Basis for the implementation of digital signature in ...

Home

Search

Collections

Journals

About

Contact us

My IOPscience

Basis for the implementation of digital signature in Argentine's health environment

This content has been downloaded from IOPscience. Please scroll down to see the full text. 2007 J. Phys.: Conf. Ser. 90 012002 (http://iopscience.iop.org/1742-6596/90/1/012002) View the table of contents for this issue, or go to the journal homepage for more Download details: IP Address: 154.70.154.189 This content was downloaded on 22/03/2017 at 12:48 Please note that terms and conditions apply.

You may also be interested in: Implementation of Digital Signature Using Aes and Rsa Algorithms as a Security in Disposition System af Letter H Siregar, E Junaeti and T Hayatno Reliable data acquisition for inspection systems V P Silva, D S Silva, D R Boccardo et al. Quantum signature scheme based on a quantum search algorithm Chun Seok Yoon, Min Sung Kang, Jong In Lim et al. Standardization of quantum key distribution and the ETSI standardization initiative ISG-QKD Thomas Länger and Gaby Lenhart Multiparty Simultaneous Quantum Identity Authentication Basedon Entanglement Swapping Wang Jian, Zhang Quan and Tang Chao-Jing Security in the CernVM File System and the Frontier Distributed Database Caching System D Dykstra and J Blomer Banknote security using a biometric-like technique Giuseppe Schirripa Spagnolo, Lorenzo Cozzella and Carla Simonetti Secure authentication of classical messages with single photons Wang Tian-Yin, Wen Qiao-Yan and Zhu Fu-Chen Secure and linear cryptosystems using error-correcting codes I. Kanter, E. Kanter and L. Ein-Dor

16th Argentine Bioengineering Congress and the 5th Conference of Clinical Engineering IOP Publishing Journal of Physics: Conference Series 90 (2007) 012002 doi:10.1088/1742-6596/90/1/012002

Basis for the implementation of digital signature in Argentine’s health environment P. P. Escobar1, M. Formica2. 1 Fac. of Engineering, Univ. Nac. del Centro (UNCPBA), Olavarría, Argentina. 2 Fac. of Engineering, Univ. Nac. de Entre Ríos (UNER), Paraná, Argentina. E-mail: [email protected] Abstract. The growth of telemedical applications and electronic transactions in health environments is paced by the constant technology evolution. This implies a big cultural change in traditional medicine and in hospital information systems’ users which arrival is delayed, basically, by the lack of solid laws and a well defined role-based infrastructure. The use of digital signature as a mean of identification, authentication, confidentiality and non-repudiation is the most suitable tool for assuring the electronic transactions and patient’s data protection. The implementation of a Public Key Infrastructure (PKI) in health environment allows for authentication, encryption and use of digital signature for assuring confidentiality and control of the movement of sensitive information. This work defines the minimum technological, legal and procedural basis for a successful PKI implementation and establishes the roles for the different actors in the chain of confidence in the public health environment of Argentine.

1. Introduction On the last years the penetration of technology in health sector has revolutionized the traditional medical practices and the habitual information movement inside health systems. This sector was maybe the slowest in adapting to these changes, but there are already a lot of applications which requieres rigurous laws and directives for its implementation: electronic health records, electronic prescription, real time telediagnosis, robotic surgery, computerized collaborative work (CSCW), telemedicine, etc [1]. All these new modalities which incorporate a large variety of technologies (networks and communications protocols, imaging standards, cryptography, electronics, etc) require authentication of the actors and security of the communication channel in order to guarantee integrity and privacy of data in any health transaction, from a simple consultation or administrative process to a decisive diagnostic. Such changes imply a digitalization process of the information, a critical ítem in health sector at this time, where information is stored on paper. Paperless health management increases efficiency, decreases costs, flaws and errors; and reduces data search and classification times. However, to achieve this is necessary to design laws and an appropriated regulation framework which allows a quick and safe transition, besides the making of the cultural change in the human resources involved. Some time ago, Europe noticed the urgent demand of security on health’s electronic transactions, integrating all communitary countries under the e-Health action plan [3], impelling strategies of informatization and the paradigm of services centered on the citizen. Countries like Spain and Italy has been pioneers in developing laws about this and now they are advancing into patient data protection,

