Click to add title - Wayne State University
Download
Report
Transcript Click to add title - Wayne State University
Beacon Cloud
Mobile Blood Donation Registration Service: A Case Study
Salute
•
•
•
•
•
•
•
•
•
•
•
•
Prof. Ho-Fung Leung
Dr. C. K. Lee
Dr. Wendy Hui
Lalita Narupiyakul
Matthias Farwick
Kai-kin Chan
Thomas Trojer
Michelle Watson
Stephanie Chow
Frenco Cheung
Mars Yim
Ryan Bishop
2
Outline
•
•
•
•
•
•
Objective
Blood Donation Registration System
System Architecture
HL7: Health Level Seven
Data Privacy & Security Technology
Conclusion and Future Works
3
Registration System
Business
Logic
Privacy
&
Security
Registration
Form
Web
Service
Web 2.0
Wireless
Network
4
Registration Form
5
Objective
• Minimize drop out blood donors
• Maximize return blood donors
• Reduce time and human error
• Keep contact with blood donors
• Promote blood donation events
• Provide visualize education about blood donation
• Maximize blood donation services
6
Registration System
•
Use Case: Blood Donation Registration
– Apply to the other cases
•
Using Business Logic,
– The form with question selection can be
optimized, based on donor’s background
– Optimize workflow
Using OWL and Semantic Web
•
Support mobile circumstances
•
Compatible with mobile devices
– i.e. UM-PC and EEE PC
7
Beacon Cloud’s Project
•
Rationale associated to a question
Recommendation
Regarding to your health, if you are not feeling well today,
we do not recommend you to donate blood.
8
Introduction
•
Highlight of Hong Kong Red Cross Blood Donation System
Linux
Network
User
Interface
Privacy
&
Security
XML Security
• XACML
• WS-Security
(Apache)
Open Source
Connectivity
GUI
• Tomcat
• Axis2
• eXist
• Private Wireless
Network
• JSF
• Ontology
• LAN
• Bluetooth
9
Web 2.0
Privacy
Security
HL7
Web 2.0
User
Interface
System
Architecture
10
Blood Donation Registration on Web 2.0
Web 2.0
XML
&
RSS
Web Service
&
SaaS
Facebook,
&
MSN
• Trend in the use of World Wide Web technology and web design
• Aim to enhance creativity, information sharing, and, most notably,
collaboration among users
• Web 2.0 concepts have led to the development and evolution of
web-based communities and hosted services
11
Hong Kong Red Cross Group
•
For Facebook, donor can join Hong Kong Red Cross
group to receive news and events
12
RSS and Ontology
• RSS is a family of Web feed formats used to publish frequently
updated content
•
•
WHO: Outbreak RSS : http://www.who.int/feeds/entity/csr/don/en/rss.xml
Red Cross: News RSS: http://www.redcross.org/websites/rss/
13
Example of Optimized Workflow
14
Example of Optimized Workflow (Cont.)
Q14a = Boolean
14. Have you received surgery (including
endoscopic examination, treatment
involving the use of catheters)?
Q8_1
Q8 = Boolean
= Boolean
8(1).
8). Have
Have
you
you
had
had
contact
contact
with an infectious disease?
YES
YES
Ask Level of
Surgery
Ask to specify
disease
If elective minor then defer 3 months
Else If elective major then defer 6 months
Else If elective major emergency then defer 12 months
Else contact nurse (nurse can decide a level)
Disease
Ontology
15
Check ontology and
Decide the defer time
System Architecture: Beacon Cloud
Security
Web 2.0
Privacy
System
Architecture
HL7
User
Interface
16
Blood Donation Station
1.User fills out form on Ultra Mobile PC
(EEEPC).
2. The form is constantly adjusted to the user
input by Semantic Web Engine.
3. The data is securely send over wireless
network to Server Laptop.
4. Server Laptop processes data, checks
validity.
5. Data is stored in Local XML Database.
6. Form is printed on demand by nurse.
17
System Architecture: Beacon Cloud
18
Beacon Cloud: Cloud Computing
•
Cloud Computing Concept:
– The vast computing resources will reside somewhere out
there in the ether (rather than in your computer room) and
we'll connect to them and use them as needed
•
Business model of Software as a Service (SaaS)
– Cloud services
•
Beacon Cloud is a cloud computing system with
specially focusing on the security technology for
mobile XML services
19
Beacon Cloud
20
User Interface
Web 2.0
System
Architecture
Security
User
Interface
Privacy
HL7
21
User Interface with JSF
•
J2EE Model View Control Pattern (MVC) for the Web
•
Integrated validation of user input
•
Integrated dynamic page flow support (important for
adaptation to user input)
•
Ajax add-ons for dynamic behaviour (i.e. progress bars,
dynamic highlighting,...)
