1、| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DRAFT FOR DEVELOPMENT DD ENV 13608-2:2000
2、ICS 35.240.80 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW Health informatics Security for Healthcare communication Part 2: Secure data objectsThis British Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standar
3、ds Committee and comes into effect on 15 August 2000 BSI 08-2000 ISBN 0 580 35486 5 DD ENV 13608-2:2000 Amendments issued since publication Amd. No. Date Comments National foreword This Draft for Development is the English language version of ENV 13608-2:2000. This publication is not to be used as a
4、 British Standard. It is being issued in the Draft for Development series of publications and is of a provisional nature due to the limited duration of the European prestandard. It should be applied on this provisional basis, so that information and experience of its practical application may be obt
5、ained. Comments arising from the use of this Draft for Development are requested so that UK experience can be reported to the European organization responsible for its conversion into a European Standard. A review of this publication will be initiated 2 years after its publication by the European or
6、ganization so that a decision can be taken on its status at the end of its three-year life. The commencement of the review period will be notified by an announcement in Update Standards. According to the replies received by the end of the review period, the responsible BSI Committee will decide whet
7、her to support the conversion into a European Standard, to extend the life of the prestandard or to withdraw it. Comments should be sent in writing to the Secretary of BSI Technical Committee IST/35, Health Informatics, at 389 Chiswick High Road, London W4 4AL, giving the document reference and clau
8、se number and proposing, where possible, an appropriate revision of the text. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this document
9、may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facility of the BSI Standards Electronic Catalogue. Summary of pages This document comprises a front cover, an inside front cover, the ENV title page, pages 2
10、 to 23 and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued.EUROPEANPRESTANDARD PRNORMEEUROPENNE EUROPISCHEVORNORM ENV136082 May2000 ICS35.040;35.240.80 Englishversion HealthinformaticsSecurityforhealthcarecommunicationPart 2:Securedataobj
11、ects ThisEuropeanPrestandard(ENV)wasapprovedbyCENon29July1999asaprospectivestandardforprovisionalapplication. TheperiodofvalidityofthisENVislimitedinitiallytothreeyears.AftertwoyearsthemembersofCENwillberequestedto submittheir comments,particularlyonthequestionwhethertheENVcanbeconvertedintoaEuropea
12、nStandard. CENmembersarerequiredtoannouncetheexistenceofthisENVinthesamewayasforanENandtomaketheENVavailablepromp tly atnationallevelinanappropriateform.Itispermissibletokeepconflictingnationalstandardsinforce(inparalleltothe ENV)untilthefinal decisionaboutthepossibleconversionoftheENVintoanENisreac
13、hed. CENmembersarethenationalstandardsbodiesofAustria,Belgium,CzechRepublic,Denmark,Finland,France,Germany,Greece, Iceland,Ireland,Italy,Luxembourg,Netherlands,Norway,Portugal,Spain,Sweden,SwitzerlandandUnitedKingdom. EUROPEANCOMMITTEEFORSTANDARDIZATION COMITEUROPENDENORMALISATION EUROPISCHESKOMITEE
14、FRNORMUNG CentralSecretariat:ruedeStassart,36B1050Brussels 2000CEN Allrightsofexploitationinanyformandbyanymeansreserved worldwideforCENnationalMembers. Ref.No.ENV136082:2000EPage2 ENV136082:2000 Contents Foreword3 Introduction.3 1Scope 5 2Normativereferences. 5 3Termsanddefinitions 5 4Symbolsandabb
15、reviations .10 5RequirementsforSecuredataobjects .11 6CryptographicalgorithmsforusewithS/MIMECMS15 AnnexA (Informative)Plaintextrecovery.17 AnnexB (Informative)X.400SMTPgatewaying 19 AnnexC (Informative)Securitywrappingoverview21 AnnexD (Informative) Whatcanbesecured? 22 Bibliography 23Page3 ENV1360
16、82:2000 Foreword ThisEuropeanPrestandardhasbeenpreparedbyTechnicalCommitteeCEN/TC251“Healthinformatics“,the secretariatofwhichisheldbySIS. AccordingtotheCEN/CENELECInternalRegulations,thenationalstandardsorganizationsofthefollowing countriesareboundtoannouncethisEuropeanPrestandard:Austria,Belgium,C
