CN112364376A - Attribute agent re-encryption medical data sharing method - Google Patents

Attribute agent re-encryption medical data sharing method Download PDF

Info

Publication number
CN112364376A
CN112364376A CN202011256986.0A CN202011256986A CN112364376A CN 112364376 A CN112364376 A CN 112364376A CN 202011256986 A CN202011256986 A CN 202011256986A CN 112364376 A CN112364376 A CN 112364376A
Authority
CN
China
Prior art keywords
key
data
encryption
attribute
patient
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011256986.0A
Other languages
Chinese (zh)
Inventor
王战
陈玉玲
龙洋洋
张永昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou University
Original Assignee
Guizhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou University filed Critical Guizhou University
Priority to CN202011256986.0A priority Critical patent/CN112364376A/en
Publication of CN112364376A publication Critical patent/CN112364376A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/20ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the management or administration of healthcare resources or facilities, e.g. managing hospital staff or surgery rooms

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Biomedical Technology (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an attribute agent re-encryption medical data sharing scheme, which comprises the following steps: building a cloud server by using a hadoop platform; the scheme for sharing the attribute proxy heavy-encryption medical data is realized by matching with a key distribution center and a hospital, mixed encryption and split storage are applied to a medical data sharing process, and sharing and matching privacy security is realized by combining attribute proxy heavy-encryption, so that convenience of a user is maximized and burden of a cloud server is reduced while all parties participate in the scheme. The security and privacy of the whole scheme are improved, and the operation overhead is less.

