EP3219048A1 - System and method for securely storing and sharing information - Google Patents
System and method for securely storing and sharing informationInfo
- Publication number
- EP3219048A1 EP3219048A1 EP15859389.7A EP15859389A EP3219048A1 EP 3219048 A1 EP3219048 A1 EP 3219048A1 EP 15859389 A EP15859389 A EP 15859389A EP 3219048 A1 EP3219048 A1 EP 3219048A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- cloud
- data
- individual
- lockbox
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/88—Medical equipments
Definitions
- Cryptography can provide strong protection, but the key exchange process makes sharing encrypted data clumsy and sometimes insecure. Weak, absent, or disconnected identity verification also degrades the effectiveness.
- a method to conduct secure exchange of encrypted data using a three-party security mechanism consisting of the key masters operated by the members of the community of interest, the registries, and the cloud lockboxes.
- the registries establish unique identities, verify authenticity, and create directories of individuals, members, organizations, key masters, cloud lockboxes and. other registries.
- the registries manage permissions lists communicated to the cloud lockboxes, as well as detecting and halting anomalous activity.
- the members operate key master software, preferabl provisioned as an appliance, to create and manage keys for individuals, handle encryption, and decryption and conduct key exchanges with other members.
- the cloud lockboxes manage file storage, retrieval, and. access control.
- the related appiication programming interfaces support with multiple levels of integration aud generate metadata specific to the needs of the application.
- a community of interest establishes operating parameters including ' , selecting an encryption algorithm, establishing identity verification processes, and selecting a security level.
- a method for minimizing the exposure of data to system administrators is disclosed.
- the protected data is encrypted prior to reaching the cloud lockbox, the cloud lockbo never has the decryption key, thus the system administrator performing duties for performance optimization and maintenance of the clood lockboxes has access to the encrypted data but does not have the decryption key.
- the benefits of this aspect extend into the premises-based or cloud-based storage of the application itself.
- a method for integrating with applications and creation of hybrid cloud and on-preraises data storage solutions is disclosed.
- the invention provides robust approaches for the integratio of an application into the community of interest by providing both published and unpublished application programming interfaces supporting multiple levels of application integration ranging from native integration to the use of industry-standard interfaces to simple archiving solutions.
- the method facilitates the creation of hybrid, cloud and cm-premises storage solutions with predictive caching; and provides a method to integrate disparate applications within a single enterprise or across multiple enterprises.
- Th invention can b deployed in various ways to achieve the security level desired by the community of interest ranging from; a. the stringent Federal Information Processing Standards 140-2 Level 4;
- Figure 1 is a schematic block diagram illustrating an example environment for the systems, devices and methods of the present application.
- Figure 2 is a schematic block diagram further illustrating operation of the UHE of Figure 1.
- Figure 4 is a schematic block diagram illustrating a patient registration process using the UHE of Figure I .
- Figure 5 is a schematic block diagram illustrating the use of activity logs using the UHE of Figure 1.
- Figure 6 is a schematic block diagram illustrating sharing write-only data using the UHE of Figure 1.
- 100 J 9 j Figure 7 is a schematic block diagram illustrating communications in an emergency situation using the UHE of Figure 1.
- Figure 8 is a schematic block diagram illustrating mechanisms for identifying fraud, waste and abuse using the UHE of Figure 1.
- Figure 9 is a schematic block diagram illustrating the generation of de- identified patient data using the L I If- of Figure 1.
- J 0022 J Figure 10 is a schematic block diagram illustrating the key change and/or revocation of access using the UHE of Figure I.
- Figure 11 is a schematic biock diagram illustrating the key recovery process using the UHE of Figure 1 .
- Figure 12 is a schematic block diagram illustrating the ability to support multiple participant software modules using the UHE of Figure 1.
- Figure 13 is a schematic block diagram illustrating other alternativeiate en vironments for the systems, devices, and methods of the present appiication.
- Figures 14 A and 1 B are a schematic block diagrams illustrating other alternate environments for the systems, devices, and methods of the present application.
- Figure 15 is a schematic block diagram illustrating other alternate environments for the systems, devices, and methods of the present application.
- Figure 16 is schematic block diagram illustrating an alternate environment for the systems, devices, and methods of the present application for use in the legal industry.
- Figure 17 is a schematic block diagram illustrating an alternate environment for the systems, devices, and methods of the present appi ication for use in the real estate industry.
- Figure 18 is a schematic block diagram illustrating an alternate environment for the systems, devices, and methods of the present application for use in the real estate industry.
- This present application describes systems, devices, and methods for providing secure exchange of encrypted data using a three-party security mechanism consisting of the key masters operated by the members, the registries, and the cloud lockboxes phis the application programming interfaces.
- a member may be a individual directly participating in a community of interest, an organization participating in a community of interest for its own purposes, or an organization participating in a community of interest to represent multiple individuals in which ease the individual is participating by proxy.
- the registries o Establish identity and verify authenticity of members, organizations, other registries and cioud lockboxes: o Establish unique identities for each individual represented in a. community of interest in communications with the key masters, a process which may include communications with additional registries if more than one registry is operational for the community of interest; o Maintain directories of individuals, members, organizations, and cloud lockboxes and other registries; o Function as a clearinghouse for members to retrieve public keys of other members, organizations, and cloud lockboxes; o Manage individual-level access control lists and communicate lists to cloud lockboxes tor controlling access to data files; o Receive activity records from the key masters, the cloud lockboxes, and the application programming interfaces;
- the cloud lockboxes o Store encrypted data, metadata, and appended transactional metadata; o Create receptors fo stored data to serve as claim tickets for the members; o Utilize access control lists received from registries to determine which individuals' files a given member may store and retrieve; o Transmit activity records of file retrieval requests to the registries.
- the related application programming interfaces offer flexibility in adapting to the needs of the specific community of interest and/or of the application owner.
