Verifiable Health Link
0.0.2-current - ci-build International flag

Verifiable Health Link, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 0.0.2-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.VHL/ and changes regularly. See the Directory of published versions

: Verify Document Signature - XML Representation

Active as of 2025-06-16

Raw xml | Download


<Requirements xmlns="http://hl7.org/fhir">
  <id value="VerifyDocumentSignature"/>
  <text>
    <status value="generated"/>
    <div xmlns="http://www.w3.org/1999/xhtml"><p class="res-header-id"><b>Generated Narrative: Requirements VerifyDocumentSignature</b></p><a name="VerifyDocumentSignature"> </a><a name="hcVerifyDocumentSignature"> </a><p>These requirements apply to the actor <a href="ActorDefinition-VHLReceiver.html">VHL Receiver</a></p><table class="grid"><tr><td><b><a name="extract-signature-keyid"> </a></b>Extract Signature and Key ID</td><td/><td><div><p>Upon receipt of a digitally signed health document, extract signature, key id, and participant code.</p>
</div></td></tr><tr><td><b><a name="lookup-DSC"> </a></b>Lookup DSC</td><td/><td><div><p>Lookup Document Signing Certificate (DSC) public key by key id and participant code</p>
</div></td></tr><tr><td><b><a name="verify-signature"> </a></b>Verify Signature</td><td/><td><div><p>Verify signature using the public key</p>
</div></td></tr></table></div>
  </text>
  <url
       value="https://profiles.ihe.net/ITI/VHL/Requirements/VerifyDocumentSignature"/>
  <version value="0.0.2-current"/>
  <name value="VerifyDocumentSignature"/>
  <title value="Verify Document Signature"/>
  <status value="active"/>
  <date value="2025-06-16T13:14:26+00:00"/>
  <publisher value="IHE IT Infrastructure Technical Committee"/>
  <contact>
    <telecom>
      <system value="url"/>
      <value value="https://www.ihe.net/ihe_domains/it_infrastructure/"/>
    </telecom>
  </contact>
  <contact>
    <telecom>
      <system value="email"/>
      <value value="iti@ihe.net"/>
    </telecom>
  </contact>
  <contact>
    <name value="IHE IT Infrastructure Technical Committee"/>
    <telecom>
      <system value="email"/>
      <value value="iti@ihe.net"/>
    </telecom>
  </contact>
  <description
               value="The [VHL Receiver](ActorDefinition-VHLReceiver.html), upon receiving a digitally signed health document from a [VHL Sharer](ActorDefinition-VHLSharer.html), MAY verify the document's digital signature using previously retrieved PKI material.

This verification process confirms the authenticity, integrity, and provenance of the document independently of the Verified Health Link (VHL) itself.

The public key used for this verification MAY:
* Originate from a different trust network than the one used to validate the VHL
* Be unrelated to the key used to validate the VHL signature

Implementers SHOULD consult cross-profile guidance regarding interoperability with the [IHE Document Digital Signature (DSG) profile](https://profiles.ihe.net/ITI/TF/Volume1/ch-37.html), particularly in cases where additional attestation, long-term non-repudiation, or multi-party signatures are involved."/>
  <jurisdiction>
    <coding>
      <system value="http://unstats.un.org/unsd/methods/m49/m49.htm"/>
      <code value="001"/>
    </coding>
  </jurisdiction>
  <actor
         value="https://profiles.ihe.net/ITI/VHL/ActorDefinition/VHLReceiver"/>
  <statement>
    <key value="extract-signature-keyid"/>
    <label value="Extract Signature and Key ID"/>
    <requirement
                 value="Upon receipt of a digitally signed health document, extract signature, key id, and participant code."/>
  </statement>
  <statement>
    <key value="lookup-DSC"/>
    <label value="Lookup DSC"/>
    <requirement
                 value="Lookup Document Signing Certificate (DSC) public key by key id and participant code"/>
  </statement>
  <statement>
    <key value="verify-signature"/>
    <label value="Verify Signature"/>
    <requirement value="Verify signature using the public key"/>
  </statement>
</Requirements>