1 / 47

Document Digital Signature DSG

mayes
Download Presentation

Document Digital Signature DSG

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. September 8, 2005 Document Digital Signature Webinar 2 Providers and Vendors Working Together to Deliver Interoperable Health Information Systems In the Enterprise and Across Care Settings

    3. September 8, 2005 Document Digital Signature Webinar 3 IT Infrastructure Profiles 2004 Patient Identifier Cross-referencing for MPI (PIX) Retrieve Information for Display (RID) Consistent Time (CT) Patient Synchronized Applications (PSA) Enterprise User Authentication (EUA) 2005 Patient Demographic Query (PDQ) Cross Enterprise Document Sharing (XDS) Audit Trail and Note Authentication (ATNA) Personnel White Pages (PWP) 2006 Cross-Enterprise User Authentication (XUA) Document Digital Signature (DSG) – Notification of Document Availability (NAV) Patient Administration/Management (PAM)

    4. September 8, 2005 Document Digital Signature Webinar 4 Document Digital Signature Value Proposition Leverages XDS Document infrastructure Providing accountability Providing document integrity Providing non-repudiation Providing satisfactory evidence of: Authorship, Approval, Review, and Authentication Infrastructural pattern to be further profiled by domain specific groups (e-Prescribing, e-Referral)

    5. September 8, 2005 Document Digital Signature Webinar 5 Document Digital Signature Abstract/scope A Digital Signature is an XDS document (changed from June public comment version) There are four Use Cases that we have considered for this year Vendor must provide signature mechanism for XDS Submissions Possibility to use digital signatures without having an XDS registry. Approach is determined by other domain-specific groups (e-Prescribing, e-Referral)

    6. September 8, 2005 Document Digital Signature Webinar 6 Document Digital Signature Out of scope Certificate management and PKI concepts Standards and implementations are available and will be discussed later Focus begins with signing, not encryption Partial Document Signature These are out of scope for the supplement, however we will discuss them in this webinar. These are out of scope for the supplement, however we will discuss them in this webinar.

    7. September 8, 2005 Document Digital Signature Webinar 7 Document Digital Signature Introduction to Digital Signatures The Signing Ceremony Components Resources

    8. September 8, 2005 Document Digital Signature Webinar 8 Document Digital Signature The Signing Ceremony In order to create a digitally signed document the signing application: Creates a digest of the document to be signed Creates a cryptographic hash of the digest using the private key of the signer Attaches the hash to the original document The hash function and asymmetric algorithm, as well as the verification algorithm should be provided by a cryptographic toolkit. In order to create a digitally signed document the signing application: Creates a digest of the document to be signed Creates a cryptographic hash of the digest using the private key of the signer Attaches the hash to the original document The hash function and asymmetric algorithm, as well as the verification algorithm should be provided by a cryptographic toolkit.

    9. September 8, 2005 Document Digital Signature Webinar 9 Document Digital Sinature Verification The recipient of the signed document can verify the signature by applying the public key of the signer Begin with the signed document plus the signature, apply the algorithm using the public key of the signer that you may obtain from the LDAP directory or from the signature, and you should end up with the same hash as the one that the signer created with their private key. If the hashes match, then the signature is valid. This should also be taken care of by a good crypto toolkit.The recipient of the signed document can verify the signature by applying the public key of the signer Begin with the signed document plus the signature, apply the algorithm using the public key of the signer that you may obtain from the LDAP directory or from the signature, and you should end up with the same hash as the one that the signer created with their private key. If the hashes match, then the signature is valid. This should also be taken care of by a good crypto toolkit.

    10. September 8, 2005 Document Digital Signature Webinar 10 Document Digital Signature Components You will need: A digital identity A toolkit for the cryptographic algorithms of signing and signature verification (Identrus will be providing Digital IDs for testing and showcasing at the connectathon. Contact Lori Reed-Fourquet to get a digital ID to test with.) (Identrus will be providing Digital IDs for testing and showcasing at the connectathon. Contact Lori Reed-Fourquet to get a digital ID to test with.)

