Abstract: The Distributed m-healthcare cloud computing system considerably facilitates secure and efficient patient treatment for medical consultation by sharing personal health information among the healthcare providers. This system should bring about the challenge of keeping both the data confidentiality and patients’ identity privacy simultaneously. Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited. To solve the problem proposed a novel authorized accessible privacy model (AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute based designated verifier signature, a patient self-controllable multi-level privacy preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. The directly authorized physicians, the indirectly authorized physicians and the unauthorized persons in medical consultation can respectively decipher the personal health information and/or verify patients’ identities by satisfying the access tree with their own attribute sets. AIM The main aim of this paper is a novel authorized accessible privacy model (AAPM) is based on devised by a new technique of attribute-based designated verifier signature, a patient self controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. SCOPE The scope of this paper is the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead. Introduction: In m-healthcare social networks, the personal health information is always shared among the patients located in respective social communities suffering from the same disease for mutual support, and across distributed healthcare providers (HPs) equipped with their own cloud servers for medical consultant. However, it also brings about a series of challenges, especially how to ensure the security and privacy of the patients’ personal health information from various attacks in the wireless communication channel such as eavesdropping and tampering and As to the security facet, one of the main issues is access control of patients’ personal health information, namely it is only the authorized physicians or institutions that can recover the patients’ personal health information during the data sharing in the distributed m-healthcare cloud computing system. In practice, most patients are concerned about the confidentiality of their personal health information since it is likely to make them in trouble for each kind of unauthorized collection and disclosure. Therefore, in distributed m-healthcare cloud computing systems, which part of the patients’ personal health information should be shared and which physicians their personal health information should be shared with have become two intractable problems demanding urgent solutions. A fine-grained distributed data access control scheme is proposed using the technique of attribute based encryption (ABE). Recently, a patient-centric and finegrained data access control in multi-owner settings is constructed for securing personal health records in cloud computing. It mainly focuses on the central cloud computing system which is not sufficient for efficiently processing the increasing volume of personal health information in m-healthcare cloud computing system. Existing System: In a m-healthcare system data confidentiality is much important but in existing system framework it is not enough for to only guarantee the data confidentiality of the patient’s personal health information in the honest-butcurious cloud server model since the frequent communication between a patient and a professional physician can lead the adversary to conclude that the patient is suffering from a specific disease with a high probability. Unfortunately, the problem of how to protect both the patients’ data confidentiality and identity privacy in the distributed m-healthcare cloud computing scenario under the malicious model was left untouched. Disadvantages: Data confidentiality is low. Data redundancy is high. There is a violation in data security. the heavy computational overhead of Zero-Knowledge Proof makes it impractical when directly applied to the distributed m-healthcare cloud computing systems where the computational resource for patients is constrained.Proposed System: Proposed system for a privacy-preserving authentication scheme in anonymous P2P systems based on Zero-Knowledge Proof. Suggested patients have to consent to treatment and be alerted every time when associated physicians access their records and also our proposed system is a patient-centric and fine-grained data access control in multi-owner settings is constructed for securing personal health records in cloud computing. . However. without the knowledge of which physician in the healthcare provider is professional in treating his illness. the authorized physicians whose attribute set satisfy the access policy can recover the PHI and the access control management also becomes more efficient. More significantly. They can only access the personal health information. but not the patient’s identity. For the unauthorized persons with red labels. nothing could be obtained. The security and anonymity level of our proposed construction is significantly enhanced by associating it to the underlying Gap Bilinear DiffieHellman (GBDH) problem and the number of patients’ attributes to deal with the privacy leakage in patient sparsely distributed scenarios.Our proposed m-healthcare system mainly focuses on the central