- the application programming interfaces o Consist of both pubiically published and private proprietary methods to integrate to the applications being used by members of a community of interest; o Support multiple levels of application integration ranging from native integration, in which this mechanism's encryption and protocols are extended into the data stores of the application, to the use of industry- standard interfaces, and to simple archiving solutions and many gradations in between; o Convert data to/from proprietary to industry standard formats; o Convert data between key- value data stores to/from relational databases; o Generate metadata specific to the application that can either be:
- Digital signatures verify the identity of members, registries, and cloud lockboxes for all communications and protocols. Encryption protects all sensitive data both in motion and a rest. Optional IP address restrictions add another level to the security model. Appliance -based option for the encryption, decryption and key management further bolsters security.
- the method also provides protocols and metadata to enable features such as: « Time-to-live settings to limit the duration of a member's access to the data of an individual's data;
- the design supports addition of features by ieveraging existing design elements and expanding operating protocols and related metadata.
- the design traverses these various security levels based on: o Deploying the key master as an appliances thus keeping critical processes such as key management, encryption and decryption within a hardened environment rather than running this software on a genera! purpose computer; o Depth of integration with the applications; o Optional registered IP address restrictions.
- the method provides a solution to integrate disparate applications within a single enterprise or across multiple enteipnses by converting data in the application programming interfaces to either industry standard representations or proprietary common formats.
- the design supports an approach for storing unstructured data in a key-value (object) data, stores to simplify sharing and reduces the need for a relational database, yet retains the ability to transfer such information io/from relational databases,
- the desig supports the ability for the individual to review the contents and audit activity on his/her files.
- the design supports existence of multiple registries and multiple cloud lockboxes.
- the systems, devices, and methods of the present application are well suited to operate in any industry requiring secure storage and exchange of information.
- the present application will describe an exemplary embodiment in the health care industry.
- the systems, devices, and methods of the present application will have applicability in other industries, such as the legal service industry and the real estate industry, for example.
- EHR Electronic Health Records
- Cloud services can dramatically reduce this cost, but cloud providers have been wary of the liability of storing health care records.
- the Unified Health Exchange solution encrypts records prior to moving them to the cloud lockboxes and the cloud lockboxes and underlying cloud providers never possess the decryption key. This combination eliminates the need for the cloud providers to conduct breach notifications, greatly diminishing their HIPAA exposure.
- the HCPs can dramatically reduce the volume and thus the cost for on ⁇ premises computer storage.
- the HCPs may elect to retain onsite only the records needed in the short term.
- deployment of a UHE appliance providing predictive caching the HC Ps could eliminate storage of patient files in their EHRs instead linking the underlying EHR tile management to the UHE model.
- the UHE approach can eiimiiiate dupiicatioii of records within a single HCP as well as the duplication of records received from other health care providers.
- the Unified Health Exchange design enables HIE by default as a byproduct of the cost-saving storage arrangement with the cloud lockbox combined with the coordination functions of the HIE Registry.
- HCP saves money on storage and avoids the cost of supporting a separate HIE intra structure.
- Unified Health Exchange can provide a single source of information for a comprehensive utilization review.
- PHR Health Records
- the patient's "medical home" can serve as the patient's proxy by obtaining written sign- off similar to existing H1PAA forms to manage the access on behalf of the client.
- Unified Health Exchange reduces HIPAA responsibility for cloud lockboxes by encrypting the records. For HCPs, the more of their data they move to UHE, the less vulnerability they retain.
- Example environment 100 may comprise a medical home
- J.5 HCP 101 J.5 HCP 101, an EHR system 10, a patient portal 114, a Key Master 112, an HIE Registry 120, a Cloud Lockbox 130, and various HCPs 141-148.
- a unified health exchange application programming interface, UHE API 261, and a Key Master 112 may be integrated with medical home's HCP $ 1 EHR 110 to facilitate communication with HIE Registry 120.
- a patient 116 may communicate with Medical Home's EHR 110 via patieni portal 114.
- the Patient Portal 114 could utilized mobile interfaces to provide convenient interface to the Patient J 16 via web or mobile app.
- the HIE Registry 120 updates permissions directory at Cloud Lockbox 130 to authorize medical home ' s HCP 41 EHR 1 0 to write files for patient 114. This activity is depicted by reference numeral 2.
- Medical Home's HCP #1 EHR 110 using the UHE API 261 and the Key Master 112 writes patieni files encrypted with the public key to the Cloud Lockbox 130, retaining onsite only what is needed in the short term.
- HCP 110 using the UHE API 261 and the Key Master 112 can retrieve files as needed for longitudinal patieni care scenarios.
- Medical Home HCP 110 using the UHE API 261 and the Key Master 112 can also access, retrieve, and decrypt files written for patient 116 by other participating entities, such as HCPs 141-1 8, This activity is depicted by reference numeral 3.
- Patieni 116 authorizes Other HCP 141 to access files as depicted by reference numeral 4.
- Medical home HCP 110 using the UHE API 261 and the Key Master 112 updates permissions in HIE Registry 120 as depicted by reference numeral 1.
- H IE Registry 120 updates permissions at Cloud Lockbox 130 in routine synchronization process as depicted by reference numeral 2.
- Patient 116 can also audit access to his/her files as depicted by reference numeral 4.
- Medical home's HCP # ⁇ EHR 110 using the UHE API 261 and the Key Master 1.12 sends private key of patient 116 directly to Other HCP's EHR 143 using Other HCP's 141 Key Master 112 and the UHE API 261.
- This exchange of private key is conducted via encrypted transmission verified with digital signatures using the respective organizations public/private key pairs.
- the key exchange bypasses both the HIE Registry 120 and the Cloud Lockbox 1.30. This activity is depicted by reference numeral 5.
- HCP's EHR 143 can now retrieve, decrypt, and read files for the specific patient 1 16 using the patient's unique public/private key combination.
- Other HCP's EHR 143 can now aiso write files for patient 116 to same Cloud Lockbox 130 encrypted using the patient's public key. These activities are depicted by reference numeral 6.
- Participation by pharmacies 144 depicted by reference numeral 7, add a useful function for coordination of medication regimens.
