US20200082106A1 - Management of confidential document distribution and security - Google Patents

Management of confidential document distribution and security Download PDF

Info

Publication number
US20200082106A1
US20200082106A1 US16/560,181 US201916560181A US2020082106A1 US 20200082106 A1 US20200082106 A1 US 20200082106A1 US 201916560181 A US201916560181 A US 201916560181A US 2020082106 A1 US2020082106 A1 US 2020082106A1
Authority
US
United States
Prior art keywords
document
access
data
user
state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/560,181
Other languages
English (en)
Inventor
Ronan Fox
Sean Kelly
Thomas O'Leary
Anthony Clarke
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Icon Clinical Research Ltd
Original Assignee
Icon Clinical Research Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Icon Clinical Research Ltd filed Critical Icon Clinical Research Ltd
Assigned to ICON CLINICAL RESEARCH LIMITED reassignment ICON CLINICAL RESEARCH LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CLARKE, ANTHONY, FOX, RONAN, KELLY, SEAN, O'LEARY, THOMAS
Publication of US20200082106A1 publication Critical patent/US20200082106A1/en
Assigned to CITIBANK, N.A., LONDON BRANCH, AS COLLATERAL AGENT reassignment CITIBANK, N.A., LONDON BRANCH, AS COLLATERAL AGENT SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ICON CLINICAL RESEARCH LIMITED
Assigned to CITIBANK, N.A., LONDON BRANCH reassignment CITIBANK, N.A., LONDON BRANCH SECURITY AGREEMENT Assignors: ICON CLINICAL RESEARCH LIMITED
Priority to US17/817,713 priority Critical patent/US12361147B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Definitions