cloud computing system which is not sufficient for efficiently processing the increasing volume of personal health information in m-healthcare cloud computing system. . all the members can be classified into three categories: the directly authorized physicians with green labels in the local healthcare provider who are authorized by the patients and can both access the patient’s personal health information and verify the patient’s identity and the indirectly authorized physicians with yellow labels in the remote healthcare providers who are authorized by the directly authorized physicians for medical consultant or some research purposes. the best way for the patient is to encrypt his own PHI under a specified access policy rather than assign each physician a secret key. in distributed m-healthcare cloud computing systems. As a result. Literature Survey 1) Cross-Domain Data Sharing in Distributed Electronic Health Record Systems Cross-organization or cross-domain cooperation takes place from time to time in Electronic Health Record (EHR) system for necessary and high-quality patient treatment.Advantages: M-healthcare system is fully controlled and secured with encryption standards. Patients are unwilling to accept the EHR system . There is no data loss and data redundancy. System provides full protection for patient’s data and their attributes. Cautious design of delegation mechanism must be in place as a building block of cross-domain cooperation. since the cooperation inevitably involves exchanging and sharing relevant patient data that are considered highly private and confidential. The delegation mechanism grants permission to and restricts access rights of a cooperating partner. There is a violation in data security. to enable secure sharing of sensitive patient data during cooperation and preserve patient data privacy. Our EHR system further incorporates advanced mechanisms for fine-grained access control. In this paper. In addition. we propose a strong privacypreserving Scheme against Global Eavesdropping.unless their health data are guaranteed proper use and disclosure. based on cryptographic constructions. which cannot be easily achieved without cross-domain authentication and fine-grained access control. and on-demand revocation. The proposed SAGE can achieve not only the content oriented privacy but also the contextual privacy against a strong global adversary. where security and privacy are crucial for its success and largescale deployment. . Extensive analysis demonstrates the effectiveness and practicability of the proposed scheme. we propose a secure EHR system. revocation of the delegated rights should be possible at any time during the cooperation. In this paper. Disadvantage Data confidentiality is low. named SAGE. 2) SAGE: A strong privacy-preserving scheme against global eavesdropping for Ehealth systems The eHealth system is envisioned as a promising approach to improving health care through information technology. and the basic revocation mechanism. The proposed EHR system is demonstrated to fulfill objectives specific to the cross-domain delegation scenario of interest. for eHealth systems. as enhancements to the basic access control offered by the delegation mechanism. respectively. 3) Privacy-preserving query over encrypted graph-structured data in cloud computing In the emerging cloud computing paradigm. To meet the challenge of supporting graph query without privacy breaches. Our work utilizes the principle of "filtering-andverification". Disadvantage Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited 4) Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings . we propose a secure inner product computation technique. For the consideration of users' privacy. and then improve it to achieve various privacy requirements under the known-background threat model. data owners become increasingly motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. We prebuild a feature-based index to provide feature-related information about each encrypted data graph. In this paper. we define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing (PPGQ). for the first time. sensitive data have to be encrypted before outsourcing. and then choose the efficient inner product as the pruning tool to carry out the filtering procedure. and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. which makes effective data utilization a very challenging task. and the key management complexity is reduced dramatically. the patients lose physical control to their personal health data. Existing cryptographic enforced access control schemes are mostly designed for the single-owner scenarios. since there are multiple owners (patients) in a PHR system and every owner would encrypt her PHR files using a different set of cryptographic keys. In this paper. For each patient. Also. which greatly facilitates the storage. in order to enjoy the elastic resources and reduce the operational cost. it is challenging to achieve fine-grained access control to PHR data in a scalable and efficient way. access and sharing of personal health data. Under encryption. we leverage attribute based encryption (ABE) techniques to encrypt each patients’ PHR data. where each domain manages only a subset of the users. With the emergence of cloud computing.Online personal health record (PHR) enables patients to manage