Documente Academic
Documente Profesional
Documente Cultură
Sead Muftic
Professor School of ICT Royal Institute of Technology (KTH) Stockholm, Sweden CEO/CTO SETECS, Inc. Silver Spring, MD, USA sead.muftic@setecs.com Cell: (240) 535-2095
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Definition / Concept :
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. Privacy can be seen as an aspect of security one in which trade-offs between the interests of one group and another can become particularly clear. (Wikipedia)
Issues / Problems :
Financial damages Personal damages Competitive disadvantages Family consequences Threats to social status
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Personal Attitudes :
Some are not aware, some are not interested, some are oblivious, and some are concerned, but helpless . . .
Categories :
Financial data Medical data Personal data
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Sead Muftic
Issues :
Protection of data (stored and transmitted) Protection of actions (transactions and access) Consent for sharing of data Authorizations / approvals
Innovative Solutions :
Secure personal storage of sensitive data Trusted Third Parties Authorization Roles and Policies
. . . Smart cards (standards and technologies) . . . Servers, organizations, regulations . . . Tools, procedures, organizational and regulatory solutions
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Financial Data :
Protection of data credit card numbers, account numbers, financial data in databases Protection of actions (secure payment transactions)
ME
PGW
Merchant
Payment Gateway
Order
CC
CC
Cardholder
Order Sign Payment (CC) Sign DoubleSign
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Medical Data :
Protection of data (stored in EMR databases) Protection of actions (sharing through HIEs) Consent for sharing of data (HIPAA requirements) Authorizations / approvals (new medical exchanges)
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Project in Michigan :
Patient medical smart cards (with fingerprint verification) Providers security card (with roles and profiles) Secure transfer of data between hospitals Authorized access to data (authorization policies)
Medical DB
Portal
Patient
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Web Proxy
PC IP number Cookies
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010
Conclusions :
Some are not aware, some are not interested, some are oblivious, and some are concerned, but helpless . . .
Civilization is the progress toward a society of privacy. Civilization is the process of setting man free from men. The savage's whole existence is public, ruled by the laws of his tribe. Ayn Rand Fountainhead
Presentation at the AAAS 2010 Conference San Diego, February 20, 2010