Hi Mary<br><br>I am not familiar with "SystemOne", and it is not clear from the article what the Android application would be used for. Clearly managing one's calendar, accessing email or editing patient notes have different confidentiality issues.<br>
<br>In principle an Android tablet could access a smartcard, as the SIM card in an Android phone is a form of Smartcard - but I have not noticed any tablet computers advertised with Smartcard slot. Also some Android phones are starting to have NFC (Near Field Communications) interfaces that could talk to Smartcards that work wirelessly (similar to an Oyster card).<br>
<br>I am also concerned about how whether the data is securely encrypted when sent over the the WiFi or 3G data network.<br><br><br>Regards,<br>Tony<br><br><br><div class="gmail_quote">On 12 January 2012 19:34, Mary Hawking <span dir="ltr"><<a href="mailto:maryhawking@tigers.demon.co.uk">maryhawking@tigers.demon.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="http://www.ehi.co.uk/news/primary-care/7445/tpp-develops-systmone-android-ap" target="_blank">http://www.ehi.co.uk/news/primary-care/7445/tpp-develops-systmone-android-ap</a><br>
p<br>
"TPP said it expected to have the SystmOne Android solution completed and<br>
tested within the first half of this year. Following a pilot phase, it will<br>
then become available to users via the Android 'marketplace'.<br>
Access to the app will be through the user's usual username and password, so<br>
nobody will be able to use it unless they are a SystmOne user."<br>
This is a confidentiality and security question rather than a crypto one:<br>
apologies.<br>
<br>
In the NHS we have been told, repeatedly, that user name and password are<br>
insufficient: there needs to be a smartcard logon for secure identification,<br>
and RBAC (Role Based Access Control) to ensure that once identified an<br>
individual can only access the information/functions their role requires.<br>
<br>
My question is twofold:-<br>
1. *can* an android app incorporate smartcard security?<br>
2. if access via logon and password is sufficient security, why were<br>
smartcards, RBAC and the system of Registration Authorities considered to be<br>
necessary in the first place?<br>
<br>
Unfortunately, after I had successfully posted this query on EHI, the<br>
facility for posting comments was withdrawn from the article and my comment<br>
removed.<br>
<font color="#888888"><br>
Mary Hawking<br>
"thinking - independent thinking - is to humans as swimming is to cats: we<br>
can do it if we really have to." Mark Earles on Radio 4.<br>
<br>
<br>
<br>
</font></blockquote></div><br>