HarryR
commented
6 years ago Bob submits his ZkSNARK-style identity token to the ZkSNARK-style online pharmacy contract which authenticates that he is the correct Bob that matches the one on the prescription token.
But because Bob used his ZkSNARK-style identity token, she doesn't even know Bob's name but can still verify him against the prescription's control.
-
My main question would be - how does she verify him against the prescriptions control, and how can we avoid allowing Bob to give the prescription to Alice?
-
How do you track that a prescription has been filled? e.g. if you transfer the prescription to another pharmacy, what prevents you from getting it fulfilled at both?
For 1, the first thing that comes to mind is, for example, a smart card identity. You provide a signed challenge to the pharmacy which is linked to your smart card and prescription, a challenge which only your smart-card can respond to. This allows you to walk into the pharmacy, tell them your prescription ID, then authenticate with the smart card - however, this doesn't guarantee your identity - only the identity of the smart card (unless you want to irrevocably implant identity chips in peoples heads etc.)
For 2. there could be a derived hash, or fingerprint, for the prescription - whenever a pharmacy fills the prescription it publishes details about the pharmacy, the pharmacy tech, overseeing chemist etc. along with the fingerprint in a way which both you and the doctor can see where/when your prescription was filled, but where nobody observing the data can determine what the prescription was.
Say Bob goes to the doctor and is prescribed a medication that he needs. The doctor writes a prescription for Bob in a ZkSNARK-like contract system. The prescription can be represented as a token that has specific properties. The prescription is authenticated by the specific doctor for the specific patient Bob to fill a quantity and dose of a drug for a designated period. Prescriptions are non-transferrable so Bob cannot transfer the prescription to his friend Alice to fill for herself. However the prescription is transferrable between pharmacies and doctors.
Bob is given the prescription by the doctor and he wants his prescription filled at some discount online drugstore because they deliver fast and are more affordable than his local pharmacy. Bob transfers the prescription to the online store. This particular prescription, however, is a controlled substance and requires verification of Bob's identity. Bob submits his ZkSNARK-style identity token to the ZkSNARK-style online pharmacy contract which authenticates that he is the correct Bob that matches the one on the prescription token.
Cindy works at the discount online pharmacy and likes to look up people's facebook profile when people like Bob order prescriptions because she is weird and has nothing better to do. But because Bob used his ZkSNARK-style identity token, she doesn't even know Bob's name but can still verify him against the prescription's control.
But Cindy needs to know how much to charge Bob for the prescription, so Bob submits his ZkSNARK-style health insurance token, which keeps Bob's information private but has properties for this category of prescription that lets Cindy know how much to charge Bob to fulfill the prescription and ship the medication to him.
There are plenty more examples in the medical industry alone with HIPAA and treatments where privacy, authentication, accuracy, and billing are all paramount.