Claudio Saccavini - PowerPoint PPT Presentation

1 / 41

About This Presentation

Title:

Claudio Saccavini

Description:

For test certificates contact lori.fourquet_at_sbcglobal.net. Document Digital Signature ... signature can simultaneously sign the source data that was used to ... – PowerPoint PPT presentation

Number of Views:127

Avg rating:3.0/5.0

Slides: 42

Provided by: iheUniv

Category:

more less

Transcript and Presenter's Notes

Title: Claudio Saccavini

1
Document Digital Signature(DSG)

Claudio Saccavini
IHE-Italy Project Manager
O3 Consortium - University of Padova

2
IT Infrastructure Profiles

2004
Patient Identifier Cross-referencing for MPI
(PIX)
Retrieve Information for Display (RID)
Consistent Time (CT)
Patient Synchronized Applications (PSA)
Enterprise User Authentication (EUA)
2005
Patient Demographic Query (PDQ)
Cross Enterprise Document Sharing (XDS)
Audit Trail and Note Authentication (ATNA)
Personnel White Pages (PWP)
2006
Cross-Enterprise User Authentication (XUA)
Document Digital Signature (DSG)
Notification of Document Availability (NAV)
Patient Administration/Management (PAM)

Document Digital Signature (DSG) Use of digital
signatures to provide document integrity,
non-repudiation and accountability.
3
Document Digital SignatureValue Proposition

Leverages XDS Document infrastructure
Providing accountability
Providing document integrity
Providing non-repudiation
Providing satisfactory evidence of Authorship,
Approval, Review, and Authentication
Infrastructural pattern to be further profiled by
domain specific groups (e-Prescribing,
e-Referral)

4
Document Digital SignatureAbstract/scope

A Digital Signature is an XDS document (changed
from June public comment version)
There are four Use Cases that we have considered
for this year
Vendor must provide signature mechanism for XDS
Submissions
Possibility to use digital signatures without
having an XDS registry. Approach is determined by
other domain-specific groups (e-Prescribing,
e-Referral)

5
Document Digital SignatureOut of scope

Certificate management and PKI concepts
Standards and implementations are available and
will be discussed later
Focus begins with signing, not encryption
Partial Document Signature

6
Document Digital SignatureIntroduction to
Digital Signatures

The Signing Ceremony
Components
Resources

7
Document Digital SignatureThe Signing Ceremony
8
Document Digital SinatureVerification
Original Document
Message HASH
EAdfj78oXWq
HASH function
Signed Document
Equal
Public Key of Signer
Asymmetric Algorithm
EAdfj78oXWq
Signature
Original HASH (Signer generated)
9
Document Digital SignatureComponents

You will need
A digital identity
A toolkit for the cryptographic algorithms of
signing and signature verification

10
Document Digital SignatureDigital Identity

Must be obtained from an ISO 17090 compliant
Certificate Authority
Including the role extension for the signers
role in the healthcare profession
For purposes of signature verification, the
signers certificate (public key portion) must be
available
Test certificates can be obtained without
rigorous identification requirements for the
purpose of the Connectathon
For test certificates contact lori.fourquet_at_sbcglo
bal.net

11
Document Digital SignatureISO 17090 Certificate
Info

A certificate may contain the name of the
practitioner, their email address (optional),
information about their organization and other
credentials as referenced in ISO 17090
ISO 17090 specifies a single healthcare-specific
extension enabling assertion of roles
the healthcare profession
regulatory identifiers
professional identifiers
consumer identifiers
employee roles

12
Document Digital SignatureIdentity Management

Rigorous Identity management is critical to
maintaining the trustworthiness of a digital
signature
Organizations must ensure that face-to-face
registration processes are in place and that
digital identities are carefully assigned
Credentials of the healthcare stakeholder must be
verified by the registration agent
The registration agent must be trained and aware
of security requirements

13
Document Digital SignatureGoals

Leverages XDS for signature by reference
Profile use of single / multiple signatures
Profile use of nested signatures
Provide signature integrity across intermediary
processing
E-prescribing
Interface Engine

14
Document Digital SignatureUpdates

Changes to Digital Signatures Supplement since
June 15th public comments version
Most notably no new XDS document type
NAV will use digital signature function
W3C XaDES was selected as an XML Digital
Signature Structure

15
Document Digital SignaturesSecurity
Considerations

Digital Signatures help mitigate risk for the
following attacks
In the storage or transmission of documents,
characteristics of clinician orders reflected in
the prescription could be modified.
In the storage or transmission of documents,
characteristics of countersigned clinician orders
reflected in the prescription could be modified.
A forged prescription could be introduced.

