How smart card solutions are used in healthcare

1, development background

Accelerating the reform of medical insurance and ensuring basic medical care for employees are the objective requirements and important guarantees for establishing a socialist market economic system. On December 14, 1998, the State Council promulgated the "Decision of the State Council on Establishing the Basic Medical Insurance System for Urban Employees" to carry out the reform of the medical insurance system for urban workers and workers nationwide.

In order to coordinate with the reform of the medical insurance system and taking into account the special requirements of the reform of the medical insurance system, we have adopted a mature smart card (IC card) as the carrier of information and funds for the medical insurance participants.

2. System Overview 2.1 System Target

1. Achieve the automation of business operations and management within the overall scope of the Social Security Bureau, and basically eliminate the paper-based information exchanges within the bureau and improve the overall work efficiency;

2. Strive to achieve networking with major commercial banks, financial transformation centers, social security agencies of cities and counties, major major hospitals, provincial and national competent departmental computers to achieve information sharing and speed up the flow of information;

3. Accelerate the collection and issuance speed of the premiums of the Security Bureau, and meet the basic requirements of the majority of participating units and participants;

4. Provide various modern methods to better serve the participating units and participants;

5. Provide a variety of information query, forecasting and decision support methods to better manage the social security fund services 6. Can adapt to the continuous changes in management institutions and management methods in the future;

7. To promote the continuous improvement of the management level of the Social Security Bureau, from a simple transaction processing to a more advanced management form;

2.2 The basic characteristics of the system:

Conforms to the "Decision of the State Council on Establishing a Basic Medical Insurance System for Urban Employees";

Rely on the existing bank's network to reduce the investment of the Social Security Bureau's construction network. Hand over the management of a large amount of manual labor, especially personal accounts, to banks, greatly reducing the workload of the Social Security Bureau;

Individual accounts and unified funds are managed separately;

All capital transactions are conducted through computer networks, speeding up the turnover of funds;

Safe and reliable, the insured person's data and personal account management adopt advanced and safe IC card management;

The IC card reader of a hospital or pharmacy uploads the transaction details to the issuing bank at the end of each business day. The card issuing bank deducts the cardholder’s consumption amount and transfers it to the account of the hospital's pharmacy.

3, hardware composition 3.1 network structure

3.11 bank IC card network (according to actual needs)

Computer 3.2 Bank equipment:

Host: UNIX server, SCOUNIX5.X; SYBASE database (can develop different product databases according to customer requirements);

Workstation: PC Pentium above configuration; POWERBUILDER front-end development tools;

Workstations can also use UNIX terminals.

3.3 read and write devices

Bank-side equipment: using IC card terminals and equipment that have been approved and tested and approved by the head office of the People's Bank of China, or the existing equipment related to the IC card reading and writing functions of banks and other institutions;

3.4 Smart Card Selection and Standards

Smart cards should use cards that conform to the regulations of the People's Bank of China's Head Office Financial IC Card, and increase the issuer’s personal medical information regarding medical insurance in accordance with relevant national standards and regulations; Social Security IC Cards for Multi-Function Cards require an additional application based on PBOC applications. The basic plan of the card is as follows (taking the G&D Star China card as an example):

3.4.1 File Structure 3.4.2 Social Security Card Planning (The operation of the card in this document is for customer reference only and may be developed in accordance with requirements in practical applications)

Social Security Personal Information Document:

History file:

Transaction log file:

Established according to the PBOC standard and stored the latest records of 10 transactions;

4, software components

The entire system includes two major parts: the Social Insurance Agency medical insurance management system and the bank medical insurance IC card system.

4.1 Medical Insurance Management System

According to customer requirements specific design;

4.2 The main functions of the bank IC card system

4.21 Banking System Management of Cards: Handling card application, unlocking, pinching cards, reporting loss, loss reporting, changing card validity period, password resetting, etc.

Customer service operations: Dealing with cardholders' transaction requests, etc.

Teller Operations 4.22 Bank Server System Online Operating System:

Used to handle online transaction processing services of bank outlets;

POS online operating system:

End-of-day transaction uploading, blacklisting, and control parameters uploading/downloading services for managing POS transactions. System management and POS transaction details inquiry Card management card account management report Print teller management:

The authorizes tellers and distinguishes tellers and senior tellers according to requirements. Different tellers should have different authorities.

4.23 Merchant POS System IC Card Service:

Accept cardholders to change passwords, check balances, check transaction details, etc.;

POS data transfer day-end settlement card transaction (offline consumption)

POS parameter management Communication security control uses dynamic communication keys to encrypt and transmit data to ensure data security and reliability.

