PRIVATE.ME PLATFORM

xSpecimen: Biobank Specimen Protection

XorIDA splits biobank specimen data across independent research institutions. Reconstruction requires threshold cooperation. Configurable quorum sizes protect donor privacy permanently.

Healthcare / Biobanking COMING SOON XorIDA Powered

Section 01

The Problem

Biobank genetic marker data stored at single institutions creates permanent exposure risk. A single breach exposes donor identities and genetic information that can never be changed.

Biobanks store biological specimens alongside genetic markers, phenotype data, and donor identifiers. This data is stored at a single institution with centralized access control. A breach at that institution permanently compromises every donor -- genetic data cannot be rotated or revoked like a password.

Multi-institution research collaborations compound the problem. When biobanks share data for collaborative studies, complete datasets are copied to each participating institution, multiplying the attack surface proportionally.

The Old Way

Section 02

The PRIVATE.ME Solution

XorIDA splits specimen data across independent research institutions. Reconstruction requires threshold cooperation between independently governed institutions.

Each donor's specimen data is split into N shares distributed across independent biobank institutions. No single institution holds enough data to identify any donor or reconstruct their genetic profile. Collaborative research proceeds through threshold reconstruction with configurable quorum sizes.

The quorum size is configurable per study. A rare disease study across 5 institutions might require 3-of-5 cooperation, while a sensitive population study might require 4-of-5. The donor's consent record specifies the minimum quorum for each authorized use.

The New Way

Section 03

How It Works

A consent-aware pipeline distributes specimen data across independent institutions with configurable quorum requirements per study.

Key Security Properties

Configurable quorum: Each study defines its own threshold based on sensitivity level. Donor consent: Consent records specify authorized uses and minimum quorum requirements. Permanent protection: Genetic data protected by information-theoretic security that never weakens.

Section 04

Use Cases

🏥

Multi-Institution

Multi-Institution Biobank Collaboration

Connect biobanks across universities and hospitals with threshold-based access. Each institution holds shares, not complete genetic profiles.

Federated Research

🛡

Donor Privacy

Donor Privacy Protection

Protect donor identities with information-theoretic security. No institution -- even under legal compulsion -- can identify donors without threshold cooperation.

Privacy-First

📈

Longitudinal Studies

Longitudinal Study Data

Protect multi-decade longitudinal studies with threshold security that never weakens. Data collected over 30 years remains equally protected at year one and year thirty.

Long-Term

🔗

Chain of Custody

Specimen Chain of Custody

Track specimen provenance across institutions with HMAC-verified share chains. Every handoff is independently verifiable and tamper-evident.

Provenance

Section 05

Developer Experience

xSpecimen provides real-time progress tracking and structured error codes to help biobank developers build reliable, auditable specimen management systems.

Progress Callbacks

Both splitSpecimen() and reconstructSpecimen() operations support onProgress callbacks for tracking long-running operations, especially useful when distributing specimen data across multiple biobank institutions.

Progress tracking example

const shares = await splitSpecimen(specimenData, {
  institutions: ['mit', 'stanford', 'oxford'],
  k: 2,
  n: 3,
  onProgress: async (event) => {
    switch (event.stage) {
      case 'validating':
        console.log('Validating consent requirements...');
        break;
      case 'splitting':
        console.log('Splitting specimen data via XorIDA...');
        break;
      case 'distributing':
        console.log(`Distributing share ${event.current}/${event.total}...`);
        break;
      case 'complete':
        console.log('Specimen data distributed successfully');
        break;
    }
  }
});

// Reconstruct with progress tracking
const result = await reconstructSpecimen({
  studyId: 'rare-disease-2026',
  institutions: ['mit', 'stanford'],
  onProgress: async (event) => {
    if (event.stage === 'verifying') {
      console.log(`Verifying HMAC for share ${event.current}...`);
    }
    if (event.stage === 'reconstructing') {
      console.log(`Reconstructing from ${event.current} shares...`);
    }
  }
});

Structured Error Handling

xSpecimen uses a Result<T, E> pattern with detailed error structures. Every error includes a machine-readable code, human-readable message, actionable hint, and documentation URL.

Error detail structure

interface ErrorDetail {
  code: string;         // e.g., 'CONSENT_NOT_FOUND'
  message: string;      // Human-readable description
  hint?: string;        // Actionable suggestion
  field?: string;       // Field that caused the error
  docs?: string;        // Documentation URL
}

Error Categories

xSpecimen organizes error codes across multiple categories for systematic handling:

Category	Example Codes	Description
Consent	CONSENT_NOT_FOUND, CONSENT_EXPIRED, QUORUM_NOT_MET	Donor consent validation failures
Specimen	INVALID_SPECIMEN_ID, SPECIMEN_NOT_FOUND, CHAIN_OF_CUSTODY_BROKEN	Specimen data and provenance errors
Institution	INSTITUTION_NOT_AUTHORIZED, INSTITUTION_OFFLINE, SHARE_DELIVERY_FAILED	Multi-institution coordination failures
Crypto	HMAC_VERIFICATION_FAILED, SHARE_RECONSTRUCTION_FAILED	Cryptographic operation failures
Compliance	CLIA_VALIDATION_FAILED, CAP_AUDIT_REQUIRED, HIPAA_VIOLATION	Regulatory compliance errors

Viral Growth

Viral Onboarding: < 2 Minute Multi-Site Setup

Zero-config biobank discovery and viral invite flow enable exponential multi-site adoption. Setup time: < 2 minutes (vs 4-8 weeks for manual biobank integration). Target viral coefficient: 1.3 → exponential consortium growth.