Description

Attribute agent re-encryption medical data sharing method
Technical Field
The invention belongs to the fields of privacy protection and information security, and particularly relates to a medical data security sharing method.
Background
Big data is the key of the rapid development of the modern information society, and although the big data brings great convenience to our lives, the privacy security of the big data is important while the convenience is obtained. Medical data security is an important item in big data security, and a traditional attribute proxy re-encryption medical data storage scheme is to upload medical data of a patient to a cloud server for storage, so that the method is convenient for a user to store and share the medical data with a doctor. The following disadvantages are also present while achieving convenience:
1) the data are not protected and the operation speed is low, the data are encrypted and stored in the cloud server by the traditional attribute proxy re-encryption medical data storage, however, the operation cost of asymmetric encryption is huge, the cloud server is not only responsible for high-intensity operation and storage, but also influences the efficiency of the cloud server when the number of users is increased, and the user experience is influenced.
2) The lack of protection of patient data in sharing enables matching between a patient and a doctor when the patient shares medical data, but key updating is essential when the patient wants to share an archive with a plurality of doctors. At present, the traditional medical archive sharing method has a great defect in the aspect of key updating, and the key updating cannot be carried out efficiently and conveniently.
Aiming at the defects of high operation overhead, complex operation and the like of the traditional attribute proxy re-encryption medical data sharing scheme, a scholars successively adopt methods of attribute revocation, self-clock encryption and the like to solve the problem of difficult key updating, so that the secret key is updated, and the overhead is a problem which cannot be solved although the security is high. Every time the attribute is cancelled and the self-clock is encrypted, huge resources of the server are consumed, and the card pause is formed, so that the user experience is influenced. The requirements of users on convenient and smooth schemes are not met.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a safe, reliable and high-calculation-efficiency medical data archive method.
The invention focuses on privacy protection during medical data sharing, introduces a mixed encryption, ciphertext and key separation storage mode, and combines attribute proxy re-encryption to realize an attribute proxy re-encryption medical data sharing scheme.
The technical scheme of the invention is as follows:
an attribute agent re-encryption medical data sharing method comprises the following steps of constructing an attribute agent re-encryption medical data sharing scheme flow, wherein the scheme flow comprises the following steps: user registration, data storage and data matching.
The attribute agent re-encryption medical data sharing scheme comprises three core objects of a Hospital (Hospital, HS), a Cloud service provider (Cloud server, CS) and a key distribution center:
1) the patients: responsible for submitting the attributes to the key distribution center and for managing the key pairs.
2) Hospital: the hospital is responsible for generating the medical files of the patients to carry out operations such as segmentation, encryption and the like.
3) A doctor: and is responsible for accepting medical files and submitting own attributes to the key distribution center.
4) The key distribution center: it is responsible for accepting the attributes of the doctor as well as the patient and for all key generation.
5) Data cloud: and the third-party cloud service provider has huge storage space and the capacity of large-scale data storage.
6) Proxy cloud: third party cloud service providers, and clouds with powerful computing power, are primarily responsible for proxy computing.
In the proposed scheme, the method comprises an initialization stage, a public and private key generation stage, a submission and encryption stage, a re-encryption stage and a decryption stage:
an initialization stage: the key distribution center defines a complete set of attributes that includes all medical department classifications, as well as doctor duties, basic information about the patient, etc. And generating a public key, a public parameter and a master key of the system according to different attributes submitted by the patient and the doctor.
And (3) an encryption stage: in the process, a patient divides an authorized hospital file into two parts, main data and sensitive data according to a specified data division method. So that a complete file cannot be obtained without performing a file merge operation. And encrypting the main data, uploading the main data to a data cloud storage, and verifying the hash value of the main data to ensure the integrity of the data. And updating the key by using the key tree based on the attribute so that the user who is not authorized can not obtain the key. And the sensitive data part, the symmetric key and the key information are subjected to attribute encryption, matching and other operations.
The generation and re-encryption phases of the proxy key: when the patient is not satisfied or accurate diagnosis can not be obtained, the patient submits a request for expanding the matching range to the hospital, and carries out key authorization to the hospital, and the hospital obtains the key pair authorized by the patient. And generating an agent re-encryption key, and performing re-encryption operation on the obtained data and the submitted new attribute range by the agent cloud to generate an agent re-encryption ciphertext.
