Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Presentations / Attachments

Attachments

Minutes

possible offline auth payload

Offline authentication

  • CHIFID (=Insuree Number/Code) in barcode - QRcode : just avoid type CHFID

    • reduce typing errors

    • Advantages:

      • can be provided during enrolment before synchronization

      • can be preprinted to assure the uniqueness

    • Drawback:

      • no validation

        • can record manually a hash on the card that can be manually entered in system to validate the Policy Activation

        • text must be protected again scratches/water …

      • no coverage information

  • CHFID + coverage

    • need validation : Sign message with RSA

    • Advantages:

      • has to be provided after the enrolment synchronization

      • can validate Policy is activated

    • Drawback:

      • cannot be preprinted

      • need patient data

      • need coverage data

      • need policy to be activated

      • no information about the limits and remaining “budget“ on the policy

      • quite detailed QRCODE can be challenge to print.

    • fraud detection

      • signature RSA ?

  • NFC/Smartcard card

    • Drawback

      • limitation on memory space => limit information you store there

      • need reader but lots of phone have

      • cost card

    • Advantages

      • number preprinted

      • data can be updated (coverage)

      • photo in memory???

      • biometrics

    • technical hardware standards? do we need to develop a driver for X potential systems?

      • phones and apps on phones should be relatively easy (though lots of systems)

      • printing to different NFC cards is standard (link to definitions?)

      • lots of differences in features / security features

    • fraud detection

      • signature RSA ?

      • locked card ?

  • USSD

    • Advantages:

      • easy to access with any type of phone

      • doesn’t need data communication => work offline

      • can validate Policy and Coverage

    • Disadvantages:

      • requires GSM coverage

      • SMS cost

    • fraud detection

      • controlled by the system

  • Calls (call center)

    • advantage

      • simple

    • drawback

      • cannot take load

    • fraud detection

      • need a proof that the call was done (confirmation number)

  • insuree mobile app

    • Advantage:

      • no support

      • more data / picture / several qrcode / version

      • data transfert paid by insuree

    • Fraud detection

      • signature RSA

    • Drawback

      • Insuree needs smartphone

      • needs to be for Android and IPhone (hybrid app?)

Questions - Challenges - Issues

  • next steps:

    • contact OpenHIE identity group

    • schedule follow up calls

Next meeting (05.08.2021):

  • Testing scenarios

  • offline / distributed scenarios (metadata, policy and claims)

  • Beyond Health

  • Accounting / Payment layer

...