7.1. Security Profiles

7.1.1. Secure Transport Connection Profiles

dcm4che DICOM Archive 5 supports the Basic TLS Secure Transport Connection Profile and the AES TLS Secure Transport Connection Profile as specified in DICOM Standard, Part 15, Annex B.1 and Annex B.3.

By default configuration, TLS 1.0, TLS 1.1 and TLS 1.2 are enabled, use of TLS 1.2 is preferred.

Also other cipher suite options than the two in compliance with AES TLS Secure Transport Connection Profile:

• TLS_RSA_WITH_AES_128_CBC_SHA

• TLS_RSA_WITH_3DES_EDE_CBC_SHA

may be configured.

Beside DICOM DIMSE service connections, also HL7 v2 and HTTP connections can be secured by use of TLS.

IP ports on which an implementation accepts TLS connections are configurable.

The private key and the Certificate used by an instance of dcm4che DICOM Archive 5 to identify itself in the TLS negotiation with remote applications has to be provided in a local keystore file in PKCS12 or JKS (Java Key Store) format on the application host. Certificates of Certificate Authorities (CA) to validate Certificates received from remote applications during the TLS negotiation can also be provided in a local keystore file in JKS format or at the central LDAP server, used as configuration backend for all instances of dcm4che DICOM Archive 5.

7.1.2. Network Address Management Profiles

dcm4che DICOM Archive 5 supports the Basic Network Address Management Profile as DHCP Client and DNS Client actor utilizing network configuration options of the underlying operating system. S. DICOM Standard, Part 15, Annex F.1.

7.1.3. Time Synchronization Profiles

dcm4che DICOM Archive 5 supports the Basic Time Synchronization Profile as DHCP Client and NTP Client actor utilizing time synchronization options of the underlying operating system. S. DICOM Standard, Part 15, Annex G.1.

7.1.4. Application Configuration Management Profiles

dcm4che DICOM Archive 5 supports the Application Configuration Management Profile as LDAP Client actor. Any LDAP v3 compatible LDAP server can be used as configuration backend for multiple instances of dcm4che DICOM Archive 5 - and may also be shared with external DICOM applications which also supports the Application Configuration Management Profile as LDAP Client actor. S. DICOM Standard, Part 15, Annex H.1.

7.1.5. Audit Trail Profiles

7.1.5.1. Audit Trail Message Format Profile

dcm4che DICOM Archive 5 supports the Audit Trail Message Format Profile as specified in DICOM Standard, Part 15, Annex A.5.

