Smart home and remote health service, use case in CONCORDIA
The developed demonstrator from Y1 and Y2 get progress in Y3 on the following aspects:
- A smart-card reader is added as a patient identification and authentication feature. This allows to register, identify and log in/out of patients in a real case scenario.
- User management is integrated for demonstration of concept for secure access to the private server for hospitals, clinics, and family doctors outside of the smart home of the patient;
- Secure communication with the cloud: Gateway authentication with Trusted Platform Module (TPM), to increase the security level of the home ICT infrastructure and improve validation between gateway and server (cloud);
Figures (1&2) below shows the current architecture of the demonstrator at the end of Y3 in CONCORDIA.
For secure communication with the cloud services, the gateway in figure 3 gets secure hardware based on the ISO/IEC 11889 standard. To improve gateway-cloud connection, additional hardware Secure Module TPM is attached to the gateway. OPTIGA™ Trust M’s high-end security solution provides an anchor of trust for connecting devices to the cloud, giving every device its own unique identity. Using this module, the gateway is authenticated as a trusted device for device-cloud (server) validation.
Devices such as Blood Pressure monitor devices, Thermometer, Pulse Oximeter, and emulated devices keep on being used in the demonstrator as a reference of different medical devices for measuring health parameters. Additionally, smart card reader is integrated as a patient identification feature. The developed demo concept proposes that the patient approaches with his health card to the smart card reader, which is attached to the gateway, and then logs in/logs out of the system. As conceptual smart card reader, the demonstrator has included a RFID HAT to the Raspberry Pi (gateway), that comes along with RFID cards, that are used as reference for a real patient cards.
Demo allows registration, identification and log in/out of patients in a real case scenario. This card reader is embedded in the gateway and contains a small display that is showing the status of patient logging once he approaches the card.
- Once the patient logs in to the system, the message “Welcome” appears on the card reader display. Now the patient can start measuring with any of the integrated medical devices. Measured data are first sent to the gateway and further stored for a long-term period and securely sent to servers. Now gateway is validated and data are securely sent to the cloud.
- Once the user finishes with measurements, he can log out of the system by approaching again with his health card to the card reader attached to the gateway. In this case, the message: “Goodbye” appears on the reader’s display. In a case, if a user forgets to log out, the system consists of the timer that can be set for the automatic log out feature.
It is important to note that patient data and measurements are not related in the cloud. Patient data are anonymized. Certificates or UUIDs of patients are only shared with doctors and health authorities under the consent of the patient. This security layer used for connecting measurements with patients and authentication of patients with health authorities is needed on the side of healthcare infrastructures. To show the concept idea of how the authorities can access the data of a specific patient, a user management feature is developed in the demonstrator. In this way, the system can be accessed with different user accounts and different data of the patient can be seen. Users/doctors can log into the system with their accounts and check patient measurements in the long term. They can choose the period they want to check the patient as well as to specific measurements of medical devices (additional selection in graphics for long-term measurements loggings).
The smart card reader support is an example of the usage concept of the German electronic healthcare card (eGK), in a real use case scenario. Today around 72 million citizens in Germany use this eGK. The technical specification is published from BSI in Germany under TR 03116.
In this extended demonstrator kit, the Internet of Medical Things (IoMT) security can be supported, as well as the privacy of the user.
(By Detlef.Houdeau, INFINEON)