•
Server-side Java classes make integration with Web
Services easy
22
HL7: Health Level Seven
System
Architecture
User
Interface
Web 2.0
HL7
Security
Privacy
www.hl7.org
23
Health Level Seven (HL7)
•
•
•
•
Formed in the United States in 1987
One of several American National Standards Institute
(ANSI)
"Level Seven"
– Refer to the highest level of the International Organization for
Standardization (ISO) communications model for Open Systems
Interconnection (OSI)
– Application level
Who needs HL7
– Hospitals, doctors, nurses and health care practitioners
– Require the ability to send and receive healthcare data
Ex. patients information, lab reports and test results
24
HL7 version 3.0 and CDA
•
HL7 is in the XML platform
– Version 3.0
– Provide XML schema as standard
•
Clinical Document Architecture (CDA)
–
–
–
–
Version 2.0
Standard for the clinical document
Schemas for recording clinical events in documents
Composed of 2 main parts
Header: Patient information, Document information, Confidential level, Time
stamp
Body: Medical background, Physical examination, Image, Video
25
Privacy & Access Control
User
Interface
HL7
System
Architecture
Privacy
Web 2.0
Security
26
What is Privacy?
• “Privacy is the ability of an individual or group to
stop information about themselves from becoming
known to people other than those they choose to give
the information to.”
» http://en.wikipedia.org/wiki/Privacy
• “All persons have a fundamental right to privacy, and
hence to have control over the collection, storage,
access, communication, manipulation and disposition
of data about themselves.”
» International Medical Informatics Association (IMIA)
27
HIPAA-Compliant Privacy
Access Control Model for Web Services
•
Healthcare Privacy
Legislation
– Health Insurance
Portability and
Accountability Act
(HIPAA)
Figure from Cheng, V. S. Y.’s thesis
28
Role-Based Access Control (RBAC) Model
Core RBAC Model
American National Standard 359-2004
is the Information Technology industry
consensus standard for RBAC
Adapted from: David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli,
“Proposed NIST Standard for Role-Based Access Control, ACM
29 Transactions on Information and Systems Security
(TISSEC),” Volume 4, Number 3, August 2001.
A Typical Scenario of Requesting E-Healthcare
Information
I would like to check the
medical billing of …?
Here it is…
Insurance
Company
Patient
(Service
(ServiceRequester)
Requester)
Insurance
Hospital
Company
(Service
(Service Provider)
Provider)
30
eXtensible Access Control Markup
Language (XACML)
•
Provide a policy language
– Allow administrators to define the access control requirements
for their application resources
•
Support data types, functions, and combining logic
– Allow complex (or simple) rules to be defined
•
•
XACML privacy profile
Includes an access decision language
– used to represent the runtime request for a resource
•
When a policy is located which protects a resource
– The functions compare attributes in the request against
attributes contained in the policy rules ultimately yielding a
permit or deny decision
31
XACML Concept
32
XACML Context and RBAC Entities
Core RBAC Entities
XACML Implementation
USERS
<Subjects>
ROLES
<Subject Attributes>
OBJECTS
<Resources>
OPS
<Actions>
PRMS
<PolicySet>
<Policy>
33
XACML Policy
<Policy
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:
rule-combining-algorithm:deny-overrides">
<Description>An example policy </Description>
<Rule Effect="Permit">
Permission
<Description>
Julius Hibbert can read Bart Simpson's medical record for
medical treatment purpose if she follows the obligation
“No disclosure” and “No retention”
</Description>
<Subjects>
<Subject>Julius Hibbert</Subject>
Subject
</Subjects>
<Resources>
<Resource>
http://medico.com/record/patient/BartSimpson
Object
</Resource>
</Resources>
<Actions>
<Action action:purpose = “Medical Treatment”>
Purpose
</AttributeValue>read</AttributeValue>
Operation
<recipients>Individual</recipients>
Recipient
</Action>
</Actions>
<Obligations>No-disclosure</Obligations>
Obligation
Retention
<Retentions>No-retention</Retentions>
</Rule>
</Policy>
34
Sample XACML Request
<Request>
<Subject>
<Attribute>Julius Hibbert</Attribute>
</Subject>
<Resource>
http://medico.com/record/patient/BartSimpson
</Resource>
<Action action:purpose = “Medical Treatment”>
</AttributeValue>read</AttributeValue>
<recipients>Individual</recipients>
</Action>
</Request>
35
Subject
Object
Purpose
Operation
Recipient
Sample XACML Permit/Deny Decision
<Response>
<Result>
<Decision>Permit</Decision>
Access “Allow” Decision
<Obligations>No-disclosure</Obligations>
Obligation
Retention
<Retentions>No-retention</Retentions>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>
<Response>
<Result>
<Decision>Deny</Decision>
Access “Deny” Decision
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>
36
Security
HL7
Privacy
User
Interface
Security
System
Architecture
Web 2.0
37
XML Security in Java
•
Apache XML Security Technology
•
XWS-Security
•
J2SE Security (JCE/JCA APIs)
•
JSR 105: XML Digital Signature APIs
•
JSR 106: XML Digital Encryption APIs
38
Conclusion
•
•
Use Case: Hong Kong Red Cross Blood Donation System
•
•
•
•
•
•
Support network connections: wireless, LAN, Bluetooth
Develop an optimized workflow based on business logic, and
ontology.
Designed XML security technologies for mobile devices
Employ open source software
Provide web services
Compatible with Linux platform
We are conducting a blood donor survey in the Hong Kong
Red Cross.
39
Future Works
•
•
Testing the Bone Marrow Donor Registration Form
•
Assessing the XML security threats in the mobile system
http://www.milescan.com/hk/
Adopting a robot “Autom” in the frontend for blood donors
http://www.intuitiveautomata.com/
40