UNIT III

TELEMEDICAL STANDARDS

Data Security and Standards: Encryption, Cryptography, Mechanisms of encryption, phases of

Encryption.Protocols: TCP/IP, ISO-OSI, Standards to followed DICOM, HL7, H. 320 series Video
Conferencing, Security and confidentiality of medical records, Cyber laws related to telemedicine

IMPORTANT BIG QUESTIONS

 Explain the encryption and decryption technique in detail.
 Explain the Cryptography and Mechanisms of encryption
 Explain the DICOM and HL7 standards in detail (OR) Explain the Standards to be followed for
storing images, videos and reports.
 Explain the Security and confidentiality of medical records.
 Explain the H. 320 series Video Conferencing
 Explain the Cyber laws related to telemedicine.
 Explain TCP/IP protocol in detail
 Explain ISO-OSI layers in detail

DATA SECURITY AND STANDARDS

Use of information and communication technologies:

 To provide specialized health care consultation to patients in remote locations,

 To facilitate video-conferencing among health care experts for better treatment & care,
 To provide opportunities for continuing education of health care personnel.

What is e-Health?

 Internet-enabled Healthcare Applications

o Consumer Health Information

o Personal Health Records

o Internet-based Services (e-Pharmacy, e-Care (incl. email and e-communication, etc.)

 Electronic Health Record (EHR) Systems

 Administrative and Financial Health Systems

Importance of Healthcare Security

 Confidentiality/Data Security

 What if something goes wrong?

o System‘s Failure (Crash or virus causes loss of data)

o Outside force damages (hacker, other)
o Disaster
 Design Issues (Signature, authentication, others)

 Compliance Issues

How is Healthcare Security Different From Other Industries?

  Not bilateral conditions
 Regulated (US: HIPAA and other regulations)
 Community interest
 Legal issues
e-Health Security Issues

 Security for (Patient) Confidentiality

 Security that Enables Electronic Health Records
 Authentication
 Data Integrity
 Systems Security
 Secure Transmission
 Secure Processing
 Secure Storage
 Etc.

CRYPTOGRAPHY
In a narrow sense
 Mangling information into apparent unintelligibility
 Allowing a secret method of un-mangling

In a broader sense
 Mathematical techniques related to information security
 About secure communication in the presence of adversaries

A MODEL FOR NETWORK SECURITY

 A security-related transformation on the information to be sent. Examples include the encryption of
the message, which scrambles the message so that it is unreadable by the opponent, and the addition
of a code based on the contents of the message, which can be used to verify the identity of the
sender.
  Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An
example is an encryption key used in conjunction with the transformation to scramble the message
before transmission and unscramble it on reception.

 A trusted third party may be needed to achieve secure transmission. For example, a third party may
be responsible for distributing the secret information to the two principals while keeping it from any
opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning
the authenticity of a message transmission.

This general model shows that there are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation. The algorithm should be such that
an opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret information.

4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the secret
information to achieve a particular security service.

Encryption and Decryption

– encryption: a process of encoding a message so that its meaning is not obvious

– decryption: the reverse process

encode(encipher) vs. decode(decipher)

– encoding: the process of translating entire words or phrases to other words or phrases

– enciphering: translating letters or symbols individually

– encryption: the group term that covers both encoding and enciphering

Plaintext vs. Ciphertext

– P(plaintext): the original form of a message

– C(ciphertext): the encrypted form

• Basic operations

– plaintext to ciphertext: encryption: C = E(P)

– ciphertext to plaintext: decryption: P = D(C)

– requirement: P = D(E(P))
• Cryptography – cryptography means hidden writing, the practice of using encryption to conceal text

• Cryptanalysis

– cryptanalyst studies encryption and encrypted message, with the goal of finding the hidden meaning of the
messages
– break an encryption
– cryptanalyst can do any or all of three different things:
• attempt to break a single message
• attempt to recognize patterns in encrypted messages, in order to be able to break subsequent ones
by applying a straightforward decryption algorithm
• attempt to find general weakness in an encryption algorithm, without necessarily having intercepted
any messages

• Cryptology – includes both cryptography and cryptanalysis

Objectives of Information Security

• Confidentiality (secrecy)
– Only the sender and intended receiver should be able to understand the contents of the
transmitted message
• Authentication
– Both the sender and receiver need to confirm the identity of other party involved in the
communication
• Data integrity
– The content of their communication is not altered, either maliciously or by accident, in
transmission.
• Availability
– Timely accessibility of data to authorized entities.
• Non-repudiation
 – An entity is prevented from denying its previous commitments or actions
• Access control
– An entity cannot access any entity that it is not authorized to.
• Anonymity
– The identity of an entity if protected from others.

Secret Key Cryptography

• Using a single key for encryption/decryption.

• The plaintext and the ciphertext having the same size.
• Also called symmetric key cryptography

SKC: Security Uses

• Transmitting over an insecure channel

– The transmitted message is encrypted by the sender and can be decrypted by the receiver,
with the same key
– Prevent attackers from eavesdropping
• Secure storage on insecure media
– Data is encrypted before being stored somewhere
– Only the entities knowing the key can decrypt it
• Authentication
– Strong authentication: proving knowledge of a secret without revealing it.
• Integrity Check
– Noncryptographic checksum
 •Using a well-known algorithm to map a message (of arbitrary length) to a fixed-
length checksum
• Protecting against accidental corruption of a message
• Example: CRC
– Cryptographic checksum
• A well-know algorithm
• Given a key and a message
• The algorithm produces a fixed-length message authentication code (MAC) that is
sent with the message
Private Key Cryptography

• Each individual has two keys

– a private key (d): need not be reveal to anyone
– a public key (e): preferably known to the entire world
• Privatekey crypto is also called asymmetric crypto.

PKC: Security Uses

• Secure storage on insecure media

– Data is encrypted with the public key of the source, before being stored somewhere
– Nobody else can decrypt it (not knowing the private key of the data source)
• Authentication
• Digital Signatures
– Proving that a message is generated by a particular individual
– Non-repudiation: the signing individual can not be denied, because only him/her knows the
private key.

Hash Functions

• Cryptographic hash function

– A mathematical transformation that takes a message of arbitrary length and computes it a
fixed-length (short) number.
• Properties ( Let the hash of a message m be h(m) )
– For any m, it is relatively easy to compute h(m)
– Given h(m), there is no way to find an m that hashes to h(m) in a way that is substantially
easier than going through all possible values of m and computing h(m) for each one.
– It is computationally infeasible to find two values that hash to the same thing.
Hash Functions: Security Uses

• Password hashing
– The system store a hash of the password (not the password itself)
– When a password is supplied, it computes the password‘s hash and compares it with the
stored value.
• Message integrity
– Using cryptographic hash functions to generate a MAC
 • Message fingerprint
– Save the message digest of the data on a tamper-proof backing store
– Periodically re-compute the digest of the data to ensure it is not changed.
• Downline load security
– Using a hash function to ensure a download program is not modified
• Improving signature efficiency
– Compute a message digest (using a hash function) and sign that.
Attacks on cryptographic algorithms

• Brute force search

– Assume either know/recognize plaintext
– Simply try every key
• Cryptoanalysis
– Ciphertext only
• With the ciphertext
• Plaintext is recognizable
– Known plaintext
• <cipher, plaintext> pairs are known
– Chosen plaintext
• Select plaintext and obtain ciphertext to attack

Birthday Attacks

• Principle
– Assume: A function yields any of n different outputs with equal probability, where n is
sufficiently large.
– After evaluating the function for about 1.2*squart(n) arguments, we expect to find a pair of
different arguments, x1 and x2, such that f(x1)=f(x2).
• Attack: message replay
• Solution: increase the size of the output
Meet-in-the-Middle Attacks

• Principle
– build a table of keys
– Compute f(k,m) for every key
• f is an encryption function, m is a known message
– Eavesdrop a value f(k‘,m)
– If f(k‘,m)=f(k,m), then there is a good chance k‘=k.
Security Definition

• Unconditional Security
– The system cannot be defeated, no matter how much power is available by the adversary.
• Computational security
– The perceived level of computation required to defeat the system using the best known attack
exceeds, by a comfortable margin, the computational resources of the hypothesized
adversary.
– e.g., given limited computing resources, it takes the age of universe to break cipher.
• Provable security
 – The difficulty of defeating the system can be shown to be essentially as difficult as solving a
well-known and supposedly difficult problem (e.g., integer factorization)
• Ad hoc security
– Claims of security generally remain questionable
– Unforeseen attacks remain a threat
Secret Key Cryptographic Algorithms

• DES (Data Encryption Standard)

• 3DES (Triple DES)
• IDEA (International Data Encryption Algorithm)
• AES (Advanced Encryption Standard)
DES (Data Encryption Standard)

• Authors: NSA & IBM, 1977

• Data block size: 64-bit (64-bit input, 64-bit output)
• Key size: 56-bit key
• Encryption is fast
• DES chips
• DES software: a 500-MIP CPU can encrypt at about 30K octets per second
• Security
• No longer considered secure: 56 bit keys are vulnerable to exhaustive search
Triple-DES (3DES)

• C = DESk3(DESk2(DESk1(P))).
• Data block size: 64-bit
• Key size: 168-bit key; effective key size: 112 (due to man-in-the-middle attack)
• Encryption is slower than DES
• Securer than DES
IDEA (International Data Encryption Algorithm)

•Authors: Lai & Massey, 1991

•Data block size: 64-bit
•Key size: 128-bit
•Encryption is slower than DES
•Security
• Nobody has yet published results on how to break it
• Having patent protection
AES (Advanced Encryption Standard)

• Authors: Daemen&Rijmen
• Block size:128-bit
• Key size: 128-bit, 192-bit, 256-bit
• Encryption is fast
• Security
• As of 2005, no successful attacks are recognized.
• NSA stated it secure enough for non-classified data.

DICOM
• Digital Imaging and Communications in Medicine (DICOM) is an industry standard facilitating
the processing and exchange of medical images in digital form. It is, in fact, a comprehensive
set of standards for handling, storing and transmitting information in medical imaging.

The objectives of DICOM standard are (NEMA, 2001):

• 1. To standardise of communication of digital image information, regardless of manufacturer of
the imaging equipment.
 • 2. To facilitate the development and expansion of PACS that can interface with other systems of
hospital information.
• 3. To promote the creation of diagnostic information databases that can be accessed by a wide
variety of devices and users distributed geographically.

• DICOM was developed by the American College of Radiology (ACR) and National
Electrical Manufacturers Association (NEMA), with inputs from various vendors, academia,
industry groups, etc.
• Computed tomography, nuclear medicine imaging, digital subtraction angiography, and
magnetic resonance imaging systems directly produce digital images as the data are computer
processed and are examples whose images can be directly converted to DICOM format.
• ACR and NEMA have formed alliances with pathology and cardiology groups to extend the
standard to other types of images and photographs, such as pathology slides, photographs of
clinical significance, microscopy images, endoscopy, angiography, blood vessel and ultrasound
images.
• The objective of development of DICOM standard is to have a general standard so that it can be
applied to the entire range of medical images encountered in the healthcare field. This can
enable avoidance of different standards for various types of medical images facilitating storing
and transmitting electronic patient records that include images also.

• DICOM facilitates integration of various items of hardware such as workstations, servers,

scanners and network hardware from several vendors into picture archiving and
communication system. The different machines supplied by various vendors now come with
DICOM conformance statements indicating the DICOM classes they are designed to support.
The adoption of DICOM has been widely accepted by medical facilities and the applications are
expanding fast.
• DICOM facilitates the image acquisition devices (digital x-ray machines, CT, MRI scanners, etc.),
diagnostic imaging workstations from different vendors, image archives and hardcopy devices
to be connected into a common imaging information infrastructure which can be conveniently
integrated with other information systems.
• These include Picture Archiving and Communication System (PACS), Hospital Information
System (HIS) and Radiological Information System (RIS). Thus, the DICOM standard facilitates
interoperability of devices claiming conformance (Bedi, 2003).

In particular:
• • The DICOM standard addresses the semantics of commands and associated data. For devices
to interact, it provides standards on how devices are expected to respond to commands and
associated data, not just the information which is to be transferred between various devices.
• The DICOM standard explicitly defines the conformance requirements for implementing the
standard. Therefore, a conformance statement must specify the functions for which interoperability
can be expected from another device.
• The DICOM standard does not require network interface units to operate in a networked
environment.
• The DICOM standard provides support for future application as it is structured to accommodate the
introduction of new services.
Principles

Global Applicability and Localization

Continuous Maintenance
Information Objects and Unique Object Identification
Conformance
Consistency of Information Model

The DICOM Communication Model

The DICOM Standard facilitates interoperability of devices claiming conformance. In particular, it:

 Addresses the semantics of Commands and associated data. For devices to interact, there must be
standards on how devices are expected to react to Commands and associated data, not just the
information that is to be moved between devices.
 Addresses the semantics of file services, file formats and information directories necessary for off-
line communication.
 Is explicit in defining the conformance requirements of implementations of the Standard. In
particular, a conformance statement must specify enough information to determine the functions for
which interoperability can be expected with another device claiming conformance.
 Facilitates operation in a networked environment.
 Is structured to accommodate the introduction of new services, thus facilitating support for future
medical imaging applications.
 Makes use of existing international standards wherever applicable, and itself conforms to established
documentation guidelines for international standards.
 Figure presents the general communication model of the Standard, which spans both network (on-
line) and media storage inter- change (off-line) communication.
Applications may utilize any of the following transport mechanisms:

 the DICOM Message Service and Upper Layer Service, which provides independence from specific
physical networking communication support and protocols such as TCP/IP.
 the DICOM Web Service API and HTTP Service, which allows use of common hypertext and
associated protocols for transport of DICOM services
the Basic DICOM File Service, which provides access to Storage Media independently from specific media
storage formats and file structures.

