Validating a metadata tree using a metadata integrity validator

US 10,025,903 B2
Filed: 09/12/2012
Issued: 07/17/2018
Est. Priority Date: 08/15/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method performed by a processing system implemented by at least one hardware processor, the method comprising:

storing in a metadata integrity validator, first integrity information for a metadata tree of a patient, the first integrity information including a summary tree that identifies a state of the metadata tree, the summary tree based on an in-order traversal of a corresponding subtree of the metadata tree, the first integrity information including a hash of the subtree based on a hash function cumulatively applied to nodes of the subtree from a root node to a last node along the in-order traversal;

generating, by the at least one hardware processor, a first reconstructed metadata tree of the patient from a metadata tree journal using the first integrity information to ensure a consistent version is reconstructed from the metadata tree journal, the first reconstructed metadata tree including a plurality of references to a corresponding plurality of encrypted electronic health records of the patient in an encrypted data store;

receiving from the metadata integrity validator, the first integrity information corresponding to the metadata tree journal;

validating the first reconstructed metadata tree by comparing second integrity information of the first reconstructed metadata tree to the first integrity information; and

responsive to successfully validating the first reconstructed metadata tree, permitting read and write access to the encrypted data store, comprising;

determining a node in the first reconstructed metadata tree that corresponds to an encrypted electronic health record in the encrypted data store;

accessing the encrypted electronic health record from the encrypted data store using a reference from the node; and

decrypting the encrypted electronic health record using a record key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method performed by a processing system includes reconstructing a metadata tree of a patient from a metadata tree journal, the metadata tree including a plurality of references to a corresponding plurality of encrypted electronic health records of the patient in an encrypted data store, and validating the metadata tree by comparing first integrity information of the metadata tree to second integrity information corresponding to the metadata tree journal provided by a metadata integrity validator.

21 Citations

View as Search Results

18 Claims

1. A computer implemented method performed by a processing system implemented by at least one hardware processor, the method comprising:
- storing in a metadata integrity validator, first integrity information for a metadata tree of a patient, the first integrity information including a summary tree that identifies a state of the metadata tree, the summary tree based on an in-order traversal of a corresponding subtree of the metadata tree, the first integrity information including a hash of the subtree based on a hash function cumulatively applied to nodes of the subtree from a root node to a last node along the in-order traversal;
  
  generating, by the at least one hardware processor, a first reconstructed metadata tree of the patient from a metadata tree journal using the first integrity information to ensure a consistent version is reconstructed from the metadata tree journal, the first reconstructed metadata tree including a plurality of references to a corresponding plurality of encrypted electronic health records of the patient in an encrypted data store;
  
  receiving from the metadata integrity validator, the first integrity information corresponding to the metadata tree journal;
  
  validating the first reconstructed metadata tree by comparing second integrity information of the first reconstructed metadata tree to the first integrity information; and
  
  responsive to successfully validating the first reconstructed metadata tree, permitting read and write access to the encrypted data store, comprising;
  
  determining a node in the first reconstructed metadata tree that corresponds to an encrypted electronic health record in the encrypted data store;
  
  accessing the encrypted electronic health record from the encrypted data store using a reference from the node; and
  
  decrypting the encrypted electronic health record using a record key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 17, 18)
- - 2. The method of claim 1 further comprising:
    - accessing the metadata tree journal from a metadata store.
  - 3. The method of claim 1 further comprising:
    - generating the second integrity information corresponding to the first reconstructed metadata tree subsequent to reconstructing the first reconstructed metadata tree.
  - 4. The method of claim 1 further comprising:
    - generating the second integrity information as a second hash of the first reconstructed metadata tree; and
      
      wherein the first integrity information is a first hash of the metadata tree corresponding to the metadata tree journal.
  - 5. The method of claim 1 further comprising:
    - generating the first reconstructed metadata tree using the summary tree received from the metadata integrity validator.
  - 6. The method of claim 1 further comprising:
    - in response to a determination that the first reconstructed metadata tree is not valid, accessing the metadata tree journal from the metadata store;
      
      accessing third integrity information corresponding to the metadata tree journal from the metadata integrity validator;
      
      generating a second reconstructed metadata tree of the patient from the metadata tree journal; and
      
      validating the second reconstructed metadata tree by comparing fourth integrity information of the second reconstructed metadata tree to the third integrity information.
  - 7. The method of claim 1 wherein a first one of the plurality of encrypted electronic health records is generated by a first provider, wherein a second one of the plurality of encrypted electronic health records is generated by a second provider, and wherein the second provider is not affiliated with the first provider.
  - 17. The method of claim 1, wherein:
    - an initial hash of the subtree corresponds to the hash function applied to the root node,an interim hash of the subtree at each node other than the root node corresponds to the hash function applied to the node and the hash of the subtree at a prior node,and the hash of the subtree corresponds to the interim hash of the subtree at the last node.
  - 18. The method of claim 1, further comprising generating the first integrity information by:
    - generating a hash of the root node by applying the hash function to the root node, and setting the hash of the subtree to the hash of the root node;
      
      traversing the nodes of the subtree in-order; and
      
      while traversing the nodes, at each node after the root node, generating a hash of the node by applying the hash function to the node, and updating the hash of the subtree by applying the hash function to the hash of the node and to the hash of the subtree.

