1、 STD-BSI DD ENV 13bO8-3-ENGL 2000 Lb24bb 0858L4 885 DRAFT FOR DEVELOPMENT Health informatics - Security for Healthcare communication - Part 3: Secure data channels ICs 35.240.80 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW DD ENV 13608-3 :ZOO0 National foreword been prepare
2、d under the Mon of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 August 2000 bd. No. O BSI 082000 ISBN O 580 36486 7 This DE 18 Annex D (informative) Plaintext recovery . 21 Bibliography . 22 Page 3 ENV 13608-312000 Foreword This European Pr
3、estandard has been prepared by Technical Committee CENEC 25 1 “Health informatics“, the secretaxiat of which is held by SIS. According to the CENKENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this European Prestandard: Austria, Bel
4、gium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. This multipart standard consists of the following parts, under the general title Security for Healthcare Communicati
5、on (SEC-COM): - - - Part 1: Concepts and Terminology Part 2: Secure Data Objects Part 3: Secure Data Channels This standard is designed to meet the demands of the Technical Report CEN/TC251/N98-110 Informatics - Framework for security protection of health care communication. Health This standard was
6、 drafted using the conventions of the ISODEC directive Part 3. All annexes are informative. Introdwc tion The use of data processing and telecommunications in health care must be accompanied by appropriate security measures to ensure data confidentiality and integrity in compliance with the legal fr
7、amework, protecting patients as well as professional accountability and organizational assets. In addition, availability aspects are important to consider in many systems. In that sense, the SEC-COM series of standards has the intention of explaining and detailing to the healthcare end user the diff
8、erent alternatives they have to cope with in terms of security measures that might be implemented to fulfil their security needs and obligations. Incorporated within this is the standardization of some elements related to the information communication process where they fall within the security doma
9、in. In the continuity of the Framework for security protection of health care communication (CENEC25 1/N98- llO), hereafter denoted the Framework, whose CEN Report aimed at promoting a better understanding of the security issues in relations to the healthcare IT-communication, this European Restanda
10、rd shall aid in producing systems to enable health professionals and applications to communicate and interact securely and therefore safely, legitimately, lawfully and precisely. The SEC-COM series of standards are key communication security standards that can be generically applied to a wide range
11、of communication protocols and information system applications relevant to healthcare, though they are neither complete nor exhaustive in that respect. These standards must be defined within the context and scenarios defined by the TC251 work programme, in which the messaging paradigm for informatio
12、n system interaction is one of the essentials, as it was reflected by the Framework (Framework for security -protection of health care communication.) Page 4 ENV 13608-3:2000 Secure Data Channel This part 3 of the European Prestandard on Security for Healthcare Communication describes how to securel
13、y communicate arbitrary octet streams by means of a secure data channel communication protocol. NOTE NOTE This standard does not specify methods related to availability, storage or transportation of key certificates or other in-fra-structural issues, nor does it cover application security aspects su
14、ch as user authentication. A secure data channel is defined for the purposes of this standard as a reliable communication protocol that implements the following security services: 1. authentication of communicating entities prior to the communication of any other data preservation of data integrity
15、2. preservation of confidentiality of the communicated data. A secure data channel protocol operates in two distinct phases which, however, may be repeated: 1. 2. negotiation phase: authentication of communicating entities (e.g. exchange of Certificates), negotiation of the cipher suite to be used,
16、derivation of a shared secret using a key exchange algorithm communication phase: transmission of user data encrypted according to the negotiated cipher suite. In addition the secure data channel can be closed by either party when it is no longer required. The concept of a secure data channel can be
17、 best understood by looking at it?s properties, especially in comparison with the properties of a secure data object (prENV 13608-2, part 2 of this European Prestandard): 1. Interactivity: the negotiation phase allows the communicating entities to interactively agree upon a cipher suite that meets b
18、oth parties? security policies for the communication scenario in question (e.g. national vs. international communication). If the cipher suite negotiation is unsuccessful, no communication session is established. Transience: the secure data channel, being part of a layered communication protocol, re
19、ceives and delivers unsecured user data from and back to the calling layer. The encrypted representation of the data is transient (e.g. available only during transmission) and unavailable to the calling layer (e.g. application). Performance: after the establishment of the cipher suite and shared sec
20、ret during the negotiation phase, there is no need to use the computationally resource intensive asymmetric cryptographic algorithms during the communication phase. On the other hand, because of the transience of the encrypted representation of the data, encryption must be performed during the commu
21、nication process and cannot be pre-computed off-line. Forward secrecy: can be easily implemented as part of the key exchange protocol. Completeness: since the authentication of the communicating entities (e.g. certificate exchange) is part of the protocol, no additional out-of-band communication (e.
22、g. look-up of certificates in a trusted directory) is required to use the secure data channel, except if certificate revocation lists are used. Transparency: a secure data channel can be implemented such that it?s upper service access point resembles it?s lower service access point (e.g. TCP/IP sock
23、et interface). This allows the easy addition of security services to existing non-security-aware systems and protocols by integrating the secure data channel as an additional layer in the communication protocol stack. A well-known example for this approach is ?Secure HTP? (HTP over SSL3). 2. 3. 4. 5
24、. 6. The IETF Transport Layer Security (TLS) specification is a description of how to provide a secure data channel. Although TLS is an ETF Specification, it is not limited to TCP/IP. TLS only requires the presence of a reliable transmission protocol. This European Prestandard defines a set of profi
25、les used within T&S for use within healthcare communication over secure data channels. This means that ?TLS over OSI? would be possible if desired. Page 5 ENV 13608-3:2000 Health informatics - Security for healthcare communication - Part 3: Secure data channels 1 Scope This European Prestandard spec
26、ifies services and methods for securing interactive communications used within healthcare. Interactive communications are defined for the purposes of this standard as scenarios where both systems are online and in bi-directional communication simultaneously. Securing in this European Prestandard inc
27、ludes the preservation of data integrity, the preservation of confidentiality with respect to the data being communicated, and accountability in terms of authentication of one or both communicating parties. NOTE NOTE Examples of interactive communication are the download of HTML content over the Int
28、ernet, a DICOM communication, or remote login to a computer. This European Prestandard does not specify methods related to availability of the interactive communication, certification and certificate management and key management. Neither does this European Prestandard specify a mechanism for concea
29、ling that a communication session is in progress. This European Prestandard does not specie the methods or services required to secure the communicating systems themselves. 2 Normative references This European Prestandard incorporates by dated or undated reference, provisions from other publications
30、. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to, or revisions of any of these publications apply to this European Prestandard only when incorporated in it by amendment or revision.
