PRIVATE.ME PLATFORM

xScan: Medical Imaging Protection

XorIDA splits medical imaging files with automatic chunking. No single node holds enough data to reconstruct any image portion. Per-chunk HMAC signing ensures tamper detection.

Healthcare / Radiology COMING SOON XorIDA Powered

Section 01

The Problem

Medical images stored on single servers are high-value breach targets. A single compromise exposes thousands of patient scans containing embedded patient identifiers.

DICOM files from MRI, CT, and X-ray scanners contain far more than pixel data. They embed patient names, dates of birth, medical record numbers, referring physicians, and diagnostic codes. A PACS (Picture Archiving and Communication System) breach exposes not just images but complete patient identities linked to their medical conditions.

Healthcare imaging data is growing exponentially. A single MRI study generates 500MB to 2GB. Hospitals store millions of studies, creating massive centralized targets. Traditional encryption protects data at rest but leaves a single point of decryption failure.

The Old Way

Section 02

The PRIVATE.ME Solution

XorIDA splits large imaging files with automatic chunking optimized for DICOM structure. No single storage node holds enough data to reconstruct any portion of any image.

Medical images are automatically chunked based on configurable sizes optimized for the imaging modality. Each chunk is independently split into N shares and distributed across separate storage nodes. Per-chunk HMAC signing ensures any tampering is detected at the individual chunk level.

Reconstruction requires the threshold number of shares for every chunk. An attacker who compromises a single storage node obtains fragments that are information-theoretically impossible to reconstruct without the remaining shares.

The New Way

Section 03

How It Works

A multi-stage pipeline handles large medical images with automatic chunking, parallel splitting, distributed storage, and chunk-level integrity verification.

Key Security Properties

Chunk-level splitting: Each chunk is independently split -- compromising one chunk reveals nothing about others. Per-chunk HMAC: Tamper detection at the individual chunk level, not just the file level. Streaming support: Images can be split during acquisition without buffering the entire study.

Section 04

Use Cases

🩻

Radiology

Radiology Image Sharing

Share MRI, CT, and X-ray images across hospital networks without exposing complete studies at any single node. Split-channel PACS for multi-site health systems.

Hospital Networks

🌐

Teleradiology

Teleradiology Networks

Enable remote reading of imaging studies by distributing shares across teleradiology nodes. Radiologists reconstruct only the studies they are authorized to read.

Remote Diagnostics

🔬

Research

Research Imaging Archives

Protect multi-year research imaging archives with threshold-based access. Longitudinal studies maintain data integrity across decades without single-point exposure risk.

Longitudinal Studies

🤖

AI/ML Training

AI Training Image Protection

Feed medical imaging AI models without exposing training data at any single compute node. Split-channel training preserves patient privacy during model development.

Model Training

Section 05

Integration

Quick Start

import { splitImage, reconstructImage } from '@private.me/imagesplit';

// Split a DICOM image across 3 nodes (2-of-3 threshold)
const shares = await splitImage(dicomBuffer, {
  n: 3,
  k: 2,
  chunkSize: 1048576  // 1MB chunks
});

// Reconstruct from any 2 of 3 share sets
const image = await reconstructImage(
  [shares[0], shares[2]]
);

splitImage(dicom: Buffer, config: { n: number, k: number, chunkSize?: number }): Promise<ImageShare[]>

Splits a DICOM or other medical image into N share sets with K-of-N threshold reconstruction. Automatic chunking divides large files into configurable chunk sizes. Each chunk is independently XorIDA-split and HMAC-signed. Supports MRI, CT, X-ray, and ultrasound DICOM formats.

Section 05b

Viral Onboarding: < 2 Minute M2M Setup

Traditional M2M integration: 42-67 minutes per connection (API key generation, secure storage, rotation setup, monitoring)

With Xlink: < 2 minutes, zero configuration

Speedup: 21-33× faster

One-Line Connection (SDK)

Zero-Config Discovery

import { connect } from '@private.me/agent-sdk';

// Zero-config discovery
const imagingNode = await connect('radiology-pacs-node');

// Use immediately for secure image storage
const result = await imagingNode.send({
  type: 'store-imaging-study',
  data: { studyID: 'MRI-20260412-001', shares: dicomShares }
});

Network effects: When your imaging partner already uses Xlink, connection is instant. When they don't, you send an invite (< 10 sec), they accept (< 60 sec), and all future connections are instant.

CLI Alternative

Command Line

# Initialize once
xlink init

# Connect to imaging node
xlink connect radiology-pacs-node

# Invite a healthcare partner to join
xlink invite partner-imaging-center

Zero-Downtime Migration

Dual Mode Adapter

import { DualModeAdapter } from '@private.me/agent-sdk';

// Both Xlink AND your existing API key work
const adapter = new DualModeAdapter({
  xlink: imagingAgent,
  fallback: { apiKey: process.env.PACS_API_KEY }
});

const result = await adapter.call('store-study', {
  studyID: 'MRI-20260412-001',
  shares: dicomShares
});

// Track adoption progress
console.log(adapter.getMetrics());
// { xlinkPercentage: 73, xlinkCalls: 146, fallbackCalls: 54 }

As your imaging partners adopt Xlink, your xlinkPercentage automatically increases. No code changes required.

Why Medical Imaging Needs Viral M2M

Time-critical diagnostics: Radiologists need instant access to imaging studies. API key setup delays can postpone critical diagnoses.
Multi-site coordination: Healthcare involves PACS systems, teleradiology networks, research archives, and AI training nodes. Manual key exchange across 5+ parties is untenable.
Network effects: Each hospital's adoption reduces friction for their entire imaging ecosystem—partners connect instantly to multiple imaging nodes.

1.2

Viral Coefficient

Each imaging center connects to ~3 partners → exponential growth

< 2 min

Setup Time

vs 42-67 min for API keys

< 70 sec

Invite Flow

Create (< 10s) + Accept (< 60s)

Growth projection: Month 1 (100 imaging centers) → Month 12 (74,185 imaging centers) with VC = 1.2

Section 06

Security Properties

Property	Mechanism	Guarantee
Chunk-Level Split	Auto-chunking + per-chunk XorIDA	No single node holds reconstructable image portion
Per-Chunk Integrity	HMAC-SHA256 per chunk per share	Tamper detection at individual chunk granularity
PII Separation	DICOM metadata stripped before split	Patient identifiers never co-located with image shares
Quantum Resistance	Information-theoretic security (GF(2))	No computational assumption to break
Streaming Split	Chunk pipeline during acquisition	Images protected in real time during scanning

<1ms

Typical payload

1MB

Default chunk size

0 bytes

Exposed per breach

GF(2)

Quantum-proof algebra

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xScan?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xScan generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xscan
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xScan is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →