iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ASTM

ASTM E1985-98(2005)

(Guide)

Standard Guide for User Authentication and Authorization

Standard Guide for User Authentication and Authorization

SIGNIFICANCE AND USE
This guide has three purposes:
4.1.1 To serve as a guide for developers of computer software that provides or makes use of authentication and authorization processes,  
4.1.2 To serve as a guide to healthcare providers who are implementing authentication and authorization mechanisms, and
4.1.3 To be a consensus standard on the design, implementation, and use of authentication and authorization mechanisms.
Additional standards will define interoperable protocols and message formats that can be used to implement these mechanisms in a distributed environment, using specific commercial technologies such as digital signatures.
SCOPE
1.1 This guide covers mechanisms that may be used to authenticate healthcare information (both administrative and clinical) users to computer systems, as well as mechanisms to authorize particular actions by users. These actions may include access to healthcare information documents, as well as, specific operations on those documents (for example, review by a physician).  
1.2 This guide addresses both centralized and distributed environments, by defining the requirements that a single system shall meet and the kinds of information which shall be transmitted between systems to provide distributed authentication and authorization services.  
1.3 This guide addresses the technical specifications for how to perform user authentication and authorization. The actual definition of who can access what is based on organizational policy.

General Information

Status
Historical
Publication Date
31-Oct-2005
ICS
35.240.80 - IT applications in health care technology
Technical Committee
E31 - Healthcare Informatics
Drafting Committee
E31.25 - Healthcare Data Management, Security, Confidentiality, and Privacy
Current Stage
Ref Project

Relations

Replaces
ASTM E1985-98 - Standard Guide for User Authentication and Authorization
Effective Date
01-Nov-2005
Replaced By
ASTM E1985-98(2013) - Standard Guide for User Authentication and Authorization (Withdrawn 2017)
Effective Date
01-Mar-2013

Buy Standard

ASTM E1985-98(2005) - Standard Guide for User Authentication and AuthorizationASTM E1985-98(2005) - Standard Guide for User Authentication and Authorization
PreviousNext
Guide
ASTM E1985-98(2005) - Standard Guide for User Authentication and Authorization
English language
5 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


