Please login or register.
This location

Potential capabilities of Monero

harpua posted this 8 years ago

harpua | 8 years ago

I'm going to have to give you a bit of background about myself before I go into my new idea for Monero (you'll see why in a sec). I'm currently interning at a hospital to be a cardiovascular technologist, and studying to become a heart cath technologist/electrophysiologist.

Today I was in a lecture and we were first talking about radio imaging system and how they've developed over the years to become a totally digitalized platform. That part of the lecture then turned into my professor talking about the importance of the HIPAA act and how the new issue with everything being digital now and days is the fact that it can become a little easier to steal records of patients. Now that could be everything from medical records, to social security numbers, and everything else about the patient. Everything now are stored on PACS (Picture Archiving and Communication Systems) servers that are used around the hospitals on computer to computer clients for the purpose of getting data transferred to the appropriate physician easily and quickly. This is done without the use of hard drives or USB's coming to play, which is benefitial due to the inconvenience of having to go retrieve them for use. The problem with this is the issue of security, and I think Monero's network could possibly be a way to help.

I'm not trying to get a crowd fund or anything, this is more specifically directed at fluffyponyza and the core dev team. I believe Monero's way of transferring currencies in a secure and private manner could help a lot of issues other than just creating a decentralized currency; it could help transferring any data in a secure and better way overall. I feel there are a lot of businesses, including hospitals, that could benefit from the secure transactions of data. This use of Monero's networking system could be brought to the table for a lot of these businesses, and put Monero's network in the spotlight for being secure, not just a way for sketchy drug dealers to transact money more anonymously.

I'm sure we all on here have heard the news that banks are now trying to use and benefit from a blockchain type of platform to help transactions of money around the world a lot easier and have a better way to track transactions. Why can't we try and present to businesses that with this type of platform, the same things that they would want from a normal blockchain platform could be achieved with even MORE security measures put in place.

Personally I think this will put Monero on the map.

I did some research on the recent PACS that are in use as of right now and this is what I found:

https://www.sectra.com/medical/about/conformance_statements/pdf/pacs_hipaa_statement_17.1.pdf

http://www.sectra.com/medical/

It looks like the sectra's platform is the current PACS that are in place at hospitals all over now. When it comes to encryption and that kind of stuff, I'm clueless; so I wanted to get this information out to you guys for the sake of striking up conversation and having new ideas being developed amongst the Monero community. Hope this gives you an "outside the box" look on things and the potential uses of Monero's networking system.

Regards,

Harpua

Replies: 4
EhVedadoOAnonimato posted 8 years ago Replies: 1 | Weight: -195 | Link [ - ]

I'm not sure how could the techniques used in Monero help in your case. Monero has very neat techniques to hide the traces of transfers, but what has been transferred is public. You just don't know where it came from nor where it's going to. In your case you need to hide the contents. Plus, you don't really care about the ordering of the transfers in time, and that's practically the major innovation in Bitcoin (ordering stuff in time without having to trust an authority telling what happened first)

Blockchains don't help at all, IMHO. What would help is client-side encryption. Make it possible somehow for the patient to hold the encryption keys. Obviously, that introduces a whole set of challenges. You cannot trust people to keep a digital key safe in their computers, so the key would have to be something physical like a smart-card. But then you need to trust the computers that read the smart-card not to be hacked... plus, what happens if the patient loses his key? Is it really feasible for a doctor to always require the input of the patient before accessing the data? Those are the kind of challenges you're facing, IMHO. I don't see where blockchains would help. Remember blockchains add a big cost to the solution, so they should only be used when they can actually contribute something.

Reply to: EhVedadoOAnonimato
Gingeropolous posted 8 years ago Replies: 1 | Weight: -195 | Link [ - ]

but their might be a role for ring signatures - in your solution above, where you propose client-side encryption, indeed some information leak occurs if one can track that encryption key A has been entered. Unless you protect encryption key and tend to it, then you might leak info. Indeed, thats the same problem with bitcoin, right? It is pseudonymous until its not.

Imagine your some celebrity, and you want to keep your medical information private (for whatever reason). Somehow someone finds out which private key is yours - thats in a database, right? Because you regularly goto some hospital. Then, you have to go get some surgery you really don't want people to know about, but because some investigator somehow found which key is yours, now they know that you're using it again - at some other hospital.

So in the HIPAA setting described above, you could imagine the blockchain, as we know it, really just serves as a database of other key images in order to facilitate a ring signature.

Reply to: Gingeropolous EhVedadoOAnonimato
EhVedadoOAnonimato posted 8 years ago Replies: 1 | Weight: -195 | Link [ - ]

What your system needs is encryption not signatures. I don't see how can ring signatures help. Even less a blockchain.

Even if the investigator in your example could monitor every medical database (something not even the NSA can do officially, I believe), he would still not be able to know when a key is used to decrypt data, because that's just reading. Unless of course his level of hacking into the system goes as deep as monitoring even data pull requests to the servers. But if he can monitor that, he can know about what every doctor on the country/planet is searching. He would still need the key to see the contents, though.

You cannot use ring signatures to transfer the ownership of anything here. Once the sensible data is encrypted with key A, and this encrypted data has been sent to an unsafe medium, you cannot simply revoke key A and expect the data not to be read.

Keep in mind that when I talked about client-side encryption, the key the user would hold could be a seed of keys, and he could use different actual keys to encrypt each piece of data. This way somebody with access to the encrypted database would not be able to link the different pieces of data belonging to the same patient. But anyways, as I said, there too many other challenges if you want client-side encryption for this use case.

Reply to: EhVedadoOAnonimato Gingeropolous EhVedadoOAnonimato
Gingeropolous posted 8 years ago Weight: -195 | Link [ - ]

indeed.