PKI capabilities are based on a pair of keys (a public key and a private key) and are associated with a particular entity (eg. an individual). The entity can electronically authenticate its identity and then either sign or encrypt data. Each public key is openly published and the corresponding private key is kept secret by the entity. Any data that is encrypted with a particular public key can only be decrypted by the corresponding private key.
The underpinning facilities of PKI have been further developed in Australia, based on the Gatekeeper standard, (developed by the National Office of the Information Economy), for the supply of Internet services to Government. Gatekeeper involves rigorous scrutiny of PKI facilities and procedures by a number of government agencies (eg. the Defence Signals Directorate and the Australian Government Solicitor). HIC and HeSA have received Gatekeeper accreditation.
Related Topics
Public Key Infrastructure comprises of the following components:
Certificate Authority (CA): The CA (e.g. VeriSign, Thawte, SecureNet, Australian Tax Office) is responsible for issuing and revoking certificates. SecureNet Limited is the accredited Certification Authority service provider used by the Health Sector in Australia.
Registration Authority (RA): The RA verifies the binding between public keys and the certificate holders. HIC have established Health eSignature Authority Pty Ltd (HeSA) as an independent organisation to act as the RA.
Certificate holder(s): The certificate holders are individuals (General Practitioners, Pharmacists etc) or non-individuals (HealthCare locations) that have been issued with certificates and can use them to sign and/or encrypt documents.
Email Clients: The email clients validate digital signatures and their certification paths from a trusted CA public key. The more common email clients include Novell GroupWise™, MailSecure™, Lotus Notes™, Pegasus™, cc:Mail™, Qualcomm Eudora™, Microsoft Outlook™ and Microsoft Outlook Express™.
Repositories: The repository stores and makes available certificates and certificate revocation lists (CRLs). The repository that stores the holders certificate is commonly referred to as a cryptographic server. The repository that holds public certificates is known as a Lightweight Directory Access Protocol (LDAP) directory.
Security policy: The security policy sets out and defines the organization's top-level direction on information security, as well as the processes and principles for the use of cryptography.
| The following table provides a cross-reference of HIC/HeSA documentation requirements for Registration, Re-Key, Termination, Change of HIC Representatives, Misplaced or forgotten password, key, or certificate. | |||
| Note: The Revocation / Suspension / Reinstatement / Re-Key Request Form is used to request revocations, suspensions, or reinstatements. | |||
 |
|||
Purpose |
Request Form |
Identification Reference Form |
Identification Reference Form Documents |
HCL Subscriber Agreement (SecureNet) |
|||
Business HSE Document |
Letter of Authorisation |
EOI Primary Document for DAO |
EOI Secondary Documents for DAO |
||||
HCL Registration |
|
|
|
|
|
|
|
Re-key of HCL (BCAPL) |
|
|
|||||
Re-key of HCL (SecureNet) |
|
(Assuming
|
(Assuming
|
||||
Termination of HCL |
|
||||||
Cessation/change (DAO) |
|
|
|
|
|
|
|
Cessation/change (HSE Rep) |
|
|
|
||||
Cessation/change (DAO and HSE Rep) |
|
|
|
|
|
|
|
Misplaced Keys / Certificates / Password |
|
||||||
Forgotten Password, compromised
|
|
|
|||||
Forgotten Password, compromised or lost Certificates (SecureNet) |
|
||||||
Found keys / Certificates / Password (CAPL) |
|
||||||
Found keys / Certificates / Password (SecureNet) |
|
||||||
Other languages