WO2020212610A1 - Method and system for selective broadcasting - Google Patents

Method and system for selective broadcasting Download PDF

Info

Publication number
WO2020212610A1
WO2020212610A1 PCT/EP2020/060926 EP2020060926W WO2020212610A1 WO 2020212610 A1 WO2020212610 A1 WO 2020212610A1 EP 2020060926 W EP2020060926 W EP 2020060926W WO 2020212610 A1 WO2020212610 A1 WO 2020212610A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
broadcasting
data
message
server
Prior art date
Application number
PCT/EP2020/060926
Other languages
French (fr)
Inventor
Baher AL HAKIM
Bassel ALKHATIB
Makram SALEH
Mouhamad KAWAS
Rafael VARTIAN
Firas ATAYA
Original Assignee
Medicus Ai Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Medicus Ai Gmbh filed Critical Medicus Ai Gmbh
Publication of WO2020212610A1 publication Critical patent/WO2020212610A1/en

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/20ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the management or administration of healthcare resources or facilities, e.g. managing hospital staff or surgery rooms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H80/00ICT specially adapted for facilitating communication between medical practitioners or patients, e.g. for collaborative diagnosis, therapy or health monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/10Multimedia information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the invention relates to selective broadcasting to users based on privacy-sensitive or otherwise confidential data.
  • selective information delivery to users is usually performed by applying the selection criteria centrally in order to extract the contact data, e.g. postal or electronical addresses, of the people to contact or to deliver information to.
  • the information is then transmitted to the user, using the extracted contact data.
  • information is masked, removed or simply not delivered by the information source in order to protect the user's privacy, the user has no inherent control of the use of his data, but he has to trust entities holding his data (e.g. a hospital) to ensure the protection of his privacy when they provide his contact data.
  • a supplementary problem in this context is the storage of medical data.
  • Medical data is usually either saved in a distributed way - so basically, every health care provider holds their own data concerning a patient. In this case, to deliver messages to users based on information that is not comprehensively stored at one single health care provider or more generally at one single data source, it will be necessary to match this data. If all patient data is stored centrally instead, the protection of the patient's privacy is quite difficult as the data is available at least to the processing unit belonging to the central storage system.
  • US20090150362A1 discloses a double blinded privacy-safe distributed data mining protocol, among an aggregator, a data consumer entity having privacy-sensitive information, and data source entities having privacy-sensitive information.
  • the aggregator does not have access to the privacy-sensitive information at either the data consumer entity or the data source entities.
  • the aggregator formulates a query without using privacy-sensitive information, and sends the query to the data consumer entity.
  • the data consumer entity generates a list of specific instances that meet the conditions of the query and sends the list, encrypted, to the data source entities either directly or through the aggregator.
  • the data source entities match the list against transactional data, de-identify the matched results, and send them to the aggregator.
  • the aggregator combines results from data source entities and sends the combined result to the data consumer entity. This allows for privacy-safe data mining where both the data consumer entity and data source entities have privacy-sensitive information not available for the aggregator to see or use.
  • US20020116227A1 discloses a method for searching for medical information executed by one or more computers comprising the steps of formulating a request for medical information concerning an individual or group of individuals, transmitting a record request to a record facilitator, the record facilitator determining which patient record sources to investigate, a record query being sent from the facilitator to the patient record sources which are appropriate, receiving a patient record report back from the patient record sources, normalizing and augmenting the patient record report before forwarding it back to the requester, and de-identifying the patient record to remove any identifying information.
  • US7823207B2 discloses a privacy preserving data-mining protocol, between a secure “aggregator” and “sources” having respective access to privacy-sensitive micro-data, the protocol including : the “aggregator” accepting a user query and transmitting a parameter list for that query to the "sources” (often including privacy-problematic identifiable specifics to be analyzed); the “sources” then forming files of privacy-sensitive data-items according to the parameter list and privacy filtering out details particular to less than a predetermined quantity of micro-data-specific data-items; and the “aggregator” merging the privacy-filtered files into a data-warehouse to formulate a privacy-safe response to the user— even though the user may have included privacy-problematic identifiable specifics.
  • US20090326981A1 provides a system and/or a method that facilitates collecting a portion of health data from a collection of users.
  • An interface component can receive health data communicated from a collection of users, wherein each user within the collection is associated with a respective portion of health data.
  • a verification component can authenticate at least one of a transmission source of the portion of health data, an ownership between a portion of health data and a user, an integrity level associated with the portion of health data, or a user submitting the portion of health data.
  • a collection component can aggregate authenticated health data into a semantic data store in which the health data is indicative of a raw and unmolested source of health information from the collection of users. The collection component can further organize the health data to facilitate identification of a medical related trend.
  • US20060069957A1 discloses a communication system processing element comprises a processor coupled to a memory and implements at least a portion of a distributed expert system.
  • the distributed expert system is arranged in at least two hierarchical levels, including an upper level comprising a central controller, and a lower level comprising a plurality of local agents each associated with one or more communication devices of the system.
  • US6397224B1 discloses a system for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, includes a first identity reference encoding module configured to encode a first encoded identity reference from a first subset of the identifying elements of a data record; a second identity reference encoding module configured to encode a second encoded identity reference from a second subset of the identifying elements of the data record; and an anonymization code assignment module configured to assign to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record.
  • US7543149B2 discloses a method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system. The identifying includes the creation of a second patient identifier responsive to the second encoded patient identifier.
  • the prior art approaches may be satisfactory in some regards, they have certain shortcomings and disadvantages. Concretely, the prior art discloses either to store multiple patient records or parts thereof at e.g. a single health care provider or at a central server.
  • the data is available to the central entity anyways. Also, the patient has no control of his data and must trust the operator of the storage units. The user has no means to directly control his data at these storage entities.
  • the storage entity/ies can be all entities that hold patient data - health care providers, central registers, employers as far as they need to keep a medical record, etc, also including IT-providers operating transmission, processing or storing services, hardware or systems for the aforementioned entities.
  • a method for broadcasting data comprises sending a broadcasting message comprising at least recipient criteria and broadcasted content from at least one broadcasting party to a plurality of user devices each comprising a comparator node.
  • the method also comprises comparing the recipient criteria to user data stored on each user device by the comparator node.
  • the method further comprises processing the broadcasted content on each user device where the comparator node outputted a successful comparison of the recipient criteria to user data.
  • the broadcasting message may comprise a plurality of data and/or instructions that can be interpretable by a machine such as a processor.
  • the recipient criteria may comprise certain parameters identifying an intended recipient. For example, an age range, sex, medical condition or the like can be examples of recipient criteria.
  • the broadcasted content may comprise data such as text, images, video, sound or the like.
  • the comparator node may comprise a program or part of a program that can be configured to use computational resources of the user device to perform operations.
  • User data may comprise any data related to the user of the user device. Multiple users may also be associated with one user device, where each individual user would then have a unique "user profile" or the like.
  • a successful comparison of the recipient criteria to user data may refer to the comparator node verifying whether the recipient criteria are satisfied by user data associated with the user of the user device.
  • this comparison may refer to matching the required parameters (such as e.g. age, sex, medical information) of the recipient criteria to the user data stored on the user device.
  • the present method allows to send targeted messages to only a certain subset of users (who's user data fulfils the recipient criteria).
  • certain such messages may comprise medical suggestions or information targeted to a specific subclass of users, such as users with a certain medical condition.
  • the messages may be sent to all devices, and processed directly on the device to verify whether they are relevant to the specific user.
  • sensitive user data such as medical history, personal identification etc
  • At least some of the user devices may each comprise a data storage, at least one processing component configured to execute a program in a suitable form and format and a communication component at least configured to communicate with a remote server.
  • the processing component can for example comprise processors, hardware accelerators and/or microcontrollers.
  • the data storage can comprise memory components, such as, main memory (e.g. RAM), cache memory (e.g. SRAM) and/or secondary memory (e.g. HDD, SDD).
  • main memory e.g. RAM
  • cache memory e.g. SRAM
  • secondary memory e.g. HDD, SDD
  • the user devices can comprise busses configured to facilitate data exchange between their components, such as, the communication between the data storage and the processing component.
  • the user device can comprise network interface controllers that can be configured to connect the data processing device to a network, such as, to the Internet
  • the data storage may be at least partially encrypted.
  • this can allow for secure storage of potentially sensitive data, such as medical data.
  • the user device may comprise a user terminal.
  • the user device may be a portable device, such as a laptop, a tablet computer, a smartphone, a wearable device, or an adapted medical device.
  • the user data may comprise personal data of a user.
  • the user data may comprise technical user data and identifying personal data.
  • the identifying personal data may comprise, for example, an address, phone number, date of birth or user name.
