document digital signature (dsg) document digital signature (dsg) gila pyke / lori reed-fourquet...
TRANSCRIPT
Document Digital Signature(DSG)
Document Digital Signature(DSG)
Gila Pyke / Lori Reed-FourquetSmart Systems for Health Agency / Identrus
IHE ITI Technical Comittee
June 28-29, 2005 Interoperability Strategy Workshop2
W W W . I H E . N E TW W W . I H E . N E T
Providers and VendorsWorking Together to Deliver
Interoperable Health Information SystemsIn the Enterprise
and Across Care Settings
June 28-29, 2005 Interoperability Strategy Workshop3
IT Infrastructure ProfilesIT Infrastructure Profiles
2004 Patient Identifier Cross-referencing for MPI (PIX) Retrieve Information for Display (RID) Consistent Time (CT) Patient Synchronized Applications (PSA) Enterprise User Authentication (EUA)
2005Patient Demographic Query (PDQ) Cross Enterprise Document Sharing (XDS)Audit Trail and Note Authentication (ATNA)Personnel White Pages (PWP)
2006Cross-Enterprise User Authentication (XUA)Document Digital Signature (DSG) – Notification of Document Availability (NAV)Patient Administration/Management (PAM)
Document Digital Signature (DSG)Use of digital signatures to provide document integrity, non-repudiation and accountability.
June 28-29, 2005 Interoperability Strategy Workshop4
Document Digital SignatureDocument Digital SignatureValue PropositionValue Proposition
• Leverages XDS Document infrastructure• Providing accountability• Providing document integrity• Providing non-repudiation• Providing satisfactory evidence of: Authorship,
Approval, Review, and Authentication• Infrastructural pattern to be further profiled by
domain specific groups (e-Prescribing, e-Referral)
June 28-29, 2005 Interoperability Strategy Workshop5
Document Digital SignatureDocument Digital SignatureAbstract/scopeAbstract/scope
• Provide signature mechanism
• Provide verification/validation mechanism
• Provide signature attributes
• XDS manages document and signature
• Allows direct access to document (XDS)
June 28-29, 2005 Interoperability Strategy Workshop6
Document Digital SignatureDocument Digital SignatureAbstract/scopeAbstract/scope
• Digital Signature Document format• Leverages XDS for signature by reference• New document type in XDS – Linkage forward
and back.• Profiles single / multiple signatures• Profiles nested signatures• Provide signature integrity across intermediary
processing
June 28-29, 2005 Interoperability Strategy Workshop8
Document Digital SignaturesDocument Digital SignaturesGoalsGoals
Digital Signatures help mitigate risk for the following attacks: – In the storage or transmission of documents,
characteristics of clinician orders reflected in the prescription could be modified.
– In the storage or transmission of documents, characteristics of countersigned clinician orders reflected in the prescription could be modified.
– A forged prescription could be introduced.
June 28-29, 2005 Interoperability Strategy Workshop10
Document Digital SignatureDocument Digital SignatureKey Technical PropertiesKey Technical Properties
• W3C XML Signature structure– credentials, timestamp, and other signature attributes
such as signature purpose
• Reference to document stored in XDS• ISO TS17090 compliant digital certificates• Assures message integrity • Verification of signed document validity• Provides for multiple signers
June 28-29, 2005 Interoperability Strategy Workshop11
Document Digital SignatureDocument Digital SignatureSignature AttributesSignature Attributes
• Expand signature to include additional data relevant to the healthcare signature
• Includes the date and time the signature was calculated and applied
• The identity of the signer
• Signature Purpose
June 28-29, 2005 Interoperability Strategy Workshop15
Document Digital SignatureDocument Digital SignatureUse CasesUse Cases
• Attesting a document as true copy– Each subsequent use of the original signed digital document or
a digital copy of the document can inspected signatures to assert that the documents are true copies of information attestable to the signer at the time of the signature ceremony
• Attesting content– When a clinician submits a clinical document to the XDS
repository, the clinician using a digital certificate digitally signs the document
• Attesting to whole submission set • Translation / Transformation
June 28-29, 2005 Interoperability Strategy Workshop16
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing (XDS) Use Case (1)(XDS) Use Case (1)
• The XDS profile describes how different health care parties can share documents
• A “document source” is responsible to “provide and register” document in a “registry/repository” for a “query” and “retrieve” by a “document consumer”
• Document Digital Signature enables to manage the “responsibility” issues
June 28-29, 2005 Interoperability Strategy Workshop17
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing (XDS) Use Case (2)(XDS) Use Case (2)
• The “document source” wants to prove it has well “authored” the document and the associated “submission set metadata”
• The “registry/repository” it has not corrupted the documents and metadata
• The “document consumer” wants to check above items and check the “identity” of author(s) and authenticator(s)
June 28-29, 2005 Interoperability Strategy Workshop18
Cross-Enterprise Document Sharing Cross-Enterprise Document Sharing (XDS) Use Case (3)(XDS) Use Case (3)
• The “document source” includes the document(s) signature(s) into the “submission set”
• The “registry/repository” stores the document signature(s) as a “document” and metadata associated with it/them as a specific “signature object” metadata
• The “document consumer” can see the “signature metadata” and retrieve each signature for checking it, including the certificate(s)
June 28-29, 2005 Interoperability Strategy Workshop19
Document Digital SignatureDocument Digital SignatureSignature PurposeSignature Purpose
From ASTM E1762 *• “Author” - Author’s signature,• “Author.Co” - Coauthor’s signature• “Participant” - Co-participant’s signature• “Transcriptionist/Recorder”• “Verification” - Verification signature• “Validation” - Validation signature• “Consent” - Consent signature• “Witness” - Witness signature• “Witness.Event” - Event witness signature• “Witness.Identity” - Identity witness signature such as a Notary• “Witness.Consent” - Consent witness signature• “Interpreter”• “Review” - Review signature• “Source” - Source signature• “Addendum” - Addendum signature• Administrative• Timestamp
June 28-29, 2005 Interoperability Strategy Workshop20
Document Digital SignatureDocument Digital SignatureAdditions to ASTM1762Additions to ASTM1762
The following items will be added to ASTM1762– Modification– Authorization– Transformation– Recipient
Modification is being worked on.
June 28-29, 2005 Interoperability Strategy Workshop21
Document Digital SignatureDocument Digital SignatureStandards UsedStandards Used
W3C XML SignatureISO 17090, 21091ASTM E2212, E1985, E1762, E1084IETF x509DICOM supplement 41, 86NCPDPHL7 CDA
June 28-29, 2005 Interoperability Strategy Workshop23
More information….More information….
• IHE Web sites: www.ihe.net• Technical Frameworks, Supplements
– Fill in relevant supplements and frameworks
• Non-Technical Brochures :• Calls for Participation
• IHE Fact Sheet and FAQ
• IHE Integration Profiles: Guidelines for Buyers
• IHE Connect-a-thon Results
• Vendor Products Integration Statements