Systems and methods for performing mutual authentication between a hardware access token and a reader device are provided. The systems and methods include reading a unique or pseudo-unique identifier of the hardware access token and computing a password for the hardware access token based on the unique or pseudo-unique identifier and a group secret of the reader device.

Embodiments facilitate interoperability and secure determination of healthcare costs. An entity may receive a first Electronic Health Record (EHR) sub-block with patient medical coverage information and first treatments and may transmit a first Device Drug Information (DIR) sub-block comprising first treatment classes corresponding to each first treatment, first treatment class members corresponding to each first treatment class, and corresponding first treatment class member cost information. In response, the entity may receive a second EHR sub-block comprising second treatments each: associated with a corresponding first treatment, and selected from corresponding first treatment class members. Upon receipt of a transaction confirmation, the entity may augment a multi-dimensional blockchain with a multi-dimensional block formed by linking: a DIR block including second treatment information, an EHR block including information based on the second EHR sub-block and a transaction block. Payment assistance information determined from the second EHR block may be transmitted to a patient.

Systems and methods for creating non-fungible tokens (“NFTs”), preferably of medical imagery, automates the creation of NFTs utilizing a software application integrated with an imaging device. In preferred embodiments, the imaging device is a medical imaging device, a device associated with the imaging device, or otherwise resident on a computing device. In other embodiments, the software application is associated with medical record systems. Thus, the software application automatically creates an NFT based on imagery created by the imaging device and incorporates associated image, owner and/or software identifiers.

Embodiments facilitate interoperability and secure patient selection for clinical trials and drug/device deployments. An entity may obtain a first set of health parameters and collective demographic information associated with one or more population segments and receive Electronic Health Record (EHR) sub-blocks with patient profile information and corresponding patient medical histories for patients. The entity may determine a subset of eligible candidate patients for a treatment based on information in the EHR sub-blocks and eligibility criteria for the treatment, which may be based the first set of health parameters, and/or the collective demographic information. The entity may transmit sub-blocks comprising eligible candidate patient profiles and medical information associated with the at least one treatment, and, in response to a received transaction block with a transaction confirmation, the entity may augment a multi-dimensional blockchain by linking: the transaction block, with a drug device information block and an EHR block.

A system and method are disclosed for each party of a group of m parties to be able to learn an Nth smallest value in a combined list of the values in which each party has separate lists of values. A method includes creating, by each party of a group of m parties, m lists of additive shares associated with each party's respective list of data, distributing, from each party to each other party in the group of m parties, m−1 of the lists of additive shares to yield a respective combined list of additive shares W.sub.i obtained by each party of the m parties, receiving from a trusted party a list of additive shares V.sub.i associated with a hot-code vector V, computing, in a shared space by each party, a respective R.sub.i value using a secure multiplication protocol and comparing, in the shared space, by each party and using secure multi-party comparison protocol, the respective R.sub.i to all elements in the respective combined list of additive shares W.sub.i to yield a total number P.sub.i of values in W.sub.i that are smaller than R.sub.i. The value P.sub.i is used to either end the method or loop back for further processing with new values of W.sub.i and in some cases a new value of N.

Certain aspects relate to encryption systems and methods for medical devices. A medical device can include a connectivity module for establishing a communication channel with a cloud system. After obtaining a test result, the device can generate an unencrypted data block comprising a device identifier and an encrypted data block comprising a serial number of the device and the test result using an encryption key associated with the device identifier. The device can securely send the test result to the cloud system by transmitting the unencrypted data block and the encrypted data block to the cloud system via the communication channel.

An ecosystem for monitoring the status of a consumable good is provided. The ecosystem includes an identification registry configured to (i) store identifying information regarding a consumer, and (ii) associate the stored identifying information with a unique cryptographic consumer identifier. The ecosystem further includes a transaction registry configured to (i) receive a fulfillment order for a consumable good, and (ii) generate a unique cryptographic transaction identifier for fulfillment of the fulfillment order. The ecosystem further includes a fulfillment computer subsystem configured to (i) receive the fulfillment order, (ii) verify the consumer identifier, and (iii) validate the transaction identifier. The ecosystem further includes a distributed ledger configured to encode transaction details relating to the fulfillment order.

A communication apparatus configured to acquire information in a distributed ledger shared in a network, the communication apparatus includes a memory; and a processor coupled to the memory and configured to acquire one or more digital certificates used by a user of another apparatus to apply to the communication apparatus from the other apparatus, acquire type information that identifies a combination of the user and the type of information certified by the one or more digital certificates, by using the distributed ledger, acquire certificate issue history that is recorded in the distributed ledger in association with the type information, and determine whether the issue history contains information of another digital certificate that has not been acquired from the other apparatus.

Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

Devices, systems and methods are provided to implement key generation for secure pairing between first and second devices using embedded out-of-band (OOB) key generation and without requiring the devices to have input/output (IO) capability to enter authentication information. Bluetooth Smart or Low Energy (BLE) OOB pairing option can be used for pairing medical devices with added security of OOB key generation. The OOB key generation comprises providing first and second devices with the same predefined credential and secure hashing algorithm, and making input of the hashing algorithm of the first and second devices the same. The first device transmits unique data to second device (e.g., via BLE advertising) to share and compute a similar input. The first and second devices use the credential and shared data with the hashing function to generate a key that is the same at each of first and second devices.