课件：电子签名在医院信息系统中的应用.ppt

电子签名在医院信息系统中的应用 The Application of Electronic Signature in the Hospital Information System,广西壮族自治区人民医院 The Peoples Hospital Of Guangxi Zhuang Autonomous Region 王桂榕 May, 2007 2007年5月,,数字世界的信息安全要素 Information Security Factors in Digital World,PAIN Privacy（保密性） -确认信息的保密，不被窃取 - Ensure information Privacy and not be stolen Authentication & Authorization（鉴别与授权） -确认对方的身份并确保其不越权 -Authenticate users identity and ensure them dont exceed their authority Integrity（完整性） -确保你收到信息没有被篡改 - Ensure the received information not to be tampered Non-Repudiation（抗抵赖） -有证据保证交易不被否认 - Evidence to confirm the transaction be undeniable,,各种安全技术比较 Comparison of all Kinds of Security Technology,身份鉴别 Authentication,机密性 Privacy,完整性 Integrity,抗抵赖 Non-Repudiation,口令 Password,动态口令 Dynamic Password,密码技术 Encrypt Technology,PKI/CA PKI/CA,,PKI成为可信网络的安全基础 PKI is a Security Infrastructure for Credible Network,公钥基础设施(Public Key Infrastructure ,PKI),浏览器 Browser,E-mail,服务器 Server,防火墙 Firewall,目录 Directory,路由器 Router,远程访问控制 Remote acc -ess Control,安全电子邮件 security EMAIL,网络服务器安全 security of network server,文件签名 document signature,VPN Virtual Priv -ate Network,IP 骨干网络IP backbone net,医院信息管理系统 （Hospital Information System，HIS ）,,证书颁发机构：CA Certificate issue institution: CA,证书认证权威(Certification Authority:CA) 提供网络身份认证服务 Provide the identity authentication service for network -证明数字证书的有效性Verify the validity of the digital certificate 负责签发和管理数字证书 Be responsible for issuing and manage the digital certificate -具体签发证书Issue certification -对数字证书进行签名Sign to digital certificate -并管理数字证书Manage digital certificate,,证书颁发机构：CA Certificate awarding institution:CA,具有权威性和公正性 Authority and Fairness -类似于颁发身份证的公安局 Be similar to the police station which can issue the ID card -在网络世界中人人都信任CA all people trust CA in the network world,公安局,,证书注册机构：RA Certificate registration institution: RA,证书注册权威(Certificate registration Authority) -Registration Authority 受理用户的数字证书申请 Accept the users application of certification -对证书申请者身份进行审核并提交CA制证 Verify applicants identity and submit applicant related information to CA - 类似于申请身份证的派出所 Be similar to the local police station which apply for the ID card,派出所,,证书注册机构：RA Certificate registration institution: RA,提供证书生命期的维护工作 Offer the maintenance work for the certificate life time -受理用户证书申请(Accept the certificate application from users) -协助颁发用户证书( Assist to issue the certificate to users) -审核用户真实身份(Verify the real identity of users) -受理证书更新请求(Update certificates) -受理证书吊销(Revocation certificate ),,电子文档的安全需求 The Security Requirement of Electronic Document,电子文档包括(The electronic documents include) : 各单位的申报审批报告、内部通知、公告等 every institutions reports for application, internal notice, announcement and so on 采用Word、Excel或网页等形式 Use Word, Excel, homepage, and so on 安全需求(security requirement): 需要多人对电子文档进行审批并签字 Need more one person to exam and sign the electronic document 需要实现(Needs to realize) ： 身份认证 Identity authentication 完整性 Integrity 抗抵赖 Non-Repudiation,,文档签章 Documents signature,针对电子文档的安全需求，广西CA提供文档签章产品，解决电子文档的安全需求。 开发了针对Word、Excel或网页等文档系统的插件电子签章插件。 使用电子签章插件和数字证书，可以对Word 、Excel或网页等文档进行签名，并添加电子化图章。 点击文档上的电子化图章，可以验证签名者是谁，签名的信息包含哪些，以及电子文档是否被改动等。