HIPAA PKI Secured Network Basic Key Features Requirements

1. Ability to add attributes.
Certificates can provide attributes that can describe information about the certificate holder. The ability to add attributes is part of the X509 v3 standard protocol, and, thus, most major PKI vendors can adhere to this requirement.

2. Continuity of signature capability.
This feature allows documents or messages to be verified between signings. For example, managers may verify an employee’s digital signature before signing the document with their own digital signatures.

3. Countersignatures capability.
This feature allows for verification to determine the order in which signatures were placed on the document or message. In this manner, a chain of signature authorities can be established to ensure that a proper process had been followed.

4. Independent verifiability.
Given that certificates can be used and validated by resolving the chain of trust for the certificate, it is possible to easily verify the digital certificate that was used in a transaction. Furthermore, with public key technology, anyone has access to a signer’s public key, making this requirement trivial for certificates issued by public CAs.

5. Interoperability.
Some PKI vendors do make deviations from standard X509 v3 certificates, which then can cause problems when the systems have to interact with each other. Interoperability is required to prevent the need for a single vendor. A number of standards bodies in other industries have attempted to create this “universal model” for certificates. For the most part, certificates can be used for standard applications, such as digital signatures, with good interoperability; however, some complex, custom applications may not work with all types of certificates.

6. Multiple signatures.
Generally, in an approval or workflow process, multiple signatures may be required for approval; thus, a PKI would need the ability, either directly or through third-party applications, to show a chain of signing authorities. Most form-signing or workflow packages that use digital certificates have this ability.

7. Transportability.
This is the ability to send a signed document over an insecure network (for example, the Internet) without the loss of message integrity. It is part of the basic functionality of a digital certificate, as it provides privacy and integrity by encrypting and signing a message.