KeyShield letak EN


Hospital Authentication System

Executive summary

Hospitals and other medical facilities employ many users – doctors and nurses – who do not work on "their" personal computer inside "their" office. Instead, they move around and make use of computer workstations in nurses’ rooms, examination rooms, operating rooms etc. Their workload consists of taking care of patients and the traditional concept of "exit" – "sign-off" – "sign-on" – "start" – "sign-on" is a hindrance. This is why we so often see users not bothering to sign-on at all and instead working as whoever signed-on first at the beginning of their workshift. Users minimizing their use of information system, so that they do not have to go through above mentioned process. Users ask someone else to work within information system in their stead. Or they go through the process with clenched teeth and lose valuable minutes every time. Minutes they could otherwise use to benefit their patients.

Personal cards, chips, tokens that users use currently for opening doors or gates, attendance system, ordering and picking-up lunch or paying in commissary are all applicable and actually ideal for a system of signing-on and fast switching – everybody knows them, have them on hand at all times and keep them safe. By placing the card on the reader the user announces his identity and therefore does not need to write down his own name. By putting in his password he confirms his identity and is signed-on using two factors – even if someone else knew his name and password, he cannot sign-on without the card. And vice-versa – card without password isn’t accepted as well.

Workstation security is increased significantly. When user leaves, he is automatically signed-off and the workstation is locked. If he returns before the time-out of previous sign-on runs out, he can simply put in his card and everything is brought back up.

Efficiency of Information Systems and applications is increased by information that they receive from KeyShield SSO – we recommend using user identity and workstation that he is currently working on for saving and bringing back up his context – thus he is always returned to the section of IS he was working in and does not need go through several layers of menu items.

Integration of information systems and applications with sign-on solution KeyShield SSO is very easy. Necessary work usually extends between 1 to 2 days for a programmer and a tester. That is why this is not an investment or alteration that makes you wait. Once an integration is done, all customers of a given supplier can use it and right now. Various medical Information Systems are already integrated.

letak ks.jpg
Other stations that are not shared may and ought to be secured with KeyShield SSO as well. For example, user signs-on to Microsoft or Novell environment and is signed-on to KeyShield SSO automatically or signs-on directly to KeyShield SSO on a standalone device. Nevertheless, he always enjoys the same amount of security and benefits as if he were on a shared workstation.

Mobile devices Apple and Android are supported, however with them cards may not be used.

Hospital sign-on system


Technical overview

Secure KeyShield SSO is a pure IdP (Identity Provider) – it saves no passwords or other sensitive information.

Server KeyShield SSO is implemented by Java language and directly supports installation on Linux and Windows server. Intuitive web console for card management is included.

Client KeyShield SSO is available for all main platforms – Windows XP to 10, Linux, MacOSX, iOS (iPhone, iPad), Android. Installation of client on Windows is easily done, e.g. by simple policy,
it is in .msi form. Client configuration is dynamic from KeyShield SSO server.

LDAP source of users may be any directory service – Active Directory, eDirectory, OpenLDAP, SunOne, Apache DS etc. In case a hospital does not have LDAP directory or it is not advisable to use one, it is possible to work with Apache DS integrated with KeyShield SSO.

SAML interface is verified with Office365, GoogleApps etc. It is possible to work with many Service Providers with various assertion templates.

Radius Accounting interface provides user authentication to any number of active network appliances (firewall, Web Content Manager, Proxy etc.) or takes identity of VPN user from firewalls to prevent repeated signing-on.

Integration API is available on the side of server (REST) as well as workstation (DLL), so it does not matter whether particular application has so-called fat Windows client or web interface or both.

Notification interface sends information to all configured integrated systems at every change (sign-on, sign-off, switch of users). Time it takes KeyShield SSO to process is less than 1 second. The whole process of switching from one user to another can be done in a few of seconds in a standard hospital system (even for multiple systems at the time).

User identity is provided in JSON, XML, HTML formats or as a certificate with short valid period (1 min is default). It does not matter how is the IS implemented.

letak ks 2.png
Ask for a technical webinar, meeting with a consultant or contact us directly via contact information below. We will happily provide you with any further technical or sales information.

Tel: +420 224 999 777