The DICOM Standard

Document Structure
DICOM consists of the following parts:
PS3.1: Introduction and Overview (this document)
PS3.2: Conformance
PS3.3: Information Object Definitions
PS3.4: Service Class Specifications
PS3.5: Data Structures and Encoding
PS3.6: Data Dictionary
PS3.7: Message Exchange
PS3.8: Network Communication Support for Message Exchange
PS3.9: Retired
PS3.10: Media Storage and File Format for Media Interchange
PS3.11: Media Storage Application Profiles
PS3.12: Formats and Physical Media
PS3.13: Retired
PS3.14: Grayscale Standard Display Function
PS3.15: Security and System Management Profiles
PS3.16: Content Mapping Resource
PS3.17: Explanatory Information
PS3.18: Web Services
PS3.19: Application Hosting
PS3.20: Imaging Reports using HL7 Clinical Document Architecture
PS3.21: Transformations between DICOM and other Representations

Conformance
A Conformance Statement consists of the following parts:
Set of Information Objects that is recognized by this implementation
 Set of Service Classes that this implementation supports
 Set of communications protocols or physical media that this implementation supports
 Set of security measures that this implementation supports

Information Object Definitions

• Object oriented abstract data model
• Information about Real world object
• Composite IOD:
– information about related real world objects
– complete context provide to exchange
• Normalized IOD :
– represents a single entity in the DICOM Model of Real World Object.
– Use of pointers to related Normalized IOS instances.

Service Class Specifications

• A Service Class associates one or more Information Objects with one or more Commands to be
performed upon these objects. Service Class Specifications state requirements for Command
Elements and how resulting Commands are applied to Information Objects. Service Class
Specifications state requirements for both providers and users of communications services.

Composite :
• Verification
• Storage
• Query / Retrive
• Study Content notification (Retired)

Normalized :
• Patient Management (Retired)
• Study Management (Retired)
• Result Management (Retired)
• Basic Print Management

DICOM Service Elements

• Complex services are build using the Service elements are called DIMSE's
• Composite & Normolized services for Composite & Normalized information object.
• 5 - DIMSEs used for Composite Information object (DIMSE-C)
• 6 - DIMSEs used for Normalized Information object (DIMSE-N)

• Two Categories of DIMSE

– Operations
– Notification

DIMSE-C Services
• Operations :
– C-Store
– C-Get
– C-Move
– C-Find
– C-Echo
• Notification :
– None

DIMSE-N Services
 • Operations :
– N-Get
– N-Set
– N-Action
– N-Create
– N-Delete
• Notification :
N-Event Report

Data set :

Data Dictionary
PS3.6 of the DICOM Standard is the centralized registry that defines the collection of all DICOM Data
Elements available to represent information, along with elements utilized for interchangeable media
encoding and a list of uniquely identified items that are assigned by DICOM.
For each element, PS3.6 specifies:
its unique tag, which consists of a group and element number,
its name,
its value representation (character string, integer, etc),
its value multiplicity (how many values per attribute),
whether it is retired.
For each uniquely identified item, PS3.6 specifies:
its unique value, which is numeric with multiple components separated by decimal points and limited to 64
characters,
its name,
its type, either Information Object Class, definition of encoding for data transfer, or certain well known
Information Object Instances,
in which Part of the DICOM Standard it is defined.

Message Exchange
The operations and notifications (DIMSE Services) made available to Service Classes defined in PS3.4,
• rules to establish and terminate associations provided by the communications support specified in PS3.8,
and the impact on out- standing transactions,
• rules that govern the exchange of Command requests and responses,
• encoding rules necessary to construct Command Streams and Messages.

DICOM File Format

 Header containing
 the patient's name / id
 type of media (CT, MRI, PET, audio recording, etc.)
  image dimensions
 ...
 Body, containing «information objects»
 medical reports
 audio recordings
 images

DICOM Value Representations (VR)

• All DICOM attributes are formatted according to 27 value representation (VR) types

Value Representations Type

Value
Description
Representation

Application
AE
Entity
AS Age String

AT Attribute Tag

CS Code String

DA Date
 DS Decimal String
DT Date/Time
Floating Point
FL
Single (4 bytes)
Floating Point
FD
Double (8 bytes)

IS Integer String

LO Long String

LT Long Text

OB Other Byte

DICOM STORAGE

Other services of DICOM • Verification • Query/Retrieve • Modality Worklist

Transfer Syntax
A transfer syntax is the encoding methodology used to send data over the network, or the methodology used
to write data to a physical media
Example: Two different Transfer Syntaxes to represent the same information

The same semantic is conveyed, but using different encoding mechanisms

Big Endian versus Little Endian byte ordering :
DICOM defines two different byte orderings that affect binary values sent on more than 1 byte (typically:
short integer, long integer, float values).
Example on a 2 byte value: 0x3568
 HL7 STANDARD
HL7 Standard is a framework and standards for exchange, integration, sharing and retrieval of electronic
health information. Health Level Seven (HL7) is an all-volunteer, not-for-profit organization involved in
development of international healthcare standards (HL7). Health Level Seven International (HL7) is the
global authority on standards for interoperability of health information technology with members in over 55
countries. HL7's vision is to create the best and most widely used standards in healthcare.

Founded in 1987, Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards
developing organization dedicated to providing a comprehensive framework and related standards for the
exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice
and the management, delivery and evaluation of health services.

HL7 – an application protocol for electronic data exchange in healthcare environments. It contains

 Message Type – the specific purpose

 Order – a request for material or service
 Observation – performance of the service including result data
 Segment – a logical grouping of data fields identified by three letter identification (MSH, PID, OBX,
…)
 Trigger Event – a real world event that initiates an exchange of messages. There is a one to many
relationship between message type and trigger event.
Rules
 Message Header Segment (MSH) is required and always first
 There may be more than one type of segment and can be nested
 [ ] – Optional segment
 { } – Repeating segment
 Recommended message delimiters (field 2 of MSH)

Delimiter Value

Field Separator |

Component Separator ^

Subcomponent Separator &

Repetition Separator ~

Escape Character \

 Acknowledgement messages are sent to indicate if receiving application was able to:
 Parse message
 Decode message
 Assume responsibility for the message
 Process message contents
 Successfully commit to storage
Common Message Types
Type Abbreviation

Admission, Discharge, Transfer ADT

General Clinical Order Message OMG

Imaging Order OMI

Laboratory Order Message OML

Pharmacy/treatment Order Message OMP

General Order Message ORM

Unsolicited Observation/Result ORU

Unsolicited Vaccination Record Update VXU

Common Data Types

Type Abbreviation Definition

Used to transmit codes and associated text

Coded Element CE

Composite Quality with Specifies the numeric quantity or amount, and the
CQ
units units in which the quantity is expressed
Specifies the address of a person, place, or
Extended Address XAD
organization plus associated information
Specifies the complete name of a person plus
Extended Person Name XPN
associated information
A number (integer)
Numeric NM

Any displayable/printable ACSII characters

String Data ST
intended for strings less than 200 characters
Longer string data intended for display purposes
Text Data TX

Specifies a point in time including time zone

Time Stamp TS

Role of HL7 Messaging

 To improve the electronic exchange of demographic, and immunization records to State IIS
(registries) from eligible providers and hospitals
 To improve the ability of eligible hospital laboratories to send reportable data to public health
agencies
  To improve the electronic exchange of relevant syndromic surveillance data between healthcare
providers and public health agencies

Types of HL7 Standards

HL7 develops
Conceptual Standards (e.g., HL7 RIM),
Document Standards (e.g., HL7 CDA),
Application Standards (e.g., HL7 CCOW),
Messaging Standards (e.g., HL7 v2.x and v3.0)- Messaging standards are particularly important because
they define how information is packaged and communicated from one party to another.

Clinical Document Architecture (a V3-based standard): The CDA Release 2.0 provides an exchange model
for clinical documents (such as discharge summaries and progress notes) - and brings the healthcare industry
closer to the realization of an electronic medical record.

Electronic Health Record / Personal Health Record: The HL7 EHR System Functional Model provides a
reference list of functions that may be present in an Electronic Health Record System (EHR-S). Structured
Product Labeling (a V3-based standard): The SPL specification is a document markup standard that
specifies the structure and semantics of these documents.

Examples: Sample Surveillance Message

 Difference Between DICOM AND HL7

H.320 SERIES VIDEO CONFERENCING

Video conferencing is simply a vehicle for interactive communication. It enables one set of people to see
and hear people in a different location. In its most basic form is the transmission of image (video) and
speech (audio) back and forth between two or more physically separate locations. Also known as
―Videoteleconference‖.

BASIC FEATURES

• Very straightforward approach.

• Calls can be made locally, nationally or across the world.

VIDEO CONFERENCING COMPONENTS

• Camera To capture & send audio/video during conferencing.

• MicrophoneTo capture & send audio/video during conferencing.

• SpeakersTo play the audio received during video conferencing.

• TV or MonitorTo display the video received during video conferencing.

ADDITIONAL REQUIREMENT CODEC

• ―Coder - Decoder‖ ( Compressor / De compressor )

makes the audio/video data "small enough― to be practical for sending over expensive network
connections.

• A codec takes analog signals, compresses and digitizes them, and transmits the signals over digital phone
lines.

• H.3xx are ―umbrella‖ ITU recommendations for videoconferencing. These recommendations include
the protocols for coding video/audio, multiplexing, signaling, and control.
Standard Coverage/Content
• H.320 Standard for videoconferencing over ISDN. H.320 is also used on dedicated network such as
T1 and satellite-based networks.
• H.321 Standard for videoconferencing over ATM and B-ISDN
• H.323 Videoconferencing over Internet Protocol (IP) or Voice Over IP (VOIP)
• H.324 Videoconferencing over the general (dial-up) telephone network (POTS)
• H.310 Wide-band (MPEG-2) videoconferencing over ATM and B-ISDN
• H.261 Video encoding

The main protocols in H.320 suite include the following coding standards:
• Video : H.261, H.263, H.264
• Audio : G.711, G.722, G.722.1, G.728
• Data : T.120
• Control : H.221, H.231, H.242, H.243
• H.320 standard forms an umbrella for a whole host of standards adopted by the leading
manufacturers of videoconferencing equipment and ensures a fair degree of interconnectivity
(TANDERBERG).

• Figure 12.11 shows application of H.320 codec for digital video/audio transmission over ISDN lines.

The following points may be kept in view while selecting a videoconferencing system:
• (i) The intended use: The purpose for which the VTC is intended to be used.
• (ii) Number of sites: Number of locations which need to be communicated with and what resources
are planned for each location. Also, whether it is point-to-point or multi-point videoconferencing
requirement.
• (iii) Number of participants per site: The number of people likely to participate in videoconference
at various locations. Also, whether or not the requirement is for the same videoconferencing facility
for every location.
• (iv) Size of room: The room should be of sufficient size. It should have adequate lighting
arrangement and auxiliary resources required for an appropriate videoconferencing solution.
 • (v) Connectivity: Communication resources available at the various locations, i.e., T-1, xDSL,
cable-modem, ISDN.
• (vi) Systems or formats for calling: There are different videoconferencing standards for different
communication modes. For example, an IP-based network system uses H.323 voice/video standard
for communication purposes. On the other hand, an ISDN system operates by sending and receiving
voice and video data using the H.320 standard.
• (vii) Data capability requirement: A typical videoconferencing system has a video channel, an audio
channel, and sometimes a data channel.

Examples
• Skype for Health Purposes
Skype (Skype Ltd., Luxembourg) is one of the most popular applications that provides video
chat and voice call services. It allows the users to exchange digital documents such as images,
text, video, etc., and to transmit both text and video messages. Skype allows the creation
of videoconference calls.
• Kiosk-based Videoconferencing System
The kiosk PC and the PC of the doctor in his clinic are connected together through a
videoconferencing system. When a patient comes to the kiosk, the videoconferencing connection is
established. The remote diagnostic equipment at the kiosk is then activated by the doctor from his PC.
• Videophone
Videophone is an interactive videoconferencing technology that utilises an analog phone line to
transmit audio and video using low bandwidth technology.

Types of video conferencing

• Point to point
• Point to multipoint
Point-to-point
• A videoconference that connects two locations.
• Each site sees and hears the other sites at all times

Multi-point
• • A videoconference that connects to more than two sites through the use of a multipoint control unit(
MCU ) or video hub.
• • Participants at all sites can hear one another at all times and see the site that is currently speaking. (
Voice activated switching)
• • This is a bridge that interconnects calls from several sources.
 • Video conferencing can be run across two types of networks. These are called ‗Circuit Switched‘ and
Packet Switched‘.
Circuit Switched networks have the following characteristics:
• •Bandwidth is guaranteed through the network
• •Bandwidth is not shared once connection is established
• •Just like a phone call – you bring up a circuit through the network on demand
• •Information is sent as a single bit stream
Packet Switched networks have the following characteristics:
• •Bandwidth is NOT guaranteed
• •Bandwidth IS shared
• •Circuits are built as needed and are not available on demand
• •Information is sent after being broken down into packets

There is a choice of which type of networkconfiguration you are using to place video calls.
The three choices are:
• H.320
• H.323
• and Session Initiation Protocol (SIP)
Often there is also a choice to configure an ―IP‖ network. This option often refers to H.323.H.320 defines
how circuit switched networks are used in video communications. By far the mostcommon circuit switched
network is ISDN or Integrated Services Digital network. The H.320standard includes its signaling
mechanisms and how voice, video, and other payload are transmittedover the ISDN interface.
IP configuration often refers to H.323, however both H.323 and SIP are signaling protocols thatoperate on
IP based networks. Like the H.320 protocol, the H.323 standard includes its signalling mechanisms and how
voice, video are transmitted.
SIP, however, does not handle the voice, video, and other payload; SIP just defines signalling procedures
which are used to set up, maintain, and tear down the IP connections that carry the voice,video, and other
payload signals.

SECURITY AND CONFIDENTIALITY OF MEDICAL RECORDS

 PrivacyThe desire of a person to control thedisclosure of personal health information

 ConfidentialityThe ability of a person to control release ofpersonal health information to a
careprovider or information custodian under anagreement that limits further release of
thatinformation
 SecurityProtection of privacy and confidentialitythrough policies, procedures and safeguards.