  • the technical user data may comprise at least partially technical medical data.
  • the technical user data may be at least partially encoded by replacing at least parts of the data by machine-interpretable expressions. Parts of user data may be encrypted.
  • the broadcasting message may be formatted in a way that indicates that said message is configured to transport data from at least one of a server and broadcasting parties to at least one user device.
  • the broadcasting message comprises recipient criteria.
  • the recipient criteria may comprise a set of at least one machine-interpretable criterion.
  • the recipient criteria can be configured to determine, based on user data saved on the user device, whether a respective user and/or the user device is an intended receiver of the broadcasted message.
  • the broadcasting message also comprises broadcasted content.
  • the broadcasted content may comprise displayable data and/or data requesting the user device to perform at least a specific action.
  • the broadcasted content may comprise data requesting the user device to perform at least a specific action.
  • Such a requested specific action may be to generate a return message and/or to send such a message.
  • the requested content of the return message may be at least partially medical data.
  • the broadcasting message may comprise information about the broadcasting party that issued it.
  • sending the broadcasting message can comprise receiving a broadcasting message from at least one broadcasting party by a server and the server transmitting the broadcasting message to the plurality of user devices. This can be useful to further protect potentially sensitive data of individuals from third parties.
  • the method can further comprise discarding the broadcasting message on each device where the comparator node did not achieve a successful comparison of the recipient criteria to user data.
  • the user associated with the given user data is not a target recipient for the broadcasting content, it will not be outputted (that is, played, displayed or presented) to this user, even though the broadcasting message arrived to the user device. This allows to prevent that users that do not fit recipient criteria need to go through potential broadcasting contents that would be of no use to them or to show them advice that might not be helpful or even harmful.
  • the method can further comprise outputting the broadcasted content on each user device where the comparator node achieved a successful comparison of the recipient criteria to user data.
  • Outputting can refer to displaying, playing, or otherwise presenting to the user the content of the broadcast (such as a message related to the user's medical condition).
  • the broadcasted content can comprise advertisement, announcement, or the like that can be pertinent to a particular user based on their user data (for example, a new available treatment or medication or the like).
  • the method can further comprise sending a notification from each user device specifying results of the comparison between the recipient criteria and the user data.
  • the method can further comprise generating statistics on the notifications about at least one of the processing, delivery and at least implicitly on the comparison (or matching) of the broadcasting messages by at least one of the server and the broadcasting party. That is, it may be useful to know how many user devices actually outputted or displayed the broadcasted content to the users. In other words, it may be useful to generate statistics about how many users were targeted by the broadcasted content.
  • sending the broadcasting message can further comprise transmitting the broadcasting message by a connection configured to transfer data from the broadcasting party to the server.
  • sending the broadcasting message can further comprise connecting the user devices and the server at least at some points in a period of time by a connection configured to transfer data from the server to the user devices.
  • the method can further comprise the comparator node performing a predetermined action to be performed by the user device on each user device where the comparator node achieved a successful comparison of the recipient criteria to user data.
  • Such an action can comprise, for example, outputting and/or displaying the broadcasting content, outputting parts of user data, prompting the user to perform an action, showing a notification to the user, or the like.
  • the predetermined action can be at least partially specified by at least parts of the broadcasting message.
  • the method can further comprise the comparator node limiting the possible predetermined actions that are at least partially specified by the broadcasting message.
  • the method can further comprise the server forwarding the received broadcasting message to all the user devices that are connected to the server at least at some points in a period of time.
  • the method can further comprise the server forwarding the received broadcasting message to at least some of the user devices that are connected to the server at least at some points in a period of time, wherein said portion can be at least defined by a characteristic specified by at least one of the server, the broadcasting party sending the broadcasting message to the server and the user devices.
  • the period of time can have a defined starting point.
  • the starting point can be specified by at least one of the server, the broadcasting party, the broadcasting message and a third entity.
  • the period of time can have a defined endpoint.
  • the endpoint can be specified by at least one of the server, the broadcasting party, the broadcasting message and a third entity.
  • the broadcasting message can be distributed to at least one of the user devices during or after an installation, updating or downloading of the comparator node.
  • the message may be transmitted to the user device while the comparator node (which may correspond to a program for interfacing with the server and/or broadcasting parties) is being installed on the device, as opposed to at a later time via a connection.
  • the comparator node which may correspond to a program for interfacing with the server and/or broadcasting parties
  • This may be advantageous, as there may be some broadcasting content that should be delivered to the user immediately following installation/updating/downloading of the comparator node (note, that the comparator node may also correspond to an "app" on a user device such as a smartphone).
  • the method can further comprise encrypting at least a part of the broadcasting message by at least one of the broadcasting party and the server.
  • the method can further comprise at least partially encrypting the broadcasting message by the broadcasting party before or while sending it to the server, at least partially decrypting the broadcasting message by the server after or while receiving said broadcasting message from the broadcasting party, at least partially encrypting the broadcasting message by the server before or while sending it to the user devices, and at least partially decrypting the broadcasting message by the device after or while receiving said broadcasting message from the server.
  • the broadcasting message may generally be encrypted while in transit between secure environments of the server/broadcasting party/user device to ensure data protection.
  • the method can further comprise the broadcasting party encrypting the broadcasting message at least partially with a key known to at least a portion of the user devices before or while sending it to the server, and wherein at least a portion of the user devices can decrypt said broadcasting message using said key known to at least a portion of the user devices.
  • a system for broadcasting data comprises at least one server.
  • the server is configured to at least receive a broadcasting message from at least one broadcasting party, the broadcasting message comprising at least recipient criteria and broadcasted content.
  • the server is also configured to transmit the broadcasting message to a plurality of user devices.
  • the system further comprises at least one user device configured to store user data and comprising at least a comparator node and a processing component.
  • the comparator node is configured to at least compare the recipient criteria to the user data stored on each user device.
  • the processing component is configured to process the broadcasted content on each user device where the comparator node achieved a successful comparison of the recipient criteria to user data.
  • the user device, user data, broadcasting message, recipient criteria, broadcasted content, comparator node can be as described above with respect to the method.
  • the present system may be particularly configured to execute or perform the method for broadcasting data as described in the above embodiments.
  • the user device can further comprise a communication component configured to at least receive data from the server.
  • the comparator node can be configured to apply the recipient criteria of received broadcasting messages to the user data saved on the device, and the comparator node can be software-based.
  • the comparator node can generally comprise a program installed on a user device and configured to interact with it.
  • the comparator node can be configured to use the user device's hardware (such as a processor, sensors or communication component) to perform its tasks, subroutines or the like.
  • the comparator node can be further configured to process an incoming broadcasting message depending on the result of the application of the message's recipient criteria by displaying and/or executing said broadcasting message's broadcasted content if said recipient criteria are successfully compared to (or matched to) the user data on the user device.
  • the comparator node can advantageously "filter” incoming broadcasting messages and only output (or display/present to the user) those messages for which the user associated with the user device is an intended recipient.
  • the comparator node can be configured to process an incoming broadcasting message depending on the result of the application of the message's recipient criteria by discarding the broadcasting message if said recipient criteria are not successfully compared to the user data on the device, that is if the user data do not match the recipient criteria.
  • the comparator node can be configured to process an incoming broadcasting message depending on the result of the application of the broadcasting message's recipient criteria by performing a predetermined action if said recipient criteria are not successfully compared to the user data on the device.
  • the user device can further comprise a data storage component that is at least partially encrypted.
  • the user device can comprise a user terminal.
  • the user device can also comprise a portable device.
  • the user device can comprise a laptop, a tablet computer, a smartphone, a wearable device, and/or an adapted medical device.
  • the user device can comprise a user interface configured to enable a user to interact with the user device and wherein the user interface comprises at least one interaction component. That is, the user interface may comprise an interface that the user may use to access the broadcasting message or other associated data, including user data.
  • the interaction component may comprise a display, speakers, or the like.
  • the user interface may be linked to the device by at least one of a direct connection, such as by electro-magnetic waves, integrated or removable wiring, and an indirect connection, such as by a server, such as an interface displaying e-mails sent by the user device or an interface playing voice messages sent by the user device.
  • the user interface can be configured to perform necessary interface steps for a verification of a user's identity. For example, those can comprise reading a password or a PIN entered by a user, scanning a user's fingerprint, taking at least photos of a user that are configured for facial recognition, accepting a hardware authentication element (e.g. hardware key) or any combination thereof.
