATE
Hospital CERTIFICATE
Medical Privacy Manager CERTIFICATE
Public Key /Private key
3. Medical Service Discovery Gateway
4. PKI Certificate Service Manager
1. RFID and Sensor based Ubiquitous Medical Service Broker
(Audit, User Policy etc.)
(Result etc.)
(Result etc.)(Audit, User Policy etc.)
Hospital CERTIFICATE
(Request shared Medical Record)
Hospital CERTIFICATE
(Result)
Security Association Model Security Association Model ▣ Compatibility and scalability in medical
application may cause problems Context aware Model Context aware Model
Design and Implementation of the System
The SePTIS ’ 07The SePTIS ’ 07
-15-::: ETRI, The Future Wave ::: Information Security Research Division
Design and Implementation of the System
Field Trial Service : Ulgi Hospital
in Daejeon, Korea (2007)
Comprehensive Medical Exam. In-Out Mgmt. in ER
Patient Verification - PDAHistory Inquiry for Medical Exam.
RFID KIOSK
Result of Data Inquiry by Privacy Policy
The SePTIS ’ 07The SePTIS ’ 07
-16-::: ETRI, The Future Wave ::: Information Security Research Division
<Management System of Emergency Room> <Auto Identification and Alarm>
RFID Reader is installed in the Entrance of the ER.
Check the Patient’s coming in and out and movement
Design and Implementation of the System
LBS를 이용하여 전송된환자의 발견위치가 이송단 OIS에 기록된다.
Patient’s Location, Discovered by LBS by Mobile Phone
<Emergency Transportation IS> <Patient’s Medical Information for 1st aid>
RPS에 설정한 프라이버시레벨에 의해 선택적으로 보여짐
Privacy Information
Controlled by User’s Policy
Caution Information in the 1st aid Service for Special Patient
ER andER and ET systemsET systems
▣ Patient management in ER
▣ Alarm notification
▣ Query of patient’s information in ET
The SePTIS ’ 07The SePTIS ’ 07
-17-::: ETRI, The Future Wave ::: Information Security Research Division
<Kiosk>
<Monitoring System>
<Privacy Management System>
Design and Implementation of the System
Kiosk and RPSKiosk and RPS
▣ Kiosk for issue /kill of tag
▣ Monitoring system and Privacy management
The SePTIS ’ 07The SePTIS ’ 07
-18-::: ETRI, The Future Wave ::: Information Security Research Division
Conclusion We designed an intelligent medical application service by using
privacy aware RFID and Sensor network system . The advantages of this system are as follows : first, we provide
privacy protection for personal data in medical environment.
And, user centric privacy management scheme can be achieved. Second, advanced automatic identification processing in emergency
situation can save the life of patient. Third, medical working conditions are improved by utilizing the auto-
identification of patient. The suggested mechanism and system are effective solutioneffective solution for
medical service in the ubiquitous environment.
The SePTIS ’ 07The SePTIS ’ 07
-19-::: ETRI, The Future Wave ::: Information Security Research Division
Reference material
The SePTIS ’ 07The SePTIS ’ 07
-20-::: ETRI, The Future Wave ::: Information Security Research Division
▣ Freedom from intrusion
▣ Control of information about oneself
▣ Freedom from surveillance
Privacy
The SePTIS ’ 07The SePTIS ’ 07
-21-::: ETRI, The Future Wave ::: Information Security Research Division
▣ PITs
◈ Invisible information gathering based on RFID tag
◈ Secondary use,
◈ Location privacy
Protecting Privacy
Laws and Regulations
Requiring Specific Consent Policies
Businesses must us an opt-in policyBusinesses must obtain consumer consent for each use of their personal information