their own medical records in a centralized way. we propose a novel framework for access control to PHRs within cloud computing environment. it is attractive for the PHR service providers to shift their PHR applications and storage into the cloud. we divide the system into multiple security domains. in that it supports efficient and on-demand revocation Disadvantage . To enable fine-grained and scalable access control for PHRs. However. To reduce the key distribution complexity. Our proposed scheme is also flexible. each patient has full control over her own privacy. the PHR data should be encrypted so that it is scalable with the number of users having access. which makes it necessary for each patient to encrypt her PHR data before uploading to the cloud servers. it is important to reduce the key distribution complexity in such multi-owner settings. by storing PHRs in the cloud. In this way. The patient’s personal health information is securely transmitted to the healthcare provider for the authorized physicians to access and perform medical treatment.The challenge of keeping both the data confidentiality and patients identity privacy simultaneously Modules: E-healthcare System Framework: E-healthcare System consists of three components: body area networks (BANs). Security Verification: . Propose a novel authorized accessible privacy model for distributed m-healthcare cloud computing systems which consists of the following two components: an attribute based designated verifier signature scheme (ADVS) and the corresponding adversary model. Illustrate the unique characteristics of distributed mhealthcare cloud computing systems where all the personal health information can be shared among patients suffering from the same disease for mutual support or among the authorized physicians in distributed healthcare providers and medical research institutions for medical consultation. wireless transmission networks and the healthcare providers equipped with their own cloud servers. Authorized accessible privacy model: Multi-level privacy-preserving cooperative authentication is established to allow the patients to authorize corresponding privileges to different kinds of physicians located in distributed healthcare providers by setting an access tree supporting flexible threshold predicates. NET provides enhanced interoperability features based upon open Internet standards. As a result. To achieve the same security. our construction performs more efficiently than the traditional designated verifier signature for all the directly authorized physicians. Performance Evaluation: The efficiency of PSMPA in terms of storage overhead. where the overheads are linear to the number of directly authorized physicians. Microsoft . computational complexity and communication cost.The security and anonymity level of our proposed construction is significantly enhanced by associating it to the underlying Gap Bilinear DiffieHellman (GBDH) problem and the number of patients’ attributes to deal with the privacy leakage in patient sparsely distributed scenarios.NET represents a great improvement. OVERVIEW OF MICROSOFT. a patient-centric and fine-grained data access control using ABE to secure personal health records in cloud computing without privacy-preserving authentication.NET represents Microsoft's vision of the future of applications in the Internet age. the authorized physicians whose attribute set satisfy the access policy can recover the PHI and the access control management also becomes more efficient. . without the knowledge of which physician in the healthcare provider is professional in treating his illness. More significantly. the best way for the patient is to encrypt his own PHI under a specified access policy rather than assign each physician a secret key. .NET . and Visual Studio .NET provides the following: ■ A robust runtime platform. which provides a large class library of reusable code available from multiple languages ■ A networking infrastructure built on top of Internet standards that supports a high level of communication among applications ■ A new mechanism of application delivery.NET languages. the . the Common Language Specification (CLS). a number of . the CLR ■ Multiple language development ■ An extensible programming model. the Web service. that supports the concept of an application as a service ■ Powerful development tools .NET.NET Framework consists of the CLR. Common Language Runtime .NET Framework Class Library.NET Framework. the .Microsoft .NET Framework Overview The . does an admirable job of exposing the functionality.NET Framework Class Library The . Windows UI 4.The runtime environment provided by . Web services and Web UI . comprising more than 2. The library consists of four main parts: 1.NET. security. Base class library (which includes networking.NET languages. however. The services of the CLR are exposed through programming languages. All this functionality is available to all the . and other Types of operating system services) 2. the CLR. but the underlying execution engine providing the services is the same.NET. diagnostics. Data and XML classes 3. The syntax for these services varies from language to language. I/O. manages the execution of code and provides useful services.500 classes. The language with the best mapping 45 to the CLR is the new language C#. VB. Not all