- Patient-authorized payers 148 are provided limited access to patient files. For example, payers 148 may to review metadata but not detailed file information. This activity is depicted by reference numeral 9.
- patient's medical homes HCP #1 EHR 110 may securely contribute records to de-identified research databases 118, as depicted by reference numeral 10.
- HCPs 101 , 141, 144, 146 and 148 save resources through intelligent archiving, enabling them to retain only the files needed in the short term in expensive on-premises storage.
- Each HCP accessing the storage of Cloud Lockbo 130 may comprise or access an HIE Registry 120.
- medical home's BCP #.1 EHR. 110 utilizes UHE API 261 and Key Master 112 and secondary HCP 2 141 utilizes UHE API 261 and Key Master 112.
- the HIE Registry 120 provides the mechanisms and trust relationships for verifying unique identities, creating and updating patient -to-HCP and patient-to-cloud lockbox associations, and modifying permissions tables.
- Each HCP communicates with its associated H IE Registry 120 for patient identity matching to minimize duplication.
- Each H I E Registry 1 0 also retains mappings of public keys for patients, HCPs, payers and any other entities involved in UHE.
- Each HIE Registry 120 also catalogs authorized IP addresses for participating components for all participants.
- Cloud Lockbox 130 Although a single Cloud Lockbox 130 is depicted in the example embodiment, it should be clear to those of ordinary skill in the art that multiple cloud lockboxes and/or multiple cloud storage servers may be employed.
- the cloud lockboxes such as Cloud Lockbox 130, offer low cost, yet responsive storage for the HCPs Encrypted EHR files 210, which may include file metadata used for the indexing, searching, and features.
- the cloud lockboxes also retain a Permissions Directory 212 derived from the HIE Registry 1 0 for determining the mapping of which HCPs can read files for specific patients,
- Each of the UHE API 261 comprises software integrated with the HCPs' Electronic Health Record ("EHR") system.
- the UHE API 261 communicates with the API Engine 260 in tire Key Master 112.
- the API Engine 260 communicates with the Key Manager and File Broker 262, also a component of the Key Master 112.
- the API Engine 260 provides a variety of interface options and policy enforcement function. Together these software modules cooperate with the HCP EHRs for issuing and/or managing patient public-private key combinations, interacting with the HIE registries and for reading/writing of files to the cloud ioekbox(s).
- Each Key Master J .1.2 also manages private key exchanges with other HCPs.
- the UHE API 261 and the API Engine 260 may also convert proprietary data formats into standards-based formats. Likewise, when reading files from the cloud storage, the key master wouid convert standardized formats into proprietary formats for local EHR use.
- the Key Master 112 can be implemented as hardware, software, or a combination of both hardware and software.
- the Key Master 112 can be implemented, preferably, as stand-alone appliance that can be inserted and integrated into an existing system architecture.
- the Registry & cioitd Interface 1 12 can be impiemented or installed onto a computer or other hardware identified and configured by a user.
- Such a computer may be a dedicated computer, for example, or may share resources between two or more applications or computing processes.
- a computer may be a suitable computing device having memory and a processor, and capable of storing program instructions in memory and executing the program instructions stored in memory using the processor.
- the patient 116 selects one HCP.
- HCP 101 in the illustrated embodiment to serve as his/her "medical home.”
- This medical home HCP #1 EHR 110 using UHE API 261 and Key Master 112 generates a unique pair of encryption keys using a public -private key combination for the patient.
- the public key is shared with the HCP #1 EHR 110 but the private key is retained only in the Key Manager and File Broker 262 component of the Key Master J .1.2. This activity is depicted by reference numeral 2.
- j0 79j The '"public key” would not actually be shared with the general public, but rather it would be shared among HCPs participating in the HIE for file encryption and as a mechanism for identifying the unique patient 116.
- the public key would also be appended as unencrypted transactional metadata to the files, linking the file to the patient.
- Ail communications and updates among entities may be secured through digital signatures and encryption including exchanges between Cloud Lockbox 130 and HI E Registry 120, exchanges between Cloud Lockbox 130 and Key Master 112, between Key Masters 112 of different HCPs, between UHE API 261 and API Engine 260,
- the API Engine 260 transfers the file within the Key Master 112 to the Key Manager and File Broker 262.
- the Key Manager and File Broker 262 encrypts the patient's 1.16 file with patient's public key and transmits it to the Cloud Lockbox 1.3ft, thus already protected in motion.
- the files remain encrypted at rest on cloud server of Cloud Lockbo 130. This activity is depicted by reference numeral 3.
- the Key Manager and File Broker 262 within the Key Master 12 is the sole location at the Patient's Medical Home 101. where the patient's 116 public-private key pair is retained. Neither Cloud Lockbo 130 nor HIE Registry 120 nor HCP #1 EHR 11.0 have the patient's private key, thus cannot decrypt files, reducing HIPAA liability. HCP EHR #1 110 has the authority to retrieve and decrypt the Patient's 1 6 files, but in order to do so must process the request through the Key Master 112 in which the private keys are retained in the Key Manager and File Broker 262. Further, the pennission to read and write files for the Patient 116 was initially established in the HCP and Patient registration processes detailed in sections describing Figure 3 and Figure 4.
- File Handler 211 Upon receipt of Patient 116 file from HCP #1 110 by Cloud Lockbo 130, File Handler 211 creates a HCP #1 110 specific Receptor 214 for the file.
- the Receptor 214 encrypted with HCP #1 's public key, includes a unique file ID, Patient's 116 public key, iirae-to-live setti gs (i nfi nity for creator of file) and other metadata.
- the file ID is used by the File Handler 211 as a storage location pointer of the file in Encrypted EHR Fi les 210 store. The file ID will not provide a mapping to Patient 116 identity,
- Patient 116 authorizes Medical Home's HCP #1 EHR 110 to release records to Secondary HCP #2 EHR 141.
- the Patient .1.16 also has the option of granting access to metadata only. This activity is depicted by reference numeral 1.
