AgentSkillsCN

Authentication

身份认证

SKILL.md
--- frontmatter
skill_id: SEC-AUTH
version: 1.0.0
last_updated: 2026-01-04
applies_to: [Class A, Class B, Class C]
jurisdiction: [Global]
prerequisites: [SEC-ENCRYPTION, REG-ISO14971]

Authentication for Medical Devices

Purpose

Define secure user/device authentication, session management, and RBAC suitable for medical device risk profiles.

When to Apply

  • User login, device-to-cloud or device-to-device auth, local service access.
  • Any control or PHI access path.

Requirements (testable)

  1. Unique Identities: No shared accounts; per-user/per-device identifiers. Rationale: accountability.
  2. Credential Protection: Store secrets hashed with strong KDF (argon2/bcrypt/scrypt) for users; protect device keys in secure element/TPM if available. Rationale: resist compromise.
  3. MFA Where Feasible: Apply MFA for remote administrative access and high-risk actions. Rationale: reduce takeover risk.
  4. Mutual Authentication: Use mTLS or equivalent for device↔server; verify server certs; validate device cert. Rationale: prevent MITM/rogue services.
  5. Session Management: Short-lived tokens; refresh with rotation; revoke on logout/compromise; bind tokens to device/user context. Rationale: limit exposure.
  6. RBAC: Enforce least privilege roles; gate safety-critical actions to authorized roles; log privilege escalations. Rationale: control misuse.
  7. Rate Limiting/Lockout: Apply rate limits to auth endpoints; lockout/backoff on repeated failures (with clinical safety consideration). Rationale: brute-force resistance.

Recommended Practices

  • Use hardware-backed key storage for device identity.
  • Rotate credentials/keys; define expiry and revocation process.
  • Log auth successes/failures without storing secrets; monitor anomalies.
  • Provide offline/maintenance access controls with separate audit trail.

Patterns

Password hashing (server-side example):

python
# REQ-AUTH-CRED-01; TEST-AUTH-04
hashed = argon2_hash(password, opslimit=4, memlimit=64*1024)

mTLS connection setup (pseudo):

c
// REQ-AUTH-MTLS-02; TEST-AUTH-06
tls_set_client_cert(ctx, device_cert, device_key);
tls_set_ca(ctx, ca_cert);
tls_require_server_auth(ctx, true);

Role check:

c
// REQ-AUTH-RBAC-03; TEST-AUTH-08
if (!user_has_role(user, ROLE_CLINICIAN)) return ERR_FORBIDDEN;

Anti-Patterns (risks)

  • Shared credentials across users/devices -> risk: no accountability.
  • Storing passwords in plaintext or weak hash (MD5/SHA1) -> risk: compromise.
  • No server cert validation in TLS -> risk: MITM.
  • Long-lived bearer tokens without rotation -> risk: replay/takeover.

Verification Checklist

  • Unique user/device IDs; no shared accounts.
  • Strong password hashing; device keys protected (secure element/TPM if available).
  • MFA applied for high-risk/remote admin actions.
  • Mutual auth for device↔server; server certs validated.
  • Sessions/tokens short-lived; rotation and revocation implemented.
  • RBAC enforced with least privilege; critical actions gated.
  • Rate limiting/backoff/lockout with safety-aware thresholds.
  • Auth events logged (no secrets); anomalies monitored.

Traceability

  • Requirements REQ-AUTH-### mapped to tests TEST-AUTH-###; link to security risk controls and threat model items.

References

  • NIST SP 800-63 for auth assurance (informative).
  • FDA Cybersecurity Premarket Guidance.
  • IEC 62443 identity/authentication requirements.

Changelog

  • 1.0.0 (2026-01-04): Initial authentication skill with mTLS, RBAC, MFA, and credential handling.

Audit History

  • 2026-01-04: Audit performed. Verified:
    • NIST SP 800-63 reference appropriate for authentication assurance levels
    • KDF recommendations (argon2/bcrypt/scrypt) are current best practices
    • mTLS patterns technically accurate