ISO INTERNATIONAL STANDARD 17090-2 Secondedition 2015-11-15 Health informatics - Public key infrastructure Part 2: Certificate profile Informatique de santé - Infrastructure de clé publique - Partie 2: Profil de certificat Reference number ISO 17090-2:2015(E) SO International Organization for Standardization ZHEJIANG INST OF STANDARDIZATION C15956617 IS02015 itted without license from IHS IS0 17090-2:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS02015,PublishedinSwitzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISOcopyrightoffice Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel.+41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org Intenationaibr PrganizationforStandardization icensee-ZHEJIANG INST.OF STANDARDIZoISQ s1.5 - All rights reserved Not for Resale, 2016/3/29 05:50:45 etworking permitted without license from IHS IS0 17090-2:2015(E) Contents Page Foreword ..V Introduction. ...vi 1 Scope. 2 Normative references ..1. 3 Terms and definitions 4 Abbreviated terms .1 5 Healthcare CPs .2 5.1 Certificate types required for healthcare .2 5.2 CA certificates. .2 5.2.1 Root CA certificates .2 Subordinate CA certificates 2 5.2.2 5.3 Cross/Bridge certificates .3 5.4 End entity certificates .3 5.4.1 Individualidentitycertificates 3 5.4.2 Organizationidentitycertificate ..4 5.4.3 Device identity certificate 4 5.4.4 Application certificate .4 5.4.5 AC ..4 5.4.6 Role certificates .5 6 General certificate requirements .6 6.1 Certificate compliance. .6 6.2 Common fields for each certificate type ..6 6.3 Specifications for common fields. 6.3.1 General. 1 6.3.2 Signature 6.3.3 Validity ..8 6.3.4 Subject public key information. ..8 6.3.5 Issuer name field ..9 6.3.6 The subject name field. .10 6.4 Requirements for each healthcare certificate type ..11 6.4.1 Issuer fields .11 6.4.2 Subject fields ..11 7 Use of certificate extensions .14 7.1 General .14 7.2 General extensions.. .14 7.2.1 authorityKeyldentifier ..14 7.2.2 subjectKeyldentifier. ..14 7.2.3 keyUsage .14 7.2.4 privateKeyUsagePeriod .14 7.2.5 certificatePolicies. .14 7.2.6 subjectAltName. .14 7.2.7 basicConstraints 15 7.2.8 CRLDistributionPoints .15 7.2.9 ExtKeyUsage .15 7.2.10 Authority information access .15 7.2.11 Subject information access 15 7.3 Special subject directory attributes. .15 7.3.1 hcRole attribute .15 7.3.2 subjectDirectoryAttributes ..17 7.4 Qualified certificate statements extension ..17 7.5 Requirements for each health industry certificate type ..17 7.5.1 Extensionfields .17 iii nsee=ZHEJIANG INST OF STANDARDIZATION C1 5956617 ithout license from IHS Not for Resale, 2016/3/29 05:50:45