 |
PKI capabilities are based on a pair of keys (a public key and a private key) and are associated with a particular entity (eg. an individual). The entity can electronically authenticate its identity and then either sign or encrypt data. Each public key is openly published and the corresponding private key is kept secret by the entity. Any data that is encrypted with a particular public key can only be decrypted by the corresponding private key.
The underpinning facilities of PKI have been further developed in Australia, based on the Gatekeeper standard, (developed by the National Office of the Information Economy), for the supply of Internet services to Government. Gatekeeper involves rigorous scrutiny of PKI facilities and procedures by a number of government agencies (eg. the Defence Signals Directorate and the Australian Government Solicitor). Medicare Australia has received Gatekeeper accreditation.
Public Key Infrastructure comprises of the following components:
Certificate Authority (CA): The CA is responsible for issuing and revoking certificates. SecureNet Limited is the accredited Certification Authority service provider used by the Health Sector in Australia.
Registration Authority (RA): The RA verifies the binding between public keys and the certificate holders. Medicare Australia have established Health eSignature Authority Pty Ltd (Medicare Australia) as an independent organisation to act as the RA.
Certificate holder(s): The certificate holders are individuals (General Practitioners, Pharmacists etc) or non-individuals (HealthCare locations) that have been issued with certificates and can use them to sign and/or encrypt documents.
Email Clients: The email clients validate digital signatures and their certification paths from a trusted CA public key. The more common email clients include Novell GroupWise™, MailSecure™, Lotus Notes™, Pegasus™, cc:Mail™, Qualcomm Eudora™, Microsoft Outlook™ and Microsoft Outlook Express™.
Repositories: The repository stores and makes available certificates and certificate revocation lists (CRLs). The repository that stores the holders certificate is commonly referred to as a cryptographic server. The repository that holds public certificates is known as a Lightweight Directory Access Protocol (LDAP) directory.
Security policy: The security policy sets out and defines the organization's top-level direction on information security, as well as the processes and principles for the use of cryptography.
Other languages