Provided herein is to a blockchain-implemented method and a system for accessing electronic medical and health records by blockchain. The method is operated in a server system that is used to manage one or more medical-health record databases and users' blockchain IDs. The plurality of medical-health record databases can be set by different medical-health institutions. The server system identifies the user's blockchain ID when it receives a request from a terminal device. The user uses a query interface to generate a query command. The server system then obtains one or more medical-health record indexes via blockchain verification according to the user's blockchain ID and the query command. The medical-health records corresponding to the indexes can therefore be obtained after querying the database.

Provided herein is to a method and a system for sharing electronic medical and health records. The method is operated in a serving system with a database. The system provides a software program executed by a terminal device. In the method, the serving system receives a connection request from the terminal device and verifies a user blockchain ID. The system provides one or more medical-health record indexes after the verification. When receiving an instruction for sharing medical-health record from the terminal device, the system generates a trust anchor for the terminal device. The trust anchor is provided for the terminal device to share with a shared recipient. When receiving an authorization message from the shared recipient, the system transmits the medical-health records to be shared to the shared recipient after verifying the blockchain ID and the authorization message.

A method is provided for controlling exchange of privacy sensitive data between a first certified party server (A) associated with a first party and at least a second certified party server (B) associated with a second party using a certified intermediate server (Y) subject to authorizations (X.sub.AB) imposed by an authorizing party (X), using a public network. Therein the first certified party server (A) transmits (S2) to the certified intermediate server (Y) a primary request (ARQ(I.sub.xA,.sub.xA)) that includes a digitally signed primary request indication (I.sub.XA,.sub.XA) comprising a primary request indication (I.sub.XA) specifying a set of privacy sensitive data units (X.sub.A) for which a copy (C.sub.XA) is requested and a digital signature (.sub.XA) of said first party, associated with said primary request indication (I.sub.XA). The certified intermediate server (Y) determines (S3) which authorizations are provided by the authorizing party (X) for transmission of information concerning privacy sensitive data from the second certified second party server (B) to the first certified party server (A). The certified intermediate server (Y) executes (S4) a query procedure (QP) in which at least includes transmitting the digitally signed primary request (I.sub.XA,.sub.XA) by the certified intermediate server (Y) to the second certified party server (B). The second certified party server (B) inspects (S5) the digital signature (.sub.XA) to verify authenticity of said the primary request. Subject to confirmation of its authenticity it makes available a provider copy (C.sub.XAMB) including at least a censored copy, being a copy of a censored subset of privacy sensitive data units, the censored subset comprising the privacy sensitive data units as specified by the primary request indication (I.sub.XA) subject at least to said authorizations (X.sub.AB) and subject to availability thereof with the at least a second certified party server. It also provides a second party digital signature, i.e. a digital signature (.sub.B) of the second certified party, associated with the censored subset. Upon completion of the query procedure, the censored copy and the second party digital signature are made available to the first certified party server as a digitally signed authorized copy.

A method of authorizing a limited use intravascular device can include determining if the intravascular device is in communication with a clinical system; determining if the intravascular device is authorized for clinical operation without providing the clinical system access to intravascular device data stored on the intravascular device; and providing an authorization signal to the clinical system. An intravascular device can include a flexible elongate member including a sensing component at a distal portion and a connector at a proximal portion, the connector including: a memory component configured to store a parameter value; a processing component; and a charge storage component configured to power the memory component and/or the processing component; wherein the processing component is configured to determine if the flexible elongate member is authorized for clinical operation using the parameter value without providing the parameter value to a clinical system.

A system provides cryptographic means for securing the transmission of health data from devices of varying processing power and over various network protocols. The system is configured to transmit and receive packets to and from a remote patient monitoring device over multiple types of communication sessions. The system authenticates at least some of the data packet payloads and headers using multiple message authentication codes. The system can, for one type of communication session, the simulate or intercept acknowledgement packets generated for use with another type of communication session.

Devices, systems and methods are provided to implement key generation for secure pairing between first and second devices using embedded out-of-band (OOB) key generation and without requiring the devices to have input/output (IO) capability to enter authentication information. Bluetooth Smart or Low Energy (BLE) OOB pairing option can be used for pairing medical devices with added security of OOB key generation. The OOB key generation comprises providing first and second devices with the same predefined credential and secure hashing algorithm, and making input of the hashing algorithm of the first and second devices the same. The first device transmits unique data to second device (e.g., via BLE advertising) to share and compute a similar input. The first and second devices use the credential and shared data with the hashing function to generate a key that is the same at each of first and second devices.

A data transmitting apparatus include a measurement control unit to measure an amount relating to biological information; an encryption key generation control unit to generate, as an encryption key, information calculated from first shared information and second shared information that is shared with a receiving apparatus; an encryption control unit to encrypt the biological information with the encryption key and generate encryption data; a packet generation control unit to generate a one-way transmission packet that includes the first shared information and the encryption data; and a transmitter to transmit the packet.

A platform may receive, from a user device, a request for a status of an animal, wherein the request includes animal identification information associated with the animal. The platform may identify, based on receiving the request, an animal record identifier associated with the animal. The platform may verify that an entity associated with the user device is authorized to obtain the status of the animal, wherein the entity is one of a plurality of entities that are authorized to obtain the status of the animal. The platform may identify, based on verifying that the entity is associated with the user device, blocks of a blockchain that include the animal record identifier. The platform may determine the status of the animal from animal records associated with the animal, wherein the animal records are included within the blocks. The platform may provide, to the user device, the status of the animal.

An example operation may include one or more of authorizing a blockchain for a video file, generating a first tracking value for an entry block referencing the video file, the first tracking value generated based on first data and the video file, receiving second data for each of additional blocks in the blockchain, generating second tracking values based on the second data of the additional blocks, forming the additional blocks including the second tracking values, respectively, appending the additional blocks to the entry block, the entry block and the additional blocks cryptographically linked in an ordered sequence, each of the additional blocks referencing a version of the video file which corresponds to an original version of the video file as referenced by the entry block or a processed version of the video file, the second data in each of the additional blocks indicative of processing performed on the version of the video file in that block, and tracing through the blockchain based on the first and second tracking values to confirm an auditable and immutable chain-of-custody of the video file.

An encryption and cryptosystem for fast and efficient searching of ciphertexts. Unencrypted secret data may be transformed into encoded secret data using an injective encoding such that each distinct value of the unencrypted secret data is mapped to a unique index in the encoded secret data. The encoded secret data may be homomorphically encrypted using the homomorphic encryption key to generate secret data ciphertexts. The secret data ciphertexts may be transmitted to an external system for searching the secret data ciphertexts for encoded queries. The encoded queries are encoded by the same injective encoding as the secret data, to directly search only indices of the secret data ciphertexts corresponding to query indices having non-zero query values, to detect if values of the secret data ciphertexts match values of the encoded queries at the query indices, without searching the remaining indices of the secret data ciphertexts.