Remote access to patient records and security of android apps

James Firth james2 at
Fri Jan 13 09:49:50 GMT 2012

Mary Hawking wrote:
> In the NHS we have been told, repeatedly, that user name and password
> are insufficient: there needs to be a smartcard logon for secure
> identification, 

OK it's over 6 years since I worked directly in this field (on TETRA, see
here : )

But smart cards essentially perform two roles:
(1) Ensure high entropy in the key without requiring a long passphrase (and
the security loophole that comes with this regime - people more likely to
write don't difficult to remember passwords)
 (2) Provide a physical key that can't (easily) be replicated, ensuring that
when someone's nicked your smart card, you know about it.  Someone could
have nicked a password and you could be ignorant of this for many

James Firth

More information about the ukcrypto mailing list