电子签名在医院信息系统中的应用课件

1、电子签名在医院信息系统中的应用 The Application of Electronic Signature in the Hospital Information System广西壮族自治区人民医院 The Peoples Hospital Of Guangxi Zhuang Autonomous Region王桂榕May, 20072007年5月第1页，共22页。数字世界的信息安全要素Information Security Factors in Digital WorldPAINPrivacy（保密性） -确认信息的保密，不被窃取 - Ensure information Privac

2、y and not be stolenAuthentication & Authorization（鉴别与授权）-确认对方的身份并确保其不越权-Authenticate users identity and ensure them dont exceed their authorityIntegrity（完整性）-确保你收到信息没有被篡改- Ensure the received information not to be tamperedNon-Repudiation（抗抵赖）-有证据保证交易不被否认- Evidence to confirm the transaction be unden

3、iable第2页，共22页。各种安全技术比较 Comparison of all Kinds of Security Technology 身份鉴别Authentication机密性Privacy完整性Integrity抗抵赖Non-Repudiation口令Password动态口令Dynamic Password 密码技术Encrypt Technology PKI/CAPKI/CA 第3页，共22页。PKI成为可信网络的安全基础PKI is a Security Infrastructure for Credible Network公钥基础设施(Public Key Infrastruct

4、ure ,PKI)浏览器BrowserE-mail服务器Server防火墙Firewall目录Directory路由器Router远程访问控制Remote acc-ess Control安全电子邮件security EMAIL网络服务器安全security of network server文件签名document signatureVPNVirtual Priv-ate NetworkIP 骨干网络IP backbone net医院信息管理系统（Hospital Information System，HIS ）第4页，共22页。证书颁发机构：CACertificate issue insti

5、tution: CA证书认证权威(Certification Authority:CA) 提供网络身份认证服务 Provide the identity authentication service for network-证明数字证书的有效性Verify the validity of the digital certificate负责签发和管理数字证书 Be responsible for issuing and manage the digital certificate -具体签发证书Issue certification-对数字证书进行签名Sign to digital certif

6、icate-并管理数字证书Manage digital certificate 第5页，共22页。证书颁发机构：CACertificate awarding institution:CA具有权威性和公正性 Authority and Fairness -类似于颁发身份证的公安局 Be similar to the police station which can issue the ID card -在网络世界中人人都信任CA all people trust CA in the network world公安局第6页，共22页。证书注册机构：RACertificate registratio

7、n institution: RA证书注册权威(Certificate registration Authority)-Registration Authority受理用户的数字证书申请 Accept the users application of certification-对证书申请者身份进行审核并提交CA制证Verify applicants identity and submit applicant related information to CA- 类似于申请身份证的派出所Be similar to the local police station which apply for

8、 the ID card派出所第7页，共22页。证书注册机构：RACertificate registration institution: RA提供证书生命期的维护工作 Offer the maintenance work for the certificate life time-受理用户证书申请(Accept the certificate application from users)-协助颁发用户证书( Assist to issue the certificate to users)-审核用户真实身份(Verify the real identity of users)-受理证书更

9、新请求(Update certificates)-受理证书吊销(Revocation certificate )第8页，共22页。电子文档的安全需求The Security Requirement of Electronic Document电子文档包括(The electronic documents include) :各单位的申报审批报告、内部通知、公告等 every institutions reports for application, internal notice, announcement and so on采用Word、Excel或网页等形式 Use Word, Excel

10、, homepage, and so on安全需求(security requirement): 需要多人对电子文档进行审批并签字 Need more one person to exam and sign the electronic document需要实现(Needs to realize) ：身份认证 Identity authentication完整性 Integrity抗抵赖 Non-Repudiation第9页，共22页。文档签章 Documents signature 针对电子文档的安全需求，广西CA提供文档签章产品，解决电子文档的安全需求。开发了针对Word、Excel或网页

11、等文档系统的插件电子签章插件。使用电子签章插件和数字证书，可以对Word 、Excel或网页等文档进行签名，并添加电子化图章。点击文档上的电子化图章，可以验证签名者是谁，签名的信息包含哪些，以及电子文档是否被改动等。 In view of the security requirement of electronic documents , GuangXi CA provides the product for document signature. The plug-in unit for Word, Excel ,homepage and other document system - el