Confidentiality
The general ethic in the provision of health care is that apatient‘s secrets uttered in confidence must
besafeguarded by the physician, other health careproviders, and the agency‘s workforce
(employees,volunteers, trainees, and other persons whoseconduct, in the performance of their duties, is
underthe direct control of the agency, whether or not theyare paid by the agency).

Why do they matter?

 Ethically, privacy and confidentiality areconsidered to be rights (in our culture)

 Information revealed may result in harm tointerests of the individual
 The provision of those rights tends to ensure thatthe information is accurate and complete
 Accurate and complete information fromindividuals benefits society in limiting spread ofdiseases to
society (i.e. HIV)
 The preservation of confidentiality assistsresearch which in turn assists patients

Measures to Protect Privacy

 Make sure examination takes place in isolation from otherpatients, unauthorized family
members, and/or staff
  Provide gender-sensitive waiting and examination rooms
 Provide proper clothing for the admitted patients
 Make sure patients are well covered when transferred fromone place to another in the hospital
 Make sure your patient‘s body is exposed ONLY as much asneeded by the examination or
investigation
 Patients should have separate lifts and be given priority
 Make sure there is another person (nurse) of the same sex as thepatient present all the time of the
examination
 Always take permission from the patient before examination
 Insure privacy when taking information from patients
 Avoid keeping patients for periods more than required by theprocedure.
 It‘s prohibited to examine the patient in the corridors or in thewaiting area.
 During examination, no foreign person unrelated to the patientallowed
 Give patients enough time to expose the part with pain
 Only relevant personnel are allowed to enter the examinationroom

Why is there a Duty for Confidentiality?

• Trust between patients and healthprofessionals.

• Patients give information about their health inconfidence.
• Individuals will be encouraged to seekappropriate treatment and share informationrelevant to it.

Proficiency (Medical) Secret

• Medical secret is defined as ―Any medical information thatcomes to the knowledge of the practitioners as a
result oftheir work whether directly obtained from the patient, orotherwise‖
• It includes any information that the doctor (or treatmentteam) knows about the patient (alive or dead),
directly or
indirectly that a patient may deem its disclosure undesirableor harmful to his/her health, reputation,
financial, social orprofessional status.
• It includes any information about the patient‘s identity,condition, diagnosis, investigations‘ results,
treatment, and/orprognosis (whether chances of cure, disability, or death)

What is Confidential?
• All identifiable patient information, whether written,computerised, visually or audio recorded or simply
held in the memory of health professionals, is subject to the duty ofconfidentiality.
It covers:
– The individual‘s past, present or future physical or mental health orcondition,
– Any clinical information about an individual‘s diagnosis or treatment;
– A picture, photograph, video, audiotape or other images of the patient;
– Who the patient‘s doctor is and what clinics patients attend and when;
– Anything else that may be used to identify patients directly or indirectly
– The past, present, or future payment for the provision of health care tothe individual,

Confidentiality Measures
1. Limit the accessibility to the medical records
2. Do not discuss the patient‘s medical information withunauthorized family members
3. Do not disclose patient‘s information without his/herconsent, or in established exceptions (below)
4. Do NOT collect information not related to the provisionof care
5. Set policies that regulate access to medical informationand how any breach to confidentiality is managed
6. Limit sharing of information with other staff, unless incases of consultations and second opinion

All records
• Never inappropriately access records;
• Shut/lock doors, offices and filing cabinets;
• Query the status of visitors/strangers;

Manual records
• Hold in secure storage;
• Tracked if transferred, with a note of their current locationwithin the filing system;
• Returned to the filing system as soon as possible after use;
• Stored closed when not in use so that the contents are notseen by others;
• Kept on site unless removal is essential.

Electronic records
• Always log out of any computer system or application whenwork is finished;
• Do not leave a terminal unattended and logged in;
• Do not share Smartcards or passwords with others;
• Change passwords at regular intervals;
• Always clear the screen of a previous patient‘s informationbefore seeing another.
Email and fax
• Whenever possible, clinical details should be separated fromdemographic data;
• All data transmitted by email should be encrypted

Security
The National Institute of Standards and Technology (NIST), the federal agency responsible for developing
information security guidelines, defines information security as the preservation of data confidentiality, integrity,
availability
The increasing concern over the security of health information stems from the rise of EHRs, increased use of mobile
devices such as the smartphone, medical identity theft, and the widely anticipated exchange of data between and
among organizations, clinicians, federal agencies, and patients. If patients’ trust is undermined, they may not be
forthright with the physician. For the patient to trust the clinician, records in the office must be protected. Medical
staff must be aware of the security measures needed to protect their patient data and the data within their
practices.

Providers and organizations must formally designate a security officer to work with a team of health information
technology experts who can inventory the system’s users, and technologies; identify the security weaknesses and
threats; assign a risk or likelihood of security concerns in the organization; and address them. The responsibilities for
privacy and security can be assigned to a member of the physician office staff or be outsourced. Audit trails. With
the advent of audit trail programs, organizations can precisely monitor who has had access to patient information.
Audit trails track all system activity, generating date and time stamps for entries; detailed listings of what was
viewed, for how long, and by whom; and logs of all modifications to electronic health records .

Administrators can even detail what reports were printed, the number of screen shots taken, or the exact location
and computer used to submit a request. Alerts are often set to flag suspicious or unusual activity, such as reviewing
information on a patient one is not treating or attempting to access information one is not authorized to view, and
administrators have the ability to pull reports on specific users or user groups to review and chronicle their activity.
Software companies are developing programs that automate this process. End users should be mindful that, unlike
paper record activity, all EHR activity can be traced based on the login credentials. Audit trails do not prevent
unintentional access or disclosure of information but can be used as a deterrent to ward off wouldbe violators.
The HIPAA Security Rule requires organizations to conduct audit trails , requiring that they document information
systems activity and have the hardware, software, and procedures to record and examine activity in systems that
contain protected health information . In addition, the HITECH Act of 2009 requires health care organizations to
watch for breaches of personal health information from both internal and external sources. As part of the
meaningful use requirements for EHRs, an organization must be able to track record actions and generate an audit
trail in order to qualify for incentive payments from Medicare and Medicaid. HIPAA requires that audit logs be
maintained for a minimum of 6 years . As with all regulations, organizations should refer to federal and state laws,
which may supersede the 6-year minimum.

Individually identifiable health information, or IIHI , is any data that can be correlated with an individual—
for example, information in a medical record or a database that can be linked to a specific patient. A related
term is protected health information, or PHI, which is defined as individually identifiable health
information. The HIPAA privacy rule defines individually identifiable health information as a subset of
health information, including demographic and other health information related to past, present, or future
physical or mental health or condition of an individual that is created or received by a health care provider,
health plan, employer, or health care clearinghouse.

Consider the notion of personal privacy versus the common good. Some of the concerns are well
demonstrated in a video that was produced in 2011 by the American Civil Liberties Union.

