oSIST prEN 13608-2:2006

SLOVENSKI STANDARD
oSIST prEN 13608-2:2006
01-februar-2006
Zdravstvena informatika – Varnost komuniciranja v zdravstvenem varstvu – 2. del:
Varni podatkovni objekti
Health informatics - Security for healthcare communication - Part 2: Secure data objects
Medizinische Informatik - Sicherheit für die Kommunikation im Gesundheitswesen - Teil
2: Sicherheit für Datenobjekte
Informatique de santé - Sécurité des communications dans le domaine de la santé -
Partie 2 : objets de données sécurisés
Ta slovenski standard je istoveten z: prEN 13608-2
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
oSIST prEN 13608-2:2006 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN 13608-2:2006

---------------------- Page: 2 ----------------------
oSIST prEN 13608-2:2006
EUROPEAN STANDARD
DRAFT
prEN 13608-2
NORME EUROPÉENNE
EUROPÄISCHE NORM
November 2005
ICS Will supersede ENV 13608-2:2000
English Version
Health informatics - Security for healthcare communication - Part
2: Secure data objects
Informatique de santé - Sécurité des communications dans
le domaine de la santé - Partie 2 : objets de données
sécurisés
This draft European Standard is submitted to CEN members for enquiry. It has been drawn up by the Technical Committee CEN/TC 251.
If this draft becomes a European Standard, CEN members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
This draft European Standard was established by CEN in three official versions (English, French, German). A version in any other language
made by translation under the responsibility of a CEN member into its own language and notified to the Management Centre has the same
status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,
Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia,
Slovenia, Spain, Sweden, Switzerland and United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.
: This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
Warning
shall not be referred to as a European Standard.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36  B-1050 Brussels
© 2005 CEN All rights of exploitation in any form and by any means reserved Ref. No. prEN 13608-2:2005: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
Contents Page
Foreword.3
Introduction .4
1 Scope .5
2 Normative references .5
3 Terms and definitions .5
4 Symbols and abbreviations .10
5 Requirements for Secure data objects.11
5.1 Overview.11
5.2 Security functions offered .11
5.3 Securing data .12
5.4 Unsecuring data.13
5.5 Approach to providing security functionality.13
5.6 SMTP .13
5.7 X.400.14
5.8 Other e-mail systems .14
6 Cryptographic algorithms for use with S/MIME CMS.14
6.1 DigestAlgorithmIdentifier.14
6.2 SignatureAlgorithmIdentifier .14
6.3 KeyEncryptionAlgorithmIdentifier .14
6.4 Attribute SignerInfo Type.15
6.5 ISO object identifiers.15
6.6 Content encryption algorithms .15
6.7 Digest algorithms.15
6.8 Asymmetric encryption algorithms .15
6.9 Signature algorithms.15
Annex A (informative) Plaintext recovery .16
A.1 Background.16
A.2 Technical description.16
A.3 Key recovery within CMS.17
Annex B (informative) X.400 <<><<>>> SMTP gatewaying .18
B.1 Introduction.18
B.2 Overview.18
B.3 Sequence of gateway transformations.19
Annex C (informative) Security wrapping overview.20
C.1 Overview.20
Annex D (informative) What can be secured ? .21
Bibliography .22

2

---------------------- Page: 4 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
Foreword
This document (prEN 13608-2:2005) has been prepared by Technical Committee CEN/TC 251 “Health
informatics”, the secretariat of which is held by NEN.
This document is currently submitted to the CEN Enquiry.
This document will supersede ENV 13608-2:2000.
EN 13608 consists of the following parts, under the general title Health informatics — Security for Healthcare
Communication (SEC-COM):
 Part 1: Concepts and Terminology
 Part 2: Secure Data Objects
 Part 3: Secure Data Channels
This standard is designed to meet the demands of the Technical Report CEN/TC251/N98-110 Health
Informatics — Framework for security protection of health care communication.
This standard is drafted using the conventions of the ISO/IEC Directive Part 3.
3