31、For undated references, the latest edition of the publication referred to applies. IS0 7498-2 Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture IS0 8824 Information technology - Open Systems Interconnection - Specification of Abstra
32、ct Syntax Notation One (ASN.l) (Version 2 1991-04-24). IS0 9594-8 Information technology - Open Systems Interconnection - The Directory: Authentication framework IS0 10181-1 Information technology - Open Systems Interconnection - Security frameworks for open systems: Overview. RFC 2246 Internet Engi
33、neering Task Force: The TLS (Transport Layer Security) Protocol, RFC 2246 Page 6 ENV 13608-3:2000 3 Definitions 3.1 accountability The property that ensures that the actions of an entity may be traced uniquely to the entity IS0 7498-21 3.2 asymmetric cryptographic algorithm An algorithm for performi
34、ng encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ IS0 10181-11 3.3 authentication Process of reliably identifying security subjects by securely associating an identifier and its authenticator. See also data origin authentication and pee
35、r entity authentication IS0 7498-21 3.4 availability Property of being accessible and useable upon demand by an authorised entity IS0 7498-21 3.5 certificate revocation Act of removing any reliable link between a certificate and its related owner (or security subject owner), because the certificate
36、is not busted any more whereas it is unexpired 3.6 certificate holder An entity that is named as the subject of a valid certificate 3.7 certificate user An entity that needs to know, with certainty, the public key of another entity IS0 9594-81 3.8 certificate verification Verifying that a certificat
37、e is authentic 3.9 certification Use of digital signature to make transferable statement about beliefs of identity, or statements about delegation of authority 3.10 certification authority An authority trusted by one or more users to create and assign certificates. Optionally the certification autho
38、rity may create the users keys IS0 9594-81 STDmBSI DD ENV 13608-3-ENGL 2000 2624669 0656922 951 IIICI Page 7 ENV 13608-32000 3.11 ciphertext Data produced through the use of encipherment. The semantic content of the resulting data is not available IS0 7498-21 3.12 ciphersuite An encoding for the set
39、 of bulk data cipher, message digest function, digital signature algorithm and key exchange algorithm used within the negotiation phase of TLS 3.13 communication protection profile CPP A statement of systematic translation form communication security needs to technological concepts 3.14 communicatio
40、n security Security of security objects communicated between security subjects 3.15 confidentiality The property that information is not made available or disclosed to unauthorised individuals, entities, or processes IS0 7498-21 3.16 cryptography The discipline which embodies principles, means, and
41、methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorised use IS0 7498-21 3.17 cryptographic algorithm cipher an algorithm used to transform data to hide its information content which is used in the process of
42、 encryption (see 3.22) 3.18 data integrity The property that data has not been altered or destroyed in an unauthorised manner IS0 7498-21 3.19 data origin authentication The corroboration that the source of data received is as claimed IS0 7498-21 3.20 decryption decipherment Process of making encryp
43、ted data reappear in its original unencrypted form. The reversal of a corresponding reversible encipherment Page 8 ENV 13608-312000 3.21 digital signature Data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient of the data unit to prove the sourc
44、e and integrity of the data unit and protect against forgery e.g. by the recipient IS0 7498-21 3.22 encryption encipherment The cryptographic transformation of data (see cryptography) to produce ciphertext IS0 7498-21 3.23 forward secrecy Technique of ensuring that the communicated data is only deci
45、pherable for a limited time span by the communicating parties. NOTE After that time the communicating parties typically achieve forward secrecy by destroying cryptographic keys. This prevents an attacker from coercing the communicating parties into decrypting old ciphertext. 3.24 hash function A (ma
46、thematical) function that maps values from a (possibly very) large set of values into a smaller range of values IS0 10181-11 3.25 integrity The property of being unmodified by any kind of unauthorised security subject 3.26 key A sequence of symbols that controls the operations of encipherment and de
47、cipherment IS0 7498-21 3.27 key distribution Process of publishing, or transferring to other security subjects a cryptographic key 3.28 key exchange algorithm An algorithm used to derive a shared secret over an open communications channel 3.29 key generation Process of creating a cryptographic key 3
48、.30 key management The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy IS0 7498-21 3.31 message recovery Process of a third party decrypting an encrypted message STD.BS1 DD ENV 13608-3-ENGL 2000 5H Lb24bb9 0858924 724 b Page 9 ENV 1
49、3608-32000 3.32 one-way function A (mathematical) function that is easy to compute but, when knowing a result, it is computationally infeasible to find any of the values that may have been supplied to obtain it IS0 10181-11 3.33 one-way hash function A (mathematical) function that is both a one-way function and a hash function IS0 10181-11 3.34 peer entity authentication The corroboration that a peer entity in an association is the one claimed IS0 7498-21 3.35 plaintext Intelligible data, the semantic content of which is available 3.36 private key A key that is
