 You need the mic. Okay Turn it on then. All right. Oh So I'm fortunate enough to have met a lot of physicians who are interested in bridging that gap between Their world and ours and I've had the opportunity to work with them in the past We did some research in the past defcon 22 I think on 9-1-1 security presented on that and continue to work through things like I am the Calvary to talk about Healthcare and information security and that's been awesome Ryan and I have a shared background In that we both went to the Air Force Academy We both did space and missiles and some other stuff and he came to me with the idea of this application and this concept And we said heck let's run with it So we did this part If I don't face the camera is that okay? Okay, so Just to reiterate it seems like we're all familiar with this technology. So let's press let's get right into it Slide That's Oh, no, I'll take this so over the last I mean these are these are pretty current six months seven months We've just seen hack after hack. So this is something we were trying to address with this sort of a relatively simple system for protecting our health care records our health care transactions our health care communication This is going to happen again. This is going to continue happening And one of these days it's going to hit a system that everyone uses like epic or Cernar anyone familiar with epic or Cernar in here Okay, good very good. Okay, and when that happens, I mean there it's gonna be a shit storm I mean, there's really nothing you can do because there's there's no redundant calm built in there's no There's no plan B This system try graph what we're building now is not going to be that plan B yet But we hope that in the future this or something like it will be So this is just the the scare tactics to keep you engaged next slide All right, so This is the obligatory legal language that we have to provide that was developed by trained ninja JD monkeys Here, this is just to reflect that this is not necessarily the opinions or the language verbage opinions Commentary associated with our employers His whether it be the the medicine field Yeah, he's still technically in the Air Force and he's in the medicine field He's not going to provide any medical advice here anyhow. Oh and patent pending the work we've done here. All right, so this is objective We did ask for a second microphone Do we have enough cable to do this or what okay? All right, so long term. We want to improve access to fishing physician care I mean, that's that's the big takeaway here and finally we think that going forward medicine is gonna have to become more collaborative Raise your hand if you've been on web MD. I Know I know you all have you've all had some weird sore. Yeah, I know you All have something little itchy. You're gross Yeah So we think that it'll be helpful to be able to speak over a secure Anonymous platform and say hey man, I got this thing going on kind of like what you have on web MD right now Except with someone that you know is a physician because they've been credentialed through the blockchain through a token To know that next slide Longer term and this is what I alluded to earlier right now. We have a functional POC. We're gonna show you that today It's sped up though. So don't think we're cheating. It takes longer than a minute to do this It takes like six minutes to do this, which is still pretty good. We thought So these are the the key tenets I want you to keep in mind as we go through this The one I didn't mention was audit ability So for anything medical records you have to be able to know who looked at what What they saw and you know if they had a reason for doing this a blockchain will keep track of the externals so you'll know that Physician X talk to patient Y Maybe some sort of content. I guess with the contract on a theorem. You'll know that It was something about I think I maybe broke this bone or something, but you won't have the internals. So there's still privacy We we hope we think at play although we're we are looking to you guys to help pick this apart next slide So why a theorem? You know it's kind of a you know a poor man's crypto we can do a lot of stuff with this with the blockchain It'll cost a little bit of money, but even more importantly what we're up against is is frankly way too expensive to begin with I mean a PAC system is millions a year and it's proprietary. Oh, and there's a talk on Sunday I don't know who's giving it, but I think they're gonna discuss the security any chance he or she's in here No, okay, well, they're gonna hopefully talk about all the the vulnerabilities and PAC systems that already exist Additionally Healthcare that the cost have become just non-transparent. I mean we think we're over a hundred dollars to read an x-ray an MRI Is probably more probably a couple hundred dollars but frankly that's that's already too expensive and We think we can do better. We know we can do better The payment systems already built in as long as your physician is willing to accept a theorem who here who in here Takes a theorem. I think it took a nose dive the last few weeks who lost thousands Yeah, yeah, sorry, buddy And then identity management, this is where we really think this could catch on because How do you know who you're talking to how do you know that this is a physician? Especially if you can de-identify it enough to know that well I don't know the physician's name But I know that he's credentialed to this level even if he or she is living in India or even if he or she is living You know in Chile or something which can also help for 24-7 access to these kinds of medical services And then finally reputation management. We're not here yet, but we envision something along the lines of an uber type rating system Which is difficult because you might not like what you hear from the physician. Yes, you do have herpes. I'm sorry but You know we're we're hoping that someday we can put together something that allows us to know that this physician who is Credentialed and operating on this this particular system is not full of shit That's kind of where we want to get to So when you're getting feedback from a physician on an image that you're providing to them You want to make sure you're getting timely feedback? You're getting cost-effective feedback and that it's Detailed enough that you can take it and provide it to maybe your primary care provider or you get enough input on it to say Yes, this is a broken or yeah, that probably is what you think it is. That's for slide slide All right, so this is me so this is the the architecture what we designed To get this done and on the left-hand side You've got the patient and in the right-hand side You've got a physician and originally when we were talking about this and designing it in our heads Tri-graph was the concept of the patient the blockchain and the doctor and then we got to the point where we said hey You know what? We probably don't want to store imagery on the blockchain. That would be annoying for everybody So we didn't we ended up using an external data store and the external data store is depicted on the top We've implemented that in the proof of concept using Django And that's just basically an API that's sending information back and forth in the design phase when we were looking at this It was very important to us that we implemented such that if the data store were compromised None of the patient information specifically imagery would be recoverable So what is passed up there is public keys and encrypted image data and that's it As far as the patient interaction with the blockchain, that's something where they're sending the payment, right? They're paying the physician for that image read. They're paying the physician for that opinion They're starting the contract and they're pushing state changes The physician is also pushing state changes which we'll get to here in a moment And then the payment at the end goes to that happy physician in the lower right to say yeah, that doesn't look good All right, so when we designed the proof of concept This was what we actually Implemented in our network for testing you can see basically it's a summary of it all and this is truly a mesh network with The geth or the the go-based aetherium clients talking to each other But here what you've got is you've got at the top the dedicated blockchain nodes that are operating the blockchain They're the ones that are doing the mining and the mining is required so that we can keep the transactions moving along On the lower hand side, this was our implementation in the proof of concept to say we have an arbitrary patient client We have an arbitrary doctor client and we have the data store And the data store was the implementation of that junk Django app that we were talking about all of those three are interfacing through web 3 a Python library into the go-aetherium Client via RPC to the go-aetherium client and then talks on the blockchain So this is how we implemented our proof of concept and we'll go over that and actually have some video on that later any questions Okay, I'm gonna speed through this all right So one of the things that was important to us was authentication. How do we know who's talking right? How do we know who's conversing so for authentication on the blockchain? We're relying on the aetherium authentication right you're unlocking your wallet You're using those secrets that are within that wallet that private key to send data to send money to send aetherium If you can unlock that then you have authenticated yourself to the blockchain and for our purposes We said that's gonna be good enough right because you're already doing that to send money back and forth But for the data store we had to come up with something right? How do we know who is talking to the data store? So what we came up with was this is our prescription pad right you have prescription pad You hand it to the physician and they sign it. That's what we're doing right? So the data store when it is working with any one of the clients to it whether it be a patient or a physician They're sending them challenges. It's a challenge response authentication mechanism That's essentially saying hey here's something that's unique. It's a unique token from the data store We want you to sign it with your aetherium private key And when it gets back the data store looks at it and tries to verify that signature And if it can and that contract or I'm sorry that address Verifies up against the contract that it's looking for to say yes, this is the patient. Yes, this is the physician You're good to go and it progresses forward So that was used for authentication against the data store the other thing that was important to us was authorization and authorization was handled at two levels authorization in the Contract on the blockchain was baked into the contract using solidity so you can see here We've got some modifiers to say only the patient can do certain things only the doctor can do certain things and then we've got the in-state Aspects and you've got some examples on the right-hand side in state Just depicts the fact that we've got this kind of positioned out in different states Where the contract is initiated by the patient and then it waits for it to be ready for the doctor and then the doctor Picks it up and reviews it and then it gives it back to the patient the patient gets it and said yes You reviewed my image. Here's your money So that's basically how we're doing that authorization as far as authorization within the data store that was based on your Authentication so it's again based on patient or physician if you have identified yourself using the authentication mechanism We referenced in the last slide as the patient and you're trying to do something a patient should be able to do that contract You're authorized to do it All right, so how did we keep those images secure on the data store? This is basically a summary of what we did This is a specific implementation of elliptic curve integrated encryption scheme or EC IES What we're doing is we're taking that ethereum private key data on the left-hand side for the patient and the doctor and we're creating Elliptic curve keys basically saying let's create pubs from the the private key data that you have and We're going to share the public keys via the data store again That's authenticated back to say are you the patient? Okay, then you get the doctor's public key. Are you the doctor? Okay, then you get the patient's public key specifically for that contract The public keys are exchanged by the data store and then those are used for ECDH or elliptic curve Diffie Hellman key exchange Right, so we're going to take that and we're going to generate a shared secret that now the patient and the doctor have That shared secret is used as output from the ECDH or elliptic curve Diffie Hellman blocks To throw into an AES key derivation function and the salt that we're using to make it unique for each exchange Is the contract address from ethereum? That then will result in equal AES keys on each side So the doctor has an AES key the patient has an AES C key. They're the same, but they never exchange it in the first place So these are the stages that the contract will go through the patient will initiate it The patient will stage everything put the data out there say it's ready for the doctor The doctor can then accept the contract and get everything ready to be able to you know Exchange those public keys once the public keys are exchanged then the patient can upload the file and in the encrypted format and then it could be downloaded by the doctor reviewed put back up there and then the Patient can say yes, this is completed. I got back the advice from the doctor There's also a stage for abortion if we get to a point where the patient has put a contract out there And it has not been accepted for example If I put something out there and I didn't mean to or I put it out there and the values too high or I want to Decrease it you can just nix the contract all together, but it has to be in a non Accepted state and it has to be done by the patient and we've got some details in this for all everything I just said that I'm just gonna skip past because I said it already. All right challenges Okay, so it's changing quickly That could wrecked all the code that Peter's already written. Sorry There are privacy concerns Just like any any system the the end users can still take a picture of something and put it on the internet We don't know how to fix that so we can't really solve that problem Additionally, de-identifying some of this this data may prove Impossible Moral and ethical as well. This is something that Peter and I discussed at length for about 10 minutes over a few beers This same construct could be used to share some really bad stuff and it would be completely anonymous and it would be completely Secure so you could do murders for hire. I'll let you speculate on everything else you could do over that Finally, how do I know you're a real doctor if you lose your token once it's been issued or if it's stolen from you? Well, it's we don't know that you're talking to a real doctor anymore And then finally two more things so you do We're not sure what's gonna happen with this the gas when we priced it a few days ago It was just a few cents the physician would pay a few cents to get into the network Which is no big deal, but we don't know what the future is gonna hold with that So Vitalik Buterin's around is he anyone know if he's around I'd like to talk to him. I'm totally serious I'd love to have sit down, you know, is he 21 yet? And finally speed kills if the network isn't fast enough your average radiologist is gonna move through a scan in about two minutes If they can't do that in that sort of time with this network It's pointless. They'll just go back to a pack system slide Next step. So what we want to do We we need to automate more of this and it needs to be I'm not sure what you meant by checks and balances Right now so right now we don't have some of the checks that I'd like to do I'd like to do some of those things to say, okay You know, where is the state of the contract with respect to what you're doing at the data store, right? so if you're trying to download an image and it isn't actually at that state on the The data are on the blockchain. It'll all error out, but I'd like to tighten that up. Yeah Thanks, Pedro So we need to also credential physicians. What sound do we have minute or two? Okay, cool So this is the hard part if anyone knows any companies that can do this for us. We'd love to know Because once they're credentialed, I mean, that's it. We don't have any way to sort of police them We need to know that they are who they say they are that they have gone to this residency or have had this medical training user-friendly interface right now There's maybe three people in this room who would know how to do this in this system So we're gonna need to make this interface with a browser of some sort or an app If anyone can do that let us know afterwards Monetization we do we would like to monetize it. I mean, I don't think we're looking to make crazy profits on this but There's a few different ways we could do it But we want to do it in a way that we're not a third party It would have to be the sort of thing where the contract is already fulfilled and everyone's happy and then somehow and some sort of You know subcontractor something we're paid afterwards. We're not exactly sure how we're gonna do that yet The rating system already discussed go live on a theory. We haven't done this yet So we still technically don't know if this will work and end because it hasn't been done on the live network Okay, I hope we left time for questions. Let's get the demo going Wow, this is really terrible terrible graphics. I'm so so sorry about this. Let's see if we can zoom in How do you Mac zoom in? Mac zoom in Yeah, and we can make this available afterwards. This is just a video. It's unfortunately greeny What this is and was we sped this up? This is a video of the interaction on the top of an end-to-end script the problem with Actually doing this, you know in person is it's something where I would do something as a patient doctor would do something I would do something as a patient doctor would do something and that's actually going to take hours and hours Plus the blockchain has to mine everything to verify all the transactions So so my question is have you felt of running instead of using public box and you can use a private box And let's say based off on proof of authority consensus or similar to oracles that work project that they're trying to do Have you thought of this approach because it's a green mining nobody has to it's like a simplified proof of stake. Yeah Yeah, so what he said was right now. We're using a private blockchain and it's working We do want to push it out to a public blockchain just to make it so that it's readily available. It's monetized right there It's money right people play it right people pay in the money Yeah, we can do very bad things with this blockchain So we want to make sure that it's verified by other people We want to make sure that it's money that people can get that the you know radiologists can do this thing They get there a 3m and they get it out of coinbase or whatever they need to do Okay, so I see you guys aren't really storing Patient information, but you are storing encrypted image data. Yes, maybe certain what patient information? Would HIPAA apply here? Are you taking that into consideration that you'd be legally required to do certain things according to HIPAA? Yeah, why don't you take this one? No Okay, no because because this is this in this case in all the scenarios we we are putting up here It's the patient uploading this with your medical records. You can do whatever you want Now Going forward. We would need to get some sort of HIPAA certification for this. I don't know that it would be a huge problem because Once this stuff is encrypted it it's there in the data store It has very stark regulations of how you store it. How you audit the server and how you do everything I've violated it a few times. I'm familiar with it Yeah, enjoy the fines Yes, there are there are heavy fines. So no, we see this starting off as a poor man's second opinion to begin with That would be outside the bounds of HIPAA, but you're right going forward that that would be a problem and a concern And not one we're really that worried about because when you start talking about audit ability This is the public ledger, right? This is the blockchain. So now kind of know where everything's transiting your data store So the data store also supports all kinds of logging that we can do with that It's something that we could achieve. I'm not that concerned about it But to get to the point where we were proof of concept and it was actually moving data back and forth in an encrypted fashion We did not achieve HIPAA compliance today All right, cool. Thanks guys. Oh