NOTICE: This standard has either been superseded and replaced by a new version or withdrawn.
Contact ASTM International (www.astm.org) for the latest information
Designation: E1985 − 98(Reapproved 2005) An American National Standard
Standard Guide for
User Authentication and Authorization
This standard is issued under the fixed designation E1985; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
1. Scope FIPS PUB 112 Password Usage
1.1 This guide covers mechanisms that may be used to
3. Terminology
authenticate healthcare information (both administrative and
3.1 Definitions:
clinical) users to computer systems, as well as mechanisms to
3.1.1 access control list—a piece of access control
authorize particular actions by users. These actions may
information, associated with a target, that specifies the initia-
include access to healthcare information documents, as well as
tors who may access the target.
specific operations on those documents (for example, review
3.1.2 capability—a piece of access control information,
by a physician).
associated with an initiator, which authorizes the holder to
1.2 This guide addresses both centralized and distributed
access some target.
environments, by defining the requirements that a single
3.1.3 claimant—party requesting authentication; may be a
system shall meet and the kinds of information which shall be
person or a device.
transmitted between systems to provide distributed authentica-
tion and authorization services. 3.1.4 initiator—an entity (for example, a user) who requests
access to some object.
1.3 This guide addresses the technical specifications for
3.1.5 principal—legitimate owner of an identity.
how to perform user authentication and authorization. The
actual definition of who can access what is based on organi-
3.1.6 security label—access control information bound to
zational policy.
initiators and targets. The initiator and target labels are com-
pared to determine if access is allowed.
2. Referenced Documents
3.1.7 target—anentity(forexample,afileordocument)that
2.1 ASTM Standards:
may be accessed by an initiator.
E1762 Guide for Electronic Authentication of Health Care
3.1.8 verifier—another party seeking to authenticate princi-
Information
pal.
PS100 Provisional Specification for Authentication of
3.2 Acronyms:
Healthcare Information Using Digital Signatures
3.2.1 ACI—Access Control Information
2.2 ANSI Standard:
3.2.2 ACL—Access Control List
X9.45 Enhanced Management Controls Using Digital Sig-
natures and Attribute Certificates
3.2.3 ADF—Access Control Decision Function
2.3 Other Standards:
3.2.4 ADI—Access Control Decision Information
ECMA1-219 AuthenticationandPrivilegeAttributeSecurity
3.2.5 AEF—Access Control Enforcement Function
Applications with Related Key Distribution Functions
3.2.6 PIN—Personal Identification Number
4. Significance and Use
This guide is under the jurisdiction of ASTM Committee E31 on Healthcare
4.1 This guide has three purposes:
Informatics and is the direct responsibility of Subcommittee E31.25 on Healthcare
4.1.1 To serve as a guide for developers of computer
Data Management, Security, Confidentiality, and Privacy.
Current edition approved July 17, 2006. Published January 2006. Originally
software that provides or makes use of authentication and
approved in 1998. Last previous edition approved in 1998 as E1985 – 98. DOI:
authorization processes,
10.1520/E1985-98R05.
4.1.2 To serve as a guide to healthcare providers who are
For referenced ASTM standards, visit the ASTM website, www.astm.org, or
implementing authentication and authorization mechanisms,
contact ASTM Customer Service at service@astm.org. For Annual Book of ASTM
Standards volume information, refer to the standard’s Document Summary page on
and
the ASTM website.
Available from American National Standards Institute, 11 W. 42nd St., 13th
Floor, New York, NY 10036. Available from National Technical Information Service, U.S. Department of
Available from ECMA International, Rue du Rhone 114, CH, 1204, Geneva. Commerce, Springfield, VA. http://csrc.nist.gov or www.ntis.gov.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States
E1985 − 98 (2005)
4.1.3 To be a consensus standard on the design, implemen- claimant. The token shall contain information unique to the
tation, and use of authentication and authorization mecha- principal or claimant. The claimant shall present the token as
nisms. proof of identity. A password or PIN may be used to access
informationontoken.Theverifiershallthenverifythetokenof
4.2 Additional standards will define interoperable protocols
the claimant.
and message formats that can be used to implement these
5.4.2 The information shall be protected against duplication
mechanisms in a distributed environment, using specific com-
or theft.
mercial technologies such as digital signatures.
5.4.3 Determination of which type of form factor may be
used is based on risk assessment and organizational policy.
5. User Authentication
5.4.4 Theformfactorsmayincludebutarenotlimitedtothe
5.1 Authentication ensures the identity of a user. The
following:
legitimate owner of an identity is known as a principal.
5.4.4.1 Smart Card,
Authentication occurs when a claimant has presented a prin-
5.4.4.2 PCMCIA,
cipal’s identity and claims to be that principal. Authentication
5.4.4.3 Diskettes, and
allows the other party (verifier) to verify that the claim is
5.4.4.4 Hand held password or challenge response genera-
legitimate.
tors.
5.4.5 The form factors may also be used for cryptographic
5.2 Requirements:
5.2.1 Users shall be authenticated for access to health techniques.
information.
5.5 Physical Characteristic:
5.2.2 Users may be authenticated at the system, subsystem,
5.5.1 Certain physical features of the human body are
application, or medical record level.
relatively unique to an individual. These features are called
5.2.3 Users shall be authenticated by one or more of the
biometrics. Biometric authentication is the measurement of a
following methods based on organizational policy:
uniquebiologicalfeaturesusedtoverifytheclaimedidentityof
5.2.3.1 Claimant demonstrates knowledge of a password, or
aprincipal.Theclaimantshallpresentthebiometricasproofof
the like,
identity. The biometric may be stored on a token. A password
5.2.3.2 Claimant demonstrates possession of a token, or
or PIN may be used to access the biometric. The verifier shall
something similar,
then verify the biometric of the claimant.
5.2.3.3 Claimant exhibits some physical characteristic, like
5.5.2 Thebiometricshallbeprotectedagainstduplicationor
a fingerprint, and
theft.
5.2.3.4 Cryptographic techniques.
5.5.3 Determinationofwhichtypeofbiometricmaybeused
5.2.4 Remote access to health information shall be mutually
is based on risk assessment and organizational policy.
authenticated.
5.5.4 These biometrics include but are not limited to the
5.2.5 Determination of which method or methods to use for
following:
authentication shall be based on a risk assessment and organi-
5.5.4.1 Fingerprints,
zational policy.
5.5.4.2 Voice recognition,
5.2.6 For accountability purposes, authentication shall be
5.5.4.3 Retinal scan,
based upon an individual principal rather than upon a role.
5.5.4.4 Hand geometry,
5.3 Knowledge: 5.5.4.5 Signature dynamics or recognition, and
5.3.1 Password or Personal Identification Number:
5.5.4.6 Facial characteristics.
