WO2018015409A1 - Moteur de cryptage-décryptage destiné à manipuler des données de patient sensibles et procédé correspondant - Google Patents

Moteur de cryptage-décryptage destiné à manipuler des données de patient sensibles et procédé correspondant Download PDF

Info

Publication number
WO2018015409A1
WO2018015409A1 PCT/EP2017/068169 EP2017068169W WO2018015409A1 WO 2018015409 A1 WO2018015409 A1 WO 2018015409A1 EP 2017068169 W EP2017068169 W EP 2017068169W WO 2018015409 A1 WO2018015409 A1 WO 2018015409A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
fingerprint
biometric
confidant
originator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2017/068169
Other languages
German (de)
English (en)
Inventor
Nunzio PUTRINO
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Futureitcom GmbH
Original Assignee
Futureitcom GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Futureitcom GmbH filed Critical Futureitcom GmbH
Priority to CH01018/18A priority Critical patent/CH713712B1/de
Publication of WO2018015409A1 publication Critical patent/WO2018015409A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • Encryption-Decryption Engine for handling sensitive patient data and corresponding procedure
  • the present application relates to an encryption-decryption engine, in particular a fingerprint-based encryption-decryption engine, for
  • Handling sensitive data such as the transfer of patient data.
  • it relates to the technical handling of confidential patient data in the field of personalized, digitized medicine, as well as the technical nature of whether and how privacy, secrecy, masked identity of a person for the traceability and the associated anonymity of personal data, as well as protection against misuse of the Identity of a person in the entire transfer and life cycle of the data can be made possible.
  • such methods or methods should be applied regardless of data background or use, when it comes to sensitive or even highly sensitive data and / or information from a "provider” or “producer” to a particular "consumer” and / or to send certain "consumer group”.
  • the reverse way, ie to transfer sensitive data from "consumer group” and / or certain "consumer” data to a "provider” or “producer” is typically also detected by these methods.
  • the masked identity is for the
  • the person-related data are from source of an originator, strict separated from the content-related data and information of an originator.
  • the content-related data are marked by one or more pseudo-personal, randomly generated biometric keys for the traceability and anonymity of an originator, or are identified by the masked identity and represent the personal, ie personified, data.
  • therapies and medication are prescribed in a complex and trial-and-error manner, based on the understanding of these diseases, that drugs that work wonders for patient A may be useless if not fatal in patient B.
  • disease patterns such as "orphan disease” are usually treated with off-label medications or chronically ill patients with sporadic, disjointed examinations
  • personalized medicine is currently the tailor-made pharmacotherapy, which, in addition to the specific clinical picture, takes into account the individual physiological constitution and gender-specific effects of medication.
  • individual molecular biological constellations are taken into account, e.g. be determined with modern biomarkers and under which in addition to the individual genetic structure (genome) of the patient and the design of the enzymes and / or proteins (proteomics) and / or metabolomics play a separate role.
  • gene genetic structure
  • proteomics enzymes and / or proteins
  • metabolomics / or metabolomics
  • the solution should allow to individually protect the privacy and secrecy of patients with completely masked, traceable identity protection and anonymity. It should allow the technical means, in particular the desired ethical, moral principles and legal rules to maintain and comply. On the other hand, it should allow the invention to easily transfer the personal information into the
  • the abovementioned objects for a biometric, fingerprint-based encryption-decryption engine for the controlled handling and secure transmission of personalized, sensitive data are in particular achieved by capturing biometric data of an originator by means of a mobile radio device and storing them in a SIM card Mobile device are stored, that two different fingerprints (P-FP1 / P-FP2) of two different fingers of the originator detected by the mobile device and stored in the SIM card of the mobile device associated with the originator, wherein the first fingerprint (P-FP ) of the authorization and the second fingerprint (P-FP2) is assigned to the authentication, and wherein the second fingerprint (P-FP2) is used to encrypt the personalized, sensitive data that the two fingerprints (P-FP 1 / P-FP2 ) to a central access server (AAA) or trust center determined and assigned to the originator stored in a database of the access server that two fingerprints (M-FP 1 / M-FP2) of a Confidant transmitted to the central access server (AAA) and the Conf
  • Encryption and transfer module by means of the mobile device for the originator is accessible and where corresponding personified, sensitive data from the originator by means of the data encryption and transfer module aggregatable and / or validatable and encrypted and the Trust Center Confidant via a data transmission channel of a data transmission network can be transferred, that the transferred data from the Trust Center by means of a Learning Machine and by means of the ⁇
  • P-FP2 second fingerprints of the originator are decrypted, wherein by means of the learning machine personal data of the transferred personalized, sensitive data are masked and / or anonymized, and wherein by means of learning
  • the Confidant, the Originator and the Trust Center designate electronic, automated devices with the correspondingly realized electronic components (encryption / decryption unit, data interfaces, memory etc.). Especially for the originator a mobile device or a mobile network node and for Confidant a network node as such.
  • biometric data of an originator can be detected by means of a mobile device and stored in a SIM card and / or within a secure folder in the file system of the mobile device and / or end user device that two different fingerprints (P-FP1 / P - FP2) and / or biometric measurements (B-MM1 / B-MM2) of two different fingers and / or body parts of the originator by means of the mobile device and / or detection device for biometric measurements detected in the SIM card and / or within a secure Folder in the file system of the mobile device and / or end user device are assigned to the originator and stored, wherein the first fingerprint (P-FP1) or the first biometric measurement (B-MM1) of the authorization and the second fingerprint (P-FP2) and / or the second of the first independent, biometric measurement B-MM2 is assigned to the authentication, and wherein the second fingerprint (P-FP2) To encrypt the personalized, sensitive data, the two fingerprints (P-FP1 / P-FP2 or B-MM
  • Access server transmitted and the Confidant assigned stored in the database of the access server (using the set of rules described below) that the mobile device comprises a data encryption and transfer module, the encryption and transfer module using the mobile device for the Originator is accessible and where appropriate personified, sensitive Data from the originator by means of the encryption and transfer module aggregatable and / or validatable, verifiable and encrypted and the Confidant over a secure, encrypted data transmission channel of a data transmission network (such as a Virtual Private Network (VPN)) are transferable that the transferred data from Confidant using a learning machine and the second
  • a data transmission network such as a Virtual Private Network (VPN)
  • Fingerprints (P-FP2) of the originator are decrypted, wherein by means of the learning machine and / or deep learning machine and / or artificial intelligence modules personal data of the corresponding, one-word, content-related, transferred, personalized, sensitive data (after verification and validation of the both in the person-related as well as in the one-to-one, associated content-related data and data merged together by means of the identical authorization key embedded in both types of data) are masked and / or anonymized, and wherein by means of the learning machine and / or deep learning machine and / or or artificial intelligence modules the masked and / or anonymized data using the fingerprint (M-FP1) of the
