ImageVerifierCode 换一换
格式:PDF , 页数:25 ,大小:1.21MB ,
资源ID:727342      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-727342.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ENV 13608-3-2000 en Health Informatics - Security for Healthcare Communication - Part 3 Secure Data Channels《健康信息学 保健通讯安全性 第3部分 安全数据通道》.pdf)为本站会员(孙刚)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ENV 13608-3-2000 en Health Informatics - Security for Healthcare Communication - Part 3 Secure Data Channels《健康信息学 保健通讯安全性 第3部分 安全数据通道》.pdf

1、 STD-BSI DD ENV 13bO8-3-ENGL 2000 Lb24bb 0858L4 885 DRAFT FOR DEVELOPMENT Health informatics - Security for Healthcare communication - Part 3: Secure data channels ICs 35.240.80 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW DD ENV 13608-3 :ZOO0 National foreword been prepare

2、d under the Mon of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 August 2000 bd. No. O BSI 082000 ISBN O 580 36486 7 This DE 18 Annex D (informative) Plaintext recovery . 21 Bibliography . 22 Page 3 ENV 13608-312000 Foreword This European Pr

3、estandard has been prepared by Technical Committee CENEC 25 1 “Health informatics“, the secretaxiat of which is held by SIS. According to the CENKENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this European Prestandard: Austria, Bel

4、gium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. This multipart standard consists of the following parts, under the general title Security for Healthcare Communicati

5、on (SEC-COM): - - - Part 1: Concepts and Terminology Part 2: Secure Data Objects Part 3: Secure Data Channels This standard is designed to meet the demands of the Technical Report CEN/TC251/N98-110 Informatics - Framework for security protection of health care communication. Health This standard was

6、 drafted using the conventions of the ISODEC directive Part 3. All annexes are informative. Introdwc tion The use of data processing and telecommunications in health care must be accompanied by appropriate security measures to ensure data confidentiality and integrity in compliance with the legal fr

7、amework, protecting patients as well as professional accountability and organizational assets. In addition, availability aspects are important to consider in many systems. In that sense, the SEC-COM series of standards has the intention of explaining and detailing to the healthcare end user the diff

8、erent alternatives they have to cope with in terms of security measures that might be implemented to fulfil their security needs and obligations. Incorporated within this is the standardization of some elements related to the information communication process where they fall within the security doma

9、in. In the continuity of the Framework for security protection of health care communication (CENEC25 1/N98- llO), hereafter denoted the Framework, whose CEN Report aimed at promoting a better understanding of the security issues in relations to the healthcare IT-communication, this European Restanda

10、rd shall aid in producing systems to enable health professionals and applications to communicate and interact securely and therefore safely, legitimately, lawfully and precisely. The SEC-COM series of standards are key communication security standards that can be generically applied to a wide range

11、of communication protocols and information system applications relevant to healthcare, though they are neither complete nor exhaustive in that respect. These standards must be defined within the context and scenarios defined by the TC251 work programme, in which the messaging paradigm for informatio

12、n system interaction is one of the essentials, as it was reflected by the Framework (Framework for security -protection of health care communication.) Page 4 ENV 13608-3:2000 Secure Data Channel This part 3 of the European Prestandard on Security for Healthcare Communication describes how to securel

13、y communicate arbitrary octet streams by means of a secure data channel communication protocol. NOTE NOTE This standard does not specify methods related to availability, storage or transportation of key certificates or other in-fra-structural issues, nor does it cover application security aspects su

14、ch as user authentication. A secure data channel is defined for the purposes of this standard as a reliable communication protocol that implements the following security services: 1. authentication of communicating entities prior to the communication of any other data preservation of data integrity

15、2. preservation of confidentiality of the communicated data. A secure data channel protocol operates in two distinct phases which, however, may be repeated: 1. 2. negotiation phase: authentication of communicating entities (e.g. exchange of Certificates), negotiation of the cipher suite to be used,

