Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

A method for offline transmission of blockchain details includes: storing, in a computing device, a first private key and a currency amount; receiving a first destination address associated with a blockchain network and a transaction amount; generating a second private key; generating a second destination address associated with the blockchain network using the second private key; generating a blockchain transaction including at least the first destination address, the transaction amount, the second destination address, and a remainder amount based on at least the currency amount and the transaction amount; signing the generated blockchain transaction using the first private key; executing a query to replace the first private key with the second private key, wherein replacement of the first private key includes deletion of the first private key from the computing device; and transmitting the generated blockchain transaction.

A method for offline transmission of blockchain details includes: storing, in a computing device, a first private key and a currency amount; receiving a first destination address associated with a blockchain network and a transaction amount; generating a second private key; generating a second destination address associated with the blockchain network using the second private key; generating a blockchain transaction including at least the first destination address, the transaction amount, the second destination address, and a remainder amount based on at least the currency amount and the transaction amount; signing the generated blockchain transaction using the first private key; executing a query to replace the first private key with the second private key, wherein replacement of the first private key includes deletion of the first private key from the computing device; and transmitting the generated blockchain transaction.

In methods and systems for communicating medical image data that were generated for a patient between computing entities of a hospital network, a cloud-based data store and a patient's mobile device, a QR code serves to code a data package containing a user identification and a public key, which has been generated on the patient's mobile device, to a hospital server, in order to process personal data so that the personal data may be downloaded from the data store directly to the patient's mobile device in an encrypted form, and may be visualized there in clear text by means of applying a private key stored locally on the patient's mobile device. The method and system are web based and need no special requirements on the part of the patient's mobile device.

In methods and systems for communicating medical image data that were generated for a patient between computing entities of a hospital network, a cloud-based data store and a patient's mobile device, a QR code serves to code a data package containing a user identification and a public key, which has been generated on the patient's mobile device, to a hospital server, in order to process personal data so that the personal data may be downloaded from the data store directly to the patient's mobile device in an encrypted form, and may be visualized there in clear text by means of applying a private key stored locally on the patient's mobile device. The method and system are web based and need no special requirements on the part of the patient's mobile device.

A storage system and method for command execution ordering by security key are provided. In one example, the storage system has a non-volatile memory, a volatile memory storing a plurality of keys, and a controller with a cache storing a subset of the plurality of keys. The storage system gives priority to a command whose key is stored in the cache in the controller over commands whose keys are stored only in the volatile memory. This avoids transferring a key from the volatile memory to the cache in the controller, thereby improving efficiency of the storage system.

A storage system and method for command execution ordering by security key are provided. In one example, the storage system has a non-volatile memory, a volatile memory storing a plurality of keys, and a controller with a cache storing a subset of the plurality of keys. The storage system gives priority to a command whose key is stored in the cache in the controller over commands whose keys are stored only in the volatile memory. This avoids transferring a key from the volatile memory to the cache in the controller, thereby improving efficiency of the storage system.

Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.