ASTM E2212-2002a Standard Practice for Healthcare Certificate Policy《卫生管理认证书政策的标准实施规程》.pdf
《ASTM E2212-2002a Standard Practice for Healthcare Certificate Policy《卫生管理认证书政策的标准实施规程》.pdf》由会员分享,可在线阅读,更多相关《ASTM E2212-2002a Standard Practice for Healthcare Certificate Policy《卫生管理认证书政策的标准实施规程》.pdf(21页珍藏版)》请在麦多课文档分享上搜索。
1、Designation: E 2212 02aAn American National StandardStandard Practice forHealthcare Certificate Policy1This standard is issued under the fixed designation E 2212; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revision, the year of last rev
2、ision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon (e) indicates an editorial change since the last revision or reapproval.1. Scope1.1 This practice covers a policy (“the policy”) for digitalcertificates that support the authentication, authorization, con-fide
3、ntiality, integrity, and nonrepudiation requirements of per-sons and organizations that electronically create, disclose,receive, or otherwise transact health information.1.2 This practice defines a policy for three classes ofcertificates: (1) entity certificates issued to computing compo-nents such
4、as servers, devices, applications, processes, oraccounts reflecting role assignment; (2) basic individual cer-tificates issued to natural persons involved in the exchange ofhealth information used for healthcare provisioning; and (3)clinical individual certificates issued to natural persons andused
5、for authentication of prescriptive orders relating to theclinical treatment of patients.1.3 The policy defined by this practice covers: (1) definitionof healthcare certificates, healthcare certification authorities,healthcare subscribers, and healthcare relying parties; (2)appropriate use of healthc
6、are certificates; (3) general condi-tions for the issuance of healthcare certificates; (4) healthcarecertificate formats and profile; and (5) requirements for theprotection of key material.1.4 The policy establishes minimum responsibilities forhealthcare certification authorities, relying parties, a
7、nd certifi-cate subscribers.2. Referenced Documents2.1 ASTM Standards:E 2084 Specification for Authentication of Healthcare In-formation Using Digital Signatures2E 2086 Guide for Internet and Intranet Healthcare Security22.2 Other Documents:Public Law 104-191, Aug. 21, 1996, Health InsurancePortabil
8、ity and Accountability Act of 19963RFC 2527Internet X.509 Public Key Infrastructure Cer-tificate Policy and Certification Practices Framework, P-KIX Working Group Internet Draft, January 3, 20024RFC 2560Internet X.509 Public Key Infrastructure OnlineCertificate Status Protocol, OCSP, June 199953. Te
9、rminology3.1 Certificate and Related TermsA certificate, also re-ferred to as a digital certificate or public key certificate, bindsa public key value to information identifying the entityassociated with the use of a corresponding private key. Anentity may be an individual, organization, account, ro
10、le,computer process, or device. The entity identified within thecertificate is referred to as the certificate subject. The certificateis typically used to verify the digital signature of the certificatesubject or to encrypt information for that subject. The reliabil-ity of the binding of a public ke
11、y to a certificate subject isasserted by the certification authority (CA) that creates, issues,and distributes certificates. Certification authority is synony-mous with certificate authority. Parties that depend on theaccuracy of information in the certificate are referred to asrelying parties. Cert
12、ificate users are the collective relyingparties and subscribers.3.2 Certificate Policy:3.2.1 The X.509 standard defines a certificate policy (CP) as“a named set of rules that indicates the applicability of acertificate to a particular community and/or class of applicationwith common security require
13、ments.” For example, a particularcertificate policy might indicate the type of certificate appli-cable for authenticating electronic data interchange transac-tions for the trading of goods within a specified price range. Incontrast, Practice E 2212 addresses rules for certificates thatsupport the au
14、thentication, authorization, confidentiality, integ-rity, and nonrepudiation requirements of persons and organi-zations that electronically create, disclose, receive, or other-wise transact health information.3.2.2 Certificates contain a registered certificate policy ob-ject identifier (OID) that th
15、e relying party may use to decidewhether a certificate may be trusted for a particular purpose.The OID registration process follows the procedures specifiedin ISO/IEC and ITU standards. The party that registers the OID1This practice is under the jurisdiction of ASTM Committee E31 on HealthcareInform
16、atics , and is the direct responsibility of Subcommittee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved Nov. 10, 2002. Published January 2003. Originallyapproved in 2002. Last previous edition approved in 2002 as E 221202.2Annual Book of ASTM Sta
17、ndards, Vol 14.01.3Available at http:/aspe.hhs.gov/admnsimp/pl104191.htm.4Available at www.ietf.org/html.charters/pkix-charter.html.5Available at http:/www.ietf.org/rfc/rfc2560.txt.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.also
18、 publishes the CP for examination by certificate users andother parties. Each certificate should refer to a CP, but may alsorefer to additional nonconflicting CP.3.2.3 Certificate policies constitute a basis for accreditingCA. Certificate policies are also used to establish a trustrelationship betwe
19、en two or more CA (cross-certification).When CA issue cross-certificates, one CA assesses and recog-nizes the relevant certificate policies of the other CA.3.3 Certification Practice StatementThe term certificationpractice statement (CPS) is defined in the Internet X.509 PublicKey Infrastructure Cer
20、tificate Policy and Certificate PracticesFramework as “a statement of the practices, which a certifica-tion authority employs in issuing certificates.” The CPS isdifferentiated from the CP in the same way that any policy isdifferent from a practice statement. The CPS is a comprehen-sive description
21、by the CA of the methods, components, andprocedures it has elected to implement and which define howit conducts itself throughout the certificate life cycle. A CAwith a single CPS may support multiple certificate policies ifthe certificates it issues will be used for different applicationpurposes or
22、 by different certificate user communities, or both.Any number of CA, with unique CPS, may support the samecertificate policy.3.4 Relationship Between a Certificate Policy and a Certi-fication Practice Statement:3.4.1 A certificate policy assigns responsibilities to variousparticipants in a public k
23、ey infrastructure (PKI). These respon-sibilities may be stated in differential levels of specificity. Forexample, a policy may require the CA to confirm subscriberidentity but leave the details to the CA to specify in its CPS. Inthis case, the CPS might include a list of acceptable identifi-cation d
24、ocuments and the methods by which the CA, its agents,or both, verify their authenticity. Alternatively, the CA mightimplement other identity authentication methods that rely uponstatements by an employers human resources manager. With aless specific requirement, the CA has more flexibility indetermi
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
5000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ASTME22122002ASTANDARDPRACTICEFORHEALTHCARECERTIFICATEPOLICY 卫生 管理 证书 政策 标准 实施 规程 PDF

链接地址:http://www.mydoc123.com/p-530571.html