  • a hardware authentication element e
  • the server can be furthermore configured to send data to the broadcasting parties.
  • the server can be furthermore configured to perform at least one verification on incoming data before forwarding it. For example, a check for malware or for compliance with pre-defined criteria or rules can be performed.
  • the server can comprise a single server, a server system composed of multiple servers, and/or a program emulating the functionality of a server, running on a cloud computing platform or any system configured to implement the functionality of a server.
  • the server can comprise means of data processing, such as, processor units, hardware accelerators and/or microcontrollers.
  • the server can comprise memory components, such as, main memory (e.g. RAM), cache memory (e.g. SRAM) and/or secondary memory (e.g. HDD, SDD).
  • the server can comprise busses configured to facilitate data exchange between components of the server, such as, the communication between the memory components and the processing components of the server.
  • the server can comprise network interface cards that can be configured to connect the server to a network, such as, to the Internet.
  • the server can comprise user interfaces, such as: output user interface, such as screens or monitors configured to display visual data and/or speakers configured to communicate audio data, input user interface, such as a camera, a microphone configured to capture audio data, a keyboard, a trackpad, mouse, touchscreen and/or joystick.
  • output user interface such as screens or monitors configured to display visual data and/or speakers configured to communicate audio data
  • input user interface such as a camera, a microphone configured to capture audio data
  • keyboard a trackpad, mouse, touchscreen and/or joystick.
  • the server can also be configured to be controlled from another computer system, such as via a remote-desktop connection, via a secure shell connection (SSH) or the like.
  • SSH secure shell connection
  • the server can be a processing unit configured to carry out instructions of a program.
  • the server can be a system-on-chip comprising processing units, memory components and busses.
  • the server can be a processing unit or a system-on-chip that can be interfaced with a personal computer, a laptop, a pocket computer, a smartphone, a tablet computer and/or user interfaces (such as the upper-mentioned user interfaces).
  • the server can further comprise, at least at some points in time, a connection configured for data transfer from at least one of the at least one user devices to the server, and, at least at some points in time, a connection configured for data transfer from the server to at least one of the at least one broadcasting parties.
  • the server can be furthermore configured to forward return messages from user devices to broadcasting parties, preferably to the broadcasting party corresponding to a broadcasting message causing a return message.
  • the user device can be configured to store user data in a machine-interpretable form.
  • the user data can comprise medical user data.
  • the user device can be configured to encode the user data with at least a homogenous naming for fields.
  • the user device can be configured to encode values with a same dimension unit for each field.
  • the user device can be further configured to at least partially generate medical data comprising at least one of at least one medical image; at least one result of a laboratory analysis of material originating from or expelled by the human body; and data from a sensing device that senses biometrical or medical data of a user.
  • the user device may even be configured to generate some of the original data such as images via the user device's sensors such as a camera (further sensors such as biometric sensors may also be used).
  • a method for broadcasting data comprising
  • the server (1) transmitting the broadcasting message (3) to the plurality of user devices
  • the method according to the preceding method embodiment further comprising generating statistics on the notifications about at least one of the processing, delivery and at least implicitly on the successful comparison of the broadcasting messages (3) by at least one of the server (1) and the broadcasting party (40).
  • sending the broadcasting message (3) further comprises transmitting the broadcasting message (3) by a connection (102) configured to transfer data from the broadcasting party (40) to the server (1).
  • sending the broadcasting message (3) further comprises connecting the user devices (10) and the server (1) at least at some points in a period of time by a connection (103) configured to transfer data from the server to the user devices (10).
  • invention M13 The method according to any of the preceding method embodiments and with features of embodiment M2 further comprising the server (1) forwarding the received broadcasting message (3) to at least some of the user devices (10) that are connected to the server (1) at least at some points in a period of time, wherein said portion is at least defined by a characteristic specified by at least one of the server (1), the broadcasting party (40) sending the broadcasting message (3) to the server (1) and the user devices (10).
  • SI A system for broadcasting data comprising
  • At least one server (1) configured to at least
  • broadcasting message (3) from at least one broadcasting party (40), the broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5);
  • At least one user device configured to store user data (20) and comprising at least a comparator node (23) and a processing component,
  • the comparator node (23) is configured to at least compare the recipient criteria (4) to the user data (20) stored on each user device (10) wherein the processing component is configured to process the broadcasted content (5) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).
  • the user device (10) further comprises a communication component configured to at least receive data from the server (10).
  • comparator node (23) is configured to apply the recipient criteria (4) of received broadcasting messages (3) to the user data (20) saved on the device (10), and
  • comparator node (23) is software- based.
  • comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the message's recipient criteria (4) by displaying and/or executing said broadcasting message's (3) broadcasted content (5) if said recipient criteria are successfully compared by the user data (20) on the user device (10).
  • comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the message's recipient criteria (4) by discarding the broadcasting message (3) if said recipient criteria are not successfully compared to the user data (20) on the device (10).
  • comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the broadcasting message's recipient criteria (4) by performing a predetermined action if said recipient criteria are not successfully compared to the user data (20) on the device (10).
  • the user device (10) comprises a user interface (11) configured to enable a user to interact with the user device (10) and wherein the user interface (11) comprises at least one interaction component.
  • the user interface (11) is configured to perform necessary interface steps for a verification of a user's identity.
  • server (1) is furthermore configured to send data to the broadcasting parties (40).
  • server (1) is furthermore configured to perform at least one verification on incoming data before forwarding it.
  • server (1) comprises a single server, a server system composed of multiple servers, and/or a program emulating the functionality of a server, running on a cloud computing platform or any system configured to implement the functionality of a server.
  • server (1) further comprises, at least at some points in time, a connection (104) configured for data transfer from at least one of the at least one user devices (10) to the server (1), and, at least at some points in time, a connection (101) configured for data transfer from the server to at least one of the at least one broadcasting parties (40).
  • server (1) is furthermore configured to forward return messages (6) from user devices (10) to broadcasting parties (40), preferably to the broadcasting party (40) corresponding to a broadcasting message (3) causing a return message (6).
  • At least one medical image At least one medical image
  • At least one result of a laboratory analysis of material originating from or expelled by the human body and Data from a sensing device that senses biometrical or medical data of a user.
  • Figure 1 schematically depicts an embodiment of a method to selectively broadcast data.
  • Figure 1 shows a scheme of a method to selectively broadcast data based on selection criteria that refer to private medical data without disclosing said data to the broadcasters.
  • a central server 1 is at least at some points in time connected to at least one user device 10 (here: three user devices 10) and to at least one broadcasting party 40, whereas these points in time do not need to be the same.
  • a broadcasting party 40 sends a broadcasting message 3 to the central server 1.
  • Server 1 may optionally apply tests to the message, e.g. against malware or exploits that could be used to identify single users.
  • the message may be encrypted.
  • Server 1 forwards the message to all or at least to a group of user devices 10 as soon as they are connected to said server.
  • the message may be encrypted, re-formatted, compressed, modified, signed or the like at said server 1.
  • a message 3 comprises at least a criterion or a set of criteria 40 ("recipient criteria") that the recipients specified by a broadcasting party 40 that issued the message must fulfil, such as age, gender, medical condition, medical history, affiliation with a certain health plan or the like. Furthermore, a message 3 comprises broadcasted content 5 that is requested by the issuing broadcasting party 40 to be delivered to the recipients specified by the recipient criteria 4.
  • a user device 10 receives a message 3, it does optionally check for a signature of server 1, decrypt the message or perform a similar operation.
  • An comparator node 23 running on each user device will then apply recipient criteria 4 belonging to the received message to user data 20 on the user device 10. If user data 20 satisfies said criteria, the comparator node forwards the broadcasted content (or at least parts of it) to a user 30 via at least one user interface 11 that is physically or logically connected to user device 10. The latter connection would for example be the case if the user device would not directly show a user the broadcasted content 5, but if the user device forwarded the content to a user's e-mail address or to a voicemail system.
  • steps are recited in the appended claims, it should be noted that the order in which the steps are recited in this text may be the preferred order, but it may not be mandatory to carry out the steps in the recited order. That is, unless otherwise specified or unless clear to the skilled person, the orders in which steps are recited may not be mandatory. That is, when the present document states, e.g., that a method comprises steps (A) and (B), this does not necessarily mean that step (A) precedes step (B), but it is also possible that step (A) is performed (at least partly) simultaneously with step (B) or that step (B) precedes step (A).
  • step (X) preceding step (Z) encompasses the situation that step (X) is performed directly before step (Z), but also the situation that (X) is performed before one or more steps (Yl), ..., followed by step (Z).
  • step (X) preceding step (Z) encompasses the situation that step (X) is performed directly before step (Z), but also the situation that (X) is performed before one or more steps (Yl), ..., followed by step (Z).
  • Connection configured for data transfer from server to broadcasting party Connection configured for data transfer from broadcasting party to server Connection configured for data transfer from server to user device Connection configured for data transfer from user device to server

