deployment models a.e-mail client (no s/mime) »nhin-direct developed security agent »off-the-shelf...
TRANSCRIPT
Deployment Models
A. e-Mail client (no S/MIME)» NHIN-Direct developed security agent» off-the-shelf S/MIME proxy
B. e-Mail client using Native S/MIME» Internet e-Mail Service Provider» Healthcare specific e-Mail Service Provider
C. Web Portal » to common Internet e-Mail service with S/MIME support» to Healthcare specific messaging service with S/MIME support
D. EHR/PHR with integrated S/MIME functionality » deployed inside the Provider» deployed as SaaS
E. NHIN Direct to/from NHIN Exchange» Trusted NHIN Gateway » End to End secure
Source ClientSource Client Destination ClientDestination ClientSource Full Service HISP
Source Full Service HISP
DestinationFull Service HISP
DestinationFull Service HISP
SendSend
Locate Destination Certificate
Locate Destination Certificate
POP/IMAP + TLS
POP/IMAP + TLS
ReceiveReceive
S/MIMEEncrypt
w/ DestinationCert
S/MIMEEncrypt
w/ DestinationCert
S/MIME Verifyw/ Source CertS/MIME Verifyw/ Source Cert
S/MIME Decryptw/ Private Key
S/MIME Decryptw/ Private Key
A) e-Mail client with Full Service HISP
SMTP + S/MIME
Locate Destination
Address
Locate Destination
Address
SMTP +MIME+ TLS
SMTP +MIME+ TLS
DocumentOr XDM
DocumentOr XDM
S/MIMESign
w/ Private Key
S/MIMESign
w/ Private Key
Encrypted Content
Encrypted Content
A.1
A.2
A.3
A.4
A.5
A.6 A.7
A.8
A.9
A.10
A.11
Private Key
Store
Private Key
StorePrivate
Key Store
Private Key
Store
Destination ClientDestination ClientSource ClientSource Client Destination HISPDestination HISP
SendSend
DocumentOr XDM
ReceiveReceive
B) e-Mail client using Native S/MIME
Locate DestinationAddress +Certificate
Locate DestinationAddress +Certificate
POP/IMAP + TLS
POP/IMAP + TLS
SMTP + S/MIME
DocumentOr XDM
S/MIMEEncrypt
w/ DestinationCert
S/MIMEEncrypt
w/ DestinationCert
S/MIMESign
w/ Private Key
S/MIMESign
w/ Private Key
S/MIME Decryptw/ Private Key
S/MIME Decryptw/ Private Key
Encrypted Content
Encrypted Content
B.1
B.2
B.3
B.4 B.5
B.6 B.7
S/MIME Verifyw/ Source CertS/MIME Verifyw/ Source Cert
B.8
B.9
Private Key
Store
Private Key
Store
Private Key
Store
Private Key
Store
Destination ClientDestination ClientSource ClientSource Client Source web HISPSource web HISP Destination web HISP
Destination web HISP
SendSend
Upload Document(s)
Upload Document(s)
HTTP + TLSHTTP + TLS
ReceiveReceive
S/MIME Encryptw/ Destination
Cert
S/MIME Encryptw/ Destination
Cert
S/MIME Verifyw/ Source CertS/MIME Verifyw/ Source Cert
S/MIME Decryptw/ Private Key
S/MIME Decryptw/ Private Key
C) Web Portal
HTTP + TLSHTTP + TLS
DocumentOr XDM
DocumentOr XDM
Download Document(s)
Download Document(s)
S/MIMESign
w/ Private Key
S/MIMESign
w/ Private Key
Find DestinationAddress +Certificate
Find DestinationAddress +Certificate
Build XDMBuild XDM
SMTP + S/MIME
Encrypted Content
Encrypted Content
C.1
C.2
C.3
C.4
C.5
C.6
C.7 C.8
C.9
C.10
C.11
C.12
Private Key
Store
Private Key
StorePrivate
Key Store
Private Key
Store
Destination ClientDestination ClientSource ClientSource Client Destination HISPDestination HISP
SendSend
DocumentOr XDM
ReceiveReceive
D) EHR/PHR with integrated S/MIME
Locate DestinationAddress + Certificate
Locate DestinationAddress + Certificate
POP/IMAP + TLS
POP/IMAP + TLS
SMTP + S/MIME
DocumentOr XDM
S/MIME Encryptw/ Destination
Cert
S/MIME Encryptw/ Destination
Cert
S/MIMESign
w/ Private Key
S/MIMESign
w/ Private Key
S/MIME Decryptw/ Private Key
S/MIME Decryptw/ Private Key
Encrypted Content
Encrypted Content
D.1
Private Key
Store
Private Key
StoreD.2
Private Key
Store
Private Key
Store
S/MIME Verifyw/ Source CertS/MIME Verifyw/ Source Cert
D.3
D.4 D.5
D.6 D.7
D.8
D.9
Gateway: Direct Project to XDR(Destination HISP)
Gateway: Direct Project to XDR(Destination HISP)
ReceiveReceive
S/MIME Verifyw/ Source CertS/MIME Verifyw/ Source Cert
S/MIME Decryptw/ Private Key
S/MIME Decryptw/ Private Key
E) Direct Project sending to XDR with Trusted Service Provider (e.g. NHIN Exchange)