8. A processing system comprising:
- a hardware processor; and
  
  a memory storing instructions that, when executed by the hardware processor, causes the hardware processor to;
  
  store in a metadata integrity validator, first integrity information for a metadata tree of a patient, the first integrity information including a summary tree that identifies a state of the metadata tree, the summary tree based on an in-order traversal of a corresponding subtree of the metadata tree, the first integrity information including a hash of the subtree based on a hash function cumulatively applied to nodes of the subtree from a root node to a last node along the in-order traversal;
  
  generate a first reconstructed metadata tree from a metadata tree journal provided by a metadata store, wherein the first integrity information is used to generate the first reconstructed metadata tree to ensure a consistent version is reconstructed from the metadata tree journal;
  
  receive the first integrity information from the metadata integrity validator, the first integrity information corresponding to the metadata tree journal;
  
  validate the first reconstructed metadata tree of the patient using the first integrity information received from the metadata integrity validator; and
  
  responsive to successful validation of the first reconstructed metadata, permit read and read access to an encrypted data store, including;
  
  determining a node in the first reconstructed metadata tree that corresponds to an encrypted electronic health record in the encrypted data store;
  
  accessing the encrypted electronic health record from the encrypted data store using a reference from the node; and
  
  decrypting the encrypted electronic health record using a record key.
- View Dependent Claims (9, 10, 11)
- - 9. The processing system of claim 8 wherein the instructions, when executed by the hardware processor, cause the hardware processor to:
    - access the metadata tree journal from the metadata store;
      
      generate second integrity information from the first reconstructed metadata tree; and
      
      validate the first reconstructed metadata tree by comparing the first integrity information to the second integrity information.
  - 10. The processing system of claim 8 wherein the instructions, when executed by the hardware processor, cause the hardware processor to:
    - generate a second hash of the first reconstructed metadata tree; and
      
      validate the first reconstructed metadata tree using the second hash and a first hash of the metadata tree provided by the metadata integrity validator.
  - 11. The processing system of claim 8 wherein the instructions, when executed by the hardware processor, cause the hardware processor to:
    - generate the first reconstructed metadata tree using the summary tree received from the metadata integrity validator.

12. An article comprising at least one non-transitory machine-readable storage medium storing instructions that, when executed by a processing system, cause the processing system to:
- store in a metadata integrity validator, first integrity information for a metadata tree of a patient, the first integrity information including a summary tree that identifies a state of the metadata tree, the summary tree based on an in-order traversal of a corresponding subtree of the metadata tree, the first integrity information including a hash of the subtree based on a hash function cumulatively applied to nodes of the subtree from a root node to a last node along the in-order traversal;
  
  generate a first reconstructed metadata tree from a metadata tree journal provided by a metadata store, wherein the first integrity information is used to generate the first reconstructed metadata tree to ensure a consistent version is reconstructed from the metadata tree journal;
  
  receive the first integrity information from the metadata integrity validator, the first integrity information corresponding to the metadata tree journal;
  
  validate the first reconstructed metadata tree of the patient using the first integrity information received from the metadata integrity validator;
  
  responsive to successful validation of the first reconstructed metadata, permit read and read access to an encrypted data store, including;
  
  providing an encrypted electronic health record to the encrypted data store;
  
  updating the first reconstructed metadata tree in the metadata store to include a first metadata record corresponding to the encrypted electronic health record; and
  
  committing the first reconstructed metadata tree to the metadata tree using the metadata integrity validator.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The article of claim 12, wherein the instructions, when executed by the processing system, cause the processing system to:
    - generate second integrity information from the first reconstructed metadata tree;
      
      commit the first reconstructed metadata tree to the metadata tree by providing the first and the second integrity information to the metadata integrity validator.
  - 14. The article of claim 12, wherein the instructions, when executed by the processing system, cause the processing system to:
    - in response to the first reconstructed metadata tree being rejected by the metadata integrity validator;
      
      generate a second reconstructed metadata tree from the metadata tree journal provided by the metadata store;
      
      validate the second reconstructed metadata tree of the patient using the metadata integrity validator;
      
      provide the encrypted electronic health record to the encrypted data store;
      
      update the second reconstructed metadata tree in the metadata store to include a second metadata record corresponding to the encrypted electronic health record; and
      
      commit the second reconstructed metadata tree to the metadata tree using the metadata integrity validator.
  - 15. The article of claim 12, wherein the instructions, when executed by the processing system, cause the processing system to:
    - determine a location in the first reconstructed metadata tree for the encrypted electronic health record; and
      
      generate the metadata record for the location.
  - 16. The article of claim 12, wherein the instructions, when executed by the processing system, cause the processing system to:
    - encrypt an electronic health record using a record key to generate the encrypted electronic health record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
entIT Software LLC (Open Text Corporation)
Inventors
Li, Jun, Swaminathan, Ram, Singhal, Sharad
Primary Examiner(s)
Lemma, Samson
Assistant Examiner(s)
Golriz, Arya

Application Number

US14/421,734
Publication Number

US 20150242641A1
Time in Patent Office

2,134 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/152   using file content signatur...

G06F 16/2246   Trees, e.g. B+trees

G06F 16/907   Retrieval characterised by ...

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06Q 10/10   Office automation; Time man...

G06Q 2220/10   Usage protection of distrib...

G16H 10/40   for data related to laborat...

G16H 10/60   for patient-specific data, ...

G16Z 99/00   Subject matter not provided...

H04L 63/0457   wherein the sending and rec...

H04L 63/064   Hierarchical key distributi...

Validating a metadata tree using a metadata integrity validator

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Validating a metadata tree using a metadata integrity validator

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others