#
__


SecurePACS is an end-to-end encrypted PACS (picture archiving and communication systems). It uses client-side encryption to protect medical data before it is sent over the internet (internet service providers) to infrastucrure providers (storage servers, relay nodes).

The service can be accessed through a webapp, mobile apps (Android and IOS), and a desktop app (windows, linux, macos).

SecurePACS uses a combination of Public-Key Cryptography Standards (PKCS) and symmetric encryption protocols to offer fully encrypted service, using (but not limited to) the following principles:
When a user creates an account, their browser generates pairs of public and private EC keys which will be used to provide the service.
The public key is used to encrypt incomming data, which will be totally opaque for internet and infrastructure provider (us). The public key is stored in plain text on the server (requirement for pki).
The private key, capable of decrypting the data, is symmetrically encrypted / decrypted with user's account password (*derived from) and only used on user's side (webapp, mobile app, desktop app). Symmetric encryption keys are derived from PKCS private key, on client side, and used to encrypt/decrypt data. The private keys are stored encrypted on server so no developer can access user data or reset passwords. This system absolves the service provider (us) to storing or managing unencrypted data, divulging contents of user data, decrypting data if requested by anyone.
When data is sent from one user to another, it is encrypted with receiver's public key. Once encrypted, only the private key of the recipient can decrypt the mesage. When the recipient logs in, their password derives keys to unlock their private keys, which in turn decrypts in browser (app) database and requested data.
SecurePACS uses exclusively HTTPS and TLS with ephemeral key exchange to encrypt all Internet traffic between users and servers, and DTLS when using realtime communications between apps.



Acces your SecurePACS account after registering.