1、Juli 2005DEUTSCHE NORM Normenausschuss Medizin (NAMed) im DINPreisgruppe 10DIN Deutsches Institut f r Normung e.V. Jede Art der Vervielf ltigung, auch auszugsweise, nur mit Genehmigung des DIN Deutsches Institut f r Normung e. V., Berlin, gestattet.ICS 35.240.80E* 9633620www.din.deXDIN EN 12251Mediz
2、inische Informatik Sichere Nutzeridentifikation im Gesundheitswesen Management und Sicherheit f r die Authentifizierung durch Passw rter;Englische Fassung EN 12251:2004Health informatics Secure User Identification for Health Care Management and Security of Authentication by Passwords;English version
3、 EN 12251:2004Informatique de sant Scurit de l identification de l utilisateur des soins sant Gestion et scurit de l authentification des mots de passe;Version anglaise EN 12251:2004Alleinverkauf der Normen durch Beuth Verlag GmbH, 10772 BerlinErsatz f rDIN V ENV 12251:200106www.beuth.deGesamtumfang
4、 15 SeitenB55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 DIN EN 12251:2005-072Nationales VorwortDiese Norm enthlt unter Bercksichtigung des Prsidialbeschlusses 13/1983 den englischen Originaltext derEuropischen Norm EN 12251:2004-08. Die Europische Norm wurde in der WG III Secu
5、rity, Safety andQuality des CEN/TC 251 Medizinische Informatik erarbeitet Der Arbeitsausschuss G 4 Sicherheit desFachbereich G Medizinische Informatik des Normenausschusses Medizin im DIN hat an der Erarbeitungmitgewirkt. Die Verffentlichung dient der Aufhebung des Statuses der Vornorm. Diese Norm i
6、st vomtechnischen und inhaltlichen Aufbau im Wesentlichen identisch mit der DIN V ENV 12251, die im Juni 2001publiziert wurde.nderungenGegenber DIN V ENV 12251:2001-06 wurden folgende nderungen vorgenommen: Vornormcharakter aufgehoben.Frhere AusgabenDIN V ENV 12251: 2001-06B55EB1B3E14C22109E918E8EA4
7、3EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMEN 12251August 2004ICS 35.240.80English versionHealth informatics - Secure User Identification for Health Care -Management and Security of Authentication by PasswordsInformatique de sant - Scurit de lidentifica
8、tion delutilisateur des soins de sant - Gestion et scurit delauthentification des mots de passeMedizinische Informatik - Sichere Nutzeridentifikation imGesundheitswesen - Management und Sicherheit fr dieAuthentifizierung durch PasswrterThis European Standard was approved by CEN on 21 June 2004.CEN m
9、embers are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on applicat
10、ion to the Central Secretariat or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the Central Secretariat has the sa
11、me status as the officialversions.CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia,Slov
12、enia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGManagement Centre: rue de Stassart, 36 B-1050 Brussels 2004 CEN All rights of exploitation in any form and by any means reservedworldwide for CEN nati
13、onal Members.Ref. No. EN 12251:2004: EB55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 12251:2004 (E)2ContentspageForeword . 3Introduction 41 Scope 52 Normative references . 53 Terms and definitions. 54 Requirements 64.1 Unique identification and authentication . 64.2 Identifi
14、cation and authentication prior to all other interactions 64.3 Associating unique identity with users 64.4 Maintaining the identity of active users 64.5 Log-on message 74.6 Number of log-on trials. 74.7 Incorrectly performed log-on procedure 74.8 Display of log-on statistics 74.9 Password sharing .
15、74.10 Password storage . 74.11 Logging of passwords 84.12 Password display suppression . 84.13 User-changeability of passwords 84.14 Default passwords 84.15 Initialised passwords 84.16 Temporary passwords 84.17 Password expiration . 84.18 Password expiration notification. 84.19 Password reuse. 94.20
16、 Password complexity . 9Annex A (informative) Potential password complexity requirements. 10Annex B (informative) User responsibilities 11Annex C (informative) Password communication. 12Bibliography . 13B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 12251:2004 (E)3ForewordTh
17、is document (EN 12251:2004) has been prepared by Technical Committee CEN/TC 251 Healthinformatics, the secretariat of which is held by SIS.This European Standard shall be given the status of a national standard, either by publication of an identicaltext or by endorsement, at the latest by February 2
18、005, and conflicting national standards shall be withdrawnat the latest by February 2005.This document supersedes ENV 12251:2000.This document is designed to improve the authentication of individual users of health care IT system, bystrengthening the automatic software procedures associated with the
19、 management of user identifiers andpasswords, without resorting to additional hardware facilities.Although the use of passwords, and the need for improved security in this respect, is by no means specific forthe Health Care field, it is felt strongly that the way in which systems are being used in t
20、his field, often in directsupport of patient care and handling very sensitive information, urgently call for a good solution in this area.However, the methods specified in this document can possibly be applied in other sectors as well at thediscretion of users.According to the CEN/CENELEC Internal R
21、egulations, the national standards organizations of the followingcountries are bound to implement this European Standard: Austria, Belgium, Cyprus, Czech Republic,Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,Luxembourg, Malta, Netherlands, N
22、orway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerlandand United Kingdom.B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 12251:2004 (E)4IntroductionInformation Technology (IT) systems in the health care environment are being used in increasingly sensitiveand
23、critical circumstances. To facilitate secure access control to an IT system and within an IT system, it isessential to uniquely establish the identity of all users seeking access. Further, to have confidence that a userreally is who he or she claims to be, there is a need for secure means of verifyi
24、ng the claimed identity. Theuse of passwords, being confidential to each user, and constructed in such a way that others cannotcompromise this confidential authentication information easily, is the most common means of authentication incurrent computer systems, and will be so for some time to come.
