Disclosure of Invention
In order to solve the problem that the current medical data is difficult to share, the invention provides an IPFS-based alliance blockchain medical data storage sharing method and system.
A medical data storage sharing method based on a block chain of alliances comprises the following steps:
s1, building a block chain of alliances and a private IPFS network, registering each entity in the model into the system, obtaining a public and private key pair, initializing the system, and generating public parameters and a master key of the system;
s2, the patient acquires medical data from the hospital, locally generates an access strategy related to the medical data, encrypts the medical data and the access strategy by using a multi-authority attribute-based encryption algorithm to obtain a ciphertext, locally stores the ciphertext in the built private IPFS network, and the private IPFS network distributes a unique IPFS hash value to the ciphertext stored in the network and feeds the unique IPFS hash value back to the patient; the patient stores the IPFS hash value corresponding to the ciphertext in the federation blockchain (since the size of the IPFS hash value is only dozens of bits, the hybrid storage model effectively releases the storage space on the chain);
s3, when a data requester requests to access medical data of a patient, obtaining an IPFS hash value (namely a storage position in the IPFS network) of encrypted medical data (ciphertext) of the patient through a chain retrieval type transaction, wherein the data requester downloads the original medical data encrypted by the patient in the IPFS network through the IPFS hash value of the ciphertext, but whether decryption is successful depends on whether the attribute set of the data requester meets an attribute threshold value in an encrypted medical data access strategy set by the patient, and if the attribute set of the data requester meets the attribute threshold value in the access strategy set by the patient, the medical data of the patient is successfully decrypted to obtain a data plaintext; otherwise, the decryption is not successful.
In a preferred embodiment, in step S2, the multi-rights attribute based encryption algorithm implements the encryption and decryption process of the data, including the following five algorithms:
s211: an initialization algorithm: inputting a security parameter K, and outputting a global public parameter GP, an authority identifier aid and a user identity identifier uid;
Setup(k)→(GP,aid,uid)
where Setup () represents the input to the initialization phase.
S212: attribute authority initialization algorithm: inputting a global common parameter GP; outputting the public key PK of the authorization organization related to the attributeaidWith a private key SKaid, where the public key PKaidBroadcast to entities in an organization;
AuthSetup(GP)→{PKaid,SKaid}
where authsetup (GP) indicates that the input to the attribute authority initialization phase is the global common parameter GP.
S213: the key generation algorithm: inputting global public parameter GP of system, private key SKaid of authority, user identifier uid and attribute set S; outputting a decryption key SK associated with a set of user attributesuid;
KeyGen(GP,{SKaid},uid,S)→SKuid
Where KeyGen (-) represents the input to the key generation phase.
S214: and (3) encryption algorithm: inputting global public parameter GP of system, public key PK of authority related to the attributeaidPlaintext M, access policy a; outputting a ciphertext CT;
Encrypt(GP,{PKaid},M,A)→CT
where Encrypt (·) represents the input to the encryption phase.
S215: and (3) decryption algorithm: global common parameters GP, ciphertext CT of the input system, decryption key SK associated with the set of user attributesuid(ii) a If the attribute is larger than the attribute threshold value in the access strategy, decrypting and outputting the plaintext M; otherwise, decryption fails, and the expression is as follows:
Dec(GP,CT,SKuid)→M。
where Dec (-) represents the input to the decryption stage.
