download presentation

The SePTIS ’ 07The SePTIS ’ 07

-1-::: ETRI, The Future Wave ::: Information Security Research Division

Information Security Research Division

Dec. 18, 2007

Byung Gil Lee

Privacy Management for Medical Service Application using Mobile Phone collaborated with RFID Reader Privacy Management for Medical Service Application using Mobile Phone collaborated with RFID Reader



Contents

Introduction Background of research

Proposed u–Intelligent Hospital Service Model Service Requirement Service Architecture

Design and Implementation of u-IHS System Scenarios and system architecture for privacy managed medical service Trial service in hospital

Conclusion



Introduction Background of research

Recently, RFID/sensor network technologies are increasingly being used in various applications, such as SCM(supply chain management) , warehouse management.

And also has great potential in medical and healthcare service.

In the hospital, most of medical accidents around patients are depended on mis-identification of patient or medical articles.

The accidents can be reduced, if information about the patient is managed automatically.



Introduction (Cont.) Background of research(cont.)

Privacy intrusion situation example :On the department store, bar, hotel, train etc, a malicious person sitting/standing next to you can read your belongings (with unprotected tags) information to know how much you carry in your wallet, the credit card number, the size and the brand name of your underwear, the medicine you are taking and what kind of disease you have, etc. without being known to you [Information-Privacy] plus, adversary also trace you everywhere you go.[Location-Privacy]

Several approaches to RFID security and anonymity have been reported,

but privacy-aware security and user centric privacy control mechanism is not clearly defined.

In privacy aspect, unless these systems are properly designed and constructed, they can cause massive collateral damage to user’s privacy.

So, we propose a structure of protecting the privacy breach using by a profile based privacy management and customizing privacy preference in real-time.

As a useful application, we applied our system to the medical service in the hospital and related area by using privacy aware security system and privacy management mechanism.

Adversary

Department storeBar

Hotel

Adversary

Department storeBar

Hotel

Adversary

Department storeBar

Hotel



RFID system is consist of 4 ~ 6 basic elements, RFID tag embedded products, reader, RFID middle-ware, IS (Information Server) for product business data with code and the another accessing application

We can add to ONS (Object Name Service) system for IS lookup. Sensor network is consist of 3 ~ 4 basic elements, sensor node, sink node

middleware and information server.

Introduction

Network InfraNetwork Infra

Tag Embedded Products

Information Server

RFID Reader

RFID Tag • Unique identifier Code

• Capturing Tag Code

• Product Information

• Manufacture/Distributor/End User• Accessing & Query ApplicationRFID Middle-ware

Basic RFID System and Sensor Basic RFID System and Sensor NetworkNetwork

Sink Node

Sensor Network

USN Middleware

Basic Sensor Network

Basic RFID System



For user’s specific and interactive RFID service and user centric sensor network service, we also include a mobile terminal, integrated with RFID reader which is read RFID tag and perform the linked service.

Users can get the information resolve it by inquiring to a network through mobile network.

In the platform, WIPI(a kind of Korea’s mobile standard platform. It is based on Java platform) is used as a RFID and sensor platform.

Introduction

User ID

CDMAWLANWiBro Local ODS

National ODS

Mobile RFIDMobile RFIDService DiscoveryService Discovery

Gateway (Service Adaptation)Gateway (Service Adaptation)

Secure Mobile RFID PortalSecure Mobile RFID Portal

Information ServiceSecure M/W

Security Lib

RFID Reader

Secure Tag

Sensor Network

Networked mobile RFID System Networked mobile RFID System and Sensor Networkand Sensor Network

Connected to networked Mobile RFID middlewareConnected to networked Mobile RFID middleware



Avoid collecting unnecessary private information in the ubiquitous system Employ a controllable access control mechanism to the data collected in the RFID and sensor based system Real-time and user centric privacy aware information processing User auditable privacy management

Requirements Requirements of the Service in the Privacy Aspect

Adversary

Approach Strategy Approach Strategy

▣ Strategy◈ First step : Access control of patient information by default privacy policy

(result of privacy impact assessment)

◈ Second step : User controllable profile based privacy protection

◈ Third step : Auditable privacy management



Proposed Customizing Ubiquitous Hospital Model

▣ System for u-IHS consists of the following elements ◈ RFID patient Tag and sensor

RFID asset Tag for easy finding of the asset location, . Capturing event : User, asset, etc.