25、This document can facilitate the widerprocess of Security Management.Conventional passwords have several disadvantages. Some of these are:Gbe They can easily be shared among several usersGbe The use of unprotected network technology makes them easy targets for eavesdroppingGbe They can be hard to re
26、member if chosen as to be secureOther technologies such as chip cards and biometrics, which provide more secure means of authentication,have been introduced and will eventually phase out the use of passwords. However, in the meantime it isimportant to facilitate the most secure use of passwords in h
27、ealth care IT systems. This is the main objectiveof this document.B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 12251:2004 (E)51 ScopeThis document is designed to improve the authentication of individual users of health care IT systems, bystrengthening the automatic softwar
28、e procedures associated with the management of user identifiers andpasswords, without resorting to additional hardware facilities.This document applies to all information systems (hereafter called systems) within the health careenvironment that handle or store sensitive person identifiable health in
29、formation, using passwords as the onlymeans of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems thatfall within the scope of this document include for example electronic patient record systems, patientadministrative systems and laboratory systems, c
30、ontaining personal health information.This document does not apply to systems outside the health care environment. Neither does it apply tosystems within the health care environment that use other means of identification and authentication, such assmart cards, biometric methods or other technical fa
31、cilities.2 Normative referencesThe following referenced documents are indispensable for the application of this document. For datedreferences, only the edition cited applies. For undated references, the latest edition of the referenceddocument (including any amendments) applies.ISO 7498-2, Informati
32、on processing systems Open systems interconnection Basic reference model Part2: Security architecture3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply.3.1access controlprevention of unauthorised use of a resource, including the prevention of use of a
33、 resource in an unauthorisedmanner3.2authenticationprocess of verifying a claimed user identity, in this document on the basis of an entered user identifier andpassword3.3authentication informationinformation used to establish the validity of a claimed identity ISO 7498-23.4authorised userperson who
34、 is given access rights to the system, i.e., person who is given a unique user identifier and an initialpassword, and by this is given the right to log-on to the system, in order to perform the functions or access tothe data the user is entitled to3.5default passwordinitial password, provided by the
35、 system on installation, to enable initial useB55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 12251:2004 (E)63.6identificationprocess that enables recognition of an authorised user described to the system, by the use of a unique useridentifier3.7passwordconfidential authentic
36、ation information composed of a string of characters ISO 7498-23.8security administrationact of controlling and administering all relevant security issues in the system. It can be performed by one ormore specially authorised users through the assignment of security relevant access rightsNOTE These u
37、sers are called security administrators.3.9site-specifiablesite-modifiablespecifiable (or modifiable) by the local security administrators after purchase of the system3.10systemcombination of computer hardware and software, used in this document as the system as it is perceived bythe user3.11user id
38、entifierinformation, composed of a string of characters, uniquely identifying an authorised user of the informationsystem4 Requirements4.1 Unique identification and authenticationThe system shall use user identifiers to uniquely identify and authenticate users.4.2 Identification and authentication p
39、rior to all other interactionsIdentification and authentication shall take place prior to all other interactions between the system and theuser, apart from the system provided log-on message (see 4.5). Other interactions shall only be possible aftersuccessful identification and authentication, i.e.,
40、 identification and authentication leading to system access, ofan authorised user.4.3 Associating unique identity with usersThe system shall provide a mechanism which allows site-defined attributes, e.g. name and affiliation, to beassociated with each user identifier, for the purpose of uniquely ide
41、ntifying the person.4.4 Maintaining the identity of active usersThe system shall maintain the identity of all users currently logged on.B55EB1B3E14C22109E918E8EA43EDB30F09CC9B7EF8DD9NormCD - Stand 2007-03 EN 12251:2004 (E)74.5 Log-on messagePrior to initiating the log-on procedure, the system shall
42、provide a message regarding unauthorised use andthe possible consequences of failure to meet those requirements. This message shall be site-specifiable bythe security administrators, and shall be visible to the user during the log-on procedure.NOTE This message should point out the need to comply wi
43、th confidentiality requirements, and indicate possiblelegal action after misuse.4.6 Number of log-on trialsThe log-on procedure shall exit if the user authentication procedure is unsuccessfully performed, i.e., notleading to system access, a site-specifiable number of times within a log-on session.N
44、OTE The recommended number of times is three times.When the site-specifiable number is exceeded, the system shall generate an alarm to the securityadministrators within the shortest possible time, and actions designed to limit possible misuse shall beinitiated.When the site-specifiable number is exc
45、eeded, a site-specifiable period of time shall elapse before the log-onprocess can be restarted on that input device, provided it can be securely identified (It shall be possible tospecify this period of time to be zero for specific input devices, e.g., for input devices in intensive care oremergency units).An alternative is to reject log-on from the user identifier for a site-specified time.4.7 Incorrectly performed log-on procedureThe system shall appear to perf