1、Designation:E 2084 00An American National StandardStandard Specification forAuthentication of Healthcare Information Using DigitalSignatures1This standard is issued under the fixed designation E 2084;the number immediately following the designation indicates the year oforiginal adoption or,in the ca
2、se of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon(e)indicates an editorial change since the last revision or reapproval.1.Scope1.1 This specification covers the use of digital signatures toprovide authentication of healthcare
3、information,as describedin Guide E 1762.It describes how the components of a digitalsignature system meet the requirements specified in GuideE 1762.This includes specification of allowable signature andhash algorithms,management of public and private keys,andspecific formats for keys,certificates,an
4、d signed healthcaredocuments.1.2 This specification should be read in conjunction withGuide E 1762,which describes the scope of,and requirementsfor,authentication of healthcare information.This specificationdescribes one implementation(digital signatures)that meets allof the requirements of Guide E
5、1762.It does not prescribe anyparticular policy regarding which documents shall be authen-ticated,and by whom.2.Referenced Documents2.1 ASTM Standards:E 1762 Guide for Electronic Authentication of HealthcareInformation22.2ANSI Standards:3X9.30 Part 2:Public Key Cryptography Using IrreversibleAlgorit
6、hms:Secure Hash Algorithm(SHA-1)X9.31 Reversible Digital Signature AlgorithmsX9.55 Extensions to Public Key Certificates and CRLsX9.57 Certificate ManagementX9.62 Elliptic Curve Digital Signature Algorithm2.3ISO Standards:4ISO 95948 1993:The Directory:Authentication Frame-work(also available as ITU-
7、S X.509)ISO 88241 1993:Specification of Abstract Syntax Nota-tion One(ASN.1)ISO 88251 1993:Specification of Basic Encoding Rulesfor ASN.1ISO 9796 1991:Digital Signature Scheme Giving MessageRecoveryISO 10166 1991:Document Filing and Retrieval(DFR)2.4Internet Standards:5RFC 2630 Cryptographic Message
8、 Syntax2.5Other Documents:6RSA Laboratories,“PKCS#1:RSA Encryption Standard(version 1.5),”November 1993RSA Laboratories,“PKCS#5:Password Based Encryption(version 1.5),”November 1993RSA Laboratories,PKCS#6:Extended Certificate SyntaxNotationRSALaboratories,“PKCS#7:Cryptographic Message Syn-tax(versio
9、n 1.5),”November 1993RSA Laboratories,PKCS#9:Selected Attribute TypesITU-T X.501Information Technology Open SystemsInterconnectionThe Directory:Models3.Terminology3.1 Definitions:3.1.1 attributepiece of information associated with theuse of a document.3.1.2 authentication(data origin)corroboration t
10、hat thissource of data received is as claimed.3.1.3 authentication(user)provision of assurance of theclaimed identity of an entity.3.1.4 certificate(public key)digitally signed data structurethat binds a users identity to a public key.3.1.5 data integrityproperty that data has not been alteredor des
11、troyed in an unauthorized manner.3.1.6 digestresult of applying a one-way hash function toa message.3.1.7 digital signaturedata associated with,or a crypto-graphic transformation of,a data unit that allows a recipient ofthe data unit to prove the source and integrity of the data unitand protect agai
12、nst forgery,for example,by the recipient.1This specification is under the jurisdiction of ASTM Committee E31 onHealthcare Informatics and is the direct responsibility of Subcommittee E31.20 onData and System Security for Health Information.Current edition approved April 10,2000.Published June 2000.2
13、Annual Book of ASTM Standards,Vol 14.01.3Available from American National Standards Institute,11 W.42ndSt.,13thFloor,New York,NY 10036.4Available from ISO,1 Rue de Varembe,Case Postale 56,CH 1211,Geneve,Switzerland.5Available at http:/www.ietf.org.6Available from RSA Data Security,100 Marine Parkway
14、,Redwood City,CA94605.1Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959,United States.3.1.8 document access timetime(s)when the subjectdocument was accessed for reading,writing,or editing.3.1.9 document attributeattribute describing a character-istic of
15、a document.E 17623.1.10 document creation timetime of the creation of thesubject documentE 17623.1.11 document editing timetime(s)of the editing of thesubject document.E 17623.1.12 electronic documentdefined set of digital informa-tion,the minimal unit of information which may be digitallysigned.E 1
16、7623.1.13 event timethe time of the documented event.3.1.14(one-way)hash functionfunction which mapsstrings of bits to fixed-length strings of bits,satisfying thefollowing two properties:(1)it is computationally infeasible tofind for a given output an input which maps to this output;(2)it is computationally infeasible to find for a given input asecond input which maps to the same output.3.1.15 private keykey in an asymmetric algorithm;thepossession of this key is restricted,usually to one entity
