WO2005039103A1 - Arrangement within the field of biomedicine - Google Patents

Arrangement within the field of biomedicine Download PDF

Info

Publication number
WO2005039103A1
WO2005039103A1 PCT/SE2004/001523 SE2004001523W WO2005039103A1 WO 2005039103 A1 WO2005039103 A1 WO 2005039103A1 SE 2004001523 W SE2004001523 W SE 2004001523W WO 2005039103 A1 WO2005039103 A1 WO 2005039103A1
Authority
WO
WIPO (PCT)
Prior art keywords
picture
time
unit
arrangement
information
Prior art date
Application number
PCT/SE2004/001523
Other languages
French (fr)
Inventor
Margareta KÖNIG
Mats Malmqvist
Original Assignee
Koenig Margareta
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koenig Margareta filed Critical Koenig Margareta
Publication of WO2005039103A1 publication Critical patent/WO2005039103A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the modified picture may not contain elements that the image editor believed to be unimportant, but which another person may have considered important from an overall viewpoint.
  • small "self deceptions” are more common than is probably imagined and there is sometimes a hair-fine boundary between touching up a picture to accentuate what it shows and removing information that may contradict the claimed result.
  • there may even be reasons e.g. obtaining research grants, employees feeling the pressure to show results, etc.
  • a further disadvantage of this system is that it is not computerised. Administration via logbooks impedes both searching for results and exchanging information inside and outside the company.
  • the present invention proposes a system that solves these problems and makes it difficult to cheat or to unintentionally adjust pictures incorrectly in the photograph stages.
  • the system is computerised and comprises a digital logbook in which it is possible to study the unedited, original photograph and various adjusted versions. Thus, in cases of uncertainty, it is always possible to access the original picture and have an independent party make any adjustments.
  • a further advantage of the system is that every original photograph that is adjusted can be traced back to the point of time when it was saved.
  • the proposed system additionally entails a simple process for administering digital logbooks.
  • the invention uses a technique involving time stamps and digital signatures. These are detailed hereinafter.
  • the invention does not modify the customary testing procedures.
  • Use of the invention begins only when a digital photograph of test results is taken. When taken, the photograph is time stamped and signed using a digital signature. It is then sent directly to the change tracker.
  • Time stamping can advantageously be carried out over the internet by an authorised time stamping company. This involves encrypted time information being linked to the picture.
  • the signature is created by the analyst signing with a unique digital signature that automatically links his/her name to the digital picture. This picture is completely unmodified and provides the basis for the photograph of the test results.
  • the picture is given a first version number (e.g. 1.0) and is a digitally unaltered reproduction of the test results. The authenticity of the picture is safeguarded by the time stamp and the digital signature.
  • raw data (version 1.0) can be downloaded and touched up in an image editing program, e.g. Photoshop. Work can be done on this picture over several days and saved locally.
  • image editing program e.g. Photoshop. Work can be done on this picture over several days and saved locally.
  • the picture can be uploaded to the change tracker.
  • the picture is time stamped, signed digitally and then saved (by the change tracker) under a new version number (1.0xxx). This means that several different variants of the picture can be saved in an unambiguous way.
  • the picture with the raw data remains available throughout and it is possible to identify the various aspects that the image editor has chosen to emphasise in other versions.
  • Digital signatures can be used to: ensure that electronically transmitted information packages are not altered; verify who has sent information; and, prevent the sender later denying the sending of the message.
  • the connection between a digital signature and a definite person can be testified in a certificate.
  • the certificates are issued by a trusted third party, a Certification Authority (CA).
  • a digital signature is a function that guarantees the contents and authenticity of an electronic document.
  • the function is the result of a combination of asymmetric encryption technology and hash function technology.
  • the hash function is used first to create a compressed package of the electronic document. In this package, the document is firmly tied to the original message.
  • the asymmetric encryption with a private (secret) key, ties the originator to the compressed package.
  • a "global time stamp” involves a checksum (calculated on the data) and time information being signed by a "trusted third party" (TTP).
  • TTP trusted third party
  • the time stamp comprises a checksum, time, signature and information (the "certificate") identifying the trusted third party.
  • any future investigator can determine whether information has been changed after the time stamping. It is perhaps worth noting that only the checksum (and not the information) is sent to the TTP.
  • Figure 1 shows a schematic overview of the system.
  • Figure 2 shows a block diagram of a first possible design of the invention.
  • Figure 3 shows a block diagram of a second possible design of the invention.
  • Figure 4 shows a block diagram of a third possible design of the invention.
  • Figure 5 shows a block diagram of a fourth possible design of the invention.
  • Figure 6 shows an example of a system design in practice (with an external change tracker, "picture storage provider")
  • FIG. 1 shows a schematic overview of the system.
  • Photographic documentation equipment takes a picture of the laboratory test. This picture is time stamped and signed using a digital signature. It then goes to the change tracking system where a first, unmodified version is stored.
  • Said change tracker comprises a computer that communicates with the time stamping and signature units so that pictures or documents that are uploaded to the system are given a time stamp (corresponding to the time of uploading) and a digital signature.
  • the files, with their attached time stamp and digital signature are saved digitally on a specially created (for the change tracker) area of a hard disk.
  • the files are given a version number corresponding to the file's "history".
  • the original data from the photographic equipment is given version number "1.0".
  • other numbering variants can also be used. Only original data from the photographic equipment is given a first version number (e.g. 1.0).
