The Direct Project Reference Implementation Architecture

Similar documents
TABLE OF CONTENTS INTRODUCTION USE CASES FOR CONVERSION BETWEEN DIRECT AND XDR DATAMOTION XDR IMPLEMENTATION GLOSSARY OF TERMS

Practical Guidance to Implement Meaningful Use Stage 2. Secure Health Transport for Certification and Meaningful Use

The Direct Project Overview

How To Communicate In Healthcare With Direct Secure Messaging

Statewide Send and Receive Patient Record Exchange. Technical Specification

Business and Technical Description of Commercial Systems The scope of the technical solution is further described below.

EHR Vendor Support for Meaningful Use Stage 2 Certification and Implementation Direct Basics & Transitions of Care. February 19, :00 PM EST

Exchanging Medical Records Online with Direct

How To Use Direct Messaging

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

Centers for Disease Control and Prevention, Public Health Information Network Messaging System (PHINMS)

PrivaSphere Gateway Certificate Authority (GW CA)

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

ConCert by HIMSS Certification: An Overview

Unifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Gateway

Clearswift Information Governance

EXAM - ST Symantec PGP Universal Server 3.2 Technical Assessment. Buy Full Product.

Options for encrypted communication with AUDI AG Version of: 31 May 2011

Developers Integration Lab (DIL) System Architecture, Version 1.0

Astaro Mail Archiving Getting Started Guide

StreamServe Encryption and Authentication

Is Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform

Participating in a Health Information Exchange (HIE) Many Faces of Community Health /27/11 Greg Linden

Digital certificates and SSL

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

Public Key Infrastructure for a Higher Education Environment

Ciphermail Gateway PDF Encryption Setup Guide

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

Transport server data paths

Commonwealth of Massachusetts Executive Office of Health and Human Services. The Golden Spike Integration Options 8/20/2012

The GlobalCerts TM Secur Gateway TM

Snow Agent System Pilot Deployment version

Basic Exchange Setup Guide

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

PGP Product Update Juha Ropponen

Ciphermail for BlackBerry Quick Start Guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

DJIGZO ENCRYPTION. Djigzo white paper

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)

Core Filtering Admin Guide

Ciphermail for Android Quick Start Guide

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

North Dakota Health Information Network. Health Information Exchange Implementation

Boundary Encryption.cloud Deployment Process Overview

Device Log Export ENGLISH

CIPHERMAIL ENCRYPTION. CipherMail white paper

An Oracle White Paper Dec Oracle Access Management Security Token Service

Core Protection Suite

Djigzo encryption. Djigzo white paper

Using PI to Exchange PGP Encrypted Files in a B2B Scenario

Encryption Made Simple

Eclipse Open Healthcare Framework

S/MIME and Sympa mailing lists manager Using signature and encryption with a mailing list manager

A NATURAL FIT. Microsoft Office 365 TM and Zix TM Encryption. By ZixCorp

StreamServe Persuasion SP4 Encryption and Authentication

PROTOTYPE IMPLEMENTATION OF A DEMAND DRIVEN NETWORK MONITORING ARCHITECTURE

Protected Trust Setup Guide for Brother MFC Devices

rpafi/jl open source Apache Axis2 Web Services 2nd Edition using Apache Axis2 Deepal Jayasinghe Create secure, reliable, and easy-to-use web services

StreamServe Persuasion SP5 Encryption and Authentication

CS 356 Lecture 28 Internet Authentication. Spring 2013

Serial Deployment Quick Start Guide

Installing your Digital Certificate & Using on MS Out Look 2007.

USHA. Notification Setting. User Manual

Prepared by Noam H. Arzt, PhD HLN Consulting, LLC

Balamaruthu Mani. Supervisor: Professor Barak A. Pearlmutter

FUSE-ESB4 An open-source OSGi based platform for EAI and SOA

POP3 Connector for Exchange - Configuration

Top 7 Tips for Better Business Continuity

IHE IT Infrastructure Technical Framework Supplement. Document Encryption (DEN) Trial Implementation

Configuration Guide. Follow the simple steps given in this document when you are going to run Lepide Active Directory Cleaner for the first time.

Internet Standards. Sam Silberman, Constant Contact

Instructions Microsoft Outlook Express Page 1

Encryption Made Simple

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

Deep-Secure Mail Guard Feature Guide

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

Owner of the content within this article is Written by Marc Grote

Transglobal Secure Collaboration Program Secure v.1 Gateway Design Principles

Middleware integration in the Sympa mailing list software. Olivier Salaün - CRU

Professional Portal Development with Open Source lools: Java' Portlet API, Lucene, James, SUde

ObserveIT Ticketing Integration Guide

DigiCert: Trusted Business for the Enterprise and Its Customers

Using etoken for Securing s Using Outlook and Outlook Express

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

Transcription:

The Direct Project Reference Implementation Architecture 1

NwHIN Direct Approach Develop specifications for a secure, scalable, standardsbased way to establish universal health addressing and transport for participants Send encrypted health information directly to known, trusted recipients over the Internet (Push Model) Participants include providers, laboratories, hospitals, pharmacies and patients Standards and service descriptions designed to address the key Stage 1 requirements for Meaningful Use http://wiki.directproject.org/home 2

Direct Reference Implementation Open-source reference implementation and associated libraries implementing the Direct Project specification Implementations in Java and in C Sharp(.Net) Actually implemented and used in several pilot projects. New York Hudson Valley and Rhode Island have hooked their pilots together (HISP to HISP) Multiple EHRs vendors in the pilots http://wiki.directproject.org/reference+implementation+ Workgroup 3

JAVA REFERENCE IMPLEMENTATION PLUS DIRECTORY SERVICES HISP Security Domain Real SMTP Server POP/SMTP Internal Email Client External Direct Health Information s (HISPS) Provider Directory s SMTP(SMIME) Certificate Directory s SMTP (Gateway ) Apache Mailet API Security Agent Apache Mailet API XD* Agent Configuration SQL Configuration Web UI XDR (Receiving XD* SOAP SERVICE XDR Source(Sending 4

EHR to EHR cmp EHR to EHR XDR Source (Sending Mutual Authentication HISP/HIE Direct XD* Serv ice Mutual Authentication XDR Serv ice (Receiv ing ProvideAndRegister ProvideAndRegister Search For Entity Search For Provider Get Local Endpoint Prov ider Directory Serv ice Configuration Serv ice 5

EHR to EHR Sequence sd EHR to EHRSequence XDR Source (Sending Provider Directory HISP/HIE Direct XD* Configuration XDR (Receiving SearchForProvider(SearchForProviderRequest) :SearchForProviderResponse MutualAuthentication() ProvideAndRegister(ProvideAndRegisterRequest) GetLocalEndpoint(DirectAddress) ProvideAndRegister(ProvideAndRegisterRequest) :ProvideAndRegisterResponse :ProvideAndRegisterResponse 6

Why the SMTP Backbone? Allows for the inclusion of providers without EHRs in the Direct model Allows for a security model that does not rely on a strong federation Strongly federated security with dictated CA structure, like the Federal Bridge, seem to be difficult to implement Without strong federation, unanticipated push between two random TLS based SOAP systems is not simple (possible?) Using the Direct Certificate Directory model allows for unanticipated SMIME with dynamic certificate exchange 7

THE MAILET, ENABLING SECURE SMTP BASED SERVICES HISP Security Domain Real SMTP Server POP/SMTP Internal Email Client External Direct Health Information s (HISPS) Provider Directory s SMTP(SMIME(XDM)) Certificate Directory s SMTP (Gateway ) Apache Mailet API Security Agent Apache Mailet API XD* Agent Configuration SQL Configuration Web UI SMTP (XDM) XDR (Receiving XD* SOAP SERVICE XDR Source(Sending 8

What Apache Mailets Get You In-flow programmatic access to the (S)MIME message without cumbersome polling or queuing Allows for dynamic certificate exchange, decryption and signature validation Allows for dynamic conversion to more SOA friendly protocols Extremely simple injection mechanism Configuration based 9

SOAP to SMTP cmp EHR tosmime Out Mutual Authentication XDR Source (Sending HISP/HIE Direct XD* Serv ice HISP/HIE Direct Mail Serv ice XDM Over SMTP ProvideAndRegister SMIME(XDM) Over SMTP External Direct SMTP Serv ices Search For Entity Search For Provider Get Local Endpoint Get Provider Private Key (Sender, Sign) Get Current Certificates (Recipient, Encrypt) Provider Directory Configuration Certificate Repository 10

SOAP to SMTP Sequence sd EHR to SMIME Out Sequence XDR Source (Sending Provider Directory HISP/HIE Direct XD* Configuration HISP/HIE Direct Mail Certificate Repository External Direct SMTP s SearchForProvider(SearchForProviderRequest) :SearchForProverResponse MutualAuthentication() ProvideAndRegister(ProvideAndRegisterRequest) GetLocalEndpoint(DirectAddress) SMTP(XDM) GetProviderPrivateKey() GetCurrentCertificates() SMIMEOverSMTP(XDM) :Ack :Ack :ProvideAndRegisterResponse 11

THE MAILET, ENABLING SECURE SMTP BASED SERVICES HISP Security Domain Real SMTP Server POP/SMTP Internal Email Client External Direct Health Information s (HISPS) Provider Directory s SMTP(SMIME) Certificate Directory s SMTP (Gateway ) Apache Mailet API Security Agent Apache Mailet API XD* Agent Configuration SQL Configuration Web UI XDR XDR (Receiving XD* SOAP SERVICE XDR Source(Sending 12

SMTP to SOAP cmp SMIME to EHR In External Direct SMTP s SMIME Over SMTP HISP/HIE Direct Mail ForwardMessage XD Step Up Serv ice ProvideAndRegister HISP/HIE Direct XD* Get Current Certificates (Sender, Validation) Get Local Endpoint Get Provider Private Key (Recipient, Decrypt) Get Local Endpoint Mutual Authentication ProvideAndRegister Certificate Repository Configuration Serv ice XDR Serv ice (Receiv ing 13

SMTP to SOAP Sequence sd SMIME to EHR In Sequence External Direct SMTP s HISP/HIE Direct Mail Certificate Repository Configuration XD Step Up HISP/HIE Direct XD* XDR (Receiving SMIMEOverSMTP() GetProviderPrivateKey() GetCurrentCertificates() GetLocalEndpoint() ForwardMessage(Payload) ProvideAndRegister(ProvideAndRegisterRequest) MutualAuthentication() ProvideAndRegister(ProvideAndRegisterRequest) :ProvideAndRegisterResponse :ProvideAndRegisterReponse :Ack :Ack 14

Conclusions and Questions? The Direct specification and reference implementation has been an incredible example of cooperative open source development Multiple connectathons and extensive junit testing help make the implementation rock solid Architecture seems as clean as possible with multiple protocols Still firming up the Provider Directory detailed requirements Certificate Directory now uses DNS, may or may not change 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information