| CPC H04L 9/0833 (2013.01) [G06F 21/6254 (2013.01); G16H 80/00 (2018.01); H04L 9/14 (2013.01); H04L 9/3073 (2013.01)] | 16 Claims |
|
1. A method comprising:
at a first user device associated with a first user of a digital health platform:
creating a set of data items, wherein creating the set of data items comprises dividing a dataset received at the first user device into the set of data items;
producing a set of encrypted data items by encrypting each data item with a unique item key associated with the respective data item;
producing a set of encrypted item keys by encrypting each unique item key with a public encryption key, wherein an encryption key-pair for the public encryption key is stored at a first server, remote from the first user device, wherein the public encryption key is associated with a designated recipient, wherein the encryption key-pair is encrypted, wherein the encryption key-pair can only be decrypted by a master key stored at a second user device associated with the designated recipient and inaccessible to the first server;
producing a signature, wherein producing the signature comprises signing at least one of an encrypted item key of the set of encrypted item keys or an encrypted data item of the set of encrypted data items with a private signing key of the first user; and
uploading the set of encrypted data items and the set of encrypted item keys to the first server;
at the first server:
verifying the signature;
after verifying the signature, adding an entry to an audit log; and
producing a decrypted duplicate of each of the encrypted data items, thereby forming a set of decrypted duplicates, wherein the set of decrypted duplicates is stored in persistent memory; and
each time a user accesses information stored at the first server, recording an entry comprising the user and the information accessed by the user in the audit log.
|