  • FIRST to FOURTH a number of designs (FIRST to FOURTH) are described using various block arrangements with the image editor also serving as the change tracker.
  • FIFTH design where the image editor interacts with an external change tracker (picture storage provider) via a communication medium, e.g. the internet or similar.
  • FIG. 2 shows a block diagram of a first possible design of the invention.
  • the time stamping unit (201 ) and the signature unit (203) are built into the reproduction unit.
  • Reproduction unit here means equipment such as cameras and scanners.
  • One of the photograph documentation components (200) in the reproduction unit scans or photographs the object to be reproduced, e.g. a microplate. How photographing/scanning is carried out is not of importance to the invention.
  • a digital picture is created. This picture is sent directly to time stamping unit 201 , where it receives a time stamp.
  • Time stamping unit 201 calculates a unique hash value for the picture.
  • Via communication unit 202 unit 201 makes contact with an authorised time stamping company and sends a checksum.
  • a time stamp comprising a checksum, time, signature and information is returned to the time stamping unit. Contact can be via the internet, the telephone system or other communication equipment. Under these conditions, both the time stamping unit (201 ) and the communication unit (202) can be software.
  • Signature unit 203 is to add one or more digital signatures to the digital picture.
  • signature unit 203 requests a code that is necessary for digitally signing the picture. It then signs the picture.
  • This code could be, for example: a personal number combination that is keyed in by the operator; a code based on a fingerprint, DNA or retina scan; or, a code on a personal card that is read digitally.
  • Signature unit 203 can-also add a reproduction unit unique number to the picture and, to assist the change tracker, a version identification number. Under these conditions, the signature unit (203) can be software.
  • the time stamped and electronically signed picture is then sent from the reproduction unit to the change tracking system (205). Assigning it a version number, change tracking system 205 saves the time stamped and electronically signed picture. As this picture is based on untreated raw data from photographing/scanning, it is stored as such and cannot be modified without changing the version number. From the change tracking system (205) an image editing program can now download the picture and adjust it as necessary. When worthwhile adjustment has been made, the adjusted picture can be uploaded to change tracker 205 so that a new version of the picture can be stored. To time stamp the new version, change tracker 205 contacts time stamping unit 201 via communication unit 202. The time stamped picture is then sent to signature unit 203 for digital signing.
  • the picture once again returns (time stamped and electronically signed) to change tracking system 205, where it receives a new version number. Consequently, it is possible to follow the various handling stages through which a picture has gone and see its entire history.
  • the image editing program can thus download both new and old versions as well as create new versions in the way described above.
  • FIG. 3 shows a block diagram of a second design.
  • time stamping unit 301 time stamps the picture using the time it receives from timer 304.
  • Timer 304 is a clock, the time of which cannot be altered. It is powered by an in-built battery that lasts throughout the timer's service life. To ensure its credibility, communication is encrypted internally using a key that is installed during the production of the timer.
  • Time stamping unit 301 uses the time from timer 304 and enters encrypted time information and a checksum. These make it possible for an independent examiner to determine the point of time at which the information was created. The advantage of this design is that the equipment is not dependent on a continuous connection to an authorised time stamp provider.
  • Time stamping unit 304 can be software.
  • the encryption key can be time limited and replaced using encrypted key updating from an external party. This key transfer can also take place over the internet, the telephone system or other type of communication means. In this way, the timer can receive a time limited certificate that can itself be updated at a later date.
  • Figure 4 shows a block diagram of a third possible design.
  • time stamping and signing takes place in a unit that is separate from the reproduction unit.
  • Communication between the reproduction unit and this separate unit is encrypted.
  • Said communication can take place via various communication channels, e.g. series port, parallel port, ethernet, USB, firewire or other communication means.
  • the encryption of the communication between the reproduction unit and the external unit is analogue.
  • the reproduction unit sends an encrypted digital picture to communication unit 401.
  • the picture then goes to time stamping unit 402 to be time stamped.
  • Time stamping unit 402 calculates a unique hash value for the picture and, via communication unit 401 , makes contact with an authorised time stamping company and sends a checksum.
  • a time stamp comprising a checksum, time, signature and information is returned to time stamping unit 402.
  • Contact can be via the internet, the telephone system or other communication equipment. Under these conditions, both the time stamping unit (402) and the communication unit (401 ) can be software.
  • Signature unit 403's function is to add one or more electronic signatures to the digital picture. Via communication unit 404, signature unit 403 requests a code that is necessary for electronically signing the picture. It then signs the picture. Signature unit 403 can also add a reproduction unit unique number to the picture and, to assist the change tracker, a version identification number. Under these conditions, the time signature unit (403) can be software.
  • the time stamped and electronically signed picture is then sent from the reproduction unit to the change tracking system (405).
  • communication unit 404 With the difference that communication is via communication unit 404, communication between the change tracking system and the separate unit is as per design one. Under these conditions, both the time signature unit (403) and the communication unit (404) can be software.
  • FIG. 5 shows a block diagram of a fourth possible design.
  • the principle difference between the third and fourth designs is that the timer (504) has been placed in the separate unit.
  • time stamping unit 502 time stamps the picture using the time it receives from timer 504.