,In view of the security requirement of electronic documents , GuangXi CA provides the product for document signature. The plug-in unit for Word, Excel ,homepage and other document system - electronic signature plug-in unit By electronic signature plug-in unit and certificate, we can sign to word, Excel, homepage or other documents, and add electronic stamp on documents. Click the electronic stamp in this document, and confirm who signed, what information about the signature,as well as whether the document had been modified and so on.,,电子文档签章实现原理 The Realization Principle about Electronic Documents Signature,unsigned document,Personal identity certificate,Document signature module,Documents signature operation,signed document,Signature icon,,HIS应用的障碍 HIS application barrier,,HIS应用的障碍 HIS application barrier,,HIS与电子签名相结合的意义 the Significance of HIS Combination with Electronic Signatures,保密性Privacy,身份鉴证Identity Authentication,授权Authorization,完整性Integrity,抗抵赖Non-Repudiation,,医疗行业：电子病历以及各种医院信息管理系统； Medical profession: electronic medical record and all kinds of hospital information management system; 药品监督行业：网上电子订单、药品监管； Drugs surveillance profession: electronic order form on-line, drugs supervised; 网站运营：安全站点、网络维护权限管理系统等； Web station maintenance: Security web site, network maintenance authorization management system, and so on; 网上交易平台：网络交易系统； Transaction platform on-line: Network transaction system;,PKI在信息化系统中的应用 The PKI applications for information system,,数字证书为医疗信息系统解决的问题,保证了登录医疗信息系统用户的真实身份 Ensure user identity of system administrator for login the medical service information system 保证临床医疗数据的保密性、完整性、可靠性 Ensure the clinical medical data secrecy, integrity and reliability 保证临床医疗数据的真实性、不可抵赖性 Ensure the clinical medical data authenticity and undeniableness 为医学研究提供基础平台 Provide the foundation platform for the medical research,Digital Certificate Offers One of the Most Effective Means of Solving Medical Service Information System Trust,,医疗信息系统安全问题的解决方案 The Solution for the Medical Service Information System Security,通过对医疗信息系统进行以下技术,要求解决医疗信息系统的各种安全隐患,以及为临床医疗数据真实性提供法律依据： Based on the following technical requirements, the reliable medical information system offers means of escaping from all kinds of security hidden danger, and provides the legal basis for the authenticity of the clinical medical data 对用户登录模块进行身份认证； Identity authentication for users through the login module; 对用户录入的数据进行数字签名； Digital signature to users input data; 对相关机密信息进行加密保存； Encryption and preservation of the related Confidential information ; 对保存的记录进行时间认证。 The preserved records Time Stamp verified.,,HIS的安全应用 HIS safe application,CA中心 Guangxi CA,后台服务器 backstage server,医生,safe audit database 安全审计 数据库,医院服务器 application server,SSL 安全通道,数据库 database server,提交电子病历数据(data),医生从CA中心申请证书 Doctor apply for certificate from CA center CA中心给医院应用系统服务器颁发服务器证书，证明接收电子病历系统（服务器）的身份 The CA center issues server certificate to the hospital application system server, authenticate the sever which received electronic medical record,申请证书,the application certificate,doctor,,医生使用证书登录应用系统，由服务器验证证书的有效性，建立SSL连接 Doctor login application system by certificate and server verify the validity of certificate and establishes the SSL connection 医生向应用系统提交电子病历数据，用自己的证书进行签名，经SSL通道加密传输 Doctor signs to electronic medical record data and submits it to the application system , all the data transmitted by SSL channel are encrypted and authentic. 医生的数字签名由服务器验证，将保存在安全审计数据库中，实现验证完整性、抗抵赖性 Server verify Doctors digital signature, which will be preserved in the safe audit database in order to verify the data integrity and anti-repudiation.,HIS的安全应用 HIS safe application,,电子病历、电子医嘱实现的意义 The significance of realization electronic medical record and electronic doctors advice,电子病历、电子医嘱具有如下特点： The electronic medical record, the electronic doctors advice have the following characteristics： 具备信息共享系统，医院的各个部门在任何地方、任何时候都可以调阅到所在医院病人的全部病历记录； Have the information sharing system, in anyplace and on anytime, every department can read patients record data in hospital;,,电