Difference between revisions of "Document Encryption"

From IHE Wiki
Jump to navigation Jump to search
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''Document Encryption (DEN)''' encrypts individual documents and portable media content.
+
encrypts individual documents and portable media content.
  
__TOC__
+
==Formal Specification==
  
==Summary==
+
===[https://profiles.ihe.net/ITI/TF/Volume1/ch-32.html DEN specification]===
'''Document Encryption (DEN)''' profile provides a means to encrypt health documents independent of particular transport means, healthcare applications and document types, thereby supporting end-to-end confidentiality in heterogeneous workflows and unanticipated workflows. It enables access to documents to be targeted to specific recipients. It addresses the need to protect documents from certain intermediaries in the document exchange path and provides confidentiality to transports that do not have a confidentiality mechanism. The Document Encryption profile allows for multiple alternatives for identity and key management which makes it suitable for a rich set of healthcare environments.
+
* [https://profiles.ihe.net/ITI/TF/Volume1/ch-32.html Trial Implementation]
  
Specifically, the Document Encryption (DEN) supplement addresses encryption mechanisms to support confidentiality in two ways:
+
==See Also==
*The '''Document Encryption profile''' that provides a means to encrypt any kind of documents in a transport independent way. Its approach enables access to documents to be targeted to specific recipients.
+
[[Document Sharing]]
*The '''IHE XDM Media Encryption option''' enables the encryption of the whole XDM media content for use with the various media types (i.e., USB-memory, CD-ROM).
 
 
 
==Benefits==
 
The Document Encryption (DEN) profile enables the protection of confidentiality of documents. This enables organizations to comply with applicable policies ranging from regulatory, organizational as well as privacy or consent policies. It may also contribute to compliance with e.g. Meaningful Use requirements.
 
 
 
Document Encryption addresses encryption for a number of situations not (well) supported by other IHE profiles. Specifically, the Document Encryption profile provides encryption independent of data exchange method, can protect arbitrary data (documents), and can provide end-to-end confidentiality between arbitrary end-points, in particular where intermediaries or unanticipated workflows are involved. Similarly, the XDM Media Encryption option provides encryption of XDM media content (content and metadata) on physical media.
 
 
 
The profile furthermore provides the benefit of multiple methods of identity and key management. This makes it suitable for a rich set of healthcare environments and allows it to be easily integrated in environments that have pre-existing key management infrastructure in place.
 
 
 
==Details==
 
Document Encryption (DEN) encrypts documents using the Cryptographic Message Syntax (CMS) standard.
 
 
 
For key management it supports PKI, shared symmetric key and password methods.
 
  
The profile uses strong cryptography. Algorithm includes AES, SHA1, SHA256, PBKDF2, HMAC, and RSA.
 
 
==Systems Affected==
 
Document Encryption (DEN) may be used in many different system setups: health record systems, hospital information systems, radiolog information systems, PACS, etc.
 
 
'''Actors & Transactions:'''
 
The Document Encryption (DEN) profile uses the Content Profile template. This template uses default actor and transaction names as depicted in the figure below.
 
[[File:den_content_profile_actors.png]]
 
 
The figure below illustrates the use of Document Encryption (DEN) through an example process flow.
 
 
[[File:den_ex_process_flow.png]]
 
 
==Specification==
 
 
'''Profile Status:''' Trial Implementation
 
 
'''Documents:'''
 
[http://www.ihe.net/Technical_Framework/upload/IHE_ITI_Suppl_DEN_Rev1-1_TI_2011-08-19.pdf Document Encryption supplement (August 19, 2011)]
 
 
 
'''Underlying Standards:'''
 
 
* Cryptographic Message Syntax (CMS), RFC 5652, September 2009
 
* Password-based Encryption for CMS, RFC 3211, December 2001 835
 
* Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002
 
* "Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)", RFC 3565, July 2003
 
* Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, RFC 2045, November 1996
 
* Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field, RFC 2183, August 1997
 
 
==See Also==
 
 
[[Document_Encryption_-_Discussion]]
 
[[Document_Encryption_-_Discussion]]
  
Line 59: Line 15:
  
 
'''Related Profiles'''
 
'''Related Profiles'''
 +
* [[Document Digital Signature]]
  
 
Document Encryption (DEN) has no strict dependencies to other IHE profiles.
 
Document Encryption (DEN) has no strict dependencies to other IHE profiles.
Line 75: Line 32:
  
 
This page is based on the [[Profile Overview Template]]
 
This page is based on the [[Profile Overview Template]]
 +
  
 
[[Category:Profiles]]
 
[[Category:Profiles]]
 +
[[Category:ITI Profile]]
 +
[[Category:DocShare]]
 +
[[Category:Security]]
 +
 +
Current: [[Frameworks#IHE IT Infrastructure Technical Framework| IT Infrastructure Technical Framework]].

Latest revision as of 13:30, 15 February 2022

encrypts individual documents and portable media content.

Formal Specification

DEN specification

See Also

Document Sharing

Document_Encryption_-_Discussion

Document_Encryption_-_Implementation_Notes_and_Examples


Related Profiles

Document Encryption (DEN) has no strict dependencies to other IHE profiles.

Consumer Information

No information is available at this point in time besides the profile and the Wiki pages listed above.

Implementer Information

Document_Encryption_-_Implementation_Notes_and_Examples provides more information towards implementation and testing of the Document Encryption (DEN) profile.

Reference Articles

This profile has not yet been referenced externally.

This page is based on the Profile Overview Template

Current: IT Infrastructure Technical Framework.

Retrieved from "http://wiki.ihe.net/index.php?title=Document_Encryption&oldid=127654"