On Sat, 17 Feb 2001 22:20:27 Horst Herb wrote:
>=8*0 Andrew, I am shocked. You have a *software patent* (US Patent 6,148,342)
>(now I have to clean my keyboard after writing this no-no word ;-) Why?
Hi Horst,
I thought you will never ask! A big part of the answer is that I've always wanted to have a patent. When I came up with 2 novel ideas in 1998, I decided to patent one and develop OIO with the other. If you take a look at 6,148,342, you will see that it is far more ambitious than the OIO. My logic is that if the patent turns out to be an obstacle, then that can be easily remedied (e.g. abandon, no fee, no enforcement). On the other hand, if the patent is going to be helpful for dissemination and adoption, then we will have it in place. In addition, we may be able to get some revenue to support OIO development???
For those who are interested, here is the abstract (full text with figures can be found at www.uspto.gov):
Secure database management system for confidential records using separately encrypted identifier and access request
Abstract
A system for managing sensitive data is described. The system prevents a system administrator from accessing sensitive data by storing data and identifier information on different computer systems. Each query is encrypted using two codes, the first code readable only by an identifier database and a second code readable only by a data access database. By routing the data path from a source terminal to the identifier database which substitutes an internal ID, then to the data access database and back to the source terminal, data security is significantly improved.
A shorter name for it is "Sequentailly Distributed Secret Splitting" (SDSS). A more detailed description with an example of how it works is here: http://www.txoutcome.org/scripts/zope/readings/ssm.
I think it can be useful for HIPAA compliance since it mainly provides protection against insider attacks.
I wouldn't think this is patentable, since there is a lot of prior art. Some of which is documented in the
"Resource Access Decision Service" specification from the Object Management Group which only seeks to standardize existing technological approaches. The idea of separating the PIDS and the COAS specifications is to provide
this type of protection, also. One cannot find out who the person is that has clinical information unless the
PIDS server gives permission to access the data.
But then, most software patents I see these days,I don't think are patentable, but the US Patent Office obvious disagrees with me.
Dave
Your thoughts?
Andrew
---
Andrew P. Ho, M.D.
OIO: Open Infrastructure for Outcomes
www.TxOutcome.Org
Assistant Clinical Professor
Department of Psychiatry, Harbor-UCLA Medical Center
University of California, Los Angeles
Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com
Computer and Computational Sciences
Los Alamos National Laboratory
505-665-1907