And a decryption stage: and communicating the doctor with the patient, and obtaining the private key generated by the key distribution center by submitting the corresponding attribute to the key distribution center when the submitted attribute meets the access structure. And finally, decrypting all data to obtain a plaintext. If the doctor can not make corresponding diagnosis or the diagnosis of the doctor is not satisfactory, the patient wants to let more doctors to perform analysis and consultation, and the patient authorizes the hospital to perform re-encryption operation through the agency cloud. When the doctor submits the attribute to meet the newly set attribute of the patient, the doctor decrypts the attribute through the private key distributed to the doctor to obtain the key information and the data segment key so as to obtain complete data.
Compared with the prior art, the invention has the beneficial effects that:
(1) data integrity and tamper resistance: after the file is divided into two parts, the two parts are stored in different cloud servers, and each data body contains a hash value. When data are stored in the cloud server every time, hash check is carried out, and the integrity of the file is ensured. If the file is tampered in the transmission process, the cloud server cannot store the file, and the tamper resistance of the file is enhanced.
(2) OriginalDocument security: the method applies a mixed encryption mode, and divides the file into two parts to be stored in the cloud server respectively. And the data is segmented and uploaded to a data cloud, so that the cloud platform cannot obtain a complete file. The scheme is divided into a key distribution center, a data cloud and an agent cloud besides a patient and a doctor. Wherein the original plaintext is not available for any two leaked information. When the key center and the data cloud are leaked, only the main part of the data can be obtained, but the numerical value of the sensitive data cannot be obtained. When information in the cloud server is leaked, an attacker needs to break the key k*And key information I can obtain the plaintext. The scheme uses a key tree based on attributes to realize the change of keys, namely a symmetric key k*Will be continuously updated so that an attacker cannot obtain the data of the original file.
(3) Security of re-encryption: the method uses attribute proxy re-encryption to perform matching work. The attribute proxy re-encrypts, unlike the previous attribute access control. The file is encrypted by the attribute and then encrypted for the second time, so that the cloud platform cannot obtain the file plaintext, and the file safety is ensured to the greatest extent in the proxy re-encryption process. (4) Privacy: after the file is divided, the file is respectively encrypted and stored, and the main data uses an updatable secret key k*Encryption is performed. This allows each authorized access doctor to obtain a unique key. After the patient is remotely asked, if the patient is not successfully and unexpectedly asked, the doctor who has previously diagnosed cannot obtain the secret key, so that the privacy of the file and the user can be ensured.
Drawings
FIG. 1 is an interaction flow diagram of the present invention;
FIG. 2 is a diagram of a medical data archive segmentation scheme of the present invention;
FIG. 3 is a tree diagram of the attribute data key generation of the present invention;
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it is to be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The invention provides an attribute agent re-encryption medical data sharing scheme, and a scheme flow chart is shown in figure 1:
1) an initialization stage:
running Algorithm 1, groups G and G were randomly selectedTAnd generating the primitive g, g1∈G,α,a∈Z pAnd there is a bilinear map e that satisfies: g → GT. Generating system public parameter GP, hash function ID of hash function representing identity information and hash function H of role basic attribute1Hash function H of doctor's basic information2Hash function H of messages3
Figure BDA0002772655170000041
The patient applies for the secret key distribution center, and selects t E to Z randomly* PAnd (3) running an algorithm 2.1 to generate a unique public and private key pair of the patient (doctor):
SK=(K=gatgα,L=gt,Kx=ID(x)t,t∈SA) (2)
2) and (3) an encryption stage:
subject data m submitted by the hospital to the received user1Running an algorithm 5.1 for encryption and storing in the cloud, generating a data key by a key distribution center, and receiving data m by the proxy cloud2The algorithm 5.2 is run to perform attribute encryption on the data. Wherein the access control structure specified by the user is (M, ρ). Only when the attribute access applied by the doctor meets the access control structure, the decoded ciphertext CT can be obtainedAThe encrypted ciphertext may be represented as:
Figure BDA0002772655170000051
where M represents an L N matrix ρ is a mapping that relates M rows to attributes, { ρ (i) |1 ≦ i ≦ L } represents the attributes in the access structure (M, ρ). S denotes a secret to be shared. s, y2,y3…yn∈Z* P. For i 1 to l, γ is set1=vMi,MiIs the vector corresponding to the ith row of the matrix M, v ═ s, y2,y3…yn),r1…ri∈Z* P
3) A proxy key generation stage:
