1、DRAFT FOR DEVELOPMENT Health informatics - Security for Healthcare communication DD ENV 13608-2:2000 Part 2: Secure data objects ICs 35.240.80 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMWED BY COPYRIGHT LAW STD-BSI DD ENV 13608-2-ENGL 2000 3624bb9 0858889 BTT W AmdNo. Date DD ENV 13608-2:2000 C
2、omments National foreword This Draft for Development is the English language version of ENV 136O-22000. This publication is not to be used as a British Standard. It is being issued in the Draft for Development series of publications and is of a provisional nature due to the limited duration of the E
3、uropean prestandard. It should be applied on this provisional basis, so that information and experience of its practical application may be obtained. Comments arisii from the use of this Draft for Development are requested so that UK experience can be reported to the European organization responsibl
4、e for its conversion into a European Standard A review of this publication will be initiated 2 years after its publication by the European organization so tht a decision can be taken on its status at the end of its three-year life. The commencement of the review period will be notified by an announc
5、ement in Update Stundud. According to the replies received by the end of the review period, the responsble BSI Committee will decide whether to support the conversion into a European Standard, to extend the life of the prestandard or to withdraw it. Comments should be sent in writing to the Secretar
6、y of BSI Technical Committee IST35, Health Informatics, at 389 Chiswick High Road, London W4 4AL, giving the document reference and clause number and proposing, where possible, an appropriate revision of the te*. A list of organizations represented on this committee can be obtained on request to its
7、 secrew. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International %dards Correspondence Index”, or by using the “Fjnd” facility of the BSI Standards
8、 Electronic Catalogue. Summary of pages This document comprises a nont cover, an inside front cover, the ENV title page, pages 2 to 23 and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued This British Standard, having been prepared under t
9、he direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 August 2000 O BSI 082000 ISBN O 580 35486 5 - - STD-BSI DD ENV 136019-2-ENGL 2000 lJbZ4bb9 08519890 511, ei EUROPEAN PRESTANDARD ENV 1360 35.240.80 English version Health informat
10、ics - Security for healthcare communication - Part 2: Secure data objects This European Prestandard (ENV) was approved by CEN on 29 July 1999 as a prospective standard for provisional application. The period of validity of this ENV is limited initially to three years. After two years the members of
11、CEN will be requested to submit their comments, particularly on the question whether the ENV can be converted into a European Standard. CEN members are required to announce the existence of this ENV in the same way as for an EN and to make the ENV available promptly at national level in an appropria
12、te form. It is permissible to keep conflicting national standards in force (in parallel to the ENV) until the final decision about the possible conversion of the ENV into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Ge
13、rmany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMIITEE FOR STANDARDIZATION EUROPISCHES KOMITEE FUR NORMUNG COMITE EUROPEN DE NORMALISATION Central Secretariat: rue de Stassart, 36 B-1050 Brussels O 2000 CEN
14、 All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. ENV 13608-2:2000 E Page 2 ENV 13608-2:2000 Contents Foreword 3 Introduction . 3 1 Scope 5 2 Normative references . 5 3 Terms and definitions 5 4 Symbols and abbreviations . 10 5 Requirement
15、s for Secure data objects . 11 6 Cryptographic algorithms for use with S/MIME CMS 15 Annex A (Informative) Plaintext recovery . 17 Annex B (Informative) X.400 e SMTP gatewaying 19 Annex C (Informative) Security wrapping overview 21 Annex D (Informative) What can be secured? 22 Bibliography 23 STD-BS
16、I DD ENV 13b08-2-ENGL 2000 1624hb9 0658892 374 Page 3 ENV 13608-2:2000 Foreword This European Prestandard has been prepared by Technical Committee CEN/TC 25 1 “Health informatics“, the secretariat of which is held by SIS. According to the CENKENELEC Internal Regulations, the national standards organ
17、izations of the following countries are bound to announce this European Prestandard: Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. This multipart stan
18、dard consists of the following parts, under the general title Security for Healthcare Communication (SEC-COM): - - - Part 1: Concepts and Terminology Part 2: Secure Data Objects Part 3: Secure Data Channels This standard is designed to meet the demands of the Technical Report CEN/TC251/N98-110 Infor
19、matics - Framework for security protection of health care communication. Health This standard was drafted using the conventions of the ISO/IEC directive Part 3. The draft standard prENV 13608-2 contained in normative annexes A and B copies of IETF drafts that have been approved as RFC 2633 and RFC 2
20、630 respectively after the approval vote but before this prestandard is published. These are now normative references available through IETF and not included in this publication. The remaining annexes are all informative are renumbered accordingly. Introduction The use of data processing and telecom
21、munications in health care must be accompanied by appropriate security measures to ensure data confidentiality and integrity in compliance with the legal framework, protecting patients as well as professional accountability and organizational assets. In addition, availability aspects are important t
22、o consider in many systems. In that sense, the SEC-COM series of standards has the intention of explaining and detailing to the healthcare end user the different alternatives they have to cope with in terms of security measures that might be implemented to fulfil their security needs and obligations
23、. Incorporated within this is the standardization of some elements related to the information communication process where they fall within the security domain. In the continuity of the Framework for security protection of health care communication (CENRC25 1/N98- 110), hereafter denoted the Framewor
24、k, whose CEN Report aimed at promoting a better understanding of the security issues in relations to the healthcare IT-communication, this European Prestandard shall aid in producing systems to enable healthcare professionals and applications to communicate and interact securely and therefore safely
25、, legitimately, lawfully and precisely. The SEC-COM series of standards are key communication security standards that can be generically applied to a wide range of communication protocols and information system applications relevant to healthcare, though they are neither complete nor exhaustive in t