5.3.1.1 In any environment, a user can be authenticated
5.6 Cryptographic Techniques:
using a password or a personal identification number (PIN).
5.6.1 Authentication using cryptographic techniques are
The claimant shall enter a password or PIN for authentication
based on the principle of convincing a verifier that because a
purposes. The verifier shall then verify the password or PIN of
claimant possesses some secret key, the claimant is the
the claimant.
principal claimed. Symmetric or public key techniques may be
5.3.1.2 The password or PIN shall be protected against
used.
disclosure. For guidelines on password generation and usage
5.6.2 Symmetric Key— The principal and the verifier shall
see FIPS PUB 112.
shareasymmetrickey.Theclaimantshalleitherencryptorseal
5.3.1.3 In a multiple system environment, a single password
the information using that key. If the verifier can successfully
or PIN may be used for authentication.
decryptorverifythatthesealiscorrect,thentheclaimantisthe
5.3.2 Challenge-Response—Password or PIN-based
principal claimed to be. A non-repeating value may also be
schemes may be augmented by the challenge-response mecha-
used as part of the information encrypted.
nism. In challenge-response, as part of the authentication
5.6.3 Public Key—The principal shall have a public/private
protocol, the verifier sends the claimant a non-repeating value
key pair. The claimant digitally signs a challenge using his
(challenge) in advance. The claimant sends a response to the
private key. The verifier checks the digital signature, using the
verifier based on the challenge.
public key of the principal. If the signature checks correctly,
5.4 Possession: then the claimant is the principal that he claimed to be. A
5.4.1 The user or claimant shows possession by presenting non-repeatingvaluemayalsobeusedaspartoftheinformation
a physical object or token that is unique to the principal or signed. See also 5.3.2.
E1985 − 98 (2005)
5.6.4 A trusted on-line server may be used for authentica- example, user identities or roles) may be required. Although
tion. One of the following methods may be used: this guide does not dictate where each entity resides, it may be
5.6.4.1 The claimant shall encrypt or seal the health infor- possible to make use of existing operating system access
mation with his or her key. A separate exchange with the control mechanisms if the AEF and ADF reside on the same
authentication server shall be used for verification. The verifier system as the target.
and the authentication server shall use a shared key.
6.2.2 A variety of access control mechanisms have been
5.6.4.2 The claimant shall first conduct an exchange with
defined, each of which is appropriate for particular environ-
the authentication server to obtain a ticket which is then passed
ments. These include:
to the verifier. The exchange between the claimant and authen-
6.2.2.1 Access control lists (ACLs) are associated with a
tication server shall be protected using a shared key. The ticket
target and list the initiators which may access the target.ACLs
shall be constructed in such a way that will be acceptable only
might list individual user identities, as well as names of groups
to an entity knowing the shared key between the verifier and
of users, and roles. Using groups and roles can minimize the
the authentication server. An example of this is the Kerberos
size of the ACL. Many operating systems support ACLs. In a
system.
distributed environment, some method for verifying the iden-
5.6.5 When using the public key cryptography, an off-line
tity of a remote initiator (for example, a public key certificate)
server may be used for authentication. Verifiers shall need to
is needed in order to provide remote access. ACLs are
obtain the certified public keys of principals and certificate
particularly appropriate when the number of targets is very
revocation lists.
large compared to the number of initiators.
6.2.2.2 Capabilities are associated with an initiator and
6. Authorization
specify the targets that may be accessed. Targets might be
combined into groups in order to minimize the size of
6.1 Requirements:
capabilities. In some cases (for example, a patient record),
6.1.1 Three types of authorization are required based on
targets are hierarchically structured so that a capability might
organizational policy:
grant access to the “root” object and all subordinates. In other
6.1.1.1 Users shall be authorized to access (read or write)
cases, independent targets (for example, all patients on a ward)
healthcare information documents;
can be combined into a group, as discussed below. Few
6.1.1.2 Users shall be authorized to perform application-
operating systems implement capabilities. However, in a dis-
specific actions on a document (for example, physician re-
tributed environment, there is a great deal of work using
view); and
certificates to bind access control and other information to a
6.1.1.3 Users shall be able to determine whether all neces-
user’s identity (see, for example, ANSI X9.45). Such certifi-
sary actions have been performed on the document, and
cates can be used to specify such capabilities.
whether the users performing these actions were allowed to do
so, according to any rules and limits agreed to by the parties
6.2.2.3 Security labels are associated with both the initiator
involved.Forexample,itmaybearequirementthatdocuments and the target and are compared by the ADF to determine if
shall be reviewed by a physician prior to inclusion in the
access is allowed. Labels were developed for the military
medical record. environment and typically contain a security classification.An
6.1.2 A user’s application-specific action on a document
initiator may, then, read a target if the initiator’s classification
will be indicated using an electronic signature, as defined in dominates (is greater than) that of the target. Labels are useful
Guide E1762. Particular actions are indicated using signature if there are many initiators and targets, but only a coarse
purposes. Thus, signatures are applied in 6.1.1.2, and verified granularity of access (that is, a classification) is needed.
in 6.1.1.3. Generic access as described in 6.1.1.1 may be
6.2.2.4 The mechanisms in 6.2.2.1-6.2.2.3 may, of course,
indicated using signatures, but this is not a requirement. This
be combined, so that, for example, a user shall have an
type of access may be needed to perform the specific actions of
appropriate classification, and be on anACL, in order to access
6.1.1.2.
a file.
6.2.3 Access control policies may be rule-based, in which
6.2 Access Control:
case the policy is specified and enforced by the authority
6.2.1 In a distributed environment, the following entities
responsible for a security domain, or identity-based, in which
canbeidentified:theinitiatorwishestoaccesssomeobject:the
case individual users control access to their own information.
target. Access is mediated by an access control enforcement
Rule-based policies may be automatically enforced; one ex-
function (AEF), that uses an access control decision function
ample is a multi-level security policy using classifications.
(ADF) to determine whether access is to be gr
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ASTM
ASTM E2147-18(Specification)
Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems

ABSTRACT
This specification describes the security requirements involved in the development and implementation of audit and disclosure logs used in health information systems. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems, and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of confidential health care information to external users for use in manual and computer systems. This specification provides for two main purposes, namely: to define the nature, role, and function of system access audit logs and their use in health information systems as a technical and procedural tool to help provide security oversight; and to identify principles for establishing a permanent record of disclosure of health information to external users and the data to be recorded in maintaining it.
SIGNIFICANCE AND USE
4.1 Data that document health services in health care organizations are business records and shall be archived to a secondary but retrievable medium, and readily accessible, such as data that would be archived in a server or cloud storage. Audit data shall be retained for as long as the medical record is maintained, and may not be destroyed before the medical record may legally be destroyed, and in any event, for at least 10 years or for two years after the legal age of majority, unless a longer period of record retention is prescribed by state, federal or other law or regulation.  
4.2 The purpose of audit data and disclosure logs is to document and maintain a permanent, trustworthy, and immutable record of all authorized and unauthorized activities of any nature whatsoever and disclosure of confidential health information {except exclusions per federal and state law [21 CFR 11 Subpart B(e)]}. This further facilitates the purpose that patients, healthcare providers, organizations, and others can obtain a verifiable, self-authenticating record documenting all activities with respect to that record. The process of information disclosure and auditing shall also conform, where relevant, with the Privacy Act of 1974 (3).  
4.3 Audit reports designed for system access provide a precise capability for healthcare providers, organizations, patients, patient representatives, and advocates to see who has accessed and/or manipulated patient information. Because of the significant risk of medical information manipulation in computing environments by authorized and unauthorized users, the audit report is an important management tool to monitor access and any such manipulation retrospectively. In addition, the access and disclosure logs become powerful support documents for disciplinary and legal actions. Moreover, audit reports are essential components to comprehensive security programs in healthcare and vital for the privacy rights of the individual. A patient has a right to ...
SCOPE
1.1 This specification is for the development and implementation of secure audit data and logs for electronically stored health information. It specifies how to design the audit log to record all activities impacting a medical record, for example, creating a new record, entering data into a record, changing or deleting an existing record, and all additional user access data (for example, identification, location, and date and time) to patient-identifiable information maintained in computer systems. Such audit logs shall track not only data entry and modifications, but also simple access and viewing of the patient record, and whether any modifications are made during that access. This specification also includes principles for developing policies, procedures, and functions of health information logs to document all actions regarding identifiable health information for use in both manually entered (paper record) and computer systems.  
1.2 The first purpose of this specification is to defin...