17、zechRepublic,Denmark, Finland,France,Germany,Greece,Iceland,Ireland,Italy,Luxembourg,Netherlands,Norway,Portugal,Spain, Sweden,SwitzerlandandtheUnitedKingdom. Thismultipartstandardconsistsofthefollowingparts,underthegeneraltitle SecurityforHealthcare Communication(SECCOM): Part1:ConceptsandTerminolo
18、gy Part2:SecureDataObjects Part3:SecureDataChannels ThisstandardisdesignedtomeetthedemandsoftheTechnicalReportCEN/TC251/N98110Health Informatics Frameworkforsecurityprotectionofhealthcarecommunication . ThisstandardwasdraftedusingtheconventionsoftheISO/IECdirectivePart3. ThedraftstandardprENV136082c
19、ontainedinnormativeannexesAandBcopiesofIETFdraftsthathave beenapprovedasRFC2633andRFC2630respectivelyaftertheapprovalvotebutbeforethisprestandardis published.ThesearenownormativereferencesavailablethroughIETFandnotincludedinthispublication.The remainingannexesareallinformativearerenumberedaccordingl
20、y. Introduction Theuseofdataprocessingandtelecommunicationsinhealthcaremustbeaccompaniedbyappropriatesecurity measurestoensuredataconfidentialityandintegrityincompliancewiththelegalframework,protectingpatients aswellasprofessionalaccountabilityandorganizationalassets.Inaddition,availabilityaspectsar
21、eimportantto considerinmanysystems. Inthatsense,theSECCOMseriesofstandardshastheintentionofexplaininganddetailingtothehealthcare enduserthedifferentalternativestheyhavetocopewithintermsofsecuritymeasuresthatmightbe implementedtofulfiltheirsecurityneedsandobligations.Incorporatedwithinthisisthestanda
22、rdizationofsome elementsrelatedtotheinformationcommunicationprocesswheretheyfallwithinthesecuritydomain. Inthecontinuityofthe Frameworkforsecurityprotectionofhealthcarecommunication (CEN/TC251/N98 110),hereafterdenoted the Framework,whoseCENReportaimedatpromotingabetterunderstandingofthe securityiss
23、uesinrelationstothehealthcareITcommunication,thisEuropeanPrestandardshallaidinproducing systemstoenablehealthcareprofessionalsandapplicationstocommunicateandinteractsecurelyandtherefore safely,legitimately,lawfullyandprecisely. TheSECCOMseriesofstandardsarekeycommunicationsecuritystandardsthatcanbeg
24、enericallyappliedtoa widerangeofcommunicationprotocolsandinformationsystemapplicationsrelevanttohealthcare,thoughthey areneithercompletenorexhaustiveinthatrespect.Thesestandardsmustbedefinedwithinthecontextand scenariosdefinedbyTC251Workprogramme,inwhichthemessagingparadigmforinformationsystem inter
25、actionis oneoftheessentials,aswasreflectedbythe Framework. ThisPart2oftheEuropeanPrestandardonSecurityforHealthcareCommunicationdescribeshowtosecure arbitraryoctetstringsthatmaybeusedinEuropeanhealthcare.Anarbitraryoctetstringmightforexamplebean EDIFACTmessage,apatientrecord,etc.Securingwithinthecon
26、ceptscontainedwithinthisEuropean prestandardincludethepreservationofdataintegrity,thepreservationofconfidentialityandaccountabilityin termsofauthenticationofbothcommunicatingparties.Page4 ENV136082:2000 Thisstandarddoesnotspecifymethodsrelatedtoavailability,storageortransportationofdata,keycertifica
27、tes orotherinfrastructuralissues,nordoesitcoverapplicationsecurityaspectssuchasuserauthentication. NOTE Thisstandarddefinesamethodologytosecuretheoctetstringtoallowittobetransportedsecurely overinsecurenetworks,independentoftheunderlyingtransportationsystem,e.g.emailorEDIsystem. Thestandardencompass
28、esmechanismsforencryptionanddigitalsignature,andwillallowthatthese mechanismsareusedindependently.Page5 ENV136082:2000 HealthinformaticsSecurityforhealthcarecommunication Part2:Securedataobjects 1 Scope ThisEuropeanPrestandarddefinesastandardwayofsecuringhealthcareobjects.Theobjectsaresecuredin such
29、awaythattheycanbetransportedoveropen,unsecurednetworks,orstoredinopenunsecuredrepositories. Anapplicationisabletodecidewhethertoapplyanycombinationofencryptionanddigitalsignaturetoan object. IngeneralthisEuropeanPrestandarddoesnotconsiderthecontentsoftheobjects,butcanbeappliedtoany octetstring. This
30、EuropeanPrestandardisbasedonexistingsecuritystandards. ThisEuropeanPrestandarddoesnotconsiderhowtheactualsecurityisappliedtotheobjects.Asecurity infrastructureisassumed,whichisusedforperformingtheactualsecurityoperations. 2 Normativereferences ISO8824 InformationtechnologyOpenSystemsInterconnectionS
