Adobe Systems Computer network user - course materials 1 Computer network user Klimeš Daniel, Šmíd Roman, Krejčí Jan Adobe Systems Computer network user - course materials 2 Organisation of the course Conditions for credit §Registration in is.muni.cz § §Learning this material § §Passing the electronic test Adobe Systems Computer network user - course materials 3 Course outline §Network connection §Connection options, what is needed, comparison §Network services §HTTP, FTP, DHCP, DNS, E-mail, remote access §Network security §Passwords and Explorer in general, Firewall, email, spyware, phishing §Mobile devices §Encryption and electronic signature §Czech E-government (optional) §Electronic health care in the Czech Republic ̶ ̶ ̶ ̶ Adobe Systems Computer network user - course materials 4 Network connection Adobe Systems Computer network user - course materials 5 Data and its volume ̶How to express information ̶1 bit (b) - basic information unit 1/0 ̶1 Byte (B) - 8 bits, integer from 0 to 255, ̶1 text character (ASCII), e.g. "A" = 65 ̶1 Kb = 1024 bits ̶1 KB = 1024 Bytes Adobe Systems Computer network user - course materials 6 Computer network §Connecting two or more computers §Network elements are part of the network §Computer (device) with network card, modem, wifi adapter §Cabling (metallic, optical) §Hubs, routers and switches, wifirouters, antennas §Devices providing network services, network printers... §The quality of a network, or a particular path in a network, can be assessed by §Network throughput (speeds) - (K/M/G) bits per second (b/s) §Response speeds (milliseconds) - ping Adobe Systems Computer network user - course materials 7 Connecting local networks ̶ Routers / routers Internet Intranet Switch Adobe Systems Computer network user - course materials 8 Identifying PCs on the network ̶Network card identification Worldwide "unique" MAC address (physical address) 00-0A-E4-C0-36-81 ̶IP address (similar to an ID number or phone number) Globally "unique" 147.251.147.76 ̶Internet name (similar to a postal address) - URL Worldwide unique www. iba.muni.cz Adobe Systems Computer network user - course materials 9 IP address IPv4 x IPv6 ̶IPv4: 32b = 232 IP address => approx. 4 * 109 address ̶IPv6: phased in 128b => 3.4 * 1038 addresses ̶ Same computer transferred to another network usually has a different IP address! Adobe Systems Computer network user - course materials 10 IP address ̶Fixed x dynamic IP address ̶Public x non-public IP address ̶ ̶Non-public IP is not globally unique - only within the local subnet ̶Non-public addresses do not have an associated Internet name ̶Dynamic + non-public IP - typical service consumer ̶Fixed + public IP - typical service provider ̶ ̶ http://www.ip-adress.com/ cmd - ipconfig ̶ Adobe Systems https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcRJu0CWWj_8t344La6nhfc8vAnBOw09NSUtMmfPJmEQYR6 UTCF2 Computer network user - course materials 11 Non-public IP addresses 192.168.*.* ̶ WIFI-router Internet Modem https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcRw8_fdfgzHaNwoURTteSWbVzvFjbD-Kz_eiru8imAAbGR rQBCMIg https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcRh8xgW9w1-tpzx5oUcqjv82ogoRIMvp43TrqY5aMbMtFj DJyZdtg 1 public IP 147.251.26.1 + 1 non-public IP 192.168.1.1 Non-public IP 192.168.1.2 Non-public IP 192.168.1.3 Non-public IP 192.168.1.4 Adobe Systems Computer network user - course materials 12 Physical connection of the PC to the network §Cable TV §Modem, metallic network x optical network § §Telephone line §xDSL modem § §Mobile connection §LTE modem or mobile phone § §Wireless - WiFi §Special equipment/card, antenna Adobe Systems Computer network user - course materials 13 Cable TV §In places where cable TV is available §Speed up to 500 Mbps §Metallic x optical connection §Metallic has significantly worse upload §Special modem §Main providers §http://www.vodafone.cz §http://www.netbox.cz §http://www.selfnet.cz §http://rychlost.cz/pripojeni-internetu/kabelova-tv/ § Adobe Systems Computer network user - course materials 14 Telephone line •ADSL ( up to 16 Mbps) •VDSL (up to 100 Mbps) –Offered within 1.3 km of the exchange • •Each type requires a specific modem Adobe Systems Computer network user - course materials 15 WiFi-connection ̶Outdoor/indoor ̶Commercial/community networks ̶Speed up to 54 Mbps ̶Special affordable equipment ̶Risk of interference, eavesdropping, unauthorised connection ̶Access point /Access point/ hot spot ̶http://www.internetprovsechny.cz/wifi/ ̶https://it.muni.cz/sluzby/wifi ̶Eduroam Adobe Systems Computer network user - course materials 16 Mobile connection ̶GPRS ( up to 128 kbps) ̶2G - EDGE ( up to 512 kbps) ̶3G - UMTS/HSDPA (1024 kbps and more) ̶4G - LTE (80 Mbps or more) ̶More coverage than 3G ̶Newer smartphones and modems Adobe Systems Computer network user - course materials 17 GSM connection speed ̶Many terms and abbreviations - GPRS, EDGE, UMTS, HSPA, HSPA+, HSDPA, HSUPA, WCDMA, 3G, 4G, LTE.... http://tasel.files.wordpress.com/2012/03/all-networks.png Source: tasel.wordpress.com Adobe Systems Computer network user - course materials 18 LTE coverage ̶ Great dynamics ̶ Provider websites or ̶ http://lte.ctu.cz/pokryti/ ̶ For all operators ̶LTE bands • LTE-800 = basic for the Czech Republic Adobe Systems Computer network user - course materials 19 Choosing an internet connection ̶Method of use - fixed PC x notebook ̶Availability in given locations, coverage ̶Speed, usually in Mbps ̶symmetric x asymmetric (download, upload) ̶(e.g.: 20/2 Mbps) ̶Actual speed verified in practice ̶Fair user policy (FUP) - speed limitation after transferring a certain amount of data ̶Aggregation (e.g.: 1:32) - (ADSL, wireless) The actual speed between two computers can be measured indicatively using speedmeters E.g.: http://nastroje.lupa.cz/mereni-rychlosti/, www.dsl.cz ̶ ̶ Adobe Systems Computer network user - course materials 20 Intercommunication of computers in the network ̶ Client - Server model CLIENT SERVER Request Answer BD06790_ USER § Computer § Program § Computer § Program = SERVICE What client do you use for the service? Who, who, what he wants For whom, from whom Adobe Systems Computer network user - course materials 21 Network services Hello, welcome to the continuation of the course "Computer Network User". In this video we will talk about "Network Services". Adobe Systems Computer network user - course materials 22 Network services §A network service is a service provided to users over a computer network § §The main ones are DHCP, DNS, HTTP, FTP, SSH, POP3, IMAP, SMTP, ... § §Typically one server provides multiple services § §The server is identified by its IP address (phone number), the service by its number called port § §The complete service address is always the server IP address + port number § §Each service has a defined standard port, e.g. HTTP has port 80, SSH has port 22, ... ̶ A network service is a service provided to users over the Internet, or computer networks in general. These services are provided by computer programs, usually running on a server. As we discussed in the previous topic, a server is some computer on a network that is identified by a unique IP address (in real life, you can think of it as identifying a telephone set by a telephone number). Such a server can of course provide multiple services, so the different services are differentiated within the server by a so-called port - the port is a number identifying the service (this can be thought of as a telephone flap). Each such provided service has a standard port defined so that their use is compatible within the network. Users can use many services in this way, some are used by the user on purpose, some are used in the background without the user's knowledge. Some of the most well-known are HTTP for web browsing, IMAP for remote mail reading, and so on. In the following slides, we'll take a closer look at some of these. Adobe Systems Computer network user - course materials 23 DNS service (name resolution) §Translating Internet names to IP addresses §Not every IP address has a defined Internet name §The translation is performed by DNS servers that maintain a list of known Internet names and query other DNS servers for unknown names §Internet names cannot be used without the availability of this service, only IP addresses §For example: med.muni.cz => 147.251.128.10 The DNS service, or name resolution service in English, is a service we use every day without perhaps realizing it. As we said earlier, each server is identified on the network by its IP address. However, in order not to have to remember complex IP addresses, but only simple names such as seznam.cz or muni.cz, the DNS service is used for this purpose. This service translates this easy-to-remember name into an IP address. If this service didn't exist, we would have to remember a plethora of IP addresses, but also the servers would have to own multiple IP addresses if they provided more content. Thanks to the DNS service now, a server can distinguish between these requests