Overview � Use Case
� Decentralized Provenance Management Architecture
� UMA + Provenance Management
1
Use Case
Transparent Health http://www.transparent-health.us
Transparent Health http://www.transparent-health.us
� ‘Accounting of Disclosures’ in EHR systems
Primary Care Provider
Specialist
Insurance Company
Pharmacist Medical Records in a Foreign Country
� No reliable means of transparency and accountability in health care systems � How was my health data transferred between one clinic
to another? � Who looked at my health data? And for what purposes? � Can I report misuses or seek clarifications on my
medical data? Empower patients through Transparent Medical Record Systems!
Motivations for Transparent Health
Transparent Health Interface
5
Auditing Health Info
6
The type of information desired after a privacy breach
7
0"
2"
4"
6"
8"
10"
12"
14"
16"
18"
who" when" how" where" why" what"
Num
ber'o
f'par,cipan
ts'
Informa,on'desired'in'a'privacy'breach'
Rank"1"
Rank"2"
Rank"3"
Provenance Management
Enabling a Transparent Infrastructure
9
Provenance Tracker Network
Provenance Enabled
Client Web Server
Verification Service
Identity VerifiedIdentity
Data Transfer
Provenance Logs Provenance Logs
VerifiedIdentity
PTN Architecture
10
Leaf Link
Routing Table Link
Instructions on joining the PTN is available at http://httpa.csail.mit.edu
PTN Node Architecture
11
Authentication Processor
Audit Processor
Update Processor
Log Store
Distributed Hash Table Overlay
PTN Node
PTN Wrapper Interface
12
Authentication Processor
Audit Processor
Update Processor
Log Store
Distributed Hash Table Overlay
Sensitive Data
Processes
Agents
Usage Restrictions
Identity and Role
Intentions
PTN NodeWeb Application
PTN Wrapper Interface
Why DHTs? � Incremental scalability
� High availability
� Low latency
13
Provenance Data Flow
14
General Hosptial
Data
prov:Entity
prov:Activity
prov:Agent
Legend
Data Store
http://genhospital/patient/peter/medicalrecord
sameAs
:Treatment_Purposes
:usage_restriction
:MedicalRecord
15
:Referral
:Dee
prov:wasAssociatedWith
prov:used
"Doctor":role
2013-09-17:T09:00:00
prov:atTime
General Hosptial
Data
prov:Entity
prov:Activity
prov:Agent
Legend
Data Store :General_
Hospital
prov:actedOnBehalfOf
http://genhospital/patient/peter/medicalrecord
sameAs
:Treatment_Purposes
:usage_restriction
:MedicalRecord
:intention
Provenance Data Flow
16
Provenance Data Flow
:Referral
:Dee
:SpecialistCare
prov:wasAssociatedWithprov:wasAssociatedWith
prov:wasInfluencedBy
prov:used prov:used
"Doctor""Specialist" :role
:role
2013-09-17:T09:00:002013-09-19:T10:00:00
prov:atTime prov:atTime
General Hosptial
Data
prov:Entity
prov:Activity
prov:Agent
Legend
Data Store :General_
Hospital
:Star_Hospital prov:actedOnBehalfOf
prov:actedOnBehalfOf
:Steven
http://genhospital/patient/peter/medicalrecord
sameAs
:Treatment_Purposes
:usage_restriction
:MedicalRecord
:intention
:intention
17
Provenance Data Flow
:Referral
:Dee
:SpecialistCare
prov:wasAssociatedWithprov:wasAssociatedWith
prov:wasInfluencedBy
prov:used prov:used
"Doctor""Specialist" :role
:role
2013-09-17:T09:00:002013-09-19:T10:00:00
prov:atTime prov:atTime
General Hosptial
Data
Star Hospital
Data
prov:Entity
prov:Activity
prov:Agent
Legend
Data Store :General_
Hospital
:Star_Hospital prov:actedOnBehalfOf
prov:actedOnBehalfOf
:DerivedMedicalRecord
:Steven
prov:generated
prov:wasDerivedFrom
http://genhospital/patient/peter/medicalrecord
sameAs
http://starhospital/patient/peter/medicalrecord
sameAs
:Treatment_Purposes
:usage_restriction
:MedicalRecord
:usage_restriction
:intention
:intention
Provenance Creation Sequence
18
Data Consumer Data Provider
Provenance Tracker Network
Data Consumer Data Provider
Provenance Tracker Network
Authentication Request
Auth ProtocolWebID, OAuth2.0.
Verification Agent
Verification Agent
Credential Check
Usage Restrictions Options
Usage Intentions
Provenance Log
Usage Aware Log
Data Request
Verified Credentials
Provenance Retrieval Sequence
19
Data Owner Data Provider
Provenance Tracker Network
Data Provider Provenance Tracker Network
Authentication Request
Auth ProtocolWebID, OAuth2.0.
Verification Agent
Verification Agent
Credential Check
Provenance Log for D
Audit Request for D
Verified Credentials
Data Consumer
Questions
get D
Data ConsumerData Owner
Visualization of Provenance Log
ClarificationsProvenance Log
Provenance Log
PTNs won’t solve all your problems…
� Data Owner � Mis-reporting of usage resulting in denial of service
attacks
� Data Consumer � In fraudulent or illegal use of data, the data
consumers won’t label the use as such
20
UMA + Provenance Management
Discussion