- HCP #1 110 using IJHE API 261 and Key Master 11.2 updates HIE Registry 120 with additional access rights of HCP 141 to read specific patient's files. Updates may be secured through digital signature based exchanges between HCP #1 110 and HIE Registry 120. Selections by patient 116 of level of access, i.e. metadata only vs. full file access, tirne-to-live settings and other variables, also transmitted to HIE Registry 120 by HCP #1 110. This activity is depicted by reference numeral 4.
- HIE Registry 120 updates Permissions Directory 212 of Cloud Lockbox 130 granting access to Patient's 116 files to HCP #2 141. Selections by patient 116 of level of access, i.e. metadata only vs. ful l file access, time-to-live settings and other variables, also transmitted to Cloud Lockbox .130 by HIE Registry 120. This activit is depicted by reference numeral 5.
- Cloud Lockbox 130 using File Handler 21.1 creates HCP #2 .141 specific Receptor 214 for each f le of Patient 1.16 to which HCP #2 has been granted access.
- the Receptor 214, encrypted with HCP #2's public key includes a unique file ID, Patient's 116 public key, time-io-live settings and other metadata.
- the Receptor 214 includes whether the Patient 116 granted the HCP #2 1.41 fuSi access or metadata only access to the file.
- HCP #1 110 using UHE API 261 and Key Master 112 sends patient's private key encrypted using publ ic key of HCP #2 14.1 to HCP #2's Key Master 1 2.
- the private key exchange process bypasses Cloud Lockbox 130 and H IE Registry 20, thus only HCPs possess private keys. This activity is depicted by reference numeral 6.
- a variation of the permission process would authorize access to the Receptors 2.14 but not share the Patient's private key.
- HCP #2 1:11 R 141 can now write their own generated content to Cloud Lockbox 130 for the same patient 116.
- time-to-live settings are set to infinite. This activity is depicted by reference numeral 8.
- HCP #2 EHR 141 using the UHE API 261 and the Key Master 112, decrypts the Receptors with its own private key. HCP #2 EHR 14.1 can then decide which files to download based on the Receptor metadata. HCP #2 EHR 140, using the file ID from the Receptor 214, requests the pertinent Encrypted EHR Piles 210 for Patient 116. This activity is depicted by reference .numeral 8.
- HCP #2 141 using UHE API 261 and Key Master 112 updates HIE Registry 120 with additional access rights of HCP #1 110 to read patient files written by HCP #2 141 for patient 116, This activity is depicted by reference numeral 7.
- HIE Registry 120 updates permissions director ⁇ ' - 212 of Cloud Lockbox 130, adding access for HC #1 110 to files written by HCP #2 1.41. for Patient 116. Updates may be secured through digital signature based exchanges between Cloud Lockbox 130 and HIE Registry 120. This activity is depicted by reference numeral 5.
- Cloud Lockbox 130 using Fife Handler 211 creates HCP #1 110 specific Receptor 214 for each file for Patient 116 to which HCP #1 has been granted access by HCP #2 EHR 1.41.
- HCP #1 EHR. 110 also able to retrieve the files generated by HCP #2 EHR 141. This activity is depicted by reference numeral 3.
- HCP #1 EHR 110 of Patient's 116 Receptors 214 and or EHR File 210 for files written by any other entity are written to the Activity Log 216 at HIE Registry 120 for review by patient at will Patient notification triggers would also be supported. This activity is depicted by reference numeral 5.
- the UHE environment 100 described herein is designed to protect the privacy and confidentiality of electronic health records and other fomis of sensitive information while also allowing such information to be securely shared with others.
- the UHE environment 100 does not include a central key authority governing the UHE encryption. Rather, each independent Key Master 112 operates a Key Manager and File Broker 462 that generates public-private key pairs and retains the private keys.
- a given coniiinmity-ot-interest electing to use the UHE mechanism could elect to use any suitable public key encryption algorithm of its choosing without impacting the operation of the UHE environment.
- a first key master may operate a key master and file broker using a first public key encryption algorithm while a second key master may operate a key master and file broker using a second and different public key encryption algorithm.
- a Key Master 412 may operate multiple Key Manager and File Broker 462 modules in order to participate in multiple community-of-interesi networks utilizing different encryption algorithms.
- IP Addresses fable E Directory of Registries
- Cloud Lockbox 130 Listed below are examples of the types of information that may be stored by the Cloud Lockbox 130, The list is not meant to be exhaustive or prescriptive, but rather an example of one way in which the underlying mechanism may operate.
- Encrypted EHR Files 210 may comprise unstructured key- value data store.
- Metadata which ma be used as key for granular permissions, searching and batch retrievals may include, but is not limited to: o Patient's Public Key
- HCPs may write encounter summaries to Cloud Lockbox 130 that include pertinent information such as date(s) of encounter, orders, vital signs, medications, history and physical, radiology report, physicians, discharge summary and links to image files also written to Cloud Lockbox 130. These files may adhere to industry standard formats such as HL7 and be in easily processed formats such as * The Permissions Directory 212 of patients' public keys mapped to HCPs allowed to retrieve information provides an additional level of security to the mechanism beyond the data encryption. All HCP access may be verified via digital signature.
- Receptors 214 are created for each file that an HCP is authorized to access.
- the Receptors 214 are encrypted with the specified HCPs public key.
- the Receptors include file ID, patient's public key, time-to-live settings, permissions settings, type of file, format of file (e.g. what type of reader might be required such as for PACS images) and other metadata,
- File Handler 211 provides the mapping of file ID in the Receptor to the actual storage location of the file at the Cloud Lockbox 130. Thus the physical file location has been obfuscated, requiring the use of the File Handler 211 to retrieve files.
- FIG. i there is a schematic block diagram illustrating an HCP registration process using the UHE of Figure 1 and Figure 2.
