On Mon, 24 Mar 2003, David Forslund wrote: ... > >Two issues for you to consider: > > > >1) The characterization that separating patient identifiers from other > >patient data as a type of "secret splitting" is novel. This is not what > >the field calls "secret splitting" before my publications. ... > But I would think the issue is the concept, not the specific term used to > identify the concept.
Dave, I agree. I think the SDSS method does involve certain new concepts. > > In fact, the strategy of separating patient identifiers from the rest > >of data was not known to be scalable to arbitrary degrees of security > >before SDSS - since the old strategy was as a narrow solution rather > >than a general information protection mechanism. > > I don't have the references directly in hand, but I disagree with this > assessment. "Arbitrary degrees of security" seems to me to be a > strange statement. I don't think there is such a thing. Indeed, once you understand how SDSS works, you may agree that "arbitrary degrees of security" is one of the consequences. If you are interested, I am willing to give you a more detailed explanation. > Scalable separation of patient identifiers (or other identifiers, for > that matter) is well known, however. Dave, what are the well-known methods of keeping the identifiers secure after they are separated? Tim Churches recently reviewed some of them in his paper. As far as Tim and I understand them, they do not use SDSS. > I wouldn't even consider it publishable let alone patentable. Maybe I just got lucky? Maybe Tim Churches got lucky too? He also succeeded in getting his paper published. :-) ... > >2) The "sequentially distributed" manner in which the secret splitting > >design is implemented is unique. Each share of secret is tunneled through > >a sequentially arranged series of data storage/management units to a > >specific location for storage. > > What is unique about the storage of portions of the data? see below. > > A form of "sequential distribution" has been used in "Onion Routing" > >http://www.onion-router.net/Publications.html, but obviously for an > >entirely different purpose (protects identity of the users of the system > >rather than for storing and retrieving secret data). > > Isn't this the same thing? Not the same thing at all. In this case, both the design and function are different. From the patentability "definition" of what constitutes "the same thing", any significant difference in either design or function is sufficient to constitute "a different thing". > Certain data is being protected from others. It seems to be me to be > analogous to patenting the use of SSL to encrypt patient identifiers, > when it is in common use in other areas not specific to healthcare. That would be an example of using the same design/method to serve the same function - although the function is being applied to data from different domains (healthcare vs. others). Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org