  • Timer 504 is a clock, the time of which cannot be altered. It is powered by an in-built battery that lasts throughout the equipment's service life. To ensure its credibility, communication is encrypted internally using a key that is installed during the production of the timer.
  • Time stamping unit 502 uses the time from timer 504 and enters an encrypted time and a checksum. These make it possible for an independent examiner to determine the point of time at which the information was created.
  • the advantage of this design is that the equipment is not dependent on a continuous connection to an authorised time stamp provider.
  • Time stamping unit 502 can be software.
  • the encryption key can be time limited and replaced using encrypted key updating from an external party. This key transfer can also take place over the internet, the telephone system or other type of communication means. In this way, the timer can receive a time limited certificate that can itself be updated at a later date.
  • Figure 6 shows a diagram of a design with an external change tracker, here called “picture storage provider” or “storage provider”.
  • picture storage provider or “storage provider”.
  • This design integrates into the selected program and technology solutions set out in the designs described above.
  • the description below introduces slightly different terminology such as “operator” (the picture creator), etc. These are made clear in the text. See figure 6.
  • the main actor is the operator, e.g. a research laboratory or a DNA analysis laboratory that has prepared an object (1 ) that it wishes to be pictorially documented.
  • This object (1 ) is here sketched as being placed on a table with a suitable background, lighting, etc.
  • the operator has an appropriate system (software, chip with microcode, account with a storage provider, etc.).
  • the camera (2) is connected, via an interface (3), to the operator's computer (4). To help in composing the picture, this shows what the camera sees. Via the chosen communication medium, e.g. the internet, the interface (3) can communicate directly with the picture storage provider.
  • the computer (4) is connected, via a secure line (5), to the communication medium (6) - internet, telephone line/broadband modem, fibre cable, etc. - to the picture storage provider (7).
  • the picture storage provider in its turn, is connected (8) to the medium and, thereby, also to an external time information provider (9) or to its own, secure time delivery system (10).
  • an external time information provider 9 or to its own, secure time delivery system (10).
  • the picture storage provider may have access to, and also be connected to, other suppliers (12) of, for example, encryption programs or other programs of interest to the picture storage provider, operator or any customers to which, for the purpose of obtaining copies of pictures, the operator has granted access to the picture storage provider's service.
  • the operator who is on-line with the picture storage provider, decides when the object is ready to be photographed.
  • the picture storage provider receives the go-ahead from the operator, the provider sends a trigger signal to the interface (3) and the operator's computer.
  • the time of the trigger signal is unknown to the operator, but it is within milliseconds of the go-ahead.
  • the trigger signal is processed in the interface. Via a signal to the camera, this commences the picture taking process.
  • the signal may carry encrypted time information that the interface obtained directly from the picture storage provider and which can only be interpreted by the software in the interface.
  • the security of the software can be safeguarded by, for example, microcode in a unique chip (or any other accepted means).
  • the picture taken at this point is automatically "defined” as the original and is instantaneously sent to the storage provider where it is provided (integrated) with encrypted time information, a picture identification code, information on the connected operator, etc. It is then stored in a register of originals and also in a physically separate service register at the picture storage provider's premises. Before storage, the calculation/attribution of picture authentication codes, etc. takes place partly in the interface and partly within the picture storage provider's facilities. This process cannot be affected by the operator (i.e. the creator of the picture).
  • the picture defined as the original is physically tied to the added picture security information. This latter cannot be removed from the original without the original becoming unusable or it being readily obvious that the picture is not classed as an original and that it has been modified/manipulated.
  • the picture storage provider holds the authentic original and, at the same time, a copy defined as original.
  • a "picture service” this can be made available, in accordance with the operator's wishes and own needs, to stipulated "interested parties”.
  • the service embraces dispatch and reception of pictures (copies, etc.), each request or event being automatically logged with, amongst other things, time, identity, account, storage, etc. information.
  • the first copy (in all respects "authenticity safeguarded") is automatically and immediately sent back to the operator. Neither the operator nor anyone else can remove the authenticity information. Similarly, it cannot be called up in any way that makes it understandable and accessible for public purposes. However, the operator can modify/manipulate the picture and instruct the storage provider that the modified picture is to be stored and (with the new picture's authenticity information revealed and available for public purposes) made accessible to others, etc. (as per any agreements on scope, etc.).
  • Deviation is calculated/quantified by the picture storage provider and linked to the relevant picture in the storage medium. It is only made available on order and, for example, in different classes (as per agreement with the operator).
  • the essentials of the above-detailed application of the invention are that: a) the operator and picture storage provider have separate roles. b) picture taking is effected in a system that is controlled entirely by the picture storage provider. c) picture taking occurs after the object, camera, etc. have been correctly adjusted, but otherwise without the operator's participation. It is also automatic through online connection via an unbroken, electronic communication line that itself senses if it is incorrectly connected. d) an externally involved party acts as the authorised issuer of the definition and the authenticity information of the original picture, e) each copy receives its own authenticity declaration and sequence number through an external party (the picture storage provider/change tracker) and not through the operator or any other party.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