by the name of the site and can provide content for multiple websites or services in general. Thus, a server can have multiple Internet names. But it may also not have any. For example, for the website of the Faculty of Medicine of Masaryk University, just remember MED.MUNI.CZ, thanks to DNS translation we will automatically connect to the IP address 147.251.128.10. Adobe Systems Computer network user - course materials 24 DHCP service (IP address allocation) §Automatically configure your computer's network connection on your local network § §The DHCP protocol sets all the parameters necessary to connect the PC to the network, in particular §IP address of the PC (147.251.140.250) §Netmask (255.255.255.0) §Gateway IP address (147.251.147.1) §DNS server IP address (147.251.26.1) §Computer connections (network cards = MAC addresses) can be enabled/disabled by the network administrator ̶ ̶ Another service is DHCP. This is a protocol that automatically sets all the necessary network parameters (i.e. IP address, mask, default gateway and DNS server) to a given device the moment it connects to the computer network. This is a simple and user-friendly way to configure the network on the device, it actually happens automatically and there is no need to remember and configure any settings. Most of us also use this service without realising it. For example, whenever you connect to home wifi at home, your mobile or laptop is configured automatically, you don't really care, you're connected right away. Adobe Systems Computer network user - course materials 25 HTTP and HTTPS protocols (web pages) §Web page transfer protocol § §HTTP §transmits data in readable form §Port 80 § §HTTPS §communication between client and server is encrypted §data is unreadable during transmission §HTTPS has its own port 443 § §Nowadays most sites are already HTTPS §Browsers automatically warn the user when unencrypted HTTP is being used § Unencrypted transmission using HTTP Encrypted transmission using HTTPS Another, more familiar protocol is the HTTP protocol. This protocol is the basis for the functioning of WWW pages, i.e. web browsing as we know it. This protocol currently exists in two side-by-side variants. Both are based on the older HTTP protocol and its younger counterpart HTTPS, which extended the original protocol by encrypting the transmitted content with a certificate. The original protocol transmitted data in an open form, so in theory anyone who had access to it during transmission could read it at will. However, this was inappropriate for the transmission of confidential information such as passwords or bank details, so the protocol was extended to include the ability to encrypt the transmitted content using a certificate. Nowadays, the vast majority of websites are already run with the secure HTTPS protocol. The user can recognize this in the browser by the label or the colored icon next to the entered address. Adobe Systems Computer network user - course materials 26 HTTP(S) websites CLIENT SERVER Page request Reply with the requested page Browsers: §Microsoft EDGE §Mozilla Firefox §Google Chrome §Apple Safari Servers: §IIS §Apache § Ports: §80 (HTTP) §443 (HTTPS) Počítač Programátor In case of HTTPS encrypted The HTTP protocol is a protocol that uses a client request and server response system. In practice, when browsing web pages, it works by the user entering an address into the browser, sending a request from the client to the server (for example, show me the front page of a search engine list), the server processes the request and sends back to the user the content of the front page of the requested portal as a response. At the client, the browser processes and displays it. The encrypted version of HTTPS follows a very similar process, but the content is encrypted "as-is" using a certificate. Adobe Systems Computer network user - course materials 27 Cookies - what they are for §Small files stored on your computer §Tied to a specific server §The browser sends them with a request to the server §The server creates/modifies them, sends them to the browser §The server "remembers" you §Privacy Campaign §Risk of connection takeover after you log in to the open WIFI service, if the connection is not encrypted § § Cookies are an integral part of browsing websites. This refers to a small amount of data that the web server sends to the user's browser to be stored there for later use. Each time you visit the same server again, the browser then sends this data back to the