  • Technical specification
    7 pages
    English language
    sale 15% off
ASTM
ASTM E2767-24(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for X-ray Computed Tomography (CT) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of X-ray tomographic NDE data will use this standard. This practice defines a set of information modules that along with Practice E2339 and the DICOM standard provide a standard means to organize X-ray tomography test parameters and results. The X-ray CT test results may be displayed and analyzed on any device that conforms to this standard. Personnel wishing to view any tomographic inspection data stored according to Practice E2339 may use this document to help them decode and display the data contained in the DICONDE-compliant inspection record.
SCOPE
1.1 This practice facilitates the interoperability of X-ray computed tomography (CT) imaging equipment by specifying image data transfer and archival storage methods in commonly accepted terms. This document is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of the NEMA Standards Publication titled Digital Imaging and Communications in Medicine (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE test results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules and a data dictionary that are specific to X-ray CT test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from tomographic test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all the X-ray CT technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Units—Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    11 pages
    English language
    sale 15% off
ASTM
ASTM E3398-23(Guide)
Standard Guide for Digital Neutron Radiography

SIGNIFICANCE AND USE
4.1 Purpose—Practices to be employed for the radiographic examination of materials and components with neutrons using digital neutron detectors are outlined herein. They are intended as a guide for the assessment of a digital neutron radiograph’s characteristics. For information on neutron beam lines for imaging and film neutron radiography, refer to Guide E748.  
4.2 Limitations—Acceptance standards have not been established for any material or production process. Neutron radiography, whether performed by means of a reactor, an accelerator, subcritical assembly, or radioactive source, will be consistent in sensitivity and spatial resolution only if the consistency of all details of the technique, such as neutron source, collimation, geometry, imaging system, etc., are maintained. This guide is limited to the use of digital neutron detectors in combination with neutron conversion materials for image recording. This guide is intended for use with thermal and cold neutron spectrums. The production of thermal neutron radiographs by employing the use of film and appropriate conversion screens is covered in Guide E748.  
4.3 Interpretation and Acceptance Standards—Interpretat- ion and acceptance standards are not covered by this guide. Designation of accept-reject standards is recognized to be within the cognizance of product specifications.  
4.4 Other Aspects of the Neutron Radiographic Process—For many important aspects of neutron radiography such as technique, files, viewing of radiographs, storage of radiographs, film processing, and record keeping, refer to Guide E94, which covers these aspects for X-ray radiography. (See Section 2.)
SCOPE
1.1 This guide covers the evaluation, qualification, and quantification of digital neutron images. These images can be acquired by many methods, including: neutron sensitive imaging plates (Computed Radiography – CR), Digital Detector Arrays – DDA’s (amorphous silicon, CMOS, CCD, etc.), micro-channel plates, neutron sensitive fluoroscopes, neutron sensitive scintillators coupled to optical cameras, digitized radiographic films, and linear diode arrays.  
1.2 This guide does not purport to establish what is considered an acceptable image but is intended to only give guidance on digital neutron imaging, as well as image quality metrics of importance, and how they can be measured and reported.  
1.3 The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM E2699-23(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for Digital X-ray (DX) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of digital X-ray test results will use this standard. This practice defines a set of information modules that, along with Practice E2339 and the DICOM standard, provides a standard means to organize digital X-ray test parameters and results. The digital X-ray test results may be displayed and analyzed on any device that conforms to this standard. Personnel wishing to view any digital X-ray inspection data stored according to Practice E2339 may use this document to help them decode and display the data contained in the DICONDE-compliant inspection record.
SCOPE
1.1 This practice covers the interoperability of digital X-ray imaging equipment using Digital Detector Arrays (DDA) as described in Practice E2698 by specifying image data transfer and archival methods in commonly accepted terms. A separate practice, Practice E2738, addresses this topic for digital X-ray imaging equipment using Computed Radiography (CR). This document is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of DICOM NEMA PS3 / ISO 12052 (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules, and a data dictionary that are specific to digital X-ray test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from digital X-ray test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all the digital X-ray technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Units—Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The SI units required by this practice are to be regarded as standard. No other units of measurement are included in this standard.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    6 pages
    English language
    sale 15% off
  • Standard
    6 pages
    English language
    sale 15% off
ASTM
ASTM E2738-23(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for Computed Radiography (CR) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of computed radiography NDE data will use this practice. This practice will define a set of information modules that along with the Practice E2339 and the DICOM standard will provide a standard means to organize CR inspection data. The CR inspection data may be displayed and analyzed on any device that conforms to the standard. Personnel wishing to view any CR inspection data stored in accordance with Practice E2339 may use this practice to help them decode and display the data contained in the DICONDE compliant inspection record.
SCOPE
1.1 This practice covers the interoperability of computed radiography (CR) imaging and data acquisition equipment by specifying image data transfer and archival storage methods in commonly accepted terms. This practice is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of NEMA PS3 / ISO 12052 (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules and a data dictionary that are specific to computed radiography test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from CR test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all standard CR technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The SI units required by this practice are to be regarded as standard. No other units of measurement are included in this practice.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off
  • Standard
    5 pages
    English language
    sale 15% off
ASTM
ASTM E1475-13(2023)(Guide)
Standard Guide for Data Fields for Computerized Transfer of Digital Radiological Examination Data