languages expose all the features of the CLR.NET Framework class library is huge. . NET 2008 Visual Studio . Languages in . string manipulation. network communications. thread . management. security management. and offers key improvements directed at mobile device developers and enterprise developers. text management.Common Language Specification The CLS is an agreement among language designers and class library designers about those features and usage conventions that can be relied upon. C#. Jscript . CLS rules apply to public features that are visible outside the assembly where they are defined. and C+ + with managed extensions are extenders. Base classes provide standard functionality such as input/output.NET 2008 includes a range of new features and enhancements for every type of developer. VB.NET. and user interface design features.NET is a consumer.NET Microsoft itself is providing four CLS-compliant languages. Visual Studio . NET classes Support the development of Web-based applications and Web services. .NET offers several important advantages over previous Web development models: Enhanced Performance ASP. ASP.NET classes enable developers to interact with data accessed in the form of XML through the OLE DB. ODBC. ASP.NET ASP. and SQL Server interfaces.The ADO.NET is compiled common language runtime code running on the server. Oracle.NET is a programming framework built on the common language runtime that can be used on a server to build powerful Web applications. ASP.NET can take advantage of early binding. The Windows Forms classes support the development of desktop-based smart client applications. The ASP. Unlike its interpreted predecessors. Power and Flexibility Because ASP.just-in-time compilation. The . and Data Access solutions are all seamlessly accessible from the Web.NET framework is complemented by a rich toolbox and designer in the Visual Studio integrated development environment. Messaging. drag-anddrop server controls.NET Framework class library. and automatic deployment are just a few of the features this powerful tool provides. WYSIWYG editing.NET is also language-independent. This amounts to dramatically better performance before you ever write a line of code World-Class Tool Support The ASP. . native optimization. so you can choose the language that best applies to your application or partition your application across many languages. ASP.NET is based on the common language runtime. the power and flexibility of that entire platform is available to Web application developers. and caching services right out of the box. An ASP. which simplifies applying settings to your server environment and Web applications. the ASP.NET Framework applications as well.NET makes it easy to perform common tasks. Additionally. with managed code services such as automatic reference counting and garbage collection Manageability ASP. hierarchical configuration system. Scalability and Availability .like forms processing model. from simple form submission and client authentication to deployment and site configuration. This "zero local administration" philosophy extends to deploying ASP.NET employs a text-based. new settings may be applied without the aid of local administration tools. the common language runtime simplifies development. Visual Basic .NET page framework allows you to build user interfaces that cleanly separate application logic from presentation code and to handle events in a simple.NET Framework application is deployed to a server simply by copying the necessary files to the server.Simplicity ASP. For example. Because configuration information is stored as plain text. with features specifically tailored to improve performance in clustered and multiprocessor environments.NET runtime. you can be assured that your applications are secure. processes are closely monitored and managed by the ASP. so that if one misbehaves (leaks.NET has been designed with scalability in mind.NET runtime with your own custom-written component. which helps keep your applications constantly available to handle requests Customizability and Extensibility ASP. it is possible to extend or replace any subcomponent of the ASP. Further. a new process can be created in its place.NET delivers a well-factored architecture that allows developers to "plug in" their code at the appropriate level.ASP. Security With built in Windows authentication and per-application configuration. In fact. Language Support . deadlocks). Applications written in Visual Basic are built on the services of the common language runtime and take full advantage of the .NET applications.NET departed from the VBScript language to "true" Visual Basic.NET Platform currently offers built-in support for three languages: C#. with VB and caused a rift within the developer . TOOL SELECTED: VB.Net is designed to be a fast and easy way to create .NET Web applications. as significant changes were made that broke backward compatibility community.NET Framework.NET) is an object-oriented computer language that can be viewed as an evolution of Microsoft's Visual Basic (VB) implemented on the Microsoft . and Scripts. Not only has ASP. Visual Basic .The Microsoft . Visual Basic. Its introduction has been controversial.NET language used in ASP. NET Visual Basic. including Web services and ASP.NET framework.NET are by far the most extensive of all the potential