server, which is why some websites may pretend to remember you or your settings. Cookies are commonly used to differentiate between users, store user preferences, collect statistics and so on. Their content is some specific value tied to a particular website. Adobe Systems Computer network user - course materials 28 Cookies - how to remove them §MS Edge §Settings -> Clear browsing data § §Mozilla Firefox §Options menu -> Privacy -> Remove cookies §Google Chrome §Settings -> Privacy -> Delete browsing data § §Apple Safari §Settings -> Safari -> Advanced -> Site Data -> Delete all site data § As such, cookies make life easier for the user (and therefore for the creators of the website), but it is not always desirable to store such information.Therefore, every web browser contains the option not only to view these cookies, but of course to delete them. Here you can see the procedures for the most commonly used web browsers. Adobe Systems Computer network user - course materials 29 Email services §Mailbox = files primarily located on the mail server § §Mail servers communicate with each other - they forward mails § §Email programs versus email via web interface § §Mail reading services (POP3 and IMAP) § §Service for sending mail (SMTP) § § The penultimate service is email services. Electronic mail, or e-mail, is the most widely used method of electronic communication, and everyone of us encounters it on an almost daily basis. Email communication works similarly to HTTP, i.e. by passing some data between servers. We'll take a look at how these servers communicate with each other, what services they use to do so, and what options they have for reading their mail in the following slides. Adobe Systems Computer network user - course materials 30 IMAP protocol IMAP and POP3 services (receiving mail) POP3 protocol §Sends email headers only § §The content of the email will be sent upon request § §All email folders are on the server § §Convenient when reading mail from multiple computers § §Sends all new whole emails § §Removes them from the server § §Sorting emails into folders on the local computer § §Suitable for offline reading § § IMAP and POP3 protocols are used to read mail on a mail server using a mail client IMAP and POP3 services are used to read mail on a remote mail server when using a local mail client. Both of these protocols allow the user to read mail, but each in a different way: - The POP3 protocol, which is older by the way, was widely used in the days of dial-up or slow Internet connections. This is because it works by automatically downloading new emails from the server to the client and deleting them one by one on the server. The disadvantage is that they then only exist on that computer, so they are not available online from anywhere, but in turn are available on that device even without an internet connection. - In contrast, IMAP automatically downloads only the headers, the user then chooses which emails he wants to download to his client, but these emails are then only copied, nothing is deleted from the server. The advantage is that the mail can be stored on the client, but it is still available on the server. It can then be read from several different devices, or you can use the web interface and the local client at the same time. Adobe Systems Computer network user - course materials 31 Email via local client CLIENT SERVER - local Outlook, Thunderbird, Mail POP3, IMAP, SMTP services Počítač Programátor Email via web interface SERVER - foreign Web browser HTTP Service Počítač Počítač Programátor SERVER - foreign POP3, IMAP, SMTP services Počítač IMAP, POP3, SMTP client As mentioned on the previous slide, mail can be read on the server via the local email client, but also using the web interface. The following slide shows the different paths that the mail travels. Note that in the case of using the web interface, another server enters the schema, providing a web interface for the user, but also acting as a mail client and reading the mail content from another dedicated server. Adobe Systems Computer network user - course materials 32 SMTP service (sending mail) §SMTP is a service for sending email, especially when using email clients CLIENT SERVER Email to send Answer: accepted/not accepted Clients: §MS Post 10 §MS Outlook §Mozilla Thunderbird §Apple Mail SMTP service Počítač Programátor User login with name and password Send to email to the server recipient SMTP is a protocol used to send email, especially when using local email