| DICOM PS3.15 2022c - Security and System Management Profiles |
|---|
The creator of a DICOM SOP Instance may generate signatures using the Creator RSA Digital Signature Profile. The Digital Signature produced by this Profile serves as a lifetime data integrity check that can be used to verify that the pixel data in the SOP instance has not been altered since its initial creation. An implementation that supports the Creator RSA Digital Signature Profile may include a Creator RSA Digital Signature with every SOP Instance that it creates; however, the implementation is not required to do so.
The signature shall use one of the RIPEMD-160, MD5, SHA-1 or SHA-2 family (SHA256, SHA384, SHA512) of hashing functions to generate a MAC, which is then encrypted using a private RSA key. All validators of digital signatures shall be capable of using a MAC generated by any of the hashing functions specified (RIPEMD-160, MD5, SHA-1 or SHA256, SHA384, SHA512).
As a minimum, an implementation shall include the following attributes in generating the Creator RSA Digital Signature:
any attributes of the General Equipment Module that are present
any attributes of the Overlay Plane Module, Curve Module or Graphic Annotation Module that are present
any attributes of the General Image Module and Image Pixel Module that are present
any attributes of the SR Document General Module and SR Document Content Module that are present
any attributes of the Waveform Module and Waveform Annotation Module that are present
any attributes of the Multi-frame Functional Groups Module that are present
any attributes of the Enhanced MR Image Module that are present
any attributes of the MR Spectroscopy Module that are present
any attributes of the Enhanced CT Image Module that are present
any attributes of the Enhanced XA/XRF Image Module that are present
any attributes of the Segmentation Image Module that are present
any attributes of the Encapsulated Document Module that are present
any attributes of the X-Ray 3D Image Module that are present
any attributes of the Enhanced PET Image Module that are present
any attributes of the Enhanced US Image Module that are present
any attributes of the Surface Segmentation Module that are present
any attributes of the Structured Display Module, Structured Display Annotation Module, and Structured Display Image Box Module that are present
any Attributes of the Implant Template Module that are present
any Attributes of the Implant Assembly Template Module that are present
any Attributes of the Implant Template Group Module that are present
any attributes of the Enhanced Mammography Image Module that are present
any attributes of the Tractography Results Module that are present
any attributes of the Volumetric Graphic Annotation Module that are present
any attributes of the Microscopy Bulk Simple Annotations Module that are present
The Digital Signature shall be created using the methodology described in the Base RSA Digital Signature Profile. Typically the certificate and associated private key used to produce Creator RSA Digital Signatures are configuration parameters of the Application Entity set by service or installation engineers.
Creator RSA Digital Signatures bear no direct relationship to other Digital Signatures. However, other Digital Signatures, such as the Authorization Digital Signature, may be used to collaborate the timestamp of a Creator RSA Digital Signature.
| DICOM PS3.15 2022c - Security and System Management Profiles |
|---|