Verifiable and redactable medical documents

Brown, Jordan Lee

16 July 2012

The objective of the proposed research is to answer the question of how to provide verification and redactability to medical documents at a manageable computation cost to all parties involved. The approach for this solution examines the use of Merkle Hash Trees to provide the redaction and verification characteristics required. Using the Merkle Hash Tree, various Continuity of Care Documents will have their various elements extracted for storage in the signature scheme. An analysis of the approach and the various characteristics that made this approach a likely candidate for success are provided within. A description of a framework implementation and a sample application are provided to demonstrate potential uses of the system. Finally, results seen from various experiments with the framework are included to provide concrete evidence of a solution to the question which was the focus of this research.

Merkle hash tree

Redactable

Verification

Medical documents

CCD

Data structures (Computer science)

Electronic data processing

Preserving privacy with user-controlled sharing of verified information

Bauer, David Allen

13 November 2009

Personal information, especially certified personal information, can be very valuable to its subject, but it can also be abused by other parties for identify theft, blackmail, fraud, and more. One partial solution to the problem is credentials, whereby personal information is tied to identity, for example by a photo or signature on a physical credential. We present an efficient scheme for large, redactable, digital credentials that allow certified personal attributes to safely be used to provide identification. A novel method is provided for combining credentials, even when they were originally issued by different authorities. Compared to other redactable digital credential schemes, the proposed scheme is approximately two orders of magnitude faster, due to aiming for auditability over anonymity. In order to expand this scheme to hold other records, medical records for example, we present a method for efficient signatures on redactable data where there are dependencies between different pieces of data. Positive results are shown using both artificial datasets and a dataset derived from a Linux package manager. Electronic credentials must of course be held in a physical device with electronic memory. To hedge against the loss or compromise of the physical device holding a user's credentials, the credentials may be split up. An architecture is developed and prototyped for using split-up credentials, with part of the credentials held by a network attached agent. This architecture is generalized into a framework for running identity agents with various capabilities. Finally, a system for securely sharing medical records is built upon the generalized agent framework. The medical records are optionally stored using the redactable digital credentials, for source verifiability.

Merkle hash tree

Credential

Medvault

Identity agent

Dependencies

Disclosure dependencies

Hash graph

Identity management

Security

Cryptography

Hash tree

Privacy

GUIDE-ME

GUCIdA

Identity theft

Computer security

Data protection