Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1997-09-05
2003-04-29
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S176000, C705S003000
Reexamination Certificate
active
06557102
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to systems for management of image information including digital images and associated data by maintaining at least one central electronic archive which may be accessed over a digital data network or other communications link by remote viewing stations. In its particular aspects, the present invention relates to Picture Archiving and Communications Systems (PACS) or similar systems for medical images in association with a so-called “digital trust center” for enabling authentication of the image information.
2. Description of the Related Art
Such a system is described in S. Wong, “A Cryptologic Based Trust Center for Medical Images”, Journal of the American Medical Informatics Association, Vol. 3 No. 6, Nov./Dec. 1996, pp. 410-421, written by one of the inventors herein.
Image management systems for hospitals and similar healthcare giving organizations, which systems are known by the acronym PACS, may serve an entire hospital department, such as radiology, an entire hospital, or multiple hospitals. For the purposes of this application, PACS refers to a system devoted to the management of digital medical images or the pertinent part of a data management system for hospital or patient information which includes these functions. In a PACS, digital images acquired from image acquisition devices such as X-ray, CT, MRI, PET, nuclear medicine, and ultrasound, or the scanning of film, and data associated with such images are sent electronically by their respective associated acquisition computers over a local or wide area network to a central PACS archive server, which accesses and manages an electronic image data store or archive. Identified images may then be requested electronically at any of plurality of remote viewing or display stations in communication with the PACS archive server via the network or another communications link, such as a telephone line, in response to which request, they are retrieved by the PACS archive server from the data store and sent to the requesting station.
Particularly as such systems become more ubiquitous and extensive in size, and network links or gateways are provided to other information system resources of the institution, and possibly to the Internet, the potential exists for unauthorized access to the workstations, networks or servers of the system by persons of malevolent intent. Consequently, in addition to the possibility of files being corrupted by equipment malfunction, there is the danger of acts of sabotage where images could be surreptitiously substituted or modified in the data store or injected into the network. The use of spurious or corrupted images for purposes of diagnosis or treatment could, of course, have disastrous consequences for the patient. Further, there is the danger that unauthorized persons could obtain the medical images and/or other private electronic medical records with the intent of using them for improper purposes.
The cited article indicates that it would be beneficial to integrate cryptographic techniques and PACS to protect the confidentiality and determine the authenticity of digital images in hospitals using a so-called “digital trust center” in which an authentication server is provided to attach a hash value (a so called “digital fingerprint”) derived from the image data set to an incoming image dataset so that the hash is stored with the image data set in the image data store maintained by the PACS archive server. In response to a query from a display station identifying the image by ID number or patient name, the PACS archive server can check the authenticity of the image data set by comparing the stored hash with one it computes from the stored image data set.
The system suggested by the cited article is unacceptably vulnerable to attack or compromise of authenticity and security in the link(s) between the acquisition computers closely associated with the various imaging devices and the PACS archive server and in the link(s) between the archive server and the various display stations.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide, in or in association with an image archive server or other information management system including management of images, an authentication and security system which includes at least partial image file encryption and extraction of authentication information at the image acquisition computers closely associated with the various imaging devices and which includes image file decryption and authentication at the display stations. It is another object of the present invention that authenticity be determined by comparing information derived from the image dataset at the time of authentication with independently maintained information previously captured by the image acquisition computers and maintained by an authentication server. Lastly, it is another object that the means or functionality for authentication and for security be integrated coherently into the centralized data management configuration of a PACS or similar system in a transparent and seamless manner, and that the demands of decryption and authentication be accomplished at the display stations with acceptable delays.
Briefly, the aforementioned and other objects are satisfied by providing in association with an image management system, an authentication and security system comprising an authentication server or so-called “digital trust center” which maintains and stores hashes and corresponding time stamps indicating the times of receipt of the respective hashes, and provides them on request in encrypted form, and further functionality in the image acquisition computers and the display stations to provide for security and to interact with the authentication server for authentication purposes. Thus the acquisition computers are configured for pre-processing image datasets of acquired digital images (or sequences of images) each image or sequence comprising a header and image data, including performing any required image compression, encrypting at least a portion of the image data, computing hashes and providing them to the authentication server, receiving time stamps from the authentication server, inserting the time stamps in the image headers, and sending the thereby modified image datasets to the image archive server. Further, the image display stations are configured for performing any required image decompression, decrypting image datasets, computing hashes from decrypted image datasets, obtaining and decrytping stored hashes from the authentication server and comparing the decrypted hashes obtained from the authentication server with the locally computed hashes. For more thorough authentication, the time stamps obtained from the authentication server, after decryption at the image display stations, may be compared with the time stamps contained in the image headers.
One further feature of the present invention is that in order to reduce the time to decrypt image datasets, only a portion of the image data is encrypted by the acquisition computers. Further, optionally, the image headers are encrypted at the image acquisition computers, and decrypted at the image display devices.
Other objects, features and advantages of the present invention will become apparent upon perusal of the following detailed description when taken in conjunction with the appended drawing, wherein:
REFERENCES:
patent: 4833625 (1989-05-01), Fisher et al.
patent: 5050212 (1991-09-01), Dyson
patent: 5136647 (1992-08-01), Haber et al.
patent: 5367672 (1994-11-01), Takagi
patent: 5546572 (1996-08-01), Seto et al.
patent: 5579393 (1996-11-01), Conner et al.
patent: 5706457 (1998-01-01), Dwyer et al.
patent: 0332322 (1989-02-01), None
Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. Chapter 10 p. 226, 1996*
“A Crypotologic Based Trust Center for Medical Images”, S. Wong, Journal of the American Medical Informatics Association, vol. 3, No. 6, Nov./Dec. 1996, p. 410-421.
Wong Stephen T.
Yu James Yuan-Pin
Hayes Gail
Jackson Jenise
Koninklijke Philips Electronics , N.V.
Vodopia John
LandOfFree
Digital trust center for medical image authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Digital trust center for medical image authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Digital trust center for medical image authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3051916