Abstract

Disclosed are a method and system for broadcasting data. The method for broadcasting data comprises sending a broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5) from at least one broadcasting party (40) to a plurality of user devices (10) each comprising a comparator node (23); comparing the recipient criteria (4) to user data (20) stored on each user device (10) by the comparator node (23); processing the broadcasted content (5) on each user device (10) where the comparator node (23) outputted a successful comparison of the recipient criteria (4) to user data (20). The system for broadcasting data comprises at least one server (1) configured to at least receive a broadcasting message (3) from at least one broadcasting party (40), the broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5); and transmit the broadcasting message (3) to a plurality of user devices (10). The system also comprises at least one user device (10) configured to store user data (20) and comprising at least a comparator node (23) and a processing component. The comparator node (23) is configured to at least compare the recipient criteria (4) to the user data (20) stored on each user device (10). The processing component is configured to process the broadcasted content (5) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).

Description

Method and system for selective broadcasting
Field
The invention relates to selective broadcasting to users based on privacy-sensitive or otherwise confidential data.
Background
It is a known task to deliver information to recipients based on certain criteria, e.g. based on their address or name, but also based on other characteristics such as age, employment status, interests and the like. Matching users by those data in order to generate e.g. an address list is a well-known example wherein private or confidential information is processed before the selective delivery starts.
If data is saved centrally (for example in a hospital's medical records of their patients or in the electoral register), selective information delivery to users is usually performed by applying the selection criteria centrally in order to extract the contact data, e.g. postal or electronical addresses, of the people to contact or to deliver information to. The information is then transmitted to the user, using the extracted contact data. Even if information is masked, removed or simply not delivered by the information source in order to protect the user's privacy, the user has no inherent control of the use of his data, but he has to trust entities holding his data (e.g. a hospital) to ensure the protection of his privacy when they provide his contact data.
A supplementary problem in this context is the storage of medical data. Medical data is usually either saved in a distributed way - so basically, every health care provider holds their own data concerning a patient. In this case, to deliver messages to users based on information that is not comprehensively stored at one single health care provider or more generally at one single data source, it will be necessary to match this data. If all patient data is stored centrally instead, the protection of the patient's privacy is quite difficult as the data is available at least to the processing unit belonging to the central storage system.
In both cases of data storage or in a hybrid version, the patient must nevertheless trust other entities to guarantee his privacy, or the generation e.g. of address lists as described above might even be legally restricted. US20090150362A1 discloses a double blinded privacy-safe distributed data mining protocol, among an aggregator, a data consumer entity having privacy-sensitive information, and data source entities having privacy-sensitive information. The aggregator does not have access to the privacy-sensitive information at either the data consumer entity or the data source entities. The aggregator formulates a query without using privacy-sensitive information, and sends the query to the data consumer entity. The data consumer entity generates a list of specific instances that meet the conditions of the query and sends the list, encrypted, to the data source entities either directly or through the aggregator. The data source entities match the list against transactional data, de-identify the matched results, and send them to the aggregator. The aggregator combines results from data source entities and sends the combined result to the data consumer entity. This allows for privacy-safe data mining where both the data consumer entity and data source entities have privacy-sensitive information not available for the aggregator to see or use.
US20020116227A1 discloses a method for searching for medical information executed by one or more computers comprising the steps of formulating a request for medical information concerning an individual or group of individuals, transmitting a record request to a record facilitator, the record facilitator determining which patient record sources to investigate, a record query being sent from the facilitator to the patient record sources which are appropriate, receiving a patient record report back from the patient record sources, normalizing and augmenting the patient record report before forwarding it back to the requester, and de-identifying the patient record to remove any identifying information.
US7823207B2 discloses a privacy preserving data-mining protocol, between a secure "aggregator" and "sources" having respective access to privacy-sensitive micro-data, the protocol including : the "aggregator" accepting a user query and transmitting a parameter list for that query to the "sources" (often including privacy-problematic identifiable specifics to be analyzed); the "sources" then forming files of privacy-sensitive data-items according to the parameter list and privacy filtering out details particular to less than a predetermined quantity of micro-data-specific data-items; and the "aggregator" merging the privacy-filtered files into a data-warehouse to formulate a privacy-safe response to the user— even though the user may have included privacy-problematic identifiable specifics. US20090326981A1 provides a system and/or a method that facilitates collecting a portion of health data from a collection of users. An interface component can receive health data communicated from a collection of users, wherein each user within the collection is associated with a respective portion of health data. A verification component can authenticate at least one of a transmission source of the portion of health data, an ownership between a portion of health data and a user, an integrity level associated with the portion of health data, or a user submitting the portion of health data. A collection component can aggregate authenticated health data into a semantic data store in which the health data is indicative of a raw and unmolested source of health information from the collection of users. The collection component can further organize the health data to facilitate identification of a medical related trend.
US20060069957A1 discloses a communication system processing element comprises a processor coupled to a memory and implements at least a portion of a distributed expert system. The distributed expert system is arranged in at least two hierarchical levels, including an upper level comprising a central controller, and a lower level comprising a plurality of local agents each associated with one or more communication devices of the system.
US6397224B1 discloses a system for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, includes a first identity reference encoding module configured to encode a first encoded identity reference from a first subset of the identifying elements of a data record; a second identity reference encoding module configured to encode a second encoded identity reference from a second subset of the identifying elements of the data record; and an anonymization code assignment module configured to assign to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record.
US7543149B2 discloses a method for securing patient identity comprising accessing an electronic medical records database including patient data for a plurality of patients. Each patient in the electronic medical records database is assigned a unique patient identifier. Patient data for a first patient, including a first patient identifier, is retrieved from the electronic medical records database. The first patient is de-identified from the patient data. De-identifying includes the creation of a first encoded patient identifier responsive to the first patient identifier. The de-identifying results in de-identified first patient data and includes the replacement of the first patient identifier with the first encoded patient identifier. The de-identified first patient data is transmitted to a data warehouse system. The method further comprises identifying a second patient in response to receiving report data that includes a second encoded patient identifier from the data warehouse system. The identifying includes the creation of a second patient identifier responsive to the second encoded patient identifier.
While the prior art approaches may be satisfactory in some regards, they have certain shortcomings and disadvantages. Concretely, the prior art discloses either to store multiple patient records or parts thereof at e.g. a single health care provider or at a central server.
In the latter case, the data is available to the central entity anyways. Also, the patient has no control of his data and must trust the operator of the storage units. The user has no means to directly control his data at these storage entities.
In the former case, i.e. leaving a single patient's data distributed to several data storage entities, e.g. physicians, makes it hard to obtain or address users by information that requires a comprehensive set of data (or information derived thereof, such as the number of visits to health care providers in a defined period). To obtain this information, a kind of matching algorithm would be necessary.
Obviously, the storage entity/ies can be all entities that hold patient data - health care providers, central registers, employers as far as they need to keep a medical record, etc, also including IT-providers operating transmission, processing or storing services, hardware or systems for the aforementioned entities.
Summary
It is therefore an object of the invention to overcome or at least alleviate the shortcomings and disadvantages of the prior art. More particularly, it is an object of the present invention to provide a method and system that allows to selectively broadcast data, whereas the user has the entire data that is used for the selection in the broadcasting process in his control on a device, which may be a mobile device. No private data needs to be forwarded from the device to third parties for the selective broadcasting function. In a first embodiment, a method for broadcasting data is disclosed. The method comprises sending a broadcasting message comprising at least recipient criteria and broadcasted content from at least one broadcasting party to a plurality of user devices each comprising a comparator node. The method also comprises comparing the recipient criteria to user data stored on each user device by the comparator node. The method further comprises processing the broadcasted content on each user device where the comparator node outputted a successful comparison of the recipient criteria to user data.
The broadcasting message may comprise a plurality of data and/or instructions that can be interpretable by a machine such as a processor.
The recipient criteria may comprise certain parameters identifying an intended recipient. For example, an age range, sex, medical condition or the like can be examples of recipient criteria.
The broadcasted content may comprise data such as text, images, video, sound or the like.
The comparator node may comprise a program or part of a program that can be configured to use computational resources of the user device to perform operations.
User data may comprise any data related to the user of the user device. Multiple users may also be associated with one user device, where each individual user would then have a unique "user profile" or the like.
A successful comparison of the recipient criteria to user data may refer to the comparator node verifying whether the recipient criteria are satisfied by user data associated with the user of the user device. In other words, this comparison may refer to matching the required parameters (such as e.g. age, sex, medical information) of the recipient criteria to the user data stored on the user device.
Optionally advantageously, the present method allows to send targeted messages to only a certain subset of users (who's user data fulfils the recipient criteria). For example, certain such messages (or broadcasted content) may comprise medical suggestions or information targeted to a specific subclass of users, such as users with a certain medical condition. Instead of collecting all user data and using it to send targeted messages to specific user devices, the messages may be sent to all devices, and processed directly on the device to verify whether they are relevant to the specific user. This advantageously allows for sensitive user data (such as medical history, personal identification etc) to remain on the user device, while relevant broadcasting content can still reach the relevant target audience. At least some of the user devices may each comprise a data storage, at least one processing component configured to execute a program in a suitable form and format and a communication component at least configured to communicate with a remote server.
The processing component can for example comprise processors, hardware accelerators and/or microcontrollers.
The data storage can comprise memory components, such as, main memory (e.g. RAM), cache memory (e.g. SRAM) and/or secondary memory (e.g. HDD, SDD).
The user devices can comprise busses configured to facilitate data exchange between their components, such as, the communication between the data storage and the processing component. The user device can comprise network interface controllers that can be configured to connect the data processing device to a network, such as, to the Internet
The data storage may be at least partially encrypted. Optionally advantageously, this can allow for secure storage of potentially sensitive data, such as medical data. The user device may comprise a user terminal.
The user device may be a portable device, such as a laptop, a tablet computer, a smartphone, a wearable device, or an adapted medical device.
The user data may comprise personal data of a user. The user data may comprise technical user data and identifying personal data. The identifying personal data may comprise, for example, an address, phone number, date of birth or user name. The technical user data may comprise at least partially technical medical data. The technical user data may be at least partially encoded by replacing at least parts of the data by machine-interpretable expressions. Parts of user data may be encrypted.
The broadcasting message may be formatted in a way that indicates that said message is configured to transport data from at least one of a server and broadcasting parties to at least one user device. The broadcasting message comprises recipient criteria. The recipient criteria may comprise a set of at least one machine-interpretable criterion. The recipient criteria can be configured to determine, based on user data saved on the user device, whether a respective user and/or the user device is an intended receiver of the broadcasted message.
