Methods of providing access to sensitive data associated to a user are disclosed. These methods include receiving a user request requesting the provision of access; retrieving an encrypted version of the encryption key; retrieving at least one auxiliary key; obtaining a decrypted version of the encryption key by decrypting the encrypted version of the encryption key using the at least one auxiliary key; obtaining a decrypted version of all or part of the sensitive data by decrypting all or part of the encrypted version of the sensitive data using the decrypted version of the encryption key; and providing access to the decrypted version of all or part of the sensitive data through a secure communication channel. Systems and computer program products suitable for performing said methods of providing access to sensitive data are also disclosed.

A computer system architecture and method for providing compliance with data regulations, by: (a) collecting a data input stream with a data collection terminal; (b) using a compliance device driver resident in the data collection terminal to: (1) select data corresponding to pre-identified data compliance fields, and (2) apply a compliance markup language parser to generate pseudonymized data; and (c) using an automated compliance network appliance and an automated compliance server to: (1) transmit the pseudonymized data into immutable audit ledger, wherein the immutable audit ledger is assembled and verified by blockchain, and (2) transmit the data input stream into a data lake; (d) hosting access portals for accessing data: (1) stored in the data lake, and (2) stored in the immutable audit ledger.

The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.

Systems, apparatus, methods and computer-readable storage media facilitating management of operation of an implantable medical device (IMD) using a number of communication modes are provided. An IMD is configured to operate in a disabled mode wherein radio frequency (RF) telemetry communication is disabled, or operate in a first advertising mode using the RF telemetry communication. The IMD receives a clinician session request from a clinician device via an induction telemetry protocol while operating in the disabled mode or the first advertising mode, and transitions to operating from the disabled mode or the first advertising mode to operating in a second advertising mode based on receiving the clinician session request. From the second advertising mode, the IMD can establish a clinician telemetry session with the clinician device using the RF telemetry communication and a unique security mechanism facilitated by an identifier for the clinician device included in the clinician session request.

Techniques include receiving, at a sensor, a request for authentication of an identity; determining, based on a distributed ledger, a dynamic credibility score for the identity; determining whether the dynamic credibility score for the identity can be validated by consensus by at least a subset of distributed verification services, based on whether the dynamic credibility score for the identity is within a range of variance from one or more credibility scores for the identity determined by the subset of the plurality of distributed verification services; and determining, based on whether the dynamic credibility score for the identity can be validated by consensus, whether to authorize the identity to perform the action in the blockchain network.

An electronic device includes a biomedical sensor configured to generate a first signal by detecting a biomedical signal, a motion sensor configured to generate a second signal by detecting a motion, and a communication interface configured to provide a secure communication channel with another electronic device, and receive a third signal through the secure communication channel. The electronic device further includes a controller configured to generate a secret key for the secure communication channel, based on the first signal, and determine whether to perform a predetermined function, based on the second signal and the received third signal.

Embodiments include methods, and systems and computing devices configured to implement the methods of authenticating a computing device. A processor of a medication delivery device may obtain a transitory identity and may send the transitory identity to a second computing device and a third computing device. A processor of the second computing device may send the transitory identity to the third computing device with a request to authenticate the medication delivery device. The processor of the third computing device may authenticate the identity of the medication delivery device in response to determining that the transitory identity received from the medication delivery device matches the transitory identity received from the second computing device.

A DSSE architecture network enables multi-user such as data owners and data users to conduct privacy-preserving search on the encrypted PHIs stored in a cloud network and verify the correctness and completeness of retrieved search results simultaneously is provided. The data owners and data users may be patients, HSPs, or combination thereof. An IoT gateway aggregates periodically collected data into a single PHI file, extract keywords, build an encrypted index, and encrypt the PHI files before the encrypted index and PHI files are transmitted to a cloud network periodically for storage thus enable the DSSE architecture network to achieve a sub-linear search efficiency and forward privacy by maintaining an increasing counter for each keyword at the IoT gateway. Since the PHI files are always transmitted and added/stored into the cloud storage over the cloud network, file deletion, file modification is eliminated. The cloud network therefore does not need to learn whether the newly stored PHI files contain specific keywords. Any number of HSPs such as data users provides healthcare services for the patient by searching, querying, and/or retrieving user's encrypted PHIs incrementally stored on the cloud network in a privacy and verifiable manner. The patient delegated verifiability is derived from a combination of a Bloom filter and aggregate message authentication code.

Providing a cognitive blockchain for user privileges is provided. A distributed secure encrypted ledger is established for storing information related to privileges for users across a plurality of nodes in a permissioned network with known identities. An internet of things (IoT) device node in the plurality of nodes records a first block in the distributed secure encrypted ledger containing activity information related to a privilege corresponding to a user of the IoT device node. A licensing node in the plurality of nodes evaluates information in the first block. The licensing node records a second block containing privilege information corresponding to the user of the IoT device node based on the evaluating.

A method, computing system and computer program product are provided. A first entity system that stores sensitive information associated with different entities applies a hash function a portion of the sensitive information to produce hash values. Transaction information pertaining to transactions performed on entity systems are stored within a blockchain database accessible to the entity systems. The transaction information includes hash values corresponding to associated entities from the entity systems. The hash values of the first entity system are compared to the hash values from others of the entity systems to determine entity systems containing information pertaining to same entities. The sensitive information for an entity of the first entity system is exchanged with the determined entity systems containing information for that entity.