when the patient is not satisfied with the diagnosis of the doctor or the doctor cannot make an accurate judgment, the file is subjected to proxy re-encryption operation. At this time, it is necessary to judge whether or not the doctor attribute satisfies the attribute set M newly set by the userII) If the access structure is satisfied, an algorithm 2.2 is run to generate the public and private keys of the doctor. Wherein, the agent cloud randomly selects theta to be Z PAnd forming an access structure (m) according to the requirements of the archive and of the userII) And generating a unique data key k by using an attribute set provided by a patient through an attribute key tree, so that all doctors meeting the attribute obtain the same data key to realize consultation. Calculating rkA→BExpressed as:
Figure BDA0002772655170000052
4) and a re-encryption stage:
judging whether the doctor attribute meets the set (M ', rho') of attributes set by the user, if so, randomly selecting delta E to GT
Figure BDA0002772655170000053
Figure BDA0002772655170000061
When S satisfies the setting condition of (m, ρ), there is a constant set { ωi∈Z* P}i∈lSo that ∑i∈lwiγiS. Wherein, { gamma., (gamma.)iIs the secret sharing of s.
5) And a decryption stage:
after the user and the doctor communicate with each other, the doctor submits the corresponding attribute to the key distribution system, and when the access control structure is satisfied, the algorithm 8.1 is operated to decrypt the ciphertext encrypted by the attribute. The solving process is as follows:
Figure BDA0002772655170000062
when the doctor obtains the data segment m2Data key k*Then, recovering the data m and converting the data m into the data m*And m3And combining to obtain a plaintext m.
When the user is not satisfied with the doctor's diagnosis, or the doctor cannot make an accurate judgment, the proxy cloud will set a new access control structure (m) according to the requirements provided by the userII) Thereby obtaining the plaintext m. The solving process is as follows:
Figure BDA0002772655170000063
the invention provides an attribute agent re-encryption medical data sharing scheme, wherein a medical file segmentation chart is shown in figure 2:
the patient authorizes the hospital to perform grouping extraction of characters (Chinese characters, Arabic numerals, English words, punctuation marks, spaces and the like) in the file:
(1) determining the size of the file and the number h of the divided file groups, recording after each division, generating key information I, and handing in a hospital for storage.
(2) And verifying the integrity of the file, and verifying the hash value to ensure that the data is stored completely.
(3) Extracting a data set with Arabic numerals (the Arabic numerals are extracted for medical data because the Arabic numerals are mostly dynamic data and key information in the medical data).
(4) And other subject data is encrypted and stored in the data cloud.
In the attribute agent re-encryption medical data sharing scheme provided by the invention, a data key generation tree diagram is shown in fig. 3:
the attribute key tree is used for mapping the relationship between the user attribute and the node, and can be divided into two root nodes to represent the basic information of the user and the doctor information. Meanwhile, each node represents a different attribute group, and the leaf nodes represent each user attribute. Each user has a unique identifier ID. And (4) representing. For example, a 40 year old man with a study of this family, professor in surgery in Hospital three. After the divided data segments are encrypted by using the key, each user has the key K belonging to the userThe key k is:
Figure BDA0002772655170000071
Figure BDA0002772655170000072
when the user no longer authorizes the doctor to access the right or authorizes the next doctor, the key is changed, and the previously authorized user cannot normally access the file. The encryption method comprises the following steps:
Ek*[m1]=CT*
example 1:
the testing environment adopts windows operating system of intel i5-6500 CPU @3.20Hz and 8GB memory to test the efficiency of the algorithm by using python language. The time for executing one bilinear pairing operation is 18.05ms, 1ms is needed for carrying out digital signature on a 100-bit data segment, 4.02ms is needed for executing one power exponent operation on the data segment in 20ms, and 1.55s is needed for encrypting an attribute file with 100 characteristics. It is assumed herein that the user stores no more than 100MB of medical files, and thus the fixed file size is 100 MB. The attribute increments from 0 to 100. The number of partitions h is typically no greater than 10 and each data segment does not exceed 10 MB.
The invention provides the attribute proxy re-encryption medical storage method based on segmentation by combining the characteristics of the medical file and the advantages of attribute encryption and proxy re-encryption, and has great difference compared with the original medical storage method. According to the scheme, the data sharing safety is guaranteed, meanwhile, the cost of cloud service is reduced, and in the scheme, the patient can complete functions of remote inquiry, medical archive storage and the like only by submitting attributes and authorizing hospitals. And the ideas of segmentation and mixed encryption are introduced, and sensitive data is prevented from being leaked by extracting the sensitive data, and performing attribute encryption and segmentation storage on the sensitive data. And the cipher text and the key are stored separately, so that the key update based on the attribute is realized, and the privacy of the user is protected to the greatest extent. Under the condition that the information of the user is not leaked at present, the agent re-densifies and carries out matching access of the doctor, so that the whole method is more convenient, faster and safer. While the invention has been described in detail, it will be apparent to those skilled in the art that various changes, modifications, and equivalents may be made therein without departing from the spirit and scope of the invention.

