Secure identities for the Telematics infrastructure (TI) 2.0
The Telematics Infrastructure marks the first steps by the German healthcare sector on the road towards comprehensive digitalization. And there’s already talk about developing the system further. One thing is certain, card-based identities will be supplemented and replaced by secure digital identities in the future which will have a key role to play moving forward to the TI 2.0. Dr. Kim Nguyen, Managing Director of D Trust, explains how the much-cited federated identity management works and which authentication solutions have the most promising prospects for the future.
Federated identity management in the Telematics Infrastructure
gematik sees federated identity management as one of the most important central pillars on the road towards the Telematics Infrastructure 2.0. What exactly does this term mean?
A person’s health data is highly sensitive and must be protected. This applies even more when you link the person to the data. That’s why clear rules are needed to determine which rights are needed to access which data. And that is precisely what identity management means. For identity management to be federated, different digital identity providers need to interconnect.
How exactly does it work?
According to gematik, the Telematics Infrastructure 2.0 is to become an ‘arena for digital medicine’ where various providers can offer specialist services. A user should then be able to use the secure identity that allows them to use a specialist service, ideally also for services offered by other providers. Everything is to work like a single sign-on. One example: A doctor has received an identity from Provider A, but wants to use Provider B’s service for this identity. Provider B uses a digital protocol to ask Provider A whether the user is known to them. If the answer is yes, the user is permitted to access the service. There must, of course, be rules in place for this to work, i.e., sets of rules that give providers certain levels of trust. The identities of providers with the highest level are accepted by every other provider. Identities from the lowest level may not be recognized at all and those from the middle level only if certain rules are met.
How do users authenticate themselves for these services?
It makes sense to use what already exists. However, a distinction should be made here: Patients who have a password account with their statutory health insurance company, for instance, could use this authentication mechanism for other services as part of federated identity management. That being said, username password combinations are by far the lowest level of trust. A higher level will be needed for certain applications. The cards currently used for medical professionals already offer this. A doctor confirms their personal identity with the electronic health professional card (eHPC) and that of their practice with an SMC-B card. A valid and secure system.
So today’s cards are already the solution?
At least they will be around for some time. Doctors who have just invested not only in the cards themselves but also in connectors and readers need not worry. But in the medium term, card solutions are not to be the only means of authentication. The real aim is to become more independent of hardware, not least for those insured who also want and should be able to access data in the TI. For them, card terminals are certainly out of the question, especially now in an era of mobile devices, when I know for a fact that my own children have no idea what a desktop PC is. What’s more, people from other health professions will connect to the Telematics Infrastructure. Particularly in the nursing sector where mobile deployment scenarios seem more realistic. That’s why I am convinced that in the end everything will boil down to virtualization of the existing cards, initially, of course, in addition to hardware-based technology.
Which technological approach is to be used for this virtualization?
That’s something that has yet to be decided. Smartphones are very likely to play a central role, especially since they provide an infrastructure that is now open to most people. Using the mobile ID card as an example, the OPTIMOS 2.0 project demonstrated the enormous potential that secure elements have to offer. These are like small smart cards integrated into smartphones. Ultimately, they enable us to derive the ID card while on the move. And the VEGA project funded by the Federal Ministry of Health shows that insured persons can use a derived electronic health card on the secure element of a smartphone to identify and authenticate themselves for medical applications in a both secure and user-friendly way. The VEGA project also shows that an insured person can securely access their electronic ID card using a derived electronic health card. Fast IDentity Online (FIDO) is another exciting approach where a protocol implements authentication, detached from identification. The added value of this approach is that FIDO is globally standardized. This means that big players like Apple, Google and Microsoft can implement this technology in their systems. What’s more, users now have the chance to put FIDO into operation using tokens and a form of self-enrolment.
Mobile identities, FIDO or tried and tested cards – which one do you think will be successful in the end?
I don’t think there will be complete uniformity, but smartphones are likely to come out on top. There are some people who will continue to rely on a combination of cards and separate hardware for the time being – especially doctors, who have just acquired this technology.
The authentication solution is only one side of federated identity management. At the same time, reliable identity providers will first be needed. What makes a provider a good provider?
Frankly, trust. Anyone who wants to provide secure digital identities must maintain a secure infrastructure. The statutory health insurance companies where I have already signed up to use certain online services have had digital identities for some time now. But at what level of confirmation? Am I really identified there? Or did I just get a letter that basically anyone could intercept? That is probably the case for now. For doctors, the identity provider is critical. The title of ‘Doctor’ is a very essential identity attribute that can only be issued by medical associations and similar bodies. This is already handled by the chambers in the case of the eHPC. However, they should in fact also act as identity providers as the TI is further developed.
The chambers are therefore likely to continue to award professional attributes. And who should bear responsibility from a technical point of view?
First and foremost, of course, you have the companies that already produce the cards, i.e., companies like D Trust. After all, they have many years of experience in managing identities. And as a trust service provider, we also operate a secure infrastructure.
So, should D Trust become the direct issuer of the digital identity within the framework of the TI 2.0?
That’s an the exciting question. Whatever way, the topic of virtualization runs like a red thread through the entire strategy of the Bundesdruckerei Group. It is a topic of discussion for banknotes, driving licences, ID cards, passports and, of course, our D Trust products. The Bundesdruckerei Group is the consortium leader for the VEGA project. So we would definitely be ready.
D Trust is one of only a few qualified trust service providers in Germany. It sounds like you could actually contribute even more services for the further development of the TI.
Absolutely. There are a lot of value-added services that depend on secure digital identities. Simply look at the eIDAS construction kit with its seals, certificates or signatures. Trust services like these could easily be integrated into virtualized cards. We already ask anyone ordering an eHPC whether they, for instance, would like to use our qualified remote signature solution called ‘sign-me eHealth’. Over 70 percent of doctors have selected this option. This remote signature solution is a particularly exciting example because it virtually maps the signature function of the eHPC and is designed to serve as a supplement to the card.