    11. September 8, 2005 Document Digital Signature Webinar 11 Document Digital Signature Digital Identity Must be obtained from an ISO 17090 compliant Certificate Authority Including the role extension for the signer’s role in the healthcare profession For purposes of signature verification, the signer’s certificate (public key portion) must be available Test certificates can be obtained without rigorous identification requirements for the purpose of the Connectathon For test certificates contact lori.fourquet@sbcglobal.net -- The CA does not necessarily imply a PKI 2. There will be an LDAP directory available for Personnel White Pages 3. This however will be an important part of rolling this out to hospitals, as Identity management and rigorous registration management is key to the level of security of the signature -- The CA does not necessarily imply a PKI 2. There will be an LDAP directory available for Personnel White Pages 3. This however will be an important part of rolling this out to hospitals, as Identity management and rigorous registration management is key to the level of security of the signature

    12. September 8, 2005 Document Digital Signature Webinar 12 Document Digital Signature ISO 17090 Certificate Info A certificate may contain the name of the practitioner, their email address (optional), information about their organization and other credentials as referenced in ISO 17090 ISO 17090 specifies a single healthcare-specific extension enabling assertion of roles: the healthcare profession regulatory identifiers professional identifiers consumer identifiers employee roles The IHE ITI committee has chosen to use this role extension. The IHE ITI committee has chosen to use this role extension.

    13. September 8, 2005 Document Digital Signature Webinar 13 Document Digital Signature Identity Management Rigorous Identity management is critical to maintaining the trustworthiness of a digital signature Organizations must ensure that face-to-face registration processes are in place and that digital identities are carefully assigned Credentials of the healthcare stakeholder must be verified by the registration agent The registration agent must be trained and aware of security requirements Identity management will not be required for the Connectathon, but vendors must plan for it in their products. Identity management will not be required for the Connectathon, but vendors must plan for it in their products.

    14. September 8, 2005 Document Digital Signature Webinar 14 Document Digital Signature Goals Leverages XDS for signature by reference Profile use of single / multiple signatures Profile use of nested signatures Provide signature integrity across intermediary processing E-prescribing Interface Engine

    15. September 8, 2005 Document Digital Signature Webinar 15 Document Digital Signature Updates Changes to Digital Signatures Supplement since June 15th public comments version Most notably: no new XDS document type NAV will use digital signature function W3C XaDES was selected as an XML Digital Signature Structure XaDES was selected for the timestamp, signature purpose and signer role attributes In the long germ XaDES will also help support future profiling needs for signature verification and long-term non-repudiation XaDES was selected for the timestamp, signature purpose and signer role attributes In the long germ XaDES will also help support future profiling needs for signature verification and long-term non-repudiation

    16. September 8, 2005 Document Digital Signature Webinar 16 Document Digital Signatures Security Considerations Digital Signatures help mitigate risk for the following attacks: In the storage or transmission of documents, characteristics of clinician orders reflected in the prescription could be modified. In the storage or transmission of documents, characteristics of countersigned clinician orders reflected in the prescription could be modified. A forged prescription could be introduced.

    17. September 8, 2005 Document Digital Signature Webinar 17 Document Digital Signatures Risks not mitigated The following scenarios will not be mitigated by using digital signatures and require additional security: Corruption or bribery of a user, or counter-signer Theft of a private key Compromise of the physician’s workstation to allow access to the signing key The confirmation process could be corrupted or modified. The dispensing system could be corrupted or modified, including simple attacks like burglary. The dispensing feedback could be corrupted, modified, or destroyed. Implementers must understand that digital signatures do not provide complete assurance. A full security policy infrastructure is necessary. Implementers must understand that digital signatures do not provide complete assurance. A full security policy infrastructure is necessary.

    18. September 8, 2005 Document Digital Signature Webinar 18 Document Digital Signature Use Cases: True Copy Use Case 1: Attesting a document as true copy Verify that the document in use by all parties is the same as the original document and has not been modified. Verify “document integrity”. The purpose of this use case is to verify that the document being used is the same as the original document and has not been modified by error or intent. This is called establishing document integrity. It is also important to ascertain the identity of the signer, and the reason for the signature. For example, if it needs to be confirmed that a document is a true copy of a source medical document the digital signature is checked. If the signature is verified, then the document is a true copy. If the signature is not verified, then the document has been modified and cannot be trusted The purpose of this use case is to verify that the document being used is the same as the original document and has not been modified by error or intent. This is called establishing document integrity. It is also important to ascertain the identity of the signer, and the reason for the signature. For example, if it needs to be confirmed that a document is a true copy of a source medical document the digital signature is checked. If the signature is verified, then the document is a true copy. If the signature is not verified, then the document has been modified and cannot be trusted