  • the present disclosure relates to management of distribution and security of documents which have confidential information and which must be signed or approved by a number of geographically spread parties.
  • Peer-to-peer (“P2P”) networks may be provided, in which data is shared between nodes using security such as asymmetric cryptography.
  • Each node may have a local store of documents relevant to workflows and collaborations to which the users have been invited.
  • the present disclosure is directed towards achieving improved control of distribution and security of such documents.
  • the present embodiments describe a method of managing distribution of a document and access to its contents with security in a network comprising nodes with digital processors for remote communication over a wide area network and local data stores, the method being implemented by said processors.
  • the method may comprise steps of:
  • a node acting as a receiving node and executing a software client application, may receive the document, decrypt at least some of it, and process the document according to said control data by extracting the control data and managing document payload access and document storage and user access according to the control data.
  • said software client application may act as a listener for documents directed towards that receiving node, and act as a compiler and executor of the control data embedded within the received document, and/or
  • the receiving node may extract the payload and outputs data to authorised users, by mapping sections of the payload to an access control list (ACL), in which each authorized user participant has access to some or all of the document.
  • ACL access control list
  • the receiving node may store in an access log of the document a record of authorised user access to the payload.
  • the control data may include mapped document sections including:
  • the nodes may perform encryption and decryption using public and private keys in which the public key is used to verify and encrypt and the private key is used to decrypt.
  • the document may include one or more of:
  • the document may include executable code for dynamic instantiation of the document by the sending node.
  • the document may be processed by the receiving node as an instantiation of the FSM which understands, through its executable code, a sequence of document-specific allowable states for that document and provides document-specific features for use by the authorized users.
  • the receiving node may determine a next user according to a next actor in a workflow which may be determined according to a map within the document, and said map may be aligned to the current state of the document as held in the FSM code to ensure that the document goes to the next agreed-upon step in the process.
  • the document payload may be sent a plurality of times each with a different set of participating parties, and each FSM state in the document may be known ahead of its distribution, and FSM state data may be included in the control data when the document is distributed.
  • the method may comprise the sending node performing a look-up of an array of participants to determine at document run time.
  • Said look-up may provide instructions for a level of granularity of controlling interaction of a receiving node with specific parts of a document, according to metadata about the document and its constituent parts.
  • the document may include semantic definitions of the sections within the document.
  • the semantic definitions may be expressed as RDF and/or XML/JSON representations.
  • the rights map may be included in an access control list providing a desired fine grained and deep level of control.
  • the method may comprise allowing an authorized user to sign in with access to one document section, but make no other alterations, or to allow an update to a specific section of the document but not to another section.
  • the FSM code and the access control data may be dynamically modified to enable intelligent document analysis at run time to determine any shifts in access control requirements over its lifetime, in which the document may have M states and N authorized users who have read/write access.
  • An authorized user may act on the document and move it from a first state to a second state which causes that user to lose write access, but a subsequent state change caused by a second user may cause said first user to re-gain write access.
  • the FSM executable software code may manage the movement of the document from one document state to another document state by providing standard services to the underlying receiving node processor and the document may allow a consistent approach to state changes across all document types, in which the FSM executable code maintains the state of the document.
  • Updates to the document may be tracked and controlled by the nodes in a distributed audit trail, while guaranteeing that only those authorized users who have access rights to relevant document sections can interact.
  • the present disclosure describes a method of managing distribution of a document and access to its contents with security in a network comprising nodes with digital processors for remote communication over a wide area network and local data stores, the method being implemented by said processors and comprising steps of a node sending a document in encrypted format and including: a payload, and control data including destination data, access control data, and signature data, and a document destination list.
  • the sending node may only send the document to nodes on the destination list.
  • a node may receive the document, decrypt at least some of it, and process the document according to said control data by extracting the control data and managing document payload access and document storage and user access according to the control data.
  • a dedicated client application on each receiving node may perform said document processing, in which the application may act as a listener for documents directed towards that node, and also act as a compiler and executor of any configuration or code embedded within a received.
  • the receiving node may process the control data in a manner transparently to the authorised users.
  • the receiving node may extract the payload and outputs to authorised users, by mapping sections of the payload to an access control list (ACL), in which each authorized user participant has access to some or all of the document.
  • ACL access control list
  • the receiving node may store in an access log of the document, a record of authorised user access to the payload.
  • the control data may include mapped document sections including:
  • the nodes may perform encryption and decryption using public and private keys in which the public key is used to verify and encrypt and the private key is used to decrypt.