The broadcasting message also comprises broadcasted content. The broadcasted content may comprise displayable data and/or data requesting the user device to perform at least a specific action. The broadcasted content may comprise data requesting the user device to perform at least a specific action. Such a requested specific action may be to generate a return message and/or to send such a message. The requested content of the return message may be at least partially medical data.
Parts or all of the broadcasting message may be encrypted. The broadcasting message may comprise information about the broadcasting party that issued it.
In some embodiments, sending the broadcasting message can comprise receiving a broadcasting message from at least one broadcasting party by a server and the server transmitting the broadcasting message to the plurality of user devices. This can be useful to further protect potentially sensitive data of individuals from third parties.
In some embodiments, the method can further comprise discarding the broadcasting message on each device where the comparator node did not achieve a successful comparison of the recipient criteria to user data. In other words, if the user associated with the given user data is not a target recipient for the broadcasting content, it will not be outputted (that is, played, displayed or presented) to this user, even though the broadcasting message arrived to the user device. This allows to prevent that users that do not fit recipient criteria need to go through potential broadcasting contents that would be of no use to them or to show them advice that might not be helpful or even harmful.
In some embodiments, the method can further comprise outputting the broadcasted content on each user device where the comparator node achieved a successful comparison of the recipient criteria to user data. Outputting can refer to displaying, playing, or otherwise presenting to the user the content of the broadcast (such as a message related to the user's medical condition). The broadcasted content can comprise advertisement, announcement, or the like that can be pertinent to a particular user based on their user data (for example, a new available treatment or medication or the like).
In some embodiments, the method can further comprise sending a notification from each user device specifying results of the comparison between the recipient criteria and the user data. In such embodiments, the method can further comprise generating statistics on the notifications about at least one of the processing, delivery and at least implicitly on the comparison (or matching) of the broadcasting messages by at least one of the server and the broadcasting party. That is, it may be useful to know how many user devices actually outputted or displayed the broadcasted content to the users. In other words, it may be useful to generate statistics about how many users were targeted by the broadcasted content.
In some embodiments, sending the broadcasting message can further comprise transmitting the broadcasting message by a connection configured to transfer data from the broadcasting party to the server. In some embodiments, sending the broadcasting message can further comprise connecting the user devices and the server at least at some points in a period of time by a connection configured to transfer data from the server to the user devices.
In some embodiments, the method can further comprise the comparator node performing a predetermined action to be performed by the user device on each user device where the comparator node achieved a successful comparison of the recipient criteria to user data. Such an action can comprise, for example, outputting and/or displaying the broadcasting content, outputting parts of user data, prompting the user to perform an action, showing a notification to the user, or the like.
In some embodiments, the predetermined action can be at least partially specified by at least parts of the broadcasting message. In such embodiments, the method can further comprise the comparator node limiting the possible predetermined actions that are at least partially specified by the broadcasting message.
In some embodiments, the method can further comprise the server forwarding the received broadcasting message to all the user devices that are connected to the server at least at some points in a period of time.
In some embodiments, the method can further comprise the server forwarding the received broadcasting message to at least some of the user devices that are connected to the server at least at some points in a period of time, wherein said portion can be at least defined by a characteristic specified by at least one of the server, the broadcasting party sending the broadcasting message to the server and the user devices. In some such embodiments, the period of time can have a defined starting point.
In some embodiments, the starting point can be specified by at least one of the server, the broadcasting party, the broadcasting message and a third entity.
In some such embodiments, the period of time can have a defined endpoint. The endpoint can be specified by at least one of the server, the broadcasting party, the broadcasting message and a third entity.
In some embodiments, the broadcasting message can be distributed to at least one of the user devices during or after an installation, updating or downloading of the comparator node. In other words, the message may be transmitted to the user device while the comparator node (which may correspond to a program for interfacing with the server and/or broadcasting parties) is being installed on the device, as opposed to at a later time via a connection. This may be advantageous, as there may be some broadcasting content that should be delivered to the user immediately following installation/updating/downloading of the comparator node (note, that the comparator node may also correspond to an "app" on a user device such as a smartphone). In some embodiments, the method can further comprise encrypting at least a part of the broadcasting message by at least one of the broadcasting party and the server. In some such embodiments, the method can further comprise at least partially encrypting the broadcasting message by the broadcasting party before or while sending it to the server, at least partially decrypting the broadcasting message by the server after or while receiving said broadcasting message from the broadcasting party, at least partially encrypting the broadcasting message by the server before or while sending it to the user devices, and at least partially decrypting the broadcasting message by the device after or while receiving said broadcasting message from the server. In other words, the broadcasting message may generally be encrypted while in transit between secure environments of the server/broadcasting party/user device to ensure data protection.
In some embodiments, the method can further comprise the broadcasting party encrypting the broadcasting message at least partially with a key known to at least a portion of the user devices before or while sending it to the server, and wherein at least a portion of the user devices can decrypt said broadcasting message using said key known to at least a portion of the user devices.
In a second embodiment, a system for broadcasting data is disclosed. The system comprises at least one server. The server is configured to at least receive a broadcasting message from at least one broadcasting party, the broadcasting message comprising at least recipient criteria and broadcasted content. The server is also configured to transmit the broadcasting message to a plurality of user devices. The system further comprises at least one user device configured to store user data and comprising at least a comparator node and a processing component. The comparator node is configured to at least compare the recipient criteria to the user data stored on each user device. The processing component is configured to process the broadcasted content on each user device where the comparator node achieved a successful comparison of the recipient criteria to user data.
The user device, user data, broadcasting message, recipient criteria, broadcasted content, comparator node can be as described above with respect to the method. The present system may be particularly configured to execute or perform the method for broadcasting data as described in the above embodiments.
In some embodiments, the user device can further comprise a communication component configured to at least receive data from the server.
The comparator node can be configured to apply the recipient criteria of received broadcasting messages to the user data saved on the device, and the comparator node can be software-based. The comparator node can generally comprise a program installed on a user device and configured to interact with it. The comparator node can be configured to use the user device's hardware (such as a processor, sensors or communication component) to perform its tasks, subroutines or the like.
In some such embodiments, the comparator node can be further configured to process an incoming broadcasting message depending on the result of the application of the message's recipient criteria by displaying and/or executing said broadcasting message's broadcasted content if said recipient criteria are successfully compared to (or matched to) the user data on the user device. In other words, the comparator node can advantageously "filter" incoming broadcasting messages and only output (or display/present to the user) those messages for which the user associated with the user device is an intended recipient.
In some such embodiments, the comparator node can be configured to process an incoming broadcasting message depending on the result of the application of the message's recipient criteria by discarding the broadcasting message if said recipient criteria are not successfully compared to the user data on the device, that is if the user data do not match the recipient criteria.
In some such embodiments, the comparator node can be configured to process an incoming broadcasting message depending on the result of the application of the broadcasting message's recipient criteria by performing a predetermined action if said recipient criteria are not successfully compared to the user data on the device.
In some embodiments, the user device can further comprise a data storage component that is at least partially encrypted.
In some embodiments, the user device can comprise a user terminal.
The user device can also comprise a portable device. For example, the user device can comprise a laptop, a tablet computer, a smartphone, a wearable device, and/or an adapted medical device.
In some embodiments, the user device can comprise a user interface configured to enable a user to interact with the user device and wherein the user interface comprises at least one interaction component. That is, the user interface may comprise an interface that the user may use to access the broadcasting message or other associated data, including user data. The interaction component may comprise a display, speakers, or the like. The user interface may be linked to the device by at least one of a direct connection, such as by electro-magnetic waves, integrated or removable wiring, and an indirect connection, such as by a server, such as an interface displaying e-mails sent by the user device or an interface playing voice messages sent by the user device. In some such embodiments, the user interface can be configured to perform necessary interface steps for a verification of a user's identity. For example, those can comprise reading a password or a PIN entered by a user, scanning a user's fingerprint, taking at least photos of a user that are configured for facial recognition, accepting a hardware authentication element (e.g. hardware key) or any combination thereof.
In some embodiments, the server can be furthermore configured to send data to the broadcasting parties.
In some embodiments, the server can be furthermore configured to perform at least one verification on incoming data before forwarding it. For example, a check for malware or for compliance with pre-defined criteria or rules can be performed.
In some embodiments, the server can comprise a single server, a server system composed of multiple servers, and/or a program emulating the functionality of a server, running on a cloud computing platform or any system configured to implement the functionality of a server.
The server can comprise means of data processing, such as, processor units, hardware accelerators and/or microcontrollers. The server can comprise memory components, such as, main memory (e.g. RAM), cache memory (e.g. SRAM) and/or secondary memory (e.g. HDD, SDD). The server can comprise busses configured to facilitate data exchange between components of the server, such as, the communication between the memory components and the processing components of the server. The server can comprise network interface cards that can be configured to connect the server to a network, such as, to the Internet. The server can comprise user interfaces, such as: output user interface, such as screens or monitors configured to display visual data and/or speakers configured to communicate audio data, input user interface, such as a camera, a microphone configured to capture audio data, a keyboard, a trackpad, mouse, touchscreen and/or joystick.
The server can also be configured to be controlled from another computer system, such as via a remote-desktop connection, via a secure shell connection (SSH) or the like.
To put it simply, the server can be a processing unit configured to carry out instructions of a program. The server can be a system-on-chip comprising processing units, memory components and busses. The server can be a processing unit or a system-on-chip that can be interfaced with a personal computer, a laptop, a pocket computer, a smartphone, a tablet computer and/or user interfaces (such as the upper-mentioned user interfaces).
In some embodiments, the server can further comprise, at least at some points in time, a connection configured for data transfer from at least one of the at least one user devices to the server, and, at least at some points in time, a connection configured for data transfer from the server to at least one of the at least one broadcasting parties.
In some embodiments, the server can be furthermore configured to forward return messages from user devices to broadcasting parties, preferably to the broadcasting party corresponding to a broadcasting message causing a return message.
In some embodiments, the user device can be configured to store user data in a machine-interpretable form. The user data can comprise medical user data. The user device can be configured to encode the user data with at least a homogenous naming for fields. The user device can be configured to encode values with a same dimension unit for each field.
In some such embodiments, the user device can be further configured to at least partially generate medical data comprising at least one of at least one medical image; at least one result of a laboratory analysis of material originating from or expelled by the human body; and data from a sensing device that senses biometrical or medical data of a user. The user device may even be configured to generate some of the original data such as images via the user device's sensors such as a camera (further sensors such as biometric sensors may also be used).
The following numbered embodiments also form part of the invention.
Below, method embodiments will be discussed. These embodiments are abbreviated by the letter "M" followed by a number. Whenever reference is herein made to "method embodiments", these embodiments are meant.
Ml. A method for broadcasting data, the method comprising
Sending a broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5) from at least one broadcasting party (40) to a plurality of user devices (10) each comprising a comparator node (23);
Comparing the recipient criteria (4) to user data (20) stored on each user device (10) by the comparator node (23);
Processing the broadcasted content (5) on each user device (10) where the comparator node (23) outputted a successful comparison of the recipient criteria (4) to user data (20). M2. The method according to the preceding embodiment wherein sending the broadcasting message (3) comprises
Receiving a broadcasting message (3) from at least one broadcasting party (40) by a server (1);
The server (1) transmitting the broadcasting message (3) to the plurality of user devices
(10).
M3. The method according to any of the preceding method embodiments further comprising discarding the broadcasting message (3) on each device where the comparator node (23) did not achieve a successful comparison of the recipient criteria (4) to user data (20).
M4. The method according to any of the preceding method embodiments further comprising outputting the broadcasted content (5) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).
M5. The method according to any of the preceding method embodiments further comprising sending a notification from each user device (10) specifying results of the comparison between the recipient criteria (4) and the user data (20).
M6. The method according to the preceding method embodiment further comprising generating statistics on the notifications about at least one of the processing, delivery and at least implicitly on the successful comparison of the broadcasting messages (3) by at least one of the server (1) and the broadcasting party (40).
M7. The method according to any of the preceding method embodiments and with the features of embodiment M2 wherein sending the broadcasting message (3) further comprises transmitting the broadcasting message (3) by a connection (102) configured to transfer data from the broadcasting party (40) to the server (1).
M8. The method according to any of the preceding method embodiments and with features of embodiment M2 wherein sending the broadcasting message (3) further comprises connecting the user devices (10) and the server (1) at least at some points in a period of time by a connection (103) configured to transfer data from the server to the user devices (10).
M9. The method according to any of the preceding method embodiments further comprising the comparator node (23) performing a predetermined action to be performed by the user device (10) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20). M10. The method according to the preceding embodiment wherein the predetermined action is at least partially specified by at least parts of the broadcasting message (3).
Mil. The method according to the preceding embodiment further comprising the comparator node (23) limiting the possible predetermined actions at least partially specified by the broadcasting message (3).
M12. The method according to any of the preceding method embodiments and with features of embodiment M2, further comprising the server (1) forwarding the received broadcasting message (3) to all the user devices (10) that are connected to the server (1) at least at some points in a period of time.
M13. The method according to any of the preceding method embodiments and with features of embodiment M2 further comprising the server (1) forwarding the received broadcasting message (3) to at least some of the user devices (10) that are connected to the server (1) at least at some points in a period of time, wherein said portion is at least defined by a characteristic specified by at least one of the server (1), the broadcasting party (40) sending the broadcasting message (3) to the server (1) and the user devices (10).
M14. The method according to any of the two preceding embodiments wherein said period of time has a defined starting point.
M15. The method according to the preceding embodiment wherein said starting point is specified by at least one of the server (1), the broadcasting party (40), the broadcasting message (3) and a third entity.
M16. The method according to any of the two preceding embodiments wherein said period of time has a defined endpoint.
M17. The method according to the preceding embodiment wherein said endpoint is specified by at least one of the server (1), the broadcasting party (40), the broadcasting message (3) and a third entity.
M18. The method according to any of the preceding method embodiments wherein the broadcasting message (3) is distributed to at least one of the user device(s) (10) during or after an installation, updating or downloading of the comparator node (23).
M19. The method according to any of the preceding method embodiments and with features of embodiment M2 further comprising encrypting at least a part of the broadcasting message (3) by at least one of the broadcasting party (40) and the server (1).
M20. The method according to the preceding embodiment, further comprising at least partially encrypting the broadcasting message (3) by the broadcasting party (40) before or while sending it to the server (1), at least partially decrypting the broadcasting message (3) by the server (1) after or while receiving said broadcasting message (3) from the broadcasting party (40), at least partially encrypting the broadcasting message (3) by the server (1) before or while sending it to the user devices (10), and
and at least partially decrypting the broadcasting message (3) by the device (10) after or while receiving said broadcasting message from the server (1).
M21. The method according to any of the two preceding embodiments further comprising the broadcasting party (40) encrypting the broadcasting message (3) at least partially with a key known to at least a portion of the user devices (10) before or while sending it to the server (1), and wherein at least a portion of the user devices (10) decrypt said broadcasting message (3) using said key known to at least a portion of the user devices (10).
M22. The method according to any of the preceding method embodiments wherein the user data comprises medical data.
Below, system embodiments will be discussed. These embodiments are abbreviated by the letter "S" followed by a number. Whenever reference is herein made to "system embodiments", these embodiments are meant.
SI. A system for broadcasting data comprising
at least one server (1) configured to at least
receive a broadcasting message (3) from at least one broadcasting party (40), the broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5); and
transmit the broadcasting message (3) to a plurality of user devices (10)
at least one user device (10) configured to store user data (20) and comprising at least a comparator node (23) and a processing component,
wherein the comparator node (23) is configured to at least compare the recipient criteria (4) to the user data (20) stored on each user device (10) wherein the processing component is configured to process the broadcasted content (5) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).
52. The system according to the preceding embodiment wherein the user device (10) further comprises a communication component configured to at least receive data from the server (10).
53. The system according to any of the preceding system embodiments wherein the comparator node (23) is configured to apply the recipient criteria (4) of received broadcasting messages (3) to the user data (20) saved on the device (10), and
wherein said comparator node (23) is software- based.
54. The system according to the preceding embodiment wherein the comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the message's recipient criteria (4) by displaying and/or executing said broadcasting message's (3) broadcasted content (5) if said recipient criteria are successfully compared by the user data (20) on the user device (10).
55. The system according to any of the two preceding embodiments wherein the comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the message's recipient criteria (4) by discarding the broadcasting message (3) if said recipient criteria are not successfully compared to the user data (20) on the device (10).
56. The system according to any of the three preceding embodiments wherein the comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the broadcasting message's recipient criteria (4) by performing a predetermined action if said recipient criteria are not successfully compared to the user data (20) on the device (10).
57. The system according to any of the preceding system embodiments wherein the user device (10) further comprises a data storage component that is at least partially encrypted.
58. The system according to any of the preceding system embodiments wherein the user device (10) comprises a user terminal.
59. The system according to any of the preceding system embodiments wherein the user device (10) comprises a portable device.
S10. The system according to any of the preceding system embodiments wherein the user device (10) comprises a user interface (11) configured to enable a user to interact with the user device (10) and wherein the user interface (11) comprises at least one interaction component. 511. The system according to the preceding embodiment wherein the user interface (11) is configured to perform necessary interface steps for a verification of a user's identity.
512. The system according to any of the preceding system embodiments wherein the server (1) is furthermore configured to send data to the broadcasting parties (40).
513. The system according to any of the preceding system embodiments wherein the server (1) is furthermore configured to perform at least one verification on incoming data before forwarding it.
514. The system according to any of the preceding system embodiments wherein the server (1) comprises a single server, a server system composed of multiple servers, and/or a program emulating the functionality of a server, running on a cloud computing platform or any system configured to implement the functionality of a server.
515. The system according to any of the preceding system embodiments wherein the server (1) further comprises, at least at some points in time, a connection (104) configured for data transfer from at least one of the at least one user devices (10) to the server (1), and, at least at some points in time, a connection (101) configured for data transfer from the server to at least one of the at least one broadcasting parties (40).
516. The system according to the preceding embodiment wherein the server (1) is furthermore configured to forward return messages (6) from user devices (10) to broadcasting parties (40), preferably to the broadcasting party (40) corresponding to a broadcasting message (3) causing a return message (6).
517. The system according to any of the preceding system embodiments wherein the user device (10) is configured to store user data (20) in a machine-interpretable form.
518. The system according to the preceding system embodiment wherein the user data (20) comprises medical user data.
519. The system according to any of the two preceding embodiments wherein the user device (10) is configured to encode the user data (20) with at least a homogenous naming for fields.
520. The system according to any of the three preceding embodiments wherein the user device (10) is configured to encode values with a same dimension unit for each field.
521. The system according to any of the four preceding embodiments wherein the user device (10) is further configured to at least partially generate medical data comprising at least one of
At least one medical image;
At least one result of a laboratory analysis of material originating from or expelled by the human body; and Data from a sensing device that senses biometrical or medical data of a user.
S22. The system according to any of the preceding system embodiments configured to perform the method according to any of the preceding method embodiments.
Brief description of the drawing
Figure 1 schematically depicts an embodiment of a method to selectively broadcast data.
Figure 1 shows a scheme of a method to selectively broadcast data based on selection criteria that refer to private medical data without disclosing said data to the broadcasters.
A central server 1 is at least at some points in time connected to at least one user device 10 (here: three user devices 10) and to at least one broadcasting party 40, whereas these points in time do not need to be the same.
To broadcast content 5 selectively, a broadcasting party 40 sends a broadcasting message 3 to the central server 1. Server 1 may optionally apply tests to the message, e.g. against malware or exploits that could be used to identify single users. The message may be encrypted. Server 1 forwards the message to all or at least to a group of user devices 10 as soon as they are connected to said server. The message may be encrypted, re-formatted, compressed, modified, signed or the like at said server 1.
A message 3 comprises at least a criterion or a set of criteria 40 ("recipient criteria") that the recipients specified by a broadcasting party 40 that issued the message must fulfil, such as age, gender, medical condition, medical history, affiliation with a certain health plan or the like. Furthermore, a message 3 comprises broadcasted content 5 that is requested by the issuing broadcasting party 40 to be delivered to the recipients specified by the recipient criteria 4.
Once a user device 10 receives a message 3, it does optionally check for a signature of server 1, decrypt the message or perform a similar operation. An comparator node 23 running on each user device will then apply recipient criteria 4 belonging to the received message to user data 20 on the user device 10. If user data 20 satisfies said criteria, the comparator node forwards the broadcasted content (or at least parts of it) to a user 30 via at least one user interface 11 that is physically or logically connected to user device 10. The latter connection would for example be the case if the user device would not directly show a user the broadcasted content 5, but if the user device forwarded the content to a user's e-mail address or to a voicemail system.
Whenever a relative term, such as "about", "substantially" or "approximately" is used in this specification, such a term should also be construed to also include the exact term. That is, e.g., "substantially straight" should be construed to also include "(exactly) straight".
Whenever steps are recited in the appended claims, it should be noted that the order in which the steps are recited in this text may be the preferred order, but it may not be mandatory to carry out the steps in the recited order. That is, unless otherwise specified or unless clear to the skilled person, the orders in which steps are recited may not be mandatory. That is, when the present document states, e.g., that a method comprises steps (A) and (B), this does not necessarily mean that step (A) precedes step (B), but it is also possible that step (A) is performed (at least partly) simultaneously with step (B) or that step (B) precedes step (A). Furthermore, when a step (X) is said to precede another step (Z), this does not imply that there is no step between steps (X) and (Z). That is, step (X) preceding step (Z) encompasses the situation that step (X) is performed directly before step (Z), but also the situation that (X) is performed before one or more steps (Yl), ..., followed by step (Z). Corresponding considerations apply when terms like "after" or "before" are used.
Numbered elements
I Server
3 Broadcasting message
4 Recipient criteria
5 Broadcasted content
6 Return message
7 Returned user data
8 Returned user-independent data
10 User device
I I User interface
20 User data Comparator node
Identifying data
Technical data
User
Broadcasting/Requesting parties
Connection configured for data transfer from server to broadcasting party Connection configured for data transfer from broadcasting party to server Connection configured for data transfer from server to user device Connection configured for data transfer from user device to server

