Put health communications on the Internet
Put health communications on the Internet
By Gary Ring
Product Manager
Bell Atlantic Internetworking and Multimedia Solutions
Robert Klerer, PhD
Consultant
Crosshair Communications Corporation
New York City
The World Wide Web continues to revolutionize how the health care industry communicates, shares information, and performs e-commerce applications (electronic commerce) across developing Integrated Delivery Networks (IDNs). Intranets have become the norm within well-established IDNs looking to improve enterprise information sharing among providers, create a more efficient administration environment, and reduce operating costs.
Expanding these closed intranets, however, to interconnect in an extranet (inter-enterprise) environment to include providers, payers, suppliers, oversight agencies, and even patients is proving to be more challenging because of issues regarding security and business liability. Similarly, using the Internet for sensitive and mission critical applications such as patient records and claims processing complicates the issue of security even further.
Public Key Infrastructures (PKI) is a set of security services that enable the use of public key cryptography and certificates in a distributed computing system - and that enable the use of the Internet as a health care data communications vehicle.1 The leading security services are authentication, authorization, data integrity, confidentiality, and non-repudiation. (For examples of how PKIs work, see story, p. 156.)
PKIs provide these security services following two important concepts. The first is the ability to bind the identity of an individual, resource, or network device to a public key. The second requires that the associated private key remain confidential and secure by the "holder." Public key cryptography, the use of public/private key pairs for encryption/decryption functions, is therefore a critical element in the overall PKI operation.
Identification options
For any secure transaction to take place, all involved parties must identify each other with as much certainty as possible. Various authentication schemes exist, but performance and level of security they provide differ greatly. Common user identification and password systems (simple authentication) are difficult to manage and easy to break.
Synchronous authentication systems, such as Security Dynamics SecureID, offer a higher degree of security by continuously changing an access password. The user inputs the dynamic security code displayed on an ID card and a PIN when prompted by a synchronized server. A match of the security code and user PIN (something you have plus something you know) certifies the holder of the token. This authentication process can be configured to either enable access to an entire network or a specific application.
A PKI-based authentication system incorporates mutual authentication and digital certificates to identify "participants" in a transaction. As intranets (corporate environments) and extranets (communities of interest) continue to grow, the traditional authentication requirement between a user and an application is no longer sufficient.
"Participants" now may include a user and an application, two users, two applications, or a user and a network device. A dual authentication process also may be required, whereby both participants need to identify one another. This is commonly referred to as strong mutual authentication.
For the user and application model, the end user identity is typically verified using an agreed upon authentication scheme. Similarly, the end user would want assurances that the resource he or she is communicating with is, in fact, a legitimate application and not a bogus one.
This dual authentication is particularly important for e-commerce applications where a rogue application on the network could collect confidential information for use in an unauthorized manner. Once the identities of the participants are mutually verified, the transaction can proceed either following an open access policy or the limitation of access based on defined access control and security policies established by the organization.
Certificates and certificate authorities
PKIs use digital certificates to provide a high level of certainty during the authentication process. A digital certificate is an electronic document that contains a number of identifying and administrative elements, including the name of the participant, his or her public key, and the digital signature of the issuing certificate authority (CA).
A CA is a trusted third party that issues these certificates and vouches for the legitimacy and identity of users, applications, and network devices participating within a specified business domain. The digital certificate is used to electronically bind the identity of the participant to a public key; the CA's signature is a guarantee of the authenticity of the entire certificate.
It is easy to see the value of the CA in a closed corporate intranet or an expanded business domain that includes a community of interest of health care institutions, providers, payers, and even patients. While all these participants are part of a community of interest with an objective to communicate and share information, they are not bound by any one corporate entity that can vouch for their identities.
The CA assumes this role through trust relationships with the defined business domain. More importantly, transactions across diverse domains can be further expanded to include participants in other domains by linking different CAs in a "chain of trust." This complex association of CAs is accomplished through cross-certification or other CA control methodologies.
To identify transaction participants, the CA generates a unique private and public key pair. These key pairs are mathematically associated in such a way that any digital information encrypted with a private key can only be decrypted using the associated public key. The reverse is true, too.
In addition, recreating or regenerating an associated key pair from the other is virtually impossible. This ensures the security and confidentiality of the private key even though the public key is widely available. The digital certificate containing the public key is kept public in the network for other users, resources, or devices to retrieve and reference. The private key is kept private and is to remain solely within the possession of the user, resource, or network device.
The physical device used to store or hold the private key is commonly referred to as a "token." Private key tokens can either be disk-based or smart cards. The disk-based token resides on any floppy medium and must be inserted or removed while performing or completing any public key cryptographic operation. Disk-based tokens, for example, can place the private key on a desktop, laptop, or server hard drive. This eases the cryptographic process but jeopardizes the confidentiality of the private key security.
The most secure device is the smart card. It has an embedded integrated circuit with local storage capability, and the private key never leaves the card. The smart card system performs encryption/decryption functions directly on the card, maintaining the confidentiality of the private key. The portable smart card token provides the greatest level of security since the private key on the token cannot be copied, altered, or removed.
Reference
1. Lewis J. Public key infrastructure architecture. The Burton Group Network Strategy Report. New York City; 1997.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.