c 2007 IOP Publishing Ltd 

1

16th Argentine Bioengineering Congress and the 5th Conference of Clinical Engineering IOP Publishing Journal of Physics: Conference Series 90 (2007) 012002 doi:10.1088/1742-6596/90/1/012002

electronic patient records (EPR) and electronic health records (EHR) [4]. United States is progressing towards a standarized and regulated infrastructure of health information promoting EPR and medical services interoperability [5]. United Kingdom is heading to the same way as Europe [6]. Argentina was the first country of Latin America which developed legislation policies for digital signature [7] but the burocracy of the process made that neighbour countries implement them first, like Brasil who recently deployed the TISS Program [8] for health electronic information exchange using digital certificates. On the year 2005, the Syrian-Lebanese Hospital was the first institution that digitalized its health records in order to make them available via internet [9] for patients and specialists, creating an integrated medical information system but, the institution could not apply digital signature on the documents because of the lack of a reglamentation for the Digital Signature Law. Other applications are now available but they are all isolated experiences, not within a government project that impels the necessary actions and norms for regulation. On the year 2006, the Assessment Commission for Digital Signature Infrastructure made the Second Public Hearing directed to the health sector, with the presence of assistants of health, technology and legal areas. This hearing assesed about the applicability of digital signature, identified obstacles and difficulties, spread the present technological state and legal aspects related. There, the low costs of the digitalization were reflected and their direct incidence in the reduction of costs, errors, omissions and misunderstandings in prescriptions, indications and medical records written by hand. Other items observed were the physical space savings, the problem of manipulation and conservation of paper based documents, the benefits of a higher query speed and the simultaneous access to data. Besides, there was coincidence about the urgent need of reviewing the General Practitioning Medicine Law Nº 17.132 (art. 19, inc. 7) where is specified that prescriptions must be made in hand-writing in order to be a valid document. 1.1. Legal aspects. Developments in telemedicine are focused over technological, clinical and economical aspects, but legal aspects carry a slower assessment and implementation dynamic. Up to now, there are no specific regulations. The digital signature legal framework of the Argentine Republic [10] is formed by the National Law N° 25.506 (B.O. 14/12/2001), Decree Nº 2628/02 (B.O. 20/12/2002), Decree N° 724/06 (B.O. 13/06/06) and complementary norms which define competences and establish procedures. The National Law N° 25.326 of Private Data Protection [11] regulates the confidential aspects of sensitive information related to an individual. 1.2. Public Key Infrastructure (PKI) A Digital Signature Infrastructure is not enough by itself and requires trusted third parties to bring more security to the system, for its proper work. These third parties are considerated in a PKI [12], based on X.509 public key certificates (PKC) that relate the identity of a person to the public key [13,14]. The PKC are a standardized data set with extensions for the association of additional attributes and handling hierarchies of certificates. In the health environment, they are described by the reference norm TC251-WG4-DTS-17090 [15]. It can be used for identification, not for authorization, and it is the only certificate that should be supported by the law to identify an actor or point within the chain of health in a secure way. A PKI is the minimum structure guaranteed by the law to access sensitive data (electronic health records, banking data, etc), to provide the required security for its transmisión over open networks and to handle aspects related to digital confidence, widely described on the information security scope. PKI works as a chain of confidence, each link of that chain possess an identifying certificate that grants attributes and roles. Every time the validity of an PKC entity’s certificate (CAs, RAs, EEs) is verified, the whole chain of confidence on which this certificate is based is also verified. If anyone of

