Security Protection Profile on Smart Card System Using ISO 15408 Case Study: Indonesia Health Insurance Agency

Abstract

Indonesia Health Assurance Agency also called BPJS is the most important part of the Indonesian people as a health insurance agency. BPJS want to improve the quality of healthcare by applying information technology. One way to improve the quality of service BPJS is implementing smart card technology. this new system, BPJS smart card system, is consisted of two part, there are a smart card and smart card reader. Beside it can be searching BPJS members faster and easier than before (offline system), every card member has a temporary storage enough to save nominal of their own insurance premium. Therefore, smart card system needs security requirements to make sure data in every card member is still secure and confidential when implementing this smart card technology. With that problem, this research creates security design proposal from Protection Profile document by evaluating smart card system of BPJS using Common Criteria Framework (ISO 15408). And then this methodology research is using (ISO 15446) to guide the development of Protection Profile document. Common Criteria Framework for the security of smart card make security design becomes more systematic. This research is consisting of 3 steps, first analyzing threats, second designing security objectives, the last designing security function requirements. Threats assessment and analysis in this research has result 10 threats. From previous step then designed 12 points security objectives. At third step, the security functional requirements need to be analyzed and founded, has 36 security functional requirements from 12 points security objectives before. Prototype has built based on all of security functional requirements that already recommended. The evaluate result shows that all of system use case has been tested according system functional requirement.