BS ISO 17090-5:2017 pdf download – Health informatics — Public key infrastructure Part 5: Authentication using Healthcare PKI credentials
1 Scope This document defines the procedural requirements for validating an entity credential based on Healthcare PKI defined in the ISO 17090 series used in healthcare information systems including accessing remote systems. Authorization procedures and protocols are out of scope of this document. The data format of digital signatures is also out of scope of this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 17090-1, Health informatics — Public key infrastructure — Part 1: Overview of digital certificate services
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 17090-1 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
CRL Certificate Revocation List
CSP Cryptographic Service Provider
HPKI Healthcare Public Key Infrastructure
OCSP Online Certificate Status Protocol
OID Object Identifier
PC/SC Personal Computer/Smart Card
PKCS Public-Key Cryptography Standards
5 Scope of application
The healthcare information system authenticates healthcare organizations or professionals for accesscontrol to healthcare information, such as EHR or PHR.
Inappropriate process in end entity authentication verification may increase the risk of spoofing.impersonation, and many other identity-based attacks.As result, that may cause security incidentsleading to critical information leakage and system and data misuse.
This document describes target systems, methods of identification,threats, vulnerabilities and controlsof health software which authenticate using PKl based on the IS0 17090 series.
These controls decrease risks of spoofing.
5.2Target systems
The target systems of this document are as follows:
a)digital signature library with digital signature creation function and digital signature verification function for healthcare application;
b) digital signature creation program and digital signature verification program as stand-alone software or with healthcare application.
Examples of authentication technology to which healthcare PKI can be applied are shown in Annex A.The following are out of scope:
一 healthcare application that does not process digital signature data directly;
healthcare application that processes digital signature and the result of signature verification withdigital signature library, specific digital signature program or specific digital signature verificationprogram;
application interface and user interface within client environment;
cryptographic library layer, e.g.CSP or PKCS#11, and any subsequent token access layers as depictedin Figure i.
Figure 1 illustrates an example of software layers for web-based applications.A digital signature basedapplication may have the same structure.According to IS0 17090-3,it is assumed that “Storage modulesof the end entity subscriber private key shall conform to standards of levels equal to or higher than USFIPS 140-2 level 1”.Therefore, in addition to the smart card, as illustrated in Figure 1,a system may useother tokens, such as a USB token or a software token, for the storage modules of the private key.
5.3? Phases? of? method? identification
The authentication process with Healthcare Public Key Infrastructure (HPKI) is composed of three phases as shown in Figure 2: (1) the preparation phase, (2) the configuration phase, (3) and the authentication phase.
6 Validation procedures for HPKI credentials
The server shall prevent users holding invalid credentials from accessing sensitive health data. For this reason, a HPKI credential shall be correctly verified. The validation procedure for HPKI credentials is composed of five validation elements, which are verification of signature value, trust anchor, revocation status, validity period, and key usage extension.
Table 2 shows validation elements and their requirements. The validation elements may not work correctly. For example, the CRL may not be updated because of communication failures. The administrator of the server should prepare alternative rules for irregular cases.BS ISO 17090-5 pdf download.