Claims (9)

1. An attribute agent re-encryption medical data sharing method is characterized in that: the method comprises the following steps of constructing an attribute-based proxy re-encryption method model, and adopting the method: user registration, attribute submission and matching; and comprises the following steps: in the data sharing process, data segmentation is adopted, the data are divided into main data and sensitive data, the main data and the sensitive data are respectively stored in different cloud servers, the main data are separated and stored by symmetric encryption and attribute proxy re-encryption, and the sensitive data are used for matching ciphertext key separation of the main data.
2. The method of claim 1, wherein the method comprises: the user registration adopts an attribute encryption scheme to carry out attribute matching, when a doctor meets user attributes, a secret key is sent to the doctor to carry out decryption, when the doctor does not meet the requirements of a patient, the cloud server carries out attribute proxy re-encryption operation on the file, so that the server carries out secondary encryption operation on the file, the matching range is expanded, main data symmetric encryption carries out secret key updating through an attribute secret key tree, one-time pad is achieved, and the privacy of the patient is protected.
3. The attribute-based proxy re-encryption medical data sharing method according to claim 1 or 2, characterized in that: the model comprises three core objects, namely a cloud server, a hospital and a key distribution center, wherein patients and doctors are users, and the hospital is a completely trusted third party and is responsible for generating medical archives and pre-operating the archives; the cloud server is a semi-trusted third party, not only operates according to a protocol but is honest and curious, and comprises a data cloud and an agent cloud, wherein the data cloud is mainly responsible for a storage function, and the agent cloud is responsible for a calculation and matching function; the key distribution center generates public parameters, a master key and a system public key for the initialization of the whole scheme.
4. The method of claim 1, wherein the user registration comprises the steps of:
step 1: the user submits the attribute of the user to the key distribution center;
step 2: the key distribution center generates a group of public keys PK according to usersiAnd a private key SKiGenerating a system master key MSK, a system public key PK, a public parameter GP, generating a data key k according to an attribute key tree*
5. The method of claim 1, wherein the encryption phase comprises the steps of:
step 1: a patient authorizes a hospital to perform data preprocessing, namely data segmentation, dynamic numbers are extracted according to the characteristics of medical files, and files are divided into main data and sensitive data;
step 2:subject data is passed through data key k*And encrypting and storing the data in a data cloud, and performing attribute encryption on the sensitive data according to the attribute structure (m.rho) submitted by the user and storing the data in an agent cloud.
6. The method of claim 2, wherein the proxy re-encryption phase comprises the steps of:
step 1: when the patient is not satisfied with the diagnosis of the doctor, authorization is provided for the hospital, and the file is subjected to proxy re-encryption operation;
step 2: private key SK of patient for hospitalPatient suffering fromAnd the public key PK of the doctorMedicine for treatingGenerating proxy re-encryption key rkA→B
And step 3: proxy cloud re-encrypting key rk through proxyA→BAnd a new patient-defined attribute structure (m '. ρ'), and the ciphertext CT, the data key kProxy re-encryption operations are performed together.
7. The method of claim 2, wherein the decryption stage comprises the steps of:
step 1: when the patient shares and a doctor meets the patient specified attribute structure (m, rho), the key distribution center distributes the private key SK and the data key kSending to doctor for decryption, and obtaining k by decryption*Solving to obtain main data to obtain a plaintext m;
step 2: when the patient is not satisfied with the doctor's diagnosis, all satisfy the attribute structure (m '. ρ '), directly with its own private key SKMedicine for treatingPerforming decryption to obtain k*And (5) solving to obtain main data to obtain a plaintext m.
8. The method of claim 2, wherein the method comprises:
the attribute agent re-encryption medical data sharing method adopts a mixed encryption mode in an encryption mode and a storage mode of separating a ciphertext and a secret key, so that a patient and a doctor can update the secret key during each access only by submitting own attributes.
9. The method of claim 1, wherein the method comprises: the 8 algorithms:
1)setup(1k,U)→GP,MSK,PK
the system initialization algorithm: input 1kAnd U is the security parameter and attribute set respectively, the GP is the public parameter according to the security parameter and attribute corpus, MSK and PK are the main key of the system and the public key of the system;
2)Keygen1(PK,MSK,SA)→PKA,SKA
Keygen2(PK,MSK,SB)→PKB,SKB
the key generation algorithm: inputting system public key PK, system master key MSK and user-submitted attribute SA、SBOutputting the private key and the public key PKA、SKAAnd PKB、SKB
3)DataSeg(m)→m1,m2
Data segmentation: dividing the plain text m into h parts including two parts m1,m2
4)ReKeygen1(GP,SKA,(M′,ρ′),PKB)→rkA→B
And (3) re-encryption key generation: inputting public parameter GP, user private key SKAAnd a shared structure (M ', rho') constructed according to the needs of the user, and a public key PKBGenerating a proxy re-encryption key rkA→B
5)Encrypt1(m1,k*)→CTA
Encrypt2(GP,m2,k*,I,(M,ρ),PK)→CTA
Information encryption algorithm 1: sensitive data m1Encrypted by a data key to obtain a ciphertext CTA′;
Information encryption algorithm 2: data m by common parameter GP2Preset sharing authority (M, rho), given system public key PK, and data key k*And key data I, output ciphertext CTA
6)ReEncrypt(rkA→B,CTA,(MI,ρI),PKB,SKA)→CTB
Cipher text re-encryption algorithm: judging whether Bob is a system contract user or not, if so, inputting the ciphertext CTAAnd Bob public key PKBAnd the patient's private key SKAShared structure (M ', ρ') to generate a re-encrypted ciphertext CTB
7)ReDecrypt(CTB,SKB)→m2,k
Re-encryption and decryption: the system checks the attribute set S of the requesting user BobBWhether to satisfy the heavy encrypted ciphertext CTBShared structure (M) in (1)I,ρI) SK can be used if Bob is satisfiedBTo give m2And a symmetric data key k
8)Decrypt1(CTA,PK,SKA)→m2
Decrypt2(CTB,SB,SKB)→m2
Decrypt3(CT,k*,GP)→m1
And (3) ciphertext decryption: if the submission attribute conforms to the access control policy, Bob obtains the private key SKAAccording to CTA,PK,SKASolve to obtain data m2Bob requests CT from the cloud, using data key kDecrypting CT to obtain data m1
CN202011256986.0A 2020-11-11 2020-11-11 Attribute agent re-encryption medical data sharing method Pending CN112364376A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011256986.0A CN112364376A (en) 2020-11-11 2020-11-11 Attribute agent re-encryption medical data sharing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011256986.0A CN112364376A (en) 2020-11-11 2020-11-11 Attribute agent re-encryption medical data sharing method