Disclosures occur due to a variety of reasons, including mobile devices or data storage media that is lost or
stolen, as well as cybersecurity attacks on an organization‘s technology infrastructure. Not all cybersecurity
attacks result in patient information disclosure, but any threat of an actual attack or breach places the
organization at high risk. Also, hackers may not reveal they have stolen the information until long after the
event. Health care providers are a prime target for cyberattacks due in part to the value of PHI on the black
market.

Anyone can be subject to a breach, including health care providers, vendors, insurance companies, patients,
and consumers. The increasing use of mobile devices such as smart phones, tablets, and laptops poses
unique issues with the effort of protecting both physical and data assets. Any device that connects to a
network is vulnerable, including medical devices. Also, implantable devices such as pacemakers are prone
to hackers.

This slide provides just a sampling of the many types of events that can result in disclosure of PHI. These
examples range from 2005 to 2016, which demonstrates this is not a recent issue.
One particularly egregious story happened in Portland, Oregon, on New Year‘s Eve 2005. An individual left
in his car disks, backup tapes, and other media that contained records of about 365,000 patients who were
seen by a visiting nurse association. This indiscretion naturally received a lot of press and demonstrated the
need to be careful if one manages devices with PHI. This type of event has continued to occur over the years
regardless of the amount of press.

The Veterans Administration system has had a number of episodes, probably the largest of which was when
a laptop with the data of over a million veterans was stolen. The laptop was recovered, and it appeared that
the data was not accessed, but of course, no one knows exactly what went on with the machine when it was
in the hands of those who stole it.
Improper disclosure of research participants‘ PHI resulted in a HIPAA settlement in 2016. Anthem, a large
insurance payer organization, was hacked, exposing over 80 million customers‘ PHI. Over the past several
years, many health care providers have had their clinical and operational software systems and networks
frozen until some type of ―ransom‖ was paid. These events do not necessarily expose PHI, but they
demonstrate the organization‘s vulnerability and place their PHI at high risk.
Again, these are only a few of the many examples of breaches, attacks, and loss of PHI impacting health
care organizations, providers, and their patients.
 CYBER LAWS RELATED TO TELEMEDICINE
• The power of computer networks to provide fast, low-cost communication and distribution of
information can be abused if un authorised copies of copyrighted works are circulated
• Some governments have asserted copyrights for their databases and have sought to charge for access
and officials must determine who has rights to this information and how it should be made available

 CYBERLAW

―REFERS TO ALL THE LEGAL AND REGULATORY ASPECTS OF Internet and the World Wide
Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning
any activity of netizens in and concerning Cyberspace comes within the ambit of Cyberlaw.‖

 To provide a comprehensive framework of societal and commerce - enabling laws which encompass
aspects concerning security of information and network integrity and reliability

 To create the right development of the communication and multimedia industry and to position
Malaysia as a major hub for the communications and multimedia information and content services

THE NEED FOR CYBER LAWS

 Existing laws do not always sufficiently cover new multimedia applications

 Uncertainty about legal framework stifles development of business and hinders the development of
Malaysia as a knowledge-based society and knowledge-based economy.

Existing Cyber Laws Purpose

The Computer Crimes Act 1997 Covers offences relating to misuse of computers
(01/06/2000)
The Copyright (Amendment) Act 1997 Scope of Copyright protection widened to cover
communications to public through wire or wireless
means
The Telemedicine Act 1997 To facilitate the practice of Telemedicine
Digital Signature Act 1997 To regulate the use of Digital signatures and provide
(01/10/1998) its legal status for electronic transactions

The Communications & Multimedia Act 1998 To regulate and facilitate the development of
(01/04/1999) converging communications and multimedia
industry.

Digital Signature Act 1997

• Came into operation on 1 October 1998

• Referred to USA, UK, Germany and the United Nations Commission on International Trade Law
(UNCITRAL) on digital signatures
o Could not radically depart from what was being done in the rest of the world in the interest of
uniformity, international cooperation and international interoperability
• A secure electronic communications especially on the internet
• An identity verification standard that uses encrypted code consists of the user‘s name and a hash of
all the parts of the message
• By attaching the digital signature, one can ensure that nobody can eavesdrop, intercept or temper
with transmitted data
• Why the Act exists
o Transactions via the Internet are increasing
o As identities in the cyberspace can be falsified and messages tampered with
o There is a need for the purchasers and sellers to ascertain each others‘ identity and the
integrity of the messages
o Thereby removing doubt and the possibility of fraud when conducting transactions online
• What the Act is about
o Provides for the regulation of the public key infrastructure
o Make digital signature legally valid and enforceable as traditional signature

Computer Crimes Act 1997

• Came into effect in March 1997

• The Act manifests the government‘s recognition of the need to criminalise unregulated activities
• The increased dependence of computers mandates the creation of a statutory framework catering for
the regulation and prosecution of such activities
• Gives protections against the misuses of computers and computer criminal activities
• Users can protect their rights to privacy and build trust in the computer system
• The government can have control at a certain level over cyberspace to reduce cyber crime activities

Telemedicine Act 1997

• Was passed by Parliament in March 1997
• The Telemedicine Act 1997 must be read together with the Medical Act 1971
• Why the Act exists:
o Healthcare systems and providers around the world are becoming interconnected.
o Unclear quality healthcare advice and consultation from specialist because doesn‘t have truth
value
o To regulate practice of teleconsultations in medical profession
• Ensures that only qualified medical practitioners can practice telemedicine and that their patients‘
rights and interests are protected
• Provides the future development and delivery of healthcare in Malaysia
Communication and Multimedia Act 1998

• Came into effect on 1 April 1999

• Why the Act exist:
o Convergence of technologies is driving convergence of telecommunication, broadcasting,
computing and content
o Previously, each of these industries was regulated by several different pieces of legislation
o The old regulatory framework cannot cope with convergence and inhibits the growth of the
new converged industry
• What the Act is about?
o A restructuring of converged ICT industry
o Create and define a new system of licenses and defines the roles and responsibilities of those
providing communication and multimedia services
o Ensures that the information is secure, the network is reliable and the service is affordable
all over Malaysia
o Ensures high level of user‘s confidence in the information and communication technology
industry
o Provide the existence of the Communication and Multimedia Commission

• Policy objectives of Communication and Multimedia Act

o To establishing Malaysia as a major global hub for Communication and Multimedia
information and content services
o To promote consumer confidence in service delivery
o To promote development of capabilities and skills pertaining to industry
o To create a robust applications environment for the end user

Copyright (Amendment) Act 1997

• Came into force on 1 April 1999

• Why the Act exists

o Copyright serves to protect the expression of thoughts and ideas from unauthorized copying
and/or alteration

o With convergence of Information and Communication Technology (ICT), creative expression

is now being captured and communicated in new forms (example: multimedia products,
broadcast of movies over the Internet and cable TV). These new forms need protection

• What the Amended Act is about:

o The Copyright (Amendment) Act amends the Copyright Act 1987 to extend copyright law to
the new and converged multimedia environment
o There is now clear protection accorded to multimedia works
o The transmission of copyright works over the Internet now clearly amounts to infringement
o Technological methods of ensuring works (and authorship info) are not altered or removed is
also protected

