Signex

1
Signex

• A Smartcard Application Framework
• Signex Overview Healthcare

2
Contents

• Business drivers
• Signex overview
• Signex components
• Scheme operation
• Card issuance
• Signex benefits
• Questions

3
Business drivers

• The changing healthcare environment
• Positive staff identification
• Information and physical security
• Insurance and coverage issues
• Government regulations
• Hospital and healthcare consolidation
• Growth in internet remote access
• Maximise investment in IT technologies

4
Business drivers

• The changing healthcare environment
• Pressure to improve patient medical record
  security
• Overall number of hospitals is decreasing
• Pressure on managers to control operating expense
• Job burnout - excessive working hours
• Lack of sufficient, skilled labour

5
Signex overview

• Signex is a Smart Card middleware
• A single application which securely controls the
  data of many individual virtual applications
• ID plus a database on a smart card
• A set of tools and applications for supporting
  the development, deployment and use of card
  schemes
• Healthcare, ID, access control, general data
  storage,

6
Signex overview

• Provides secure on and/or off card data storage
• Holds ID plus data, variable or fixed
• Controls data access (retrieval, update and
  deletion) subject to business rules
• Provides data synchronisation
• Provides cardholder/entity authentication
• Provides utilities and systems required for
• Data retrieval
• Data deletion
• Data update
• Data verification and validation.

7
Signex the scheme

• Roles
• Cardholders (many per scheme) e.g. Patient
• Entities in possession of a Signex card
• Domain membership e.g. Doctor
• Issuer (one or many per scheme) e.g. Department
  of Health
• Organisation responsible for the distribution of
  Signex cards
• Originator (one or many per scheme) e.g. Hospital
  Authority
• Organisation authorised to load data items onto
  Signex cards
• Scheme Controller (one per scheme) e.g.
  Department of Health
• Organisation responsible for authorising Issuers
  and Originators.
• An organisation may assume one or more roles

8
Signex components

• 3 tier architecture comprising
• Smart Card application
• MULTOSTM
• Java CardTM
• Client component
• Server component
• Card Issuance system
• Signex CA (Certificate Authority)

9
Smart Card application

• Compatible with MULTOS and Java Card
• Application personalised with
• Unique application instance identifier
• Asymmetric signing key pair (plus certificate)
• Default PINs
• Authenticated and Privileged modes
• Issuer Id
• Secure storage of data items
• Access control
• Authorised loading of data items
• Domains

10
Client component

• Signex client
• Terminal component
• Provides Signex services to co-resident
  applications e.g. fingerprint matching algorithm
• Hides smart cards details from business
  developers
• An interface to the User and Operator smart cards
• An interfaces with Signex server

11
Server component

• Signex server provides
• Delivery of data items onto Signex cards
• Verification of smart card data
• Using URL of server stored as data item attribute
• Authorised publication of non-card resident data
  e.g.
• Patient records
• Insurance details
• Network connection history

Legacy System
Signex Server
Signex client
12
Card Issuance system

• Signex Device Manufacturing System (SDMS)
• Creates Signex ALUs/applets for loading onto
  smart cards
• Optionally embeds data items in applications
• ALUs/Applets loaded at card personalisation
  bureau
• Integrates with Datacard data capture and card
  personalisation systems

Signex CA
Legacy System
SDMS
Signex cards
13
Signex CA

• Generates certificates when creating Signex cards
• Generates Data Item Support Certificates (DISCs)
  to enable data originators to load data items
• Can be replaced by 3rd party CAs

14
Signex in action

• Physical access
• ID Information
• Access areas
• Times of access

• Network Login
• ID Information
• Network domain
• Password

Signex server
Canteen System
Physical access
Signex server
Prescription Service
Signex server
Hospital Booking System
Signex server
Security B/O System

• Prescrition access
• ID Information
• Network domain
• Password
• Level of access

• Canteen
• ID Information
• Balance counter
• Loyalty points

15
Card Issuance Model
DPS
Hospital Back Office System
Signex CA
SDMS
SCPM
Medical Card With Signex Application
Personalisation Bureau
16
Signex benefits

• Leveraging a multi-application card
• Rapid go-to-market
• Pilots and rollouts in days rather than months
• Security
• same team that achieved ITSEC 6 (Common Criteria
  EAL7) for MULTOS and Mondex
• Platform independence
• No need for smart card application development
  skills
• Data privacy legislation compliant
• Built-in PKI with PIN or Biometric

17
Signex benefits

• IT Integration cost savings
• make vs. buy financial model
• 40 man years of qualified, experienced effort
• uses limited card memory to support multiple
  partner data
• Future proof development platform
• web technologies, EJB, open Crypto
• Datacard world-wide support

18
Questions