Within the field of biomedicine, an arrangement for photographing results and transforming the photographs into a data signal that is then provided with time information and a signature in data form. In their data form, the photographs care manipulated and stored in a database. In the system represented by the present invention, the original picture is saved in a database before it is manipulated in the database. The manipulated pictures are then stored in data form.

Description

ARRANGEMENT WITHIN THE FIELD OF BIOMEDICINE BACKGROUND TO THE INVENTION
In the biotechnology industry, photographs are often used as proof of test results. Thus, it is of the greatest importance that such photographs are as authentic as possible. Even the date of testing is important as evidence of who was first with a result. Furthermore, pharmaceuticals agencies such as the USA's FDA place strict requirements on the administration of tests. Currently, many biotechnology companies and research institutes use a system that involves the photographs being manually signed by the person who carried out the analysis. These may then be countersigned by another person who certifies that everything has been properly executed. The photographs are then manually pasted into books. This normally takes place after the picture has been touched up in an image editing program, e.g. Photoshop. There are legitimate reasons for such adjustments, e.g. to improve contrasts, remove "noise" and other distracting phenomena from the picture, etc. The picture is then printed out, signed and entered in a logbook. Thus, what is stored in the logbook is the image-edited picture. There are several disadvantages with this methodology. For example, the modified picture may not contain elements that the image editor believed to be unimportant, but which another person may have considered important from an overall viewpoint. Unfortunately, small "self deceptions" are more common than is probably imagined and there is sometimes a hair-fine boundary between touching up a picture to accentuate what it shows and removing information that may contradict the claimed result. In individual cases, there may even be reasons (e.g. obtaining research grants, employees feeling the pressure to show results, etc.) for deliberate "cheating". As the original photograph is normally thrown away after use of image editing software, it is very difficult to discover such lapses or cheating. A further disadvantage of this system is that it is not computerised. Administration via logbooks impedes both searching for results and exchanging information inside and outside the company.
DESCRIPTION
The present invention proposes a system that solves these problems and makes it difficult to cheat or to unintentionally adjust pictures incorrectly in the photograph stages.
The system is computerised and comprises a digital logbook in which it is possible to study the unedited, original photograph and various adjusted versions. Thus, in cases of uncertainty, it is always possible to access the original picture and have an independent party make any adjustments. A further advantage of the system is that every original photograph that is adjusted can be traced back to the point of time when it was saved. The proposed system additionally entails a simple process for administering digital logbooks.
The invention uses a technique involving time stamps and digital signatures. These are detailed hereinafter.
The invention does not modify the customary testing procedures. Use of the invention begins only when a digital photograph of test results is taken. When taken, the photograph is time stamped and signed using a digital signature. It is then sent directly to the change tracker. Time stamping can advantageously be carried out over the internet by an authorised time stamping company. This involves encrypted time information being linked to the picture. The signature is created by the analyst signing with a unique digital signature that automatically links his/her name to the digital picture. This picture is completely unmodified and provides the basis for the photograph of the test results. The picture is given a first version number (e.g. 1.0) and is a digitally unaltered reproduction of the test results. The authenticity of the picture is safeguarded by the time stamp and the digital signature.
From the change tracker, raw data (version 1.0) can be downloaded and touched up in an image editing program, e.g. Photoshop. Work can be done on this picture over several days and saved locally. When all the desired adjustments have been made (e.g. lines sharpened), the picture can be uploaded to the change tracker. The picture is time stamped, signed digitally and then saved (by the change tracker) under a new version number (1.0xxx). This means that several different variants of the picture can be saved in an unambiguous way. The picture with the raw data remains available throughout and it is possible to identify the various aspects that the image editor has chosen to emphasise in other versions.
Consequently, by studying the versions up until the final picture, it is possible to follow the steps that an image editor has taken to achieve a certain result. All of this ensures increased security in the laboratory. The risk of unintentional errors and "cheating" is considerably reduced. To cheat, the individual now has to manipulate the test itself. Earlier, it was possible to adjust the picture manually, or in Photoshop, and edit out "inconvenient" details.
As information is stored digitally, comparison with other results is facilitated and pictures can be sent to other people via, for example, e-mail. The change tracking system is also accessible to other authorised people in the company and several individuals can work on the same picture and make the adjustments they require. When an individual is satisfied with the changes he/she has made, a version is uploaded to the change tracker. Digital signing means that it is also possible to see who has produced the various pictures.
Digital signatures can be used to: ensure that electronically transmitted information packages are not altered; verify who has sent information; and, prevent the sender later denying the sending of the message. The connection between a digital signature and a definite person can be testified in a certificate. The certificates are issued by a trusted third party, a Certification Authority (CA). A digital signature is a function that guarantees the contents and authenticity of an electronic document. The function is the result of a combination of asymmetric encryption technology and hash function technology. The hash function is used first to create a compressed package of the electronic document. In this package, the document is firmly tied to the original message. The asymmetric encryption, with a private (secret) key, ties the originator to the compressed package.