Claims

Claims
1. A method for broadcasting data, the method comprising
Sending a broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5) from at least one broadcasting party (40) to a plurality of user devices (10) each comprising a comparator node (23);
Comparing the recipient criteria (4) to user data (20) stored on each user device (10) by the comparator node (23);
Processing the broadcasted content (5) on each user device (10) where the comparator node (23) outputted a successful comparison of the recipient criteria (4) to user data (20).
2. The method according to the preceding claim wherein sending the broadcasting message (3) comprises
Receiving a broadcasting message (3) from at least one broadcasting party (40) by a server (1);
The server (1) transmitting the broadcasting message (3) to the plurality of user devices (10).
3. The method according to any of the preceding claims further comprising discarding the broadcasting message (3) on each device where the comparator node (23) did not achieve a successful comparison of the recipient criteria (4) to user data (20).
4. The method according to any of the preceding claims further comprising outputting the broadcasted content (5) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).
5. The method according to any of the preceding claims further comprising the comparator node (23) performing a predetermined action to be performed by the user device (10) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).
6. The method according to the preceding claim wherein the predetermined action is at least partially specified by at least parts of the broadcasting message (3).
7. The method according to the preceding claim further comprising the comparator node (23) limiting the possible predetermined actions at least partially specified by the broadcasting message (3).
8. The method according to any of the preceding method claims and with features of claim 2 further comprising encrypting at least a part of the broadcasting message (3) by at least one of the broadcasting party (40) and the server (1).
9. The method according to the preceding claim, further comprising
at least partially encrypting the broadcasting message (3) by the broadcasting party (40) before or while sending it to the server (1),
at least partially decrypting the broadcasting message (3) by the server (1) after or while receiving said broadcasting message (3) from the broadcasting party (40),
at least partially encrypting the broadcasting message (3) by the server (1) before or while sending it to the user devices (10), and
and at least partially decrypting the broadcasting message (3) by the device (10) after or while receiving said broadcasting message from the server (1).
10. The method according to any of the two preceding claims further comprising the broadcasting party (40) encrypting the broadcasting message (3) at least partially with a key known to at least a portion of the user devices (10) before or while sending it to the server (1), and wherein at least a portion of the user devices (10) decrypt said broadcasting message (3) using said key known to at least a portion of the user devices (10).
11. A system for broadcasting data comprising
at least one server (1) configured to at least
receive a broadcasting message (3) from at least one broadcasting party (40), the broadcasting message (3) comprising at least recipient criteria (4) and broadcasted content (5); and
transmit the broadcasting message (3) to a plurality of user devices (10) at least one user device (10) configured to store user data (20) and comprising at least a comparator node (23) and a processing component,
wherein the comparator node (23) is configured to at least compare the recipient criteria (4) to the user data (20) stored on each user device (10)
wherein the processing component is configured to process the broadcasted content (5) on each user device (10) where the comparator node (23) achieved a successful comparison of the recipient criteria (4) to user data (20).
12. The system according to any of the preceding system claims wherein the comparator node (23) is configured to apply the recipient criteria (4) of received broadcasting messages (3) to the user data (20) saved on the device (10), and
wherein said comparator node (23) is software- based.
13. The system according to the preceding claim wherein the comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the message's recipient criteria (4) by displaying and/or executing said broadcasting message's (3) broadcasted content (5) if said recipient criteria are successfully compared by the user data (20) on the user device (10).
14. The system according to any of the two preceding claims wherein the comparator node (23) is configured to process an incoming broadcasting message (3) depending on the result of the application of the message's recipient criteria (4) by
discarding the broadcasting message (3) if said recipient criteria are not successfully compared to the user data (20) on the device (10); or
performing a predetermined action if said recipient criteria are not successfully compared to the user data (20) on the device (10).
15. The system according to any of the preceding system claims wherein the user device (10) comprises a user interface (11) configured to enable a user to interact with the user device (10) and
wherein the user interface (11) comprises at least one interaction component; and wherein the user interface (11) is configured to perform necessary interface steps for a verification of a user's identity.
PCT/EP2020/060926 2019-04-18 2020-04-17 Method and system for selective broadcasting WO2020212610A1 (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
EP19170091 2019-04-18
EP19170091.3 2019-04-18
EP19170100.2 2019-04-18
EP19170100 2019-04-18
EP19170111 2019-04-18
EP19170096.2 2019-04-18
EP19170096 2019-04-18
EP19170111.9 2019-04-18