  • the receiving node may include a finite state machine (FSM) execution code
  • the document may include executable code allowing the document to access an underlying state from the node.
  • FSM finite state machine
  • the node executable code may be embedded in the node as part of instantiation of a document before it is sent to the receiving node.
  • the document may include one or more of:
  • the document may include executable code for dynamic instantiation of the document.
  • the receiving node may determine a next user according to a next actor in a workflow which is determined either through a FSM embedded executable code in the node or according to a map within the received document.
  • the document may be deployed a plurality of times, in which each deployment has a different set of participating parties and each FSM state in the document is known ahead of its distribution and FSM state data is included in the control data when the document is created.
  • the list of participating parties may change in at least one time that the document is deployed.
  • the method may comprise performing a look-up of an array of participants to determine at document run time. Said look-up may provide instructions for a level of granularity of controlling interaction of a node with specific parts of a document, according to meta data about the document and its constituent parts.
  • a network comprising a plurality of nodes with digital data processors and storage may be configured to perform a method of any embodiment.
  • the present disclosure describes a non-transitory computer storage medium comprising software code for implementing a method of any embodiment when executed by digital data processors.
  • FIG. 1 is a block diagram showing major components of a document management network
  • FIG. 2 is a diagram illustrating components of a document
  • FIG. 3 is a flow diagram illustrating a workflow implemented by the network.
  • the present disclosure describes a method and network for securely distributing documents to remote consumers, along with certifying that the consumers have read those documents (for such things as protocols and standard operating procedures (“SOPs”)), and have agreed to the contents within them (as part of a collaborative workflow), or that they have consented to the content using electronic signatures.
  • SOPs protocols and standard operating procedures
  • the method and network perform such control to, for example, retain the source documents at a particular site (or a location at which they were created). Also, the nodes on a P2P network synchronise to enable centralised data tracking for reporting and compliance enforcement if required.
  • the network may allow data to be stored at multiple locations, giving a distribution of the documents and associated data set between nodes in the network, and also records auditable transactions against those data sets for a recreation of the data set, regulatory reporting, network resilience, and secure distributed storage.
  • the network described herein may include a development of P2P networks in that, while using much of the technology of a P2P network underlying infrastructure, not all data is shared between all nodes in the network. This is very advantageous for applications such as in management of clinical trials.
  • the network may be used by a sponsor, a contract research organisation (“CRO”), and sites across studies.
  • CRO contract research organisation
  • partitions may be created in this described network of the invention to allow the sharing of documents between specific nodes in the network to ensure that those who need access to the data have access, without the overhead of all documents being duplicated across all nodes in the network, when only a very small percentage would need access (given that redundancy would be built in between those nodes that need that access).
  • the network topology is shown at a high level in FIG. 1 which represents an embodiment of the main network elements involved in a document exchange at the clinical trial study level.
  • Each node 1 accessing the network 2 and declared to be a member of the network may have a local store 3 and 4 respectively of documents relevant to the workflows and collaborations to which they have been invited.
  • the local document store may be provided by a browser-based HTML 5 document store, or through a larger scale document store dependent on their overall document store requirements.
  • the store (at rest) and all transmissions of data (in flight) on the network may be encrypted. Local clients may only be able to decrypt the data if they are in possession of correct cryptographic keys.
  • Each node 1 may have a client application 5 and 6 , respectively, which acts as a listener for documents directed towards that node when the node is acting as a receiving node, and also acts as a compiler and executor of any configuration or code embedded with the document being distributed.
  • client application 5 and 6 acts as a listener for documents directed towards that node when the node is acting as a receiving node, and also acts as a compiler and executor of any configuration or code embedded with the document being distributed.
  • this code and configuration may determine the high-level destination nodes to which the document should be distributed.
  • the document may be sent to all nodes, but only those nodes who need to see it will process it, and these nodes may be referred to as receiving nodes.
  • the FSM software pre-installed on each node may make that determination by analysis of the list of node destinations.
  • the client application 5 and client application 6 workflow may execute to unwrap, determine the relevance to the current logged-in user, enable the interaction (sign, edit, acknowledge receipt), and forward the document to the next recipient, as shown in exemplary FIG. 2 .
  • an encryption mechanism is provided. This may be asymmetric. Some specific examples include Elliptic Curve Cryptography (ECC) and Elliptical Curve Digital Signature Algorithm (ECDSA). Both may be used to validate the origin and integrity of messages.
  • ECC Elliptic Curve Cryptography
  • ECDSA Elliptical Curve Digital Signature Algorithm
  • the basis of signing may be the creation of a public and private key.
  • Ethereum or Bitcoin use the hashed version of the public key to identify an address.
  • the public key may be used to verify and encrypt, and the private key may be used to decrypt.
  • each document may have a high-level routing table (itself encrypted), indicating to the network which high-level network members should receive the distributed document.
  • the network may determine elements of a workflow indicating a sequence in which actions need to take place across the network. For example, if a consent form has been distributed to the network and a patient has been included in that distribution, the system may need to control who signs that consent and in which order. The system may prevent an investigator signing until the patient and/or his/her guardian has signed.
