1、Designation:E 2086 00An American National StandardStandard Guide forInternet and Intranet Healthcare Security1This standard is issued under the fixed designation E 2086;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last
2、 revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon(e)indicates an editorial change since the last revision or reapproval.1.Scope1.1 This guide covers mechanisms that can be used toprotect healthcare information which is being transmitted overnetworks using t
3、he Internet Protocol Suite(IPS).This includesthe actual Internet itself,as well as corporate intranets con-structed from offtheshelf components implementing theseprotocols.An organizations security policy will determinewhen these mechanisms are used,based on risk analysis.1.2 The Internet Engineerin
4、g Task Force(IETF)is definingsecurity standards for use with the IPS.This guide covers therelevant standards and recommends,where needed,particularoptions(such as cryptographic transformations)to be used withthe standards.Most standards referenced here are proposedstandards issued as Requests for Co
5、mments(RFCs).Some arein the draft stage,but are stable enough(and widely enoughimplemented)to be recommended for use at this time.2.Referenced Documents2.1IETF Standards:2RFC 1510 Kerberos Authentication ServiceRFC 1777 Lightweight Directory Access Protocol(v2)RFC 2251 Lightweight Directory Access P
6、rotocol(v3)RFCs 19011910 Simple Network Management ProtocolRFC 1945 Hypertext Transfer ProtocolRFC 1964 Kerberos v5 GSS-API MechanismRFC 2246 The TLS Protocol Version 1.0RFC 2401 Security Architecture for the Internet ProtocolRFC 2402 IP Authentication HeaderRFC 2403 The Use of HMAC-MD596 within ESP
7、 andAHRFC 2404 The Use of HMAC-SHA-196 within ESP andAHRFC 2406 IP Encapsulating Security Payload(ESP)RFC 2407 The Internet IP Security Domain of Interpreta-tion for ISAKMPRFC 2408 Internet Security Association and Key Manage-ment Protocol(ISAKMP)RFC 2409 The Internet Key Exchange(IKE)RFC 2411 IP Se
8、curity Document RoadmapRFC 2440 OpenPGP Message FormatRFC 2451 The ESP CBC-Mode Cipher AlgorithmsRFC 2560 Internet X.509 Public Key Infrastructure OnlineCertificate Status ProtocolRFC 2630 Cryptographic Message SyntaxRFC 2631 Diffie-Hellman Key Agreement MethodRFC 2632 S/MIME Version 3 Certificate H
9、andlingRFC 2633 S/MIME Version 3 Message SpecificationRFC 2634 Enhanced Security Services for S/MIME2.2Other Standards:FIPS PUB 1801 Secure Hash Algorithm3.Terminology3.1 Definitions:3.1.1 algorithma clearly specified mathematical processfor computation;a set of rules which,if followed,will give apr
10、escribed result.3.1.2 asymmetric cryptographycryptographic algorithmthat uses two related keys,a public key and a private key;thetwo algorithm keys have the property that,given the publickey,it is computationally infeasible to derive the private key.3.1.3 authenticationthe corroboration that the sou
11、rce ofdata received is as claimed.3.1.4 authorizationthe granting of rights.3.1.5 cipher textdata in its enciphered form.3.1.6 clear textdata in its original,unencrypted form.3.1.7 confidentialitythe property that information is notmade available to or disclosed to unauthorized individuals,entities,
12、and processes.3.1.8 cryptographic checkvaluea value computed using ashared secret key and a data unit,which can be used to providedata integrity and authentication services.3.1.9 cryptographythe discipline which embodies prin-ciples,means,and methods for the transformation of data inorder to hide it
13、s information content,prevent its undetectedmodification,prevent its unauthorized use or a combinationthereof.3.1.10 datagrama data unit that is delivered indepen-dently of other data units transmitted over a network.3.1.11 data integritya property whereby data has not beenaltered or destroyed.1This
14、 guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics,and is the direct responsibility of Subcommittee E31.20 on Data andSystem Security for Health Information.Current edition approved April 10,2000.Published June 2000.2Available on line at ftp:/.1Copyright ASTM Internation
15、al,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959,United States.3.1.12 decryptiona process of transforming ciphertextinto plaintext.3.1.13 digital signaturea cryptographic transformation ofdata which,when associated with a data unit,provides theservices of origin authentication,da
16、ta integrity,and signernonrepudiation.3.1.14 encryptiona process of transforming plain text(readable)into cipher text(unreadable)for the purpose ofsecurity or privacy.3.1.15 encryption keya binary number used to transformplain text into ciphertext.3.1.16 gatewaya computer system or other device thatacts as a translator between two systems that do not use thesame communications protocols,data formatting,structures,languages,or architecture,or a combination thereof.3.1.17 intranetan internal corpo