BS DD ENV 13608-2-2000 Health informatics - Security for healthcare communication - Secure data objects《医疗保健信息学 保健通信的安全性 安全数据对象》.pdf

1、| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DRAFT FOR DEVELOPMENT DD ENV 13608-2:2000

2、ICS 35.240.80 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW Health informatics Security for Healthcare communication Part 2: Secure data objectsThis British Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standar

3、ds Committee and comes into effect on 15 August 2000 BSI 08-2000 ISBN 0 580 35486 5 DD ENV 13608-2:2000 Amendments issued since publication Amd. No. Date Comments National foreword This Draft for Development is the English language version of ENV 13608-2:2000. This publication is not to be used as a

4、 British Standard. It is being issued in the Draft for Development series of publications and is of a provisional nature due to the limited duration of the European prestandard. It should be applied on this provisional basis, so that information and experience of its practical application may be obt

5、ained. Comments arising from the use of this Draft for Development are requested so that UK experience can be reported to the European organization responsible for its conversion into a European Standard. A review of this publication will be initiated 2 years after its publication by the European or

6、ganization so that a decision can be taken on its status at the end of its three-year life. The commencement of the review period will be notified by an announcement in Update Standards. According to the replies received by the end of the review period, the responsible BSI Committee will decide whet

7、her to support the conversion into a European Standard, to extend the life of the prestandard or to withdraw it. Comments should be sent in writing to the Secretary of BSI Technical Committee IST/35, Health Informatics, at 389 Chiswick High Road, London W4 4AL, giving the document reference and clau

8、se number and proposing, where possible, an appropriate revision of the text. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this document

9、may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facility of the BSI Standards Electronic Catalogue. Summary of pages This document comprises a front cover, an inside front cover, the ENV title page, pages 2

10、 to 23 and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued.EUROPEANPRESTANDARD PRNORMEEUROPENNE EUROPISCHEVORNORM ENV136082 May2000 ICS35.040;35.240.80 Englishversion HealthinformaticsSecurityforhealthcarecommunicationPart 2:Securedataobj

11、ects ThisEuropeanPrestandard(ENV)wasapprovedbyCENon29July1999asaprospectivestandardforprovisionalapplication. TheperiodofvalidityofthisENVislimitedinitiallytothreeyears.AftertwoyearsthemembersofCENwillberequestedto submittheir comments,particularlyonthequestionwhethertheENVcanbeconvertedintoaEuropea

12、nStandard. CENmembersarerequiredtoannouncetheexistenceofthisENVinthesamewayasforanENandtomaketheENVavailablepromp tly atnationallevelinanappropriateform.Itispermissibletokeepconflictingnationalstandardsinforce(inparalleltothe ENV)untilthefinal decisionaboutthepossibleconversionoftheENVintoanENisreac

13、hed. CENmembersarethenationalstandardsbodiesofAustria,Belgium,CzechRepublic,Denmark,Finland,France,Germany,Greece, Iceland,Ireland,Italy,Luxembourg,Netherlands,Norway,Portugal,Spain,Sweden,SwitzerlandandUnitedKingdom. EUROPEANCOMMITTEEFORSTANDARDIZATION COMITEUROPENDENORMALISATION EUROPISCHESKOMITEE

14、FRNORMUNG CentralSecretariat:ruedeStassart,36B1050Brussels 2000CEN Allrightsofexploitationinanyformandbyanymeansreserved worldwideforCENnationalMembers. Ref.No.ENV136082:2000EPage2 ENV136082:2000 Contents Foreword3 Introduction.3 1Scope 5 2Normativereferences. 5 3Termsanddefinitions 5 4Symbolsandabb

15、reviations .10 5RequirementsforSecuredataobjects .11 6CryptographicalgorithmsforusewithS/MIMECMS15 AnnexA (Informative)Plaintextrecovery.17 AnnexB (Informative)X.400SMTPgatewaying 19 AnnexC (Informative)Securitywrappingoverview21 AnnexD (Informative) Whatcanbesecured? 22 Bibliography 23Page3 ENV1360

16、82:2000 Foreword ThisEuropeanPrestandardhasbeenpreparedbyTechnicalCommitteeCEN/TC251“Healthinformatics“,the secretariatofwhichisheldbySIS. AccordingtotheCEN/CENELECInternalRegulations,thenationalstandardsorganizationsofthefollowing countriesareboundtoannouncethisEuropeanPrestandard:Austria,Belgium,C

17、zechRepublic,Denmark, Finland,France,Germany,Greece,Iceland,Ireland,Italy,Luxembourg,Netherlands,Norway,Portugal,Spain, Sweden,SwitzerlandandtheUnitedKingdom. Thismultipartstandardconsistsofthefollowingparts,underthegeneraltitle SecurityforHealthcare Communication(SECCOM): Part1:ConceptsandTerminolo