2

16th Argentine Bioengineering Congress and the 5th Conference of Clinical Engineering IOP Publishing Journal of Physics: Conference Series 90 (2007) 012002 doi:10.1088/1742-6596/90/1/012002

the certificates is not valid, it invalidates all subordinated certificates and therefore the actor or link of the confidence chain becomes invalidated for any transaction. Based on the absence of defined structures for secure electronic transactions in health and, looking for avoid larger delays on its implementation, we pretend to define the basis for achieving these goals and establish tentative roles and attributes to the potentials entities of the required confidence chain. 2. Materials and methods A PKI for health environments allows identifying the actors on his working place and the legal responsability linked to his digital signature [3, 4], demanding for it the following requisites: - Authentication: to identify the people who access and use sensitive information. - Integrity: to assure that a document remains unaltered after manipulation.. - Confidenciality: to guarantee the privacy of a patient’s data and his health condition. - Authorization: to guarantee authorized access and use of the information. - Access Control: to control that the access to sensitive information is only for those functions for which it is authorized. Under these conditions, the use of the appropriate standards of security is obligatory to annul to the risk of non-authorized access or vulnerability of patient’s data. In addition, other requirements related to the policies of management of PKI in health must be contemplated, like the control of the sequentiality of actions exerted on a document by means of Time-stamping [16], the online availability of the infrastructures and its high compatibility with internet for information exchange between health centers outside a VPN network. [4]. 2.1. Design of the PKI infrastructure. In order to design a PKI for the health system of Argentine, it must be first established a hierarchy of levels to define who will asume the roles of a Certification Authority (CA), Registration Authority (RA) and Validation Authority (VA). It is relevant and logical to consider a correspondence between these hierarchy levels and the different levels of the national health system: national, provincial, regional, municipal and institutional.

Fig. 1. Hierarchy levels for a national health PKI. A simple PKI begins with a CA, through software operated by means of a trusted third party to generate and deliver digital PKC certificates. A complex PKI consists of multiple CAs with a single root CA, which possesses a PKC autosigned certificate and grants digital cerificates to its subordinated CAs, which in turn can grant certificates to the RAs. CAs’ hierarchy resembles a tree-shaped structure, establishing a confidence Caín between the end entities, the subordinated Cas and the root CA. A CA must be a trustworthy authority for the creation and delivery of certificates, providing the confidence basis to the PKI because it handles the PKC during its entire lifetime cycle. Optionally the CA also can generate the keys for those to whom it certifies, verifying their identity, granting them a unique and distinguished name and digitally signing them. The requirements for a CA are describe in the norm ISO-17799.

3

16th Argentine Bioengineering Congress and the 5th Conference of Clinical Engineering IOP Publishing Journal of Physics: Conference Series 90 (2007) 012002 doi:10.1088/1742-6596/90/1/012002

The role of the root Certification Authority at the upper (national) level should be reserved for the national ministry of health, who will be able to certify to the different organisms of the immediate lower level in the hierarchy pyramid of Fig. 1. In this first sublevel, each provincial ministry of health must constitute itself as a CA and be in charge to certify all the different organisms of the regional level, which means every hospital and health center of the sanitary regions in which each province is divided. At the municipality level, each health organism of the city government will have to become in a CA for all the public health institutions under its domain, placed in the lowest level of the hierarchy. These institutions will be the CAs for the end entities. It is probably that the specified CAs for each level constitute themselves as RAs or delegate that role on another organism created for that aim. These RAs must provide the interfase between end entities and CAs, authenticating users’ identities and sending certification requests to the CA. The Validation Authorities (VA) includes the certificates repositories and provides true mechanisms to store keys, certificates and certificates revocation lists (CRLs). The VAs determines the validity of a certificate when a consultation is originated from a CA. End entities must include to individuals and other physical or legal organizations like medical personnel, non medical personnel, applications, devices, suppliers, and organizations who manipulate sensitive information, to identify and to assure the information that crosses all the chain of digital confidence. In the case of medical personnel, a health PKI must be based on the information provided by the Medical Colleges and subcolleges of specialities, because these are the entities that validate the exercise of the profession for their affiliates. Therefore, it is reasonable to consider that these organizations will become CA or RA (art. 18 Law N° 25.506) and will be responsible to emit the PKC of identification with the data of each professional, their primary roles and attributes. In addition, the infrastructure would have to contemplate expanding capabilities to incorporate new certificates of roles and attributes. On the basis of these definitions, we developed a generic scheme for infrastructure PKI of the Argentine system of health, which is detailed on Fig. 2, where it can be appreciated the hierarchy levels and the interactions between the different actors.

