E N D
1. OAKWOOD HOSPITAL & MEDICAL CENTERDearborn, MI GROUP #3
Brian Buckham
Xiangrong Cheng
Muriel Furtado
Ryan McNeice
4. Facts
Smart cards contain an Integrated Circuit Chip
Capacity of 8K or 16K worth of information
Introduced in Europe
Approximately 1 billion smart cards produced annually in healthcare, telephony, financial services and transportation.
5. Facts Types:
Contact cards
Contactless cards
6. History of Smart Cards 1974 - Roland Monero invents the Smart Card
1977 – Bull CP8, SGS Thomson, and Schumberger
begin developing the IC Card product
1979 – Motorola developed the first secure single
microcontroller for use in French banking
1994 – Germany issues 80 million serial memory
chip cards as citizen health cards
7. History of Smart Cards 1995 – 3 million digital mobile phone subscribers worldwide begin billing calls with smart cards.
1998 - Microsoft announced its new
Windows smart card operating system
1999 – U.S. Government continues advancements on the Smart Access Common ID Project
2000 – Smart Cards become Internet nodes
8. Application Information Technology
Secure logon and authentication
Secure B2B and B2C
e-commerce
Storage of digital certificates, credentials and passwords
Encryption of sensitive data
9. Application Mobile Telecommunications
Secure subscriber authentication
Roaming across networks
10. Application Commercial Applications
Loyalty and promotions
Ticketing
Access control
Parking and toll collection
11. Application Finance
Electronic Purse
Debit / Credit
12. Application Identification
College IDs
Biometrics
13. Application
14. Hospital PromisesEmergency Room 30 minute guarantee to see a doctor OR
* 2 Free movie tickets
* Written Apology
*Two years later.
*Total Success.
*All four Oakwood Healthcare System’s
Hospitals on board.
15. Patient Satisfaction Soared Only 0.9% of last years 191,000 emergency room patients (1,700 patients) asked for free tickets.
Down to 17 minutes on average between arrival & examination.
15 minute guarantee is almost ready to unfold.
16. Overcrowding….. 62% report “at” or “over” capacity.
On average, 48 minutes.
(VHA Inc.)
Some wait hours upon
hours.
17. Overcrowding Relaxation of stringent managed care rules lead to rush on ER; law requires that all are treated w/ or w/out ability to pay.
Doctors might see 35 patients a day and double book a 15 minute time slot. They just refer to ER.
18. Solutions have spawned “Fast Track” units.
Sophisticated Computer Systems to give administrators an up-to-the-minute report.
Mememorial Health Services in Long Beach California issued 500,000 Medical Identification Cards (MICs) (available to all at www.memorialcare.com)
75 other hospitals have now expressed interest in the smart card program.
19. Making good on Promises To reduce waiting times, Oakwood Hospital had to:
Re-engineer its billing, records and lab operations.
Upgrade its technical staff
Replace its emergency room physician group w/ new crew w/more hours.
20. Doctors play their part “Open access” scheduling.
Leaving 40% of time un-booked; need based patients can get in instead of going to ER.
Rarified “concierge medicine” (Coral Gables, FL)
*1,500 - $3,000 retainers
*VIP treatment/Dr. meets at front desk and actually does ER exam.
21. Dual Tracking solutions 16 acute care beds w/ adjacent “fast track” section with six beds.
Immediate loss of life patients go directly to critical bed unit.
Minor injuries go to “express lane”. (overage of serious cases can be shifted to the fast tract if needed.)
On average total time in the hospital is 1.4 hours. (1/2 the time of regular ER)
22. “Medicine is a service business and people are in the mindset of the fast-food industry.”
-Larry Alexander, MD
23. Where is health care evolving? The lines between emergency and regular care are blurring.
ER can diagnose and dispense powerful drugs, and let the patient go home.
Asthma attacks that once were treated in the ER can now go to “fast track”.
Smart Cards are the wave of the future.
24. Smart Card Technology How does it work?
26. Smart Card Interactions
28. How is a smart card different from the magnetic stripe card that I carry in my wallet?
A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
29.
Equipment Specifications:
Hardware Requirements:
Intel Pentium III 800 MHz or equivalent.
256 MB memory.
CD ROM Drive.
Network Card.
1024x768 color screen.
20GB hard disk.
Smart card reader and drivers.
30. Card Readers
31. Memory vs. Microprocessor
Smart cards come in two varieties: memory and microprocessor.
Memory cards simply store data and can be viewed as a small floppy disk with optional security.
A microprocessor card can add, delete and manipulate information in its memory on the card. Similar to a miniature computer, a microprocessor card has an input/output port operating system and hard disk with built-in security features.
32. Contact vs. Contactless
Smart cards have two different types of interfaces: contact and contactless.
Contact smart cards are inserted into a smart card reader, making physical contact with the reader.
Contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security.
33. Memory Cards – 3 Types Memory cards have no sophisticated processing power and cannot manage files dynamically. All memories communicate to readers through synchronous protocols. There are three primary types memory cards:
Straight Memory Cards
Simply store data and have no data processing capabilities.
Lowest cost per bit for user memory.
Cannot identify themselves to the reader, so your host system has to know what type of card is being inserted into a reader.
34. Memory Cards, cont’d Protected / Segmented Memory Cards
Built-in logic to control the access to the memory of the card.
Can be set to write protect some or all of the memory array.
Some of these cards can be configured to restrict access to both reading and writing. Segmented memory cards can be divided into logical sections for planned multi-functionality.