- An entity seeking to participate in the UHE network as a HCP Registrant 101-R may be registered as depicted in Figure 3,
- the HIE Registry 120 maintains database of HCPs, labs, telemetr providers, payers and any other entities that may have permission to read and/or write patient files (Registrant). As shown by reference numeral 1, HIE Registry 120 utilizes government sources and other trusted databases to assemble and verify entries in the HIE registry database. HIE Registry 1.20 may also generate its own public/private key combination for itself as a corporate entity.
- a Registrant 101-R may verily its identity and authority with the HIE Registry 120 through multi-factor identity verification and exchange of authorized IP addresses.
- the Registrant 101- using HCP #1 EHR 110- R, UHE API 261 and Key Master 112 generates its own public/private key combination to identify itself as a corporate entity.
- the Registrant 10I-R transmits its public key to HIE Registry 120 encrypted using the HIE registry's public key using the UHE API 26.1. and the Key Master 112. HIE Registry 120 decrypts with own private key.
- HIE Registry 120 replies with an acknowledgement encrypted with its own private key.
- the Registrant 101-R verifies HIE Registry .1.20 transmission by decrypting with HIE registry's public key using the UHE API 261 and the Key Master 112.
- the Registrant completes registration with an acknowledgement to the HIE Registry 120 encrypted wit its own private key using the UHE API 261 and the Key Master 1 12.
- HIE Registry 120 verifies the registrant transmission by decrypting with the registrant's public key.
- FIG 4 there is a schematic block diagram illustrating a patient registration process using the UHE of Figure 1 and Figure 2. Once an entity is registered, as described above, it can then serve as a "Patient's Medical Home” 101 for the patient and conduct the registration process as depicted in Figure 4.
- the HIE Registry 120 communicates to its network of HIE Registries if applicable, to verify uniqueness of patient 116 identi ty as shown by reference numeral 2,
- the HIE Registry 120 has three possible replies as shown by reference numeral 3: a. EXISTS: in registry, returns patient public key, medical home public key and cloud lockbox. b. NEW: Created listing, requests public key of patient c. MORE: Indicating that additional information on patient required to determine whether unique identity. ⁇ ' ⁇ ] ⁇ ⁇ ail three cases, the response is encrypted with the HIE's private key for decryption by the HCP with the HIE registry's public key, confirming identity of the HIE registry.
- the HCP replies as shown by reference numeral 4 depending on response in received in step 2: a. ACKNOWLEDGE: HCP acknowledges receipt and session terminates. b. REGISTER: HCP generates public/private key combination for patient.
- the HIE Registry 120 replies as shown by reference numeral 5 depending on response received in step 3 ; a. Session completed in step 3. b. HIE registry acknowledges receipt and session terminates. c. identity confirmation process continues.
- the response is encrypted with HIE's private key for decryption by the HCP with the HIE registry's public key, confirming identity of the HIE registry.
- FIG. 5 a schematic block diagram illustrates creating and comparing Activity Logs using the LJHE of Figure 2. Creation and comparison of Activity Logs are also supported by the example UHE environment
- An Activity Log UHE API 111, an Activity Log File Broker 264 and an Activity Log Cloud Lockbox 216 capture information representative of writing and reading of UHE files as well as information representative of changes to access by different members.
- the Activity Logs are maintained at the HIE Registry 120 separate from the sources of Activit Log records. For example. Activit Logs may be maintained in a first data store while UHE files may be maintained in a second distinct data store.
- An Activity Logs Compare module 280 at the HIE Registry 120 provides a method for detecting and halting unauthorized access to Files. The Activit Logs also provide a record of actions for review by the Patient 116.
- Activity Log data may be obtained from one or more of a variety of sources.
- the UHE API 261 that is integrated with HCP #1 EH 110 sends a fi!e write or read request to the API Engine 260 in the Key Master 112 as depicted by reference numeral 1, the UH E API 261. simultaneously sends a report of the request to the Activity Log UHE API 111 at the HIE Registry 120 as depicted by reference numeral 2,
- the File Handler 211, Key Manager and File Broker 262, and the UHE API 261 may send periodic "heartbeat" messages to HIE Registry 120 to confirm ability to communicate.
- the Activity Log Compare module 280 is able to detect the absence of heartbeat entries and generate a notification accordingly.
- Certain providers in the health care field provide patient data without being allowed to receive patient data.
- Such providers may include participating vendors providing home or Mobile Health Monitor Software 146A, participating labs running Lab Software 146B and other participating entities with Write-Only Software 146C.
- these W rite-Only-Members may also associate to and register with an HIE Registry 120 in the UHE network by following the entity registration process described above in reference to Figure 3.
- the write-only Mobile Health Monitor Software I46A using the UP1 API 261 and the Key Master 112, may retrieve a patient's public key and the I D of Cloud Lockbox .130 from the H IE Registry 120 as depicted by reference numeral 1.
- the Write-Only Participant J 46 A could then commence writing files encrypted with patient's public key to Cloud Lockbox 130 as depicted by reference numeral 1.
- Patient 116 presents to an emergency room 610, unable to provide authorization for access to his/her medical records depicted by reference numeral 1.
- the emergency room 610 is not one of the patient's normal HCPs.
- HIE Registry 120 attempts to register patient 116 with HIE Registry 120 and, as a result, receives patient's medical home 101 public key and Cloud Lockbox 130 depicted by reference numeral 2 .
- Emergency room 61 sends request to HCP #1 EH 110 for emergency-based release of private key using UHE API 261 and Key Master 112.
- Message to HC P 110 is encrypted with emergency room's private key.
- HCP 110 is able to decrypt message with emergency room's public key, verifying identity. Encrypted key exchange proceeds.
- HCP ⁇ using UHE API 261 and Key Master 112 updates permission directory 220 at HIE Registry 120 allowing access to Patient's 116 EHR files 210 stored at Cloud Lockbox 130 for ER HCP EHR 612 depicted by reference numeral 4.
- HIE Registry 1 0 updates permissions directory 212 at Cloud Lockbox 130 This activity is depicted by reference numeral 5,
- Emergency room 610 also writes encounter summary and other files generated during encounter to the Cloud Lockbox 130 for later review by HCP 110. This activity is depicted by reference numeral 6.
