There are two steps to follow:
Step 1: Administrative phase
Should you wish to order test CPS cards or register authorisations for test software, you may:
- read our complete products offer ;
- place an order
To place an order, select your Profile and your Structure, then choose “Produits de développement. Commander des produits de développement : carte et/ou certificat logiciel de test" (Test products for products, cards and/or test software).
Step 2: Technical phase
Use the card you validated after step 1 in order to connect with the Trusted Platform IGC-Santé. You will be able to order, withdraw, monitor and revoke test certificates through the IHM or Webservice interface.
In order to do so, make sur you have inserted your test card in the card reader.
Read more about specific setup guidelines:
There are two main reasons for the creation of IGC-Santé :
- guaranteeing the security of private keys and certificates issued by the ANS: the access to these private keys must be limited in order to prevent duplicates or their installation more than one device;
- maintaining a continuity in services: many health apps used to work on certificates issued by former CKI that ceased their activity in January 2021. These apps must be compatible with certificates issued by the IGC-Santé.
In addition, these certificates meet the security standards (risk analysis, safety policies), or “Certifying Policies” that comply with the PGSS-IS guidelines.
In order to make the check lists more transparent and reduce the risk of seeing your Ségur application denied, we have published a document listing common mistakes, which is available below:
To make sure your software complies with the guidelines required to implement INS into software, several documents are available:
The IGC-Santé is dedicated to the health sector and follows strict procedures in terms of data collection, professional identification, and works with certified authorities (RPPS register, etc.).
The certificates issued by the IGC guarantee the security of software or electronic cards, such as the CPS card.
The IGC also manages the publication of these certificates and can revoke them – this is signalled to the apps using certificates in revocation listings.
CPx cards issued before December 2020 have a contactless chip that prevents from overwriting its code.
The new CPS R3V3 cards that are now in circulation have a Mifare Desfire chip. These cards can stock crypto-secret keys that work with the Mifare Desfire protocol.
All the information about this feature is available in the Manual to deploy contactless CPx cards (available to download below). One must be cautious about the data inserted in the chip’s writing code.
We strongly advise against using this section of the chip to stock access rights. The ANS recommends you to use the ANSSI guidelines on using a "transparent" reader in connected mode. This does not involve a cryptographic protocol during a badge authentication – only the UTL (logic treatment unit) takes part in the cryptographic protocol.
ANSSI advises against setting up a “smart” badge allowing a double authentication breaking from the UTL.
All the recommendations on securing systems for physical access and video projection are available in the document below, "Recommendations on securing systems for physical and video projection access".
Our partner, the GIE Sesam-Vitale, is here to provide you with support and answer your questions about your software project, how to integrate INSi, or solve any potential technical setbacks.
The helpdesk is available by phone at +33 (0)2 43 57 42 88, from 9am to 12noon, and from 2pm to 6pm, Monday to Friday. You may also send an email to firstname.lastname@example.org.
The registration process is divided into two parts: the software publisher enrols with the ANS and later sends their application material (credentials). You may enrol any time before sending your credentials. Once your registration is validated, a web repository will be activated for you to upload your credentials in relation to your chosen DSR sector.
Oui il le peut. S'il opère sur un marché concurrentiel (sous la forme d'une distribution GIE / GIP) il pourra entrer dans le Système Ouvert et Non Sélectif.
S'il n'opère pas sur un marché concurrentiel (ie in house), nous devrons traiter au cas par cas.
Dans tous les cas, le respect des exigences techniques sera obligatoire.
Oui ces changements de version seront financés sous la conditions :
- d'être référencés (ie respecter les exigences techniques)
- de démontrer qu'ils ont été mis en oeuvre, notamment par l'envoi d'un minimum de données dans le DMP et par Messagerie Sécurisé de Santé