16、derivation of a shared secret using a key exchange algorithm communication phase: transmission of user data encrypted according to the negotiated cipher suite. In addition the secure data channel can be closed by either party when it is no longer required. The concept of a secure data channel can be

17、 best understood by looking at it?s properties, especially in comparison with the properties of a secure data object (prENV 13608-2, part 2 of this European Prestandard): 1. Interactivity: the negotiation phase allows the communicating entities to interactively agree upon a cipher suite that meets b

18、oth parties? security policies for the communication scenario in question (e.g. national vs. international communication). If the cipher suite negotiation is unsuccessful, no communication session is established. Transience: the secure data channel, being part of a layered communication protocol, re

19、ceives and delivers unsecured user data from and back to the calling layer. The encrypted representation of the data is transient (e.g. available only during transmission) and unavailable to the calling layer (e.g. application). Performance: after the establishment of the cipher suite and shared sec

20、ret during the negotiation phase, there is no need to use the computationally resource intensive asymmetric cryptographic algorithms during the communication phase. On the other hand, because of the transience of the encrypted representation of the data, encryption must be performed during the commu

21、nication process and cannot be pre-computed off-line. Forward secrecy: can be easily implemented as part of the key exchange protocol. Completeness: since the authentication of the communicating entities (e.g. certificate exchange) is part of the protocol, no additional out-of-band communication (e.

22、g. look-up of certificates in a trusted directory) is required to use the secure data channel, except if certificate revocation lists are used. Transparency: a secure data channel can be implemented such that it?s upper service access point resembles it?s lower service access point (e.g. TCP/IP sock

23、et interface). This allows the easy addition of security services to existing non-security-aware systems and protocols by integrating the secure data channel as an additional layer in the communication protocol stack. A well-known example for this approach is ?Secure HTP? (HTP over SSL3). 2. 3. 4. 5

24、. 6. The IETF Transport Layer Security (TLS) specification is a description of how to provide a secure data channel. Although TLS is an ETF Specification, it is not limited to TCP/IP. TLS only requires the presence of a reliable transmission protocol. This European Prestandard defines a set of profi

25、les used within T&S for use within healthcare communication over secure data channels. This means that ?TLS over OSI? would be possible if desired. Page 5 ENV 13608-3:2000 Health informatics - Security for healthcare communication - Part 3: Secure data channels 1 Scope This European Prestandard spec

26、ifies services and methods for securing interactive communications used within healthcare. Interactive communications are defined for the purposes of this standard as scenarios where both systems are online and in bi-directional communication simultaneously. Securing in this European Prestandard inc

27、ludes the preservation of data integrity, the preservation of confidentiality with respect to the data being communicated, and accountability in terms of authentication of one or both communicating parties. NOTE NOTE Examples of interactive communication are the download of HTML content over the Int

28、ernet, a DICOM communication, or remote login to a computer. This European Prestandard does not specify methods related to availability of the interactive communication, certification and certificate management and key management. Neither does this European Prestandard specify a mechanism for concea

29、ling that a communication session is in progress. This European Prestandard does not specie the methods or services required to secure the communicating systems themselves. 2 Normative references This European Prestandard incorporates by dated or undated reference, provisions from other publications

30、. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to, or revisions of any of these publications apply to this European Prestandard only when incorporated in it by amendment or revision.

31、For undated references, the latest edition of the publication referred to applies. IS0 7498-2 Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture IS0 8824 Information technology - Open Systems Interconnection - Specification of Abstra

32、ct Syntax Notation One (ASN.l) (Version 2 1991-04-24). IS0 9594-8 Information technology - Open Systems Interconnection - The Directory: Authentication framework IS0 10181-1 Information technology - Open Systems Interconnection - Security frameworks for open systems: Overview. RFC 2246 Internet Engi

33、neering Task Force: The TLS (Transport Layer Security) Protocol, RFC 2246 Page 6 ENV 13608-3:2000 3 Definitions 3.1 accountability The property that ensures that the actions of an entity may be traced uniquely to the entity IS0 7498-21 3.2 asymmetric cryptographic algorithm An algorithm for performi

