(This started as a project for the Feb 24-25 2012 Hacking Health hackathon)

Carrying and sharing a Personal Health Record.

Scenarios

  • User in clinic tap column, administrative agent at clinic verifies photo ID and releases record to device.
  • User in device can look at record later on, at any time
  • User arrives to new clinic, tap column, administrative agent at clinic verifies photo ID and accepts record. Record identity is verified using PKCS.

Attacks

  • Unauthorized party acquires record from clinic: protected by administrative agent at clinic verifying photo ID.
  • User or unauthorized party modifies record: protected by PKCS.
  • Unauthorized party steals record from device: protected by the AES+hashed password.

Issues

  • Open loop (interoperable) vs. Closed loop (proprietary)

N9 Info

  • devel-su, password 'rootme'