Publications (1)

Publication Number Publication Date
CN112364376A true CN112364376A (en) 2021-02-12

Family

ID=74515316

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011256986.0A Pending CN112364376A (en) 2020-11-11 2020-11-11 Attribute agent re-encryption medical data sharing method

Country Status (1)

Country Link
CN (1) CN112364376A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114386072A (en) * 2022-01-13 2022-04-22 中国科学技术大学 Data sharing method, device and system
CN114422189A (en) * 2021-12-22 2022-04-29 都易链(扬州)数字科技有限公司 Park security management system and method based on block chain technology
WO2022223036A1 (en) * 2021-04-23 2022-10-27 山东英信计算机技术有限公司 Method and apparatus for sharing encrypted data, and device and readable medium
WO2023025255A1 (en) * 2021-08-27 2023-03-02 之江实验室 Multi-center medical diagnosis knowledge graph representation learning method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002025861A1 (en) * 2000-09-20 2002-03-28 The University Of Maryland Dynamic key management architecture for ensuring conditional access to secure multimedia multicast
CN105721146A (en) * 2016-03-03 2016-06-29 江苏大学 Big data sharing method for cloud storage based on SMC
US20160277374A1 (en) * 2011-10-31 2016-09-22 Reid Consulting Group System and method for securely storing and sharing information
WO2017210563A1 (en) * 2016-06-02 2017-12-07 Reid Consulting Group, Inc. System and method for securely storing and sharing information
US20180254901A1 (en) * 2016-05-06 2018-09-06 ZeroDB, Inc. Method and system for secure delegated access to encrypted data in big data computing clusters
CN109741803A (en) * 2019-01-14 2019-05-10 南京大学 Medical data security cooperation system based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002025861A1 (en) * 2000-09-20 2002-03-28 The University Of Maryland Dynamic key management architecture for ensuring conditional access to secure multimedia multicast
US20160277374A1 (en) * 2011-10-31 2016-09-22 Reid Consulting Group System and method for securely storing and sharing information
CN105721146A (en) * 2016-03-03 2016-06-29 江苏大学 Big data sharing method for cloud storage based on SMC
US20180254901A1 (en) * 2016-05-06 2018-09-06 ZeroDB, Inc. Method and system for secure delegated access to encrypted data in big data computing clusters
WO2017210563A1 (en) * 2016-06-02 2017-12-07 Reid Consulting Group, Inc. System and method for securely storing and sharing information
CN109741803A (en) * 2019-01-14 2019-05-10 南京大学 Medical data security cooperation system based on block chain

