Claudio Saccavini

1
Document Digital Signature(DSG)

• Claudio Saccavini
• IHE-Italy Project Manager
• O3 Consortium - University of Padova

2
IT Infrastructure Profiles

• 2004
• Patient Identifier Cross-referencing for MPI
  (PIX)
• Retrieve Information for Display (RID)
• Consistent Time (CT)
• Patient Synchronized Applications (PSA)
• Enterprise User Authentication (EUA)
• 2005
• Patient Demographic Query (PDQ)
• Cross Enterprise Document Sharing (XDS)
• Audit Trail and Note Authentication (ATNA)
• Personnel White Pages (PWP)
• 2006
• Cross-Enterprise User Authentication (XUA)
• Document Digital Signature (DSG)
• Notification of Document Availability (NAV)
• Patient Administration/Management (PAM)

Document Digital Signature (DSG) Use of digital
signatures to provide document integrity,
non-repudiation and accountability.
3
Document Digital SignatureValue Proposition

• Leverages XDS Document infrastructure
• Providing accountability
• Providing document integrity
• Providing non-repudiation
• Providing satisfactory evidence of Authorship,
  Approval, Review, and Authentication
• Infrastructural pattern to be further profiled by
  domain specific groups (e-Prescribing,
  e-Referral)

4
Document Digital SignatureAbstract/scope

• A Digital Signature is an XDS document (changed
  from June public comment version)
• There are four Use Cases that we have considered
  for this year
• Vendor must provide signature mechanism for XDS
  Submissions
• Possibility to use digital signatures without
  having an XDS registry. Approach is determined by
  other domain-specific groups (e-Prescribing,
  e-Referral)

5
Document Digital SignatureOut of scope

• Certificate management and PKI concepts
• Standards and implementations are available and
  will be discussed later
• Focus begins with signing, not encryption
• Partial Document Signature

6
Document Digital SignatureIntroduction to
Digital Signatures

• The Signing Ceremony
• Components
• Resources

7
Document Digital SignatureThe Signing Ceremony
8
Document Digital SinatureVerification
Original Document
Message HASH
EAdfj78oXWq
HASH function
Signed Document
Equal
Public Key of Signer
Asymmetric Algorithm
EAdfj78oXWq
Signature
Original HASH (Signer generated)
9
Document Digital SignatureComponents

• You will need
• A digital identity
• A toolkit for the cryptographic algorithms of
  signing and signature verification

10
Document Digital SignatureDigital Identity

• Must be obtained from an ISO 17090 compliant
  Certificate Authority
• Including the role extension for the signers
  role in the healthcare profession
• For purposes of signature verification, the
  signers certificate (public key portion) must be
  available
• Test certificates can be obtained without
  rigorous identification requirements for the
  purpose of the Connectathon
• For test certificates contact lori.fourquet_at_sbcglo
  bal.net

11
Document Digital SignatureISO 17090 Certificate
Info

• A certificate may contain the name of the
  practitioner, their email address (optional),
  information about their organization and other
  credentials as referenced in ISO 17090
• ISO 17090 specifies a single healthcare-specific
  extension enabling assertion of roles
• the healthcare profession
• regulatory identifiers
• professional identifiers
• consumer identifiers
• employee roles

12
Document Digital SignatureIdentity Management

• Rigorous Identity management is critical to
  maintaining the trustworthiness of a digital
  signature
• Organizations must ensure that face-to-face
  registration processes are in place and that
  digital identities are carefully assigned
• Credentials of the healthcare stakeholder must be
  verified by the registration agent
• The registration agent must be trained and aware
  of security requirements

13
Document Digital SignatureGoals

• Leverages XDS for signature by reference
• Profile use of single / multiple signatures
• Profile use of nested signatures
• Provide signature integrity across intermediary
  processing
• E-prescribing
• Interface Engine

14
Document Digital SignatureUpdates

• Changes to Digital Signatures Supplement since
  June 15th public comments version
• Most notably no new XDS document type
• NAV will use digital signature function
• W3C XaDES was selected as an XML Digital
  Signature Structure

15
Document Digital SignaturesSecurity
Considerations

• Digital Signatures help mitigate risk for the
  following attacks
• In the storage or transmission of documents,
  characteristics of clinician orders reflected in
  the prescription could be modified.
• In the storage or transmission of documents,
  characteristics of countersigned clinician orders
  reflected in the prescription could be modified.
• A forged prescription could be introduced.

16
Document Digital SignaturesRisks not mitigated

• The following scenarios will not be mitigated by
  using digital signatures and require additional
  security
• Corruption or bribery of a user, or
  counter-signer
• Theft of a private key
• Compromise of the physicians workstation to
  allow access to the signing key
• The confirmation process could be corrupted or
  modified.
• The dispensing system could be corrupted or
  modified, including simple attacks like burglary.
• The dispensing feedback could be corrupted,
  modified, or destroyed.

