Health informatics -- Public key infrastructure

ISO 17090-5:2017 defines the procedural requirements for validating an entity credential based on Healthcare PKI defined in the ISO 17090 series used in healthcare information systems including accessing remote systems. Authorization procedures and protocols are out of scope of this document. The data format of digital signatures is also out of scope of this document.

Informatique de santé -- Infrastructure de clé publique

General Information

Status
Published
Publication Date
07-Aug-2017
Current Stage
6060 - International Standard published
Start Date
23-Jun-2017
Completion Date
08-Aug-2017
Ref Project

Buy Standard

Standard
ISO 17090-5:2017 - Health informatics -- Public key infrastructure
English language
13 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 17090-5
First edition
2017-07
Health informatics — Public key
infrastructure —
Part 5:
Authentication using Healthcare PKI
credentials
Informatique de santé — Infrastructure de clé publique —
Partie 5: Authentification à l’aide des identifiants ICP de la santé
Reference number
ISO 17090-5:2017(E)
ISO 2017
---------------------- Page: 1 ----------------------
ISO 17090-5:2017(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2017, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 17090-5:2017(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 1

5 Scope of application .......................................................................................................................................................................................... 2

5.1 General ........................................................................................................................................................................................................... 2

5.2 Target systems ......................................................................................................................................................................................... 2

5.3 Phases of method identification............................................................................................................................................... 3

5.4 Threats and vulnerabilities .......................................................................................................................................................... 5

6 Validation procedures for HPKI credentials ............................................................................................................................ 6

Annex A (informative) Examples of authentication technology with available X.509

certification as credentials ........................................................................................................................................................................ 9

Annex B (informative) Appropriate use of authentication certificates .........................................................................10

Bibliography .............................................................................................................................................................................................................................13

© ISO 2017 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 17090-5:2017(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO’s adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: w w w . i s o .org/ iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 215, Health informatics.

A list of all parts in the ISO 17090 series can be found on the ISO website.
iv © ISO 2017 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 17090-5:2017(E)
Introduction

The healthcare industry is faced with the challenge of reducing costs by moving from paper-based

processes to automated electronic processes. New models of healthcare delivery are emphasizing the

need for patient information to be shared among a growing number of specialist healthcare providers

and across traditional organizational boundaries.

Healthcare information concerning individual citizens is commonly interchanged by means of

electronic mail, remote database access, electronic data interchange and other applications. The

Internet provides a highly cost-effective and accessible means of interchanging information, but it

is also an insecure vehicle that demands additional measures be taken to maintain the privacy and

confidentiality of information. Threats to the security of health information through unauthorized

access (either inadvertent or deliberate) are increasing. It is essential to have available to the healthcare

system reliable information security services that minimize the risk of unauthorized access.

How does the healthcare industry provide appropriate protection for the data conveyed across the

Internet in a practical, cost-effective way? Public key infrastructure (PKI) and digital certificate

technology seek to address this challenge.

The proper deployment of digital certificates requires a blend of technology, policy and administrative

processes that enable the exchange of sensitive data in an unsecured environment by the use of

“public key cryptography” to protect information in transit and “certificates” to confirm the identity

of a person or entity. In healthcare environments, this technology uses authentication, encipherment

and digital signatures to facilitate confidential access to, and movement of, individual health records

to meet both clinical and administrative needs. The services offered by the deployment of digital

certificates (including encipherment, information integrity and digital signatures) are able to address

many of these security issues. This is especially the case if digital certificates are used in conjunction

with an accredited information security standard. Many individual organizations around the world

have started to use digital certificates for this purpose.

Interoperability of digital certificate technology and supporting policies, procedures and practices

is of fundamental importance if information is to be exchanged between organizations and between

jurisdictions in support of healthcare applications (for example, between a hospital and a community

physician working with the same patient).

Achieving interoperability between different digital certificate implementations requires the

establishment of a framework of trust, under which parties responsible for protecting an individual’s

information rights may rely on the policies and practices and, by extension, the validity of digital

certificates issued by other established authorities.

Many countries are deploying digital certificates to support secure communications within their

national boundaries. Inconsistencies will arise in policies and procedures between the certification

authorities (CAs) and the registration authorities (RAs) of different countries if standards development

activity is restricted to within national boundaries.

Digital certificate technology is still evolving in certain aspects that are not specific to healthcare.

