cse5810: intro to biomedical informatics
DESCRIPTION
CSE5810: Intro to Biomedical Informatics. Dynamically Generated Adaptive Credentials for Health Information Exchange. Eugene Sanzi. Problem. Many stakeholders want easy access to new systems Physicians need to access patient data, no matter where it may be - PowerPoint PPT PresentationTRANSCRIPT
Sanzi-1
CSE5810
CSE5810: Intro to Biomedical InformaticsCSE5810: Intro to Biomedical Informatics
Dynamically Generated Adaptive Dynamically Generated Adaptive Credentials for HealthCredentials for HealthInformation ExchangeInformation Exchange
EugeneEugene SanziSanzi
Sanzi-2
CSE5810
ProblemProblem Many stakeholders want easy access to new systems
Physicians need to access patient data, no matter where it may be
Researchers want access to de-identified data repositories
Data may be needed quickly Emergency medical situations leave little time to
gain proper authorization
Systems today still use outdated username/password techniques Incorrect assumption that physicians have time
and ability to register with these systems
Sanzi-3
CSE5810
RequirementsRequirements
Need a way for physicians identify themselves to any system Users possess an electronic ID that they can
present for authentication
Provide a method for verifying that presented credentials are legitimate
Allow systems to automatically allow or deny different levels of access based on the presented credentials
Sanzi-4
CSE5810
SolutionSolution OverviewOverview
A physician gains access to different systems over the course of a career Ex. - Access to their local hospital's data Access may happen under different roles
Use the physician's system access history as a set of credentials Each system grants a certificate if access is allowed Physicians can collect these certificates into a
digital wallet and present them as credentials Systems can see which other systems have granted
access
Sanzi-5
CSE5810
CertificatesCertificates Identity certificates are used to establish a user's
identity Public key cryptography is used to ensure that you
are communicating with the certificate's owner Certificates are issued by Certificate Authorities
(CAs) Certificate authorities establish user's identity by
other means before issuing a certificate Ex. Driver's license, SSN
You trust any valid certificate issued by a certificate authority that you trust Certificate authorities sign the certificates they
issue The user inspects the signature, a valid signature
proves it was issued by the certificate authority
Sanzi-6
CSE5810
CertificatesCertificates
Sanzi-7
CSE5810
AttributeAttribute CertificatesCertificates
A specialized certificate that stores attributes in a key-value pair format Attribute certificates are signed by an attribute
authority rather than a certificate authority Attribute certificates are connected to an identity
certificate An identity certificate may be tied to multiple
attribute certificates
We will use this ability to store information related to user access Save information on user role assigned by the
system
Sanzi-8
CSE5810
DIRECTDIRECT ProjectProject
Has the concept of a HISP (Health Information Service Provider) Concept encapsulates systems needed for health
exchange
HISPs must maintain their domain and a list of Trusted Anchors Trusted Anchors are like root certificates If one certificate in a certificate chain during the
certificate validation process is found to be a trusted anchor, the leaf certificate is valid
Sanzi-9
CSE5810
DIRECT ProjectDIRECT Project
Sanzi-10
CSE5810
OIDsOIDs HL7 OIDs are prefixed with the code
2.16.840.1.113883 There are 3 root branches
The 2 indicates that the root of this branch is managed by JOINT-ISO-ITU-T
Each number represents another branch in a hierarchy
HL7 controls all the children of this code New OIDs can be generated by registering them
with a node's registration authority HL7 provides a form where new OIDs can be
submitted and become part of the HL7 OID standard A record of the user who submitted the OID is kept
on record
Sanzi-12
CSE5810
Gaining AccessGaining Access
When John Smith wants to obtain access to a new system, he will: Create a secure connection to the system Decide which credentials he will send to gain
access Send the relevant identity and attribute certificates
along with the request If access is granted, John Smith will generate a new
public/private key pair and receive a new identity and attribute certificate issued by the system's certificate and attribute authority The system may choose to use a session-scoped
Rule Certificate to define John's security policy
Sanzi-13
CSE5810
DefiningDefining AnAn AccessAccess PolicyPolicy
Each system defines a security policy that specifies constraints based on: The user role The type of data being accessed Valid certificates presented
Provide a mapping from HL7 defined roles to the data that the system guards
Mappings for remote, automatically authenticated users may be different from the mappings given to local users
Sanzi-14
CSE5810
ExampleExample
John Smith wants to access research data on diabetes management from Day Kimball Hospital He does not have any kind of affiliation with Day
Kimball Hospital He does have his digital wallet of certificates
proving his active involvement in the field of medical research
Sanzi-15
CSE5810
John Smith's WalletJohn Smith's Wallet
Sanzi-16
CSE5810
Choose Relevant CredentialsChoose Relevant Credentials
Sanzi-17
CSE5810
Send Request With CredentialsSend Request With Credentials
Sanzi-18
CSE5810
Check Security PolicyCheck Security Policy
Sanzi-19
CSE5810
Generate CertificatesGenerate Certificates
Sanzi-20
CSE5810
John Smith's New WalletJohn Smith's New Wallet
Sanzi-21
CSE5810
JohnJohn Smith'sSmith's NewNew WalletWallet
John Smith adds the identity and attribute certificates issued to him to his digital wallet
He can now use the certificate issued to him by Day Kimball hospital to gain access to other new systems
Day Kimball Hospital can now identify him with his new identity certificate
John Smith could also make requests for Physician role access using his attribute certificates that name him a physician and the certificates given to him by Day Kimball Hospital
Sanzi-22
CSE5810
FutureFuture WorkWork Increase the granularity of security policies
Providers may want to allow/deny access based on location as in Access Control based on Attribute Certificates for Medical Intranet Applications
If a physician is requesting information for a specific patient they have already treated it may help the decision process May require extension to attribute certificates
Security based on Access Time or Count Someone who only accessed research data once 20
years ago for a school project should not have automatic access to research data now
Differentiate between certificates issued by an employer and certificates issued in an automatic fashion
Sanzi-23
CSE5810
FutureFuture WorkWork Increase efficiency
Validating long certificate chains is a time consuming process
Updates to saved attributes would result in needing to have the Attribute Authority resign attribute certificates
How can a physician regain proper credentials if a CA is compromised?
How to handle local practices which may not have a separation between certificate administration and the medical providers using certificates
Need a method for constraining what local CAs can do