DICOM transport security profile - DICOM

This is a discussion on DICOM transport security profile - DICOM ; Hi, I have questions on the transport security profile. 1) Entity Authentication: Does it mean the SCP must verify the certificates of the modalities or is it the other way around, or both? 2) What should SCP check in the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: DICOM transport security profile

  1. DICOM transport security profile

    Hi,

    I have questions on the transport security profile.

    1) Entity Authentication:

    Does it mean the SCP must verify the certificates of the modalities or
    is it the other way around, or both?

    2) What should SCP check in the certificates from the SCU?

    Thanks

  2. Re: DICOM transport security profile

    Thanh wrote:
    > I have questions on the transport security profile.
    > 1) Entity Authentication:
    > Does it mean the SCP must verify the certificates of the modalities or
    > is it the other way around, or both?


    That is implementation dependent. Typically a two-way authentication
    would be used, although the TLS protocol also supports a one-way
    authentication in which one party remains anonymous.

    > 2) What should SCP check in the certificates from the SCU?


    The usual validity check, verifying that the remote entity owns the
    private key corresponding to the public key contained in the
    certificate, that the certificate is valid (expiry period etc.)
    and signed by a certification authority that is trusted by this system,
    possibly through a chain of trust relationships up to a root CA.
    All of this is standard TLS stuff and in no way DICOM specific.

    Regards,
    Marco Eichelberg

+ Reply to Thread