. Sensing : User’s Location, user’s temperature, pulsation rate, blood sugar, etc.

◈ RFID middleware/ Mobile RFID middleware

◈ Sensor Middleware

◈ IS server for RFID and sensor network

◈ IHS Server

. Notifying : Patient’s emergency condition to doctor, patient’s 1st aid information to 1st aid staff

patient’s medical history information to 1st aid or other hospital patient or asset Location to doctor,

results of the audit and user’s obligation to user(patient)

. Controlling : heating or air conditioning device, lighting device etc.




EMR

PACS

ERP

CRM

HL7

Information System

Intra-Hospital App.

NetworkedEmergency App.

NetworkedInter-Hospital App.

Registration

IS

Consent by Patient

Decision by doctoras a urgent patient

Issue TaggedCard

PatientIdentification

PrivacyPrivacy

ProfileProfile

Configure Access Control and Authorization

RPS(RFID Privacy Service Manager)

(for example : heart disease, cerebral hemorrhage)

Service Service Architecture(Registration)Architecture(Registration)

▣ RFID attached medical card can be issued, if a user has urgent disease and consent to issuing and privacy policy of the RFID emergency card for fast 1st aid service

▣ The tag owner sets up his (or her) privacy policy for the tag in

policy manager. The policy is consist of authority of access and the level of the privacy protection.

▣ And back-end medical information server receive the query information and then analyzes the data received from the requester and provides information in accordance with the privacy level set previously in policy manager.


-10-::: ETRI, The Future Wave :::

NetworNetworkkNetworNetworkk

Check Tag IdentificationMedical Examination & Treatment

Tag

Recipient for comprehensivemedical examination


Service Architecture 1(Comprehensive Medical Examination) Service Architecture 1(Comprehensive Medical Examination)

Notify next examination room

User : 1. Compare previous examination history 2. Check the next examination information 3. Check the related medical information



Service Architecture 2(1Service Architecture 2(1stst aid) aid)


① Registered urgent patient tag captured by authorized emergency transportation staff ‘s reader .

Medical history based 1st aid service is provided in the emergency situation

② Using the bio-sensor and RFID, patient’s medical real-time information is transfer to hospital and the doctor’s message is transfer to EV(transportation staff).

③ Using the RFID patient Tag, patient is verified for protection of

medical error in treatment

④ The chartless service is performed by mobile RFID treatment terminal (Reader) in history in health inspection, ER/OR, word in hospital

NetworkNetworkNetworkNetwork

Patient

Hospital (IS)

NotificationService (GPS)

MSDG

RequestEmergencyVehicular

Location is displayed !

First1st aid message

2ndMedical History

3thDoctor’s Message

CDMA

SMS

PrivacyPrivacy

SMSLocation

Arrival to ER

First aid service for emergency situation

Medical Treatment

Chartless ServiceBy Mobile RFID Treatment Terminal Auth Check

Coming in and out

Transfer EV’sLocation

Emergency Room Medical Kiosk

▣ The target of this model is for successful emergency rescue service by making use of the patient tag and mobile RFID reader



RFID Privacy Management Service(RPS)RFID Privacy Management Service(RPS)

▣ Procedure to notify a privacy policy to application server and inquire procedure

▣ Major Function of the RPS- Real-time notification- Profile and policy management- Registration and authentication- Obligation management- Audit Management

<Architecture of the RPS>

Design and Implementation of the System



Mobile RFID Network Mobile RFID Network ConfigurationConfiguration

ET(IS)

dHospital(IS)

DI(IS)

HospitalApp.

