A web-based wireless mobile system design of security and privacy framework for u-Healthcare

The research project aims at designing and implementing a Web based wireless mobile system security and privacy framework that is centered on the concepts of ubiquitous healthcare services provided to the patients in rural or remote areas from distant hospitals. With this system framework, a physician can securely access and carry the patient information from a mobile device, update the patient information offline on the mobile device and synchronize the data with the server at a later time. The system provides high security to the highly sensitive patient health records. It provides various layers of security and privacy controls to access the patient information. This framework also maintains security levels both at system level and user level to constrain any attacks on the system. Data on the mobile device also is protected from being tampered or hacked using password protections and encryption. This application framework demonstrates a multi-tiered SOA (service oriented architecture) involving mobile client, Web services, security agents, business logic layer, data access layer and database in secured environments. This framework uses SAML (Security Assertion Markup Language) security assertions for exchanging the secured user identification information between the server and mobile clients. Due to the length of the paper for the entire research project, the original paper is divided into two papers; the first paper emphasizes the system architecture and design and the second paper emphasizes the implementation and performance evaluation.