  • Confidants (the Confidant forms for the subsequent transfer of sensitive data and originator) encrypted at least partially transferred to network nodes of third parties, and that transferred to the network nodes of third parties, masked and / or anonymized data using the network nodes based on decrypted from the fingerprint (-M
  • the biometric encryption-decryption engine according to the invention has i.a. the advantages that on the one hand the privacy, secrecy and masked identity and anonymity of
  • Development centers are easily used (either with the masked identity for traceability or absolutely anonymous, with loss of traceability), in particular from the disease pattern patient-related
  • FIG. 1 shows in a concrete example with FPC sensors https://www.fingerprints.com/technology/hardware/fpcl 020 / and in FIG. 2 with a specific case how a mobile device can be meaningfully modified for the project , this also applies to high-quality sensors, such as face detection, z.
  • high-quality sensors such as face detection, z.
  • the Confidant in particular as a medical examiner, can by means of the invention on the one hand ad hoc and / or on demand, local and
  • the Confidant together with other previously agreed Confidants ad hoc and / or on demand, at any time and place, can securely, quickly and reliably assemble all or specific parts of personal data and / or electronic decentralized patient dossiers to have a holistic picture of the person being treated in order to transmit the content-specific data of the treated person to other specialists / confidants themselves and / or to record the diverse, decentralized patient dossiers into a single anonymous and / or encrypted patient dossier.
  • the invention is not limited to fingerprints as biometric characteristics.
  • Encryption of the content-related data of a particular patient generally provide biometric recognition such as fingerprint, face recognition or measurement / detection of the iris, etc. a wide variety of possibilities that are applicable in connection with the inventive engine.
  • biometric recognition such as fingerprint, face recognition or measurement / detection of the iris, etc.
  • the fingerprint recognition the one that is in the market at Clearly enforced and, for example, in the more modern smartphones is already integrated.
  • An advantage of the invention is therefore to be able to integrate established, technical, multi-proven, standardized solutions to propose with little effort a final-fo-end reliable, secure solution that meets the requirements for data security and the ethics committee.
  • the guarantee of the privacy, secrecy and anonymity of the personal data therefore starts with the originator and / or the patient.
  • the system and method according to the invention can be realized based on all types of personal, biometrically obtained measurements, since it is the essence of the invention to determine two independent, randomly generated, pseudo-personal keys, whereby all kinds of data, such as e.g. Video, voice recordings, pictures, texts u.v.n.m. with (a) a personal biometric key to encrypt and (b) the data with the second,
  • data such as e.g. Video, voice recordings, pictures, texts u.v.n.m. with (a) a personal biometric key to encrypt and (b) the data with the second,
  • systems and methods can also be employed country-specifically or worldwide one-to-one, in which the system or method makes the respective country-specific adaptations, such as language, time zone, country-specific identification IDs, etc. in a corresponding application, APP for short.
  • an end-user device which captures the personal, biometric measurements, in addition to use as an "interpreter", in which in the communication, the current, desired world-language translators are selected and included, for example, someone for help or in an emergency situation, the helping doctor's own patient information from the country of origin
  • All records such as language (esp. Original language), video, texts, images, etc. can be recorded by the end-user system by means of the system according to the invention.
  • Device recorded ad hoc and eg encrypted in the personal, electronic
  • the identity protection of an end-user, which as mentioned is a central element of the invention, is ensured because only secret, randomly generated, pseudo-biometric, personal measurements are generated and used from the real, personal, biometric measurements, and thus to AA Agencies and stored in AA agencies.
  • the authorization key which contains personal biometric measurements, is secretly generated according to the invention and is stored in the personalized data or electronic files (patient,
  • the authorization key represents and forms secret wildcards within all content-related data which describe a real state of affairs, such as e.g. clinical patient data, financial, or insurance, or research, or
  • the personal biometric measurements of the authentication key relate to body parts which are different from other biometric measurements, the
  • Authentication key as mentioned, secretly and / or protected generated, which uses for the encryption of the data.
  • the two different, real, personal, biometric measurements e.g. from two different ones
  • Fingerprints always and invariably preserved in the device / device of an end-user and protected against intruders or third parties, by preventing any external access.
  • the real, personal, biometric measurements (finger, face, iris, 7) are never transmitted by the system according to the invention via the network and certainly not anywhere, except in their own end-user device, as already described, stored. It is important to note that the system and method according to the invention in handling sensitive or highly sensitive data is recorded only by way of example on the concrete example of patient data.
  • the inventive system and method can also be without profound
  • the AA acids are built, secured, certified and operated as master-master-high-availability replication servers and according to the strict criteria of a credit card center.
  • the present invention allows for a simple extension of the algorithms and fingerprint recognition technology of the prior art.
  • platform services and technologies can be integrated and implemented, as described above using the example of Nexus.
  • the invention allows personal patient data encrypted by the patient to be transmitted to medical officers (or other confidants) and further transmitted by means of traceable, masked identity to third researchers or persons. Because of the masked identity, the data may subsequently be encrypted to third parties (e.g., research and development units) and transferred to a particular disease image of a particular patient as appropriate responses back to the respective medical officers / confidants and from these to the patient / originator. Nevertheless, the correlating disease patterns to the treatments can be kept in a secure, relational, fast database and / or NoSQL database and / or graph database.
  • Learning Machines or Deep Learning Machines or artificial intelligence-based modules and / or business intelligence-based modules process the anonymized and / or personal data provided with masked identity information and knowledge, and evaluate with high accuracy individual disease patterns Medications, healing procedures and therapies and examine the possible toxic
  • the originator is a medical patient, wherein the sensitive, personalized data automatically from a Learning Machine or Deep Learning Machine or Artificial Intelligence-based module as confidant and / or medical officer by means of a learning machine third party for further diagnostics and / or treatment Will be provided.
  • the mobile device of the may include at least one sensor for acquiring biometric data.
  • the mobile device of the originator can by further
  • the central access server may e.g. an authentication and authorization (AA) -Agency be assigned.
  • the confidant may e.g. to
  • the network nodes of third parties may e.g. to decrypt the masked and / or anonymized data on the corresponding fingerprints (M-FP1 / M-FP2) of the Confidant access the central access server (AAA) and transferred to itself.
  • the Learning Machine or Deep Learning Machine or Artificial Intelligence-based module e.g. the decrypted sensitive, personalized, contentual data on data consistency and data quality are verifiable.