    19. September 8, 2005 Document Digital Signature Webinar 19 Document Digital Signature Use Cases: True Copy XDS example: Medical records staff who submit documents to XDS need to verify and attest their submission. Non-XDS example: A physician needs to forward results obtained from a third party to another clinician. There is a need to ensure that all parties are working from the same “true copy”

    20. September 8, 2005 Document Digital Signature Webinar 20 Document Digital Signature Use Cases: Attesting to Content Use Case 2: Attesting clinical information content Attest that a report is complete and correct Ability to verify that physician has verified and attested to report

    21. September 8, 2005 Document Digital Signature Webinar 21 Document Digital Signature Use Cases: Attesting to Content XDS example: When a clinician submits content to XDS he/she signs it to take clinical responsibility for the content Non-XDS example: A clinician needs to rely on the contents of a report created by another clinician; diagnosis, prescription content, etc Also, this signature can not be repudiated.

    22. September 8, 2005 Document Digital Signature Webinar 22 Document Digital Signature Use Cases: Diagnostic Report Use Case 3: Attesting to a diagnostic report signature can simultaneously sign the source data that was used to prepare the diagnostic report Provides a means to represent the full set of reports and data that was used to prepare report Subsequent information added to XDS is clearly not part of the source data

    23. September 8, 2005 Document Digital Signature Webinar 23 Document Digital Signature Use Cases: Submission set Use Case 4: Attesting to a whole submission set A digitally signed manifest can indicate both: That a set of documents is authorized for release by signing clinician That the set is indeed the complete set of documents and their associated signatures Manifest signature does NOT verify content or correctness. 1.4.3 Attesting to a whole submission set When a doctor releases a set of documents for cross enterprise distribution, s/he can use a digitally signed manifest to indicate that: s/he is authorizing their release, and this is the full set of documents in this release: the medical documents, and their associated digital signatures at the time of release The digital signature document does not mean that s/he is verifying the clinical content of the documents that is handled by other digital signatures that should be included in the set of documents released. The recipient organizations can use this digital signature to: identify the person who selected and authorized the release, obtain the complete list of documents released, verify that the released documents have not changed, and identify the associated XDS submission set.1.4.3 Attesting to a whole submission set When a doctor releases a set of documents for cross enterprise distribution, s/he can use a digitally signed manifest to indicate that: s/he is authorizing their release, and this is the full set of documents in this release: the medical documents, and their associated digital signatures at the time of release The digital signature document does not mean that s/he is verifying the clinical content of the documents that is handled by other digital signatures that should be included in the set of documents released. The recipient organizations can use this digital signature to: identify the person who selected and authorized the release, obtain the complete list of documents released, verify that the released documents have not changed, and identify the associated XDS submission set.

    24. September 8, 2005 Document Digital Signature Webinar 24 Document Digital Signature Use Cases: Submission Set The recipient organizations can use this digital signature to: identify the person who selected and authorized the release, obtain the complete list of documents released, verify that the released documents have not changed, and identify the associated XDS submission set.

    25. September 8, 2005 Document Digital Signature Webinar 25 Document Digital Signature Use Cases: Submission Set XDS example: Use XDS to send a collection of documents relating to a patient referral. Attest that submission includes complete set of relevent documents. Non-XDS example: Attesting to the completeness of a monthly submission of all TB patient records for statistical analysis Attesting to the completeness of health records in a patient transfer

    26. September 8, 2005 Document Digital Signature Webinar 26 Document Digital Sitgnature Translation/Transformation Use Case 5: Translation When an original document must be translated , the original signature cannot be used to validate the translated document. There must be an additional signature generated by the translation with the ability to retain the original signature and data integrity.

    27. September 8, 2005 Document Digital Signature Webinar 27 Document Digital Signature Use Cases: Translation Introduction of an additional signature to validate : The original document The original signature The translated document Used to verify that the translator had the original/true document, that the original document was signed, and that the translation has attested to the validity of the translation. When an original document must be translated (for the purposes of digital signature, translations and transformations will be handled the same way), the orginal signature cannot be used to validate the translated document. There must be an additional signature generated by the translation. This additional signature signs: The original document being translated, The resulting translation, and The original signature. Then all four objects must be provided to the user of the translated document: The translated document, which will be used The translator’s signature which will be used to: Verify the translated document Confirm the original document Confirm the original signature The original document, and The original signatureWhen an original document must be translated (for the purposes of digital signature, translations and transformations will be handled the same way), the orginal signature cannot be used to validate the translated document. There must be an additional signature generated by the translation. This additional signature signs: The original document being translated, The resulting translation, and The original signature. Then all four objects must be provided to the user of the translated document: The translated document, which will be used The translator’s signature which will be used to: Verify the translated document Confirm the original document Confirm the original signature The original document, and The original signature

    28. September 8, 2005 Document Digital Signature Webinar 28 Document Digital Signature Use Cases: Translation The original signature is not sufficient for signing the translated document. An additional translation signature must be used.The original signature is not sufficient for signing the translated document. An additional translation signature must be used.