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
叶少珍;陈丽卿;: "基于查询属性基加密的访问控制方案", 北京工业大学学报, no. 08 *
周艺华;李洪明;: "基于区块链的数据管理方案", 信息安全研究, no. 01 *
张光华;刘会梦;陈振国;许向阳;: "云环境中基于信任分散策略的数据共享方案", 计算机应用研究, no. 03 *
王小康;杨明;: "基于秘密共享理论的安全组通信研究综述", 计算机应用研究, no. 05 *
罗恩韬;王国军;陈淑红;PINIAL KHAN-BUTT;: "移动社交网络中跨域代理重加密朋友发现隐私保护方案研究", 通信学报, no. 10 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022223036A1 (en) * 2021-04-23 2022-10-27 山东英信计算机技术有限公司 Method and apparatus for sharing encrypted data, and device and readable medium
WO2023025255A1 (en) * 2021-08-27 2023-03-02 之江实验室 Multi-center medical diagnosis knowledge graph representation learning method and system
CN114422189A (en) * 2021-12-22 2022-04-29 都易链(扬州)数字科技有限公司 Park security management system and method based on block chain technology
CN114386072A (en) * 2022-01-13 2022-04-22 中国科学技术大学 Data sharing method, device and system
CN114386072B (en) * 2022-01-13 2024-04-02 中国科学技术大学 Data sharing method, device and system

Similar Documents

Publication Publication Date Title
Sun et al. Blockchain-based secure storage and access scheme for electronic medical records in IPFS
Liang et al. PDPChain: A consortium blockchain-based privacy protection scheme for personal data
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
Deepa et al. RETRACTED ARTICLE: E health care data privacy preserving efficient file retrieval from the cloud service provider using attribute based file encryption
CN112364376A (en) Attribute agent re-encryption medical data sharing method
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
CN107635018B (en) Cross-domain medical cloud storage system supporting emergency access control and safe deduplication
CN108171066A (en) The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection
CN111274594B (en) Block chain-based secure big data privacy protection sharing method
CN107948146A (en) A kind of connection keyword retrieval method based on encryption attribute in mixed cloud
Sharma et al. RSA based encryption approach for preserving confidentiality of big data
Ali et al. Verifiable online/offline multi-keyword search for cloud-assisted industrial internet of things
CN113411323B (en) Medical record data access control system and method based on attribute encryption
John et al. Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation
CN115765965A (en) Medical data safety sharing method based on federal learning and double union block chains
Sethia et al. CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder.
CN105656881B (en) A kind of electronic health record can verify that outsourcing storage and retrieval system and method
Niu et al. Attribute-based keyword search encryption scheme with verifiable ciphertext via blockchains
CN115296810A (en) Medical shared cloud storage file auditing method supporting accurate examination
Pawar et al. Privacy preserving model-based authentication and data security in cloud computing
Niu et al. A data-sharing scheme that supports multi-keyword search for electronic medical records
CN113660278B (en) Quantum attack resistant non-interactive attribute proxy re-encryption method and system
Wala Aldeen Khairi Framework For Modeling and Simulation of Secure Cloud Services
CN113382067A (en) Novel personal health record scheme based on attribute encryption
Wu et al. Adaptive authorization access method for medical cloud data based on attribute encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination