BS ISO 17090-5-2017 Health informatics Public key infrastructure Authentication using Healthcare PKI credentials《卫生信息学 公钥基础设施 使用医疗保健PKI凭据进行身份验证》.pdf

上传人:fatcommittee260 文档编号:585241 上传时间:2018-12-15 格式:PDF 页数:22 大小:2.33MB
下载 相关 举报
BS ISO 17090-5-2017 Health informatics Public key infrastructure Authentication using Healthcare PKI credentials《卫生信息学 公钥基础设施 使用医疗保健PKI凭据进行身份验证》.pdf_第1页
第1页 / 共22页
BS ISO 17090-5-2017 Health informatics Public key infrastructure Authentication using Healthcare PKI credentials《卫生信息学 公钥基础设施 使用医疗保健PKI凭据进行身份验证》.pdf_第2页
第2页 / 共22页
BS ISO 17090-5-2017 Health informatics Public key infrastructure Authentication using Healthcare PKI credentials《卫生信息学 公钥基础设施 使用医疗保健PKI凭据进行身份验证》.pdf_第3页
第3页 / 共22页
BS ISO 17090-5-2017 Health informatics Public key infrastructure Authentication using Healthcare PKI credentials《卫生信息学 公钥基础设施 使用医疗保健PKI凭据进行身份验证》.pdf_第4页
第4页 / 共22页
BS ISO 17090-5-2017 Health informatics Public key infrastructure Authentication using Healthcare PKI credentials《卫生信息学 公钥基础设施 使用医疗保健PKI凭据进行身份验证》.pdf_第5页
第5页 / 共22页
亲,该文档总共22页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、Health informatics Public key infrastructurePart 5: Authentication using Healthcare PKI credentialsBS ISO 170905:2017BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06 ISO 2017Health informatics Public key infrastructure Part 5: Authentication using Healthcare PKI cred

2、entialsInformatique de sant Infrastructure de cl publique Partie 5: Authentification laide des identifiants ICP de la santINTERNATIONAL STANDARDISO17090-5First edition2017-07Reference numberISO 17090-5:2017(E)National forewordThis British Standard is the UK implementation of ISO 170905:2017.The UK p

3、articipation in its preparation was entrusted to Technical Committee IST/35, Health informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are respons

4、ible for its correct application. The British Standards Institution 2017 Published by BSI Standards Limited 2017ISBN 978 0 580 91040 1ICS 35.240.80Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards

5、 Policy and Strategy Committee on 30 September 2017.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS ISO 170905:2017 ISO 2017Health informatics Public key infrastructure Part 5: Authentication using Healthcare PKI credentialsInformatique de sant Infrastructure de cl

6、 publique Partie 5: Authentification laide des identifiants ICP de la santINTERNATIONAL STANDARDISO17090-5First edition2017-07Reference numberISO 17090-5:2017(E)BS ISO 170905:2017ISO 17090-5:2017(E)ii ISO 2017 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in SwitzerlandAll righ

7、ts reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from ei

8、ther ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 170905:2017ISO 17090-5:2017(E)ii ISO 2017 All rights reserved

9、COPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet

10、, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.

11、orgISO 17090-5:2017(E)Foreword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 14 Abbreviated terms 15 Scope of application 25.1 General . 25.2 Target systems . 25.3 Phases of method identification. 35.4 Threats and vulnerabilities 56 Validation procedures for HPKI crede

12、ntials 6Annex A (informative) Examples of authentication technology with available X.509 certification as credentials 9Annex B (informative) Appropriate use of authentication certificates .10Bibliography .13 ISO 2017 All rights reserved iiiContents PageBS ISO 170905:2017ISO 17090-5:2017(E)ForewordIS

13、O (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical co

14、mmittee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electro

15、technical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was draf

16、ted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent

17、rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not c

18、onstitute an endorsement.For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT)

19、see the following URL: www .iso .org/ iso/ foreword .html.This document was prepared by Technical Committee ISO/TC 215, Health informatics.A list of all parts in the ISO 17090 series can be found on the ISO website.iv ISO 2017 All rights reservedBS ISO 170905:2017ISO 17090-5:2017(E)ForewordISO (the

20、International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee

21、 has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnic

22、al standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in

23、accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.

24、 Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not constitu

25、te an endorsement.For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the

26、 following URL: www .iso .org/ iso/ foreword .html.This document was prepared by Technical Committee ISO/TC 215, Health informatics.A list of all parts in the ISO 17090 series can be found on the ISO website.iv ISO 2017 All rights reserved ISO 17090-5:2017(E)IntroductionThe healthcare industry is fa

27、ced with the challenge of reducing costs by moving from paper-based processes to automated electronic processes. New models of healthcare delivery are emphasizing the need for patient information to be shared among a growing number of specialist healthcare providers and across traditional organizati

28、onal boundaries.Healthcare information concerning individual citizens is commonly interchanged by means of electronic mail, remote database access, electronic data interchange and other applications. The Internet provides a highly cost-effective and accessible means of interchanging information, but

29、 it is also an insecure vehicle that demands additional measures be taken to maintain the privacy and confidentiality of information. Threats to the security of health information through unauthorized access (either inadvertent or deliberate) are increasing. It is essential to have available to the

30、healthcare system reliable information security services that minimize the risk of unauthorized access.How does the healthcare industry provide appropriate protection for the data conveyed across the Internet in a practical, cost-effective way? Public key infrastructure (PKI) and digital certificate

31、 technology seek to address this challenge.The proper deployment of digital certificates requires a blend of technology, policy and administrative processes that enable the exchange of sensitive data in an unsecured environment by the use of “public key cryptography” to protect information in transi

32、t and “certificates” to confirm the identity of a person or entity. In healthcare environments, this technology uses authentication, encipherment and digital signatures to facilitate confidential access to, and movement of, individual health records to meet both clinical and administrative needs. Th

33、e services offered by the deployment of digital certificates (including encipherment, information integrity and digital signatures) are able to address many of these security issues. This is especially the case if digital certificates are used in conjunction with an accredited information security s

34、tandard. Many individual organizations around the world have started to use digital certificates for this purpose.Interoperability of digital certificate technology and supporting policies, procedures and practices is of fundamental importance if information is to be exchanged between organizations

35、and between jurisdictions in support of healthcare applications (for example, between a hospital and a community physician working with the same patient).Achieving interoperability between different digital certificate implementations requires the establishment of a framework of trust, under which p

36、arties responsible for protecting an individuals information rights may rely on the policies and practices and, by extension, the validity of digital certificates issued by other established authorities.Many countries are deploying digital certificates to support secure communications within their n

37、ational boundaries. Inconsistencies will arise in policies and procedures between the certification authorities (CAs) and the registration authorities (RAs) of different countries if standards development activity is restricted to within national boundaries.Digital certificate technology is still ev

38、olving in certain aspects that are not specific to healthcare. Important standardization efforts and, in some cases, supporting legislation are ongoing. On the other hand, healthcare providers in many countries are already using or planning to use digital certificates. This document seeks to address

39、 the need for guidance to support these rapid international developments. While underlying security standards address methods for verification, requirements for secure verification processes to support healthcare purposes are not defined.This document describes the procedural requirements validating

40、 an entity credential based on Healthcare PKI defined in ISO 17090 series used in healthcare information systems. Although the cryptographic operations used at the authentication processes and the digital signature processes are the same, authentication and signature have different meanings. Systems

41、 and software prevent the users from misuse of the private keys and their certificates especially if both keys are on a secure token. This document describes the requirements to mitigate threats and vulnerabilities within the authentication processes with Healthcare PKI credentials. ISO 2017 All rig

42、hts reserved vBS ISO 170905:2017Health informatics Public key infrastructure Part 5: Authentication using Healthcare PKI credentials1 ScopeThis document defines the procedural requirements for validating an entity credential based on Healthcare PKI defined in the ISO 17090 series used in healthcare

43、information systems including accessing remote systems. Authorization procedures and protocols are out of scope of this document. The data format of digital signatures is also out of scope of this document.2 Normative referencesThe following documents are referred to in the text in such a way that s

44、ome or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 17090-1, Health informatics Public key infrastructure Part 1: Over

45、view of digital certificate services3 Terms and definitionsFor the purposes of this document, the terms and definitions given in ISO 17090-1 apply.ISO and IEC maintain terminological databases for use in standardization at the following addresses: ISO Online browsing platform: available at h t t p :

46、/ www .iso .org/ obp IEC Electropedia: available at h t t p :/ www .electropedia .org/ 4 Abbreviated termsFor the purposes of this document, the following abbreviated terms apply.CRL Certificate Revocation ListCSP Cryptographic Service ProviderHPKI Healthcare Public Key InfrastructureOCSP Online Cer

47、tificate Status ProtocolOID Object IdentifierPC/SC Personal Computer/Smart CardPKCS Public-Key Cryptography StandardsINTERNATIONAL STANDARD ISO 17090-5:2017(E) ISO 2017 All rights reserved 1BS ISO 170905:2017Health informatics Public key infrastructure Part 5: Authentication using Healthcare PKI cre

48、dentials1 ScopeThis document defines the procedural requirements for validating an entity credential based on Healthcare PKI defined in the ISO 17090 series used in healthcare information systems including accessing remote systems. Authorization procedures and protocols are out of scope of this docu

49、ment. The data format of digital signatures is also out of scope of this document.2 Normative referencesThe following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 17090-1, Health informatics Public key infrastructure Part 1: Overview of digital certificate

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1