How to: Use Medicare PKIs on Windows 64 bit
When you buy a new computer these days, it is likely that it will come with a 64-bit version of a Microsoft operating system, either the popular Windows 7 or the newest Windows 8.
The 64-bit version is a good choice, as it can support more than 4GB of RAM and it can run both 32 and 64-bit applications. Windows 32 bit, on the other hand, cannot run 64-bit applications.
However, if like me, you have been using a Medicare PKI individual certificate for authentication, for example to access the Health Professional Online Services (HPOS) portal, you may have noticed that it does not work properly on a 64-bit system.
When you want to use your Medicare individual PKI token on a new computer, you are required to install the supporting software:
- a system driver for the USB token (smart card reader)
- a token administration utility (SafeSign Identity Client)
- and the Medicare Australia Chain of Trust.
Unfortunately, the CD provided with the tokens (release 1.1 April 2010) included only the software for 32-bit operating systems, which will not work on a Windows 64-bit platform.
Searching for an updated version of the supporting software was not straightforward. At first I looked in the download section of the Medicare PKI website Medicare PKI website but I could not find any updated software.
I therefore contacted Medicare directly and was advised that they do not currently support Windows 64 bit OS.
I finally located the updated driver on the Gemalto website. This driver allows the operating system to correctly identify and handle the token (card reader and smart card).
If you now install the token administration utility provided on the CD (version 2.3/32 bit) you will be able to access the HPOS portal using the USB token. This is possible only using the 32-bit version of the Internet Explorer browser, which you can find either in the Windows start menu (all programs) or in C:\Program Files (x86)\Internet Explorer\iesplore.exe.
If you use the default 64-bit version of Internet Explorer or any other unsupported browser such as Firefox or Chrome to access HPOS, you will encounter the following error message: "An attempt to authenticate with a client certificate failed. A valid client certificate is required to make this connection."
However, if your practice uses thin client and a 64-bit Windows remote desktop server (or terminal server), the above solution still will not work. You will have to obtain a 64-bit version of the SafeSign Identity Client (version 3.0).
(Please note that this is commercial software and therefore you will not find it as a free download over the Internet. If you Google it, the results may take you to several places that offer illegal copies of the software, which may be infected with malware.)
You should obtain a legal copy of the SafeSign software from Medicare or from the Australian distributor, Giesecke & Devrient Australasia, on 03 9765 1200.
Finally, do not forget to install the Chain of Trust file. You do not need an up-to-date version of this as the one from the CD or from the Medicare website will be fine.
Simply double click on it, follow the installation wizard accepting all the default options and when prompted for a password, enter the following: Pass-123.
Job done!Alberto Tinazzi is a certified IT security consultant and director of eHealth Security Services.
Posted in Australian eHealth