When a file is saved in a file system, the time of saving is also normally saved. Certain applications even save time details inside the file. The document retrieval system also saves different versions and is exact as regards times. However, all these systems suffer from the shortcoming that it is possible (and even easy) to alter the creation and modification dates. For example, the system's clock can be re-set. Using PKI technology, a more stringent time stamp can be obtained. According to the IETF, a "global time stamp" involves a checksum (calculated on the data) and time information being signed by a "trusted third party" (TTP). The time stamp comprises a checksum, time, signature and information (the "certificate") identifying the trusted third party. Using this time stamp (and the information), any future investigator can determine whether information has been changed after the time stamping. It is perhaps worth noting that only the checksum (and not the information) is sent to the TTP.
SHORT DESCRIPTIONS OF THE DRAWINGS
In the following, the present invention will be described with the assistance of five example designs that are explained in 6 figures.
Figure 1 shows a schematic overview of the system.
Figure 2 shows a block diagram of a first possible design of the invention.
Figure 3 shows a block diagram of a second possible design of the invention.
Figure 4 shows a block diagram of a third possible design of the invention. Figure 5 shows a block diagram of a fourth possible design of the invention.
Figure 6 shows an example of a system design in practice (with an external change tracker, "picture storage provider")
Figure 1 shows a schematic overview of the system. Photographic documentation equipment takes a picture of the laboratory test. This picture is time stamped and signed using a digital signature. It then goes to the change tracking system where a first, unmodified version is stored. Said change tracker comprises a computer that communicates with the time stamping and signature units so that pictures or documents that are uploaded to the system are given a time stamp (corresponding to the time of uploading) and a digital signature. The files, with their attached time stamp and digital signature, are saved digitally on a specially created (for the change tracker) area of a hard disk. The files are given a version number corresponding to the file's "history". In example 1 , the original data from the photographic equipment is given version number "1.0". However, other numbering variants can also be used. Only original data from the photographic equipment is given a first version number (e.g. 1.0).
Below, a number of designs (FIRST to FOURTH) are described using various block arrangements with the image editor also serving as the change tracker. There is also a FIFTH design where the image editor interacts with an external change tracker (picture storage provider) via a communication medium, e.g. the internet or similar.
FIRST DESIGN
Figure 2 shows a block diagram of a first possible design of the invention. In this design, the time stamping unit (201 ) and the signature unit (203) are built into the reproduction unit. Reproduction unit here means equipment such as cameras and scanners.
One of the photograph documentation components (200) in the reproduction unit scans or photographs the object to be reproduced, e.g. a microplate. How photographing/scanning is carried out is not of importance to the invention. Here, it can be seen that a digital picture is created. This picture is sent directly to time stamping unit 201 , where it receives a time stamp. Time stamping unit 201 calculates a unique hash value for the picture. Via communication unit 202, unit 201 makes contact with an authorised time stamping company and sends a checksum. A time stamp comprising a checksum, time, signature and information is returned to the time stamping unit. Contact can be via the internet, the telephone system or other communication equipment. Under these conditions, both the time stamping unit (201 ) and the communication unit (202) can be software.
Once time stamping unit 201 has stamped the digital picture, the picture is sent to signature unit 203. Signature unit 203's function is to add one or more digital signatures to the digital picture. Via communication unit 202, signature unit 203 requests a code that is necessary for digitally signing the picture. It then signs the picture. This code could be, for example: a personal number combination that is keyed in by the operator; a code based on a fingerprint, DNA or retina scan; or, a code on a personal card that is read digitally. Signature unit 203 can-also add a reproduction unit unique number to the picture and, to assist the change tracker, a version identification number. Under these conditions, the signature unit (203) can be software.
Via communication unit 202, the time stamped and electronically signed picture is then sent from the reproduction unit to the change tracking system (205). Assigning it a version number, change tracking system 205 saves the time stamped and electronically signed picture. As this picture is based on untreated raw data from photographing/scanning, it is stored as such and cannot be modified without changing the version number. From the change tracking system (205) an image editing program can now download the picture and adjust it as necessary. When worthwhile adjustment has been made, the adjusted picture can be uploaded to change tracker 205 so that a new version of the picture can be stored. To time stamp the new version, change tracker 205 contacts time stamping unit 201 via communication unit 202. The time stamped picture is then sent to signature unit 203 for digital signing. Finally, the picture once again returns (time stamped and electronically signed) to change tracking system 205, where it receives a new version number. Consequently, it is possible to follow the various handling stages through which a picture has gone and see its entire history. The image editing program can thus download both new and old versions as well as create new versions in the way described above.