17
Document Digital SignatureUse Cases True Copy

• Use Case 1 Attesting a document as true copy
• Verify that the document in use by all parties is
  the same as the original document and has not
  been modified.
• Verify document integrity.

18
Document Digital SignatureUse Cases True Copy

• XDS example
• Medical records staff who submit documents to XDS
  need to verify and attest their submission.
• Non-XDS example
• A physician needs to forward results obtained
  from a third party to another clinician. There is
  a need to ensure that all parties are working
  from the same true copy

19
Document Digital SignatureUse Cases Attesting
to Content

• Use Case 2 Attesting clinical information
  content
• Attest that a report is complete and correct
• Ability to verify that physician has verified and
  attested to report

20
Document Digital SignatureUse Cases Attesting
to Content

• XDS example
• When a clinician submits content to XDS he/she
  signs it to take clinical responsibility for the
  content
• Non-XDS example
• A clinician needs to rely on the contents of a
  report created by another clinician diagnosis,
  prescription content, etc
• Also, this signature can not be repudiated.

21
Document Digital SignatureUse Cases Diagnostic
Report

• Use Case 3 Attesting to a diagnostic report
• signature can simultaneously sign the source data
  that was used to prepare the diagnostic report
• Provides a means to represent the full set of
  reports and data that was used to prepare report
• Subsequent information added to XDS is clearly
  not part of the source data

22
Document Digital SignatureUse Cases Submission
set

• Use Case 4 Attesting to a whole submission set
• A digitally signed manifest can indicate both
• That a set of documents is authorized for release
  by signing clinician
• That the set is indeed the complete set of
  documents and their associated signatures
• Manifest signature does NOT verify content or
  correctness.

23
Document Digital SignatureUse Cases Submission
Set

• The recipient organizations can use this digital
  signature to
• identify the person who selected and authorized
  the release,
• obtain the complete list of documents released,
• verify that the released documents have not
  changed, and
• identify the associated XDS submission set.

24
Document Digital SignatureUse Cases Submission
Set

• XDS example
• Use XDS to send a collection of documents
  relating to a patient referral. Attest that
  submission includes complete set of relevent
  documents.
• Non-XDS example
• Attesting to the completeness of a monthly
  submission of all TB patient records for
  statistical analysis
• Attesting to the completeness of health records
  in a patient transfer

25
Document Digital SitgnatureTranslation/Transforma
tion

• Use Case 5 Translation
• When an original document must be translated ,
  the original signature cannot be used to validate
  the translated document. There must be an
  additional signature generated by the translation
  with the ability to retain the original signature
  and data integrity.

26
Document Digital SignatureUse Cases Translation

• Introduction of an additional signature to
  validate
• The original document
• The original signature
• The translated document
• Used to verify that the translator had the
  original/true document, that the original
  document was signed, and that the translation has
  attested to the validity of the translation.

27
Document Digital SignatureUse Cases Translation
28
Document Digital SignatureUse Cases Translation

• XDS example
• Reference original document and original
  signature by using association-type to link them
  in XDS with translated version
• Non-XDS example
• e-prescribing Value added networks that
  translate the format of a prescription before
  forwarding it to a pharmacy

29
Document Digital SignatureSignature Attributes

• Expand signature to include additional data
  relevant to the healthcare signature
• Includes the date and time the signature was
  calculated and applied
• The identity of the signer
• Signature Purpose

30
Document Digital SignatureAdditions to ASTM1762

• The following items will be added to ASTM1762
• Modification
• Authorization
• Transformation
• Recipient
• Modification is being worked on.

31
Document Digital SignatureMultiple Signatures

• The following diagrams will outline common
  transactions where multiple signatures may be
  required.

32
Document Digital SitgnatureMultiple Signatures

• For multiple signatures of the same document
  (e.g. co-signature), each signature will generate
  the digest data from the document source
• For witness signatures and other cases where the
  second signature is representing attestation to
  the original data and the prior signature (e.g.
  witness), the digest is generated from the output
  of the first signed document.

33
Document Digital SigantureXML Digital Signature
Tools

• Apache XML Security project has both Java and C
  implementations of XML Digital Signature (open
  source) http//xml.apache.org/security/
• JSR 105 Java XML Digital Signature API with
  reference implementations-- final release by Sun
  and IBM June 24, 2005. http//jcp.org/aboutJava/co
  mmunityprocess/final/jsr105/index.html

34
Document Digital SignatureCommercial Toolkits

• (not comprehensive list)
• http//jce.iaik.tugraz.at/products/052_XSECT/index
  .php
• http//www.infomosaic.net/SecureXMLDetailInfo.htm
  
• http//www.betrusted.com/products/keytools/xml/ind
  ex.asp
• http//www.phaos.com/products/category/xml.html
• http//www.verisign.com/products-services/security
  -services/pki/xml-trust-services/index.html

