CP-IS Client Overview

1

Author: Mat Barrow, Spine2 Functional LeadDate: 3rd Dec 2013

Background

• CP-IS Client based on a similar NHS client (DBS):Files are just dropped into/picked from a folder which is specified during installation

• Batch handling and Spine messaging managed within client to minimise complexity and reduce LA system processing and network load

• Local logging for errors/exceptions in addition to file-level response messages

• Simple to install (see later slides)

2

Technical Requirements

• NHS Network (N3) connection (including IG Toolkit) or government network with a functional gateway to N3.• HSCIC will register a Spine end-point for each LA, and advise the Accredited System ID (ASID) for use during installation of the client.• Each LA will need to install its own certificate*• Java Runtime Environment 6 (JRE6)• Windows or Linux OS.

Windows 7 and Ubuntu 12.04 have been tested.Other flavours may be tested where required but only the HSCIC warranted environment is supported.

• The minimum hardware specification is currently that required for JRE6.

3

Security

4

• Certificate DN specific to LA: no sharing/reuse• CP-IS certificates only work for CP-IS messaging • ASID and Interactions checked for CP-IS certificates

(No requirement for logon authentication)• TLS Mutual Authentication with >=1024 bit (ideally 2048 bit)

certificates• Uses port 443 which will need to be opened in firewalls• Requires a secure server in a secure location• HSCIC is arranging for independent Penetration testing to be

conducted against the CP-IS Client and Spine 2 itself, thereby giving assurance to LAs about the overall security of the solution.

5

Integration with Spine – Upload

6

Integration with Spine – Query

7

Installation Steps: 1

8

Installation Steps: 2

9

Installation Steps: 3

10

Installation Steps: 4

11

Installation Steps: 5

These IDs will be supplied by HSCIC

12

Installation Steps: 6

13

Installation Steps: 7

14

Installation Steps: 8

15

Installation Steps: 9