Remote access to patient records and security of android apps
James Firth
james2 at jfirth.net
Fri Jan 13 09:49:50 GMT 2012
Mary Hawking wrote:
> In the NHS we have been told, repeatedly, that user name and password
> are insufficient: there needs to be a smartcard logon for secure
> identification,
OK it's over 6 years since I worked directly in this field (on TETRA, see
here : http://ejf.me/pd )
But smart cards essentially perform two roles:
(1) Ensure high entropy in the key without requiring a long passphrase (and
the security loophole that comes with this regime - people more likely to
write don't difficult to remember passwords)
(2) Provide a physical key that can't (easily) be replicated, ensuring that
when someone's nicked your smart card, you know about it. Someone could
have nicked a password and you could be ignorant of this for many
days/weeks/months
James Firth
More information about the ukcrypto
mailing list