- Payer 150 also registers with HIE Registry 120 in a process similar to .registration of HCPs depicted by reference numerals 2 and 3.
- Payer 150 identified by HIE Registry 120 as Payer for the Patient 116, is able to review metadata for patients' files stored by Cloud Lockbox 130 by using UHE API 261 integrated with the Payer's Software 151 and Key Master 112. Payer 150 is not able to decrypt the contents without further authorization and related private key exchange. Thus payer 150 can identify some utilization trends with minimized HIPAA exposure. These activities are depicted by reference numeral 4.
- Payer 150 and Patient's Medical Home 101 may collaborate to identify cases of waste, fraud and abuse depicted by reference numeral 5.
- insurance form submittals may also be written to Cloud Lockbox 130 by HCP #1 EHR 110, encrypted with the payer's public key, providing a simple mechanism for securely submitting and cataloging the reimbursement paperwork.
- the same document may also be written to the Cloud Lockbox 130 encrypted with the patient's public key.
- Payer ISO using Payer's Software 151, IJHE API 261 and Key Master 112 may retrieve reimbursement paperwork and write updates to such paperwork for review by Patient's Medical Home 101 as depicted by reference numeral 5.
- Patient 116 is able to review all access to their files via patient portal 114 depicted by reference numeral 6.
- one or more HCPs may elect to generate coordinated and longitudinal de-identified patient care research databases 1 j.8. Permission to extract such information may be solicited at the time the patient 116 is authenticated at his/her medical home 101. The coordinated care benefits would ripple into the research database, providing a compieie picture of the individuaFs health history without any personal identifiers remaining.
- the communication mechanisms that support the generation of de-identified patient data is illustrated in Figure 9,
- Patient's medical home 101 using the HPC #1 EHR 11 , UHE API 261 and Key Master 1.1.2 provides a full view of the medical status and activities of patient 116.
- Files may be written to a de-identified patient database 11.8 with a "scramble" of the patient's 116 private key to replace the public key as a patient identifier with this new number.
- Circumstances may arise in which the need for a change of the Patient ' s 116 pub Lie-private key pair is required. This need could arise from circumstances such as: compromise of the privacy of the public-private key pair; detection of unauthorized access to EHR files 210 at Cloud Lockbox 130; decisions to revoke decryption authority previously granted to one or more HCPs; or decision of Patient 116 to switch to a different HCP as its medical home. Regardless of the reason the mechanism to change or revoke access remains the same and is illustrated in Figure 10,
- HCP #1 EHR 110 Upon receiving a request to change or revoke access, HCP #1 EHR 110 using UHE API 26.1 and Key Master 112 generates a new key pair and updates HIE Registry 120 with the change via a digitally signed transaction including both the old. and new public keys of Patient 16 depicted by reference numeral 1.
- HIE Registry 1.20 updates Permissions Directory 21.2 with the change and with an indication that key change process is about to commence for Patient 116 via digitally signed transaction depicted by reference numeral 2.
- Permissions Directory 212 and File Handler 211 both at Cloud Lockbox 130, prepare a new set of Receptors for Patient's .1.16 files.
- HCP m 110 using Key Master 112 retrieves all Encrypted EHR Files 210 for Patient 116, decrypts the files with the Patieni's 116 old private key and re-encrypts the files with the Patient's 116 new public key.
- HCP #1 EHR 110, using the UHE API 261 and Key Master 112 erases the old version of the Patient's 116 Encrypted EHR Files 210.
- Cloud Lockbox 130 records the activity in the Activity Log Cloud 216 maintained at HIE Registry 120 as depicted by reference numeral 2.
- HCP #1 EHR 110 using UHE API 261 and Key Master 112, notifies other HCPs still authorized to write to Patient's files such as HCP #3 EHR 152 of the Patient's new public ke depicted by reference numeral 4.
- HCP #1 EHR. 110 using UHE API 261 and Key Master 112 . , also issues a file revocation request to the Key Master 112 of HCP #2 EHR 142 for all files that HCP #2 142 has downloaded for Patient 116 other than those file written by HCP #2 EHR 142 depicted by reference numeral 5.
- HCP #2 EHR 142 software is compliant with this feature of UHE, then it can acknowledge using Key Master 112 the destruction of Patient's 116 Encrypted EH R Files 210 that it had downloaded but not created as depicted by reference numeral 5.
- file revocation process has been described as occurring in combination with a key change request, a file revocation request can also occur independently of a key change process.
- the UHE environment 1 0 described herein is designed to protect the privacy and confidentiality of electronic health records and other forms of sensitive in.fo.rma.tio» while also allowing suc information to be securely shared with others.
- Each Key Master 112 operates a Key Manager and File Broker 262 that generates public-private key pairs and retains the private keys.
- a complete loss of the private key(s) would render the information protected inaccessible without massive computational, effort to recover the private key. Only files remaining in local EHR storage would be recoverable directly from within UHE,
- HCP #1 EHR 110 may install and register a second Key Master 112 that is automatically granted read and write access for any Patient 116 selecting HCP #1 as its Medical Home 101.
- the U-API 261 initiates through die Key Master 112 the key recovery process using the public key of affected patients. [ ⁇ 145] The Key Master 112 then initiates the key recovery process wit the HIE Registry 120, HIE Registry replies with a private key holder, e.g. HCP #2 EHR, for one or more patients based on the Patient Directory and Permissions 282, These activities are depicted by reference numeral 1.
- the HIE Registry 120 sends to the Key Master 112 of HCP #2 EHR 142 a list of patients for whom HCP #1 EHR 110 needs private key recovery as depicted by reference numeral 2, Alternatively, if Patient's Medical Home 101 had installed and registered a second Key Master 112, the HIE Registry 120 initiates the key recovery process with this backup Key Master 112 first. The remainder of the process would remain as follows,
- Key Master 112 of HCP #2 EHR 142 transmits private keys for patients in a list from HIE Registry 120 to the Key Master 112 of HCP #1 EHR 110 as depicted by reference numeral 3. This conimvmi cation would be further secured by digital signatures and optiona!iy IP address restrictions.
