DICOM PS3.15 2024e - Security and System Management Profiles |
---|
The technician or physician who approves a DICOM SOP Instance for use may request the Application Entity to generate a signature using the Authorization RSA Digital Signature Profile. The Digital Signature produced serves as a lifetime data integrity check that can be used to verify that the pixel data in the SOP instance is the same that the technician or physician saw when they made the approval.
The signature shall use one of the RIPEMD-160, MD5, SHA-1 or SHA-2 family (SHA256, SHA384, SHA512) of hashing functions to generate a MAC, which is then encrypted using a private RSA key. All validators of digital signatures shall be capable of using a MAC generated by any of the hashing functions specified (RIPEMD-160, MD5, SHA-1 or SHA256, SHA384, SHA512).
As a minimum, an implementation shall include the following Attributes in generating the Authorization RSA Digital Signature:
any Attributes whose Values are verifiable by the technician or physician (e.g., their Values are displayed to the technician or physician)
any Attributes of the Overlay Plane, Curve or Graphic Annotation modules that are present
any Attributes of the General Image and Image Pixel modules that are present
any Attributes of the SR Document General and SR Document Content modules that are present
any Attributes of the Waveform and Waveform Annotation modules that are present
any Attributes of the Multi-frame Functional Groups module that are present
any Attributes of the Enhanced MR Image module that are present
any Attributes of the MR Spectroscopy modules that are present
any Attributes of the Enhanced CT Image module that are present
any Attributes of the Enhanced XA/XRF Image module that are present
any Attributes of the Segmentation Image module that are present
any Attributes of the Encapsulated Document module that are present
any Attributes of the X-Ray 3D Image module that are present
any Attributes of the Enhanced PET Image module that are present
any Attributes of the Enhanced US Image module that are present
any Attributes of the Surface Segmentation module that are present
any Attributes of the Structured Display, Structured Display Annotation, and Structured Display Image Box modules that are present
any Attributes of the Implant Template module that are present
any Attributes of the Implant Assembly Template module that are present
any Attributes of the Implant Template Group module that are present
any Attributes of the Enhanced Mammography Image module that are present
any Attributes of the Volumetric Graphic Annotation Module that are present
The Digital Signature shall be created using the methodology described in the Base RSA Digital Signature Profile. The Application Entity shall determine the identity of the technician or physician and obtain their certificate through a site-specific procedure such as a login mechanism or a smart card.
Authorization RSA Digital Signatures bear no direct relationship to other Digital Signatures. However, other Digital Signatures, such as the Creator RSA Digital Signature, may be used to collaborate the timestamp of an Authorization RSA Digital Signature.
DICOM PS3.15 2024e - Security and System Management Profiles |
---|