Embed Size (px)
Citation preview
#CONNECT2013
2net System Overview, Security and Privacy
Rajeev Rajan Sr. Director, Product Management, Qualcomm Life
Session Agenda
2
• Qualcomm Life, 2net, Healthy Circles, Qualcomm Life Ecosystem…High-‐Level Overview
• 2net Product Overview…The Body’s Systems
• 2net Security & Privacy Overview…The Immune System
Our Mission
Mobilize healthcare
Our Vision
A world with access to healthcare anytime, anywhere
3
Low Energy
2net Cloud Pla-orm
Home Hub
Sample Scenario Bill’s blood pressure reading is collected over short-‐range radio, and wirelessly communicated over 3G by his 2net Home Hub to the 2net Cloud Pla@orm, to be delivered to his doctor thru 2net’s Customers/Partners.
2net Customers/
Partners Cellular 3G
2net Use-Case
4
Customer/In-‐House
HealthyCircles ConnecIng the Care Team Accelerates AdopIon
HIE/EHR
Clinical Data
Lab Results Rx Data
Tradi=onal Healthcare Se?ngs
EMR1
EMR2
5
Qualcomm Life Ecosystem
Note: Both the 2net Hub and PlaUorm are (1) FDA listed Class I MDDS (US) (2) CE registered, Class I listed MDD under EU DirecIve 93/42/EEC (Europe) (3) Class I listed CMDCAS (Canada).
6
#CONNECT2013
2net Product Overview … The Body’s Systems
Disease Management Kits Diabetes
COPD / Asthma CHF
Wellness/Prevention 8
2net Hub : High level Data Flows
1
2
4
6 3
5
Legend
2
Biometric data flow Device command flow
Data flow step number
2net Service Pla-orm/ Cloud
2net Hub 2net
Customer Pla-orm /Cloud
9
High Level System Design
Hub
CellularData
Network
2netServicePlatform
Internet
Dashboard Visualization/
Analysis
Customerdata handling
2net ConnectServer
Biometricdata
10
1. Captures the biometric measurement data from health care and fitness data from customer or collaborator wireless devices
2. Stores the biometric measurement data in a secure system 3. Delivers the data to integrated portals/databases
Carrier Network
Data Connectivity
Plan
• Customer application
Internet Device Agents
Hub Software
Customer Interface
Cellular Carrier Portal
Customer Care
(Tier 2/3)
Device Agents
Pharma
Fitness
Medical
USE
Consumer and/or Payer Billing
Provisioning
Carrier Transaction
Billing
Device Agents
Hub App Software Firmware/OS
Customer 1
Contract Manufacturer Venture Corp
(Singapore/Malaysia)
Hub Design
…
Internet
Buy Hubs
Relationships (Carriers, OEMs,
Licensees, CM/ODMs etc.)
• TransacIons • Data Storage,
Databases
2net End-to-End (E2E) Architecture HUB PLATFORM San Diego, USA
OTHER CUSTOMERS/PARTNERS
CUSTOMER/PARTNER
Hub Software
Hub Configurations
Hub Config File (Authorization)
Home
11
Biometric Data Flow : End-to-End
TransacIon Storage (Encrypted)
Device Customer Portal Decrypt Server
Adapter
Device specific “Agents” (DAs)are installed on the 2net hub. These
agents iniIate data transfers from the devices using short-‐range radios (BT,
BTLE, Wi-‐Fi, etc.).
Data is uploaded to the 2net Cloud PlaUorm over the cellular
network. The data is transmieed over authenIcated
SSL connecIons.
Internet Device
TransacIons
2net Cloud Pla-orm
Device data is decrypted and transmieed to the customer. Thru Server Adapters (SAs), including non-‐standard
interfaces)
…
2net CUSTOMERS
12
2net Hub Encrypted
Hub Software Radio Manager
Device Agent
For data delivery, the 2net Cloud stores the encrypted data
for transmission to the customers.
Cellular Data
Network
#CONNECT2013
2net Security and Privacy … The Immune System
FRB Feature Request Board ES Engineering Sample FC Feature Complete CS Commercial Sample CPL Customer Product Line
14
Qualcomm Product Security Initiative
Deliver world-‐class cyber security and risk management capabiliIes
Qualcomm IT : InformaIon Security and Risk Management Overview
Align cyber risk profile with desired level
Informa=on
Deliver security capabiliIes to advance Company business strategy
Promote responsible security behavior consistent with
Company policies and values
15
Monitoring & Response " Advanced security monitoring for attacks, data theft, policy violations, and
vulnerabilities " Subjective analysis, triage, and coordination
Threat Management " Intelligence and counter intelligence gathering, analysis, and sharing inside and
outside the company " Proactively address threat trends " Hunter-killer Application Security " Secure coding practices, training and testing
Cyber Security and Threat Management
16
Focus on ProacIve Data ProtecIon Business Security Engineering " Partner with engineering and business leaders to manage cyber risk profiles, including
improvements to technical and administraIve processes " Drive security-‐related business knowledge into IT pracIces
Security Architecture " Strategic development, direcIon segng, evangelizing, and knowledge transfer of
enterprise security architecture standards, policies, concepts, and roadmaps " Oien assigned as security SMEs on non-‐security driven projects " Special projects ex. predicIve analyIcs
Compliance " Support compliance with laws, regulaIons, industry standards (ex: ISO, ITAR, Privacy,
PCI, HIPAA), and contractual requirements " Contract reviews with Legal and Procurement 17
Education and Awareness " Educate employees and increase their cyber security awareness through
development and maintenance of the Company security awareness program
Policies and Guidelines " Partner, develop, and maintain: " Corporate cyber policies (ex. E-media, CCI, Conduct) " Internal cyber security standards such as hardening and logging requirements
Focus on Proactive Data Protection contd.
18
Leveraging Qualcomm’s Unmatched Expertise
• OperaIng for over 25 years
• 4 con=nents, 40 countries, 8 dedicated Network Opera=ons Centers
• Helping over 10,000 businesses manage millions of mission criIcal devices
A Premier Enterprise Wireless Data Platform
19
End-‐to-‐end SoluIon Leverages Qualcomm’s Network OperaIons Center
§ Device integration support
§ QCL built device agents for each medical device
§ Test and Validation with each medical device
§ Integration to device logistics partners
§ Device design
§ Development
§ Certifications
§ Adaptive for future med device integration
§ Global roadmap
§ Test and validation
§ CM selection, onboarding
§ ISO 13485
§ FDA-Listed Class I Device (MDDS)
§ CE registered, Class I MDD (Europe)
§ Integration to device logistics partners
§ International Operators
§ Global data plans
§ Integration to NOC
§ Technical knowledge of respective architectures
§ Reliable delivery of data to the customer applications through a single simple interface
§ Two-way device communication
§ OTA updates, provisioning, device agent pushes
§ PCI compliant data centers
§ Designed for HIPAA compliance, privacy and security
§ Access to healthcare data platform for “mix and match” of devices and applications
§ 3rd party apps
§ 2net portal
§ Web services
§ FDA-Listed Class 1 Device (MDDS)
§ CE registered, Class I MDD (Europe)
§ Activation & provisioning
§ OTA software updates and agent mgmt
§ Device management, version control, CM
§ Network management
§ Active network monitoring
§ Timely enterprise support
§ Direct carrier engineering support
§ Fraud detection, Carrier billing reconciliation
§ End-to-end enterprise management of message delivery
§ Reliability, Redundancy
Medical Devices Hub Networks Network Management Data Management
Customer Applications
20
QCL – 2netTM – Security and Privacy Highlights
On Hub Biometric data encrypIon : Advanced EncrypIon Standard (AES) 128 Cellular Network Private Network (APN) Transport Layer (Over Cellular and Internet) Secure Sockets Layer (SSL) via heps (MulIple cerIficate authoriIes) Server/Database Rack/Servers in secure area Oracle naIve (if needed) Data Integrity Security Hash Algorithm (SHA)-‐256 Hash for every Hub to 2netTM Service PlaUorm (SP)/Cloud transmission Cloud Data-‐center Controls Located in ISO 27001 cerIfied and PCI compliant datacenters (excluding UK) HIPAA Security Rule Compliance Checklist Underlying Protocols TCP/IP UMTS
Multi-Level Controls
Upper ApplicaIon Layers XML
1EEE 11073/ HTTPS
SSL TCP/IP
UMTS
21
Service Security
Database, OLTP
CustomerServices
HubCommunications
-‐ data-‐ SMS
Hubapp and DA software
2net Service Platform
Data Posting
DataSA
REST Services
2net Customer
Data handling
Firmware
Android
HUBAPPDA
EncryptionAES128
HTTPSSSL
Private APNUMTS/EDGE/GPRS
Cellular
END TO END DATA
INTEGRITY: Secure Hash Algo
SHA-256
Server system certifications:·∙ Located in ISO 27001 certified and PCI compliant
datacenters (excluding UK)·∙ Limited physical and logical access to servers·∙ Firewall, Intrusion Detection Systems, Audit logging·∙ HIPAA Security Rule Compliance Checklist
DecryptionHTTPS
Internet (SSL)
22
Service Security Component Security
Hub – Data encrypIon with Advanced EncrypIon Standard (AES) 128
Over-‐the-‐Air (OTA) and Internet
– Private cellular data network (Private APN) – Secure Sockets Layer (SSL) via HTTPS (mulIple cerIficate authoriIes)
SP Server, Database and Cloud
– Limited physical and logical access to servers – Located in ISO 27001 cerIfied and PCI compliant datacenters (excluding UK) – Firewall, Intrusion DetecIon Systems, Audit logging – HIPAA Security Rule Compliance Checklist – Oracle naIve database security (if required)
Data Integrity – Security Hash Algorithm (SHA)-‐256 hash for every hub to Service PlaUorm/Cloud transmission
Underlying Protocols – Internet transacIons over TCP/IP – Wireless link between hub and cellular carrier uses UMTS or EDGE/GPRS
23
© 2013 Qualcomm Life. All rights reserved.
#CONNECT2013
Thank you
