BS ISO 17090-4-2014 Health informatics Public key infrastructure Digital Signatures for healthcare documents《健康信息学 公钥基础设施 医疗文档的数字签名》.pdf

上传人:fatcommittee260 文档编号:585240 上传时间:2018-12-15 格式:PDF 页数:36 大小:1.63MB
下载 相关 举报
BS ISO 17090-4-2014 Health informatics Public key infrastructure Digital Signatures for healthcare documents《健康信息学 公钥基础设施 医疗文档的数字签名》.pdf_第1页
第1页 / 共36页
BS ISO 17090-4-2014 Health informatics Public key infrastructure Digital Signatures for healthcare documents《健康信息学 公钥基础设施 医疗文档的数字签名》.pdf_第2页
第2页 / 共36页
BS ISO 17090-4-2014 Health informatics Public key infrastructure Digital Signatures for healthcare documents《健康信息学 公钥基础设施 医疗文档的数字签名》.pdf_第3页
第3页 / 共36页
BS ISO 17090-4-2014 Health informatics Public key infrastructure Digital Signatures for healthcare documents《健康信息学 公钥基础设施 医疗文档的数字签名》.pdf_第4页
第4页 / 共36页
BS ISO 17090-4-2014 Health informatics Public key infrastructure Digital Signatures for healthcare documents《健康信息学 公钥基础设施 医疗文档的数字签名》.pdf_第5页
第5页 / 共36页
亲,该文档总共36页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、BSI Standards PublicationBS ISO 17090-4:2014Health informatics Publickey infrastructurePart 4: Digital Signatures for healthcaredocumentsBS ISO 17090-4:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 17090-4:2014.The UK participation in its preparation was

2、 entrusted to TechnicalCommittee IST/35, Health informatics.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The B

3、ritish Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 79663 0ICS 35.240.80Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 30 Sept

4、ember 2014.Amendments issued since publicationDate Text affectedBS ISO 17090-4:2014 ISO 2014Health informatics Public key infrastructure Part 4: Digital Signatures for healthcare documentsInformatique de la sant Infrastructure cl publique Partie 4: Signatures numriques pour les documents des soins m

5、dicauxINTERNATIONAL STANDARDISO17090-4First edition2014-10-01Reference numberISO 17090-4:2014(E)BS ISO 17090-4:2014ISO 17090-4:2014(E)ii ISO 2014 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2014All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or

6、utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copy

7、right officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in SwitzerlandBS ISO 17090-4:2014ISO 17090-4:2014(E) ISO 2014 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope . 12 Normative references 13 Term

8、s and definition 14 Scope of application 24.1 Target system . 24.2 Generation process 34.3 Verification process 44.4 CAdES specification . 124.5 XAdES specification . 16Annex A (informative) .21Bibliography .24BS ISO 17090-4:2014ISO 17090-4:2014(E)ForewordISO (the International Organization for Stan

9、dardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right

10、 to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures u

11、sed to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules

12、 of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identifi

13、ed during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on t

14、he meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword Supplementary information.The committee responsible for this document is ISO/T

15、C 215, Health informatics.ISO 17090 consists of the following parts, under the general title Health informatics Public key infrastructure: Part 1: Overview of digital certificate services Part 2: Certificate profile Part 3: Policy management of certification authority Part 4: Digital Signatures for

16、healthcare documentsiv ISO 2014 All rights reservedBS ISO 17090-4:2014ISO 17090-4:2014(E)IntroductionThe healthcare industry is faced with the challenge of reducing costs by moving from paper-based processes to automated electronic processes. New models of healthcare delivery are emphasizing the nee

17、d for patient information to be shared among a growing number of specialist healthcare providers and across traditional organizational boundaries.Healthcare information concerning individual citizens is commonly interchanged by means of electronic mail, remote database access, electronic data interc

18、hange, and other applications. The Internet provides a highly cost-effective and accessible means of interchanging information, but it is also an insecure vehicle that demands additional measures be taken to maintain the privacy and confidentiality of information. Threats to the security of health i

19、nformation through unauthorized access (either inadvertent or deliberate) are increasing. It is essential to be available to the healthcare system reliable information security services that minimize the risk of unauthorized access.How does the healthcare industry provide appropriate protection for

20、the data conveyed across the Internet in a practical, cost-effective way? Public key infrastructure (PKI) and digital certificate technology seek to address this challenge.The proper deployment of digital certificates requires a blend of technology, policy, and administrative processes that enable t

21、he exchange of sensitive data in an unsecured environment by the use of “public key cryptography” to protect information in transit and “certificates” to confirm the identity of a person or entity. In healthcare environments, this technology uses authentication, encipherment, and digital signatures

22、to facilitate confidential access to, and movement of, individual health records to meet both clinical and administrative needs. The services offered by the deployment of digital certificates (including encipherment, information integrity and digital signatures) are able to address many of these sec

23、urity issues. This is especially the case if digital certificates are used in conjunction with an accredited information security standard. Many individual organizations around the world have started to use digital certificates for this purpose.Interoperability of digital certificate technology and

24、supporting policies, procedures, and practices is of fundamental importance if information is to be exchanged between organizations and between jurisdictions in support of healthcare applications (for example between a hospital and a community physician working with the same patient).Achieving inter

25、operability between different digital certificate implementations requires the establishment of a framework of trust, under which parties responsible for protecting an individuals information rights may rely on the policies and practices and, by extension, the validity of digital certificates issued

26、 by other established authorities.Many countries are deploying digital certificates to support secure communications within their national boundaries. Inconsistencies will arise in policies and procedures between the certification authorities (CAs) and the registration authorities (RAs) of different

