Presentation is loading. Please wait.

Presentation is loading. Please wait.

Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical.

Similar presentations

Presentation on theme: "Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical."— Presentation transcript:

1 Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical Comittee

2 June 28-29, 2005Interoperability Strategy Workshop2 W W W. I H E. N E T Providers and Vendors Working Together to Deliver Interoperable Health Information Systems In the Enterprise and Across Care Settings

3 June 28-29, 2005Interoperability Strategy Workshop3 IT Infrastructure Profiles 2004 Patient Identifier Cross-referencing for MPI (PIX) Retrieve Information for Display (RID) Consistent Time (CT) Patient Synchronized Applications (PSA) Enterprise User Authentication (EUA) 2005 Patient Demographic Query (PDQ) Cross Enterprise Document Sharing (XDS) Audit Trail and Note Authentication (ATNA) Personnel White Pages (PWP) 2006 Cross-Enterprise User Authentication (XUA) Document Digital Signature (DSG) – Notification of Document Availability (NAV) Patient Administration/Management (PAM) Document Digital Signature (DSG) Use of digital signatures to provide document integrity, non-repudiation and accountability.

4 June 28-29, 2005Interoperability Strategy Workshop4 Document Digital Signature Value Proposition Leverages XDS Document infrastructure Providing accountability Providing document integrity Providing non-repudiation Providing satisfactory evidence of: Authorship, Approval, Review, and Authentication Infrastructural pattern to be further profiled by domain specific groups (e-Prescribing, e-Referral)

5 June 28-29, 2005Interoperability Strategy Workshop5 Document Digital Signature Abstract/scope Provide signature mechanism Provide verification/validation mechanism Provide signature attributes XDS manages document and signature Allows direct access to document (XDS)

6 June 28-29, 2005Interoperability Strategy Workshop6 Document Digital Signature Abstract/scope Digital Signature Document format Leverages XDS for signature by reference New document type in XDS – Linkage forward and back. Profiles single / multiple signatures Profiles nested signatures Provide signature integrity across intermediary processing

7 June 28-29, 2005Interoperability Strategy Workshop7 Document Digital Signature Out of scope Certificate management and PKI concepts Standards and implementations are available and will be discussed later Focus begins with signing, not encryption Partial Document Signature

8 June 28-29, 2005Interoperability Strategy Workshop8 Document Digital Signatures Goals Digital Signatures help mitigate risk for the following attacks: –In the storage or transmission of documents, characteristics of clinician orders reflected in the prescription could be modified. –In the storage or transmission of documents, characteristics of countersigned clinician orders reflected in the prescription could be modified. –A forged prescription could be introduced.

9 June 28-29, 2005Interoperability Strategy Workshop9 Document Digital Signatures The following scenarios will not be mitigated by using digital signatures and require additional security: –Corruption or bribery of a user, or counter-signer –Theft of a private key –Compromise of the physicians workstation to allow access to the signing key –The confirmation process could be corrupted or modified. –The dispensing system could be corrupted or modified, including simple attacks like burglary. –The dispensing feedback could be corrupted, modified, or destroyed.

10 June 28-29, 2005Interoperability Strategy Workshop10 Document Digital Signature Key Technical Properties W3C XML Signature structure –credentials, timestamp, and other signature attributes such as signature purpose Reference to document stored in XDS ISO TS17090 compliant digital certificates Assures message integrity Verification of signed document validity Provides for multiple signers

11 June 28-29, 2005Interoperability Strategy Workshop11 Document Digital Signature Signature Attributes Expand signature to include additional data relevant to the healthcare signature Includes the date and time the signature was calculated and applied The identity of the signer Signature Purpose

12 June 28-29, 2005Interoperability Strategy Workshop12 Document Digital Signature Signature Attributes The role of a signer (purpose of the signature) includes actors that may carry the responsibilities of: –Signer: the actor that creates the electronic signature. When the signer digitally signs over data object(s) using the prescribed format, this represents a commitment on behalf of the signing entity to the data object(s) being signed. –Verifier: the entity that verifies the electronic signature. It may be a single entity or multiple entities –Trusted Service Providers: one or more entities that help to build trust relationships between the signer and verifier. Trusted Service Providers include PKI Certification Authorities, Registration Authorities, Repository Authorities (e.g. a directory), Time-Stamping Authorities, Signature Policy Issuers and Attribute Authorities. –Arbitrator: An entity that arbitrates in disputes between a signer and a verifier.