clients. This means that the user writes an email in any email client, when the "send" button is pressed, the client connects to the SMTP server of the email provider (i.e. where the client has an email box) using the name and password, the server processes the email and sends a confirmation of receipt to the user's client or returns an error code if the email is not processed. However, if the email is successfully processed by the server, it is then sent by the server (without the participation of the client) to the recipient's mail server. Adobe Systems Computer network user - course materials 33 Virtual private network (VPN) service §The service simulates the connection of a remote computer to the local network §"Tunnel" to the remote network §The remote computer is assigned a local IP address §The remote PC then becomes "almost" a full-fledged part of the internal network §Used for remote access to work, for example in HO §It is always necessary to install some client software §Nowadays, PCs with Windows, MacOS and Linux are mostly supported, but also mobile devices with Google Android or iOS. § A VPN service is used to remotely access a computer network from somewhere outside. The computer is assigned a local network address, and the computer therefore pretends to be part of that network. All you need is some software and access data. Such remote access is then useful, for example, when working from home or when accessing services on an internal computer network. Adobe Systems Computer network user - course materials 34 VPN service for MU students and employees §The MUNI VPN provides staff and students with access to the university network from home, abroad or another university. § §To log in, you need to know the User ID + secondary password § §This allows students and staff to use services that are only available from the university network, even if they are not currently on the network. By connecting to the VPN, you get a public address from the MU range, for example: §access to MU's paid information resources: http://ezdroje.muni.cz/prehled/abecedne.php?lang=cs §Access to paid university licenses: https://it.muni.cz/sluzby/software §access to services available only from the MU network (e.g. specialised equipment and devices) § §For more information visit: http://vpn.muni.cz/ (OpenVPN) § § § In the real world, as employees or students of Masaryk University, you can meet the MUNI VPN. This is used to connect remotely to the university network, but mainly to draw on the university's electronic services, such as software licences, electronic resources and specialised equipment or computing and storage capacity. It is available to every student or employee of the university and to use it, you need to install the OpenVPN program from the VPN.MUNI.CZ website and know your UČO and secondary password. Adobe Systems Computer network user - course materials 35 Network services Hello, welcome to the continuation of the course "Computer Network User". In this video we will talk about "Network Services". Adobe Systems Computer network user - course materials 36 IT security policies See file Network security.pptx Adobe Systems Computer network user - course materials 37 Encryption and electronic signature Adobe Systems Computer network user - course materials 38 Encryption §Changing the form (encoding) of text and data into a form that is unreadable without knowledge of the decryption key (password) § §You can encrypt e.g. §Documents (7zip, winrar - symmetrically) §Emails (email client support, recipient public key) §Network communication (https, sftp, imaps, ssh) §Disks (truecrypt, realcrypt, bitlocker) § §Confidentiality of communications and documents Adobe Systems Computer network user - course materials 39 Types of encryption §Symmetric encryption §Simpler form, a single key is used for encryption and decryption - the password §Asymmetric encryption §The key has two parts, private and public Adobe Systems Computer network user - course materials 40 Asymmetric encryption The key has two parts, private and public §If someone wants to send me encrypted information, they encrypt it using the public part of the recipient's key. § §The only one who can decrypt this data is the owner of the private part of the key, i.e. me § Adobe Systems Computer network user - course materials 41 Electronic signature §Uses elements of asymmetric encryption §If I want to digitally sign some text, I just need to use the private part of the key for signing (done by email