migration issues. but the Visual Basic language itself has undergone significant changes in this release.NET (VB. Language Compatibility The differences between the VBScript used in ASP and the Visual Basic . SQL Server 2005 supports the rapid development of enterprise-class business applications that can give your company a critical competitive advantage. integrate heterogeneous IT ecosystems. With the lowest implementation and maintenance costs in the industry.It is fully integrated with the . SQL Server 2005 delivers rapid return on your data management investment. Easy-to-Use Business Intelligence . enhanced security. garbage collection. and improved versioning support.1 which together provide language interoperability. SQL Server 2005 provides the enterprise data management platform your organization needs to adapt quickly in a fast-changing environment. and maximize capital and operating budgets. MICROSOFT SQL SERVER 2005 SQL Server 2005 exceeds dependability requirements and provides innovative capabilities that increase employee effectiveness.NET Framework and the common language runtime. timely business information tailored to their specific information needs. Graphical tools and wizards simplify setup. The result is the best overall business value available. business intelligence and analysis services. Every software license includes extensive management and development tools. and new capabilities such as Notification Services. transformation.These tools through rich data analysis and data mining capabilities that integrate with familiar applications such as Microsoft Office. database design. allowing database administrators to focus on meeting strategic business needs. Every copy of SQL Server 2005 ships with a suite of BI services. while management tools automate standard activities. Data Management Applications and Services Unlike its competitors. and performance monitoring. SQL Server 2005 enable you to provide all of your employees with critical. and loading (ETL) tool. SQL Server 2005 provides a powerful and comprehensive data management platform. . a powerful extraction. Self-Tuning and Management Capabilities Revolutionary self-tuning and dynamic self-configuring features optimize database performance. SQL Server 2005 Enterprise Edition Enterprise Edition includes the complete set of SQL Server data management and analysis features and is uniquely characterized by several features that make it the most scalable and available edition of SQL Server 2005. . Common Table Expressions (CTE). It scales to the performance levels required to support the largest Web sites. It now incorporates many new features including error handling via the TRY and CATCH paradigm. T-SQL (Transaction SQL) enhancements T-SQL is the native set-based RDBMS programming language offering highperformance data access. Top-10 Features of SqlServer-2005 1. Enterprise Online Transaction Processing (OLTP) systems and Data Warehousing systems. Its support for failover clustering also makes it ideal for any mission critical line-ofbusiness application. which return a record set in a statement. and the ability to shift columns to rows and vice versa with the PIVOT and UNPIVOT commands. NET compliant language such as C#. With SQL Server 2005. ASP. Microsoft incorporates SMTP mail to improve the native mail capabilities. It is expected to replace extended stored procedures in the SQL Server 2000 environment as well as expand the traditional relational engine capabilities. completing the transaction. A message is sent. SQL Server 2005 has native capabilities to support encryption of data stored in user-defined databases. Service Broker The Service Broker handles messaging between a sender and receiver in a loosely coupled manner.NET code in the DBMS to take advantage of the . Organizations had to rely on third-party products to address this need. Data encryption SQL Server 2000 had no documented or publicly supported functions to encrypt data in a table natively. processed and responded to.). triggers. Say "see-ya" to Outlook on SQL Server! . This greatly expands the capabilities of data-driven applications to meet workflow or custom business needs. 4. SMTP mail Sending mail directly from SQL Server 2000 is possible. but challenging. This enables you to execute . CLR (Common Language Runtime) The next major enhancement in SQL Server 2005 is the integration of a .2.NET or VB. etc. 5.NET functionality.NET to build objects (stored procedures. 3. functions. 10. Transformation and Loading) tool and ships with SQL Server free of charge. 8. The bottom line is that one client connection can have multiple active processes simultaneously. SQL Server Integration Services (SSIS) SSIS has replaced DTS (Data Transformation Services) as the primary ETL (Extraction. Dedicated administrator connection If all else fails. This allows a simple object to be called across the Internet for the needed data. For example. allowing developers to give users new capabilities when working with SQL Server.6. now has a great deal of flexibility to address complex data movement. This tool. Multiple Active Result Sets (MARS) MARS allow a persistent database connection from a single client to have more than one active request per connection. it allows multiple searches. That mentality is finished with the dedicated administrator connection. Database mirroring . 