  • Activation levels are detected and assigned to the originator, based on the activation levels, the data is made available to the network nodes of third parties.
  • the activation stages may e.g. at least the trigger elements "no
  • Action requirement "and / or” warning "and / or” alarm condition includes.
  • Action requirement "and / or” warning "and / or” alarm condition includes.
  • Documents consists of producer unit, trusted unit or trusted center and consumer unit.
  • the communication is bidirectional and always encrypted with the key of the receiving consumer (s).
  • Each consumer unit can itself be producer of another consumer or more
  • Producers and Consumers each independently produce two independent, individualized, biometric
  • Biometric key based at least in part on the biometric
  • Measurements are transformed, e.g. by means of an appropriate transformation module or cryptosystem. However, at least in part, the transformation may also be based on additional transformation links, e.g. random
  • Encryption algorithms such as the Data Encryption Standard (DES), Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), Public Key Encryption, public-key authentication and / or digital signatures.
  • DES Data Encryption Standard
  • AES Advanced Encryption Standard
  • IIDEA International Data Encryption Algorithm
  • Public Key Encryption public-key authentication and / or digital signatures.
  • the inventive transformation allows a unique assignment of biometric measurement in a digital biometric key, such as a 256-bit or 512-bit key.
  • the first biometric key is used to uniquely identify a producer.
  • the second, independent, biometric key is used for the
  • Encryption of data content i.e. Information and / or data and / or documents associated with the producer or producer unit.
  • Producers and Consumers independently send to the Trust Center the individualized, secret, biometric keys.
  • the content data such as information, data or
  • One of the two biometric keys serves exclusively for the encryption of the information and / or data and / or document. This biometric key is always stored in the trusted center and will never be sent over the network (except for the first time between Producer and Trusted Center).
  • the Trusted Center acts as a hub, with the tasks of producing with certain producers accredited by the Producer Consumers or Consumers to decrypt the Con ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ with the second key of the originating producer to encode immediately subsequently with a key of an associated, and approved by the Producer Consumers and either the encrypted content data to the to transfer the corresponding consumer, or to allow the exact location of the content data and the need of the producing producer's use or access.
  • Content data i.e. Information, documents, and / or data from a producer in the making never contains information that could be used to identify the producer. If a document identification data and / or
  • Producers take place either at the end device of the producer and / or the consumer, if this takes on the role of a producer vis-à-vis other consumers or in the central, fully-automated trusted center.
  • the individualized, biometric marker is used in particular for the one-to-one association between producer consumer.
  • producers with an end-user device can access all their own copyright content data (documents, information, data) at any time and anywhere.
  • Producers completely independently manage the granularity, i. the hierarchies, the access rights for each individual certified and assigned by the producer Consumer both to an entire document and / or information and / or data or parts thereof.
  • a producer can create his own content data
  • content data of a producer may include one and / or even multiple individualized biometric keys of consumer, which are known only to the trusted center and are managed in the trusted center. Only producers and / or consumers who mutate into producers may substitute the identity of a producer with the second individualist biometric key and embed in the content data.
  • a producer can change the hierarchy or granularity of the access to a document or parts thereof at any time without notifying the involved consumers. Conversely, if a certified, associated consumer of a
  • Document i. of content-data, of a hiring producer this in any way changes, interrogates, reads, opens or whatever manipulated the corresponding Producer as variant of invention can be informed immediately.
  • Entries in documents and / or information and / or data may only logically delete the author of a document and / or information and / or data.
  • all changes are always marked and tracked by the system.
  • a special SOS and / or alarm feature may allow third parties to create documents or content data for the producer.
  • Fig. 1 shows schematically the process step 1 on a modern iPhone as a mobile device.
  • the commercial iPhone can be e.g. by means of a card FPC1268 (fingerprint card 1268), which can be mounted independently of the platform under the cover glass of a smartphone, set up for the invention.
  • Two sensors can be used (www.fingerprints.com/products/fpcl 080a-swipe /;
  • FIG. 2 shows schematically process step 3. If the GP's infrastructure meets the security criteria, the P (FP1) and P (FP2) can be securely stored in the IT environment. Otherwise, the P (FP 1) and P (FP2) can be stored at an AA agency. The medical examiner must then request the key P (FP2) from a trusted AA Agency (Authorization, Authentication Agency) to decrypt the patient data.
  • Authorization Authentication Agency
  • An algorithm ensures that when closing the electronic patient dossier (i) the patient data is automatically encrypted with the key of the patient P (FP2) and (ii) the key P (FP2) (patient key) requested by the AA-Agency's medical officer deleted by the local IT system of the medical examiner.
  • Process step 4 comprises (i) learning machine masking all patient-relevant data (name, first name, date of birth, gender, ...); Data only with P (FP1), authorization key provided; (ii) Anonymized Patient Data with Key of the Medical Officer M (FP2) Encrypt E (Pat Data; M (FP2)); (iii) sending the encrypted data E (Pat data; M (FP2)) to a research, development center, e.g. Nexus.
  • Process step 6 comprises (i) Research and Development Center (R & D) requires key AA (FP1) from the AA Agency, i. Medical fingerprint for authentication, on. The authorization is done with the key M (FP2), i. Authorization by means of Medical Fingerprint; (ii) AA-Agency transmits the key M (FP1) to (R & D).
  • R & D the encrypted patient data E (Pat data; M (FP2)) is decrypted with the M (FP2)
  • the patient data also includes the patient's P (FP1) authorization key.
  • the learning machine can make a contribution to finding the match "disease pattern" of a patient with possible medication, therapies.
  • Fig. 5 shows schematically the inventive relationship between the medical officer / patient
  • Fig. 6 shows a flowchart for notification from the R & D to the patient.
  • Fig. 7-21 show an extension and improvement of
  • Fig. 7 illustrates a protocol structure of the sent high-sensitive data.
  • Fig. 8 a / b illustrate how an application or APP can contain different functionalities, separate personal data according to sensitivity, list of references, processes, information flow and administration of the
  • the app can e.g. scalable for end-user-specific extensions.
  • Fig. 9 shows an example of CRUD access applied to the content data of documents 1 and 2.
  • FIG. 10 shows an example of two different fingerprints, which may be different in length, as representative of two independent arbitrary randomly generated biometric keys.
  • FIG. 11 illustrates a method for generating the pseudo-personal
  • Fig. 12 shows field names and minimum number of fields for
  • Fig. 13 shows the binary code for each text code of Fig. 4.
  • Fig. 14 shows how an end user gives each a random sequence, e.g.
  • Fig. 15 shows an algorithm for creating two independent, randomly generated, pseudo-personal biometric keys.
  • FIG. 16 shows an example of a mapping between the patient, assigned physician or doctors and documents in the AA agency.
  • the MEDJD connects patient-doctor.
  • Fig. 17 shows by way of example three steps to existing electronic
  • Fig. 18 shows the registration of the MEDJD at the first visit to the doctor.