26、hat respect. These standards must be defined within the context and scenarios defined by TC251 Work programme, in which the messaging paradigm for information system interaction is one of the essentials, as was reflected by the Framework. This Part 2 of the European Prestandard on Security for Healt
27、hcare Communication describes how to secure arbitrary octet strings that may be used in European healthcare. An arbitrary octet string might for example be an EDIFACT message, a patient record, etc. Securing within the concepts contained within this European prestandard include the preservation of d
28、ata integrity, the preservation of confidentiality and accountability in terms of authentication of both communicating parties. Page 4 EW 13608-212000 This standard does not specify methods related to availability, storage or transportation of data, key certificates or other infra-structural issues,
29、 nor does it cover application security aspects such as user authentication. NOTE This standard defines a methodology to secure the octet string to allow it to be transported securely over insecure networks, independent of the underlying transportation system, e.g. e-mail or ED1 system. The standard
30、 encompasses mechanisms for encryption and digital signature, and will allow that these mechanisms are used independently. Page 5 ENV 13608-2:2000 Health informatics - Security for healthcare communication - Part 2: Secure data objects 1 Scope This European Pre-standard defines a standard way of sec
31、uring healthcare objects. The objects are secured in such a way that they can be transported over open, unsecured networks, or stored in open unsecured repositories. An application is able to decide whether to apply any combination of encryption and digital signature to an object. In general this Eu
32、ropean Pre-standard does not consider the contents of the objects, but can be applied to any octet string. This European Pre-standard is based on existing security standards. This European Re-standard does not consider how the actual security is applied to the objects. A security infrastructure is a
33、ssumed, which is used for performing the actual security operations. 2 Normative references IS0 8824 IETF RFC 2630 IETF WC 2633 IS0 8824-11995 PKCS#7 MIXER-BPT CCIT X.400 Information technology - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.l) (Version 2 1991-04-
34、24) Internet Engineering Task Force: Cryptographic Message Syntax (CMS) Internet Engineering Task Force: SMIME version 3 Message Specification Information Technology - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.l) - Part 1: Specification of the base notation Cr
35、yptographic Message Syntax Version 1.5, RFC 2315 Mapping between CCIT X.400 and RFC-822MIME Message Bodies, RFC-2157 ITU Data Communication Networks: Message Handling Systems X.400 3 Terms and definitions 3.1 accountability The property that ensures that the actions of an entity may be traced unique
36、ly to the entity IS0 7498-21 3.2 asymmetric cryptographic algorithm An algorithm for performing encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ IS0 10181-11 3.3 authentication Process of reliably identifying security subjects by securely
37、 associating an identifier and its authenticator. See also data origin authentication and peer entity authentication IS0 7498-21 3.4 availability Property of being accessible and useable upon demand by an authorised entity IS0 7498-21 3.5 certificate revocation Act of removing any reliable link betw
38、een a certificate and its related owner (or security subject owner), because the certificate is not trusted any more whereas it is unexpired Page 6 ENV 13608-2:2000 3.6 certificate holder An entity that is named as the subject of a valid certificate 3.7 certificate user An entity that needs to know,
39、 with certainty, the public key of another entity IS0 9594-81 3.8 certificate verification Verifying that a certificate is authentic 3.9 certification Use of digital signature to make transferable statement about beliefs of identity, or statements about delegation of authority 3.10 certification aut
40、hority An authority trusted by one or more users to create and assign certificates. Optionally the certification authority may create the users keys IS0 9594-81 3.11 ciphertext Data produced through the use of encipherment. The semantic content of the resulting data is not available IS0 7498-21 3.12
41、 ciphersuite An encoding for the set of bulk data cipher, message digest function, digital signature algorithm and key exchange algorithm used within the negotiation phase of TLS 3.13 communication protection profile CPP A statement of systematic translation form communication security needs to tech
42、nological concepts 3.14 communication security Security of security objects communicated between security subjects 3.15 confiden tiaiity The property that information is not made available or disclosed to unauthorised individuals, entities, or processes IS0 7498-21 3.16 cryptography The discipline w
43、hich embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorised use IS0 7498-21 Page 7 ENV 13608-2:2000 3.17 cryptographic algorithm cipher an algorithm used to transform data to
44、 hide its information content which is used in the process of encryption (see 3.22) 3.18 data integrity The property that data has not been altered or destroyed in an unauthorised manner IS0 7498-21 3.19 data origin authentication The corroboration that the source of data received is as claimed IS0
45、7498-21 3.20 decryption decipherment Process of making encrypted data reappear in its original unencrypted form. The reversal of a corresponding reversible encipherment 3.21 digital signature Data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipien
46、t of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient IS0 7498-21 3.22 encryption encipherment The cryptographic transformation of data (see cryptography) to produce ciphertext IS0 7498-21 3.23 hash function A (mathematical) function
47、that maps values from a (possibly very) large set of values into a smaller range of values IS0 10181-11 3.24 integrity The property of being unmodified by any kind of unauthorised security subject 3.25 A sequence of symbols that controls the operations of encipherment and decipherment IS0 7498-21 ke
48、y 3.26 key distribution Process of publishing, or transferring to other security subjects a cryptographic key 367 key exchange algorithm An algorithm used to derive a shared secret over an open communications channel I STD-BSI I_- DD_,ENV oB-?-ENGL 2000 1811 Lb24bb9 0858897 97b _ - Page 8 ENV 13608-
49、2:2000 3.28 key generation Process of creating a cryptographic key 3.29 key management The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy IS0 7498-21 3.30 message recovery Process of a third party decrypting an encrypted message 3.31 one-way function A (mathematical) function that is easy to compute but, when knowing a result, it is computationally infeasible to find any of the values that may have been supplied to obtain it IS0 10181-11 3.32 one-way hash function A (mathema