7. 9. or a search and data entry. stop the SQL Server service or push the power button. This functionality will allow a DBA to make a single diagnostic connection to SQL Server even if the server is having an issue. HTTP endpoints You can easily create HTTP endpoints via a simple T-SQL statement exposing an object that can be accessed over the Internet. completely rewritten since SQL Server 2000. This should be a major performance improvement. academic researches. commercial interest and Government agencies. Database mirroring is an extension of the native high-availability capabilities. The world's largest computing network consisting of over two million computers supporting over 20 millions users in almost 200 different countries. So any size estimates are quickly out of date. The Internet uses TCP/IP protocols and many of the Internet hosts run the Unix Operating System. stay tuned for more details…. Internet was originally established to meet the research needs of the U. So.S and Overseas. HTML documents are also called Web documents. but I think this feature has great potential. made up of a large number of smaller networks. both in the U. HTML HTML (Hyper Text Markup Language) is the language that is used to prepare documents for online publications. .It's not expected to be released with SQL Server 2005 at the RTM in November. The Internet is growing a phenomenal rate between 10 and 15 percent. using different networking protocols. But it has grown into a huge global network serving universities. INFORMATION SUPER HIGHWAY: A set of computer networks.S Defence Industry. and each HTML document is known as Web page. ) It's a small part of the html language.6 INTERNET INFORMATION SERVER (IIS): A web server is a program connected to the world wide web(www) that furnishes resources from the web browser. The collection of HTML pages makes up the World Wide Web. Above and beyond its use of familiar Windows NT server . A web pages is basically a text file that contains the text to be displayed and references of elements such as images. whether on the Internet or Intranet.NET server that makes it easy to publish information and bring business application to the web. 5. HTML pages can be created using simple text editor such as Notepad or a WYSIWYG application such as Microsoft FrontPage. A hyperlink can jump to any place within your own page(s) or literally to anyplace in the world with a 'net address (URL. Each Web site. The browser displays this text file on the client computer. Networking and administrator functionality as windows NT server. And it is possible to switch among them by following hyperlinks. sounds and of course hyperlinks to other documents. In either case the result is a plain text file that computers can easily exchange. "Hypertext" is the jumping frog portion. Microsoft IIS is a web server integrated with Windows.A page is what is seen in the browser at any time. IIS guarantees the network administrator and application developer the same security. is composed of multiple pages. or Uniform Resource Locator. Because of its tight integration with Windows NT server. Secured site use either integrated security or login. Most servers let you add and modify Multi-purpose Internet Mail Extensions (MMIE) types. but they differ widely in how they treat other types of content. Sites that are restrict the access called secured site. and to develop server-intensive web application. and has a graphical interface-the Microsoft Management Console (MMC) –that you can use to create and manage your ASP application. That means IIS natively understands how to treat most common windows file format. IIS provides Access to Content: All web servers can deliver HTML files. work seamlessly with COM components. The exceptions are commercialists where you pay a onetime. IIS Provides Integrated Security: On the internet. but integrate directly into the windows registry. FEATURES OF IIS: IIS provides integrated security and access to a wide range of content. IIS also has built-in capabilities to help administer secure websites.Tools and functionality. application initialization (INI) files. password security. such as text (TXT) files. most sites allow anybody to connect to the site. IIS support both of these methods. monthly fee to access the site. executable (EXE) files and many others IIS provides an Interface FOR COM . IIS ARCHITECTURES OVERVIEW: IIS is a core product. which means that it is designed to work closely with many other products. You can use the IIS Admin objects to create new sites and virtual directories be alter the properties of existing sites and virtual directories. IIS 4 and higher store settings and web information in a spoil database called the Metaphase.0 Option pack. These objects are accessible from ASP and other languages.You can control many parts of IIS using COM>IIS exposes many of the server’s configuration settings via the IIS Admin objects. This includes ISAPI extension agents. Basic and Windows NT challenge/Response. SECURITY FOR IIS APPLICATION IIS provides three authentication schemes to control access to ITS resources: Anonymous. ACCESS PRIVIEGES IIS provides several new access levels. IDC scripts and future scripting capabilities. COT applications. The following figure shows the relationship between IIS and other products installed as part