  • Figure 19 illustrates the process at the doctor / hospital / clinic to ask questions to R & Ds while maintaining privacy, secrecy and anonymity.
  • Fig. 20 illustrates the metadata about the documents PD_ [1 .. m] stored in the form of URL or URI [1 .. q] in the AA agency, precisely with patient authorization key P [1 ..r] (FPl) marked and P [l ..r] (FP2) encrypted and assigned exactly to a service provider MEDJD [1 .. t].
  • the documents can be stored in a cloud, preferably in a private cloud.
  • the URI of a document is unambiguous.
  • Figure 21 shows the relationship and mapping between MEDJD, questions from physicians to R & Ds, and embedding the authorization keys of patients and physicians in questions to R & Ds
  • Figure 22 shows a Decryption-Encryption-Decryption mechanism for Privacy, Secrecy, Anonymity to track questions of physicians about particular patients, but with masked identities of both patients and physicians at AA-Agency accredited Research and Development Laboratories to send.
  • Fig. 23 shows a structure for DaaS (Data as a Service) based on patient data.
  • the model is transferable to financial, insurance, and other industries for which patterns and pattern recognition are needed and used as a basis for prediction.
  • FIG. 24 shows how, based on patient approval and / or based on the registration of patients, physicians, and R & Ds with the Trust Center / AA agency, the content data (eg, pre-, clinical, and research data and results) may be either masked identities can be used traceable for patients or used completely anonymously by removing biometric markers.
  • the content data eg, pre-, clinical, and research data and results
  • Fig. 25 shows the FEDE method and system that allows collaboration between physicians and cutting-edge research while preserving privacy, secrecy and
  • Fig. 26 shows the data flow and process for establishing DaaS (Data as a Service) in the healthcare field.
  • FIG. 27 shows an exemplary distribution of the profit generated per data record among the participants and the return of a portion of the profit as remuneration to patients and data suppliers.
  • FIG. 1 schematically illustrates an architecture for a possible realization of a variant embodiment of the biometric, in particular fingerprint-based, encryption-decryption engine for controlled handling and secure operation
  • Patient data can be e.g. by encountering that one
  • Patient / consumer / originator either with the signature of his (patient) consent and / or registration of the consumer IDs, in the specific example the MEDJD, with which confidant and / or group of persons, such as Research & Development, financial, Insurance, intelligence, lawyers, etc. exchanges and makes available sensitive data, ie, for example, two different impressions of one finger each from one hand can be recorded electronically.
  • a fingerprint of one Hand applies for authentication.
  • the second fingerprint is used for authorization.
  • Transport cycle of the sensitive data is the personal data of the data, which describe the content of the communication, ie pre-, clinical, laboratory, financial, insurance, intelligence data strictly separated.
  • the system and method according to the invention can be applied to all types of personal, biometrically obtained measurements, because as the core of the invention two independent randomly generated personal keys are determined, whereby all kinds of data, such as e.g. Video, voice recordings, pictures, texts u.v.n.m. is encrypted with (a) a personal biometric key and (b) the data is tagged with the second, randomly generated, personal key, regardless of the first key.
  • the application or APP contains various
  • inventive system and method is scalable for end-user-specific extensions, responsive and consists of at least the following parts, so that the inventive system and method can act:
  • First aid information or specific information and / or measures for a business case with highly sensitive data transfer First aid information or specific information and / or measures for a business case with highly sensitive data transfer.
  • the application or APP can contain various functionalities, in particular it can separate the data according to sensitivity, terms, processes and information flow.
  • the app can be scalable for end-user-specific extensions.
  • the person-related information includes fields such as names, first names, etc. (see Fig. 12). Portions of these fields or all fields are used to form the two pseudo-personal, biometric key authorization keys and authentication keys. These fields or parts thereof may be used, in particular, over the common,
  • the generated pseudo-personal authorization key can also be used by the end user of the device as an electronic, authentic signature: the list for "First Help or information on what to take "may be important in the context of" SOS functionality "when an end user of a device is unconscious, for example, the helper / ambulance may receive vital information about the unconscious person, such as allergies , important drugs and their administration, person to be notified, uvnm
  • the helper / ambulance may receive vital information about the unconscious person, such as allergies , important drugs and their administration, person to be notified, uvnm
  • technical instructions such as notification, data handling, alert triggers, eg in the case of intelligence.
  • the list of referenced persons may e.g. include (a) in the case of patient data, the fields MED [1, 2, ..] -ID, pharmacist [l, 2] -ID, generally the
  • Caregiver ID of a health care provider and / or the R_D_ID (ID of Research and Development, Laboratories, ).
  • R_D_ID ID of Research and Development, Laboratories, .
  • the system according to the invention and method for the authorization / authentication by means of pseudo-personal biometric measurements access to other sensitive data to apply, for.
  • the domain name nomenclature can be defined as follows: ⁇ free_selectable_name>. ⁇ Country specific_grob_division>. ⁇ Country>, for example, ⁇ free_selectable_name> - myAA_Agency_NPU;
  • AA Agency may e.g. store and manage metadata, keys, access rights, URIs, procedures, rules, rules and regulations for each individual, and whether and how data must be exchanged between the participating subjects "producer-owner-sender” - "consumer-authorized-receiver".
  • an assistant can access the content data of the device of an unconscious person
  • the end user device is automatically and immediately connected to an official, certified alarm center in the respective country of residence, which provides the SOS alarm functionality
  • the access to the personal data which is stored encrypted locally on the user device, is only possible to third parties who operate the SOS function if these third parties have been authenticated by the alarm center.
  • the alarm center grants access to the end-user device of the unconscious person and releases the corresponding content data to the unconscious person.
  • the connection between the alarm center and the end device of the unconscious person can be created automatically, for example, by activating the SOS function become.
  • the initiated measures, decisions uvnm can be recorded by third parties.
  • the biometrically generated authorization key of the unconscious person embeds along with the data of the helper in the data packet and is encrypted with the second biometric key of the unconscious person.
  • the Trusted Center can record the emergency procedure and all content data based on the authorization key of the unconscious person. Notaries, health professionals or those who own an end-user device with the same APP, the own device for identification to the Trusted Center eg by means of common procedures (eg Bluetooth, infrared, scanning, WiFi, etc.) the emergency procedure nudge the unconscious person's device to access the unconscious person's content data and the applied ones
  • common procedures eg Bluetooth, infrared, scanning, WiFi, etc.
  • the device of the unconscious person embeds the biometric, pseudo-personal authorization key of both the affected, unconscious person and the helping third / emergency / health professional in the emergency record data and links the personal data of the person
  • the data sovereignty owners of an end-user device and data owner with the CRUD (C (reate), R (ead), U (pdate), D (elete)) rights locally on the end user device. Only a device and data owner may grant the CRUD access rights to the documents to "consumer entitlement receivers", e.g.