client, PDF editor) §Anyone who knows the public part of my key (it is sent automatically with the signed email) can then digitally sign the text §Read more §Verify that I am the author/submitter §To verify that the text has not been tampered with §Signed email/document is not encrypted!! §You don't have to "calculate" or remember anything, an email client or other application (pdf reader) will do the job §In its basic form, it is not intended for signing archival documents with long-term validity § § § § § Adobe Systems Computer network user - course materials 42 Calculating hash ABCD12345 ABABD111 Private key encryption attached to a document ABABD111 Electronic signature Adobe Systems The document itself ABCD12345 HASH calculation Public key signature decryption ABABD111 ABCD12345 = ? Signature verification Computer network user - course materials 43 Adobe Systems Computer network user - course materials 44 Physical = computer file from the certification authority •Issued by a certification authority •Limited certificate validity (usually 1 year) Contains ̶Subject data (user, server) Name E-mail address Other identification data ̶Subject public key ̶ The separate component is the corresponding private key ̶ Can be revoked (revoked) if the private key is disclosed Qualified x commercial certificate Digital certificate Adobe Systems Computer network user - course materials 45 Act No. 297/2016 Coll., the Act on trust services for electronic transactions Qualified certificate ̶Issued by a qualified trust service provider ̶https://www.mvcr.cz/clanek/seznam-kvalifikovanych-poskytovatelu-sluzeb-vytvarejicich-duveru-a-posk ytovanych-kvalifikovanych-sluzeb-vytvarejicich-duveru.aspx •Czech Post (PostSignum) •First Certification Authority, a. s. •eIdentity a. s. Qualified x commercial certificate Adobe Systems Computer network user - course materials 46 Issued by so-called certification authorities (e.g. Czech Post) 1.Login to the web (or download the off-line) application 2.Self-generated and saved key pair with password 3.Completing the application 4.Visit a branch with an application, verify data 5.Inclusion of the public part of the key by the CA in the list of authenticated keys 6.Receiving a signed certificate with a public key and identification ̶ Can be easily integrated into used email applications in the form of a certificate = guaranteed digital (electronic) signature At MU, you can obtain a free personal digital certificate for users at http://pki.cesnet.cz/cs/tcs-personal.html Digital certificate - how to get it practically Adobe Systems Computer network user - course materials 47 electronic signature (FO) - expresses consent electronic seal (PO) a.Qualified Electronic Signature (QES): ̶Must be based on a qualified certificate for electronic signature ̶It must be created using a qualified (secure) electronic signature creation device (smart card and USB token = QSCD (from: Qualified Signature Creation Device). b.a guaranteed electronic signature based on a qualified certificate ̶Must be based on a qualified certificate ̶A qualified device (certified smart card/token) is not required. c.Advanced Electronic Signature (AdES) ̶No specific certificate requirements Recognized electronic signature = common designation for a. and b. Electronic signature and eIDAS Adobe Systems Computer network user - course materials 48 Electronic time stamp §Evidence that the document existed in the relevant form at the time. §Combined with electronic signature §"Extend" the validity of the e-signature §Limited validity, but longer than e-signature §Simple and qualified stamp Adobe Systems Computer network user - course materials 49 Electronic signatures in practice Application behaviour §When programs tell us that a particular signature is valid, we have to find out for ourselves whether it is a recognized signature or a commercial certificate signature. §Conversely, if they tell us that they can't verify the validity of the signature (i.e. the validity of the signature is unknown), it may just be because the certificate is not in the right place in the trusted certificate store. §Applications often do not verify certificate revocation §The email signature does not include the subject line or the sender's address §The sender's email is not verified to match the email in the certificate § Adobe Systems 1)Bob signs the message to Alice with his private key 2) 2) The email is encrypted with Alice's public key 3) 3) 3) 3) 3) 3) 3) Alice decrypts the message with her