16
Document Digital SignaturesRisks not mitigated

The following scenarios will not be mitigated by
using digital signatures and require additional
security
Corruption or bribery of a user, or
counter-signer
Theft of a private key
Compromise of the physicians workstation to
allow access to the signing key
The confirmation process could be corrupted or
modified.
The dispensing system could be corrupted or
modified, including simple attacks like burglary.
The dispensing feedback could be corrupted,
modified, or destroyed.

17
Document Digital SignatureUse Cases True Copy

Use Case 1 Attesting a document as true copy
Verify that the document in use by all parties is
the same as the original document and has not
been modified.
Verify document integrity.

18
Document Digital SignatureUse Cases True Copy

XDS example
Medical records staff who submit documents to XDS
need to verify and attest their submission.
Non-XDS example
A physician needs to forward results obtained
from a third party to another clinician. There is
a need to ensure that all parties are working
from the same true copy

19
Document Digital SignatureUse Cases Attesting
to Content

Use Case 2 Attesting clinical information
content
Attest that a report is complete and correct
Ability to verify that physician has verified and
attested to report

20
Document Digital SignatureUse Cases Attesting
to Content

XDS example
When a clinician submits content to XDS he/she
signs it to take clinical responsibility for the
content
Non-XDS example
A clinician needs to rely on the contents of a
report created by another clinician diagnosis,
prescription content, etc
Also, this signature can not be repudiated.

21
Document Digital SignatureUse Cases Diagnostic
Report

Use Case 3 Attesting to a diagnostic report
signature can simultaneously sign the source data
that was used to prepare the diagnostic report
Provides a means to represent the full set of
reports and data that was used to prepare report
Subsequent information added to XDS is clearly
not part of the source data

22
Document Digital SignatureUse Cases Submission
set

Use Case 4 Attesting to a whole submission set
A digitally signed manifest can indicate both
That a set of documents is authorized for release
by signing clinician
That the set is indeed the complete set of
documents and their associated signatures
Manifest signature does NOT verify content or
correctness.

23
Document Digital SignatureUse Cases Submission
Set

The recipient organizations can use this digital
signature to
identify the person who selected and authorized
the release,
obtain the complete list of documents released,
verify that the released documents have not
changed, and
identify the associated XDS submission set.

24
Document Digital SignatureUse Cases Submission
Set

XDS example
Use XDS to send a collection of documents
relating to a patient referral. Attest that
submission includes complete set of relevent
documents.
Non-XDS example
Attesting to the completeness of a monthly
submission of all TB patient records for
statistical analysis
Attesting to the completeness of health records
in a patient transfer

25
Document Digital SitgnatureTranslation/Transforma
tion

Use Case 5 Translation
When an original document must be translated ,
the original signature cannot be used to validate
the translated document. There must be an
additional signature generated by the translation
with the ability to retain the original signature
and data integrity.

26
Document Digital SignatureUse Cases Translation

Introduction of an additional signature to
validate
The original document
The original signature
The translated document
Used to verify that the translator had the
original/true document, that the original
document was signed, and that the translation has
attested to the validity of the translation.

27
Document Digital SignatureUse Cases Translation
28
Document Digital SignatureUse Cases Translation

XDS example
Reference original document and original
signature by using association-type to link them
in XDS with translated version
Non-XDS example
e-prescribing Value added networks that
translate the format of a prescription before
forwarding it to a pharmacy

29
Document Digital SignatureSignature Attributes

Expand signature to include additional data
relevant to the healthcare signature
Includes the date and time the signature was
calculated and applied
The identity of the signer
Signature Purpose

30
Document Digital SignatureAdditions to ASTM1762

The following items will be added to ASTM1762
Modification
Authorization
Transformation
Recipient
Modification is being worked on.

31
Document Digital SignatureMultiple Signatures

The following diagrams will outline common
transactions where multiple signatures may be
required.

32
Document Digital SitgnatureMultiple Signatures

For multiple signatures of the same document
(e.g. co-signature), each signature will generate
the digest data from the document source
For witness signatures and other cases where the
second signature is representing attestation to
the original data and the prior signature (e.g.
witness), the digest is generated from the output
of the first signed document.

