protecting medical data
play

Protecting medical data with passwordless authentication Carl - PowerPoint PPT Presentation

Sep 06, 2023 •209 likes •448 views

Protecting medical data with passwordless authentication Carl Svensson, KRY/LIVI @ PasswordsCon 2018 1 / 16 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail (private):

  1. Protecting medical data with passwordless authentication Carl Svensson, KRY/LIVI @ PasswordsCon 2018 1 / 16

  2. Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail (private): calle.svensson@zeta-two.com E-mail (work): carl@kry.se Twitter: @zetatwo 2 / 16

  3. Background Agenda 1. KRY/LIVI, Background 2. Authentication so far 3. Expanding to other countries 4. Design process 5. Our solution 6. Results: 6 months in 3 / 16

  4. Background Disclaimers, this talk: About constraints About business About process Not about technology 4 / 16

  5. Background KRY/LIVI, Healthcare online Online healthcare provider Healthcare data Possibly the most sensitive "Patient first", UX/UI important 500 000+ users 3% of primary care in Sweden 5 / 16

  6. Background Authentication in Sweden BankID, digital identity Issued and validated by banks Private but used in public Well-established 6 / 16

  7. Background Authentication in Norway Pretty much the same as Sweden 7 / 16

  8. Background Expanding to Europe Problem In UK, no personal ID number In France, typically no ID at doctor "Passwords suck" - Our CEO "We are launching in 3 months" - Also our CEO 8 / 16

  9. Background Problem statement Problem Challenges Authenticate without passwords No digital ID available User friendly User friendly User friendly Secure Consolation Users are valuable 9 / 16

  10. Background Understand the data model Problem A person is not a phone People have kids Process Device (1-*) User (*-*) Patient 10 / 16

  11. Background Understanding the scenarios Problem New device Access to old Process No access to old Old device Reinstall Strong authentication Onfido Empty account? Allow weak authentciation Revokation? 11 / 16

  12. Background Public key challenge-reponse with Problem tiered identity Process Registration Create a device If no user, create Solution If user is patient: Onfido First medical interaction Create patient Link user to patient On create patient Onfido verification Multiple devices per patient Register new user Link users 12 / 16

  13. Background Results: Pros Problem No password! (mostly) Seamless Process (pretty) User friendly (fairly) Secure Solution 13 / 16

  14. Background Results: Cons Problem Breaks conventional mental model Overloads words Process Revokation not fast enough Solution 14 / 16

  15. Background Evaluation: How did it go? Problem Users are registering Users are staying Process No known incidents Iterative process Solution 15 / 16

  16. Thank you for listening! Questions? 16 / 16

  17. 16 / 16

  18. 16 / 16

  19. 16 / 16

  20. 16 / 16

  21. 16 / 16

  22. 16 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden

Data confidentiality Protecting privacy in medical research Henk Jan van der Wijk Leiden University Medical Center (LUMC) Tuesday 1st April 2014 from 11.30 12.00 #EBMT2014 www.ebmt.org Data confidentiality requested topics Explanation

512 views • 20 slides
Medical Devices and Data: PROTECTING PATIENTS AND THEIR PHI Marcus Christian Christopher Mikson,

Medical Devices and Data: PROTECTING PATIENTS AND THEIR PHI Marcus Christian Christopher Mikson,

Medical Devices and Data: PROTECTING PATIENTS AND THEIR PHI Marcus Christian Christopher Mikson, MD Partner Partner mchristian@mayerbrown.com cmikson@mayerbrown.com Laura Hammargren Emily Strunk Partner Associate

826 views • 70 slides
CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

1.27k views • 78 slides
The Rights of the Child and the Role of the Medical Profession in Protecting the Right to

The Rights of the Child and the Role of the Medical Profession in Protecting the Right to

The Rights of the Child and the Role of the Medical Profession in Protecting the Right to Health -- Prof. David Weissbrodt Topics and Advances in Pediatrics Max Seham Lecture Dr. Max Seham, born in Russia, 1888, and immigrated to

567 views • 30 slides
The 2012-13 Flu Epidemic: Protecting Ourselves and Our Patients Celia Shmukler, M.D., Medical

The 2012-13 Flu Epidemic: Protecting Ourselves and Our Patients Celia Shmukler, M.D., Medical

The 2012-13 Flu Epidemic: Protecting Ourselves and Our Patients Celia Shmukler, M.D., Medical Director The Winter 2012-13 Flu Epidemic: Worst Flu Season in Years Widespread nationally, in 47 out of 50 states Governor Cuomo declared a

320 views • 11 slides
Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice

Sharing and Protecting Data to Improve Student Outcomes Community Schools Community of Practice Nov. 16, 2017 Agenda Why sharing and protecting student data matters Sharing data deep dive Protecting data deep dive Tips

313 views • 30 slides
Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6

Protecting Your Identity, Data, and Assets 1 Its Not a Matter of If, but When 17.6 million 63% Identity fraud is a serious issue. people experienced of confirmed data Fraudsters have identity theft in 2014 breaches involved stolen

605 views • 29 slides
Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed

Protecting Sensitive Data Implementation of a Sensitive Data Manager Recommendation Briefed Presidents Executive Council on 13 Jan: recommended to proceed with deploying a Sensitive Data Manager tool on all UND owned computers to