Fig. 2. PKI health infrastructure.

4

16th Argentine Bioengineering Congress and the 5th Conference of Clinical Engineering IOP Publishing Journal of Physics: Conference Series 90 (2007) 012002 doi:10.1088/1742-6596/90/1/012002

2.2. Other requirements and considerations. The CA grants a certificate to an end entity and stores a copy on its database for future reference. It must have a high security area to run a X.509v3 compatible database, accessible by means of an appropriated query language like Lightweight Data Access Protocol v3 (LDAP v3) [17] or by means of other protocols such as HTTP, FTP and X.500, widely defined in other works [18, 19 y 20]. The information of a certificate can vary in the time for several reasons: expiration, its user does not need it more or has asked for a new one whose information contains the one of the previous certificate; it can be in jeopardy or maybe it was stolen. Whenever the validity of a certificate is queried, if the certificate is listed on the CRL it means it is no longer valid and will be rejected. 2.3. Security and Certification Policy. In every PKI a Certification Policy (CP) defines the security directives for the higher level information and the processes and principles for the use of cryptography. Tipically it must include statements of how the organization will manipulate the keys and the sensitive information, and on the neccessary controls to guarantee that security. The CP must also describe the requirements of authentication for the reception of a digital certificate on the part of the CA and also to indicate the level of authority or hierarchy within the PKI, of that who asks for the certificate. The CP defines what information should be sent to a CA for an authentication, previous to the delivery of the certificate to the requesting subordinated or final entity. It also details the information that an individual certificate will contain how it will be stored, the CRL updating period and the requirements for publishing the revocated certificates to the server. It should also specify the physical security that the CA must fulfill. As well, each CA would have to write a statute of practices of specific Certification (CPS) or to provide a general CPS, which depends on the required level of authorization. The CPS is an implementation document that supports to the CP in detail, explaining how the CA fulfills the requirements established in the CP. 2.4. Extension to a PKI/PMI infrastructure. Although PKI is the appropriate structure to authenticate and to guarantee security, is insufficient to contain the information that manages the authorizations and the control of access to the information. These aspects necessarily would have to extend to Handling Privileges Infrastructure or PMI [1,4] using Attributes and Role Certificates and qualification certificates related to the PKI, since such attributes will work like complements for the security. In order to achieve a secure management of sanitary transactions, PKI/PMI must associate unique names for each actor who participates in the electronic information exchange and its respective professional roles, since they settle down the necessary hierarchy and permissions for the access to this information. 2.5. Safe applications. The security is a fundamental question in the transmission and storage of data, like digital medical images through a public or private network. The DICOM standard [21] provides some treatment of the security, allowing encrypting the information of the patient in the header of the DICOM file. This can be combined with the digital signature of the image to assure the data in a PACS environment and to protect them from accidental or deliberate alterations. For example, for making a diagnosis from a image in a distant site, it is essential to guarantee the authenticity and the integrity of the data that is transmitted and to protect the privacy of such avoiding its public exhibition. Other options available are watermarking [22] and the use of digital envelope [23] to provide additional security in networks. 3. Conclusions Telemedicine advances without pause. Sooner or later, the process of digitalization in health will be a reality. The policies of health management in Argentina would have to accelerate the legislative processes and to define the legal framework for the use of the technologies implied in the access and exchange of sensitive sanitary information.

