Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Published byBelinda Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011."— Presentation transcript:

1 HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011

2 INTRODUCTION TO DIGITAL CERTIFICATES AND CERTIFICATE TRUST

3 Digital Certificate Basics A “digital certificate” is an electronic document that certifies that the subject (person or entity) has been issued a pair of encryption keys that are related in such a way that if one key is used to encrypt something (e.g., file, message, data stream), it can be decrypted only by someone holding the other key –One key is published for anyone to see (“public key”) –The other key is kept secret by the entity/person to whom the digital certificate has been issued (“private key”) –Digital certificates are issued by a “certificate authority” (CA) – and digitally signed by the issuing CA CA certificates may be self-issued and self-signed certificates CAs periodically publish a “certificate revocation list (CRL)” that identifies those certificates that no longer are valid and that have not expired

4 Digital Certificate Basics Digital certificates are used for a number of purposes, including: –To authenticate the identity of an entity or person using a challenge-response mechanism –To digitally sign a message or other transmitted content (“digital signature”) –To share a secret key to be used to exchange private or sensitive information The trustworthiness of a digital certificate is dependent upon how much the user trusts the issuer of the certificate – which may be the top CA in a hierarchical public key infrastructure PKI, the CA that issued the user’s own certificate, or any other trusted CA –The practices used by a CA in issuing and managing certificates are described in its Certification Practice Statement (CPS) –CPSs may be certified by organizations such as the European Telecommunications Standards Institute (ETSI) and WebTrust, or as meeting minimal standards established by specific communities, such as SAFE Bio- Pharma and Federal Bridge

5 Digital Certificate Trust Models

6 Digital Certificate Content Signature of CA that issued certificate Algorithm used by the CA to sign the certificate Version Serial number Name of the CA that issued certificate Period of time for which the certificate is valid Name of the subject to whom the certificate is issued The subject’s public key Optional extensions – such as the purposes for which the certificate may be used

7 Certificate Trust Issue A digital certificate can be trusted only to the extent to which the user trusts the CA who issued the certificate Anyone can set themselves up as a CA and issue certificates Certificates used by Direct Project entities may be issued by any CA – and the decision of whether to trust the certificate is left up to the communicating entity’s trust relationship with the issuing CA (i.e., whether the CA is recognized as a “trust anchor”) To exchange information with federal entities (e.g., VA, CMS), the user will need to hold a certificate that was issued by a CA that is trusted by the Federal Bridge CA

8 POLICY QUESTION FOR HIT POLICY COMMITTEE

9 Policy Question for HITPC Policy and governance are needed around CAs who issue certificates for use in health exchanges, such as Direct –Defining a mechanism for establishing the legitimacy and trustworthiness of a certificate authority –Defining a minimum level of trustworthiness for CAs issuing certificates for Direct exchanges; for example: IS certification by WebTrust or ETSI sufficient for health information exchange? Does the CA need to meet the minimum standard defined for a trusted relationship with Federal Bridge CA?

Download ppt "HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Introduction of Grid Security

Introduction of Grid Security
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

Similar presentations

Ads by Google