Important standardization efforts and, in some cases, supporting legislation are ongoing. On the

other hand, healthcare providers in many countries are already using or planning to use digital

certificates. This document seeks to address the need for guidance to support these rapid international

developments. While underlying security standards address methods for verification, requirements for

secure verification processes to support healthcare purposes are not defined.

This document describes the procedural requirements validating an entity credential based on

Healthcare PKI defined in ISO 17090 series used in healthcare information systems. Although the

cryptographic operations used at the authentication processes and the digital signature processes

are the same, authentication and signature have different meanings. Systems and software prevent

the users from misuse of the private keys and their certificates especially if both keys are on a secure

token. This document describes the requirements to mitigate threats and vulnerabilities within the

authentication processes with Healthcare PKI credentials.
© ISO 2017 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 17090-5:2017(E)
Health informatics — Public key infrastructure —
Part 5:
Authentication using Healthcare PKI credentials
1 Scope

This document defines the procedural requirements for validating an entity credential based on

Healthcare PKI defined in the ISO 17090 series used in healthcare information systems including

accessing remote systems. Authorization procedures and protocols are out of scope of this document.

The data format of digital signatures is also out of scope of this document.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 17090-1, Health informatics — Public key infrastructure — Part 1: Overview of digital certificate

services
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 17090-1 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at http:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Abbreviated terms
For the purposes of this document, the following abbreviated terms apply.
CRL Certificate Revocation List
CSP Cryptographic Service Provider
HPKI Healthcare Public Key Infrastructure
OCSP Online Certificate Status Protocol
OID Object Identifier
PC/SC Personal Computer/Smart Card
PKCS Public-Key Cryptography Standards
© ISO 2017 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO 17090-5:2017(E)
5 Scope of application
5.1 General

The healthcare information system authenticates healthcare organizations or professionals for access

control to healthcare information, such as EHR or PHR.

Inappropriate process in end entity authentication verification may increase the risk of spoofing,

impersonation, and many other identity-based attacks. As result, that may cause security incidents

leading to critical information leakage and system and data misuse.

This document describes target systems, methods of identification, threats, vulnerabilities and controls

of health software which authenticate using PKI based on the ISO 17090 series.
These controls decrease risks of spoofing.
5.2 Target systems
The target systems of this document are as follows:

a) digital signature library with digital signature creation function and digital signature verification

function for healthcare application;

b) digital signature creation program and digital signature verification program as stand-alone

software or with healthcare application.

Examples of authentication technology to which healthcare PKI can be applied are shown in Annex A.

The following are out of scope:
— healthcare application that does not process digital signature data directly;

— healthcare application that processes digital signature and the result of signature verification with

digital signature library, specific digital signature program or specific digital signature verification

program;
— application interface and user interface within client environment;

— cryptographic library layer, e.g. CSP or PKCS#11, and any subsequent token access layers as depicted

in Figure 1.

Figure 1 illustrates an example of software layers for web-based applications. A digital signature based

application may have the same structure. According to ISO 17090-3, it is assumed that “Storage modules

of the end entity subscriber private key shall conform to standards of levels equal to or higher than US

FIPS 140-2 level 1”. Therefore, in addition to the smart card, as illustrated in Figure 1, a system may use

other tokens, such as a USB token or a software token, for the storage modules of the private key.

2 © ISO 2017 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 17090-5:2017(E)
Figure 1 — Example of processing layer
5.3 Phases of method identification

The authentication process with Healthcare Public Key Infrastructure (HPKI) is composed of three

phases as shown in Figure 2: (1) the preparation phase, (2) the configuration phase, (3) and the

authentication phase.

Figure 2 — Relationship between the three phases of an authentication process with HPKI

Following the preparation phase, go through the configuration phase and proceed to the authentication

phase. After that, the authentication phase is repeated.
(1) Preparation phase
The preparation phase is composed of two steps (see Figure 3):
© ISO 2017 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO 17090-5:2017(E)

(1-1): Certificate Authority creates a certificate for public key corresponding with the subscriber’s

private key stored on the secure token (smart card, etc.) as credential. (Requirement for smart

token that has to conform with FIPS 140-2 level 1 or more and that requirement is possible for

mobile devices. Detail of that is written in ISO 17090-3.).
(1-2): Certificate Authority issues the certificate to the subscriber.
Figure 3 — Preparation phase

The trust anchor of the certificate authority is stored on repository beforehand.

(2) Configuration phase
The configuration phase is composed of two steps (see Figure 4):
(2-1): Server retrieves certificate authority’s certi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.