In a preferred embodiment, in step S2, the secure storage of the medical data is implemented by using a chain uplink and downlink hybrid storage structure, and the process of uploading the encrypted data by the patient includes the following specific steps:
s221: after a patient acquires own medical data from a hospital, an access strategy related to the medical data is locally generated, an original text of the medical data and the access strategy are encrypted by using a multi-authority attribute-based encryption algorithm to generate a ciphertext, a digital signature is performed on the ciphertext by using a private key SKaid, and the ciphertext and the digital signature corresponding to the ciphertext are sent to an IPFS node cluster in a model;
s222: one IPFS node in the IPFS node cluster receives data uploaded by a patient, and the identity of the patient is verified by verifying the digital signature of the patient; after the identity of the patient is confirmed, uploading the ciphertext to a private IPFS network in the model, and returning a unique hash value to the IPFS node by the IPFS network according to the uploaded content of the node; IPFS node utilizes public key PKaidCarrying out digital signature on the received hash value to obtain a digital signature of the hash value, and sending the ciphertext, the returned hash value and the digital signature of the hash value to each IPFS node in the IPFS network node cluster for verification;
s223: each IPFS node in the IPFS node cluster verifies the identity of a patient, locally calculates the hash value of the ciphertext, passes the verification if the hash value is consistent with the hash value returned by the IPFS network, and sends a confirmation message to the IPFS node interacting with the patient; after receiving the confirmation messages of other IPFS nodes, the IPFS node sends the ciphertext name, the hash value, the patient identity and the timestamp transaction to the alliance blockchain Fabric; the class transaction comprises a medical data owner and a corresponding IPFS hash value;
s224: after receiving the class transaction sent by the IPFS node, a backup node in the alliance blockchain Fabric firstly verifies the identity of the IPFS node, then verifies each content in the metadata, if the verification is passed, the class transaction is locally backed up, interactive consensus nodes are randomly selected based on a verifiable random function, and the class transaction is sent to the consensus nodes;
s225: after the consensus node receives the similar transaction sent by the backup node, verifying each content and node identity in the similar transaction, after the verification is successful, signing the similar transaction, sending the signature to each node in a verification node group in an alliance block chain, performing consensus verification on the similar transaction by using a PBFT algorithm, and packaging and chaining the similar transaction after consensus confirmation exceeding 2/3 is obtained.
In a preferred embodiment, the group of verification nodes in a federation blockchain Fabric contains two types of nodes: a backup node and a consensus node; the backup node is responsible for interacting with the IPFS node, receiving information and sending the received information to the consensus node; the consensus node is responsible for verification packaging and confirmation chaining of transactions.
In a preferred embodiment, in step S3, the process of accessing the encrypted medical data of the patient by the data requester specifically includes:
s31: the data requester sends the real identity to the central authority CA to obtain CID, sends CID to each attribute authority AA to obtain an attribute set S and a private key set P related to the identity;
s32: the data requester sends a data access request to a node in the alliance blockchain Fabric verification node group, wherein the request comprises a doctor CID, a name of access data and an owner; after receiving the access request, the node firstly verifies the identity of the data requester, after the identity verification is passed, the class transaction is retrieved on the chain according to the name of the accessed data and the owner, and after the corresponding class transaction is found, the related class transaction containing the request content and the CID of the data requester are sent to the IPFS node group;
s33: the method comprises the steps that firstly, the identity of a data requester is verified through nodes in an IPFS node group, after the identity of the data requester passes the verification, an IPFS hash value corresponding to access data is extracted from class transaction, complete encrypted data of a patient is searched in a private IPFS network in a model according to the hash value, and after the complete encrypted data are found, a ciphertext is sent to the data requester;
s34: after receiving the original medical data encrypted by the patient, the data requester decrypts the ciphertext by using the attribute set S and the key related to the attribute, and if the attribute value of the data requester meets the access strategy set by the patient, the complete medical data of the patient is successfully decrypted; otherwise, decryption fails.
A medical data storage sharing system based on a block chain of alliances comprises a block chain of alliances network, a data storage module and a data sharing module, wherein the block chain of alliances network is used for providing a block chain of alliances network environment; the data storage module is used for storing the medical data chain of the patient to a corresponding network in an uplink and downlink mode; the data sharing module is used for safely sharing the medical data of the patient to the data requester who obtains permission.
In a preferred embodiment, the digital storage module comprises a hybrid storage model, wherein the hybrid storage model is a chain uplink and downlink hybrid storage structure, and original bulk medical data is firstly stored under a chain by using a private IPFS network; the private IPFS network assigns a unique IPFS hash value to the stored content and stores the IPFS hash value on the federation blockchain.
The invention has the beneficial effects that:
the IPFS-based alliance type medical block chain endows the medical data storage sharing system with higher safety and efficiency, and is beneficial to privacy protection of users. The invention adopts a mixed storage mode, original medical data is stored in a private IPFS network, metadata is stored in a alliance chain, the effective storage of a large amount of medical data is realized, and meanwhile, the security of the medical data in the process of uploading by a patient and accessing by a data visitor is protected by utilizing a multi-authority attribute-based encryption algorithm, and the access control of the patient on the medical data is realized.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The table of the entities corresponding to the respective acronyms referred to in the description of the invention is shown in fig. 2.