The 2-Minute Biobank Onboarding Flow

Traditional biobank integration requires 4-8 weeks per institution: IRB approval process, data use agreement negotiation, HIPAA business associate agreement, technical integration planning, VPN setup, database schema alignment, access control configuration, chain-of-custody documentation, CLIA/CAP compliance verification, security audit, pilot data transfer, and production rollout. xSpecimen reduces initial technical setup to under 2 minutes through zero-config biobank discovery and automatic trust establishment:

Complete biobank setup: < 2 minutes

// Step 1: Initialize institutional identity (< 30 sec)
$ xspecimen init --name stanford-biobank --type research-institution
{
  "status": "initialized",
  "did": "did:key:z6MksBiobank7sP...",
  "name": "stanford-biobank",
  "type": "research-institution"
}

// Step 2: Connect to a biobank consortium (< 90 sec)
$ xspecimen connect cancer-genomics-consortium
{
  "status": "connected",
  "consortium": "cancer-genomics-consortium",
  "coordinator": "did:key:z6MksCancer...",
  "institutions": ["mit", "oxford", "mayo-clinic"],
  "quorum_requirement": "3-of-5",
  "elapsed_seconds": 1.4
}

// Step 3: Start collaborating immediately
const { connectBiobank } = require('@private.me/xspecimen');
const connection = await connectBiobank('cancer-genomics-consortium');
await splitSpecimen(specimenData, {
  institutions: connection.value.institutions,
  k: 3,
  n: 5,
  studyId: 'melanoma-trial-2026'
});

Zero-Config Biobank Discovery (3-Tier Lookup)

The connectBiobank() function accepts consortium names, institution domains, or URLs and automatically discovers connection details through a 3-tier lookup system:

Method	Example	Lookup
Public Registry	`connectBiobank('cancer-genomics-consortium')`	Query biobank.registry.io for registered consortium
.well-known	`connectBiobank('biobank.stanford.edu')`	Fetch `https://biobank.stanford.edu/.well-known/xspecimen.json`
Direct URL	`connectBiobank('https://biobank.mayo.edu/xspecimen')`	Use URL directly

AUTOMATIC TRUST ESTABLISHMENT

The first connection to a biobank consortium automatically adds institution public keys to your local trust registry. Subsequent specimen transfers verify HMAC signatures against stored keys (TOFU: Trust On First Use). For CLIA/CAP-certified labs, admins can pre-populate the trust registry with certified institution keys.

Viral Invite Flow (< 10 sec creation, < 60 sec acceptance)

The invite system enables exponential consortium growth through effortless institution-to-institution invitations. Creating an invite takes < 10 seconds, accepting takes < 60 seconds, and the invite recipient automatically becomes a potential inviter themselves.

Create biobank invite (< 10 sec)

$ xspecimen invite mayo-clinic-biobank --email biobank@mayo.edu
{
  "status": "created",
  "invite_url": "https://xspecimen.to/invite/b8Np2y...",
  "qr_code": "data:image/svg+xml,...",
  "expires_at": "2026-04-19T...",
  "consortium": "cancer-genomics-consortium",
  "message": "Share this link: https://xspecimen.to/invite/b8Np2y..."
}

When the recipient clicks the invite link, they see a one-click acceptance page with the consortium's study info, quorum requirements, and participating institutions. Accepting the invite automatically establishes the connection, adds the institution to the consortium trust registry, and enables specimen data sharing.

Viral Coefficient Model: VC = 1.3

Viral coefficient (VC) measures how many new institutions each existing institution brings. The formula: VC = (collaborations per institution) × (invite rate) × (acceptance rate). xSpecimen targets VC > 1.0 for exponential consortium growth:

Metric	Target	Rationale
Collaborations per institution	4	Multi-site biobanks typically partner with 4-6 institutions per study
Invite rate	100%	Zero-click invite creation, consortium coordinators invite all partners
Acceptance rate	> 32%	One-click acceptance, 7-day expiry, trusted research network
Viral Coefficient	> 1.0	1.3 (4 × 1.0 × 0.32)

EXPONENTIAL GROWTH MODEL

With VC = 1.3, starting from 10 biobanks in Month 1 projects to 1,392 biobanks by Month 12. Each institution invites 4 collaborators, 32% accept within 7 days (driven by consortium coordinator outreach + trusted research networks), and the cycle repeats.

