OAKWOOD HOSPITAL MEDICAL CENTER Dearborn, MI

1. OAKWOOD HOSPITAL & MEDICAL CENTERDearborn, MI GROUP #3 Brian Buckham Xiangrong Cheng Muriel Furtado Ryan McNeice

4. Facts Smart cards contain an Integrated Circuit Chip Capacity of 8K or 16K worth of information Introduced in Europe Approximately 1 billion smart cards produced annually in healthcare, telephony, financial services and transportation.

5. Facts Types: Contact cards Contactless cards

6. History of Smart Cards 1974 - Roland Monero invents the Smart Card 1977 � Bull CP8, SGS Thomson, and Schumberger begin developing the IC Card product 1979 � Motorola developed the first secure single microcontroller for use in French banking 1994 � Germany issues 80 million serial memory chip cards as citizen health cards

7. History of Smart Cards 1995 � 3 million digital mobile phone subscribers worldwide begin billing calls with smart cards. 1998 - Microsoft announced its new Windows smart card operating system 1999 � U.S. Government continues advancements on the Smart Access Common ID Project 2000 � Smart Cards become Internet nodes

8. Application Information Technology Secure logon and authentication Secure B2B and B2C e-commerce Storage of digital certificates, credentials and passwords Encryption of sensitive data

9. Application Mobile Telecommunications Secure subscriber authentication Roaming across networks

10. Application Commercial Applications Loyalty and promotions Ticketing Access control Parking and toll collection

11. Application Finance Electronic Purse Debit / Credit

12. Application Identification College IDs Biometrics

13. Application

14. Hospital PromisesEmergency Room 30 minute guarantee to see a doctor OR * 2 Free movie tickets * Written Apology *Two years later. *Total Success. *All four Oakwood Healthcare System�s Hospitals on board.

15. Patient Satisfaction Soared Only 0.9% of last years 191,000 emergency room patients (1,700 patients) asked for free tickets. Down to 17 minutes on average between arrival & examination. 15 minute guarantee is almost ready to unfold.

16. Overcrowding�.. 62% report �at� or �over� capacity. On average, 48 minutes. (VHA Inc.) Some wait hours upon hours.

17. Overcrowding Relaxation of stringent managed care rules lead to rush on ER; law requires that all are treated w/ or w/out ability to pay. Doctors might see 35 patients a day and double book a 15 minute time slot. They just refer to ER.

18. Solutions have spawned �Fast Track� units. Sophisticated Computer Systems to give administrators an up-to-the-minute report. Mememorial Health Services in Long Beach California issued 500,000 Medical Identification Cards (MICs) (available to all at www.memorialcare.com) 75 other hospitals have now expressed interest in the smart card program.

19. Making good on Promises To reduce waiting times, Oakwood Hospital had to: Re-engineer its billing, records and lab operations. Upgrade its technical staff Replace its emergency room physician group w/ new crew w/more hours.

20. Doctors play their part �Open access� scheduling. Leaving 40% of time un-booked; need based patients can get in instead of going to ER. Rarified �concierge medicine� (Coral Gables, FL) *1,500 - $3,000 retainers *VIP treatment/Dr. meets at front desk and actually does ER exam.

21. Dual Tracking solutions 16 acute care beds w/ adjacent �fast track� section with six beds. Immediate loss of life patients go directly to critical bed unit. Minor injuries go to �express lane�. (overage of serious cases can be shifted to the fast tract if needed.) On average total time in the hospital is 1.4 hours. (1/2 the time of regular ER)

22. �Medicine is a service business and people are in the mindset of the fast-food industry.� -Larry Alexander, MD

23. Where is health care evolving? The lines between emergency and regular care are blurring. ER can diagnose and dispense powerful drugs, and let the patient go home. Asthma attacks that once were treated in the ER can now go to �fast track�. Smart Cards are the wave of the future.

24. Smart Card Technology How does it work?

26. Smart Card Interactions

28. How is a smart card different from the magnetic stripe card that I carry in my wallet? A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).

29. Equipment Specifications: Hardware Requirements: Intel Pentium III 800 MHz or equivalent. 256 MB memory. CD ROM Drive. Network Card. 1024x768 color screen. 20GB hard disk. Smart card reader and drivers.

30. Card Readers

31. Memory vs. Microprocessor Smart cards come in two varieties: memory and microprocessor. Memory cards simply store data and can be viewed as a small floppy disk with optional security. A microprocessor card can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port operating system and hard disk with built-in security features.

32. Contact vs. Contactless Smart cards have two different types of interfaces: contact and contactless. Contact smart cards are inserted into a smart card reader, making physical contact with the reader. Contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security. 

33. Memory Cards � 3 Types Memory cards have no sophisticated processing power and cannot manage files dynamically. All memories communicate to�readers through synchronous protocols. There are three primary types memory cards: Straight Memory Cards Simply store data and have no data processing capabilities. Lowest cost per bit for user memory. Cannot identify themselves to the reader, so your host system has to know what type of card is being inserted into a reader.

34. Memory Cards, cont�d Protected / Segmented Memory Cards Built-in logic to control the access to the memory of the card. Can be set to write protect some or all of the memory array. Some of these cards can be configured to restrict access to both reading and writing. Segmented memory cards can be divided into logical sections for planned multi-functionality.

35. Memory Cards, cont�d Stored Value Memory Cards Designed for the specific purpose of storing value or tokens. The cards are either disposable�or rechargeable. Most cards of this type incorporate permanent security measures at the point of manufacture, including password keys and logic that are hard-coded into the chip by the manufacturer. The memory arrays on these devices are set-up as decrements or counters. There is little or no memory left for any other function. For simple applications such as a telephone card the chip has 60 or 12 memory cells, one for each telephone unit. A memory cell is cleared each time a telephone unit is used. Once all the memory units are used, the card becomes useless and is thrown away. This process can be reversed in the case of rechargeable cards.

36. Smart Card Schematic

37. CPU/MPU Microprocessor Multifunction Cards On-card dynamic data processing capabilities. Allocate card memory into independent sections assigned to a specific function or application. Within the card is a microprocessor or microcontroller chip that manages this memory allocation and file access. This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organized file structures, via a card operating system (COS). Unlike other operating systems, this software controls access to the on-card user memory. This capability permits different and multiple functions and/or different applications to reside on the card, allowing businesses to issue and maintain a diversity of �products� through the card. (One example of this is a debit card that also enables building access on a college campus.)

38. Benefits of Multifunction Cards: Enable issuers to market their products and services via state-of-the-art transaction technology. Permits information updates without replacement of the installed base of cards, greatly simplifying program changes and reducing costs. For the card user, multifunction means greater convenience and security, and ultimately, consolidation of multiple cards down to a select few that serve many� purposes.

39. Increased levels of processing power, flexibility and memory add cost. Single function cards are often the most cost-effective solution. Choose the right type of smart card for your application by evaluating cost versus functionality and determine your required level of security. The following chart demonstrates the general rules of thumb.

40. Smart cards are defined according to the type of chip implanted in the card and its capabilities. There exists a wide range of options to choose from when�designing your system.�

41. ISO Manufacturing Standards: Primarily, smart card standards govern physical properties and communication characteristics of the embedded chip and are covered through the ISO 7816-1,2,3.

42. Group 3�s Special Topic! Initiating Smart Card Use in YOUR Business OR� How smart is my smart card?

43. Initiating Smart Card Use Is there a clear business case, including financial and consumer behavior factors? Will the system be single or multi-application? What information do I want to store in the cards? How much memory is required for each application? If multi-application, how will I separate different types of data? Will card data be obtained from a database? Or loaded every time?� Will this data concurrently reside on a database? How many cards will be needed? Are card/infrastructure vendors identified? What are the lead times?

44. Value Applications Should the value in the cards be reloadable or will the cards be disposable? How will I distribute the cards? How will cards be activated and loaded with value? What type of card traceability should I implement? What is the minimum and maximum value to store on each card? Will there be a refund policy?

45. Smart Card Deployment Establish clear achievable program objectives� Make sure the organization has a stake in the project�s success and that management buys into the project. Set a budget. Name a project manager. Assemble a project team and create a team vision. Graphically create an information - card and funds-flow diagram. Assess the card and reader options. Write a detailed specification for the system. Set a realistic schedule with inch-stones and mile-stones. Establish the security parameters for both people and the system. Phase-in each system element, testing as you deploy. Reassess for security leaks. Deploy the first phase of cards and test, test.� Train the key employees responsible for each area. Check the reporting structures. Have contingency plans should problems arise. Deploy and announce. Advertise and market your system.

46. Security: What are the security requirements? Does all, or only some of the data need to be secure? Who will have access to this information? Who will be allowed to change this information? In what manner shall I secure this data i.e. encryption, host passwords, card passwords/PINs or all of these? Should the keys/PINs be customer or system-activated? What form of version control do I want? More on this later on the presentation�

47. Properties of Smart Cards Releases data only after the presentation of secret values Prevents obtaining the value by trial and error Authenticates the user to the smartcard and protects him/her against card misuse should the card be lost.

48. Properties of Smart Cards Uses encryption methods for authentication purposes, for secured transmission of data between the card and terminal and to calculate digital signatures.

49.  IT Security Applications Identification and authentication to a security system Saving personal keys, certificates and profiles Encryption operations Digital signatures

50. Advantages High security as storage medium for sensitive data High security when running cryptographic operations Rapid identification (only PIN is needed) Optimization of user security behavior (lock by retaining the card)

51.  Advantages, cont�d Option for automatic login to servers and hosts Multifunctional use possible (access card, time recording ...) Rights, profiles and keys are stored with the user (better support of traveling users).

52. Disadvantages Special reading hardware necessary Lost/forgotten Administration/issuing authority and secure logistics necessary Central update of rights profiles on smartcards

53. Future of Smart Cards Microsoft Target for 2005 To have every PC shipped with a Smart Card reader.

54. Future Trends Microsoft is including support for Smart Cards with Windows 2000. It has developed an operating system for Smart Cards called Windows for Smart Cards MasterCard, VISA, and Europay all have active smart card programs for their members Card Issuers like AMEX are launching credit card products with Smart Card Technology IBM, Compaq, and HP have PCs with a Smart Card Reader as standard equipment

55. Results of Survey by Jupiter Research Survey of 4,000 Internet users in May 2000 2% have a smart card 1% had both a smart card and an electronic reading device 33% never heard of the concept