MSc Thesis Artifact

Patient-Controlled Zero-Trust Communication Architecture

Patient Trust Zone
Untrusted Zone 🔓
Provider Trust Zone

Patient

did: —
1. Generate cryptographic identity
2. Sign consent token
3. Establish session key (ECDH)
4. Encrypted session
5. Encrypted video/audio (frame-level AES-GCM)

Relay Server (Untrusted Zone)

no keys stored here

This panel shows exactly and only what the server ever receives. No private keys, no plaintext session content — if the architecture is sound, this feed should only ever contain signed tokens, public keys, and ciphertext.

Provider

did: —
1. Generate cryptographic identity
2. Verify consent token
3. Establish session key (ECDH)
4. Encrypted session
5. Encrypted video/audio (frame-level AES-GCM)