A computer implemented method of initiating a communication session between a client device and a server using an authentication key exchange protocol comprising: including the steps of receiving at the server from the client device a first communication to initiate the communication session, the first communication comprising a first session resumption indicator to indicate whether or not session resumption is required to be used by the client device; and establishing, at the server, a session resumption state for the client device based on or in response to a value of the first session resumption indicator.

Technologies are disclosed herein to secure flexible access to the healthcare information resources (HIR) contained within electronic health records (EHR) systems. By managing access permissions with certified self-sovereign identities and distributed ledger techniques, HIR may be secured. Patients and other users may be registered to access a distributed ledger, such as a healthcare blockchain, employed to set, host and adjudicate permissions to access HIR. Authorized owners and/or patients with rights to their own HIR may be able to grant fine-grained and conditional access permissions to third-parties. Information transfers and transactions occurring according to these permissions may be logged within smart contracts incorporated in the healthcare blockchain.

A health supervision system, including: an identification station, configured to obtain at least one first data item indicating an identity of a user, a health station configured to obtain at least one second data item indicating a health situation of the user identified, at least one local data repository, and a control unit, configured for receiving the at least one first data item and the at least one second data item, calculating a string, using a cryptographic function, as a function of the at least one first data item and/or the at least one second data item, storing the at least one first data item and/or the at least one second data item in the at least one local data repository, and transmitting the string to a distributed architecture database of the distributed ledger type to write the string to the distributed architecture database.

A DSSE architecture network enables multi-user such as data owners and data users to conduct privacy-preserving search on the encrypted PHIs stored in a cloud network and verify the correctness and completeness of retrieved search results simultaneously is provided. The data owners and data users may be patients, HSPs, or combination thereof. An IoT gateway aggregates periodically collected data into a single PHI file, extract keywords, build an encrypted index, and encrypt the PHI files before the encrypted index and PHI files are transmitted to a cloud network periodically for storage thus enable the DSSE architecture network to achieve a sub-linear search efficiency and forward privacy by maintaining an increasing counter for each keyword at the IoT gateway. Since the PHI files are always transmitted and added/stored into the cloud storage over the cloud network, file deletion, file modification is eliminated. The cloud network therefore does not need to learn whether the newly stored PHI files contain specific keywords. Any number of HSPs such as data users provides healthcare services for the patient by searching, querying, and/or retrieving user's encrypted PHIs incrementally stored on the cloud network in a privacy and verifiable manner. The patient delegated verifiability is derived from a combination of a Bloom filter and aggregate message authentication code.

A method may include collecting from each of multiple endpoint devices a set of anonymized interactions of the corresponding endpoint device with other endpoint devices. Each anonymized interaction in the set of anonymized interactions may be based on an ephemeral unique identifier of another endpoint device involved in a corresponding anonymized interaction with the corresponding endpoint device. The method may include, for each endpoint device, resolving identities of the other endpoint devices with which the corresponding endpoint device has interacted from the corresponding set of anonymized interactions.

Techniques for geospatial-temporal pathogen tracing in zero knowledge include: generating, by a first user device, a first proximity token for contact tracing; receiving, by the first user device, a second proximity token from a second user device; generating, by the first user device, a hash based on the first proximity token and the second proximity token; generating, by the first user device using a prover function of a preprocessing zero knowledge succinct non-interactive argument of knowledge (pp-zk-SNARK), a cryptographic proof attesting that an individual associated with the first user device tested positive for a pathogen; transmitting, by the first user device, first publicly verifiable exposure data including at least the cryptographic proof and the hash to a public registry; and applying at least the first publicly verifiable exposure data and second publicly verifiable exposure data to a machine learning model, to obtain actionable intelligence associated with the pathogen.

A cloud computing system is described that communicates with a virtual machine to reattach the face of a patient to brain imaging data before the brain imaging data is transmitted for display on a brain navigation system.

A processor may define a datastore connection object. The datastore connection object may include information regarding an off-chain datastore. The processor may associate the identifier to the datastore connection object. The processor may store the datastore connection object with the identifier in the blockchain network. The processor may identify that a request is being sent within the blockchain network. The request may include private information. The processor may determine whether to allow the request access to the off-chain datastore.

An identification system including a first biometric identifier, a second biometric identifier, a first cardiac identifier logically related to the first biometric identifier, a second cardiac identifier logically related to the second biometric identifier, where the identity of a user is verified using the biometric identifiers and the cardiac identifiers.

A data transmitting apparatus include a measurement control unit to measure an amount relating to biological information; an encryption key generation control unit to generate, as an encryption key, information calculated from first shared information and second shared information that is shared with a receiving apparatus; an encryption control unit to encrypt the biological information with the encryption key and generate encryption data; a packet generation control unit to generate a one-way transmission packet that includes the first shared information and the encryption data; and a transmitter to transmit the packet.