Private Data Protection Bill

• Regulate the collection, holding, processing or use of personal data by any person
• Provides protection to personal data and safeguards the privacy interests of individuals
• Scope covers any personal data relating directly to a living individual
• Applies to both automated and non-automated personal data files in the public and private sectors
Electronic Transaction Bill
• To give legal recognition to electronic communications and facilitate electronic commerce
• Primary focus is on all forms of online commercial activity which are undertaken by companies,
individuals or the Government
• Principles:
o Achieving functional equivalence – as far possible, paper based commerce and electronic
commerce should be treated equally by the law
o The related principle of ensuring technology neutrality
• Main Operative Provisions:
o Legal recognition of electronic communications
o Legal recognition of electronic signatures
o Legal recognition of electronic documents as originals
o Attribution of electronic communications
o Record retention and management requirement
o Formation, validity, time and place of contracting
o Automated transactions and electronic agents
o Correction of errors
o Relationship of Members of a Digital Market
o Applicable Law for Tortuous Liability

Electronic Government Activities Bill

• Electronic Government Activities Bill was proposed to enable functions or transactions between the
various government agencies and the citizenry to be undertaken electronically, whilst ensuring a
uniform legal standard for activities to be undertaken electronically.
• The Bill allows the Government to set down rules on the manner of electronic dealings from and to
the public
• Characteristics
• An enabling Act - Supplement existing statutory provisions
• Consistent approach to public e-dealings.
• Unique policy requirements of agencies can be addressed.
• Technology Neutral - Relevance of Act.
• Flexibility - Applies only when agency ―e-enables‖ the statute.
• Choice as to the mode of transaction by govt agencies and the public.

TECHNOLOGY/ COMPUTER CRIME CASES

 E-Mail Abuse (Malicious/ False/ Harassment/ Impersonation)
 Hacking/ Cracking. Identity Theft.
 Forgery of Valuable Documents (Currency/ Cheques/ Passports/ I.D.s
 E-commerce Cheating
 Telecommunication Line Theft

Categories of Computer Crime

 Computer assisted crime
 Computer specific or targeted crime
 Computer is incidental
e.g. Equity funding
414 Gang
Kevin Mitnick
The Cuckoo‘s Egg

Today’s Cyber-crime
 Serious Criminals
• More organized
• Possibly socially isolated
• Knowledgeable
 • Increasing use by Organized Crime
 Motivation
• Greed
• Revenge
• Ego
 Method
• Can strike from ANYWHERE
• Information only commodity that can be stolen without being taken!

TREND- New Millenium

 The new millennium has created big challenges to enforcement agencies whereby the modus of
operation (M.O) has become more sophisticated.
 Evolution of transnational crime in a globalize world:
- Crime committed through internet
- Cyber terrorism
- Money laundering
- Hacking skills being combined with criminal intent (Syndicates)
- Economic sabotage
 2005 – 13 cases investigated
–Web defacement
–Websites containing offering illegal activities & obscene materials
–Web blogs containing annoying comments
– Emails abuse
–Service, network hacking
Nature & Characteristics of Cyber Crime
 Anonymous
 Enormous range
 Occurs at high velocity
 Cross border
 Multi threats and impact – economic, social, religious, racial, terrorism
 Technology oriented
 Age group – 16 – 40 years old

THE EXTENT OF CRIMINAL ACTIVITIES ON CYBER CRIME

1. Downloading/ Distribution of child/ adult pornography
2. The spreading or incitement of hate propaganda/ seditious matters
3. Pyramid/ Book making schemes
4. On-line gambling/ betting.
5. Credit Card/ E-Commerce Fraud.
6. Advance fee fraud
7. Evasion of sales tax
8. Extortion and information theft/ warfare
9. Cyber attack of key industries/ installations
10.Hacking/ illegal intrusions
11. Spreading of viruses/ worms/ mailbombs, now botnets
12. Spamming.
13.Online money laundering

FUTURE CHALLENGES
 Hacking skills being combined with criminal intent (Syndicates) such as website sabotage/ database
‗kidnapping‘ or even cyber-terrorism. Eg. Botnets
 E-Banking Fraud, on a more wider and systematic scale. Attack on E-commerce websites.
 Telecommunication line theft.
 Criminals linked via networks, worldwide. Eg. Cryptography
 Wi-Fi implementation. Identification issue.
  3G (next 3.5G) digital telephone technology The wider and more rapid online distribution of illegal
material .
 Phone Viruses: Lasco.A, Cabir.H etc.

Challenges in Implementing Cyber Laws

• Great effort has been taken by the government to formulate and implement cyber laws to ensure
success of the MSC and to encourage and motivate the use of ICT and multimedia in various fields
• However, there are challenges that need to be addressed seriously and carefully for the
implementation of these laws
• Rapid Technology Changes

• Fundamental changes in nature and application of IT and multimedia are having far-reaching
implications on existing laws and the newly-enacted cyber laws

• The be consistently and constantly monitored and amended to ensure efficacy and
applicability

• The Ministry of Energy, Communication and Multimedia is undertaking a review of all

existing legislation

• Aligning the provisions of the Acts to the requirements of the ICT environment

• Creating Public Awareness

• Legislation and its enforcement should not be the primary weapon in combating cyber crimes
and abuses
• Increase awareness among users of the various types and extents of cyber crimes
• Educating on security measures
• Publicising legal implications of ICT-related activities
• Remove misconceptions
• Cross Border Challenges
• Borderless nature of offenders – vital for our law enforcers to foster close cooperation with
international organisations
• Efforts need to be intensified to ensure that enforcements officers are able to deal with cyber
crimes as routinely as commercial crimes

ISO-OSI layers
THE OSI REFERENCE MODEL• The model was developed by the International Organisation for Standardisation (ISO)
in 1984. It is now considered the primary Architectural model for inter-computer communications. •The Open
Systems Interconnection (OSI) reference model is adescriptive network scheme. It ensures greater compatibility and
interoperability between various types of network technologies. •The OSI model describes how information or data
makes its way from application programmes (such as spreadsheets) through a network medium (such as wire) to
another application programme located on another network. •The OSI reference model divides the problem of
moving information between computers over a network medium into SEVEN smaller and more manageable
problems .•This separation into smaller more manageable functions is known as layering.

The OSI Reference Model is composed of seven layers, each specifying particular network functions. •The process of
breaking up the functions or tasks of networking into layers reduces complexity. •Each layer provides a service to the
layer above it in the protocol specification.• Each layer communicates with the same layer’s software or hardware
on other computers. •The lower 4 layers (transport, network, data link and physical —Layers 4,3, 2, and 1) are
concerned with the flow of data from end to end through the network. •The upper four layers of the OSI model
(application, presentation and session—Layers 7, 6 and 5) are orientated more toward services to the applications.
•Data is Encapsulated with the necessary protocol information as it moves down the layers before network transit

LAYER 7: APPLICATION• The application layer is the OSI layer that is closest to the user. •It provides network
services to the user’s applications. •It differs from the other layers in that it does not provide services to any other
OSI layer, but rather, only to applications outside the OSI model. •Examples of such applications are spreadsheet
programs, word processing programs, and bank terminal programs. •The application layer establishes the availability
of intended communication partners, synchronizes and establishes agreement on procedures for error recovery and
control of data integrity.