Zero-Downtime Migration (Dual-Mode Adapter)

For existing biobank integrations using VPN tunnels, SFTP transfers, or legacy APIs, xSpecimen provides a DualModeBiobankAdapter that runs xSpecimen and legacy transfer mechanisms simultaneously. This enables zero-downtime migration with gradual rollout and usage tracking:

Zero-downtime biobank migration

const { DualModeBiobankAdapter } = require('@private.me/xspecimen');

// Create dual-mode adapter (tries xSpecimen first, falls back to legacy)
const adapter = new DualModeBiobankAdapter({
  xspecimen: xspecimenClient,   // Optional: add when ready
  fallback: {
    type: 'sftp',
    host: process.env.BIOBANK_SFTP_HOST,
    credentials: process.env.BIOBANK_SFTP_KEY,
  },
});

// Transfer specimen data (automatically tries xSpecimen → legacy)
const result = await adapter.transferSpecimen(specimenData, {
  institutions: ['mit', 'stanford'],
  studyId: 'lung-cancer-2026'
});

// Track migration progress
const metrics = adapter.getMetrics();
console.log(`xSpecimen usage: ${metrics.xspecimenPercentage}%`);
// Output: "xSpecimen usage: 81%"

// Remove fallback when 100% migrated
adapter.removeFallback();

Comparison: xSpecimen vs Traditional Biobank Integration

Aspect	Traditional Integration	xSpecimen
Setup Time	4-8 weeks (IRB + DUA + BAA + VPN + schema + audit)	< 2 minutes (init + connect + use)
Data Protection	Single-site centralized database	K-of-N threshold splitting, no single point of exposure
Discovery	Manual consortium coordinator contact list	Zero-config 3-tier lookup
Invite Mechanism	Email contact details + 4-8 week onboarding	One-click invite link, < 10 sec creation
Acceptance	Manual setup (4-8 weeks)	One-click acceptance (< 60 sec)
Growth	Linear (manual outreach + lengthy approvals)	Exponential (VC = 1.3)
Compliance	Per-site CLIA/CAP audits + separate chain-of-custody	HMAC-verified provenance + automatic audit trails

SUCCESS CRITERIA

Biobank onboarding is considered successful when: (1) Technical setup < 2 min, (2) Invite creation < 10 sec, (3) Invite acceptance < 60 sec, (4) Acceptance rate > 32%, (5) Viral coefficient > 1.0. Note: IRB approval and legal agreements remain separate processes governed by institutional policy.

Use Cases for Viral Growth

🧬

CANCER RESEARCH

Multi-Site Cancer Genomics Consortium

Connect 12 NCI-designated cancer centers for rare variant discovery. Each biobank invites 3-4 partner institutions. Threshold: 4-of-7 for reconstruction.

NCI MATCH Trial Pattern

🏥

PRECISION MEDICINE

Regional Tissue Repository Network

Hospital biobanks invite affiliated research labs and pathology centers. Each hospital brings 5-6 partners. Chain-of-custody verified via HMAC.

CLIA/CAP Compliant

🔬

RARE DISEASE

Global Rare Disease Biobank Federation

Cross-border biobank sharing for ultra-rare diseases. Each biobank invites international partners. Threshold: 3-of-5 balances access with donor privacy.

GDPR + HIPAA

💊

PHARMA TRIALS

Pharma-Sponsored Multi-Site Trials

Pharmaceutical companies invite CRO biobanks for Phase II/III trials. Sponsor holds 1 share, each CRO holds 1 share. Threshold: 3-of-N.

21 CFR Part 11

Section 07

Integration

Quick Start

import { splitSpecimen, collaborateSecure } from '@private.me/xspecimen';

// Split specimen data across 5 institutions (3-of-5)
const shares = await splitSpecimen(specimenData, {
  institutions: ['mit', 'stanford', 'oxford', 'eth', 'tokyo-u'],
  n: 5,
  k: 3
});

// Collaborate with quorum-based reconstruction
const result = await collaborateSecure({
  studyId: 'rare-disease-2026',
  institutions: ['mit', 'stanford', 'oxford']
});

splitSpecimen(data: SpecimenData, institutions: string[], config: { n: number, k: number }): Promise<BioShare[]>

Splits biobank specimen data into N shares distributed across specified research institutions with K-of-N threshold reconstruction. Each share is HMAC-signed and tagged with institution metadata. Consent validation and quorum requirements enforced before every operation.

Section 08

Security Properties

Property	Mechanism	Guarantee
Configurable Quorum	Per-study K-of-N threshold	Sensitivity-appropriate access control
Donor Anonymity	XorIDA threshold splitting	No institution can identify donors alone
Tamper Detection	Per-share HMAC-SHA256	Any modification detected before reconstruction
Quantum Resistance	Information-theoretic security (GF(2))	Security never weakens over time
Chain of Custody	HMAC-verified handoff records	Every specimen transfer independently verifiable

<1ms

Typical payload

K-of-N

Configurable quorum

0 bytes

Exposed per breach

GF(2)

Quantum-proof algebra

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xSpecimen?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xSpecimen generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xspecimen
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xSpecimen is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →