Page Properties | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Page Properties | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||
|
Background
Current suppliers’ products adhere to the existing requirement for working with Smartcards on the Windows Platform which is to use the PKCS11 standard, however it inadvertently relies heavily on the vendor proprietary PKCS11 library to communicate with Smartcards as that was the middleware/solution in use at the time.
...
The Entrust Virtual Smartcard launch is a COVID-19 response item and is required to be supported for both authentication and digital signing as soon as possible by the profession.
Outline Plan
NHS Digital have the technical resource available to work closely with the suppliers in a collaborative way to help them identify, code and prove the issues are fixed before allowing the suppliers to complete their assurance cycles. During this collaborative working, NHS Digital would also look to prove out that the EPS advanced signature capability will work with the GP system suppliers in and end to end test so that when ready to launch for Primary Care, it supports the main use cases of authentication and signing of a prescription.
...
Timescale for completion: ASAP
Summary of Change
NHS Digital are looking for the GP System suppliers to remove the reliance on the proprietary interfaces and DLLs in favour of using the generic (NHS Digital) interface that allows for the support of all Smartcard types. This will also help mitigate the medium term roadmap challenges. NHS Digital understand that this will also resolve issues we’ve seen in the INT environment when performing exploratory assurance of the GP Supplier systems with the new Entrust Virtual Smartcard. Two examples are outlined below:
...
These issues are likely to be caused by the application expecting that the target Smartcard is a specific type or one that is compatible when it is not and therefore the commands are failing and causing an error.
Full Specification
The specifications for authentication and digital signing are in NPFIT Spine 1.0 requirements.
...
In order to create a signature, the card must be logged in using the user passcode (which the application must prompt the user for). Then, one or more messages can be hashed and signed. However, it maybe that the passcode is required to be entered each time a message is signed.
Assurance Approach
Overview:
NHS Digital are looking to take a simple approach to assurance
...