5

16th Argentine Bioengineering Congress and the 5th Conference of Clinical Engineering IOP Publishing Journal of Physics: Conference Series 90 (2007) 012002 doi:10.1088/1742-6596/90/1/012002

The sanction of the Law of Digital Signature and its related decrees constitutes a fundamental step to provide security to electronic documents and transactions in open networks, to avoid data to be accessed or to be altered by a third. Beyond the possibilities and benefits, the integration of technologies of information in health transactions demands highest reliability and confidence in the means, to diminish the insecurity sensation, the main inhibiting factor of the digital development. The implementation of an electronic medical information exchange system requires at first the assessment of its main components: the present state of the health sector, the telecommunications infrastructure, the technological resources available and mainly, the necessities and priorities of doctors and patients. The expected benefits of an instrumentation of the digital signature and the PKIPMI comprehends the beginning of an integration process of medical information, they clarify the legal medical responsibilities and qualify the performance of the health services providers. In a concise way we have tried to define the basis and essential concepts to implement digital signature in the health environment of Argentina, within a public key infrastructure and regulated by a Privileges Management Infrastructure (PMI). Although the infrastructure described here is very general, it grants safe electronic transactions, according to the data protection normative. The digitalization contributes to assure the information and to guarantee the performance of the hierarchy based on rolls and attributes, taken from the people who take part in the delivery of health. References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24]

Ferrer-Roca, O. “Telemedicina: Situación actual y perspectivas”. Madrid, Ed. Espasa Calpe, 1999. Guerra, J. “Firma digital en Argentina”. E-Mag. “Management en salud”. http://ar.geocities.com/managementensalud/ Commission of the European Communities, Brussels, 2.5.2006, eHealth Interoperability Staff Working Paper, “Connected Health: Quality and Safety for European Citizens” Ferrer-Roca, O, Franco, K., Pulido, P., Escobar, Pedro., Cárdenas, A. “Firma electrónica y manejo de privilegios en sanidad”. Rev Esp Patol 2003; Vol 36, n.º 2: 171-180 United States Department of Health and Human Services, (ONC) http://www.hhs.gov/healthit/ Department of Health http://www.nhs.uk/england/default.aspx Oficina Nacional de Tecnologías de la Información. Firma Digital. http:///www.pki.gov.ar http://www.iti.gov.br/twiki/bin/view/Noticias/PressRelease2007Jun01 http://www.hospitalsiriolibanes.org/PRENSA.html Ley Nacional 25.506 de Firma Digital, 2001. Ley Nacional 25.326 de Protección de Datos Personales, 2000. http://www.protecciondedatos.com.ar/ley25326.htm Public-Key Cryptography Standards. http://www.rsa.com Lucena López, M. J. “RSA: Criptografía y seguridad en computadores” (3a ed). Univ. de Jaén. España. Salomaa, Arto. “Public-key cryptography”. Berlin; New York: Springer-Verlag, cop. 1990.-- X, 245 p. : il. ; 25 cm.-- av ; 23. International Standarization Organization, WG 4 (ISO/TC-251) Adams, C., Cain, P., Pinkas, D., and Zuccherato, R., "Internet X.509 Public Key Infrastructure Time Stamp Protocols", 2000 SJ RFC 2251, Wahl, M., Howes, T., Kille, S. "Lightweight Directory Access Protocol (v3)" 1997. RFC 2585, Housley, R., and Hoffman, P., "Internet X.509 Public Key Infrastructure Operational Protocols: JTP and H'ITP", July 1998. RFC 2560, Arsenauly, A and Turner, S., X.509 Internet Public Key Infrastructure Online Certificate Status Protocol -OCSP, 2000 RFC 2559, Boeyen, S., Howes, T., and Richard, P., "Intcmet X.509 Public Key Infrastructure Operational Protocols –LDAPv2", 1999. DICOM Standard http://medical.nema.org/dicom/2007/ Cao F., Huang H., Zhou X., Medical image security in a HIPAA mandated PACS environment, Computerized Medical Imaging and Graphics, Elsevier, 2002 Sun Q., Zhang Z., He D., A Standardized JPEG2000 Image Authentication Solution based on Digital Signature and Watermarking, China Communications October 2006.

6