Date post: | 08-Apr-2018 |
Category: |
Documents |
Upload: | anil-verma |
View: | 218 times |
Download: | 0 times |
of 17
8/7/2019 2005-IHE-DGS-workshop-june262005
1/23
Document Digital Signature(DSG)Document Digital Signature(DSG)
Gila Pyke / Lori Reed-Fourquet
Smart Systems for Health Agency / Identrus
IHE ITI Technical Comittee
8/7/2019 2005-IHE-DGS-workshop-june262005
2/23
June 28-29, 2005 Interoperability Strategy Workshop2
WWW . I H E . N E TWWW . I H E . N E T
Providers and Vendors
Working Togetherto Deliver
Interoperable Health Information Systems
In the Enterprise
and Across Care Settings
8/7/2019 2005-IHE-DGS-workshop-june262005
3/23
June 28-29, 2005 Interoperability Strategy Workshop3
IT Infrastructure ProfilesIT Infrastructure Profiles
2004
Patient Identifier Cross-referencing for MPI (PIX)
Retrieve Information for Display (RID)
Consistent Time (CT)
Patient Synchronized Applications (PSA)
Enterprise User Authentication (EUA)2005
Patient Demographic Query (PDQ)
Cross Enterprise Document Sharing (XDS)
Audit Trail and Note Authentication (ATNA)
Personnel White Pages (PWP)
2006
Cross-Enterprise User Authentication (XUA)
Document Digital Signature (DSG)
Notification of Document Availability (NAV)
Patient Administration/Management (PAM)
Document Digital Signature
(DSG)Use of digital signatures to provide
document integrity, non-repudiation and
accountability.
8/7/2019 2005-IHE-DGS-workshop-june262005
4/23
June 28-29, 2005 Interoperability Strategy Workshop4
Document Digital SignatureDocument Digital Signature
Value PropositionValue Proposition
Leverages XDS Document infrastructure
Providing accountability
Providing document integrity
Providing non-repudiation
Providing satisfactory evidence of: Authorship,Approval, Review, and Authentication
Infrastructural pattern to be further profiled bydomain specific groups (e-Prescribing, e-Referral)
8/7/2019 2005-IHE-DGS-workshop-june262005
5/23
8/7/2019 2005-IHE-DGS-workshop-june262005
6/23
June 28-29, 2005 Interoperability Strategy Workshop6
Document Digital SignatureDocument Digital Signature
Abstract/scopeAbstract/scope
Digital Signature Document format
Leverages XDS for signature by reference
New document type in XDS Linkage forwardand back.
Profiles single / multiple signatures
Profiles nested signatures
Provide signature integrity across intermediaryprocessing
8/7/2019 2005-IHE-DGS-workshop-june262005
7/23
8/7/2019 2005-IHE-DGS-workshop-june262005
8/23
June 28-29, 2005 Interoperability Strategy Workshop8
Document Digital SignaturesDocument Digital Signatures
GoalsGoals
Digital Signatures help mitigate risk for the
following attacks:
In the storage or transmission of documents,characteristics of clinician orders reflected in the
prescription could be modified.
In the storage or transmission of documents,
characteristics of countersigned clinician ordersreflected in the prescription could be modified.
A forged prescription could be introduced.
8/7/2019 2005-IHE-DGS-workshop-june262005
9/23
June 28-29, 2005 Interoperability Strategy Workshop9
Document Digital SignaturesDocument Digital Signatures
The following scenarios will not be mitigated byusing digital signatures and require additionalsecurity: Corruption or bribery of a user, or counter-signer
Theft of a private key
Compromise of the physicians workstation to allow accessto the signing key
The confirmation process could be corrupted or modified.
The dispensing system could be corrupted or modified,including simple attacks like burglary.
The dispensing feedback could be corrupted, modified, ordestroyed.
8/7/2019 2005-IHE-DGS-workshop-june262005
10/23
June 28-29, 2005 Interoperability Strategy Workshop10
Document Digital SignatureDocument Digital Signature
Key Technical PropertiesKey Technical Properties
W3C XML Signature structure
credentials, timestamp, and other signature attributes
such as signature purpose Reference to document stored in XDS
ISO TS17090 compliant digital certificates
Assures message integrity
Verification of signed document validity
Provides for multiple signers
8/7/2019 2005-IHE-DGS-workshop-june262005
11/23
June 28-29, 2005 Interoperability Strategy Workshop11
Document Digital SignatureDocument Digital Signature
Signature AttributesSignature Attributes
Expand signature to include additional data
relevant to the healthcare signature
Includes the date and time the signature wascalculated and applied
The identity of the signer
Signature Purpose
8/7/2019 2005-IHE-DGS-workshop-june262005
12/23
June 28-29, 2005 Interoperability Strategy Workshop12
Document Digital SignatureDocument Digital Signature
Signature AttributesSignature Attributes
The role of a signer (purpose of the signature) includesactors that may carry the responsibilities of: Signer: the actor that creates the electronic signature. When the signer
digitally signs over data object(s) using the prescribed format, this
represents a commitment on behalf of the signing entity to the dataobject(s) being signed.
Verifier: the entity that verifies the electronic signature. It may be asingle entity or multiple entities
Trusted Service Providers: one or more entities that help to build trustrelationships between the signer and verifier. Trusted ServiceProviders include PKI Certification Authorities, RegistrationAuthorities, Repository Authorities (e.g. a directory), Time-StampingAuthorities, Signature Policy Issuers and Attribute Authorities.