27、 countries if standards development activity is restricted to within national boundaries.Digital certificate technology is still evolving in certain aspects that are not specific to healthcare. Important standardization efforts and, in some cases, supporting legislation are ongoing. On the other han

28、d, healthcare providers in many countries are already using or planning to use digital certificates. This International Standard seeks to address the need for guidance to support these rapid international developments.This International Standard describes the common technical, operational, and polic

29、y requirements that need to be addressed to enable digital certificates to be used in protecting the exchange of healthcare information within a single domain, between domains, and across jurisdictional boundaries. Its purpose is to create a platform for global interoperability. It specifically supp

30、orts digital-certificate-enabled communication across borders but could also provide guidance for the national or regional deployment of digital certificates in healthcare. The Internet is increasingly used as the vehicle of choice to support the movement of healthcare data between healthcare organi

31、zations and is the only realistic choice for cross-border communication in this sector. ISO 2014 All rights reserved vBS ISO 17090-4:2014ISO 17090-4:2014(E)This International Standard can be approached as a whole, with the four parts all making a contribution to defining how digital certificates can

32、 be used to provide security services in the healthcare industry, including authentication, confidentiality, data integrity, and the technical capacity to support the quality of digital signature.ISO 17090-4 provides healthcare-specific profiles of digital signature based on the ETSI Standard and th

33、e profile of the ETSI Standard specified in CAdES and XAdES.vi ISO 2014 All rights reservedBS ISO 17090-4:2014INTERNATIONAL STANDARD ISO 17090-4:2014(E)Health informatics Public key infrastructure Part 4: Digital Signatures for healthcare documents1 ScopeThis part of ISO 17090 supports interchangeab

34、ility of digital signatures and the prevention of incorrect or illegal digital signatures by providing minimum requirements and formats for generating and verifying digital signatures and related certificates.Furthermore, it defines the provable compliance with a PKI policy necessary in the domain o

35、f healthcare. This part of ISO 17090 adopts long-term signature formats to ensure integrity and non-repudiation in long-term electronic preservation of healthcare information.This part of ISO 17090 conforms to ISO/ETSI standards for long-term signature formats to improve and guarantee interoperabili

36、ty in the healthcare field.There is no limitation regarding the data format and the subject for which the signature is created.2 Normative referencesThe following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated referenc

37、es, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 17090-1:2008, Health informatics Public key infrastructure Part 1: Overview of digital certificate servicesISO 17090-3:2008, Health informatics Public key

38、infrastructure Part 3: Policy management of certification authority3 Terms and definitionFor the purposes of this document, the terms and definitions given in ISO 17090-1 and the following apply.3.1certification pathconnection of a series of certificates binding the certificate which is to be valida

39、ted to a trusted root trust anchor3.2certification path validationpath to be validated to a trusted root trust anchor including revocation checking3.3hash functioncomputation method used to generate a random value of fixed length from the data of any optional lengthNote 1 to entry: The generated val

40、ue is called a “hash value”, which has the properties of being uni-directional (the original data cannot be back calculated from it) and of having a low probability of having been generated from two different data (collision). ISO 2014 All rights reserved 1BS ISO 17090-4:2014ISO 17090-4:2014(E)Note

41、2 to entry: Because of these properties, when sending/receiving data, if the hash value generated on the sending side and the hash value of the data obtained by the receiving side match on comparison, it can be confirmed with a high degree of confidence that the data were not tampered with during tr

42、ansmission.4 Scope of application4.1 Target systemThe target systems of this part of ISO 17090 are as follows:a) the digital signature library with the digital signature function and the digital signature verification function for the medical treatment application;b) the digital signature program an

43、d the digital signature verification program as the stand-alone software or with the medical treatment application;The following are out of scope:a) the medical treatment application that does not process the digital signature data directly;b) the medical treatment application that processes the dig

44、ital signature and the result of signature verification with the digital signature library, the specific digital signature program, or the specific digital signature verification program;c) the application interface and user interface; Figure 1 shows an example of the processing layer. The digital s

45、ignature application layer (the digital signature library, the digital signature program, or the digital signature verification program) is the target scope of this example. Therefore, the following layer, CSP, and PKCS#11, is not within the targeted scope of this International Standard.In HPKI, it

46、is assumed that Storage modules of the end entity subscriber private key shall conform to standards of levels equal to or higher than US FIPS 140-2 level 1 by ISO 17090-3:2008, 7.6.2.12. Also, in addition to the smart card, as illustrated, a system could use a USB token, software token, etc., as the

47、 medium that stores the private key.2 ISO 2014 All rights reservedBS ISO 17090-4:2014ISO 17090-4:2014(E)The medical treatment applicationThe digital signature application layer(the digital signature library,the digital signature program)CSP, PKCS#11Card edge interfacePC/SC etc.Connected device (USB

48、etc.)Smart Card reader/writer deviceSmart CardFigure 1 Example of processing layer digital signature specification4.2 Generation processThe digital signature format is based on ETSI advanced digital signatures, where CAdES (CMS Advanced Digital Signature)5and XAdES (XML Advanced Digital signature)6a

49、re described in this International Standard.These specifications define the various formats according to purpose of operation. ES: The format that has the digital signature value, data itself, and information about the signer. ES-T: The format that has the Signature Timestamp in addition to the ES format. Signature Timestamp is a trusted timestamp provided by a timestamp authority to prove the existence of the signature. ES-C: The format that has validation data references in addition to the ES-T format. ES-X: The for

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1