    29. September 8, 2005 Document Digital Signature Webinar 29 Document Digital Signature Use Cases: Translation XDS example: Reference original document and original signature by using association-type to link them in XDS with translated version Non-XDS example: e-prescribing : Value added networks that translate the format of a prescription before forwarding it to a pharmacy Non-xds example: use translation signature use case to ensure that you don’t lose signature integrity. Non-xds example: use translation signature use case to ensure that you don’t lose signature integrity.

    30. September 8, 2005 Document Digital Signature Webinar 30 Document Digital Signature Signature Attributes Expand signature to include additional data relevant to the healthcare signature Includes the date and time the signature was calculated and applied The identity of the signer Signature Purpose W3C XaDES signatures need to be expanded to suit healthcare needs We are expanding W3C XaDES signatures which to not have sufficient signature attribute support to include at least these attributes from the ASTM standard since they’re necessary to healthcareW3C XaDES signatures need to be expanded to suit healthcare needs We are expanding W3C XaDES signatures which to not have sufficient signature attribute support to include at least these attributes from the ASTM standard since they’re necessary to healthcare

    31. September 8, 2005 Document Digital Signature Webinar 31 Document Digital Signature Additions to ASTM1762 The following items will be added to ASTM1762 Modification Authorization Transformation Recipient Modification is being worked on. In support of this profile and concepts identified in preparing this profile, we will suggest the addition of these signature purposes to the ASTM standard.In support of this profile and concepts identified in preparing this profile, we will suggest the addition of these signature purposes to the ASTM standard.

    32. September 8, 2005 Document Digital Signature Webinar 32 Document Digital Signature Multiple Signatures The following diagrams will outline common transactions where multiple signatures may be required.

    33. September 8, 2005 Document Digital Signature Webinar 33 Document Digital Signature Transaction Diagram First transaction: A simple signature action Second transaction: Two collaborators co-sign, sharing responsibility for the content of the document. First transaction: A simple signature action Second transaction: Two collaborators co-sign, sharing responsibility for the content of the document.

    34. September 8, 2005 Document Digital Signature Webinar 34 Document Digital Signature Transaction Diagram First workflow: An example of a counter-signature verifying the first signature, such an anaesthesiologist approving the anaesthetizing nurse’s signature Second workflow: In a patient discharge, the physician authorizes release of the patient and the nurse signs that they have informed the patient of discharge instructions and the discharge planner signs that arrangements for supplement care have been made. First workflow: An example of a counter-signature verifying the first signature, such an anaesthesiologist approving the anaesthetizing nurse’s signature Second workflow: In a patient discharge, the physician authorizes release of the patient and the nurse signs that they have informed the patient of discharge instructions and the discharge planner signs that arrangements for supplement care have been made.

    35. September 8, 2005 Document Digital Signature Webinar 35 Document Digital Sitgnature Multiple Signatures For multiple signatures of the same document (e.g. co-signature), each signature will generate the digest data from the document source For witness signatures and other cases where the second signature is representing attestation to the original data and the prior signature (e.g. witness), the digest is generated from the output of the first signed document.

    36. September 8, 2005 Document Digital Signature Webinar 36 Document Digital Siganture XML Digital Signature Tools Apache XML Security project has both Java and C++ implementations of XML Digital Signature (open source) http://xml.apache.org/security/ JSR 105: Java XML Digital Signature API with reference implementations-- final release by Sun and IBM June 24, 2005. http://jcp.org/aboutJava/communityprocess/final/jsr105/index.html

    37. September 8, 2005 Document Digital Signature Webinar 37 Document Digital Signature Commercial Toolkits (not comprehensive list) http://jce.iaik.tugraz.at/products/052_XSECT/index.php http://www.infomosaic.net/SecureXMLDetailInfo.htm http://www.betrusted.com/products/keytools/xml/index.asp http://www.phaos.com/products/category/xml.html http://www.verisign.com/products-services/security-services/pki/xml-trust-services/index.html

