Remote access to patient records and security of android apps
tony.naggs at googlemail.com
Fri Jan 13 12:12:34 GMT 2012
On 13 January 2012 10:21, Roland Perry <lists at internetpolicyagency.com>wrote:
> In article <CAK0b=2e9KsiPJi4CD_**tH0FdxqUH7rO0oN278AsOW3yzSDG6Y**
> wQ at mail.gmail.com<2e9KsiPJi4CD_tH0FdxqUH7rO0oN278AsOW3yzSDG6YwQ at mail.gmail.com>>,
> Tony Naggs <tony.naggs at googlemail.com> writes
> In principle an Android tablet could access a smartcard, as the SIM card
>> in an Android phone is a form of Smartcard - but I have not noticed any
>> tablet computers advertised with Smartcard slot.
> Many tablets have a SIM socket (for data access). But what credentials
> from the SIM might a application be looking for, and why couldn't a patched
> copy of Android spoof it?
Security oriented smartcards often have onboard crypto and could
authenticate the user to the NHS system, and/or validate the NHS system
credentials to the app. (Speculation as I am not familiar with how the NHS
use their smartcards.)
> I am also concerned about how whether the data is securely encrypted when
>> sent over the the WiFi or 3G data network.
> Couldn't the Android App have its own encryption layer?
Of course it can, but will it do it correctly? For instance El Reg recently
reported on electricity meters that failed to use SSL encryption correctly
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ukcrypto