31、pecificationofAbstract SyntaxNotationOne(ASN.1)(Version219910424) IETFRFC2630 InternetEngineeringTaskForce:CryptographicMessageSyntax(CMS) IETFRFC2633 InternetEngineeringTaskForce:S/MIMEversion3MessageSpecification ISO88241:1995 InformationTechnologyOpenSystemsInterconnectionSpecificationofAbstract
32、SyntaxNotationOne(ASN.1)Part1:Specificationofthebasenotation PKCS#7 CryptographicMessageSyntaxVersion1.5,RFC2315 MIXERBPT MappingbetweenCCITX.400andRFC822/MIMEMessageBodies,RFC2157 CCITX.400 ITUDataCommunicationNetworks:MessageHandlingSystemsX.400 3 Termsanddefinitions 3.1 accountability Theproperty
33、thatensuresthattheactionsofanentitymaybetraceduniquelytotheentityISO74982 3.2 asymmetriccryptographicalgorithm Analgorithmforperformingenciphermentorthecorrespondingdeciphermentinwhichthekeysusedfor enciphermentanddeciphermentdifferISO101811 3.3 authentication Processofreliablyidentifyingsecuritysub
34、jectsbysecurelyassociatinganidentifieranditsauthenticator. SeealsodataoriginauthenticationandpeerentityauthenticationISO74982 3.4 availability PropertyofbeingaccessibleanduseableupondemandbyanauthorisedentityISO74982 3.5 certificaterevocation Actofremovinganyreliablelinkbetweenacertificateanditsrela
35、tedowner(orsecuritysubjectowner),because thecertificateisnottrustedanymorewhereasitisunexpiredPage6 ENV136082:2000 3.6 certificateholder Anentitythatisnamedasthesubjectofavalidcertificate 3.7 certificateuser Anentitythatneedstoknow,withcertainty,thepublickeyofanotherentityISO95948 3.8 certificatever
36、ification Verifyingthatacertificateisauthentic 3.9 certification Useofdigitalsignaturetomaketransferablestatementaboutbeliefsofidentity,orstatementsaboutdelegation ofauthority 3.10 certificationauthority Anauthoritytrustedbyoneormoreuserstocreateandassigncertificates.Optionallythecertificationauthor
37、ity maycreatetheuserskeysISO95948 3.11 ciphertext Dataproducedthroughtheuseofencipherment.ThesemanticcontentoftheresultingdataisnotavailableISO 74982 3.12 ciphersuite Anencodingforthesetofbulkdatacipher,messagedigestfunction,digitalsignaturealgorithmandkey exchangealgorithmusedwithinthenegotiationph
38、aseofTLS 3.13 communicationprotectionprofile CPP Astatementofsystematictranslationformcommunicationsecurityneedstotechnologicalconcepts 3.14 communicationsecurity Securityofsecurityobjectscommunicatedbetweensecuritysubjects 3.15 confidentiality Thepropertythatinformationisnotmadeavailableordisclosed
39、tounauthorisedindividuals,entities,or processesISO74982 3.16 cryptography Thedisciplinewhichembodiesprinciples,means,andmethodsforthetransformationofdatainordertohideits informationcontent,preventitsundetectedmodificationand/orpreventitsunauthoriseduseISO74982Page7 ENV136082:2000 3.17 cryptographica
40、lgorithm cipher analgorithmusedtotransformdatatohideitsinformationcontentwhichisusedintheprocess ofencryption(see3.22) 3.18 dataintegrity ThepropertythatdatahasnotbeenalteredordestroyedinanunauthorisedmannerISO74982 3.19 dataoriginauthentication Thecorroborationthatthesourceofdatareceivedisasclaimed
41、ISO74982 3.20 decryption decipherment Processofmakingencrypteddatareappearinitsoriginalunencryptedform.Thereversalofacorresponding reversibleencipherment 3.21 digitalsignature Dataappendedto,oracryptographictransformation(seecryptography)ofadataunitthatallowsarecipientof thedataunittoprovethesourcea
42、ndintegrityofthedataunitandprotectagainstforgerye.g.bytherecipient ISO74982 3.22 encryption encipherment Thecryptographictransformationofdata(seecryptography)toproduceciphertextISO74982 3.23 hashfunction A(mathematical)functionthatmapsvaluesfroma(possiblyvery)largesetofvaluesintoasmallerrangeof valu
43、esISO101811 3.24 integrity Thepropertyofbeingunmodifiedbyanykindofunauthorisedsecuritysubject 3.25 key AsequenceofsymbolsthatcontrolstheoperationsofenciphermentanddeciphermentISO74982 3.26 keydistribution Processofpublishing,ortransferringtoothersecuritysubjectsacryptographickey 3.27 keyexchangealgo
44、rithm AnalgorithmusedtoderiveasharedsecretoveranopencommunicationschannelPage8 ENV136082:2000 3.28 keygeneration Processofcreatingacryptographickey 3.29 keymanagement Thegeneration,storage,distribution,deletion,archivingandapplicationofkeysinaccordancewithasecurity policyISO74982 3.30 messagerecovery Processofathirdpartydecryptinganencryptedmessage 3.31 onewayfunction A(mathematical)functionthatiseasytocomputebut,when
