Under the Avicenna's self-sovereign identity model, patients and medical staff who have an identifier (Public key - Private key encryption) present uniqueness claims relating to those identifiers without having to go through an intermediary. Avicenna allows a system with self-sovereign identity through Bitcoin technology in which no intermediary is needed.

In order for a system like this to be successful, it needs to have adhered to a set of guiding principles. Avicenna self-sovereign identity is based on Christopher Allen’s The Path to Self-Sovereign Identity.

Having a User Model that contains the required fields for a digital signature operation (address, signature and message).

For each user in the database, generate a big random integer.

Assuming Lightning Joule is present and unlocked, Avicenna gets the current Lightning Joule account’s public key.

Avicenna prompts Lightning Joule to show a confirmation popup for signing the message. The nonce will be displayed in this popup so that the user knows he/she isn’t signing any malicious data.

When he/she accepts it, the signature is sent to the back.

Having the nonce, the public address and the signature, the back end can then cryptographically verify that the nonce has been correctly signed by this specific user. If this is the case, then the user has proven ownership of the public address and, we can consider him/her authenticated. A JWT or session identifier can then be returned to the front.

To prevent the user from logging in again with the same signature (in case it gets compromised), we make sure that the next time the same user wants to log in, he/she needs to sign a new nonce. This is achieved by generating another random nonce for this user and persisting it to the database.

Medical staff´s identity verification is digitally automatized through a WebLN provider such as Lightning Joule to log in the platform. Avicenna uses a Bitcoin public key to perform the medical staff´s identification. The process is frictionless: using Lightning Joule as a WebLN provider, medical staff have private and public keys. The private key is then used to encrypt a secret random number encoded by Avicenna as a hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature.

The reason for encrypting the secret instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.

The value of a hash is unique to the hashed data. Any change in the data, even a single character, will result in a different value. This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash.

If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. If the two hashes don't match, the data has either been tampered with in some way -- integrity -- or the signature was created with a private key that doesn't correspond to the public key presented by the signer -- authentication.

Patients or legal guardians´ identity verification is manually reviewed by the medical staff using the passport validation guidelines. Patients or legal guardians also use a decentralised identity mechanism inspired by Private key - Public key encryption. Avicenna is designed to work on environments without any technology infrastructure, and it assumes patients or legal guardians do not have access to technology. Therefore, they have their identity as a digital passport stored offline in the IPFS network. However, passports are not accessible without the patient or legal guardians´ private key.

Patients or legal guardians have their identity inside their Avicenna passport certification. The first time a client or a legal guardian have access to an Avicenna-enabled health-care setting, they will receive a passport in the format of a paper. This paper contains a QR code which points to the digital access for their Avicenna passport stored in the health-care setting IPFS offline network.

When any of the medical staff scan the QR code, the patient's passport will ask for the patient´s private key (password) to unencrypt the passport and view the data. Once the data is reviewed by the medical staff using the passport validation guidelines, the patient or legal guardian will be identified.

Avicenna provides a computerized collection of the patient´s information in a digital and immutable format which facilitates the sharing of the patient´s data, always with the patient´s consent, such as medical records, charts, prescriptions and test results across multiple healthcare environments. Different from other EHRs, patient's medical records cannot be shared without the patient's password

Some of the numerous benefits of the Avicenna medical records in healthcare facilities include:

• Improved Quality of Care: Computerized notes are often easier to read than the practitioner's handwriting. This reduces the risk of mistakes and misinterpretations that can negatively impact the quality of the consultation.

• Convenience and Efficiency: Medical and office staff no longer have to waste time sorting through piles of records. Staff can access electronic medical records quickly and efficiently with just a few strokes on a keyboard and with the patient´s consent.

• Security: The medical record is a module of the patient's passport, which is located in the IPFS distributed network. This network is private and offline without any access or entry point that may corrupt the data. The patient's passport is certified in a immutable data structure ectremely easy to detect when a fraudulent copy enters in the system due to the verification process in the passport validation guidelines.

• Saving Space: Electronic medical records eliminate the need to store documents in bulky file cabinets, which frees up more space for medical supplies and equipment.

Some of the numerous benefits of Avicenna medical records in patients or legal guardians:

• Simplicity: Avicenna assumes that patients do not have any IT knowledge. Patient's medical record lives in the IPFS node in the format of an immutable data structure linked to an authenticity stamp provided by a hybrid system based on the Blockstream Satellite or Open Time Samps. Just a simple QR code printed is required.

• ** Data ownership**: Medical records require a password to unencrypt and have access to the data. This password is created once the medical record is generated.

Avicenna provides a safe health-care program, which is implemented by a qualified practitioner, in the form of instructions to provide a care plan for the patient. Medical staff are able to safely prescribe in the patient’s passport. This passport can be unencrypted at any of the drug distributor, which ensures the passport authenticity using the passport validation guidelines and provides the medication in a regulated, safe and easy environment.