35
Document Digital SignatureXDS Sample Code

• ltSignature Id"signatureOID" xmlnshttp//www.w3.o
  rg/2000/09/xmldsig xmlnsxadxmlns"http//uri
  .etsi.org/01903/v1.1.1"gt
• ltSignedInfogt
• ltCanonicalizationMethod
• Algorithm"http//www.w3.org/TR/2001/REC-xml-c1
  4n-20010315WithComments/gt
• ltSignatureMethod Algorithm"http//www.w3.org/20
  00/09/xmldsigrsa-sha1"/gt
• ltReference URI"IHEManifest"
• Type"http//www.w3.org/2000/09/xmldsigManife
  st"gt
• ltDigestMethod Algorithm"http//www.w3.org/2000
  /09/xmldsigsha1"/gt
• ltDigestValuegtbase64ManifestDigestValuelt/DigestV
  aluegt
• lt/Referencegt
• lt/SignedInfogt
• ltSignatureValuegtbase64SignatureValuelt/SignatureVa
  luegt
• ltKeyInfogt
• ltX509Datagt
• ltX509Certificategtbase64X509certificateltX509Cert
  ificategt
• lt/X509Datagt
• lt/KeyInfogt

36
Document Digital SignatureXDS Sample Code

• ltObjectgt
• ltxadQualifyingPropertiesgt
• ltxadSignedPropertiesgt
• ltxadSignedSIgnaturePropertiesgt
• ltxadSigningTimegt yyyymmddhhmmsslt/SigningTime
  gt
• ltxadSigningCertificategt
• ltxadCertgt lt!-- identifier of signing
  certificate --gt
• ltxadCertDigestgt
• ltxadDigestMethod Algorithm"http//www.w3
  .org/2000/09/xmldsigsha1"/gt
• ltxadDigestValuegtbase64 digest
  valuelt/DigestValuegt
• lt/CertDigestgt
• ltxadIssuerSerialgt
• ltxadX509IssuerNamegtX.509 distinguished
  name of certificatelt/X509IssuerNamegt
• ltxadX509SerialNumbergtcertificate serial
  numberlt/X509SerialNumbergt
• lt/IssuerSerialgt
• lt/Certgt

37
Document Digital SignatureXDS Sample Code

• ltxadCertgt lt!-- identifier of signing
  certificates parent --gt
• ltxadCertDigestgt
• ltxadDigestMethod Algorithm"http//www.w3
  .org/2000/09/xmldsigsha1"/gt
• ltxadDigestValuegtbase64 digest
  valuelt/DigestValuegt
• lt/CertDigestgt
• ltxadIssuerSerialgt
• ltxadX509IssuerNamegtX.509 distinguished
  name of parents certificatelt/X509IssuerNamegt
• ltxadX509SerialNumbergtcertificate serial
  number lt/X509SerialNumbergt
• lt/IssuerSerialgt
• lt/Certgt
• lt/SigningCertificategt
• ltxadSignaturePolicyIdentifiergtidlt/SignatureP
  olicyIdentifiergt
• lt/SignedSIgnaturePropertiesgt
• lt/SignedPropertiesgt
• lt/QualifyingPropertiesgt

38
Document Digital SignatureXDS Sample Code

• ltSignaturePropertiesgt
• ltSignatureProperty Id"purposeOfSignature"
  targetsignatureOID gt
• codelt/SignaturePropertygt
• lt/SignaturePropertiesgt
• ltManifest Id"IHEManifest"gt
• ltReference URIihexdsregistryxxxx-xxxx.gt
  lt!-- document A--gt
• ltDigestMethod Algorithm"http//www.w3.org/200
  0/09/xmldsigsha1"/gt
• ltDigestValuegtbase64DigestValuelt/DigestValuegt
• lt/Referencegt
• ltReference URIihexdsregistryxxxx-xxxx.gt
  lt!XML document B--gt
• ltTransformsgt
• ltTransform Algorithm"http//www.w3.org/TR/20
  01/REC-xml-c14n-20010315WithComments"/gt
• lt/Transformsgt
• ltDigestMethod Algorithm"http//www.w3.org/200
  0/09/xmldsigsha1"/gt
• ltDigestValuegtbase64DigestValuelt/DigestValuegt
  lt/Referencegt
• ltReference URIihexdsregistryxxxx-xxxx.gt
  lt!--DICOM document (or object) C--gt
• ltTransformsgt
• ltTransform Algorithm"urnoid1.2.840.10008.1
  .2.1"/gt
• lt/Transformsgt

39
Document Digital SignatureStandards Used

• W3C XML XaDES Signature
• ISO 17090, 21091
• ASTM E2212, E1985, E1762, E1084
• IETF x509
• DICOM supplement 41, 86
• NCPDP
• HL7 CDA

40
More information.

• IHE Web sites www.ihe.net
• Technical Frameworks, Supplements
• Fill in relevant supplements and frameworks
• Non-Technical Brochures
• Calls for Participation
• IHE Fact Sheet and FAQ
• IHE Integration Profiles Guidelines for Buyers
• IHE Connect-a-thon Results
• Vendor Products Integration Statements

41
(No Transcript)