Arbitrator: An entity that arbitrates in disputes between a signer and averifier.
8/7/2019 2005-IHE-DGS-workshop-june262005
13/23
June 28-29, 2005 Interoperability Strategy Workshop13
Document Digital SignatureDocument Digital Signature
Transaction DiagramTransaction Diagram
8/7/2019 2005-IHE-DGS-workshop-june262005
14/23
June 28-29, 2005 Interoperability Strategy Workshop14
Document Digital SignatureDocument Digital Signature
Transaction DiagramTransaction Diagram
8/7/2019 2005-IHE-DGS-workshop-june262005
15/23
June 28-29, 2005 Interoperability Strategy Workshop15
Document Digital SignatureDocument Digital Signature
Use CasesUse Cases
Attesting a document as true copy Each subsequent use of the original signed digital document or
a digital copy of the document can inspected signatures to
assert that the documents are true copies of informationattestable to the signer at the time of the signature ceremony
Attesting content When a clinician submits a clinical document to the XDS
repository, the clinician using a digital certificate digitally
signs the document Attesting to whole submission set
Translation / Transformation
8/7/2019 2005-IHE-DGS-workshop-june262005
16/23
June 28-29, 2005 Interoperability Strategy Workshop16
CrossCross--Enterprise Document SharingEnterprise Document Sharing
(XDS) Use Case (1)(XDS) Use Case (1)
The XDS profile describes how differenthealth care parties can share documents
A document source is responsible toprovide and register document in aregistry/repository for a query andretrieve by a document consumer
Document Digital Signature enables tomanage the responsibility issues
8/7/2019 2005-IHE-DGS-workshop-june262005
17/23
June 28-29, 2005 Interoperability Strategy Workshop17
CrossCross--Enterprise Document SharingEnterprise Document Sharing
(XDS) Use Case (2)(XDS) Use Case (2)
The document source wants to prove ithas well authored the document and the
associated submission set metadata The registry/repository it has not
corrupted the documents and metadata
The document consumer wants to checkabove items and check the identity ofauthor(s) and authenticator(s)
8/7/2019 2005-IHE-DGS-workshop-june262005
18/23
June 28-29, 2005 Interoperability Strategy Workshop18
CrossCross--Enterprise Document SharingEnterprise Document Sharing
(XDS) Use Case (3)(XDS) Use Case (3)
The document source includes the document(s)
signature(s) into the submission set
The registry/repository stores the documentsignature(s) as a document and metadata
associated with it/them as a specific signature
object metadata
The document consumer can see the signature
metadata and retrieve each signature for checking
it, including the certificate(s)
8/7/2019 2005-IHE-DGS-workshop-june262005
19/23
June 28-29, 2005 Interoperability Strategy Workshop19
Document Digital SignatureDocument Digital SignatureSignature PurposeSignature Purpose
From ASTM E1762 * Author - Authors signature,
Author.Co - Coauthors signature
Participant - Co-participants signature
Transcriptionist/Recorder
Verification - Verification signature
Validation - Validation signature Consent - Consent signature
Witness - Witness signature
Witness.Event - Event witness signature
Witness.Identity - Identity witness signature such as a Notary
Witness.Consent - Consent witness signature
Interpreter Review - Review signature
Source - Source signature
Addendum - Addendum signature
Administrative
Timestamp
8/7/2019 2005-IHE-DGS-workshop-june262005
20/23
June 28-29, 2005 Interoperability Strategy Workshop20
Document Digital SignatureDocument Digital SignatureAdditions to ASTM1762Additions to ASTM1762
The following items will be added to
ASTM1762
Modification
Authorization
Transformation
Recipient
Modification is being worked on.
8/7/2019 2005-IHE-DGS-workshop-june262005
21/23
June 28-29, 2005 Interoperability Strategy Workshop21
Document Digital SignatureDocument Digital Signature
Standards UsedStandards Used
W3C XML Signature
ISO 17090, 21091
ASTM E2212, E1985, E1762, E1084
IETF x509
DICOM supplement 41, 86
NCPDP
HL7 CDA
8/7/2019 2005-IHE-DGS-workshop-june262005
22/23
June 28-29, 2005 Interoperability Strategy Workshop22
Document Digital SignatureDocument Digital Signature
EE--prescribing threatsprescribing threats
Doctor
$
V I S I O C O R P O R A T I O N
Doctors Key
Doctor's System
$
$ $
CounterSigner
$
V I S I O C O R P O R A T I O N
Countersigner's Key
CounterSigner's System
Pharmacy
Confirm
Dispensing
Key ManagementInfrastructure
SignedPrescription
CounterSignedPrescription
ForgedPrescription
DispensingFeedback
8/7/2019 2005-IHE-DGS-workshop-june262005
23/23
June 28-29, 2005 Interoperability Strategy Workshop23
More information.More information.
IHE Web sites: www.ihe.net
Technical Frameworks, Supplements
Fill in relevant supplements and frameworks
Non-Technical Brochures : Calls for Participation
IHE Fact Sheet and FAQ
IHE Integration Profiles: Guidelines for Buyers
IHE Connect-a-thon Results
Vendor Products Integration Statements