A SECOND DESIGN
Figure 3 shows a block diagram of a second design. The principle difference between the first and second designs is the introduction of a timer (304) into the reproduction unit. In this design, time stamping unit 301 time stamps the picture using the time it receives from timer 304. Timer 304 is a clock, the time of which cannot be altered. It is powered by an in-built battery that lasts throughout the timer's service life. To ensure its credibility, communication is encrypted internally using a key that is installed during the production of the timer. Time stamping unit 301 uses the time from timer 304 and enters encrypted time information and a checksum. These make it possible for an independent examiner to determine the point of time at which the information was created. The advantage of this design is that the equipment is not dependent on a continuous connection to an authorised time stamp provider. Time stamping unit 304 can be software.
It would also be possible to update and check the clock after a certain period of use. Such updating/checking could be effected using encrypted communication with an outside party (e.g. over the internet, via the telephone system or other means of communication).
The encryption key can be time limited and replaced using encrypted key updating from an external party. This key transfer can also take place over the internet, the telephone system or other type of communication means. In this way, the timer can receive a time limited certificate that can itself be updated at a later date.
A THIRD DESIGN
Figure 4 shows a block diagram of a third possible design. In the third design, time stamping and signing takes place in a unit that is separate from the reproduction unit. Communication between the reproduction unit and this separate unit is encrypted. Said communication can take place via various communication channels, e.g. series port, parallel port, ethernet, USB, firewire or other communication means. As with the external communication in the previous designs, the encryption of the communication between the reproduction unit and the external unit is analogue.
The reproduction unit sends an encrypted digital picture to communication unit 401. The picture then goes to time stamping unit 402 to be time stamped. Time stamping unit 402 calculates a unique hash value for the picture and, via communication unit 401 , makes contact with an authorised time stamping company and sends a checksum. A time stamp comprising a checksum, time, signature and information is returned to time stamping unit 402. Contact can be via the internet, the telephone system or other communication equipment. Under these conditions, both the time stamping unit (402) and the communication unit (401 ) can be software.
Once time stamping unit 402 has stamped the digital picture, the picture is sent to signature unit 403. Signature unit 403's function is to add one or more electronic signatures to the digital picture. Via communication unit 404, signature unit 403 requests a code that is necessary for electronically signing the picture. It then signs the picture. Signature unit 403 can also add a reproduction unit unique number to the picture and, to assist the change tracker, a version identification number. Under these conditions, the time signature unit (403) can be software.
Via communication unit 404, the time stamped and electronically signed picture is then sent from the reproduction unit to the change tracking system (405). With the difference that communication is via communication unit 404, communication between the change tracking system and the separate unit is as per design one. Under these conditions, both the time signature unit (403) and the communication unit (404) can be software.
A FOURTH DESIGN
Figure 5 shows a block diagram of a fourth possible design. The principle difference between the third and fourth designs is that the timer (504) has been placed in the separate unit. In this design, time stamping unit 502 time stamps the picture using the time it receives from timer 504. Timer 504 is a clock, the time of which cannot be altered. It is powered by an in-built battery that lasts throughout the equipment's service life. To ensure its credibility, communication is encrypted internally using a key that is installed during the production of the timer. Time stamping unit 502 uses the time from timer 504 and enters an encrypted time and a checksum. These make it possible for an independent examiner to determine the point of time at which the information was created. The advantage of this design is that the equipment is not dependent on a continuous connection to an authorised time stamp provider. Time stamping unit 502 can be software.
It would also be possible to update and check the clock after a certain period of use. Such updating/checking could be effected using encrypted communication with an outside party (e.g. over the internet, via the telephone system or other means of communication).
The encryption key can be time limited and replaced using encrypted key updating from an external party. This key transfer can also take place over the internet, the telephone system or other type of communication means. In this way, the timer can receive a time limited certificate that can itself be updated at a later date.
A FIFTH DESIGN
Figure 6 shows a diagram of a design with an external change tracker, here called "picture storage provider" or "storage provider". This design integrates into the selected program and technology solutions set out in the designs described above. The description below introduces slightly different terminology such as "operator" (the picture creator), etc. These are made clear in the text. See figure 6.
The main actor is the operator, e.g. a research laboratory or a DNA analysis laboratory that has prepared an object (1 ) that it wishes to be pictorially documented. This object (1 ) is here sketched as being placed on a table with a suitable background, lighting, etc. The operator has an appropriate system (software, chip with microcode, account with a storage provider, etc.). The camera (2) is connected, via an interface (3), to the operator's computer (4). To help in composing the picture, this shows what the camera sees. Via the chosen communication medium, e.g. the internet, the interface (3) can communicate directly with the picture storage provider.