---------------------- Page: 5 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
Introduction
The use of data processing and telecommunications in health care must be accompanied by appropriate
security measures to ensure data confidentiality and integrity in compliance with the legal framework,
protecting patients as well as professional accountability and organizational assets. In addition, availability
aspects are important to consider in many systems.
In that sense, the multipart standard prEN 13608 has the intention of explaining and detailing to the healthcare
end user the different alternatives they have to cope with in terms of security measures that might be
implemented to fulfil their security needs and obligations. Incorporated within this is the standardization of
some elements related to the information communication process where they fall within the security domain.
In the continuity of the Framework for security protection of health care communication (CEN/TC251/N98-110),
hereafter denoted the Framework, whose CEN Report aimed at promoting a better understanding of the
security issues in relations to the healthcare IT-communication, this European standard shall aid in producing
systems to enable healthcare professionals and applications to communicate and interact securely and
therefore safely, legitimately, lawfully and precisely.
The multipart standard prEN 13608 is key communication security standard that can be generically applied to
a wide range of communication protocols and information system applications relevant to healthcare, though
they are neither complete nor exhaustive in that respect. This standard must be defined within the context and
scenarios defined by TC251 Work programme, in which the messaging paradigm for information system
interaction is one of the essentials, as was reflected by the Framework.
This Part 2 of the European standard on Security for Healthcare Communication describes how to secure
arbitrary octet strings that may be used in European healthcare. An arbitrary octet string might for example be
an EDIFACT message, a patient record, etc. Securing within the concepts contained within this European
standard include the preservation of data integrity, the preservation of confidentiality and accountability in
terms of authentication of both communicating parties.
This standard does not specify methods related to availability, storage or transportation of data, key
certificates or other infra-structural issues, nor does it cover application security aspects such as user
authentication.
NOTE This standard defines a methodology to secure the octet string to allow it to be transported securely over
insecure networks, independent of the underlying transportation system, e.g. e-mail or EDI system. The standard
encompasses mechanisms for encryption and digital signature, and will allow that these mechanisms are used
independently.
4

---------------------- Page: 6 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
1 Scope
This European standard defines a standard way of securing healthcare objects. The objects are secured in
such a way that they can be transported over open, unsecured networks, or stored in open unsecured
repositories. An application is able to decide whether to apply any combination of encryption and digital
signature to an object.
In general this European standard does not consider the contents of the objects, but can be applied to any
octet string.
This European standard is based on existing security standards.
This European standard does not consider how the actual security is applied to the objects. A security
infrastructure is assumed, which is used for performing the actual security operations.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 8824, Information technology — Open Systems Interconnection — Specification of Abstract Syntax
Notation One (ASN.1) (Version 2 1991-04-24).
IETF RFC 3852, Internet Engineering Task Force: Cryptographic Message Syntax (CMS).
IETF RFC 3851, Internet Engineering Task Force: S/MIME version 3.1 Message Specification.
ISO 8824-1:1995, Information Technology — Open Systems Interconnection — Specification of Abstract
Syntax Notation One (ASN.1) — Part 1: Specification of the base notation.
PKCS#7, Cryptographic Message Syntax Version 1.5, RFC 2315.
MIXER-BPT, Mapping between CCIT X.400 and RFC-822/MIME Message Bodies, RFC-2157.
CCIT X.400, ITU Data Communication Networks: Message Handling Systems X.400.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
accountability
the property that ensures that the actions of an entity may be traced uniquely to the entity
[ISO 7498-2]
3.2
asymmetric cryptographic algorithm
an algorithm for performing encipherment or the corresponding decipherment in which the keys used for
encipherment and decipherment differ
[ISO 10181-1]
5

---------------------- Page: 7 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
3.3
authentication
process of reliably identifying security subjects by securely associating an identifier and its authenticator
See also data origin authentication and peer entity authentication [ISO 7498-2]
3.4
availability
property of being accessible and useable upon demand by an authorised entity
[ISO 7498-2]
3.5
certificate revocation
act of removing any reliable link between a certificate and its related owner (or security subject owner),
because the certificate is not trusted any more whereas it is unexpired
3.6
certificate holder
an entity that is named as the subject of a valid certificate
3.7
certificate user
an entity that needs to know, with certainty, the public key of another entity
[ISO 9594-8]
3.8
certificate verification
verifying that a certificate is authentic
3.9
certification
use of digital signature to make transferable statement about beliefs of identity, or statements about
delegation of authority
3.10
certification authority
an authority trusted by one or more users to create and assign certificates. Optionally the certification authority
may create the users' keys
[ISO 9594-8]
3.11
ciphertext
data produced through the use of encipherment. The semantic content of the resulting data is not available
[ISO 7498-2]
3.12
ciphersuite
an encoding for the set of bulk data cipher, message digest function, digital signature algorithm and key
exchange algorithm used within the negotiation phase of TLS
3.13
communication protection profile
CPP
a statement of systematic translation form communication security needs to technological concepts
6

---------------------- Page: 8 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
3.14
communication security
security of security objects communicated between security subjects
3.15
confidentiality
the property that information is not made available or disclosed to unauthorised individuals, entities, or
processes
[ISO 7498-2]
3.16
cryptography
the discipline which embodies principles, means, and methods for the transformation of data in order to hide
its information content, prevent its undetected modification and/or prevent its unauthorised use
[ISO 7498-2]
3.17
cryptographic algorithm
cipher
an algorithm used to transform data to hide its information content which is used in the process of encryption
(see 3.22)
3.18
data integrity
the property that data has not been altered or destroyed in an unauthorised manner
[ISO 7498-2]
3.19
data origin authentication
the corroboration that the source of data received is as claimed
[ISO 7498-2]
3.20
decryption
decipherment
process of making encrypted data reappear in its original unencrypted form. The reversal of a corresponding
reversible encipherment
3.21
digital signature
data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient of
the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient
[ISO 7498-2]
3.22
encryption
encipherment
the cryptographic transformation of data (see cryptography) to produce ciphertext
[ISO 7498-2]
7

---------------------- Page: 9 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
3.23
hash function
a (mathematical) function that maps values from a (possibly very) large set of values into a smaller range of
values
[ISO 10181-1]
3.24
integrity
the property of being unmodified by any kind of unauthorised security subject
3.25
key
A sequence of symbols that controls the operations of encipherment and decipherment
[ISO 7498-2]
3.26
key distribution
process of publishing, or transferring to other security subjects a cryptographic key
3.27
key exchange algorithm
an algorithm used to derive a shared secret over an open communications channel
3.28
key generation
process of creating a cryptographic key
3.29
key management
the generation, storage, distribution, deletion, archiving and application of keys in accordance with a security
policy
[ISO 7498-2]
3.30
message recovery
process of a third party decrypting an encrypted message
3.31
one-way function
a (mathematical) function that is easy to compute but, when knowing a result, it is computationally infeasible
to find any of the values that may have been supplied to obtain it
[ISO 10181-1]
3.32
one-way hash function
a (mathematical) function that is both a one-way function and a hash function
[ISO 10181-1]
3.33
peer entity authentication
the corroboration that a peer entity in an association is the one claimed
[ISO 7498-2]
8

---------------------- Page: 10 ----------------------
oSIST prEN 13608-2:2006
prEN 13608-2:2005 (E)
3.34
plaintext
intelligible data, the semantic content of which is available
3.35
private key
a key that is used with an asymmetric cryptographic algorithm and whose possession is restricted (usually to
only one entity)
[ISO 10181-1]
3.36
public key
a key that is used with an asymmetric cryptographic algorithm and that can be made publicly available
[ISO 10181-1]
3.37
secret key
key which is kept secure and only disclosed to parties intended to have access to data protected by it
3.38
security
the combination of availability, confidentiality, integrity and accountability
NOTE From an end-user perspective this encompasses auditability thereby constituting a guarantee that data items
and, more generally any kind of security object, has not been altered, modified, disclosed, or with held by any kind of
security subject in an unauthorized manner with respect to the security policy.
3.39
security object
object
a passive entity that contains or receives information [ITSEC]
NOTE Access to an object potentially implies access to the information it contains.
EXAMPLE Typical objects in the healthcare domain are: medical records, or files containing medical data.
3.40
security policy
the set of laws, rules, and practices that regulate how an organisation manages, protects, and distributes
sensitive information [TCSEC]
3.41
security protocol
a formal detailed specification describing the implementation of a set of securit
...