    38. September 8, 2005 Document Digital Signature Webinar 38 Document Digital Signature Efforts to make it easier– Implementations of IHE IT Infrastructure actors that require XML Digital Signature support have been announced for the Eclipse Open Healthcare Framework. No delivery date announced yet, but will be available for the 2005-2006 integrations For more information on Eclipse contact djorgenson@inpriva.com

    39. September 8, 2005 Document Digital Signature Webinar 39 Document Digital Signature XDS Sample Code <Signature Id="signatureOID" xmlns=http://www.w3.org/2000/09/xmldsig# xmlns:xad=”xmlns="http://uri.etsi.org/01903/v1.1.1#"”> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments”/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#IHEManifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>base64ManifestDigestValue</DigestValue> </Reference> </SignedInfo> <SignatureValue>base64SignatureValue</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>base64X509certificate<X509Certificate> </X509Data> </KeyInfo>

    40. September 8, 2005 Document Digital Signature Webinar 40 Document Digital Signature XDS Sample Code <Object> <xad:QualifyingProperties> <xad:SignedProperties> <xad:SignedSIgnatureProperties> <xad:SigningTime> yyyymmddhhmmss</SigningTime> <xad:SigningCertificate> <xad:Cert> <!-- identifier of signing certificate --> <xad:CertDigest> <xad:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <xad:DigestValue>base64 digest value</DigestValue> </CertDigest> <xad:IssuerSerial> <xad:X509IssuerName>X.509 distinguished name of certificate</X509IssuerName> <xad:X509SerialNumber>certificate serial number</X509SerialNumber> </IssuerSerial> </Cert>

    41. September 8, 2005 Document Digital Signature Webinar 41 Document Digital Signature XDS Sample Code <xad:Cert> <!-- identifier of signing certificate’s parent --> <xad:CertDigest> <xad:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <xad:DigestValue>base64 digest value</DigestValue> </CertDigest> <xad:IssuerSerial> <xad:X509IssuerName>X.509 distinguished name of parent’s certificate</X509IssuerName> <xad:X509SerialNumber>certificate serial number </X509SerialNumber> </IssuerSerial> </Cert> </SigningCertificate> <xad:SignaturePolicyIdentifier>id</SignaturePolicyIdentifier> </SignedSIgnatureProperties> </SignedProperties> </QualifyingProperties>

    42. September 8, 2005 Document Digital Signature Webinar 42 Document Digital Signature XDS Sample Code <SignatureProperties> <SignatureProperty Id="purposeOfSignature" target=”signatureOID” > code</SignatureProperty> </SignatureProperties> <Manifest Id="IHEManifest"> <Reference URI=”ihexds:registry:xxxx-xxxx….”> <!-- document A--> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>base64DigestValue</DigestValue> </Reference> <Reference URI=”ihexds:registry:xxxx-xxxx….”> <!—XML document B--> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>base64DigestValue</DigestValue> </Reference> <Reference URI=”ihexds:registry:xxxx-xxxx….”> <!--DICOM document (or object) C--> <Transforms> <Transform Algorithm="urn:oid:1.2.840.10008.1.2.1"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>base64DigestValue</DigestValue> </DigestMethod </Reference> </Manifest> </Object> </Signature>

    43. September 8, 2005 Document Digital Signature Webinar 43 Document Digital Signature XDS Signature Document Content Lori will touch on these items and give people time to ask if any elements of the table are unclear.Lori will touch on these items and give people time to ask if any elements of the table are unclear.

    44. September 8, 2005 Document Digital Signature Webinar 44 Document Digital Signature XDS Signature Document Content

    45. September 8, 2005 Document Digital Signature Webinar 45 Document Digital Signature XDS Signature Document Content

    46. September 8, 2005 Document Digital Signature Webinar 46 Document Digital Signature Standards Used W3C XML XaDES Signature ISO 17090, 21091 ASTM E2212, E1985, E1762, E1084 IETF x509 DICOM supplement 41, 86 NCPDP HL7 CDA

    47. September 8, 2005 Document Digital Signature Webinar 47 More information…. IHE Web sites: www.ihe.net Technical Frameworks, Supplements Fill in relevant supplements and frameworks Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

More Related