Abstract
Due to technological advances, distributed multimedia applications and teleservices, such as multimedia mail, video-conferencing, joint-viewing, or access to multimedia databases are becoming a reality. However to get accepted by the users and to meet business requirements, these teleservices have to include appropriate security mechanisms and services to limit the risk and the extent of damage caused by attempted fraud.
This paper describes security requirements of teleservices and their mapping to strong security services. An integrated application scenario demonstrates on the one hand the use of managable security services by multimedia applications, and on the other hand a solution for security management based on a security architecture developed by the RACE II project SAMSON (Security and Management Services in Open Networks). As example the electronic exchange of patient records in health care has been chosen, requiring distributed multimedia applications as well as strong securitymechanisms.
Multimedia applications and teleservices are very useful to provide just-in-time patient information in time-critical situations and enable better treatment of the patients at lower cost. Due to the nature of the collected data (medical results, diagnoses etc.) guaranteeing privacy and integrity of the data is a must. In addition the processing of personal and medical data is the subject of many restrictions and requirements imposed by laws, the users of the system, and the patients. As indispensable security requirements, the authentication of medical staff, the control of access to patients records, the generation, distribution and maintenance of underlying cryptographic keys and a strong audit facility providing a quick but convincing overview of all security relevant events and alarms have to be provided.
Furthermore, a couple of privileged persons acting as network administrators must be supported by a set of strong management tools, enabling the control of data processing and information exchange as well as the management of the security services. Given the strong security requirements, the health care scenario is well suited as a testbed for secure multimedia applications and teleservices. The results and concepts are also applicable to less security sensitive multimedia applications like group work in consortia, aircraft maintenance and joint design eg. in the automotive industry. All these issues are addressed by the RACE II project SAMSON, and the concepts are verified in a prototype implementation which demonstrates how multimedia applications — namely electronic information storage and retrieval system — can provide appropriate security levels for commercial use in an IBC environment. Furthermore it is possible to build such a system using existing teleservices, security and management services conforming to open architectures. In order to demonstrate a smooth migration path towards networked multimedia applications, existing distributed applications as well as multimedia applications are combined in the prototype. A key point in this context is that security aspects have to be covered early in the design. In addition, it is crucial to integrate an overall security management concept.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Marjan Jurecic, Herbert Bunz: Exchange of Patient Records — Prototype Implementation of a Security Attributes Service in X.500, to be published
Marjan Jurecic, Ulrich Kohl, Ernst Pelikan: Datenschutz und Datensicherheit fuer verteilte Klinikanwendungen. Arbeitstreffen Entwicklung und Management verteilter Anwendungssysteme, Oktober 1993. GI/ITG Fachgruppe Kommunikation und Verteilte Systeme.
Information technology — Document Filing and Retrieval (DFR) — Part 1: Abstract Service Definition and Procedures ISO/IEC 10166-1
Information technology — Document Filing and Retrieval (DFR) — Part 2: Protocol specification, ISO/IEC DIS 10166-2
The Directory — Overview of Concepts, Models and Services, CCITT 1992 Recommendation X.500
The Directory — Models, CCITT 1992 Recommendation X.501
The Directory — A uthentication Framework, CCITT 1992 Recommendation X.509
The Directory — Abstract Service Definition, CCITT 1992 Recommendation X.511
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bunz, H., Bertsch, A., Jurecic, M., Baum-Waidner, B., Capellaro, C. (1994). Secure multimedia applications and teleservices — Security requirements and prototype for health care. In: Steinmetz, R. (eds) Multimedia: Advanced Teleservices and High-Speed Communication Architectures. IWACA 1994. Lecture Notes in Computer Science, vol 868. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58494-3_20
Download citation
DOI: https://doi.org/10.1007/3-540-58494-3_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58494-0
Online ISBN: 978-3-540-49007-4
eBook Packages: Springer Book Archive