34、ng encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ IS0 10181-11 3.3 authentication Process of reliably identifying security subjects by securely associating an identifier and its authenticator. See also data origin authentication and pee

35、r entity authentication IS0 7498-21 3.4 availability Property of being accessible and useable upon demand by an authorised entity IS0 7498-21 3.5 certificate revocation Act of removing any reliable link between a certificate and its related owner (or security subject owner), because the certificate

36、is not busted any more whereas it is unexpired 3.6 certificate holder An entity that is named as the subject of a valid certificate 3.7 certificate user An entity that needs to know, with certainty, the public key of another entity IS0 9594-81 3.8 certificate verification Verifying that a certificat

37、e is authentic 3.9 certification Use of digital signature to make transferable statement about beliefs of identity, or statements about delegation of authority 3.10 certification authority An authority trusted by one or more users to create and assign certificates. Optionally the certification autho

38、rity may create the users keys IS0 9594-81 STDmBSI DD ENV 13608-3-ENGL 2000 2624669 0656922 951 IIICI Page 7 ENV 13608-32000 3.11 ciphertext Data produced through the use of encipherment. The semantic content of the resulting data is not available IS0 7498-21 3.12 ciphersuite An encoding for the set

39、 of bulk data cipher, message digest function, digital signature algorithm and key exchange algorithm used within the negotiation phase of TLS 3.13 communication protection profile CPP A statement of systematic translation form communication security needs to technological concepts 3.14 communicatio

40、n security Security of security objects communicated between security subjects 3.15 confidentiality The property that information is not made available or disclosed to unauthorised individuals, entities, or processes IS0 7498-21 3.16 cryptography The discipline which embodies principles, means, and

41、methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorised use IS0 7498-21 3.17 cryptographic algorithm cipher an algorithm used to transform data to hide its information content which is used in the process of

42、 encryption (see 3.22) 3.18 data integrity The property that data has not been altered or destroyed in an unauthorised manner IS0 7498-21 3.19 data origin authentication The corroboration that the source of data received is as claimed IS0 7498-21 3.20 decryption decipherment Process of making encryp

43、ted data reappear in its original unencrypted form. The reversal of a corresponding reversible encipherment Page 8 ENV 13608-312000 3.21 digital signature Data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient of the data unit to prove the sourc

44、e and integrity of the data unit and protect against forgery e.g. by the recipient IS0 7498-21 3.22 encryption encipherment The cryptographic transformation of data (see cryptography) to produce ciphertext IS0 7498-21 3.23 forward secrecy Technique of ensuring that the communicated data is only deci

45、pherable for a limited time span by the communicating parties. NOTE After that time the communicating parties typically achieve forward secrecy by destroying cryptographic keys. This prevents an attacker from coercing the communicating parties into decrypting old ciphertext. 3.24 hash function A (ma

46、thematical) function that maps values from a (possibly very) large set of values into a smaller range of values IS0 10181-11 3.25 integrity The property of being unmodified by any kind of unauthorised security subject 3.26 key A sequence of symbols that controls the operations of encipherment and de

47、cipherment IS0 7498-21 3.27 key distribution Process of publishing, or transferring to other security subjects a cryptographic key 3.28 key exchange algorithm An algorithm used to derive a shared secret over an open communications channel 3.29 key generation Process of creating a cryptographic key 3

48、.30 key management The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy IS0 7498-21 3.31 message recovery Process of a third party decrypting an encrypted message STD.BS1 DD ENV 13608-3-ENGL 2000 5H Lb24bb9 0858924 724 b Page 9 ENV 1

49、3608-32000 3.32 one-way function A (mathematical) function that is easy to compute but, when knowing a result, it is computationally infeasible to find any of the values that may have been supplied to obtain it IS0 10181-11 3.33 one-way hash function A (mathematical) function that is both a one-way function and a hash function IS0 10181-11 3.34 peer entity authentication The corroboration that a peer entity in an association is the one claimed IS0 7498-21 3.35 plaintext Intelligible data, the semantic content of which is available 3.36 private key A key that is

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1