  • FIG. 9 shows an example of CRUD access applied to documents 1 and 2.
  • the designation MED_ [1, 2, ..] should serve as a concrete example for the case of patient data on behalf of all with a unique ID marked and only to the person related, unique identification serve. With the ID marking, z. B.
  • an end user and owner forms "producer” of a device and data connects directly to the "consumer” and owner of the ID tag, in the example MED [1].
  • the document p, 2, ...] - names can be displayed in plain text, for example, in the mask of the application of an end-user device.
  • the document name can be a part of the total, absolute addressing, thus the physical
  • URI Unique Resource Identifier
  • Storage location and document names and associated resources (content data) are assigned as metadata (a) to the "producer owner sender” and (b) as metadata in the AA- Agency, ie the Trust Center, with the pseudo-personal biometric authentication key encrypted, stored ..
  • Intelligence technology u.v.n.m. be used when sending highly sensitive data to third parties and / or from third parties to groups, and / or to send machine-to-machine, automatic pattern recognition through artificial intelligence, machine or deep learning. Sensitive data can thus be masked analyzed or processed by the identity of the author, but the identity of the affected individual or the associated reference person remains protected / secret, thus preserving privacy, secrecy and anonymity of the individual or reference person. With FPC sensors and appropriate integration with the mobile device, e.g. personal fingerprints are captured.
  • Fingerprint Cards can cover the full breadth of biometric technologies, especially fingerprint sensors, biometric processors (based on specialized algorithms) and fingerprint sensor module (sensor integrated into the processor.)
  • biometric processors based on specialized algorithms
  • fingerprint sensor module sensor integrated into the processor.
  • Bit sequences of scanned body parts are additionally stored separately and securely within the device.
  • the personal, randomly generated, biometric keys are used by the automated trust center or trust unit to validate and verify the identity of an end user.
  • An example of a bit sequence for the tapping of the two fingerprints is shown in FIG.
  • a maximum of two errors during registration are allowed.
  • the functionality of the application in the end user device is blocked for the transmission of sensitive data. This can prevent multiple, trial and error attempts, e.g. to hack access to the application in the end device.
  • Fig. 12 shows by way of example the field names and minimum number of fields for
  • Fig. 13 shows the binary code for each text code of Fig. 10.
  • “Nunzio” corresponds to the binary code "01001 1 10 01 1 10101 01 101 1 10 01 1 1 1010 01 101001 01 101 1 1 1”
  • Pass-ID corresponds to the binary code "01000001 01000001 001 1001 1 001 10100 001 1 1000 001 10000 001 10000 001 10001
  • a method may e.g.
  • Fig. 14 illustrates the input of an end user with a random sequence [4, 9, 7, 6, 5, 2, 1, 8, 3].
  • the objective function may e.g. Randomly apply bit operations (addition, subtraction, division, multiplication) or Boolean operations (AND, OR, XOR) to the bit sequence sequences.
  • the key generated therewith may e.g. at least 512 bits.
  • the temporarily stored number sequence [4,9,0,7,6,5,2,1, 8,3] may e.g. with the generated
  • Authorization keys are encrypted, stored in the end device, and the plain-text sequence [4,9,0,7,6,5,2,1, 8,3] is deleted at a later date. If necessary, the original sequence of numbers can be determined.
  • This first key as an authorization key, is referenced here as FP1 in order to illustrate the method and system according to the invention using the example of the fingerprints.
  • the key FP1 may be generated from the combination of a personal biometric measurement, in this case fingerprint one, and an interchange, the values of the field names represented as binary code.
  • startDialogForFingerPrintTwo may perform the dialog with an end user to, in the patient data example, use the second fingerprint for the end user
  • This second key is thus detected and generated as a second bit sequence of the personal, biometric measurement, by means of which the content-related data
  • authorization key (anonymous and / or masked content data) are encrypted (referred to here as authorization key / authorization).
  • the first key (anonymous and / or masked content data) are encrypted (referred to here as authorization key / authorization).
  • Authentication key is used to encrypt the person-specific data (Authentication), which are associated with the encrypted with the second key anonymized and / or masked content data.
  • the method steps "generatePseudoPersonalizedKeyTwo" from the end user can use a second number sequence, eg [5,9, 1, 8,3,4,6,2,7, 3], which should be different from the first sequence of numbers [4,9,0,7,6,5,2,1, 8,3] used for the first biometric measurement, eg Fingerprint One , the method can verify and validate whether the second, randomly generated, pseudo-personal key (FP2) is different from the first key FP1, and, for example, not 000 ...
  • FP2 pseudo-personal key
  • the second sequence of numbers [5,9,1, 8,3,4,6,2,7,3] is stored encrypted in the end user device with the authentication key FP2, and the two can be read in plain text stored number sequences [4,9,0,7,6,5,2,1, 8,3] and [5,9,1, 8,3,4,6,2,7,3] are deleted.
  • Measurements can only be stored safely in the device of the owner and not be sent out of the device; (3) use one of the two independent, randomly generated, pseudo-personal keys to identify the identity of an end user with the
  • the authorization key serves as a marker and is automatically embedded in documents, information of all data.
  • the second independent, randomly generated, pseudo-personal key that
  • Encryption-Decryption uses two different algorithms already established. It may be necessary for the algorithms used to be different, robust, fast and unbreakable for each of the two tasks; (5) for each selected algorithm, exactly one of the two randomly generated, personal pseudo-keys are used; (6) The Confidant / Physician / Research Manager, etc. listed by the producer / originator in the application, e.g. MED_ [1], but may not necessarily be registered in the same AA Agency / Trust Center, because of the mapping between
  • Originator-Confidant becomes in the AA-Agency, where the originator / producer is registered both the KennJD and the link where the consumer / confidant is registered - that is, as a resource - stored with the authorization key of the originator / producer. Because the AA agencies are linked by domain names, the AA agencies can also be distributed worldwide as long as, for example, technical constraints of credit card centers are met.
  • Fig. 15 illustrates an algorithm for creating two independent, randomly generated, pseudo-personal keys.
  • a self-destruct mechanism can protect the end user from attacks. If e.g. Manufacturer of devices the true bit sequences from the real, personal, biometric
  • Measurements e.g. Finger prints, not at two different locations in the
  • Device / device of an end-user stores, the process can be the disconnected
  • the method and system may e.g. guarantee that if an intruder tries to enter one of the two or both locations where the biometric measurements and / or one of the two locations in the end-user device are stored in the device and where the randomly generated pseudo-personal keys are stored In the example FP1 and FP2, it blocks the destruction of both randomly generated pseudo-personal keys and blocks the functionality of the application in the end-user device for data transfer.
  • an end user must then repeat the steps for generating the two keys, ie authorization keys and authentication keys (FP1 / FP2). The recovery of the two keys, ie authorization keys and
  • Authentication key can e.g. as a variant, it would only be possible to protect this from AA attacks against attacks if an end user identified himself to a certified person. An end user must be e.g. with an officially recognized
  • the certified person can log in to the Trust Center, ie the AA Agency, with his randomly generated pseudo-personal authorization key (FP1), and terminate the verification key and authentication key of the Verified End User (FP1 / FP2) who holds the authorization keys and authentication keys must re-create.