4.24 Card Issuer System Key Management System (Introduction to the Second Security Control of Xiang Xie)

PC card issuing software:

The PC-side software of the card-issuing program includes: user operation interface, database operation, data format conversion, and security management;

Card personalization 5, social benefits

5.1 Alleviating the burden of unified management and uniform reimbursement of the Social Security Administration

Social security management and uniform reimbursement model make social security staff fatigued to cope with a large number of personal medical reimbursement payment settlement procedures, unable to play its due function.

The IC card can make full use of the personal account, personal free visits to the characteristics of the use of terminals and networks, automatic payment and settlement. Greatly reduce the burden on the Social Security Bureau and give full play to its supervisory functions.

5.2 Disadvantages of Eliminating Money Management

The original co-ordination model categorizes the personal account funds into the overall control of the Social Security Administration, or the employing units take charge of it. Therefore, there may be a loss of medical special funds. Using the IC card electronic passbook personal account method can make the medical special funds earmarked and can be accumulated. interest.

5.3 Helping hospitals establish a good fee service system

It reduced the daily cash flow of the hospital and realized electronic settlement.

Attach an IC card introduction:

An IC card, or Intergrated Circuit Card or SmartCard, which is an integrated circuit card or smart card, is a card that stores data electrically. It is an electronic device used for large-scale integrated circuits embedded in a substrate.

There are many types of IC cards, including memory cards, encrypted memory cards, CPU cards, and radio frequency cards. A CPU card is an IC card in which a microprocessor for encryption processing and a data memory are packaged together on a substrate. The CPU card has a large information capacity, and it has excellent confidentiality and versatility. Therefore, the CPU card has been widely used in fields such as finance and communication where the confidentiality requirements are high, the amount is large, and the circulation of funds is frequent.

The security of the card as the settlement currency in the medical insurance system is very important, so the security of the card becomes the focus of the system design.

IC card main features

It is highly confidential and cannot be deciphered. Due to the use of the CPU card, most of the encryption process is completed on the card, the outside world can not intervene, and the use of international standard encryption algorithm, with special encryption technology to encrypt the data on the card. In addition, the data on the card can be set with different encryption levels, even if the card is used in circulation, it also protects important data. At the same time, mutual authentication technology is used. It is a very secure security measure that not only the system needs to identify the card, but also the card must identify the system. Secondly, multiple encryption technology is used. When the system reads a card, it simultaneously checks the password information on the card and the cardholder's personal password and system password. There is an incorrect one, and the data on the card cannot be read.

Large data capacity. This system uses the CPU card to store not only fueling information but also personal information of cardholders. In addition, a large amount of storage space is also conducive to the upgrade and expansion of the system.

It has a long service life, unlimited reading times, write times of up to 100,000 times, and support for partial writing, which greatly improves the service life of the card.

The card's loss method is blacklisted. This is a common practice in all major financial systems today. The IC card medical insurance system is no longer a small closed system, and the system can be well expanded and upgraded.

Data reliability is very high. Due to the use of integrated circuits to store data, data is not lost and is not afraid of strong magnetic field interference. Write data can be retained for many years.

Meet the ISO7816-1, 2, 3, 4 international standards.

IC card type comparison MEMORY card
MEMORY card (including contact and non-contact) only has memory, no CPU and card operating system, encryption is only circuit logic encryption, data between the card reader and card device is transmitted in plaintext, security is not high Easy to forge. Therefore, the MEMORY card cannot be used as a financial transaction card.

B. CPU card

With its superior convenience, security, and management functions, CPU cards have been increasingly applied to all levels of society and are increasingly accepted and welcomed by all walks of life. The CPU card is highly integrated with a central processing unit (CPU), memory, and card operating system. It is essentially an ultra-microcomputer. The card operating system completely isolates the internal data unit of the card from the external data interface. All reading and writing of the internal data unit of the card must be performed by the card operating system; the card operating system can perform all sensitive data and instructions transmitted through the external data interface. DES, 3DES, or RSA algorithm encryption prevents data leaks due to eavesdropping on external data channels, so direct access to smart card content from outside is not possible. The use of the card operating system must submit the correct key, so any illegal operation, such as the use of "pseudo-cards", "pseudo-POS machines", forged chargebacks or deposit transaction orders, falsified transaction records, etc., are not possible. Therefore, our system uses smart cards. Banks can confidently store important information directly on smart cards such as account numbers, balances, passwords, and various specific information. At the same time, smart cards can easily be “offline” due to reliable security mechanisms. consumption".