33
Document Digital SigantureXML Digital Signature
Tools

Apache XML Security project has both Java and C
implementations of XML Digital Signature (open
source) http//xml.apache.org/security/
JSR 105 Java XML Digital Signature API with
reference implementations-- final release by Sun
and IBM June 24, 2005. http//jcp.org/aboutJava/co
mmunityprocess/final/jsr105/index.html

34
Document Digital SignatureCommercial Toolkits

(not comprehensive list)
http//jce.iaik.tugraz.at/products/052_XSECT/index
.php
http//www.infomosaic.net/SecureXMLDetailInfo.htm
http//www.betrusted.com/products/keytools/xml/ind
ex.asp
http//www.phaos.com/products/category/xml.html
http//www.verisign.com/products-services/security
-services/pki/xml-trust-services/index.html

35
Document Digital SignatureXDS Sample Code

ltSignature Id"signatureOID" xmlnshttp//www.w3.o
rg/2000/09/xmldsig xmlnsxadxmlns"http//uri
.etsi.org/01903/v1.1.1"gt
ltSignedInfogt
ltCanonicalizationMethod
Algorithm"http//www.w3.org/TR/2001/REC-xml-c1
4n-20010315WithComments/gt
ltSignatureMethod Algorithm"http//www.w3.org/20
00/09/xmldsigrsa-sha1"/gt
ltReference URI"IHEManifest"
Type"http//www.w3.org/2000/09/xmldsigManife
st"gt
ltDigestMethod Algorithm"http//www.w3.org/2000
/09/xmldsigsha1"/gt
ltDigestValuegtbase64ManifestDigestValuelt/DigestV
aluegt
lt/Referencegt
lt/SignedInfogt
ltSignatureValuegtbase64SignatureValuelt/SignatureVa
luegt
ltKeyInfogt
ltX509Datagt
ltX509Certificategtbase64X509certificateltX509Cert
ificategt
lt/X509Datagt
lt/KeyInfogt

36
Document Digital SignatureXDS Sample Code

ltObjectgt
ltxadQualifyingPropertiesgt
ltxadSignedPropertiesgt
ltxadSignedSIgnaturePropertiesgt
ltxadSigningTimegt yyyymmddhhmmsslt/SigningTime
gt
ltxadSigningCertificategt
ltxadCertgt lt!-- identifier of signing
certificate --gt
ltxadCertDigestgt
ltxadDigestMethod Algorithm"http//www.w3
.org/2000/09/xmldsigsha1"/gt
ltxadDigestValuegtbase64 digest
valuelt/DigestValuegt
lt/CertDigestgt
ltxadIssuerSerialgt
ltxadX509IssuerNamegtX.509 distinguished
name of certificatelt/X509IssuerNamegt
ltxadX509SerialNumbergtcertificate serial
numberlt/X509SerialNumbergt
lt/IssuerSerialgt
lt/Certgt

37
Document Digital SignatureXDS Sample Code

ltxadCertgt lt!-- identifier of signing
certificates parent --gt
ltxadCertDigestgt
ltxadDigestMethod Algorithm"http//www.w3
.org/2000/09/xmldsigsha1"/gt
ltxadDigestValuegtbase64 digest
valuelt/DigestValuegt
lt/CertDigestgt
ltxadIssuerSerialgt
ltxadX509IssuerNamegtX.509 distinguished
name of parents certificatelt/X509IssuerNamegt
ltxadX509SerialNumbergtcertificate serial
number lt/X509SerialNumbergt
lt/IssuerSerialgt
lt/Certgt
lt/SigningCertificategt
ltxadSignaturePolicyIdentifiergtidlt/SignatureP
olicyIdentifiergt
lt/SignedSIgnaturePropertiesgt
lt/SignedPropertiesgt
lt/QualifyingPropertiesgt

38
Document Digital SignatureXDS Sample Code

ltSignaturePropertiesgt
ltSignatureProperty Id"purposeOfSignature"
targetsignatureOID gt
codelt/SignaturePropertygt
lt/SignaturePropertiesgt
ltManifest Id"IHEManifest"gt
ltReference URIihexdsregistryxxxx-xxxx.gt
lt!-- document A--gt
ltDigestMethod Algorithm"http//www.w3.org/200
0/09/xmldsigsha1"/gt
ltDigestValuegtbase64DigestValuelt/DigestValuegt
lt/Referencegt
ltReference URIihexdsregistryxxxx-xxxx.gt
lt!XML document B--gt
ltTransformsgt
ltTransform Algorithm"http//www.w3.org/TR/20
01/REC-xml-c14n-20010315WithComments"/gt
lt/Transformsgt
ltDigestMethod Algorithm"http//www.w3.org/200
0/09/xmldsigsha1"/gt
ltDigestValuegtbase64DigestValuelt/DigestValuegt
lt/Referencegt
ltReference URIihexdsregistryxxxx-xxxx.gt
lt!--DICOM document (or object) C--gt
ltTransformsgt
ltTransform Algorithm"urnoid1.2.840.10008.1
.2.1"/gt
lt/Transformsgt