  • a finite state machine may be distributed to each node in the P2P network. This may allow the smart document to access the underlying state from the infrastructure rather than implementing the state machine each time a new document is created by users.
  • the FSM may be an engine that is installed on each node which will manage the movement of a smart document from state to state. This FSM engine may provide standard services to the underlying infrastructure and the smart document that will utilise the P2P network, thus simplifying the smart documents themselves and allowing a consistent approach to state changes across all smart document types.
  • the FSM engine may maintain the state of the document.
  • the smart document may then an instantiation of an individual state machine which understands, through its own code, the sequence of document-specific valid states for that document as well as providing document-specific features for use by the participants in the P2P network.
  • the generic FSM distributed to each node as part of the infrastructure set up might look like the following (as part of the underlying Blockchain or P2P infrastructure):
  • This pseudo code above is an example of a generic state machine, allowing the application domain implement and maintain the allowable set of states and the logical transitions between them.
  • This “application” may be the Smart Document which is distributed to the nodes in a P2P/Blockchain network, given that each node already has the FSM executable code (“brain”) in place as part of the infrastructure. Consensus and sequencing can also be leveraged through existing infrastructure in HyperLedger (Burrow and Consensus).
  • a Smart Document is a document that contains a document or data set and code and configuration data to enable collaboration, distribution and certification within an encrypted P2P network.
  • each state in the Smart Document may be known beforehand, including the participating parties. These could be effectively “hard coded” in the document as the document is created and deployed onto the network. In other cases, the document could be generic and created once. Then the document could be deployed several times, with each deployment potentially having a different set of participating parties. In either case each state in the Smart Document may be known ahead of its distribution.
  • the FSM states may be included in the control data when the document is created and when each instance of that document is subsequently deployed. The list of participating parties may, and probably will, change each time the document is deployed.
  • the “performPatientSigningOperation” would check that the node and participant match and can sign the document, based on the current state of the document itself. Further, the “performInvestigatorSigningOperation” would most likely also check that the node and participant match and can sign the document, based on the current state of the document itself—in this case the state of the document must be that the patient has already signed it. In other words the investigator, in this example, could not perform the signing operation until after the patient has signed it.
  • Smart Document 51 includes the following types of data:
  • the document structure may be machine readable to enable intelligent document analysis at run time to determine any shifts in access control requirements over its lifetime.
  • Access control may change over the lifetime of a document. For example, there may be three states that the document could be in and they are sequentially A, B, C and two authorized users (User 1 and User 2 ) who have read/write access at the start. If User 1 acts on the document and moves it from State A to State B, then it could occur that User 1 loses write access. Once User 2 moves the state from State B to State C, then it could arise that User 1 regains write access.
  • These states and access rights could be predetermined, or there could be a more complex sequences of states which, when reached in a specified amount of time or set of states results in different access right being granted to specific users.
  • ACL representation shows that any PrincipalInvestigator can write to the document, PrincipalInvestigator#999 can control who has access to the document, and any StudyNurse can read the document.
  • Patient11 can sign the three sections but cannot modify the document.
  • the network may distribute documents to remote consumers, and that it may provide a mechanism to manage protocol and SOP distribution. It may also provide for collaborative editing and updating of joint documents. All edits and updates to the document may be tracked and controlled through the use of the distributed audit trail, while guaranteeing that only those who have access rights to the relevant sections (by virtue of authority or capability) can interact, and while the next step the process can only be executed in sequence with the steps before and after, all may combine to give a self-contained, secure, distributed workflow engine, enacted by the document definition, which may provide for local access to data in a controlled manner.
  • the network may provide a means to allow electronic informed consent comply with regulations where local copies of documents must be held at site in some jurisdictions. It can be used to determine the nodes and the people who have access and/or updated the document in any way.
  • the following are example applications of the method and network of the present disclosure.
  • An Investigator at a clinical trial site may be dependent on getting the results of blood draws or biopsies before enrolling a patient into a trial to ensure that the patient meets the inclusion/exclusion criteria.
  • the method described above helps to ensure that the Investigator has reviewed the report results from the screening laboratory.
  • the method provides, in one example application, for sending multiple thousands of documents to regulatory authorities each day; with confirmation that documents have been received/opened by the authorities and thereby triggering exception reporting if a document has not been received or opened.
  • the exemplary method and network allow improved decentralised data storage in a more general sense, enabling better adherence to privacy and GDPR requirements.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Data Mining & Analysis (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
US16/560,181 2018-09-06 2019-09-04 Management of confidential document distribution and security Abandoned US20200082106A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/817,713 US12361147B2 (en) 2018-09-06 2022-08-05 Systems and methods for managing document content access via security over a network of nodes