- Key Master 112 of HCP #3 EHR 152 transmits private keys for patients in a list from HIE Registry 120 to the Key Master 112 of HCP #1 EHR 110 as depicted by- reference numeral 5. This communication would be further secured by digital signatures and optionally IP address restrictions.
- the Patient's Medical Home 101 may initiate a f le recovery process that seeks to restore to the UHE network whatever EHR files for the Patient 116 remain in local storage of the HCP EHR
- a Participating HCP will in most cases operate multiple EHR software systems as well as other auxiliary systems requiring data feeds from EHR systems. These software systems are likely to include but not be limited to an inpatient EHR, I -EHR 110- A; an ambulatory EHR, A -EHR 110-B; and a picture archiving and communication system, PACS 110-C as illustrated in Figure 12, These various systems often function independently within a health care organization, requiring internal integration to create a unified view of a given patient.
- UHE API 261 An interface to participate in UHE called the UHE API 261.
- the API Engine 260 able to communication with multiple UHE APIs 261.
- UHE can support internal HCP integration efforts by providing the common interface among all systems.
- UHE presents a single interface to develop that would serve HCPs with any blend of EHR systems.
- each HCP 910A-910E associates with only one HIE registry' 920A-92OC.
- the HIE registries 920A-920C communicate with each other during;
- HCP 1010 is the medical home for patient A.
- HCP 1010 designates cloud lockbox 1030A for patient A. The association is identified during HIE registration of the patient.
- Patient A authorizes HCP 1011 to read/write files.
- HCP 101 writes Fries tor patient A to cloud lockbox 1030A to keep ail. patient files in one source.
- write-only input for patient A such as lab results from HCP .1048, are also written to cloud lockbox 1 30 A.
- HCP 1011 is the medical home for patient B.
- HCP 1011 designates cloud lockbox 1 ⁇ 3 ⁇ for patient B. The association is identified during H IE registration of the patient.
- Patient B authorizes HCP 1010 to read write f ies.
- HCP 1010 writes files for patient B to cloud lockbox 1.030B to keep all patient files in one source.
- write-only input for patient B such as lab results from HCP 1048, are also written to cloud lockbox 1030B.
- 0163 j it may not be necessary to access complete data records but rather to only access partial record of a patient, such as basic patient information.
- an insurer may need to know that a certain diagnostic test was performed but the insurer does not need to have access to a full patient file.
- a physician specializing in one field, such as podiatrist may not need to have access to patient information pertaining to another medical field, such as the patient ' s records about a patient's heart condition.
- a partial data record such as metadata may be provided rather than the entire patient data file.
- patient data may be anonymized in order to eliminate information such as names, addresses, and social security numbers.
- the patient portal 114 may further provide patient 116 with a patient dashboard.
- the patient dashboard may provide an overview of the patient's 116 medical history as well as an overview of recent activity and medical conditions.
- Such a patient dashboard provides a single source of information from which a patient 116 may obtain a personal medical summary as well as a comprehensive medical review.
- Figure 15 illustrates one such alternate embodiment.
- Figure 15 depicts an environment similar to that of Figure 1 except that an entity other than a health care provider may become a patient's medical home for the purposes of medical record aggregation, called a "Medical Home" Health Record Represeniati ve f'HR ").
- the HCPs are or will soon be required by Federal mandate to be able to share patient records through a set of HIE standards.
- the ⁇ goals of UHE could be met even if the HCP did not directly participate in the UHE mechanism.
- Such an HCP would sacrifice the cost savings inherent in the UHE design in terms of reducing storage costs unless they transferred their long-term record retention responsibilities to the HRR,
- the HRR could also operate a blended architecture offering a choice between the standards-based HIE-interface solutions and the full UHE implementation.
- FIG 16 there is illustrated a schematic block diagram depicting a system supporting the legal industry, using a similar design as in Figure 1 for the medical industry, but with different entities.
- this model addresses the creation of a 'legal home” for the client.
- Such a “home” selection does not preclude the use of other lawyers, but the " home” lawyer does become the initial issuer and owner of the public private key set.
- Similar to the health care industry, other business entities could provide the "legal home” other than law firms.
- FIG 17 there is illustrated a schematic block diagram depicting a system supporting the real estate industry, using a similar design as in Figure 1 for the medical industry, but with different entities.
- this model addresses the creation of a "real estate home” for the client.
- Such a “home” selection does not preclude the use of other realtors, but the "home” realtor does become the initial issuer and owner of the public/private key set Similar to the health care industry, other business entities may provide the 'Yea! estate home” other than real estate firms.
- information owner may elect to run multiple Key Manager and File Broker modules 462 in the Key Master 412. in this way, the Information Owner can participate in multiple community ⁇ of ⁇ interesi networks operating with different encryption algorithms.
- the Key Master 412 contains two Key Manager and File Brokers, 462-A and 462-B each operating a. different encryption algorithm specific to the two specific eoro i ities-of-interest depicted.
- Key Manager and File Broker-A 462-A uses an encryption algorithm shared by all members of the commimity-of-mierest participaiing in the health care network represented by Cloud Lockbox Health Care 43 -A and HIE Registry 420- A.
- Key Manager and File Broker-B 462-B uses an encryption algorithm shared by all members of the commimity-of-interest participating in the legal network represented by Cloud Lockbox Legal 430-B and Legal Exchange Registry 420-B.