SIGNIFICANCE AND USE
3.1 The primary use of this guide is to provide a standardized approach for the data file to be used for the transfer of digital radiological data from one user to another where the two users are working with dissimilar systems. This guide describes the contents, both required and optional for an intermediate data file that can be created from the native format of the radiological system on which the data was collected and that can be converted into the native format of the receiving radiological data analysis system. This guide will also be useful in the archival storage and retrieval of radiological data as either a data format specifier or as a guide to the data elements which should be included in the archival file.  
3.2 Although the recommended field listing includes more than 100 field numbers, only about half of those are regarded as essential and are marked Footnote C in Table 1. Fields so marked must be included in the data base. The other fields recommended provide additional information that a user will find helpful in understanding the radiological image and examination result. These header field items will, in most cases, make up only a very small part of a radiological examination file. The actual stream of radiological data that make up the image will take up the largest part of the data base. Since a radiological image file will normally be large, the concept of data compression will be considered in many cases. Compressed data should be noted, along with a description of the compression method, as indicated in Field No. 92 (see Table 1). (A) Field numbers are for reference only. They do not imply a necessity to include all these fields in any specific data base nor imply a requirement that fields used be in this particular order.(B) Units listed first are SI; those in parentheses are inch-pound (English).(C) Denotes essential field for computerization of examination results, regardless of examination method.(D) Denotes essential field for radiogra...
SCOPE
1.1 This guide provides a listing and description of the fields that are recommended for inclusion in a digital radiological examination data base to facilitate the transfer of such data. This guide sets guidelines for the format of data fields for computerized transfer of digital image files obtained from radiographic, radioscopic, computed radiographic, or other radiological examination systems. The field listing includes those fields regarded as necessary for inclusion in the data base: (1) regardless of the radiological examination method (as indicated by Footnote C in Table 1), (2) for radioscopic examination (as indicated by Footnote F in Table 1), and (3) for radiographic examination (as indicated by Footnote D in Table 1). In addition, other optional fields are listed as a reminder of the types of information that may be useful for additional understanding of the data or applicable to a limited number of applications.  
1.2 It is recognized that organizations may have in place an internal format for the storage and retrieval of radiological examination data. This guide should not impede the use of such formats since it is probable that the necessary fields are already included in such internal data bases, or that the few additions can easily be made. The numerical listing and its order indicated in this guide is only for convenience; the specific numbers and their order carry no inherent significance and are not part of the data file.  
1.3 Current users of Guide E1475 do not have to change their software. First time users should use the XML structure of Table A1.1 for their data.  
1.4 The types of radiological examination systems that appear useful in relation to this guide include radioscopic systems as described in Guide E1000, Practices E1255, E1411, E2597, E2698 and E2737, and radiographic systems as described in Guide E94 and Practices E748, E1742, E2033, E2445, and E2446. Many of the terms used are def...

  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM F3107-14(2023)(Test Method)
Standard Test Method for Measuring Accuracy After Mechanical Disturbances on Reference Frames of Computer Assisted Surgery Systems

SIGNIFICANCE AND USE
5.1 The purpose of this practice is to provide data that can be used for comparison and evaluation of the accuracy of different CAS systems.  
5.2 The use of CAS systems and robotic tracking systems is becoming increasingly common and requires a degree of trust by the user that the data provided by the system meets necessary accuracy requirements. In order to evaluate the potential use of these systems, and to make informed decisions about suitability of a system for a given procedure, objective performance data of such systems are necessary. While the end user will ultimately want to know the accuracy parameters of a system under clinical application, the first step must be to characterize the digitization accuracy of the tracking subsystem in a controlled environment under controlled conditions.  
5.3 In order to make comparisons within and between systems, a standardized way of measuring and reporting point accuracy is needed. Parameters such as coordinate system, units of measure, terminology, and operational conditions must be standardized.
SCOPE
1.1 This standard will measure the effects on the accuracy of computer assisted surgery (CAS) systems of the environmental influences caused by equipment utilized for bone preparation during the intended clinical application for the system. The environmental vibration effect covered in this standard will include mechanical vibration from: cutting saw (sagittal or reciprocating), burrs, drills, and impact loading. The change in accuracy from detaching and re-attaching or disturbing a restrained connection that does not by design require repeating the registration process of a reference base will also be measured.  
1.2 It should be noted that one system may need to undergo multiple iterations (one for each clinical application) of this standard to document its accuracy during different clinical applications since each procedure may have different exposure to outside forces given the surgical procedure variability from one procedure to the next.  
1.3 All units of measure will be reported as millimeters for this standard.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off
ASTM
ASTM F2554-22(Practice)
Standard Practice for Measurement of Positional Accuracy of Computer-Assisted Surgical Systems

SIGNIFICANCE AND USE
5.1 The purpose of this practice is to provide data that can be used for evaluation of the accuracy of different CAS systems.  
5.2 The use of surgical navigation and robotic positioning systems is becoming increasingly common. In order to make informed decisions about the suitability of such systems for a given procedure, their accuracy capability needs to be evaluated under clinical application and compared to the requirements. As the performance of a whole system is constrained by those of its subparts, a preliminary step must be to objectively characterize the accuracy of the tracking subsystem in a controlled environment under controlled conditions.  
5.3 In order to make comparisons within and between systems, a standardized way of measuring and reporting accuracy is needed. Parameters such as coordinate system, units of measurement, terminology, and operational conditions must be standardized.
SCOPE
1.1 This document provides procedures for measurement and reporting of basic static performance of surgical navigation and/or robotic positioning devices under defined conditions. They can be performed on a subsystem (for example, tracking only) or a full computer-aided surgery system as would be used clinically. Testing a subsystem does not mean that the whole system has been tested. The functionality to be tested based on this practice is limited to the performance (accuracy in terms of bias and precision) of the system regarding point localization in space by means of a pointer. A point in space has no orientation; only multidimensional objects have orientation. Therefore, orientation of objects is not within the scope of this practice. However, in localizing a point the different orientations of the pointer can produce errors. These errors and the pointer orientation are within the scope of this practice. The aim is to provide a standardized measurement of performance variables by which end users can compare within a system (for example, with different reference elements or pointers) and between different systems (for example, from different manufacturers). Parameters to be evaluated include (based upon the features of the system being evaluated):
(1) Accuracy of a single point relative to a coordinate system.
(2) Sensitivity of tracking accuracy due to changes in pointer orientation.
(3) Relative point-to-point accuracy.  
1.1.1 This method covers all configurations of the evaluated system as well as extreme placements across the measurement volume.  
1.2 This practice defines a standardized reporting format, which includes definition of the coordinate systems to be used for reporting the measurements, and statistical measures (for example, mean, RMS, and maximum error).  
1.3 The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard, except for angular measurements, which may be reported in terms of radians or degrees.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    9 pages
    English language
    sale 15% off
  • Standard
    9 pages
    English language
    sale 15% off
ASTM
ASTM E2891-20(Guide)
Standard Guide for Multivariate Data Analysis in Pharmaceutical Development and Manufacturing Applications

SIGNIFICANCE AND USE
4.1 A significant amount of data is generated during pharmaceutical development and manufacturing activities. The interpretation of such data is becoming increasingly difficult. Individual examination of the univariate process variables is relevant but can be significantly complemented by multivariate data analysis (MVDA). MVDA may be particularly appropriate for exploring and handling large sets of heterogenous data, mapping data of high dimensionality onto lower dimensional representations, exposing significant correlations among multivariate variables within a single data set or significant correlations among multivariate variables across data sets. MVDA may extract statistically significant information which may enhance process understanding, decision making in process development, process monitoring and control (including product release), product life-cycle management, and continuous improvement.  
4.2 MVDA is widely used in various industries including the pharmaceutical industry. To achieve a valid outcome, an MVDA model/application should incorporate the following:  
4.2.1 A predefined risk-based objective incorporating one or more relevant scientific hypotheses specific to the application;  
4.2.2 Sufficient relevant data of requisite quality covering the variance space encountered during intended use, that is, pharmaceutical development, or pharmaceutical manufacturing, or both;  
4.2.3 Appropriate data analysis and model utilization practices including considerations on testing, validation, and qualification of all new data prior to using a model to analyze it;  
4.2.4 Appropriately trained staff;  
4.2.5 Appropriate standard operating procedures; and  
4.2.6 Life-cycle management.  
4.3 This guide can be used to support data analysis activities associated with pharmaceutical development and manufacturing, process performance and product quality monitoring in manufacturing, as well as for troubleshooting and investigation events. Technical detai...
SCOPE
1.1 This guide covers the applications of multivariate data analysis (MVDA) to support pharmaceutical development and manufacturing activities. MVDA is one of the key enablers for process understanding and decision making in pharmaceutical development, and for the release of intermediate and final products after being validated appropriately using a science and risk-based approach.  
1.2 The scope of this guide is to provide general guidelines on the application of MVDA in the pharmaceutical industry. While MVDA refers to typical empirical data analysis, the scope is limited to providing a high level guidance and not intended to provide application-specific data analysis procedures. This guide provides considerations on the following aspects:  
1.2.1 Use of a risk-based approach (understanding the objective requirements and assessing the fit-for-use status);  
1.2.2 Considerations on the data collection and diagnostics used for MVDA (including data preprocessing and outliers);  
1.2.3 Considerations on the different types of data analysis, model testing, and validation;  
1.2.4 Qualified and competent personnel; and  
1.2.5 Life-cycle management of MVDA model.  
1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.4 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Guide
    7 pages
    English language
    sale 15% off
  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM E1935-97(2019)(Test Method)
Standard Test Method for Calibrating and Measuring CT Density

SIGNIFICANCE AND USE
5.1 This test method allows specification of the density calibration procedures to be used to calibrate and perform material density measurements using CT image data. Such measurements can be used to evaluate parts, characterize a particular system, or compare different systems, provided that observed variations are dominated by true changes in object density rather than by image artifacts. The specified procedure may also be used to determine the effective X-ray energy of a CT system.  
5.2 The recommended test method is more accurate and less susceptible to errors than alternative CT-based approaches, because it takes into account the effective energy of the CT system and the energy-dependent effects of the X-ray attenuation process.
FIG. 1 Density Calibration Phantom  
5.3 This (or any) test method for measuring density is valid only to the extent that observed CT-number variations are reflective of true changes in object density rather than image artifacts. Artifacts are always present at some level and can masquerade as density variations. Beam hardening artifacts are particularly detrimental. It is the responsibility of the user to determine or establish, or both, the validity of the density measurements; that is, they are performed in regions of the image which are not overly influenced by artifacts.  
5.4 Linear attenuation and mass attenuation may be measured in various ways. For a discussion of attenuation and attenuation measurement, see Guide E1441 and Practice E1570.
SCOPE
1.1 This test method covers instruction for determining the density calibration of X- and γ-ray computed tomography (CT) systems and for using this information to measure material densities from CT images. The calibration is based on an examination of the CT image of a disk of material with embedded specimens of known composition and density. The measured mean CT values of the known standards are determined from an analysis of the image, and their linear attenuation coefficients are determined by multiplying their measured physical density by their published mass attenuation coefficient. The density calibration is performed by applying a linear regression to the data. Once calibrated, the linear attenuation coefficient of an unknown feature in an image can be measured from a determination of its mean CT value. Its density can then be extracted from a knowledge of its mass attenuation coefficient, or one representative of the feature.  
1.2 CT provides an excellent method of nondestructively measuring density variations, which would be very difficult to quantify otherwise. Density is inherently a volumetric property of matter. As the measurement volume shrinks, local material inhomogeneities become more important; and measured values will begin to vary about the bulk density value of the material.  
1.3 All values are stated in SI units.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off