13 June 28-29, 2005Interoperability Strategy Workshop13 Document Digital Signature Transaction Diagram

14 June 28-29, 2005Interoperability Strategy Workshop14 Document Digital Signature Transaction Diagram

15 June 28-29, 2005Interoperability Strategy Workshop15 Document Digital Signature Use Cases Attesting a document as true copy –Each subsequent use of the original signed digital document or a digital copy of the document can inspected signatures to assert that the documents are true copies of information attestable to the signer at the time of the signature ceremony Attesting content –When a clinician submits a clinical document to the XDS repository, the clinician using a digital certificate digitally signs the document Attesting to whole submission set Translation / Transformation

16 June 28-29, 2005Interoperability Strategy Workshop16 Cross-Enterprise Document Sharing (XDS) Use Case (1) The XDS profile describes how different health care parties can share documents A document source is responsible to provide and register document in a registry/repository for a query and retrieve by a document consumer Document Digital Signature enables to manage the responsibility issues

17 June 28-29, 2005Interoperability Strategy Workshop17 Cross-Enterprise Document Sharing (XDS) Use Case (2) The document source wants to prove it has well authored the document and the associated submission set metadata The registry/repository it has not corrupted the documents and metadata The document consumer wants to check above items and check the identity of author(s) and authenticator(s)

18 June 28-29, 2005Interoperability Strategy Workshop18 Cross-Enterprise Document Sharing (XDS) Use Case (3) The document source includes the document(s) signature(s) into the submission set The registry/repository stores the document signature(s) as a document and metadata associated with it/them as a specific signature object metadata The document consumer can see the signature metadata and retrieve each signature for checking it, including the certificate(s)

19 June 28-29, 2005Interoperability Strategy Workshop19 Document Digital Signature Signature Purpose From ASTM E1762 * Author - Authors signature, Author.Co - Coauthors signature Participant - Co-participants signature Transcriptionist/Recorder Verification - Verification signature Validation - Validation signature Consent - Consent signature Witness - Witness signature Witness.Event - Event witness signature Witness.Identity - Identity witness signature such as a Notary Witness.Consent - Consent witness signature Interpreter Review - Review signature Source - Source signature Addendum - Addendum signature Administrative Timestamp

20 June 28-29, 2005Interoperability Strategy Workshop20 Document Digital Signature Additions to ASTM1762 The following items will be added to ASTM1762 –Modification –Authorization –Transformation –Recipient Modification is being worked on.

21 June 28-29, 2005Interoperability Strategy Workshop21 Document Digital Signature Standards Used W3C XML Signature ISO 17090, 21091 ASTM E2212, E1985, E1762, E1084 IETF x509 DICOM supplement 41, 86 NCPDP HL7 CDA

22 June 28-29, 2005Interoperability Strategy Workshop22 Document Digital Signature E-prescribing threats

23 June 28-29, 2005Interoperability Strategy Workshop23 More information…. IHE Web sites: Technical Frameworks, Supplements –Fill in relevant supplements and frameworks Non-Technical Brochures : Calls for Participation IHE Fact Sheet and FAQ IHE Integration Profiles: Guidelines for Buyers IHE Connect-a-thon Results Vendor Products Integration Statements

Download ppt "Document Digital Signature (DSG) Document Digital Signature (DSG) Gila Pyke / Lori Reed-Fourquet Smart Systems for Health Agency / Identrus IHE ITI Technical."

Similar presentations

Ads by Google