In its turn, the computer (4) is connected, via a secure line (5), to the communication medium (6) - internet, telephone line/broadband modem, fibre cable, etc. - to the picture storage provider (7). The picture storage provider, in its turn, is connected (8) to the medium and, thereby, also to an external time information provider (9) or to its own, secure time delivery system (10). In this sketch, all checking and execution of picture identification/authenticity programs using algorithms, encryption, etc. has been placed with the picture storage provider. The picture storage provider may have access to, and also be connected to, other suppliers (12) of, for example, encryption programs or other programs of interest to the picture storage provider, operator or any customers to which, for the purpose of obtaining copies of pictures, the operator has granted access to the picture storage provider's service. Naturally enough, there is nothing to prevent the operator being connected (11 ) to the time information provider, even if this does not relate to the authentication creation process.
The operator, who is on-line with the picture storage provider, decides when the object is ready to be photographed. When the picture storage provider receives the go-ahead from the operator, the provider sends a trigger signal to the interface (3) and the operator's computer. The time of the trigger signal is unknown to the operator, but it is within milliseconds of the go-ahead. The trigger signal is processed in the interface. Via a signal to the camera, this commences the picture taking process. The signal may carry encrypted time information that the interface obtained directly from the picture storage provider and which can only be interpreted by the software in the interface. The security of the software can be safeguarded by, for example, microcode in a unique chip (or any other accepted means).
The picture taken at this point is automatically "defined" as the original and is instantaneously sent to the storage provider where it is provided (integrated) with encrypted time information, a picture identification code, information on the connected operator, etc. It is then stored in a register of originals and also in a physically separate service register at the picture storage provider's premises. Before storage, the calculation/attribution of picture authentication codes, etc. takes place partly in the interface and partly within the picture storage provider's facilities. This process cannot be affected by the operator (i.e. the creator of the picture). The picture defined as the original is physically tied to the added picture security information. This latter cannot be removed from the original without the original becoming unusable or it being readily obvious that the picture is not classed as an original and that it has been modified/manipulated.
The picture storage provider holds the authentic original and, at the same time, a copy defined as original. As a "picture service", this can be made available, in accordance with the operator's wishes and own needs, to stipulated "interested parties". The service embraces dispatch and reception of pictures (copies, etc.), each request or event being automatically logged with, amongst other things, time, identity, account, storage, etc. information.
The first copy (in all respects "authenticity safeguarded") is automatically and immediately sent back to the operator. Neither the operator nor anyone else can remove the authenticity information. Similarly, it cannot be called up in any way that makes it understandable and accessible for public purposes. However, the operator can modify/manipulate the picture and instruct the storage provider that the modified picture is to be stored and (with the new picture's authenticity information revealed and available for public purposes) made accessible to others, etc. (as per any agreements on scope, etc.).
When the storage provider, at a time after the taking of the original picture, receives a modified copy, this is given new picture authenticity information, number, time information, etc. It is also provided with information declaring that the picture deviates from the original (but it is not stated how or to what extent). Deviation is calculated/quantified by the picture storage provider and linked to the relevant picture in the storage medium. It is only made available on order and, for example, in different classes (as per agreement with the operator).
The essentials of the above-detailed application of the invention are that: a) the operator and picture storage provider have separate roles. b) picture taking is effected in a system that is controlled entirely by the picture storage provider. c) picture taking occurs after the object, camera, etc. have been correctly adjusted, but otherwise without the operator's participation. It is also automatic through online connection via an unbroken, electronic communication line that itself senses if it is incorrectly connected. d) an externally involved party acts as the authorised issuer of the definition and the authenticity information of the original picture, e) each copy receives its own authenticity declaration and sequence number through an external party (the picture storage provider/change tracker) and not through the operator or any other party. f) there is a visible guarantee of authenticity with the possibility of classing the authenticity of all published pictures. An example of such a class is "for public purposes" - which cannot be manipulated or modified, but which can be traced to, or tested against, the original (or is even indicated as such on the picture supplied by the picture storage provider).
Obviously, it is not possible to eliminate the possibility of subsequent photographic manipulation, e.g. by taking a picture of the electronic picture supplied by the picture storage provider and cutting and pasting said picture. If the picture identification is cut away, the picture has no value as an authenticated picture. Where the picture does have identification, it has putative "authenticated value", which can be checked by connecting up to the picture storage provider. The provider can then supply an original picture or receive the picture to be examined and immediately give a verdict on deviations from the original, etc.
What has above been outlined in respect of picture documentation can be equally applied to all electronically transferable information (documents, etc.) that can have their authenticity safeguarded in a corresponding manner.