  • the keys terminated in the Trust Center or in the AA Agency, for example, can only be logically scheduled but never physically deleted.
  • the history of the keys from the timestamps and activities to the keys eg deleted because device compromised, a day, ... month ... year ... at ... o'clock ... minutes ...; newly created ... certified person FP1 of the accredited person) and fully traceable.
  • the authorization authentication mechanism may e.g. be protected in two ways:
  • Re-identification process of an end-user will be verified and validated in case of doubt the authentication and authorization of an end-user.
  • This case can happen, for example, with a hacker attack, such as MITM (man-in-the-middle), session-hijacking, session-rerouting, XSS (cross-site-scripting), sql-injection and / or others
  • MITM man-in-the-middle
  • XSS cross-site-scripting
  • sql-injection and / or others Hacking attacks
  • This solution has a preventive effect, so a cross-over and refresh mechanism is used.
  • an end-user device will be prompted to verify and validate the identity with the AA Agency.
  • the trust center asks an end user to transfer the fingerprint for authorization.
  • the requested fingerprint is compared with the authentication fingerprint. Mutatis mutandis, this applies to the second finger print, hence "cross-over.”
  • the test serves to compare at an unpredictable time, the pseudo-personal keys in End User Device and in the AA Agency.
  • the ad hoc tap of the personal biometric data serves only as a trigger to on the end user device with the initially stored, true, personal biometric biometric bit sequences and the bit sequences of the
  • One advantage of this is that if an intruder empowered an end-user device and gained access to the data transfer application, he would be able to use the ad hoc generation of the both randomly generated pseudo-personal keys will fail, so the AA-Agency server can close with high certainty whether it's the real end user of the device or e an intruder.
  • the trust center for example, can close the session and immediately block the functionality of the data transfer on the end device.
  • the pseudo-personal key such as fingerprint PFP (l) (authorization key)
  • PFP (l) authority key
  • the person-related information and / or other definable individual-relevant data or data, which allow to close exactly on the identity of a person, are not transmitted during the actual data transfer or with the data (content data), which describe contents, mixed;
  • the ready-for-dispatch protocol to the AA Agency may thus include: (i) the randomly generated pseudo-personal key PFP (l), (ii) with PFP (l)
  • the actual electronic patient dossiers are physically located at distributed, remote storage locations (see Figure 16) where they are encrypted with a patient's authentication key; (7)
  • the URIs of the content data (ie documents), ie the metadata of the electronic content data, are encrypted and contained in the encrypted URI the personal authorization key PFP (l) of a patient.
  • a system automatically sends a message to the patient. Each step is registered and logged in the AA-Agency in the logbook.
  • the Trust Center transmits the URIs of other electronic dossiers or patient content data to eligible physicians, based on the prior CRUD rights.
  • the entire electronic patient dossier corresponding to all content data associated with consumer / producer
  • selected parts of the electronic patient dossier can be combined on demand and ad hoc.
  • the electronic patient dossier and the associated identity of a patient can only be read in plain text by a physician authorized by the patient.
  • the software installed locally at the doctor can also locally at the doctor the two asynchronously acquired data packets, ie both the content data (ie document with the clinical data), as well as the document with the identity of a patient (authentication)
  • the system and method first locally verifies to the physician that the separately sent authorization keys PFP (l) of a patient, once attached to the clinical data packet, are identical a second time attached to the person-related data packet. If the two separate and asynchronously transmitted authorization keys PFP (1) of a patient agree, the procedure with the physician's authentication key MPFP (2) decrypts both documents containing strictly separate data types (personal / clinical data). In the event of an error, ie if at least one of the two authorization keys PFP (l) of a patient does not coincide with at least one of the separately transmitted authorization keys PFP (l) of a patient, then both documents, ie person-related data document and document with clinical data, remain encrypted. The system and procedure automatically destroy the two documents.
  • Fig. 16 illustrates an example of a mapping between patient, assigned physician or physicians and documents;
  • the Trust Center / AA Agency acts as a "relay and switch device" for the encryption of the data, and the respective data and / or resource URIs to be transmitted are used with the
  • System and method according to the invention with encryption-decryption of content data in this case clinical data which physicians can send to a wide variety of research and development (R & D) companies distributed throughout the world, likewise corresponds to the system and method according to the invention as between patients / Doctors, however, with the essential difference that the system and procedure does not allow the physicians the person-related data of both
  • the send protocol is designed to send the R & Ds and so on to one or more of the Trust Center / AA agency registered and accredited
  • Questions include the authorization key of a patient PFP (1) and the authorization key of the associated physician MPFP (l) and the questions with the
  • Authentication key R_D_i includes encrypted.
  • the data on the questions to R & Ds are, mutatis mutandis, encrypted with the same procedure as between the patient / physician and the authentication key R_D_i (FP2) of the responsible person respectively the respective person in charge of the different R &Ds; (1 1) As soon as the questions in the R & Ds are decrypted with their own locally stored authentication key R_D_i (FP2) of the responsible person (this method is particularly suitable for machine-to-machine communication because the strings need only be compared to identity), can the respective responsible person the Transfer problem eg to several employees.
  • the identities of both the patient and the ordering physician remain in each case hidden and masked / anonymous and in pairs associated with the authorization key of the patient and the authorization key physician clearly but just masked included; (12)
  • the answers to the respective physician are encrypted with the respective authentication key R_D_i (FP2).
  • the method inserts in each case the authorization keys of the patient PFP (l) and of the physician MPFP (l), which is assigned to the uniquely asked question.
  • the procedure determines the physician's MPFP (2) associated authentication key MPFP (2) and the URIs where R & Ds physically stored the answers for the physician. Thereafter, the procedure begins the reverse process to determine the physician's response to the patient
  • Fig. 17 illustrates three steps to operate existing electronic patient data with FEDE. If a patient does not have MEDJD at the first visit, then the patient registers the MEDJD in the application.
  • Fig. 18 illustrates the registration of the MEDJD at the first visit to the doctor.
  • Fig. 19 illustrates the process at the doctor / hospital / clinic to ask questions to R & Ds respecting privacy, secrecy and anonymity.
  • Fig. 20 illustrates that the metadata to the documents
  • PD_ [1 .. m] are stored in the form of URL or URI [1 .. q] in the Trust Center / AA agency, marked exactly with patient authorization key P [1 ..r] (FPl) and P [l. .r] (FP2) is encrypted and assigned to exactly one service provider MEDJD [1 ..t].
  • Documents can be stored in a cloud, preferably in a private cloud.
  • the URI of a document is unambiguous.
  • FIG. 24 which illustrates the registration of patients, physicians, and R & Ds to the AA agency based on patient consent, with the pre-, clinical, and Research data and results either with masked identities can be traceable for patients or used completely anonymously by removing the biometric markers; and Fig. 25, which enables the FEDE method, facilitating collaboration between physicians and cutting-edge research while preserving privacy, secrecy and anonymity for personalized medicine.