private key 4) 4) She'll verify Bob's signature with his public key Computer network user - course materials 50 Encrypted email Adobe Systems Computer network user - course materials 51 1) Something unique I know Remote Person Authentication 2) I have something unique Level of assurance •Low •Considerable •High ... or how to remotely prove it's me Means of proving identity Adobe Systems Computer network user - course materials 52 Security level of proof of electronic identity Means by level of trust: Low - e.g.: login + password Substantional - two-factor authentication = SMS confirmation, OTP = One Time Password High (chip card, electronic ID card) Adobe Systems Computer network user - course materials 53 Means of proving identity ØPasswords ØTokens ØCards ØBiometrics ØMobile phones •B) According to the NIA concept of "Identity provider" Identity resource provider The issuance of these resources and the actual authentication of access is handled by •A) Target service provider Adobe Systems Computer network user - course materials 54 Identity resource provider ØState ØElectronic ID card from 1 July 2018 ØPassword + one-time SMS code ØPrivate provider ØRunning certification ØBanking Identity Adobe Systems Computer network user - course materials 55 Where electronic signatures can be used §when submitting a statement of income and expenses for self-employed persons §for registration and deregistration for sickness insurance §for VAT returns §in electronic communication with the state administration §electronic communication with regional and municipal authorities §electronic communication with health insurance companies §when applying for social benefits §when applying for EU funding §when signing invoices §as an electronic signature of PDF documents Source: en.wikipedia.org Adobe Systems Computer network user - course materials 56 Czech E-government Optional chapter for international students Adobe Systems Computer network user - course materials 57 Czech E-government §Data boxes §Basic registers §Electronic ID card §Citizen Portal Adobe Systems Computer network user - course materials 58 Data boxes §It can be used for the same purpose as an electronic signature in communication with the state administration §Setting up and communicating with the state administration free of charge §Not limited validity as for certificates §Retains documents for 90 days only §Works like a "web email", instead of an email address there is a mailbox code §Communication outside the public authorities is subject to a fee §Set up at the post office, simple form and OP Adobe Systems Computer network user - course materials 59 Basic registers §ROB - population register §Linked to the population and foreigners register §Restricted access § §ROS - register of persons (business) § §RUIAN - Register of Territorial Identification, Addresses and Real Estate § §Birth number x AIFO (agenda identifier of a physical person) §Different citizen identification in different agendas § Adobe Systems Computer network user - course materials 60 Electronic ID card §Issued from 1.7. 2018 §Contact technology §Allows you to log in to electronic government services §Activation required at the office §Allows you to upload a signing certificate §You need a card reader (laptop or external) §Access codes (PIN) §BOK, IOK, DOCK, PIN, PUK, QPIN Adobe Systems Computer network user - course materials 61 Citizen Portal §https://obcan.portal.gov.cz §Login via eOP or data box §Gradual rollout of services §Overview of documents §e-Prescription Adobe Systems Computer network user - course materials 62 Electronic health care Adobe Systems Computer network user - course materials 63 National register of health professionals §According to Act 372/2011 Coll. §Medical and non-medical staff §The record is created automatically by the educator after the completion of education §Basic field, specialization, certification courses §Registration of employees by the employer (health service provider) §Employee = looks up, adds contact details, takes a printout §Provider - obligation to register employed healthcare workers Adobe Systems Computer network user - course materials 64 E-prescription §Central recipe repository §Identification of patients against ROB is ongoing (not necessary) §Around 5 million e-prescriptions per month §Server certificate (for the provider = for the ID) §Recognised electronic signature (doctor) §Login and password of the doctor, pharmacist §https://www.epreskripce.cz/ Adobe Systems Computer