By Fabiola Bellersheim, Giesecke & Devrient and member of the Silicon Trust
Smart health cards or National ID cards are becoming more and more complex, and their functionality is steadily expanding. In the past, smart cards were used exclusively for the secure storage of credentials. Nowadays, smart cards are more powerful, run multiple applications and can be updated in the field. Not only have smart card capabilities improved, but the associated infrastructure has as well.
Smart cards are now used in many online applications, particularly in the area of security products. To optimize the use of cards, information (preferably up-to-date) regarding the user status is particularly important to card issuers or application providers. The CAMS – Card Application Management System – offers a wide range of features and functions for administering and controlling smart cards during their entire lifecycle. Although not every eHealth or eID system requires a CAMS, there is a trend towards flexible and scalable systems for managing cards and post-issuance personalization of applications.
This article will give a short overview of the German telematic infrastructure and the involvement of a Card Application Management System. The general functionality of the CAMS, such as personalization orders, card, application and key management is presented.
The German electronic Patient Data Card (eGK)
The rollout of up to 80 million electronic patient data cards will start in Germany at the end of 2009. It will first be an offline rollout of cards, which carry personal and insurance data of the insured. Probably one year later, the online rollout will follow to enable the insured to check his insurance status online and / or update his data each time he visits a healthcare provider. This might be the case when he moves to another place and his address changes. Instead of issuing a new card the new address data can be updated online.
Later on, applications like eEmergency, ePrescription and eSignature can be loaded as well. Besides being a secure storage of data and applications, the cards function as a secure key to the Medical Network in Germany. As the smart cards will be issued by several different health insurance companies, they need to run a card application management system within their respective computer centre in order to fulfill these requirements. This central element controls every function in the card lifecycle – from production, personalization and issuing to ongoing data maintenance during use, up to blocking the card when lost or taken out of service. As such, it interacts with the health insurer’s patient database management systems, image databases, highly secure key management systems and internal or external certificate services, various personalization providers and patient master data services.
Card Application Management System (CAMS)
The main function of the CAMS is the administering and controlling of various status conditions of smart cards and their applications during their entire lifecycle. These status conditions, which are used in CAMS processes, are reflected in the workflow that must be implemented for issuing and using cards.
Usually the workflow starts with an order to produce, personalize and issue either one single card or several million cards. This order includes the links to the data or archives required for personalization. Orders and data from various archives serve as inputs for the CAMS. Desired additional applications can be added in the first personalization or after the issuance of the card.
The CAMS gathers all necessary data and generates symmetric or asymmetric keys, which are necessary for card to card and card to server authentication as well as for encryption of data.
Typically, the CAMS also connects to certification authorities and applies for certificates. After completing and compiling the card data sets, all required data are transmitted to the personalization module for further processing. These personalization data sets represent the CAMS output, which will be used for the card production at the personalization site. Data, such as the keys and applications, are installed on the smart card. The CAMS receives confirmation after successful personalization of the card or an error message if the card could not be produced and issued. Then CAMS receives and processes numerous messages such as the issuance of the PIN letter or the first use of the card.
After successful issuance of the cards, the order is archived in the CAMS order database. The card data associated with this order remains linked to the order, but is stored in the card data database.
A ‘normal’ or successful process execution is easy, but as soon as errors occur as a result of interrupted connections, damaged files, incomplete orders, or unsuccessful personalization because of faulty or damaged cards, etc., the order process becomes very complex. A CAMS enables users to remain flexible, monitors the entire workflow and provides support in monitoring the processed orders and resolving open issues. All orders must be processed without interruption to maximize card or order throughput.
After this initial phase, which is governed by order management, the CAMS monitors all cards issued to date. It provides notification when cards or applications on the cards are no longer valid or when they need to be updated. The CAMS PIP (Post Issuance Personalization) feature enables secure connections to the cards to be established using the keys integrated into the cards when they were personalized.
PIP can be used to transfer additional data or applications onto the card, although the CAMS must first check to determine whether such an update is possible (size, performance). CAMS can quickly establish a secure channel with the card by connecting to a trust center or certification authority (CA). This secure connection prevents the data transmitted between a CAMS and the card from being recorded by hackers. This feature is also used to block cards that have already been issued. A CAMS offers comprehensive control over the use of cards, even after these have been issued. It is capable of expanding or limiting the use of cards depending on the operational requirements.
These kind of Card Application Management Systems are ideal for driving large-scale and complex multi-application smart card rollouts, which are taking place more and more often in the market.