of the Windows NT Server 4. including all products in the Windows NT Server 4.0 Option pack. The following values can set the type of access allowed to specific directories: . Each of these schemes had different effect on the security context of an application launched by ITS. That means you can adjust server configuration and create virtual directories and webs programmatically. To save time and money Sip’s support only large company web siesta the expense of personal websites. especially for people who manage large internet Service Provider (ISP) Installations. Microsoft Internet Information server (IIS) version 4. if you can automate administrative tasks and let users administer their own sites from remote computers. without reducing the number of web sites supported. Read Write Script Execute Log Access Directory Browsing.0 offers technologies to do this: . This solution reduces the amount of time and money it takes to manually administer a large installation. But is there a cost-effective way to support both? The answer is yes. IIS WEBSITE ADMINISTRATION Administering websites can be time consuming and costly. add a virtual server to a site and many other tasks. change permissions. data manipulation and processing. It also contains nonfunctional requirements. IIS Admin objects built on top of Active Directory service Interface(ADS)) With these technologies working together behind the scenes.Then all user need to do is run batch files to add new accounts. SOFTWARE REQUIREMENT SPECIFICATION A software requirements specification (SRS) is a complete description of the behavior of the software to be developed. the SRS contains functional requirements. The SRS phase consists of two basic activities: 1) Problem/Requirement Analysis: The process is order and more nebulous of the two. the calculations. quality standards or design constraints). In addition to use cases. It includes a set of use cases that describe all of the interactions that the users will have with the software. . the goal and constraints. deals with understanding the problem. which impose constraints on the design or implementation (such as performance requirements. technical details. which define the internal workings of the software: that is. the person can administers sites from the command line of central computer and can group frequently used commands in batch files. Windows scripting Host (WSH) 2.1. and other specific functionality that shows how the use cases are to be satisfied. Producing the SRS document is the basic goal of this phase. the focus is on specifying what has been found giving analysis such as representation. and checking the specifications are addressed during this activity. . Role of SRS: The purpose of the Software Requirement Specification is to reduce the communication gap between the clients and the developers. A good SRS should satisfy all the parties involved in the system. The Requirement phase terminates with the production of the validate SRS document.2) Requirement Specification: Here. Software Requirement Specification is the medium though which the client and user needs are accurately specified. It forms the basis of software development. specification languages and tools. PSMPA Date flow diagram Level 0 . patient registration Patient details Generate ID Generate Secrete key Data base Level 1 Verify user Authentication Output Patient Data storage Level 2 . Upload patient data USER Enter ID and Secrete k Data base Encrypt data & store int . Level 3 Provide treatment Hospit . Use case Diagram Patient registration Generate ID Secret Key generation Upload patient records Encryption & store data into server User Server Retrieve file Verify physician Decrypt & download record . Class Diagram . Update hospital database () Generate key () Verify physician () . Activity diagram . Verify physician PSMPA . There are various types of test. Each test type addresses a specific testing requirement. It provides a way to check the functionality of components. that . assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. Testing is the process of trying to discover every conceivable fault or weakness in a work product.it is done after the completion of an individual unit before integration. All decision branches and internal code flow should be validated.SYSTEM TESTING The purpose of testing is to discover errors. This is a structural testing. sub assemblies. TYPES OF TESTS Unit testing Unit testing involves the design of test cases that validate that the internal program logic is functioning properly. and that program inputs produce valid outputs. It is the testing of individual software units of the application . Unit tests perform basic tests at component level and test a specific business process. application. Functional test .relies on knowledge of its construction and is invasive. and/or system configuration. Integration testing is specifically aimed at exposing the problems that arise from the combination of components. as shown by successfully unit testing. Testing is event driven and is more concerned with the basic outcome of screens or fields. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results. the combination of components is correct and consistent. Integration tests demonstrate that although the components were individually satisfaction. Integration testing Integration tests are designed to test integrated software components to determine if they actually run as one program. Output : identified classes of application outputs must be exercised. Invalid Input : identified classes of invalid input must be rejected. An example of system testing is the configuration oriented system integration test. Functions : identified functions must be exercised. Before functional testing is complete. It tests a configuration to ensure known and predictable results. and user manuals. Functional testing is centered on the following items: Valid Input : identified classes of valid input must be accepted. In addition. additional tests are identified and the effective value of current tests is determined. or special test cases. System testing is based on process descriptions and flows. System Test System testing ensures that the entire integrated software system meets requirements. key functions. data fields. Organization and preparation of functional tests is focused on requirements. predefined processes. . system documentation. systematic coverage pertaining to identify Business process flows. and successive processes must be considered for testing. Systems/Procedures: interfacing systems or procedures must be invoked. emphasizing pre-driven process links and integration points.Functional tests provide systematic demonstrations that functions tested are available as specified by the business and technical requirements. as most other kinds of tests. It is purpose. Black box tests. Unit Testing: . The test provides inputs and responds to outputs without considering how the software works. must be written from a definitive source document. structure and language of the software. It is used to test areas that cannot be reached from a black box level. It is a testing in which the software under test is treated. such as specification or requirements document. such as specification or requirements document.White Box Testing White Box Testing is a testing in which in which the software tester has knowledge of the inner workings. or at least its purpose. structure or language of the module being tested.you cannot “see” into it. Black Box Testing Black Box Testing is testing the software without any knowledge of the inner workings. as a black box . Test strategy and approach Field testing will be performed manually and functional tests will be written in detail. messages and responses must not be delayed. Pages must be activated from the identified link. Features to be tested Verify that the entries are of the correct format No duplicate entries should be allowed All links should take the user to the correct page. The entry screen. although it is not uncommon for coding and unit testing to be conducted as two distinct phases.Unit testing is usually conducted as part of a combined code and unit test phase of the software lifecycle. . Test objectives All field entries must work properly. Acceptance Testing . components in a software system or – one step up – software applications at the company level – interact without error. Test Results: All the test cases mentioned above passed successfully. e. The task of the integration test is to check that components or software applications.g. No defects encountered.Integration Testing Software integration testing is the incremental integration testing of two or more integrated software components on a single platform to produce failures caused by interface defects. Conclusion: A novel authorized accessible privacy model and a patient self-controllable multi-level privacy preserving cooperative authentication scheme realizing three different levels of security and privacy requirement in the distributed m-healthcare cloud computing system are proposed. followed by the formal security proof and efficiency evaluations which illustrate our PSMPA can resist various kinds of malicious attacks and far outperforms previous schemes in terms of storage. It also ensures that the system meets the functional requirements. Future Enhancement . No defects encountered. Test Results: All the test cases mentioned above passed successfully. computational and communication overhead.User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. ” in Proc. pp. Lou. Jun. vol. Mobile Netw. vol.” IEEE Trans. 5. pp.Our future work will focus on investigating the relation between patient mobility and privacy under the distributed Environment. Ren.” J. Applications. 1. no.” Ad Hoc Netw. R. pp. pp. “Implementation of security policy for clinical information systems over wireless sensor network. and X. 2007. “Cross-domain data sharing in distributed electronic health record system. 134–144. Jan.. B. Li. ICST Conf. Security Privacy Comm. II. 2010. 6th Int. J. 2010. J. 16. 6. no. Misic and V. X. 2011. Yu. IV. References: I. Fang. X. S. 754–764. Parallel Distrib. vol. 417–429. Misic. 89–106. Liang. 21. “Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. Misic. Dec. J.. vol.. “A secure handshake scheme with symptoms-matching for mhealthcare social network. Netw. 1. . 6. V. no. K. Netw. Lu. Lin. III. J. Shen. “Enforcing patient privacy in healthcare WSNs through key distribution algorithms. 683–694. pp. and W. Misic and V.. no. Sun and Y. Syst.” Security Commun. 5. 2008 M.
Report "PSMPA Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributed M-Healthcare Cloud Computing System (1)"