BS ISO 17090‑1:2021 pdf download.Health informatics — Public key infrastructure Part 1: Overview of digital certificate services.
6.3 Healthcare-specific needs and the separation of authentication from data encipherment There is a particular health industry need to separate the signing from the encipherment function. The reason for this is that authorized health professionals may need to access a patient’s record in emergency or special situations when the health professional for whom the message was intended is not physically present or contactable. It is common practice in healthcare security to have an individual identity certificate used for authentication and an organization unit certificate used for encipherment. This document advocates that separate certificates and associated keys be used for the purpose of authentication and encipherment (ensuring confidentiality). It also recognizes the need to have separate certificates to establish identity and others to manage access control that are bound to the subject’s authentication key. If keys are used for data encryption, a form of key management is necessary to prevent data loss if the decryption keys are not available.
6.4 Health industry security management framework for digital certificates The digital certificate security infrastructure required to support the secure movement of healthcare- related information and access to data within and across national or jurisdictional boundaries needs to be supported by a framework of generic security management policies. To achieve some assurance that the infrastructure operates securely, there is a need to establish codes of practice for its management. Standards giving the codes of practice for the management of information security already exist and are commonly accepted. ISO/IEC 27002 and the COBIT specification [15] establish practices for the identification of security risks, as well as for the application of the appropriate controls to manage those risks. Such codes of practice place little or no constraint on the security services that can be offered by the deployment digital certificates and give the signer and the verifier a degree of assurance that the electronic signature is not weakened by poor security management. Consequently, this document will refer to ISO/IEC 27002 to address the security issues presented in IETF/RFC 3647 [10] .
6.5 Policy requirements for digital certificate issuance and use in healthcare The policy requirements and associated pract
7 Public key cryptography
7.1 Symmetric vs. asymmetric cryptography With symmetric cryptography, a secret key is used to encipher plain text into a cryptogram that is not readable. Such enciphered information can be deciphered with the same secret key by reversing the encipherment algorithm. This type of cryptosystem is widely used to ensure confidentiality and is called the symmetric or secret key.BS ISO 17090‑1 pdf download.