7.1.5.1.1. Audit Messages

• 7.1.5.1.1.1. General Message Format Conventions
  • 7.1.5.1.1.1.1. Message Structure
• 7.1.5.1.1.2. Application Activity
  • 7.1.5.1.1.2.1. Trigger Events
  • 7.1.5.1.1.2.2. Message Structure
  • 7.1.5.1.1.2.3. Sample Messages
    • 7.1.5.1.1.2.3.1. Application Activity Message - Application Start - Startup of archive / Deploy archive ear file
    • 7.1.5.1.1.2.3.2. Application Activity Message - Application Start - Using REST service
    • 7.1.5.1.1.2.3.3. Application Activity Message - Application Stop - Shutdown of archive / Undeploy archive ear file
    • 7.1.5.1.1.2.3.4. Application Activity Message - Application Stop - Using REST service
• 7.1.5.1.1.3. Audit Log Used
  • 7.1.5.1.1.3.1. Trigger Events
  • 7.1.5.1.1.3.2. Message Structure
  • 7.1.5.1.1.3.3. Sample Message
• 7.1.5.1.1.4. Begin Transferring DICOM Instances
  • 7.1.5.1.1.4.1. Trigger Events
  • 7.1.5.1.1.4.2. Message Structure
  • 7.1.5.1.1.4.3. Sample Message
• 7.1.5.1.1.5. Data Export
  • 7.1.5.1.1.5.1. Trigger Events
  • 7.1.5.1.1.5.2. Message Structure
  • 7.1.5.1.1.5.3. Sample Message
• 7.1.5.1.1.6. DICOM Instances Accessed
  • 7.1.5.1.1.6.1. Trigger Events
  • 7.1.5.1.1.6.2. Message Structure
  • 7.1.5.1.1.6.3. Sample Message
• 7.1.5.1.1.7. DICOM Instances Transferred
  • 7.1.5.1.1.7.1. Trigger Events
  • 7.1.5.1.1.7.2. Message Structure
  • 7.1.5.1.1.7.3. Sample Message
• 7.1.5.1.1.8. DICOM Study Deleted
  • 7.1.5.1.1.8.1. Trigger Events
  • 7.1.5.1.1.8.2. Message Structure
  • 7.1.5.1.1.8.3. Sample Messages
    • 7.1.5.1.1.8.3.1. Study completely rejected using unsecured archive UI
    • 7.1.5.1.1.8.3.2. Study completely rejected on store of rejection note by STOW-RS REST Services
    • 7.1.5.1.1.8.3.3. Study completely rejected on store of rejection note over DICOM C-Store
    • 7.1.5.1.1.8.3.4. Study permanently deleted using unsecured archive UI
    • 7.1.5.1.1.8.3.5. Study permanently deleted on deletion of patient using unsecured archive UI
    • 7.1.5.1.1.8.3.6. Study deleted on reimporting a study using unsecured archive UI
    • 7.1.5.1.1.8.3.7. Expired study completely rejected by Reject Expired Studies Scheduler
    • 7.1.5.1.1.8.3.8. Study completely deleted by Purge Storage Scheduler
    • 7.1.5.1.1.8.3.9. Previous study completely rejected on subsequent receive of objects with same SOP Instance UID but different Study/Series Instance UIDs
    • 7.1.5.1.1.8.3.10. Study completely rejected in external archive
• 7.1.5.1.1.9. Query
  • 7.1.5.1.1.9.1. Trigger Events
  • 7.1.5.1.1.9.2. Message Structure
  • 7.1.5.1.1.9.3. Sample Message
• 7.1.5.1.1.10. Patient Record
  • 7.1.5.1.1.10.1. Trigger Events
  • 7.1.5.1.1.10.2. Message Structure
  • 7.1.5.1.1.10.3. Sample Message
• 7.1.5.1.1.11. Procedure Record
  • 7.1.5.1.1.11.1. Trigger Events
  • 7.1.5.1.1.11.2. Message Structure
  • 7.1.5.1.1.11.3. Sample Message
• 7.1.5.1.1.12. Security Alert
  • 7.1.5.1.1.12.1. Trigger Events
  • 7.1.5.1.1.12.2. Message Structure
  • 7.1.5.1.1.12.3. Sample Message
• 7.1.5.1.1.13. User Authentication
  • 7.1.5.1.1.13.1. Trigger Events
  • 7.1.5.1.1.13.2. Message Structure
  • 7.1.5.1.1.13.3. Sample Message

7.1.5.2. Audit Trail Message Transmission Profile - SYSLOG-TLS

dcm4che DICOM Archive 5 supports the Audit Trail Message Transmission Profile - SYSLOG-TLS as specified in DICOM Standard, Part 15, Annex A.6.

7.1.5.3. Audit Trail Message Transmission Profile - SYSLOG-UDP

dcm4che DICOM Archive 5 supports the Audit Trail Message Transmission Profile - SYSLOG-UDP as specified in DICOM Standard, Part 15, Annex A.7.

7.1.6. Attribute Confidentiality Profiles

7.1.6.1. Basic Application Level Confidentiality Profile

dcm4che DICOM Archive 5 supports the Basic Application Level Confidentiality Profile as specified in DICOM Standard, Part 15, Annex E.2 with the Basic Application Level Confidentiality Options:

• Retain Longitudinal Temporal Information Full Dates Option as specified in DICOM Standard, Part 15, Annex E.3.6

• Retain Device Identity Option as specified in DICOM Standard, Part 15, Annex E.3.8

• Retain UIDs Option as specified in DICOM Standard, Part 15, Annex E.3.9

• Retain Institution Identity Option as specified in DICOM Standard, Part 15, Annex E.3.11

7.1.6.1.1. Attributes removed or replaced

One can directly refer the table Application Level Confidentiality Profile Attributes with different action codes to see the list of attributes supported dependent on the applied Basic Application Level Confidentiality Option.

In addition to the above list of attributes, below table lists out the private attributes and some more DICOM attributes which are missing in Application Level Confidentiality Profile Attributes to be removed.

