On Mon, 24 Mar 2003, David Forslund wrote: ... > >Two issues for you to consider: > > > >1) The characterization that separating patient identifiers from other > >patient data as a type of "secret splitting" is novel. This is not what > >the field calls "secret splitting" before my publications. ... > But I would think the issue is the concept, not the specific term used to > identify the concept.
Dave, I agree. I think the SDSS method does involve certain new concepts.
> > In fact, the strategy of separating patient identifiers from the rest > >of data was not known to be scalable to arbitrary degrees of security > >before SDSS - since the old strategy was as a narrow solution rather > >than a general information protection mechanism. > > I don't have the references directly in hand, but I disagree with this > assessment. "Arbitrary degrees of security" seems to me to be a > strange statement. I don't think there is such a thing.
Indeed, once you understand how SDSS works, you may agree that "arbitrary degrees of security" is one of the consequences. If you are interested, I am willing to give you a more detailed explanation.
I assume this is in your patent. I still think the terminology, at least,
is bad. I don't believe there really is such a thing as "arbitrary degrees of security"
or any way to measure such a concept. I assume that you mean that you can
reduce the risk factor arbitrarily, which is not really possible, because security
is no better than the weakest link, which is at some point is a human being.
You can reduce the risk factor on paper below some level, but then it is
no longer the real "risk factor".
> Scalable separation of patient identifiers (or other identifiers, for > that matter) is well known, however.
Dave, what are the well-known methods of keeping the identifiers secure after they are separated? Tim Churches recently reviewed some of them in his paper. As far as Tim and I understand them, they do not use SDSS.
I'm confused as to the meaning of SDSS. Keeping them secure after you do the
separation wouldn't seem to me to be within the meaning of the term you define as SDSS.
Once things are separated, it would seem to me that you simply use normal methods for
securing the data, as separation has been removed from the equation.
> I wouldn't even consider it publishable let alone patentable.
Maybe I just got lucky? Maybe Tim Churches got lucky too? He also succeeded in getting his paper published. :-)
I actually think that patenting is easier than publication these days. Obtaining
a patent doesn't really mean anything, I'm sorry to say. Publishing something
that applies a technology to healthcare is certainly useful and unrelated to getting a patent.
... > >2) The "sequentially distributed" manner in which the secret splitting > >design is implemented is unique. Each share of secret is tunneled through > >a sequentially arranged series of data storage/management units to a > >specific location for storage. > > What is unique about the storage of portions of the data?
see below.
where?
> > A form of "sequential distribution" has been used in "Onion Routing" > >http://www.onion-router.net/Publications.html, but obviously for an > >entirely different purpose (protects identity of the users of the system > >rather than for storing and retrieving secret data). > > Isn't this the same thing?
Not the same thing at all. In this case, both the design and function are different. From the patentability "definition" of what constitutes "the same thing", any significant difference in either design or function is sufficient to constitute "a different thing".
> Certain data is being protected from others. It seems to be me to be > analogous to patenting the use of SSL to encrypt patient identifiers, > when it is in common use in other areas not specific to healthcare.
That would be an example of using the same design/method to serve the same function - although the function is being applied to data from different domains (healthcare vs. others).
Applying a previous known concept to healthcare should be something that should
be published, but not patented. I don't understand the importance of the
patent in open source and, in fact, seems contrary to the GPL, as I indicated in my other note.
Dave
Best regards,
Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org
