Security keys
Information about NHS CIS2 authentication security keys.
Security keys are typically small physical devices that connect to devices via a USB port or NFC.
They are a simpler alternative to smartcards that require no installation of software or certificate renewal and are small and convenient enough to be attached to a set of keys or a lanyard.
See a list of supported keys.
Convenient
- Users can share desktops/laptops and authenticate with their own individual security key
- No need for a smartcard or reader
- Enables secure authentication to national clinical information systems over the internet
Choosing security keys
Users tend to find authenticating with security keys works well when they:
- access multiple machines
- are quite mobile, working in different buildings/offices
Live environment security keys
CIS2 Authentication allows security keys to be used if they meet FIDO2 Certificate Level 2.
To see which security keys meet FIDO2 Certificate Level 2, go to the FIDO Certified Products page (opens in a new window) and use these filter options:
- Specification: FIDO2
- Company: leave blank
- Type: Authenticator
- Authenticator Level: Level 2
- Product Name: leave blank
Reliable
NHS CIS2 Authentication is a platinum service, supported 24 hours a day, 7 days a week.
See our latest availability statistics.
Case study
Dentists in London accessing e-RS
The organisation and service
NHS North East London ICB wanted their dentists to be able to refer patients for treatments using e-RS without the restriction of having to use a desktop connected to a HSCN
Moving to NHS CIS2 Authentication
Yubikey 5 security keys were procured by local IT and provided to the users.
To start using NHS CIS2 Authentication, the dentists needed to meet with their RA who helped them to register the security key to the user's Care Identity profile.
The experience
The dentists in London found the registration process to be very quick and simple.
They can now refer patients using e-RS over the internet using their security key to authenticate.
Considerations for organisations providing IT Support
- No additional software is needed as it uses open standards - just procure, register and use
- No certificate renewals required
Procurement
The procurement and distribution of security keys is the responsibility of the Trust, organisation or user.
Only Security Keys that meet NHS England cyber security standards are acceptable for use with NHS CIS2 Authentication (see above).
Registering devices to users
Each user must:
- have their own security key
- register their security key to their Care Identity profile, supported by a Registration Authority (RA).
Network configuration
NHS CIS2 Authentication is primarily an Internet Only service, therefore, some configuration may be required to enable access:
- out to NHS CIS2 Authentication
- in from NHS CIS2 Authentication