  • DaaS Data as a Service
  • Patient data provided by physicians with the consent of patients to various Research & Development
  • Fig. 27 illustrates a DaaS (Data as a Service) structure based on patient data.
  • the model is transferable to financial, insurance, and other industries for which patterns and pattern recognition are needed and used as a basis for prediction.
  • This structure several requirements can be fulfilled and realized while maintaining privacy, secrecy and anonymity: (1) Healthy individuals: Every day, electronic data records personal data about the functioning of human organs.
  • these data can either be traceable, ie the authorization key PFP (1) of the data transmitters, for example coupled with the authorization key MPF (l) of an assigned physician with the consent of a sender, but can also be sent to research and development centers be sent, eg for preventive medicine, epidemic prevention, early detection, correlation of mutations also in function of environmental factors, eating habits uvnm or completely anonymous, ie the authorization key PFP (l) the data transmitter and / or the personal data with the the authorization key MPF (1) of an assigned doctor with consent a sender are deleted from the records;
  • Chronically Ill and Individuals with Rare Diseases The method and system according to the invention is particularly suitable for chronically ill individuals and / or individuals with rare diseases.
  • the data which are recorded by electronic devices and / or continuous monitoring (pedometer, heart rate, heart rate, diabetes, ...) with electronic devices can be sent directly to the doctor.
  • Methods such as deep learning / artificial intelligence can detect patterns and time series analyzes, comparisons, and patterns based on the measurement data continuously obtained from the monitoring
  • Figure 24 shows how, based on patient consent and the registration of patients, physicians and R & Ds in the Trust Center / AA Agency, the pre-, clinical and research data and results either with masked identities can be traceable to patients or removed of the
  • FIG. 25 illustrates that the FEDE method facilitates and simplifies collaboration between physicians and cutting-edge research while preserving privacy, secrecy and anonymity for personalized medicine.
  • FIG. 26 shows, by way of example, the data flow and processes for setting up DaaS (Data as a Service) in the healthcare sector
  • the incentive for individuals to provide data may be e.g. It is that for each of Pharma, Research and Development or
  • Institutions supplied data set a monetary value, in the sense of supply and demand, defined in the sense of a kind of balanced data exchange (see Fig. 20), which is a split of the profit per record among the associated parties and a possible return of part of the profit as Compensation to patients and data providers illustrated.)
  • an AA agency authorizes, authentication agency
  • An AA agency such as Nexus
  • the data may be "transparently encrypted” in this particular access server, so even the administrators of the server have no way to access that data in any way
  • an AA Agency Authorization, Authentication Agency
  • All stored data is additionally encrypted with a key that is different from the authorization and authentication key of the respective managed individual.
  • This additional so-called “transparent encrypted” measures with a further independent key for already encrypted resources is a further protection for end users, so that even administrators of the server have no way to access the pseudo-personal encrypted data in any way
  • Step 1 Conversion of a mobile device, e.g. a commercial iPhone, to a personal smartphone for originators, especially patients, so that it is possible to use the fingerprints of two different fingers z. B. by one hand in the local iPhone card, as described, to register.
  • One fingerprint P (FP1) is used for authorization
  • the second fingerprint P (FP2) for authentication P (FP2).
  • the fingerprint P (FP2) is considered as encryption of the patient data. Both fingerprints are deposited with an AA Agency (see Fig. 1).
  • Step 2 A corresponding module, e.g. An APP guides patients through all necessary steps: compilation, validation, encryption and transfer of data to the medical officer (see Fig. 2), as described.
  • An APP guides patients through all necessary steps: compilation, validation, encryption and transfer of data to the medical officer (see Fig. 2), as described.
  • Step 3 The confidant, especially a medical officer and / or a learning machine, decrypts, as described, the obtained, pure
  • Patient data without person-related data by means of the Learning Machine and / or Deep Learning Machine and / or AI (Artificial Intelligence) modules is parameter specific to an individual and checks the obtained data for consistency and quality.
  • AI Artificial Intelligence
  • three trigger levels are detected: green, no need for action; Yellow, warning; Red, alarm condition (see Fig. 4).
  • the Learning Machine automatically creates storage media from the outside network inaccessible, a backup of the patient dossier. During the backup, the Learning Machine disconnects the GP's work computer from the outside network. Once the backup is complete, the Learning Machine re-inserts the workstation into the network. For fraudulent data access, for example, with subsequent, possible extortion, the stolen data for Hakkers worthless, because the connections between person-related data and the content-descriptive data of an individual are always strictly separated and stored, in addition, different encrypted If hackers encrypted patient data with lock a Hakkers' key, the medical officer can at any time except the last stored data from the backup and / or failure system install an identical copy on the main computer (leave) and delete the data encrypted by the hackers without hesitation.
  • Step 4 The Confidant resp.
  • the medical examiner deposits his two fingerprints M (FP1) Authorization for and M (FP2) for authentication also at a trustworthy AA Agency (Authentication and Authorization Agency).
  • M Authentication and Authorization Agency
  • the masked, anonymized patient data transfers the learning machine or the confidant or medical officer with the method and system extended according to the invention.
  • Step 5 Only the Confidant is able to assign the encrypted patient data with masked identities to exactly one patient and has full visibility into the patient dossier as described in the procedure.
  • Step 6 Research and development centers use the biometrically masked identities and encrypted patient data to correlate disease patterns with potential drugs, therapies, vaccines, and epidemic prevention. As feedback, only Confidants, i.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un moteur biométrique de cryptage-décryptage, basé sur les empreintes digitales, pour manipuler de façon contrôlée et la transmission sécurisée de données sensibles personnalisées et un procédé correspondant. Des données biométriques d'un expéditeur et d'une personne de confiance, en particulier un ensemble de 2 empreintes digitales différentes (P-FP1/P-FP2 et M-FP1/M-FP2) sont détectées au moyen d'un terminal mobile. Les empreintes digitales (P-FP1/P-FP2) sont stockées dans une carte SIM du terminal mobile. La première empreinte digitale (P-FP1/M-FP1) est associée à l'authentification et la seconde empreinte digitale (P-FP2/M-FP2) est associée à l'autorisation. La seconde empreinte digitale (P-FP2/M-FP2) est utilisée pour le cryptage des données sensibles personnalisées. Au moyen d'une machine d'apprentissage de la personne de confiance et au moyen des empreintes digitales, des données sensibles personnalisées transmises par le patient sont décryptées, masquées et/ou rendues anonymes et mises à la disposition de tiers pour le diagnostic correspondant et/ou la détermination de la médication ou de la thérapie.
PCT/EP2017/068169 2016-07-18 2017-07-18 Moteur de cryptage-décryptage destiné à manipuler des données de patient sensibles et procédé correspondant Ceased WO2018015409A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CH01018/18A CH713712B1 (de) 2016-07-18 2017-07-18 Encryption-Decryption Engine zur Handhabung sensitiver Patientendaten und entsprechendes Verfahren.

