254432b74b667f0c0be49a8177c51203.ppt
- Количество слайдов: 19
ELECTRONIC PRESCRIPTIONS Basia Korel Kendra Wadsworth
MOTIVATION n Astronomical number of medical errors and deaths n Up to 7, 000 Americans die per year n The financial costs run nearly $77 billion a year n Prescription fraud is a growing problem in the United States.
A. Prescription altered to change the type of drug from Tylenol II to Tylenol IV B. Prescription altered to change the number of refills from one to four
CURRENT STATE-OF-ART n UIFramework - Graphical user interface of prescribing e-Prescriptions project n Trustworthy. RX - Secure transmission of the e. Prescriptions across a trustworthy framework project
GOALS n Integrate the user interface for writing prescriptions with the project that digitally signs and secures the transmission of the prescription. n Add further functionality to the user interface n To incorporate fingerprint authentication to ensure the identity of the physician
WHY FINGERPRINTS? ? ? n Impossible to lend someone your hand n More than 50 percent of all help desk calls are related to passwords either lost, forgotten, or otherwise useless n Other authentication mechanisms require you to carry something n Everyone is known to have a unique, immutable fingerprint
Digital. Persona U. are. U 4000 Reader
FINGERPRINT IDENTIFICATION: HOW IT WORKS A fingerprint is made of a series of ridges and furrows on the surface of the finger. n The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutia points. n Minutiae points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending. n
HOW IT WORKS… n Fingerprint scanner captures an image of the fingerprint (the pattern of ridges and furrows) n Only a subset of features are extracted from the image based on spatial relationships n Data containing subset of data points is stored in a template
HOW IT WORKS… n Our system assumes enrollment – the fingerprint enrollment template is stored in a secure database n The verification template is captured in the running system and verified against the enrollment template
ISSUES… n n n Integration - All data fields must be consistent in database, prescription object in UI and prescription object in Trustworthy. RX Means to instantiate prescription object in Trustworthy. RX with populated fields from UI. Generate an XML file with these populated fields according to XML Schema definition. Fingerprint authentication – assume physician enrollment Generate and store x. 509 certificates from a trust CA for appropriate stakeholders to digital sign prescription object.
DIGITAL SIGNATURES Public key cryptography algorithm n Jane wants to send a secure message to John and John wants to verify it came from Jane n 1. Jane’s message -> hash alg. -> Jane’s message digest 2. message digest -> Jane’s private key -> Jane’s signature 3. Jane -> Jane’s message and signature -> John 4. signature -> Jane’s public key -> hash alg. -> John’s computed message digest 5. Jane’s message digest == John’s computed message digest
x. 509 CERTIFICATES n Uses a digital signature to bind a public key to an identity. - authenticates user - assures that data originated from the verified source - data integrity - protects data from being altered during transmission - confidentiality - protects a user’s identity. n Our implement - Authenticode x. 509 v. 3 certificates this certificate is signed with a private key that uniquely identifies the holder of the certificate.
E-PRESCRIPTIONS DEMO
A FEW PROBLEMS… Both projects needed to be redesigned for proper integration. n Web Services – x. 509 certificates n Web Services - RSACrypto. Service. Provider n
NOT ENOUGH TIME n Web services n Timed session n Replay attack
FUTURE WORK WS-Secure. Conversation – ensure message level security by securing internal SOAP messages in the system. n Web services and SSL – secure end-user to web services connections and database to client connections. n Ensure ethical and lawful drugs/prescriptions are being issued. n
THANK YOUS n Professor Weaver n Mentors: Shaun Hutton & Paul Bui n Dr. Tom Powers n NSF REU Group, Summer 2006
REFERENCES n n n Center for Problem-Oriented Policing, “The Problem of Prescription Fraud”, http: //www. popcenter. org/Problems/problemprescription-fraud. htm Vogelsang, Jeff and Kristin Wang, “Trustworthy Electronic Prescriptions”, Project Documentation, April 2006. Stuppy, John and Austin Kennedy, “Secure e. Prescriptions User Interface”, Project Summary & User Manual, Spring 2006.
254432b74b667f0c0be49a8177c51203.ppt