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
EP18193030 2018-09-06
EP18193030.6 2018-09-06
EP19154593.8 2019-01-30
EP19154593 2019-01-30
EP19189553.1 2019-08-01
EP19189553.1A EP3620937B1 (de) 2018-09-06 2019-08-01 Verwaltung der verteilung und sicherheit vertraulicher dokumente

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/817,713 Continuation US12361147B2 (en) 2018-09-06 2022-08-05 Systems and methods for managing document content access via security over a network of nodes

Publications (1)

Publication Number Publication Date
US20200082106A1 true US20200082106A1 (en) 2020-03-12

Family

ID=67544009

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/560,181 Abandoned US20200082106A1 (en) 2018-09-06 2019-09-04 Management of confidential document distribution and security
US17/817,713 Active 2039-09-04 US12361147B2 (en) 2018-09-06 2022-08-05 Systems and methods for managing document content access via security over a network of nodes

Family Applications After (1)

Application Number Title Priority Date Filing Date
US17/817,713 Active 2039-09-04 US12361147B2 (en) 2018-09-06 2022-08-05 Systems and methods for managing document content access via security over a network of nodes

Country Status (2)

Country Link
US (2) US20200082106A1 (de)
EP (1) EP3620937B1 (de)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230093868A1 (en) * 2021-09-22 2023-03-30 Ridgeline, Inc. Mechanism for real-time identity resolution in a distributed system
US20230133840A1 (en) * 2020-03-11 2023-05-04 Telefonaktiebolaget Lm Ericsson (Publ) Control of access to resources of data objects
US11709823B2 (en) 2018-06-22 2023-07-25 Attestiv Inc. Real time visual validation of digital content using a distributed ledger
US20230379318A1 (en) * 2022-05-19 2023-11-23 Lemon Inc. Online data in a secure environment
US11861524B1 (en) * 2019-08-27 2024-01-02 Ironclad, Inc. Automatic intake of electronic message content and attachments into contract workflow
WO2025264496A1 (en) * 2024-06-18 2025-12-26 Factify Technologies Inc. Creating self-determinative documents

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240304288A1 (en) 2023-03-10 2024-09-12 Icon Clinical Research Limited Systems and methods for provenance and data integrity monitoring

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6252879B1 (en) * 1997-09-17 2001-06-26 Sony Corporation Single counter for controlling multiple finite state machines in a multi-port bridge for local area network
US8832047B2 (en) * 2005-07-27 2014-09-09 Adobe Systems Incorporated Distributed document version control
US7954135B2 (en) * 2007-06-20 2011-05-31 Novell, Inc. Techniques for project lifecycle staged-based access control
US20100198871A1 (en) 2009-02-03 2010-08-05 Hewlett-Packard Development Company, L.P. Intuitive file sharing with transparent security
US8516607B2 (en) 2011-05-23 2013-08-20 Qualcomm Incorporated Facilitating data access control in peer-to-peer overlay networks
US8656181B2 (en) * 2011-05-26 2014-02-18 Hewlett-Packard Development Company, L.P. Method and system for business workflow cycle of a composite document
US10866945B2 (en) * 2016-10-10 2020-12-15 AlphaPoint User account management via a distributed ledger
US10510024B2 (en) * 2017-03-08 2019-12-17 Amadeus S.A.S. Coordinated disruption handling

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11709823B2 (en) 2018-06-22 2023-07-25 Attestiv Inc. Real time visual validation of digital content using a distributed ledger
US11797519B2 (en) * 2018-06-22 2023-10-24 Attestiv Inc. Atomic capture of a set of related files, using a distributed ledger, for proof of authenticity
US11861524B1 (en) * 2019-08-27 2024-01-02 Ironclad, Inc. Automatic intake of electronic message content and attachments into contract workflow
US12014309B1 (en) 2019-08-27 2024-06-18 Ironclad, Inc. Interface and tool for configuring a contract workflow
US20230133840A1 (en) * 2020-03-11 2023-05-04 Telefonaktiebolaget Lm Ericsson (Publ) Control of access to resources of data objects
US20230093868A1 (en) * 2021-09-22 2023-03-30 Ridgeline, Inc. Mechanism for real-time identity resolution in a distributed system
US12367320B2 (en) * 2021-09-22 2025-07-22 Ridgeline, Inc. Mechanism for real-time identity resolution in a distributed system
US20230379318A1 (en) * 2022-05-19 2023-11-23 Lemon Inc. Online data in a secure environment
US12407676B2 (en) * 2022-05-19 2025-09-02 Lemon Inc. Online data in a secure environment
WO2025264496A1 (en) * 2024-06-18 2025-12-26 Factify Technologies Inc. Creating self-determinative documents

