Question

For Aira, discuss what the appropriate security and controls should be for the device, for a smart phone app that reads the device, and for a web site where device readings can be stored and shared with medical personal. Note: Your device may not currently support all three of these options. If not, assume that such enhancements have been made for the device/system.

Answer 1

Device control is a measure of protection that restricted user access to devices. Companies open or block access to devices such as data storage media, including removable devices, CD/DVDs, data transfer devices such as modems, printers, multi-function peripherals, and connection buses such as USB and FireWire. Most device control restricted user access to devices by access rules. Access rules are sets of parameters that identify two functions of the device control component: providing access to specific types of devices for certain group of user during specific time and setting restriction rules on reading and editing files on data storage media.

Companies choose data protection solutions that offer device control and encryption to secure their data and protect their system. The best data protection solutions handle device control and encryption in a variety of ways. Some provide automated, policy based usage control for removable media devices that alert, prompt, or block when identify an attempt at risky behaviour. Other distinguish devices and data by class and allow only authorized individuals to use or access them. Often this is centrally managed, enabling companies to control and enforce security policies as necessary without disrupting workflows.

In present time many customer-facing applications, businesses have trusted their security to coding practices, any number of internal security test and app penetration testing. These are certainly must have capability since the most effective security is about building defence in layer. But these traditional security layer miss completely is protecting the actual app code before it is deployed into a zero-trust world.

Even in case where app protection solutions have been used by businesses to protect mobile application, they can only protect against what is known at the time they are deployed. Most current app security solutions don’t possess the ability to understand how protections are holding up “in the wild” and provide insight into new threats in real time that can be counter in time to stop them before they viral.

In Medical sector or medical person to be help of Internet of Things is the group of devices connected to Internet, to perform the processes and services that support healthcare. IoT is emerged as new technology for e-healthcare that collects vital body parameter of patient and monitor their pathological details by small wearable devices or implantable sensors. IoT has shown great potential in providing a better guarantee for people’s health and support a wide range of applications from implantable medical devices to wireless body area network.

In Health Information Exchange, patient health information can be share electronically with explicit authorization of information exchange in a auditable manner. However, existing approach for authorization in health information systems exhibit several drawbacks in meeting the needs of HIE, with noncryptographic approached lacking a secure and reliable mechanism for access policy enforcement, while cryptographic approach being too expensive, complex, and limited in specify policie. Chandrasekhar et al. HIE which fills the gap between cryptographic and noncryptographic approaches. The system consists of three main components: the HIE cloud, healthcare organizations, and the patients. They developed a novel proxy signature-based protocol, based on a novel discrete log-based trapdoor hashing scheme, to enable authenticated and authorized selective sharing of patient health information via a cloud-based HIE.