NHIN-Direct-Deployment-Models-20101208

Document Sample
NHIN-Direct-Deployment-Models-20101208 Powered By Docstoc
					Deployment Models

A. e-Mail client (no S/MIME)
    » NHIN-Direct developed security agent
    » off-the-shelf S/MIME proxy
B. e-Mail client using Native S/MIME
    » Internet e-Mail Service Provider
    » Healthcare specific e-Mail Service Provider
C. Web Portal
    » to common Internet e-Mail service with S/MIME support
    » to Healthcare specific messaging service with S/MIME support
D. EHR/PHR with integrated S/MIME functionality
    » deployed inside the Provider
    » deployed as SaaS
E. NHIN Direct to/from NHIN Exchange
    » Trusted NHIN Gateway
    » End to End secure
A) e-Mail client with Full Service HISP

  Source Client                   Source                      Destination                   Destination Client
                            Full Service HISP              Full Service HISP
  Document                                                                                    Document
                      A.3       Locate
     Or                        Destination                                                       Or
    XDM                        Certificate
                                                                                                XDM
                                                                       A.10 POP/IMAP +
          A.1                                                                         TLS
                                      A.4                                                     A.11
    Locate                       S/MIME
   Destination                                               S/MIME Verify
                                   Sign
    Address                                                  w/ Source Cert
                              w/ Private Key
                                             Private
                                               Key
                                                                 A.9        Private
                  SMTP +                      Store                           Key
          A.2     MIME+                                                      Store
                   TLS                                      S/MIME Decrypt
                                      A.5                    w/ Private Key

                                 S/MIME                    A.8
                                 Encrypt
                                                                 Encrypted
                              w/ Destination
                                                                  Content
                                   Cert
                               A.6                           A.7
                                                  SMTP +
                                  Send            S/MIME          Receive
B) e-Mail client using Native S/MIME
    Source Client                 Destination HISP             Destination Client
     Document                                                       Document
        Or                                                             Or
       XDM                                                            XDM
                 B.1                                                         B.9
           Locate
                                                                    S/MIME Verify
          Destination
                                                                    w/ Source Cert
          Address +
          Certificate
                                                                      B.8
Private          B.2
  Key                                                               S/MIME Decrypt
         S/MIME
 Store                                                               w/ Private Key
           Sign
      w/ Private Key                                                           Private
                                                 B.6                  B.7        Key
                                                       POP/IMAP +
                 B.3                                      TLS                   Store
         S/MIME
         Encrypt
                                     Encrypted
      w/ Destination
                                      Content
           Cert

                 B.4                 B.5
                         SMTP +
            Send                      Receive
                         S/MIME
C) Web Portal

 Source Client             Source web HISP                 Destination web                 Destination Client
                                                                HISP
                     C.2          Upload                                                    Document
 Document                       Document(s)
    Or                                                                                         Or
                                            C.3
   XDM                                                                                        XDM
                                 Build XDM                    Download
         C.1                                                                       HTTP            C.12
                 HTTP                                        Document(s)
                 + TLS                  C.4                                        + TLS
                               Find Destination              C.11
                                  Address +
                                                            S/MIME Verify
                                  Certificate
                                                            w/ Source Cert
                           Private
                             Key
                                                             C.10        Private
                                        C.5                                Key
                            Store
                                  S/MIME                                  Store
                                    Sign                    S/MIME Decrypt
                               w/ Private Key                w/ Private Key

                                        C.6                   C.9
                             S/MIME Encrypt
                              w/ Destination                  Encrypted
                                  Cert                         Content

                                        C.7                   C.8
                                                  SMTP +
                                     Send         S/MIME       Receive
D) EHR/PHR with integrated S/MIME
 Source Client                   Destination HISP                Destination Client
  Document                                                            Document
     Or                                                                  Or
    XDM                                                                 XDM
           D.1                                                                D.9
 Locate Destination                                                   S/MIME Verify
    Address +                                                         w/ Source Cert
    Certificate
                                                                              D.8
                                                            Private
              Private                                         Key
    D.2         Key                                          Store
               Store
      S/MIME                                                          S/MIME Decrypt
        Sign                                                           w/ Private Key
   w/ Private Key
                                           D.6      POP/IMAP +                 D.7
    D.3                                                TLS
  S/MIME Encrypt                    Encrypted
   w/ Destination                    Content
       Cert
    D.4                                   D.5
                        SMTP +
       Send                          Receive
                        S/MIME
E) Direct Project sending to XDR with Trusted
   Service Provider (e.g. NHIN Exchange)
                            Gateway: Direct Project to XDR
                                 (Destination HISP)                                Endpoint
                                                                                    in XDR
                                                                   E.1.7           Exchange