- a single Key Master 412 could support multiple Key Manager and File Broker 462 modules for participation in multiple eommnnity-of-interest networks.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/539,614 US9390228B2 (en) | 2011-10-31 | 2014-11-12 | System and method for securely storing and sharing information |
PCT/US2015/059717 WO2016077219A1 (en) | 2014-11-12 | 2015-11-09 | System and method for securely storing and sharing information |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3219048A1 true EP3219048A1 (en) | 2017-09-20 |
EP3219048A4 EP3219048A4 (en) | 2018-05-16 |
Family
ID=55954892
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15859389.7A Withdrawn EP3219048A4 (en) | 2014-11-12 | 2015-11-09 | System and method for securely storing and sharing information |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP3219048A4 (en) |
AU (1) | AU2015346644A1 (en) |
IL (1) | IL252133A0 (en) |
WO (1) | WO2016077219A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11818251B2 (en) | 2011-10-31 | 2023-11-14 | Crowdstrike, Inc. | System and method for securely storing and sharing information |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109643285B (en) | 2016-09-15 | 2023-12-08 | 美商纳兹控股有限责任公司 | Encrypted user data transmission and storage |
US11558192B2 (en) * | 2020-04-09 | 2023-01-17 | Nuts Holdings, Llc | NUTS: flexible hierarchy object graphs |
CN115510433B (en) * | 2022-11-04 | 2023-04-07 | 杭州未名信科科技有限公司 | Data open security visual supervision system, method and storage medium |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7971232B2 (en) * | 2006-10-30 | 2011-06-28 | Microsoft Corporation | Setting group policy by device ownership |
US8196175B2 (en) * | 2008-03-05 | 2012-06-05 | Microsoft Corporation | Self-describing authorization policy for accessing cloud-based resources |
US8627103B2 (en) * | 2008-05-23 | 2014-01-07 | Koninklijke Philips N.V. | Identity-based encryption of data items for secure access thereto |
US8572736B2 (en) * | 2008-11-12 | 2013-10-29 | YeeJang James Lin | System and method for detecting behavior anomaly in information access |
US8356026B2 (en) * | 2009-08-31 | 2013-01-15 | Microsoft Corporation | Predictive data caching |
US8885833B2 (en) * | 2011-04-11 | 2014-11-11 | Microsoft Corporation | One-time recovery credentials for encrypted data access |
US8863299B2 (en) * | 2012-01-06 | 2014-10-14 | Mobile Iron, Inc. | Secure virtual file management system |
WO2013120262A1 (en) * | 2012-02-16 | 2013-08-22 | Empire Technology Development Llc | Local access to cloud-based storage |
US20140046708A1 (en) * | 2012-08-07 | 2014-02-13 | Oracle International Corporation | Systems and methods for determining a cloud-based customer lifetime value |
US9298915B2 (en) * | 2012-09-05 | 2016-03-29 | Oracle International Corporation | Intelligent heuristics for file systems and file system operations |
US9424432B2 (en) * | 2012-09-20 | 2016-08-23 | Nasdaq, Inc. | Systems and methods for secure and persistent retention of sensitive information |
US9031710B2 (en) * | 2012-11-07 | 2015-05-12 | Cloudcar, Inc. | Cloud-based vehicle information and control system |
US9037861B2 (en) * | 2013-02-26 | 2015-05-19 | Cellco Partnership | Enhancing data security using re-encryption |
-
2015
- 2015-11-09 EP EP15859389.7A patent/EP3219048A4/en not_active Withdrawn
- 2015-11-09 WO PCT/US2015/059717 patent/WO2016077219A1/en active Application Filing
- 2015-11-09 AU AU2015346644A patent/AU2015346644A1/en not_active Abandoned
-
2017
- 2017-05-07 IL IL252133A patent/IL252133A0/en unknown
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11818251B2 (en) | 2011-10-31 | 2023-11-14 | Crowdstrike, Inc. | System and method for securely storing and sharing information |
Also Published As
Publication number | Publication date |
---|---|
WO2016077219A1 (en) | 2016-05-19 |
EP3219048A4 (en) | 2018-05-16 |
AU2015346644A1 (en) | 2017-06-29 |
IL252133A0 (en) | 2017-07-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9390228B2 (en) | System and method for securely storing and sharing information | |
US9973484B2 (en) | System and method for securely storing and sharing information | |
US11531781B2 (en) | Encryption scheme for making secure patient data available to authorized parties | |
US9378380B1 (en) | System and method for securely storing and sharing information | |
US20220223242A1 (en) | System and method of controlling access of a user's health information stored over a health care network | |
Desjardins et al. | DICOM images have been hacked! Now what? | |
WO2017210563A1 (en) | System and method for securely storing and sharing information | |
Ekonomou et al. | An integrated cloud-based healthcare infrastructure | |
US20070192140A1 (en) | Systems and methods for extending an information standard through compatible online access | |
US20070027715A1 (en) | Private health information interchange and related systems, methods, and devices | |
US20060229911A1 (en) | Personal control of healthcare information and related systems, methods, and devices | |
US20080028214A1 (en) | Secure flash media for medical records | |
US10893027B2 (en) | Secure access to individual information | |
CN109947854B (en) | Block chain-based electronic medical record processing method, device, equipment and medium | |
US11343330B2 (en) | Secure access to individual information | |
Zala et al. | PRMS: design and development of patients’ E-healthcare records management system for privacy preservation in third party cloud platforms | |
US20170116375A1 (en) | Medical information management system and management server | |
US20140156988A1 (en) | Medical emergency-response data management mechanism on wide-area distributed medical information network | |
US20060271482A1 (en) | Method, server and program for secure data exchange | |
WO2016077219A1 (en) | System and method for securely storing and sharing information | |
CN102057379A (en) | Method and a system of healthcare data handling | |
EP4034985A1 (en) | System and method for providing access of a user's health information to third parties | |
Thimmaiah et al. | Decentralized electronic medical records | |
CN114911795A (en) | Medical data processing method and application | |
Diaz et al. | Scalable management architecture for electronic health records based on blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20170607 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: REID, THOMAS ALAN Inventor name: MOFFITT, MARK EDMONSON |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20180413 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/00 20060101ALI20180409BHEP Ipc: H04L 9/32 20060101AFI20180409BHEP |
|
17Q | First examination report despatched |
Effective date: 20190604 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20190926 |