35. Memory Cards, cont’d Stored Value Memory Cards
Designed for the specific purpose of storing value or tokens.
The cards are either disposable or rechargeable.
Most cards of this type incorporate permanent security measures at the point of manufacture, including password keys and logic that are hard-coded into the chip by the manufacturer.
The memory arrays on these devices are set-up as decrements or counters. There is little or no memory left for any other function. For simple applications such as a telephone card the chip has 60 or 12 memory cells, one for each telephone unit. A memory cell is cleared each time a telephone unit is used. Once all the memory units are used, the card becomes useless and is thrown away. This process can be reversed in the case of rechargeable cards.
36. Smart Card Schematic
37. CPU/MPU Microprocessor Multifunction Cards On-card dynamic data processing capabilities.
Allocate card memory into independent sections assigned to a specific function or application.
Within the card is a microprocessor or microcontroller chip that manages this memory allocation and file access. This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organized file structures, via a card operating system (COS).
Unlike other operating systems, this software controls access to the on-card user memory. This capability permits different and multiple functions and/or different applications to reside on the card, allowing businesses to issue and maintain a diversity of ‘products’ through the card. (One example of this is a debit card that also enables building access on a college campus.)
38. Benefits of Multifunction Cards:
Enable issuers to market their products and services via state-of-the-art transaction technology.
Permits information updates without replacement of the installed base of cards, greatly simplifying program changes and reducing costs.
For the card user, multifunction means greater convenience and security, and ultimately, consolidation of multiple cards down to a select few that serve many purposes.
39. Increased levels of processing power, flexibility and memory add cost. Single function cards are often the most cost-effective solution. Choose the right type of smart card for your application by evaluating cost versus functionality and determine your required level of security. The following chart demonstrates the general rules of thumb.
40. Smart cards are defined according to the type of chip implanted in the card and its capabilities. There exists a wide range of options to choose from when designing your system.
41. ISO Manufacturing Standards:
Primarily, smart card standards govern physical properties and communication characteristics of the embedded chip and are covered through the ISO 7816-1,2,3.
42. Group 3’s Special Topic! Initiating Smart Card Use in YOUR Business
OR…
How smart is my smart card?
43. Initiating Smart Card Use Is there a clear business case, including financial and consumer behavior factors?
Will the system be single or multi-application?
What information do I want to store in the cards?
How much memory is required for each application?
If multi-application, how will I separate different types of data?
Will card data be obtained from a database? Or loaded every time?
Will this data concurrently reside on a database?
How many cards will be needed?
Are card/infrastructure vendors identified? What are the lead times?
44. Value Applications
Should the value in the cards be reloadable or will the cards be disposable?
How will I distribute the cards?
How will cards be activated and loaded with value?
What type of card traceability should I implement?
What is the minimum and maximum value to store on each card?
Will there be a refund policy?
45. Smart Card Deployment Establish clear achievable program objectives
Make sure the organization has a stake in the project’s success and that management buys into the project.
Set a budget.
Name a project manager.
Assemble a project team and create a team vision.
Graphically create an information - card and funds-flow diagram.
Assess the card and reader options.
Write a detailed specification for the system.
Set a realistic schedule with inch-stones and mile-stones.
Establish the security parameters for both people and the system.
Phase-in each system element, testing as you deploy.
Reassess for security leaks.
Deploy the first phase of cards and test, test.
Train the key employees responsible for each area.
Check the reporting structures.
Have contingency plans should problems arise.
Deploy and announce.
Advertise and market your system.
46. Security:
What are the security requirements?
Does all, or only some of the data need to be secure?
Who will have access to this information?
Who will be allowed to change this information?
In what manner shall I secure this data i.e. encryption, host passwords, card passwords/PINs or all of these?
Should the keys/PINs be customer or system-activated?
What form of version control do I want?
More on this later on the presentation…
47. Properties of Smart Cards Releases data only after the presentation of secret values
Prevents obtaining the value by trial and error
Authenticates the user to the smartcard and protects him/her against card misuse should the card be lost.
48. Properties of Smart Cards Uses encryption methods for authentication purposes, for secured transmission of data between the card and terminal and to calculate digital signatures.
49. IT Security Applications Identification and authentication to a security system
Saving personal keys, certificates and profiles
Encryption operations
Digital signatures
50. Advantages High security as storage medium for sensitive data
High security when running cryptographic operations
Rapid identification (only PIN is needed)
Optimization of user security behavior (lock by retaining the card)
51. Advantages, cont’d Option for automatic login to servers and hosts
Multifunctional use possible (access card, time recording ...)
Rights, profiles and keys are stored with the user (better support of traveling users).
52. Disadvantages Special reading hardware necessary
Lost/forgotten
Administration/issuing authority and secure logistics necessary
Central update of rights profiles on smartcards
53. Future of Smart Cards Microsoft Target for 2005
To have every PC shipped with a Smart Card reader.
54. Future Trends
Microsoft is including support for Smart Cards with Windows 2000. It has developed an operating system for Smart Cards called Windows for Smart Cards
MasterCard, VISA, and Europay all have active smart card programs for their members
Card Issuers like AMEX are launching credit card products with Smart Card Technology
IBM, Compaq, and HP have PCs with a Smart Card Reader as standard equipment
55. Results of Survey by Jupiter Research Survey of 4,000 Internet users in May 2000
2% have a smart card
1% had both a smart card and an electronic reading device
33% never heard of the concept