12、ectronic signature plug-in unit By electronic signature plug-in unit and certificate, we can sign to word, Excel, homepage or other documents, and add electronic stamp on documents. Click the electronic stamp in this document, and confirm who signed, what information about the signature,as well as w

13、hether the document had been modified and so on. 第10页，共22页。电子文档签章实现原理 The Realization Principle about Electronic Documents Signatureunsigned documentPersonal identity certificateDocument signature moduleDocuments signature operationsigned documentSignature icon第11页，共22页。HIS应用的障碍HIS application barri

14、er第12页，共22页。HIS应用的障碍HIS application barrier第13页，共22页。Digital Signature加密Encrypt 私钥与数字签名应用授权Authorizationof applications 数字证书Certificate HIS与电子签名相结合的意义the Significance of HIS Combination with Electronic Signatures 保密性Privacy身份鉴证Identity Authentication授权Authorization完整性Integrity抗抵赖Non-Repudiation第14页，

15、共22页。医疗行业：电子病历以及各种医院信息管理系统； Medical profession: electronic medical record and all kinds of hospital information management system;药品监督行业：网上电子订单、药品监管； Drugs surveillance profession: electronic order form on-line, drugs supervised;网站运营：安全站点、网络维护权限管理系统等； Web station maintenance: Security web site, netw

16、ork maintenance authorization management system, and so on;网上交易平台：网络交易系统； Transaction platform on-line: Network transaction system; PKI在信息化系统中的应用The PKI applications for information system第15页，共22页。数字证书为医疗信息系统解决的问题保证了登录医疗信息系统用户的真实身份 Ensure user identity of system administrator for login the medical

17、service information system 保证临床医疗数据的保密性、完整性、可靠性 Ensure the clinical medical data secrecy, integrity and reliability 保证临床医疗数据的真实性、不可抵赖性 Ensure the clinical medical data authenticity and undeniableness 为医学研究提供基础平台 Provide the foundation platform for the medical research Digital Certificate Offers One

18、of the Most Effective Means of Solving Medical Service Information System Trust 第16页，共22页。医疗信息系统安全问题的解决方案The Solution for the Medical Service Information System Security通过对医疗信息系统进行以下技术,要求解决医疗信息系统的各种安全隐患,以及为临床医疗数据真实性提供法律依据： Based on the following technical requirements, the reliable medical informati

19、on system offers means of escaping from all kinds of security hidden danger, and provides the legal basis for the authenticity of the clinical medical data 对用户登录模块进行身份认证； Identity authentication for users through the login module;对用户录入的数据进行数字签名； Digital signature to users input data;对相关机密信息进行加密保存； E

20、ncryption and preservation of the related Confidential information ; 对保存的记录进行时间认证。 The preserved records Time Stamp verified.第17页，共22页。HIS的安全应用HIS safe application CA中心Guangxi CA后台服务器backstage server医生safe audit database安全审计数据库医院服务器application serverSSL安全通道数据库database server提交电子病历数据(data)数字签名digital

21、 signature医生从CA中心申请证书 Doctor apply for certificate from CA center CA中心给医院应用系统服务器颁发服务器证书，证明接收电子病历系统（服务器）的身份 The CA center issues server certificate to the hospital application system server, authenticate the sever which received electronic medical record申请证书the application certificatedoctor第18页，共22页。

22、医生使用证书登录应用系统，由服务器验证证书的有效性，建立SSL连接 Doctor login application system by certificate and server verify the validity of certificate and establishes the SSL connection医生向应用系统提交电子病历数据，用自己的证书进行签名，经SSL通道加密传输 Doctor signs to electronic medical record data and submits it to the application system , all the dat

23、a transmitted by SSL channel are encrypted and authentic.医生的数字签名由服务器验证，将保存在安全审计数据库中，实现验证完整性、抗抵赖性 Server verify Doctors digital signature, which will be preserved in the safe audit database in order to verify the data integrity and anti-repudiation.HIS的安全应用HIS safe application 第19页，共22页。电子病历、电子医嘱实现的意义The significance of realization electronic medical record and electronic doctors advice电子病历、电子医嘱具有如下特点：The electronic medical record, the elect