Attached Second System Safety Control I. Safety Security Control IC Cards
a. Enclosed transactions are performed by connecting the terminal to the bank server system in online mode for authorization authentication.

b. The enclosing process of the smart card system is always an online operation. A mutual authentication method based on symmetric encryption is used to verify the authenticity of the electronic wallet card. The encryption process based on the DES algorithm is used for the crediting process. The keys necessary for all loading processes are stored in the encryption server of the bank server system. The server generates a card-specific transaction code and transmits it to the IC card. The IC card verifies the authenticity of the code and accordingly increases the stored balance.

c. The benefits of this online loading method are:

● The key to the loading process is stored in a secure environment;

● All data related to the loading process are stored on the bank host and can be used for security procedures such as monitoring;

● When connecting online, blacklist check can be performed and the card can be locked;

● Only real IC cards can process transaction codes.

Because the electronic passbook usually requires a PIN code when it is used, it cannot be used anonymously by others. The balance in the card can be read at the POS terminal or with a portable balance reader at any time. However, the remaining amount in the e-wallet can be freely used for shopping, so if the e-wallet is lost, it cannot be guaranteed to be refunded.

IC card payment security

Payment transactions take place offline at the POS terminal. A mutual authentication is performed using the DES algorithm before payment. For secure communication and verification of transactions stored in the terminal, the POS terminal is equipped with a terminal card (PSAM). The PSAM contains all the security elements (keys) of the terminal, which are essential for the secure execution of the card and terminal transactions. In the process of mutual authentication, the electronic wallet will calculate a transaction code for the payment transaction and deduct the amount from the balance. The transaction code is transmitted to the PSAM in the terminal. PSAM verifies the authenticity of the transaction code and increases the PSAM balance accordingly. In addition, PSAM uses a cryptographic certificate to ensure that all transactions are performed correctly.

In the default setting, transactions processed by a terminal are accumulated in the PSAM. Specific requirements, by changing the parameters of the smart card system, can modify the set value, used to store all of the selected part of the transaction or switch to a single transaction mode.

Transaction security
● Through on-line collection, the daily transaction data is delivered to the bank via online communication in batches.

● The system service provider collects the amount of payment transactions accumulated in the system (or, if necessary, the amount of each payment transaction) always signed with an encrypted authentication code. This ensures that only real transactions can be accepted by the bank.

To prevent losing data, transaction data is always copied and saved in the POS terminal. Even if the transmission card is lost or the data transmission is unsuccessful, the service provider will not lose the amount because the unsuccessful transmission can be re-executed at any time.

II. Safety Management in the Production Process of Card Issuer Safety Control Cards

Based on the current status quo in China, the personalization of the cards will be completed by the providers themselves. Therefore, the cards we supply will include the complete operating system and the key COMPLETIONKEY for controlling the security of the card initialization. This key controls access to card memory during personalization.

In the personalization process, the wallet key (PURSEKEY) is protected by the transport key (TRANSPORTKEY). There is no key between the personalization system and the card that is transmitted in clear text. The decryption of the card key is done inside the card during the personalization process.

Card Management Security Management

The protection in the issuing process is realized by the function of the card itself. Because the balance of the card is zero during the production and personalization of the card, there is no need to technically lock this card. Because the PIN is required to enter the PIN, the PIN is passed to the cardholder via a sealed PIN code envelope. No PIN This card is useless.

Card security management during use

All security keys are securely stored on the smart card, and each transaction type uses a different key (the principle of the key's dispersion). If a key is exposed or stolen for some reason, the system can still work safely. For example, if the credit key of a certain card is stolen, you can still use this card to make payment and credit transactions because there are many sets of keys stored on the smart card. After the ringing key is stolen, it is only necessary to change the key in the related SAM according to a certain updating process, and another set of keys can be changed without replacing the customer smart card.

When the cardholder holds a card for consumption or circulation:

a.PIN will be used to authenticate the cardholder’s legitimacy.

b. Very strict authentication will be performed between the customer card and the terminal, and between the online transaction and the host.

This certification process includes two-way authentication between cards and devices, devices and devices, as well as verification of the data transmitted and used between them.

c. We have developed a secure storage module (SAM) for sales terminals and storage terminals to make the authentication process safer and easier to manage.

Card lock

Card lock can be done offline on the terminal, or an application can be locked by the online communication mode with the host. These two possible options are optional. There is a black list stored in the C&A system. According to this black list, some cards can be rejected. The black list can also be downloaded to the terminal for use during offline operation.

In the normal payment environment, the customer card is rejected only when it appears in the blacklist in the terminal. In the circled transaction, because the ringing terminal is operated online, when the customer card appears in the blacklist in the system, it will be rejected.

Home Furnace Gas Valve

Home Furnace Gas Valve,Home Gas Furnace,Home Gas Stove Burner,Home Gas Stove Burner With Valve

GUOLONG PRECISION VALVE CO.,LTD , https://www.glstovevalve.com