                             Convert XDM
                                                                           XDR
                             metadata and
                                                                           + TLS
                            content to XDR
                                format
                           E.1.6
                                              E.1.5     Address
                            S/MIME Verify               Book w/
                            w/ Source Cert               Certs
                           E.1.4
                                              E.1.3
                            S/MIME Decrypt
                             w/ Private Key               Private
Direct                                                      Key
Project                E.1.2                               Store
Sender
                                                Destination Certificate
          SMTP +   E.1.1
                                                is shared with all XDR
                                                destinations in XDR
          S/MIME               Receive          Exchange
E) Direct Project receiving from XDR with Trusted
   Service Provider (e.g. NHIN Exchange)
                                Gateway: Direct Project from XDR
Endpoint                                 (Source HISP)
                                  Convert XDR
 in XDR      XDR     E.2.1        Metadata and
Exchange     + TLS                Documents to
                                  XDM Zip file
                                               E.2.2
                               Extract Destination
                                    Address
                              from XDR metadata                Address
                             E.2.3                     E.2.4   Book w/
                                Locate Destination              Certs
                                   Certificate
                             E.2.5
                                  S/MIME Sign          E.2.6
                                  w/ Private Key
                                                               Private            Direct
                                                                 Key
                             E.2.7                                                Project
                                                                Store
                                 S/MIME Encrypt                                  Recipient
                                  w/ Destination
                                      Cert

                             E.2.8                                       E.2.9   SMTP +
                                       Send
                                                                                 S/MIME
E) NHIN Direct sending to non-trusted NHIN
   Exchange (End-to-End Secure)
                  NHIN Direct to NHIN Exchange
                       (Destination HISP)                             NHIN
                                                                     Exchang
                                                                        e


                                  Place S/MIME               XDR
                                   message as                + TLS
                                  XDR content




                                   Destination Certificate
                                   is Individual or
                                   Organization
NHIN
Direct

         SMTP +
         S/MIME     Receive
E) NHIN Direct sending to NHIN Exchange
                   NHIN Direct to NHIN Exchange
                        (Destination HISP)                                       NHIN
                                                                                Exchang
                                                                                   e

                   Convert XDM
                                             Place S/MIME               XDR
                   metadata and
                                              message as                + TLS
                  content to XDR
                      format                 XDR content



                  S/MIME Verify
                  w/ Source Cert


                                              Destination Certificate
                  S/MIME Decrypt              is Individual or
                   w/ Private Key             Organization
NHIN
Direct                Destination
                      Certificate is Group
                      NHIN Exchange

         SMTP +
         S/MIME      Receive
 E) NHIN-Direct receiving from non-Trusted NHIN
    Exchange (End-to-End Secure)
                                       Non Trusted NHIN
    NHIN                               Exchange Gateway
   Exchang
      e


Source Certificate is
individual or organizational

          Source Client
                                       Extract from XDM
            XDM Zip file                metadata the To
                                           and From
        Locate Destination                 addresses
           Address +
           Certificate
                                                             NHIN
           S/MIME Sign
                                        Extract S/MIME       Direct
                                        message from
           w/ Private Key
                                         XDR content
                               XDR
         S/MIME Encrypt        + TLS
          w/ Destination
              Cert                                        SMTP +
                                                          S/MIME
 E) NHIN-Direct receiving from NHIN Exchange
                                                       Non Trusted NHIN   Trusted NHIN Exchange
    NHIN                                               Exchange Gateway          Gateway
                                                                               Convert XDR
   Exchang                           XDR                                       Metadata and
      e                              + TLS                                     Documents to
                               Source Certificate is                           XDM Zip file
                               NHIN Exchange
                               Group Certificate
                                                                            Extract Destination
Source Certificate is
                                                                                 Address
individual or organizational
                                                                           from XDR metadata
          Source Client
                                                       Extract from XDM      Locate Destination
            XDM Zip file                                metadata the To         Certificate
                                                           and From
        Locate Destination                                 addresses
                                                                               S/MIME Sign
           Address +                                                           w/ Private Key
           Certificate
                                                                                                     NHIN
           S/MIME Sign
                                                        Extract S/MIME                               Direct
                                                        message from
           w/ Private Key                                                     S/MIME Encrypt
                                                         XDR content
                                         XDR                                   w/ Destination
                                         + TLS                                     Cert
         S/MIME Encrypt
          w/ Destination
              Cert                                                                                SMTP +
                                                                                    Send
                                                                                                  S/MIME

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:11
posted:11/25/2011
language:English
pages:11