Also Published As

Publication number Publication date
US12361147B2 (en) 2025-07-15
EP3620937B1 (de) 2021-02-24
EP3620937A1 (de) 2020-03-11
US20230069361A1 (en) 2023-03-02

Similar Documents

Publication Publication Date Title
US12361147B2 (en) Systems and methods for managing document content access via security over a network of nodes
Brunner et al. Did and vc: Untangling decentralized identifiers and verifiable credentials for the web of trust
Shi et al. Blockchain‐based trusted data sharing among trusted stakeholders in IoT
Pournaghi et al. MedSBA: a novel and secure scheme to share medical data based on blockchain technology and attribute-based encryption
Hasan et al. A blockchain-based secure data-sharing framework for software defined wireless body area networks
CN113742782B (zh) 基于隐私保护的区块链访问权限控制方法和区块链系统
KR102227685B1 (ko) 블록 체인 네트워크에서 민감 데이터 요소를 관리하는 방법
CN109040012B (zh) 一种基于区块链的数据安全保护和共享方法与系统和应用
CN115211093A (zh) 数据对象的有效阈值存储
CN113328997B (zh) 联盟链跨链系统及方法
Shands et al. Secure virtual enclaves: Supporting coalition use of distributed application technologies
US20220191047A1 (en) Anonymity mechanisms in permissioned blockchain networks
CN102656589A (zh) 通过包装器合成的用于数据的可验证的信任
T. de Oliveira et al. A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud
JP2023159328A (ja) 分散型台帳に関連するトランザクションのオフチェーン交換のためのコンピュータにより実施されるシステム及び方法
Dagher et al. Towards secure interoperability between heterogeneous blockchains using smart contracts
CN114239043B (zh) 一种基于区块链技术构建的共享加密存储系统
US12010226B2 (en) Blockchain data segregation
Arapinis et al. Privacy-supporting cloud computing by in-browser key translation
Zaghloul et al. d-emr: Secure and distributed electronic medical record management
Samiullah et al. Group key management in internet of things: A systematic literature review
Wang et al. Blockchain for public safety: A survey of techniques and applications
Mittal et al. A novel two-level secure access control approach for blockchain platform in healthcare
JP2022548185A (ja) 制限トランザクションを有するブロックチェーン装置
Mittal et al. A three-phase framework for secure storage and sharing of healthcare data based on blockchain, IPFS, proxy re-encryption and group communication: S. Mittal, M. Ghosh

Legal Events

Date Code Title Description
AS Assignment

Owner name: ICON CLINICAL RESEARCH LIMITED, IRELAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FOX, RONAN;KELLY, SEAN;O'LEARY, THOMAS;AND OTHERS;REEL/FRAME:050324/0219

Effective date: 20190902

AS Assignment

Owner name: CITIBANK, N.A., LONDON BRANCH, AS COLLATERAL AGENT, UNITED KINGDOM

Free format text: SECURITY INTEREST;ASSIGNOR:ICON CLINICAL RESEARCH LIMITED;REEL/FRAME:056735/0221

Effective date: 20210701

AS Assignment

Owner name: CITIBANK, N.A., LONDON BRANCH, UNITED KINGDOM

Free format text: SECURITY AGREEMENT;ASSIGNOR:ICON CLINICAL RESEARCH LIMITED;REEL/FRAME:056752/0446

Effective date: 20210701

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STCV Information on status: appeal procedure

Free format text: NOTICE OF APPEAL FILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION