Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rapid Authentication Systems?

Posted by Cliff on from the secure-yet-fast dept.

Barrington Johnson asks: "I am an emergency physician, and am looking for a solution for authentication which is compatible with rapid logons and logoffs. We have several web-based terminals into which we put information. The web application gives a real-time representation of the emergency department, so it is important that it is kept up to date. We have an opportunity to re-design our system, and I know that if I make the authentication process too difficult e.g. username+password, doctors will store up their data entry, and do it all in one go, removing the real-time usefulness of the display. At what level (application/browser/system) should authentication occur, and what method would be best?" Might a smartcard-based authentication system work well in this situation?

3 of 48 comments (clear)

  1. Simple answer... by SoCalChris · · Score: 4, Insightful

    I am an emergency physician

    Hire a professional web designer that specializes in security. I wouldn't want people to expect me to be a doctor, and I wouldn't want a doctor designing a secure web site for me.

    No offense, but for something like medical records, stick to what you went to school for.

    1. Re:Simple answer... by sixseve · · Score: 4, Insightful

      I don't think he's planning to implement this himself. When you hire a web designer or system implementor you need to know what to ask for, and I think that's what he's trying to figure out here.

  2. Depends on your security needs by hackstraw · · Score: 4, Insightful

    I'm not sure how sensitive the data is, but I'm assuming its relatively low. (Please don't go on a tangent here, there is little to no security involved with paper files...)

    The quickest/easiest/cheapest way would be to use a standard mag strip reader or an RFID tag with no pin/password etc, just a swipe, and someway to "logout".

    If more security is needed or possibly variable security needed (maybe 1st screen is kinda public domain, but to get more details you need more authentication), then a smartcard that uses its serial number as a token like in the RFID or mag strip example I just gave, and then the user would have to put in a PIN to get the more sensitive data.

    The fortunate thing is that all 3 technologies are pretty inexpensive and easy to work with.