Integrating security in every application is a challenge. Implementing and integrating security services like authentication, identification, authorization and encryption add a large degree of complexity to the applications that may either threaten the usability of the security functions or, even worse, lead to careless implementation of those security functions by the system architects and developers. In either cases the security of the data and privacy of the user using the application is at risk and can be compromised. Based on the prototypes developed in the SecLab of The Royal Institute of Technology and as a proof of concept, we develop a mobile medical application without considering security in the first step, to speed up the development process. In parallel, we extended the SecLab’s prototype with the Mobile Identity function as a prerequisite of the next steps.
Then using the already carefully implemented security functions and services of the SecLab’s Secure Mobile Application and the powerful interapplication communication functions of the Android Operating System, and based on the Trusted Stack Model and the Secure Mobile Service-Oriented Architecture, we combined our mobile medical application along with the supporting online services into the available infrastructure and use the security services provided by it. By this method, first, we decrease the complexity of the development of the mobile medical application; and second, we ensure that security of the data and users of the mobile medical application will not be compromised by using the security services that the Mobile Medical Application provides for the mobile environment; and third, we introduce a layer of abstraction above the security services that SecLab’s prototype provides, so that other mobile applications can use security services it provides without implementing those functions from scratch.