Claims

PATENT CLAIMS
1. Unit-based arrangement, for use within the field of biomedicine, to pictorially reproduce obtained results and transform said reproduction into a data signal, the whole being c h a r ac t e r i s e d by the arrangement containing means for adding identification and/or time information, in data form, to the data signal, the signal and its addition being then added to a database and also an "examination station", any subsequent influence upon the signal being added to the database with new time information and with new identification information.
2. Arrangement as per patent claim 1 , c haracerised by the signal in respect of reproduction being such that it can be input to the "examination station" a number of times, the "examination station" sending, on each occasion, an "output signal" to the database.
3. Arrangement as per one or more of patent claims 1 and 2, characterised by it being possible to generate the identification information and/or the time information in a unit that is either a "dependent" part of the arrangement or is an "independent" part of the arrangement.
4. Arrangement as per one or more of patent claims 1 to 3, characterised by one or more of the data signals being encrypted.
PCT/SE2004/001523 2003-10-21 2004-10-21 Arrangement within the field of biomedicine WO2005039103A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0302785A SE0302785L (en) 2003-10-21 2003-10-21 Facility in biomedicine
SE0302785-1 2003-10-21

Publications (1)

Publication Number Publication Date
WO2005039103A1 true WO2005039103A1 (en) 2005-04-28

Family

ID=29546602

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2004/001523 WO2005039103A1 (en) 2003-10-21 2004-10-21 Arrangement within the field of biomedicine

Country Status (2)

Country Link
SE (1) SE0302785L (en)
WO (1) WO2005039103A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1032340C2 (en) * 2006-08-17 2008-02-25 Hieronymus Watse Wiersma System and method for digitally signing data files.
NL1043769B1 (en) * 2020-08-27 2022-04-29 Paul Visser Ing Safe Photo Practices and System

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000051286A1 (en) * 1999-02-26 2000-08-31 Bitwise Designs, Inc. Digital file management and imaging system and method including secure file marking
US6470449B1 (en) * 1989-07-05 2002-10-22 Robert Roy Blandford Time-stamped tamper-proof data storage

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6470449B1 (en) * 1989-07-05 2002-10-22 Robert Roy Blandford Time-stamped tamper-proof data storage
WO2000051286A1 (en) * 1999-02-26 2000-08-31 Bitwise Designs, Inc. Digital file management and imaging system and method including secure file marking

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1032340C2 (en) * 2006-08-17 2008-02-25 Hieronymus Watse Wiersma System and method for digitally signing data files.
US8359471B2 (en) 2006-08-17 2013-01-22 Hieronymus Watse Wiersma System and method for generating a signature
NL1043769B1 (en) * 2020-08-27 2022-04-29 Paul Visser Ing Safe Photo Practices and System

Also Published As

Publication number Publication date
SE0302785L (en) 2005-04-22
SE0302785D0 (en) 2003-10-21

Similar Documents

Publication Publication Date Title
EP3596613B1 (en) Methods and devices for acquiring and recording tracking information on blockchain
JP3983993B2 (en) Method for creating application data with face photo, apparatus for implementing the same, and processing program therefor
US20050226473A1 (en) Electronic Documents Signing and Compliance Monitoring Invention
US20100161993A1 (en) Notary document processing and storage system and methods
US6401206B1 (en) Method and apparatus for binding electronic impressions made by digital identities to documents
WO2006116715A2 (en) Methods and systems for clinical trial data management
US7607018B2 (en) Method and apparatus for collecting electronic signatures
US20080104408A1 (en) Notary document processing and storage system and methods
US20100205660A1 (en) System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
US20070079139A1 (en) Signature authentication
WO2008070335A2 (en) Notary document processing and storage system and methods
US20160020909A1 (en) A method, a system, a computer system and a computer program product for certifying a procedure of signature of an electronic file relating to an agreement between at least two parties
WO2007072468A1 (en) Establishing proof of existence and possession of digital content
FR3070079B1 (en) METHOD FOR ELECTRONIC SIGNATURE OF A DOCUMENT BY A PLURALITY OF SIGNATORIES
EP2606458A1 (en) A service for signing documents electronically
EP1938505A1 (en) Method, apparatus and system for generating a digital signature linked to a biometric identifier
US10949636B2 (en) Consent management apparatus and system
CN110392043B (en) Method and system for endowing electronic contract notarization with mandatory execution effect
JPH1188321A (en) Digital signature generation server
US10644889B1 (en) Consent management apparatus and system
Corby et al. Using biometrics for participant identification in a research study: a case report
WO2005039103A1 (en) Arrangement within the field of biomedicine
WO2006075396A1 (en) Authentication system
WO2022063844A1 (en) Method and platform for tracing an attached document generated by a third party from an original document using a block chain system
JP2021190748A (en) Evidence preservation system and evidence preservation method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC (EPO FORM 1205A) DATED 01.08.2006

122 Ep: pct application non-entry in european phase