18、gy Part2:SecureDataObjects Part3:SecureDataChannels ThisstandardisdesignedtomeetthedemandsoftheTechnicalReportCEN/TC251/N98110Health Informatics Frameworkforsecurityprotectionofhealthcarecommunication . ThisstandardwasdraftedusingtheconventionsoftheISO/IECdirectivePart3. ThedraftstandardprENV136082c

19、ontainedinnormativeannexesAandBcopiesofIETFdraftsthathave beenapprovedasRFC2633andRFC2630respectivelyaftertheapprovalvotebutbeforethisprestandardis published.ThesearenownormativereferencesavailablethroughIETFandnotincludedinthispublication.The remainingannexesareallinformativearerenumberedaccordingl

20、y. Introduction Theuseofdataprocessingandtelecommunicationsinhealthcaremustbeaccompaniedbyappropriatesecurity measurestoensuredataconfidentialityandintegrityincompliancewiththelegalframework,protectingpatients aswellasprofessionalaccountabilityandorganizationalassets.Inaddition,availabilityaspectsar

21、eimportantto considerinmanysystems. Inthatsense,theSECCOMseriesofstandardshastheintentionofexplaininganddetailingtothehealthcare enduserthedifferentalternativestheyhavetocopewithintermsofsecuritymeasuresthatmightbe implementedtofulfiltheirsecurityneedsandobligations.Incorporatedwithinthisisthestanda

22、rdizationofsome elementsrelatedtotheinformationcommunicationprocesswheretheyfallwithinthesecuritydomain. Inthecontinuityofthe Frameworkforsecurityprotectionofhealthcarecommunication (CEN/TC251/N98 110),hereafterdenoted the Framework,whoseCENReportaimedatpromotingabetterunderstandingofthe securityiss

23、uesinrelationstothehealthcareITcommunication,thisEuropeanPrestandardshallaidinproducing systemstoenablehealthcareprofessionalsandapplicationstocommunicateandinteractsecurelyandtherefore safely,legitimately,lawfullyandprecisely. TheSECCOMseriesofstandardsarekeycommunicationsecuritystandardsthatcanbeg

24、enericallyappliedtoa widerangeofcommunicationprotocolsandinformationsystemapplicationsrelevanttohealthcare,thoughthey areneithercompletenorexhaustiveinthatrespect.Thesestandardsmustbedefinedwithinthecontextand scenariosdefinedbyTC251Workprogramme,inwhichthemessagingparadigmforinformationsystem inter

25、actionis oneoftheessentials,aswasreflectedbythe Framework. ThisPart2oftheEuropeanPrestandardonSecurityforHealthcareCommunicationdescribeshowtosecure arbitraryoctetstringsthatmaybeusedinEuropeanhealthcare.Anarbitraryoctetstringmightforexamplebean EDIFACTmessage,apatientrecord,etc.Securingwithinthecon

26、ceptscontainedwithinthisEuropean prestandardincludethepreservationofdataintegrity,thepreservationofconfidentialityandaccountabilityin termsofauthenticationofbothcommunicatingparties.Page4 ENV136082:2000 Thisstandarddoesnotspecifymethodsrelatedtoavailability,storageortransportationofdata,keycertifica

27、tes orotherinfrastructuralissues,nordoesitcoverapplicationsecurityaspectssuchasuserauthentication. NOTE Thisstandarddefinesamethodologytosecuretheoctetstringtoallowittobetransportedsecurely overinsecurenetworks,independentoftheunderlyingtransportationsystem,e.g.emailorEDIsystem. Thestandardencompass

28、esmechanismsforencryptionanddigitalsignature,andwillallowthatthese mechanismsareusedindependently.Page5 ENV136082:2000 HealthinformaticsSecurityforhealthcarecommunication Part2:Securedataobjects 1 Scope ThisEuropeanPrestandarddefinesastandardwayofsecuringhealthcareobjects.Theobjectsaresecuredin such

29、awaythattheycanbetransportedoveropen,unsecurednetworks,orstoredinopenunsecuredrepositories. Anapplicationisabletodecidewhethertoapplyanycombinationofencryptionanddigitalsignaturetoan object. IngeneralthisEuropeanPrestandarddoesnotconsiderthecontentsoftheobjects,butcanbeappliedtoany octetstring. This

30、EuropeanPrestandardisbasedonexistingsecuritystandards. ThisEuropeanPrestandarddoesnotconsiderhowtheactualsecurityisappliedtotheobjects.Asecurity infrastructureisassumed,whichisusedforperformingtheactualsecurityoperations. 2 Normativereferences ISO8824 InformationtechnologyOpenSystemsInterconnectionS

31、pecificationofAbstract SyntaxNotationOne(ASN.1)(Version219910424) IETFRFC2630 InternetEngineeringTaskForce:CryptographicMessageSyntax(CMS) IETFRFC2633 InternetEngineeringTaskForce:S/MIMEversion3MessageSpecification ISO88241:1995 InformationTechnologyOpenSystemsInterconnectionSpecificationofAbstract

