Distributed Computing System to Enable the Secure Exchange of Information Between Remotely Located Healthcare Applications

US 20070124310A1
Filed: 07/26/2006
Published: 05/31/2007
Est. Priority Date: 07/26/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of securely distributing objects between nodes on a network, comprising the steps of:

deploying a plurality of nodes;

deploying at least one rendezvous node to asynchronously exchange encrypted payload objects; and

deploying a central authority to manage and administer the nodes, wherein the nodes are configured to secure, distribute and synchronize objects between specific nodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for securely exchanging information between remote computing systems such as electronic medical records in the local healthcare community, enabling interoperabilty and allowing for the synchronization of common information. Some embodiments provide for a type of software “middleware” that autonomously extracts, analyzes and transforms information from computer systems in one location and distributes it to remote location(s) to be further transformed and inserted into one or more remote computer systems. Other embodiments provide for remotely deploying and managing the software programs from a centralized management facility. Other embodiments provide for distributed, object-oriented computing systems that enable a plurality of independent, remotely located computers to interface with each other, extract or insert, format and exchange information with other computers using a secure messaging infrastructure.

36 Citations

View as Search Results

10 Claims

1. A method of securely distributing objects between nodes on a network, comprising the steps of:
- deploying a plurality of nodes;
  
  deploying at least one rendezvous node to asynchronously exchange encrypted payload objects; and
  
  deploying a central authority to manage and administer the nodes, wherein the nodes are configured to secure, distribute and synchronize objects between specific nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising software agents at the plurality of nodes, each software agent configured to exchange acquired information with other agents.
  - 3. The method of claim 2, wherein software agents generate objects that are capable of being transmitted to other agents including:
    - generating and assigning a Unique ID for the object; and
      
      listing the ID'"'"'s of all nodes that should receive a copy of the object and the ID of the agent that should be evoked when the object is received to the object attributes.
  - 4. The method of claim 1, wherein a node, when first initialized, generates a unique public-private key pair which is distributed to all other nodes, comprising the steps of:
    - generating a unique 2048-bit public-private key pair;
      
      maintaining a copy of the private key to decrypt and sign objects;
      
      creating a node definition object that stores the node ID and the public key; and
      
      distributing the node definition object to all other nodes.
  - 5. The method of claim 1, wherein a node can receive an object created by an agent, package it into a serialized payload, encrypt it, and securely distribute it to nodes listed in the object attributes via the rendezvous node, comprising the steps of:
    - generating a serialized payload with a unique ID;
      
      generating payload attributes from the object that include;
      
      the ID of the source node distributing the payload;
      
      the ID'"'"'s of all destination nodes that should receive a copy of the payload;
      
      the ID of the agent that should be evoked when the payload is received; and
      
      an indicator of the type of information contained in the payload;
      
      generating a one-time use, payload symmetric key and using the key to encrypt the object;
      
      for each destination node;
      
      locating the node'"'"'s definition object, extracting the public key, encrypting the symmetric key with the node'"'"'s public key, adding the newly encrypted key to an array of encrypted keys for that payload, and streaming the array into the payload;
      
      creating an SHA-1 based Hashed Machine Authentication Code (HMAC) using the encrypted object and the node'"'"'s private key, and adding the HMAC to the payload attributes; and
      
      saving the payload to an asynchronous queue on the node
  - 6. The method of claim 1, wherein a rendezvous node can receive a payload from a node and distribute it to all nodes listed in the payload attributes, including the steps of:
    - running a process that accepts SSL connection requests from nodes;
      
      receiving payloads streamed over HTTP/S from the node;
      
      examining the payload attributes to determine which nodes should receive a copy;
      
      providing a queue on the rendezvous for each node to persist the payload;
      
      for each destination node;
      
      creating a copy of the payload;
      
      removing all encrypted payload keys from the array except the key for that particular node; and
      
      saving the modified payload in the queue for that node.
  - 7. The method of claim 1, wherein the rendezvous node can retrieve and distribute payloads to destination nodes, including the steps of:
    - running a process that allows SSL connections from nodes;
      
      receiving request from the connecting nodes to get the contents of their queue including a discard list of payloads the node no long wants;
      
      retrieving the payloads found in the queue;
      
      deleting the payloads listed in the discard list and updating the discard list to indicate which payloads were deleted; and
      
      delivering the payload and the updated discard list to the requesting node over HTTP/S.
  - 8. The method of claim 1, wherein nodes can receive payloads from the rendezvous node and present them to an agent, including the steps of:
    - supporting a queue for receiving payloads;
      
      creating and maintaining a discard list for all received payloads to indicate to rendezvous nodes which payload to delete;
      
      running a process that regularly connects to the rendezvous node to check for new payloads in its queue;
      
      downloading payloads over HTTP/S and storing them in an inbox queue;
      
      updating the discard list indicating the payload should be deleted from the rendezvous;
      
      running a process that reads the payloads from the inbox queue, uses the node'"'"'s private key to decrypt the payload symmetric key, and uses the symmetric key to decrypt the original object; and
      
      evoking the agent identified in the payload attributes with the object from the payload.
  - 9. The method of claim 2, wherein the software agents connect to software application interfaces to acquire, analyze, transform and distribute information to other agents via the rendezvous node, including the steps of:
    - connecting to local applications over a network to access a local folder or connect to a TCP port;
      
      retrieving user data by reading a file from a local folder or listening on the TCP port;
      
      running a process that parses the user data received into objects;
      
      obtaining instructions for how to process the data from definition objects issued by the master node and distributed to the agent'"'"'s node via the rendezvous node;
      
      performing necessary modifications on the user data according to the instructions found in the definition objects; and
      
      generating a new object with attributes that include a unique object ID, a list of nodes it wants to receive the user data, and the ID of the agent(s) it wants to handle the object once it is delivered.

10. A method of remotely sending commands to nodes from a central facility, including the steps of:
- deploying an authorized master node that issues commands from a recognized source;
  
  assigning the master node to each node when registered;
  
  running a Command Agent on each node to receive, process, and report the status of commands issued from the master node in the form of a command object;
  
  providing administrative interfaces that allows system administrators to select and issue commands and arguments from the master node; and
  
  generating command objects that encapsulate the command and package it into a payload suitable for distribution from the master node to the target node via the rendezvous node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Novo Innovations, Inc. (Health Catalyst, Inc.)
Original Assignee
Novo Innovations, Inc. (Health Catalyst, Inc.)
Inventors
Mathur, Alok

Application Number

US11/460,138
Publication Number

US 20070124310A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G16H 10/40   for data related to laborat...

G16H 10/60   for patient-specific data, ...

G16H 40/67   for remote operation

H04L 2463/062   applying encryption of the ...

H04L 63/045   wherein the sending and rec...

Distributed Computing System to Enable the Secure Exchange of Information Between Remotely Located Healthcare Applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed Computing System to Enable the Secure Exchange of Information Between Remotely Located Healthcare Applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links