321 views • 6 slides
P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g

P Protecting Confidential Data on i C fid i l D Personal Computers with S p torage g Capsules Kevin Borders, Eric Vander Weele, Billy Lau, and Atul Prakash Problem: Malicious S oftware Computing becomes pervasive, so is malware

524 views • 29 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
What are we protecting? Student Data (SSN, Grades, DOBs, Credit card) Employee Data

What are we protecting? Student Data (SSN, Grades, DOBs, Credit card) Employee Data

Freeze your credit will stop someone from opening a new line of credit in your name FREE! You can unfreeze your credit at any time Get an annual copy of your credit report and review it ALSO FREE! What are we protecting? Student

885 views • 31 slides
Data Sharing Enabling innovation Protecting people Geof Heydon October 2018 1 Data

Data Sharing Enabling innovation Protecting people Geof Heydon October 2018 1 Data

Data Sharing Enabling innovation Protecting people Geof Heydon October 2018 1 Data Driving Smarter Community Success AGENDA Smarter Community Data sharing NSW Government Data Task Force and ACS Data Sharing technical committee

641 views • 25 slides
Protecting Australias red meat industry with interactive data visualisation Grant Carlson

Protecting Australias red meat industry with interactive data visualisation Grant Carlson

Protecting Australias red meat industry with interactive data visualisation Grant Carlson Development Manager Binh (James) Tham Lead Solution Architect Integrity Systems Company YOW! Data 2018 About us About us Livestock Production

444 views • 25 slides
Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of

Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of

Sen. Cristina Castros Cybersecurity Forum Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of Technology Dir. of Digital Forensics Edelson PC Data Collection & Tracking Staying Safe Online

594 views • 41 slides
Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k

Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k

6/2/20 HealthMatters in our Homes Pr Protecting Ourselves, Pr Protecting Ot Other hers Pa Part 1: Wha What to Wear at Work k and nd Wh Why 1 During this presentation, we will: Summarize what COVID-19 is, how it spreads, and who

463 views • 19 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Todays Webinar The Economic Impact of Third-Party Risk Management in Healthcare 1 Todays

Todays Webinar The Economic Impact of Third-Party Risk Management in Healthcare 1 Todays

Todays Webinar The Economic Impact of Third-Party Risk Management in Healthcare 1 Todays Presenters Dr. Larry Ponemon Ed Gaudet Chairman and Founder CEO and Founder Ponemon Institute Censinet egaudet@censinet.com 2 Agenda

546 views • 25 slides
Midwest Medical Device Sterilization Workshop: Opportunity Case Study 2: X-Ray as an opportunity

Midwest Medical Device Sterilization Workshop: Opportunity Case Study 2: X-Ray as an opportunity

Midwest Medical Device Sterilization Workshop: Opportunity Case Study 2: X-Ray as an opportunity for contract sterilization facilities. www.benebion.com - 1 - Agenda Agenda Introduction to the case to be studied General overview

268 views • 14 slides
The Invention and Early History of the CCD Dr. George E. Smith To be Covered Bell Labs

The Invention and Early History of the CCD Dr. George E. Smith To be Covered Bell Labs

The Invention and Early History of the CCD Dr. George E. Smith To be Covered Bell Labs Background CCD Invention Device Basics Early Devices Applications Magnetic Bubbles Picturephone MOS Capacitor MOS Energy Diagram Two MOS

545 views • 23 slides
Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence

Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence

Welcome to todays NH-ISAC & MDISS Webinar Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER) 1 Agenda SpeakerName SpeakerInstitution Topic Speaker check- in Everyone Soundcheck

204 views • 19 slides
Refinement Correction Strategy for Invalid XML Documents and Regular Tree Grammars Martin Svoboda

Refinement Correction Strategy for Invalid XML Documents and Regular Tree Grammars Martin Svoboda

Refinement Correction Strategy for Invalid XML Documents and Regular Tree Grammars Martin Svoboda and Irena Holubova (Mlynkova) svoboda@ksi.mff.cuni.cz DEXA 2014 Munich, Germany September 2, 2014 XML and Web Engineering Research Group

525 views • 31 slides
Intuitionistic Description Logic and Legal Reasoning Edward Hermann Hausler Valeria de Paiva

Intuitionistic Description Logic and Legal Reasoning Edward Hermann Hausler Valeria de Paiva

Intuitionistic Description Logic and Legal Reasoning Intuitionistic Description Logic and Legal Reasoning Edward Hermann Hausler Valeria de Paiva Alexandre Rademaker Departamento de Informtica - PUC-Rio - Brasil FGV - Brasil Univ.

551 views • 27 slides
Out of the Box Outreach and Enrollment Strategies September 24, 2015 2:00 PM EDT Agenda

Out of the Box Outreach and Enrollment Strategies September 24, 2015 2:00 PM EDT Agenda

Out of the Box Outreach and Enrollment Strategies September 24, 2015 2:00 PM EDT Agenda Overview and Introductions Engaging City Officials in Promoting Medicaid & CHIP Working with the Juvenile Justice System to Enroll

545 views • 52 slides
Tightly and Loosely Coupled Decision Paradigms in Multiagent Expedition Yang Xiang & Frank

Tightly and Loosely Coupled Decision Paradigms in Multiagent Expedition Yang Xiang & Frank

Tightly and Loosely Coupled Decision Paradigms in Multiagent Expedition Yang Xiang & Frank Hanshar University of Guelph Ontario, Canada PGM 2008 September 18, 2008 Outline Introduction What is Multiagent Expedition?

1.01k views • 64 slides

More recommend