LAYER 6: PRESENTATION• The presentation layer ensures that the information that the application layer of one
system sends out is readable by the application layer of another system.• If necessary, the presentation layer
translates between multiple data formats by using a common format. •Provides encryption and compression of
data. •Examples :- JPEG, MPEG, ASCII, EBCDIC, HTML.

LAYER 5: SESSION• The session layer defines how to start, control and end conversations (called sessions) between
applications. •This includes the control and management of multiple bi-directional messages using dialogue control.
•It also synchronizes dialogue between two hosts' presentation layers and manages their data exchange. •The
session layer offers provisions for efficient data transfer. •Examples :- SQL, ASP(AppleTalk Session Protocol).

LAYER 4: TRANSPORT• The transport layer regulates information flow to ensure end-to-end connectivity between
host applications reliably and accurately. •The transport layer segments data from the sending host's system and
reassembles the data into a data stream on the receiving host's system.• The boundary between the transport layer
and the session layer can be thought of as the boundary between application protocols and data-flow protocols.
Whereas the application, presentation, and session layers are concerned with application issues, the lower four
layers are concerned with data transport issues. •Layer 4 protocols include TCP (Transmission Control Protocol) and
UDP(User Datagram Protocol).

LAYER 3: NETWORK• Defines end-to-end delivery of packets. •Defines logical addressing so that any endpoint can
be identified. •Defines how routing works and how routes are learned so that the packets can be delivered. •The
network layer also defines how to fragment a packet into smaller packets to accommodate different media.
•Routers operate at Layer 3.•Examples :- IP, IPX, AppleTalk

LAYER 2: DATA LINK• The data link layer provides access to the networking media and physical transmission across
the media and this enables the data to locate its intended destination on a network. •The data link layer provides
reliable transit of data across a physical link by using the Media Access Control (MAC) addresses. •The data link layer
uses the MAC address to define a hardware or data link address in order for multiple stations to share the same
medium and still uniquely identify each other. •Concerned with network topology, network access, error
notification, ordered delivery of frames, and flow control. •Examples :- Ethernet, Frame Relay, FDDI.
LAYER 1: PHYSICAL• The physical layer deals with the physical characteristics of the transmission medium. •It
defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and
deactivating the physica llink between end systems .•Such characteristics as voltage levels, timing of voltage
changes, physical data rates, maximum transmission distances, physical connectors, and other similar attributes are
defined by physical layer specifications. •Examples :- EIA/TIA-232, RJ45, NRZ.

TCP/IP protocols
Protocols are sets of rules for message formats and procedures that allow machines and application
programs to exchange information. These rules must be followed by each machine involved in the
communication in order for the receiving host to be able to understand the message. The TCP/IP suite of
protocols can be understood in terms of layers (or levels).

This figure depicts the layers of the TCP/IP protocol. From the top they are, Application Layer, Transport
Layer, Network Layer, Network Interface Layer, and Hardware.

Figure 1. TCP/IP suite of protocols

TCP/IP carefully defines how information moves from sender to receiver. First, application programs send
messages or streams of data to one of the Internet Transport Layer Protocols, either the User Datagram
Protocol (UDP) or the Transmission Control Protocol (TCP). These protocols receive the data from the
application, divide it into smaller pieces called packets, add a destination address, and then pass the packets
along to the next protocol layer, the Internet Network layer.

IP defines how to address and route each packet to make sure it reaches the right destination. Each gateway
computer on the network checks this IP address to determine where to forward the message.

A subnet mask tells a computer, or other network device, what portion of the IP address is used to represent
the network and what part is used to represent hosts, or other computers, on the network.

Network address translation (NAT) is the virtualization of IP addresses. NAT helps improve security and
decrease the number of IP addresses an organization needs.

Common TCP/IP protocols include the following:

 Hypertext Transfer Protocol (HTTP) handles the communication between a web server and a web
browser.

 HTTP Secure handles secure communication between a web server and a web browser.

 File Transfer Protocol handles transmission of files between computers.

How does TCP/IP work?
TCP/IP uses the client-server model of communication in which a user or machine (a client) is provided a
service, like sending a webpage, by another computer (a server) in the network.

Collectively, the TCP/IP suite of protocols is classified as stateless, which means each client request is
considered new because it is unrelated to previous requests. Being stateless frees up network paths so they
can be used continuously.

The transport layer itself, however, is stateful. It transmits a single message, and its connection remains in
place until all the packets in a message have been received and reassembled at the destination.

The TCP/IP model differs slightly from the seven-layer Open Systems Interconnection (OSI) networking
model designed after it. The OSI reference model defines how applications can communicate over a
network.

TCP/IP is highly scalable and, as a routable protocol, can determine the most efficient path through the
network. It is widely used in current internet architecture.

The 4 layers of the TCP/IP model

TCP/IP functionality is divided into four layers, each of which includes specific protocols:

1. The application layer provides applications with standardized data exchange. Its protocols include
HTTP, FTP, Post Office Protocol 3, Simple Mail Transfer Protocol and Simple Network Management
Protocol. At the application layer, the payload is the actual application data.

2. The transport layer is responsible for maintaining end-to-end communications across the network.
TCP handles communications between hosts and provides flow control, multiplexing and reliability. The
transport protocols include TCP and User Datagram Protocol, which is sometimes used instead of TCP
for special purposes.

3. The network layer, also called the internet layer, deals with packets and connects independent
networks to transport the packets across network boundaries. The network layer protocols are IP and
Internet Control Message Protocol, which is used for error reporting.

4. The physical layer, also known as the network interface layer or data link layer, consists of
protocols that operate only on a link -- the network component that interconnects nodes or hosts in the
network. The protocols in this lowest layer include Ethernet for local area networks and Address
Resolution Protocol.
Uses of TCP/IP
TCP/IP can be used to provide remote login over the network for interactive file transfer to deliver email, to
deliver webpages over the network and to remotely access a server host's file system. Most broadly, it is
used to represent how information changes form as it travels over a network from the concrete physical layer
to the abstract application layer. It details the basic protocols, or methods of communication, at each layer as
information passes through.

Pros and cons of TCP/IP

The advantages of using the TCP/IP model include the following:

 helps establish a connection between different types of computers;

 works independently of the OS;

 supports many routing protocols;

 uses client-server architecture that is highly scalable;

 can be operated independently;

 supports several routing protocols; and

 is lightweight and doesn't place unnecessary strain on a network or computer.

The disadvantages of TCP/IP include the following:

 is complicated to set up and manage;

 transport layer does not guarantee delivery of packets;

 is not easy to replace protocols in TCP/IP;

 does not clearly separate the concepts of services, interfaces and protocols, so it is not suitable for
describing new technologies in new networks; and

 is especially vulnerable to a synchronization attack, which is a type of denial-of-service attack in

which a bad actor uses TCP/IP.