Table 7.80 Attributes removed during protection

Attributes
Private Attributes
Patient Create Date Time (7777,0010)
Patient Update Date Time (7777,0011)
Study Receive Date Time (7777,0020)
Study Update Date Time (7777,0021)
Study Access Date Time (7777,0022)
Study Expiration Date (7777,0023)
Study Rejection State (7777,0024)
Study Completeness (7777,0025)
Failed Retrieves Of Study (7777,0026)
Study Access Control ID (7777,0027)
Storage IDs of Study (7777,0028)
Study Size in KB (7777,0029)
Study Size Bytes (7777,002A)
Series Receive Date Time (7777,0030)
Series Update Date Time (7777,0031)
Series Expiration Date (7777,0033)
Series Rejection State (7777,0034)
Series Completeness (7777,0035)
Failed Retrieves Of Series (7777,0036)
Sending Application Entity Title Of Series (7777,0037)
Scheduled Metadata Update Date Time Of Series (7777,0038)
Scheduled Instance Record Purge Date Time Of Series (7777,0039)
Instance Record Purge State Of Series (7777,003A)
Series Metadata Storage ID (7777,003B)
Series Metadata Storage Path (7777,003C)
Series Metadata Storage Object Size (7777,003D)
Series Metadata Storage Object Digest (7777,003E)
Instance Receive Date Time (7777,0040)
Instance Update Date Time (7777,0041)
Rejection Code Sequence (7777,0042)
Instance External Retrieve AE Title (7777,0043)
Storage ID (7777,0050)
Storage Path (7777,0051)
Storage Transfer Syntax UID (7777,0052)
Storage Object Size (7777,0053)
Storage Object Digest (7777,0054)
Other Storage Sequence (7777,0055)
X Road Person Status (7777,00E0)
X Road Data Status (7777,00E1)
X - Remove (missing in Part 15)
Human Performer Code Sequence (0040,4009)
Issuer of Accession Number Sequence (0008,0051)
Issuer of Admission ID Sequence (0038,0014)
Issuer of Patient ID Qualifiers Sequence (0010,0024)
Patient’s Size Code Sequence (0010,1021)
Requesting Physician Identification Sequence (0032,1031)
Requesting Service Code Sequence (0032,1034)
Series Description Code Sequence (0008,103F)
X - Remove (missing in Part 15) if Retain Longitudinal Temporal Information Full Dates Option not configured
Instance Creation Date (0008,0012)
Instance Creation Time (0008,0013)

7.1.6.1.2. Inserted dummy values

Following table lists attributes and the dummy values which are used to replace the attributes’ values

Table 7.81 Dummy values used to replace the attributes’ values

Attributes	VR	Dummy Value
Series Date (0008,0021)	DA	19991111
Content Date (0008,0023)
Patient’s Birth Date (0010,0030)
Acquisition Date (0008,0022)
Admitting Date (0038,0020)
Study Date (0008,0020)
Acquisition Date Time (0008,002A)	DT	19991111111111
Start Acquisition Date Time (0018,9516)
End Acquisition Date Time (0018,9517)
Verification Date Time (0040,A030)
Series Time (0008,0031)	TM	111111
Content Time (0008,0033)
Acquisition Time (0008,0032)
Admitting Time (0038,0021)
Study Time (0008,0030)
Acquisition Device Processing Description (0018,1400)	LO	REMOVED
Contrast Bolus Agent (0018,0010)
Protocol Name (0018,1030)
Verifying Organization (0040,A027)
Device Serial Number (0018,1000)
Institution Name (0008,0080)
Filler Order Number / Imaging Service Request (0040,2017)
Patient ID (0010,0020)
Placer Order Number / Imaging Service Request (0040,2016)
Requested Procedure Description (0032,1060)
Patient’s Sex Neutered (0010,2203)	CS
Patient’s Sex (0010,0040)
Detector ID (0018,700A)	SH
Station Name (0008,1010)
Accession Number (0008,0050)
Study ID (0020,0010)
Dose Reference UID (300A,0013)	UI
Operators Name (0008,1070)	PN
Person Name (0040,A123)
Verifying Observer Name (0040,A075)
Consulting Physician’s Name (0008,009C)
Content Creator’s Name (0070,0084)
Patient’s Name (0010,0010)
Referring Physician’s Name (0008,0090)
Reviewer Name (300E,0008)

7.1.6.1.3. Encrypted Attributes Data Sets

Encryption of attributes data sets for later re-identification is not supported.

7.1.6.1.4. Scope of Referential Integrity of Replacement Values for UIDs

Replacement UIDs are derived from the original UID by using the algorithm for Creating Name-Based UUIDs as specified in RFC 4122: A Universally Unique Identifier (UUID) URN Namespace, encoded as UID according Object Identifier (OID) Repository. Therefore equal original UIDs in different DICOM objects also across Studies or Patients are replaced by equal new UIDs in resulting objects.