1. Field of the Invention
The present invention relates generally to systems for management of image information including digital images and associated data by maintaining at least one central electronic archive which may be accessed over a digital data network or other communications link by remote viewing stations. In its particular aspects, the present invention relates to Picture Archiving and Communications Systems (PACS) or similar systems for medical images in association with a so-called xe2x80x9cdigital trust centerxe2x80x9d for enabling authentication of the image information.
2. Description of the Related Art
Such a system is described in S. Wong, xe2x80x9cA Cryptologic Based Trust Center for Medical Imagesxe2x80x9d, Journal of the American Medical Informatics Association, Vol. 3 No. 6, Nov./Dec. 1996, pp. 410-421, written by one of the inventors herein.
Image management systems for hospitals and similar healthcare giving organizations, which systems are known by the acronym PACS, may serve an entire hospital department, such as radiology, an entire hospital, or multiple hospitals. For the purposes of this application, PACS refers to a system devoted to the management of digital medical images or the pertinent part of a data management system for hospital or patient information which includes these functions. In a PACS, digital images acquired from image acquisition devices such as X-ray, CT, MRI, PET, nuclear medicine, and ultrasound, or the scanning of film, and data associated with such images are sent electronically by their respective associated acquisition computers over a local or wide area network to a central PACS archive server, which accesses and manages an electronic image data store or archive. Identified images may then be requested electronically at any of plurality of remote viewing or display stations in communication with the PACS archive server via the network or another communications link, such as a telephone line, in response to which request, they are retrieved by the PACS archive server from the data store and sent to the requesting station.
Particularly as such systems become more ubiquitous and extensive in size, and network links or gateways are provided to other information system resources of the institution, and possibly to the Internet, the potential exists for unauthorized access to the workstations, networks or servers of the system by persons of malevolent intent. Consequently, in addition to the possibility of files being corrupted by equipment malfunction, there is the danger of acts of sabotage where images could be surreptitiously substituted or modified in the data store or injected into the network. The use of spurious or corrupted images for purposes of diagnosis or treatment could, of course, have disastrous consequences for the patient. Further, there is the danger that unauthorized persons could obtain the medical images and/or other private electronic medical records with the intent of using them for improper purposes.
The cited article indicates that it would be beneficial to integrate cryptographic techniques and PACS to protect the confidentiality and determine the authenticity of digital images in hospitals using a so-called xe2x80x9cdigital trust centerxe2x80x9d in which an authentication server is provided to attach a hash value (a so called xe2x80x9cdigital fingerprintxe2x80x9d) derived from the image data set to an incoming image dataset so that the hash is stored with the image data set in the image data store maintained by the PACS archive server. In response to a query from a display station identifying the image by ID number or patient name, the PACS archive server can check the authenticity of the image data set by comparing the stored hash with one it computes from the stored image data set.
The system suggested by the cited article is unacceptably vulnerable to attack or compromise of authenticity and security in the link(s) between the acquisition computers closely associated with the various imaging devices and the PACS archive server and in the link(s) between the archive server and the various display stations.
It is an object of the present invention to provide, in or in association with an image archive server or other information management system including management of images, an authentication and security system which includes at least partial image file encryption and extraction of authentication information at the image acquisition computers closely associated with the various imaging devices and which includes image file decryption and authentication at the display stations. It is another object of the present invention that authenticity be determined by comparing information derived from the image dataset at the time of authentication with independently maintained information previously captured by the image acquisition computers and maintained by an authentication server. Lastly, it is another object that the means or functionality for authentication and for security be integrated coherently into the centralized data management configuration of a PACS or similar system in a transparent and seamless manner, and that the demands of decryption and authentication be accomplished at the display stations with acceptable delays.
Briefly, the aforementioned and other objects are satisfied by providing in association with an image management system, an authentication and security system comprising an authentication server or so-called xe2x80x9cdigital trust centerxe2x80x9d which maintains and stores hashes and corresponding time stamps indicating the times of receipt of the respective hashes, and provides them on request in encrypted form, and further functionality in the image acquisition computers and the display stations to provide for security and to interact with the authentication server for authentication purposes. Thus the acquisition computers are configured for pre-processing image datasets of acquired digital images (or sequences of images) each image or sequence comprising a header and image data, including performing any required image compression, encrypting at least a portion of the image data, computing hashes and providing them to the authentication server, receiving time stamps from the authentication server, inserting the time stamps in the image headers, and sending the thereby modified image datasets to the image archive server. Further, the image display stations are configured for performing any required image decompression, decrypting image datasets, computing hashes from decrypted image datasets, obtaining and decrytping stored hashes from the authentication server and comparing the decrypted hashes obtained from the authentication server with the locally computed hashes. For more thorough authentication, the time stamps obtained from the authentication server, after decryption at the image display stations, may be compared with the time stamps contained in the image headers.
One further feature of the present invention is that in order to reduce the time to decrypt image datasets, only a portion of the image data is encrypted by the acquisition computers. Further, optionally, the image headers are encrypted at the image acquisition computers, and decrypted at the image display devices.
Other objects, features and advantages of the present invention will become apparent upon perusal of the following detailed description when taken in conjunction with the appended drawing, wherein: