1 / 15

Overview of CP-IS Client: Installation and Security Requirements

The CP-IS Client is designed for streamlined access to the NHS's Spine messaging system, facilitating local file handling for local authorities (LAs). It requires an NHS Network (N3) connection, a specific Java Runtime Environment (JRE6), and verified security certificates. The installation process is straightforward, consisting of technical steps crucial for ensuring safe communication and efficient operation. Importantly, only LAs can install their certificates, with enhanced security measures, including TLS Mutual Authentication, to protect sensitive data.

oki
Download Presentation

Overview of CP-IS Client: Installation and Security Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CP-IS Client Overview Author: Mat Barrow, Spine2 Functional Lead Date: 3rd Dec 2013

  2. Background • CP-IS Client based on a similar NHS client (DBS):Files are just dropped into/picked from a folder which is specified during installation • Batch handling and Spine messaging managed within client to minimise complexity and reduce LA system processing and network load • Local logging for errors/exceptions in addition to file-level response messages • Simple to install (see later slides)

  3. Technical Requirements • NHS Network (N3) connection (including IG Toolkit) or government network with a functional gateway to N3. • HSCIC will register a Spine end-point for each LA, and advise the Accredited System ID (ASID) for use during installation of the client. • Each LA will need to install its own certificate* • Java Runtime Environment 6 (JRE6) • Windows or Linux OS. Windows 7 and Ubuntu 12.04 have been tested.Other flavours may be tested where required but only the HSCIC warranted environment is supported. • The minimum hardware specification is currently that required for JRE6.

  4. Security • Certificate DN specific to LA: no sharing/reuse • CP-IS certificates only work for CP-IS messaging • ASID and Interactions checked for CP-IS certificates(No requirement for logon authentication) • TLS Mutual Authentication with >=1024 bit (ideally 2048 bit) certificates • Uses port 443 which will need to be opened in firewalls • Requires a secure server in a secure location • HSCIC is arranging for independent Penetration testing to be conducted against the CP-IS Client and Spine 2 itself, thereby giving assurance to LAs about the overall security of the solution.

  5. Integration with Spine – Upload

  6. Integration with Spine – Query

  7. Installation Steps: 1

  8. Installation Steps: 2

  9. Installation Steps: 3

  10. Installation Steps: 4

  11. Installation Steps: 5 These IDs will be supplied by HSCIC

  12. Installation Steps: 6

  13. Installation Steps: 7

  14. Installation Steps: 8

  15. Installation Steps: 9

More Related