Secure distribution of confidential information via self-destructing data

Control and ownership of data is difficult in any environment and with the increase in electronic data and records, the need to maintain ownership and control redistribution of data is becoming increasingly important. We propose a first-level protection against unauthorized redistribution using a method of self-destructing, one-time-use data. Transmitted data is encrypted, encapsulated within an executable, and authenticated to a single user and machine. Once accessed, measures are taken to ensure it cannot be used outside the executable (e.g., displayed within a non-selectable, non-editable window) and that the executable cannot be easily decompiled. After a single use, data is destroyed through a method of in-memory compilation of a new executable, which overwrites the original during runtime. In addition, a time-to-live (TTL) is integrated into the executable to provide an additional layer of security so that the data is only accessible within a defined time period. The executable is self-sufficient-it requires no network connection, communication with a central authority, or communication with the sender to authenticate the data since all authentication is integrated into the executable. This provides universal, environment-neutral protection of the data within any type of transfer, whether via server-client, peer-to-peer (P2P), or through external storage devices.

[1]  Peter J. Clarke,et al.  A flexible approach for electronic medical records exchange , 2006, HIKM '06.

[2]  Fay Cobb Payton,et al.  Privacy of medical records: IT implications of HIPAA , 2000, CSOC.

[3]  Vijay Varadharajan,et al.  A Trust based Access Control Framework for P2P File-Sharing Systems , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[4]  Andrew Hutchison,et al.  Persistent access control: a formal model for drm , 2007, DRM '07.

[5]  P. B. Schneck Persistent access control to prevent piracy of digital information , 1999 .

[6]  N.J. Davis,et al.  Toward a decentralized trust-based access control system for dynamic collaboration , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[7]  Lawrence O Gostin,et al.  Health information privacy. , 1995, Cornell law review.

[8]  Atsuko Miyaji,et al.  Java Obfuscation Approaches to Construct Tamper-Resistant Object-Oriented Programs , 2005 .

[9]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[10]  G. Annas HIPAA regulations - a new era of medical-record privacy? , 2003, The New England journal of medicine.

[11]  Mary Baker,et al.  2 P2P or Not 2 P2P? , 2003, IPTPS.

[12]  Wuu Yang,et al.  Advanced obfuscation techniques for Java bytecode , 2004, J. Syst. Softw..

[13]  Wai Gen Yee,et al.  Bridging a gap in the proposed personal health record , 2006, HIKM '06.

[14]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[15]  H K Huang,et al.  Medical image security in a HIPAA mandated PACS environment. , 2003, Computerized medical imaging and graphics : the official journal of the Computerized Medical Imaging Society.

[16]  Holt Lh,et al.  Privacy of medical records. , 1980, The Record of the Association of the Bar of the City of New York.

[17]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[18]  Zhiyong Feng,et al.  A Trust-Based Access Control with Feedback , 2008, 2008 International Symposiums on Information Processing.