network user - course materials 65 Clinical data exchange in the Czech Republic Types of communication §Between information systems within the facility §Between health facilities (HF) §Image data §PACS, DICOM , §ePACS (http://www.epacs.cz/) §ReDiMed (https://www.medimed.cz/redimed) §Clinical data §eMeDOcS , MEDICAL NET (CGM), MISE (STAPRO), E-message §Between health insurance companies and insurance companies §K-Benefits §Health insurance portals (commercial certificates) Adobe Systems Computer network user - course materials 66 International data exchange §Patient summary §ePrescription and eDispensation §https://www.nixzd.cz/ Adobe Systems Computer network user - course materials 67 Data structure (1/2) §Laboratory data §NČLP - National codebook of laboratory items §Division: system (blood), component (ERY), quantity (number), unit, procedure (FLOWCYT) §Medicines §SÚKL code - corresponds to the code in the VZP codebook §7-digit number §Specific product §0046224 - Panadol - POR TBL FLM 24X500MG §http://www.sukl.cz/modules/medication/search.php §ATC classification §Active ingredient §Anatomical-therapeutic-chemical groups §Hierarchical code layout §N02BE01 - Paracetamol (N Nervous system) §L01BC02 - Fluorouracil (L Cytostatics and immunomodulatory drugs) §www.whocc.no, http://www.sukl.cz/modules/medication/atc_tree.php ̶ Adobe Systems Computer network user - course materials 68 Data structure (2/2) §Healthcare payers §Standard VZP (K Benefits) §Methodology for the acquisition and transmission of VZP ČR documents §www.vzp.cz - Providers §Dialers §Performance dial §HVLP - mass-produced medicinal products §Medical devices §ICD-10 - International Classification of Diseases version 10 ̶ Adobe Systems Computer network user - course materials 69 MKN 10 §Czech translation of ICD - 10 §International Statistical Classification of Diseases and Related Health Problems §Approximately 14 thousand items §Hierarchical code structure §Xnnnn, Xnn - disease §A, B - Infectious diseases §C - malignant tumours §C50 breast cancer §C502 breast cancer - upper inner quadrant of the breast §Web: https://mkn10.uzis.cz § Adobe Systems Computer network user - course materials 70 Classification in oncology §MKN classification - O §Currently version 3 §Translation of the International Classification of Diseases (ICD) - O §Morphological code §M - 8140/ 3 1 § histology/behavior (grade) §Topographic code §C50.2 Upper inner quadrant of the breast §TNM classification §Extent of cancer §T - size of the tumour itself (T1 to T4) §N - involvement of adjacent lymph nodes (N0 - N3) §M - metastatic involvement (M0/M1) Adobe Systems Computer network user - course materials 71 HL7 §Health level 7 §Worldwide distribution §Centre in the USA §www.hl7.org §Branches in individual countries §www.hl7.cz §"Factory" for communication standards in healthcare §Limited distribution in the Czech Republic Adobe Systems Computer network user - course materials 72 CDA Clinical document architecture §HL7 application §Formalized clinical document (medical reports) §3 levels of formalisation §Formalized header + unstructured text §Header + split text into blocks §Fully structured machine-processable content §CDA templates prepared for specific documents §Applied e.g. in Austria, Poland Adobe Systems Computer network user - course materials 73 SNOMED §Clinical terminology §Managed by the International Health Terminology Standards Development Organisation (IHTSDO) §Not only the terms, but especially the links §Multi-axial arrangement §Basic unit = concept §Basic structure §Concept (Concept) §Description §FSN - Fully Specified Name §Preferred Term §Synonyms §Bonds (Relationship) Adobe Systems Computer network user - course materials 74 SNOMED §Approximately 400 thousand concepts §19 root concepts §Observable entity (questions) §Clinical finding (answers) §Procedure §Body structure §Organism §Substance §Pharmaceutical products §Physical force §Physical object §.. §Concept name ("semantic tag") §Fracture of foot (disorder) Adobe Systems Computer network user - course materials 75 Test §In IS: §Student -> select subject UPS -> Answering machines §Select "UPS test english version" -> "I want to build the first set of questions" §At the end "Save and evaluate" § §Answered by §20 questions §60 minutes - Cannot be interrupted §5 attempts to carry out the evaluation §For some there are more than one correct answer (each for a point) §Deduction of points for incorrect answers §The minimum to qualify is 15 points Adobe Systems