Saturday, July 11, 2009

German health-card project at risk due to PKI problems

This is kind of entertaining because it is part of the 101 of PKI, key management. according to Heise, one of the larger publisher of IT magazines in Germany the root key of the CA has been lost. As a result no more health-cards signed by the CA or even revocation of existing health cards can be done. At least this is just the initial trial of this large project, which would mean that nearly every German citizen has a health card signed by that root CA.

According to Heise online, Gematik the company in charge commissioned D-Trust, a subsidiary of the Bundesdruckerei (Mint), to act as the root CA for the health card PKI.

Heise online interviewed Matthias Merx, the firm's managing director, following a voltage drop, "something unusual happened" (comment: whatever that means??) in the D-Trust's "Trustcenter" and the HSM independently deleted the data because it suspected an attack.

Comment: Good job - just like old times when you had your Cyanide capsule.

Read the full article at: http://www.h-online.com/security/Loss-of-data-has-serious-consequences-for-German-electronic-health-card--/news/113740

1SSA - Security consulting, training and products: http://www.1ssa.net