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CH00913/16A CH712712A2 (de) 2016-07-18 2016-07-18 Fingerprint Encryption-Decryption Engine zur Handhabung sensitiver Patientendaten und entsprechendes Verfahren.
CH00913/16 2016-07-18

Publications (1)

Publication Number Publication Date
WO2018015409A1 true WO2018015409A1 (fr) 2018-01-25

Family

ID=59384168

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/068169 Ceased WO2018015409A1 (fr) 2016-07-18 2017-07-18 Moteur de cryptage-décryptage destiné à manipuler des données de patient sensibles et procédé correspondant

Country Status (2)

Country Link
CH (2) CH712712A2 (fr)
WO (1) WO2018015409A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327836A (zh) * 2018-11-01 2019-02-12 珠海格力电器股份有限公司 一种网络鉴权认证方法、装置、设备及介质
US20230121356A1 (en) * 2021-10-20 2023-04-20 Yodlee, Inc. Synthesizing user transactional data for de-identifying sensitive information

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102023120793A1 (de) * 2023-08-04 2025-02-06 Perfect-iD GmbH System zur nutzerseitig autorisierten Speicherung und/oder Freigabe von nutzerbezogenen Daten wenigstens eines Nutzers

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020010679A1 (en) * 2000-07-06 2002-01-24 Felsher David Paul Information record infrastructure, system and method
US20070279187A1 (en) * 2006-04-12 2007-12-06 Shahrooz Hekmatpour Patient information storage and access
US20110078771A1 (en) * 2009-09-30 2011-03-31 Authentec, Inc. Electronic device for displaying a plurality of web links based upon finger authentication and associated methods
US20110288874A1 (en) * 2010-05-18 2011-11-24 Midamerican Healthcare Inc. System and Method for Providing Authentication of Medical Data Through Biometric Identifier

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020010679A1 (en) * 2000-07-06 2002-01-24 Felsher David Paul Information record infrastructure, system and method
US20070279187A1 (en) * 2006-04-12 2007-12-06 Shahrooz Hekmatpour Patient information storage and access
US20110078771A1 (en) * 2009-09-30 2011-03-31 Authentec, Inc. Electronic device for displaying a plurality of web links based upon finger authentication and associated methods
US20110288874A1 (en) * 2010-05-18 2011-11-24 Midamerican Healthcare Inc. System and Method for Providing Authentication of Medical Data Through Biometric Identifier

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327836A (zh) * 2018-11-01 2019-02-12 珠海格力电器股份有限公司 一种网络鉴权认证方法、装置、设备及介质
US20230121356A1 (en) * 2021-10-20 2023-04-20 Yodlee, Inc. Synthesizing user transactional data for de-identifying sensitive information
US12032721B2 (en) * 2021-10-20 2024-07-09 Yodlee, Inc. Synthesizing user transactional data for de-identifying sensitive information
US20240320373A1 (en) * 2021-10-20 2024-09-26 Yodlee, Inc. Synthesizing user transactional data for de-identifying sensitive information
US12353601B2 (en) * 2021-10-20 2025-07-08 Yodlee, Inc. Synthesizing user transactional data for de-identifying sensitive information

Also Published As

Publication number Publication date
CH713712B1 (de) 2020-03-31
CH712712A2 (de) 2018-01-31
CH713712A1 (de) 2018-01-25

Similar Documents

Publication Publication Date Title
US12425801B2 (en) Records access and management
US10818385B2 (en) Records access and management
CN110462654B (zh) 记录存取和管理
US9619616B2 (en) Records access and management
CN113228023A (zh) 培训和健康领域的统一识别协议
TWI700707B (zh) 取得電子醫療健康記錄的方法與系統
US8498884B2 (en) Encrypted portable electronic medical record system
WO2020000825A1 (fr) Procédé et système de traitement de données de traitement médical, dispositif informatique et support d'informations lisible
CN107004048B (zh) 记录访问和管理
CN119380917A (zh) 一种基于医疗大数据的普外科医疗信息共享方法及系统
CN109994165A (zh) 一种基于手术数据的云系统
Li et al. Leveraging standards based ontological concepts in distributed ledgers: a healthcare smart contract example
Lehto et al. Cyber security in healthcare systems
WO2018015409A1 (fr) Moteur de cryptage-décryptage destiné à manipuler des données de patient sensibles et procédé correspondant
Kolan et al. Medical blockchains and privacy in Austria-technical and legal aspects
EP3404569B1 (fr) Procédé et système d'authentification comportementale
DE10156877B4 (de) Verfahren und System zum gesicherten Speichern und Auslesen von Nutzdaten
Sohn et al. Clinical study of using biometrics to identify patient and procedure
CN116776389B (zh) 一种基于区块链的医疗行业数据安全监管系统
JP2026513160A (ja) セキュアユーザ情報を取り込んで範囲の制限されたアクセスを許可するためのマネージャ
DE202022107224U1 (de) System zur sicheren Speicherung und Transaktion von Gesundheitsdaten in miteinander verbundenen implantierten medizinischen Geräten und Steuerungsserver
DE10209780B4 (de) Datenverarbeitungssystem für Patientendaten
EP3477515B1 (fr) Fourniture des données physiologiques
Bombera Privacy-preserving eHealth: A self-sovereign identity based infrastructure for medical records
Savoska et al. Integration of Heterogeneous Data into Electronic Patient Records

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 10201800001018

Country of ref document: CH

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17742728

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17742728

Country of ref document: EP

Kind code of ref document: A1