Convert XDM metadata and
content to XDR format
Convert XDM metadata and
content to XDR format
SMTP + S/MIME
Direct Project Sender
XDR + TLSXDR
+ TLS
Destination Certificate is shared with all XDR destinations in XDR Exchange
Endpoint in XDR
Exchange
E.1.1
E.1.2
E.1.4
E.1.6
E.1.7
Private Key
Store
Private Key
Store
Address Book w/
Certs
Address Book w/
Certs
E.1.3
E.1.5
Gateway: Direct Project from XDR(Source HISP)
Gateway: Direct Project from XDR(Source HISP)
SendSend
S/MIME Encryptw/ Destination
Cert
S/MIME Encryptw/ Destination
Cert
E) Direct Project receiving from XDR with Trusted Service Provider (e.g. NHIN Exchange)
XDR + TLSXDR
+ TLS
S/MIME Signw/ Private KeyS/MIME Sign
w/ Private Key
Extract Destination Address
from XDR metadata
Extract Destination Address
from XDR metadata
Convert XDR Metadata and Documents to XDM Zip file
Convert XDR Metadata and Documents to XDM Zip file
Direct Project
Recipient
Endpoint in XDR
Exchange
Locate Destination Certificate
Locate Destination Certificate
SMTP + S/MIME
Private Key
Store
Private Key
Store
Address Book w/
Certs
Address Book w/
Certs
E.2.6
E.2.4
E.2.1
E.2.2
E.2.3
E.2.5
E.2.7
E.2.9E.2.8
NHIN Direct to NHIN Exchange(Destination HISP)
NHIN Direct to NHIN Exchange(Destination HISP)
ReceiveReceive
E) NHIN Direct sending to non-trusted NHIN Exchange (End-to-End Secure)
SMTP + S/MIME
NHIN Direct
Place S/MIME message as XDR content
Place S/MIME message as XDR content
XDR + TLSXDR
+ TLS
Destination Certificateis Individual or Organization
NHIN Exchang
e
NHIN Direct to NHIN Exchange(Destination HISP)
NHIN Direct to NHIN Exchange(Destination HISP)
ReceiveReceive
S/MIME Verifyw/ Source CertS/MIME Verifyw/ Source Cert
S/MIME Decryptw/ Private Key
S/MIME Decryptw/ Private Key
E) NHIN Direct sending to NHIN Exchange
Convert XDM metadata and
content to XDR format
Convert XDM metadata and
content to XDR format
SMTP + S/MIME
NHIN Direct
Place S/MIME message as XDR content
Place S/MIME message as XDR content
XDR + TLSXDR
+ TLS
Destination Certificate is Group NHIN Exchange
Destination Certificateis Individual or Organization
NHIN Exchang
e
Non Trusted NHIN Exchange GatewayNon Trusted NHIN Exchange Gateway
E) NHIN-Direct receiving from non-Trusted NHIN Exchange (End-to-End Secure)
NHIN Direct
NHIN Exchang
e
Source Certificate is individual or organizational
Source ClientSource Client
S/MIME Encryptw/ Destination
Cert
S/MIME Encryptw/ Destination
Cert
XDM Zip fileXDM Zip file
S/MIME Signw/ Private KeyS/MIME Sign
w/ Private Key
Locate DestinationAddress +Certificate
Locate DestinationAddress +Certificate
XDR + TLSXDR
+ TLS
Extract from XDM metadata the To
and From addresses
Extract from XDM metadata the To
and From addresses
Extract S/MIME message from XDR content
Extract S/MIME message from XDR content
SMTP + S/MIME
Trusted NHIN Exchange Gateway
Trusted NHIN Exchange Gateway
Non Trusted NHIN Exchange GatewayNon Trusted NHIN Exchange Gateway
SendSend
S/MIME Encryptw/ Destination
Cert
S/MIME Encryptw/ Destination
Cert
E) NHIN-Direct receiving from NHIN Exchange
XDR + TLSXDR
+ TLS
S/MIME Signw/ Private KeyS/MIME Sign
w/ Private Key
Extract Destination Address
from XDR metadata
Extract Destination Address
from XDR metadata
Convert XDR Metadata and Documents to XDM Zip file
Convert XDR Metadata and Documents to XDM Zip file
NHIN Direct
NHIN Exchang
e
Locate Destination Certificate
Locate Destination Certificate
Source Certificate is NHIN Exchange Group Certificate
Source Certificate is individual or organizational
Source ClientSource Client
S/MIME Encryptw/ Destination
Cert
S/MIME Encryptw/ Destination
Cert
XDM Zip fileXDM Zip file
S/MIME Signw/ Private KeyS/MIME Sign
w/ Private Key
Locate DestinationAddress +Certificate
Locate DestinationAddress +Certificate
XDR + TLSXDR
+ TLS
Extract from XDM metadata the To
and From addresses
Extract from XDM metadata the To
and From addresses
Extract S/MIME message from XDR content
Extract S/MIME message from XDR content
SMTP + S/MIME