ETApp.

ODSCPMS(Customizing Privacy

Management System)

PaymentGateway

MSDGKiosk

ER SecurityMg. IS

M/W

M/W

CPMS Component

CPMS Component

CPMS

Component

ER(IS)PatientApp.

M/W

Medicine(IS)Location

Management

RFID Reader

RFID M/W

Mobile Terminal Gateway

Directory

Hospital

EmergencyTransportation system(911)

Privacy Management

- IS(OIS) : (Object) Information Server- ODS : Object Directory Service- MSDG : Medical Service Discovery Gateway- ET : Emergency Transportation- DI : Diagnosis and Inspection- ER : Emergency Room- PG : Payment Gateway- M/W : RFID middleware

Fixed Terminal Fixed M/W System

RFID (RPS)

▣ Consist of 6 parts




Ubiquitous Network

Registration

Hospital A

Hospital B / Emergency agecy

Medical Privacy Manager CERTIFICATE

Audit : Policy and Result

Setup Obligation

2. General Medical Privacy Manager

Hospital CERTIFICATE


Medical Privacy Manager CERTIFICATE

Public Key /Private key

3. Medical Service Discovery Gateway

4. PKI Certificate Service Manager

1. RFID and Sensor based Ubiquitous Medical Service Broker

(Audit, User Policy etc.)

(Result etc.)

(Result etc.)(Audit, User Policy etc.)


(Request shared Medical Record)


(Result)

Security Association Model Security Association Model ▣ Compatibility and scalability in medical

application may cause problems Context aware Model Context aware Model





Field Trial Service : Ulgi Hospital

in Daejeon, Korea (2007)

Comprehensive Medical Exam. In-Out Mgmt. in ER

Patient Verification - PDAHistory Inquiry for Medical Exam.

RFID KIOSK

Result of Data Inquiry by Privacy Policy



<Management System of Emergency Room> <Auto Identification and Alarm>

RFID Reader is installed in the Entrance of the ER.

Check the Patient’s coming in and out and movement


LBS를 이용하여 전송된환자의 발견위치가 이송단 OIS에 기록된다.

Patient’s Location, Discovered by LBS by Mobile Phone

<Emergency Transportation IS> <Patient’s Medical Information for 1st aid>

RPS에 설정한 프라이버시레벨에 의해 선택적으로 보여짐

Privacy Information

Controlled by User’s Policy

Caution Information in the 1st aid Service for Special Patient

ER andER and ET systemsET systems

▣ Patient management in ER

▣ Alarm notification

▣ Query of patient’s information in ET



<Kiosk>

<Monitoring System>

<Privacy Management System>


Kiosk and RPSKiosk and RPS

▣ Kiosk for issue /kill of tag

▣ Monitoring system and Privacy management



Conclusion We designed an intelligent medical application service by using

privacy aware RFID and Sensor network system . The advantages of this system are as follows : first, we provide

privacy protection for personal data in medical environment.

And, user centric privacy management scheme can be achieved. Second, advanced automatic identification processing in emergency

situation can save the life of patient. Third, medical working conditions are improved by utilizing the auto-

identification of patient. The suggested mechanism and system are effective solutioneffective solution for

medical service in the ubiquitous environment.



Reference material



▣ Freedom from intrusion

▣ Control of information about oneself

▣ Freedom from surveillance

Privacy



▣ PITs

◈ Invisible information gathering based on RFID tag

◈ Secondary use,

◈ Location privacy

Protecting Privacy

Laws and Regulations

Requiring Specific Consent Policies

Businesses must us an opt-in policyBusinesses must obtain consumer consent for each use of their personal information

▣ PETs

• Encryption

• Right to control his own information

download presentation

Business

rfid patient tag

privacy aspect

policy manager

service architecture

hospital app

user policy

hospital certificate

information server