32、SyntaxNotationOne(ASN.1)Part1:Specificationofthebasenotation PKCS#7 CryptographicMessageSyntaxVersion1.5,RFC2315 MIXERBPT MappingbetweenCCITX.400andRFC822/MIMEMessageBodies,RFC2157 CCITX.400 ITUDataCommunicationNetworks:MessageHandlingSystemsX.400 3 Termsanddefinitions 3.1 accountability Theproperty

33、thatensuresthattheactionsofanentitymaybetraceduniquelytotheentityISO74982 3.2 asymmetriccryptographicalgorithm Analgorithmforperformingenciphermentorthecorrespondingdeciphermentinwhichthekeysusedfor enciphermentanddeciphermentdifferISO101811 3.3 authentication Processofreliablyidentifyingsecuritysub

34、jectsbysecurelyassociatinganidentifieranditsauthenticator. SeealsodataoriginauthenticationandpeerentityauthenticationISO74982 3.4 availability PropertyofbeingaccessibleanduseableupondemandbyanauthorisedentityISO74982 3.5 certificaterevocation Actofremovinganyreliablelinkbetweenacertificateanditsrela

35、tedowner(orsecuritysubjectowner),because thecertificateisnottrustedanymorewhereasitisunexpiredPage6 ENV136082:2000 3.6 certificateholder Anentitythatisnamedasthesubjectofavalidcertificate 3.7 certificateuser Anentitythatneedstoknow,withcertainty,thepublickeyofanotherentityISO95948 3.8 certificatever

36、ification Verifyingthatacertificateisauthentic 3.9 certification Useofdigitalsignaturetomaketransferablestatementaboutbeliefsofidentity,orstatementsaboutdelegation ofauthority 3.10 certificationauthority Anauthoritytrustedbyoneormoreuserstocreateandassigncertificates.Optionallythecertificationauthor

37、ity maycreatetheuserskeysISO95948 3.11 ciphertext Dataproducedthroughtheuseofencipherment.ThesemanticcontentoftheresultingdataisnotavailableISO 74982 3.12 ciphersuite Anencodingforthesetofbulkdatacipher,messagedigestfunction,digitalsignaturealgorithmandkey exchangealgorithmusedwithinthenegotiationph

38、aseofTLS 3.13 communicationprotectionprofile CPP Astatementofsystematictranslationformcommunicationsecurityneedstotechnologicalconcepts 3.14 communicationsecurity Securityofsecurityobjectscommunicatedbetweensecuritysubjects 3.15 confidentiality Thepropertythatinformationisnotmadeavailableordisclosed

39、tounauthorisedindividuals,entities,or processesISO74982 3.16 cryptography Thedisciplinewhichembodiesprinciples,means,andmethodsforthetransformationofdatainordertohideits informationcontent,preventitsundetectedmodificationand/orpreventitsunauthoriseduseISO74982Page7 ENV136082:2000 3.17 cryptographica

40、lgorithm cipher analgorithmusedtotransformdatatohideitsinformationcontentwhichisusedintheprocess ofencryption(see3.22) 3.18 dataintegrity ThepropertythatdatahasnotbeenalteredordestroyedinanunauthorisedmannerISO74982 3.19 dataoriginauthentication Thecorroborationthatthesourceofdatareceivedisasclaimed

41、ISO74982 3.20 decryption decipherment Processofmakingencrypteddatareappearinitsoriginalunencryptedform.Thereversalofacorresponding reversibleencipherment 3.21 digitalsignature Dataappendedto,oracryptographictransformation(seecryptography)ofadataunitthatallowsarecipientof thedataunittoprovethesourcea

42、ndintegrityofthedataunitandprotectagainstforgerye.g.bytherecipient ISO74982 3.22 encryption encipherment Thecryptographictransformationofdata(seecryptography)toproduceciphertextISO74982 3.23 hashfunction A(mathematical)functionthatmapsvaluesfroma(possiblyvery)largesetofvaluesintoasmallerrangeof valu

43、esISO101811 3.24 integrity Thepropertyofbeingunmodifiedbyanykindofunauthorisedsecuritysubject 3.25 key AsequenceofsymbolsthatcontrolstheoperationsofenciphermentanddeciphermentISO74982 3.26 keydistribution Processofpublishing,ortransferringtoothersecuritysubjectsacryptographickey 3.27 keyexchangealgo

44、rithm AnalgorithmusedtoderiveasharedsecretoveranopencommunicationschannelPage8 ENV136082:2000 3.28 keygeneration Processofcreatingacryptographickey 3.29 keymanagement Thegeneration,storage,distribution,deletion,archivingandapplicationofkeysinaccordancewithasecurity policyISO74982 3.30 messagerecovery Processofathirdpartydecryptinganencryptedmessage 3.31 onewayfunction A(mathematical)functionthatiseasytocomputebut,when