Publications (1)

Publication Number Publication Date
WO2020212610A1 true WO2020212610A1 (en) 2020-10-22

Family

ID=69846023

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/EP2020/060926 WO2020212610A1 (en) 2019-04-18 2020-04-17 Method and system for selective broadcasting
PCT/EP2020/060927 WO2020212611A1 (en) 2019-04-18 2020-04-17 Method and system for transmitting combined parts of distributed data
PCT/EP2020/060916 WO2020212604A1 (en) 2019-04-18 2020-04-17 Method and system for selectively transmitting data
PCT/EP2020/060925 WO2020212609A1 (en) 2019-04-18 2020-04-17 Secure medical data analysis for mobile devices

Family Applications After (3)

Application Number Title Priority Date Filing Date
PCT/EP2020/060927 WO2020212611A1 (en) 2019-04-18 2020-04-17 Method and system for transmitting combined parts of distributed data
PCT/EP2020/060916 WO2020212604A1 (en) 2019-04-18 2020-04-17 Method and system for selectively transmitting data
PCT/EP2020/060925 WO2020212609A1 (en) 2019-04-18 2020-04-17 Secure medical data analysis for mobile devices

Country Status (1)

Country Link
WO (4) WO2020212610A1 (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0834227A1 (en) * 1995-06-19 1998-04-08 International Business Machines Corporation Method and system for receiving data packets in a unidirectional broadcasting system
US6397224B1 (en) 1999-12-10 2002-05-28 Gordon W. Romney Anonymously linking a plurality of data records
US20020116227A1 (en) 2000-06-19 2002-08-22 Dick Richard S. Method and apparatus for requesting, retrieving, and obtaining de-identified medical informatiion
EP1473871A2 (en) * 2003-05-02 2004-11-03 Microsoft Corporation Communicating messages over transient connections in a peer-to-peer network
US20050086481A1 (en) * 2003-10-15 2005-04-21 Cisco Technology, Inc. Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
US20060069957A1 (en) 2004-09-13 2006-03-30 Sangeetha Ganesh Distributed expert system for automated problem resolution in a communication system
US7543149B2 (en) 2003-04-22 2009-06-02 Ge Medical Systems Information Technologies Inc. Method, system and computer product for securing patient identity
US20090150362A1 (en) 2006-08-02 2009-06-11 Epas Double Blinded Privacy-Safe Distributed Data Mining Protocol
US20090326981A1 (en) 2008-06-27 2009-12-31 Microsoft Corporation Universal health data collector and advisor for people
US7823207B2 (en) 2004-04-02 2010-10-26 Crossix Solutions Inc. Privacy preserving data-mining protocol

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5660176A (en) 1993-12-29 1997-08-26 First Opinion Corporation Computerized medical diagnostic and treatment advice system
NL1019277C2 (en) 2001-11-01 2003-05-07 Vivici Device for making a diagnosis.
US20030225597A1 (en) 2002-05-29 2003-12-04 Levine Joseph H. Methods and systems for the creation and use of medical information
US7433853B2 (en) 2004-07-12 2008-10-07 Cardiac Pacemakers, Inc. Expert system for patient medical information analysis
DE202005012454U1 (en) 2005-08-08 2005-10-20 Bitos Gmbh Mobile medical expert system, e.g. a first aid system, comprises a mobile terminal with a medical expert system software application which can connect to a central database via wireless communications for information exchange
US10410308B2 (en) 2006-04-14 2019-09-10 Fuzzmed, Inc. System, method, and device for personal medical care, intelligent analysis, and diagnosis
US10231077B2 (en) * 2007-07-03 2019-03-12 Eingot Llc Records access and management
GB2502750A (en) * 2011-03-22 2013-12-04 Nant Holdings Ip Llc Healthcare Management objects
US20150359489A1 (en) 2013-01-25 2015-12-17 Vanderbilt University Smart mobile health monitoring system and related methods
US20170249432A1 (en) * 2014-09-23 2017-08-31 Surgical Safety Technologies Inc. Operating room black-box device, system, method and computer readable medium
US20160357173A1 (en) * 2015-06-08 2016-12-08 Evidation Health Evidence Generation and Data Interpretation Platform
US11616825B2 (en) * 2015-12-18 2023-03-28 Aetna Inc. System and method of aggregating and interpreting data from connected devices
US20180129900A1 (en) * 2016-11-04 2018-05-10 Siemens Healthcare Gmbh Anonymous and Secure Classification Using a Deep Learning Network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0834227A1 (en) * 1995-06-19 1998-04-08 International Business Machines Corporation Method and system for receiving data packets in a unidirectional broadcasting system
US6397224B1 (en) 1999-12-10 2002-05-28 Gordon W. Romney Anonymously linking a plurality of data records
US20020116227A1 (en) 2000-06-19 2002-08-22 Dick Richard S. Method and apparatus for requesting, retrieving, and obtaining de-identified medical informatiion
US7543149B2 (en) 2003-04-22 2009-06-02 Ge Medical Systems Information Technologies Inc. Method, system and computer product for securing patient identity
EP1473871A2 (en) * 2003-05-02 2004-11-03 Microsoft Corporation Communicating messages over transient connections in a peer-to-peer network
US20050086481A1 (en) * 2003-10-15 2005-04-21 Cisco Technology, Inc. Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
US7823207B2 (en) 2004-04-02 2010-10-26 Crossix Solutions Inc. Privacy preserving data-mining protocol
US20060069957A1 (en) 2004-09-13 2006-03-30 Sangeetha Ganesh Distributed expert system for automated problem resolution in a communication system
US20090150362A1 (en) 2006-08-02 2009-06-11 Epas Double Blinded Privacy-Safe Distributed Data Mining Protocol
US20090326981A1 (en) 2008-06-27 2009-12-31 Microsoft Corporation Universal health data collector and advisor for people

Also Published As

Publication number Publication date
WO2020212609A1 (en) 2020-10-22
WO2020212604A1 (en) 2020-10-22
WO2020212611A1 (en) 2020-10-22

Similar Documents

Publication Publication Date Title
US11893129B2 (en) Records access and management
US11616825B2 (en) System and method of aggregating and interpreting data from connected devices
US8977572B2 (en) Systems and methods for patient-controlled, encrypted, consolidated medical records
US20180261307A1 (en) Secure monitoring of private encounters
US10454901B2 (en) Systems and methods for enabling data de-identification and anonymous data linkage
US9965651B1 (en) Using de-identified healthcare data to evaluate post-healthcare facility encounter treatment outcomes
US20070192139A1 (en) Systems and methods for patient re-identification
US20070294111A1 (en) Systems and methods for identification of clinical study candidates
US20220092602A1 (en) User controlled event record system
CN114026823A (en) Computer system for processing anonymous data and method of operation thereof
US20140053244A1 (en) Anonymization as a service
CN110197707B (en) Block chain-based medical record information processing method, device, medium and electronic equipment
CN109522705B (en) Authority management method, device, electronic equipment and medium
EP4026135B1 (en) System for protecting and anonymizing personal data
US20150161345A1 (en) Secure messaging services
JP2024027133A (en) Program, information processing device, method
AU2015346644A1 (en) System and method for securely storing and sharing information
US9953188B2 (en) System, method, and program for storing and controlling access to data representing personal behavior
US20230077823A1 (en) System and method to access casualty health information in an emergency situation
WO2020212610A1 (en) Method and system for selective broadcasting
US20160070924A1 (en) Virtual-Account-Initiated Communication of Protected Information
US20240071583A1 (en) Method and system for asynchronous medical patient data communication and management
Bellika et al. Requirements to the data reuse application programming interface for electronic health record systems
US20130138946A1 (en) Secure telemessaging
US20170140099A1 (en) Facilitating the sharing of health information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20718681

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 28/02/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20718681

Country of ref document: EP

Kind code of ref document: A1