In order to relieve data storage pressure on a blockchain and release a local storage space of a new node, the embodiment of the invention provides a medical data storage sharing method and system based on an alliance blockchain, which relate to a distributed storage platform IPFS (internet protocol file system), in particular to a medical data sharing model realized by adopting various adaptive encryption and decryption algorithms in different application scenes. Specifically, the distributed File System IPFS is used as a down-link storage platform of original medical data, an InterPlanetary File System (IPFS) is a point-to-point distributed File System, a unique hash value can be distributed to files added into a network, and the IPFS is an ideal choice for storing a large number of files, so that the files can be permanently stored and high throughput is provided. Since IPFS is based on content addressing rather than the usual address-based addressing, the hash values returned for the same file are the same, enabling the deletion of redundant files with the same content while providing efficient retrieval services. When storing medical data, the patient first stores the original medical data down-link into the IPFS and stores the returned IPFS hash value up-link onto the federation chain Fabric. Because IPFS adopts SHA256 algorithm to calculate the hash value, the returned hash value only occupies dozens of bits, thereby greatly releasing the storage space on the chain and improving the storage efficiency and the safety of the medical data. After the medical data is linked, in order to enable a patient to decide to accept or reject the access request of a data requester to the medical data, the invention adopts a multi-authority attribute-based encryption algorithm (MA-ABE);
the attribute-based encryption Algorithm (ABE) treats the identity as a series of attributes, and when the attribute owned by the user exceeds an attribute threshold value described in the sender access policy, the user can correctly receive the ciphertext and successfully decrypt the ciphertext. Depending on the different locations of the decryption policy, the ABE may be classified as key policy based attribute encryption (KP-ABE): the decryption strategy of the ciphertext is embedded into a private key of a user when a key is generated, and the related attribute is embedded into the ciphertext when the key is encrypted, namely the access strategy is associated with the key; ciphertext policy based Attribute encryption (CP-ABE): the decryption strategy of the ciphertext is embedded into the ciphertext during encryption, the user-related attribute is embedded into the private key during key generation, and namely the access strategy is associated with the ciphertext. The two differences are that whether a patient has the right to decide to receive or reject the encrypted data request or not, and because the invention wants to give the patient the control right on the medical data of the patient, the CP-ABE algorithm which embeds the decryption strategy formulated by the patient into the ciphertext is selected, but because a single authorization mechanism AA is introduced into the CP-ABE algorithm to distribute the secret key for each user, the privacy of the user is easy to leak, and in the face of a large number of requests, the workload processed by the single attribute authorization mechanism (AA) is too large to become the bottleneck of improving the system efficiency. Therefore, an attribute-based encryption algorithm (MA-ABE) of a plurality of authorities is selected as the encryption algorithm of the text;
the medical data storage sharing method based on the alliance block chain is suitable for the fields of medical data storage sharing and encrypted data access control; the alliance type medical block chain based on the distributed storage platform IPFS endows the medical data storage sharing system with higher safety and efficiency, and improves the privacy of medical data of users.
The present embodiment provides a method for sharing medical data storage based on federation blockchain, and the flow chart of the method is shown in fig. 1, and in a preferred embodiment, the method includes, but is not limited to, the following steps:
s1, building block chain of alliance and private IPFS network, registering each entity in the model to the system, obtaining public and private key pair, initializing the system, and generating public parameter and main key of the system.
In a preferred embodiment, step S1 specifically includes:
s11: and building an alliance blockchain Fabric network, building a verification node group and an IPFS node group, and building a private IPFS network. Uploading and downloading the local file, and detecting whether the network is successfully built;
s12: entities in the system register with a central authority CA, submit real identity IDs to obtain public and private key pairs (PK, SK), and generate public parameters and a system master key of the system.
Nodes in the public IPFS network are distributed all over the world, so that the data downloading rate and the network delay from a certain node cannot be guaranteed; in this embodiment, a private IPFS network is locally constructed, and the identity of each node in the network is known (e.g., an alliance block chain), so that data in the private network can be quickly downloaded, and system efficiency is improved.
And S2, realizing safe storage of the medical data by adopting a chain uplink and downlink mixed storage structure.
S21, the patient acquires medical data from the hospital, locally generates an access strategy related to the medical data, encrypts the medical data and the access strategy by using a multi-authority attribute-based encryption algorithm to obtain a ciphertext, locally stores the ciphertext in the built private IPFS network, and the private IPFS network generates a unique IPFS hash value for the stored ciphertext and feeds the unique IPFS hash value back to the patient to obtain the safety guarantee of the data.
Because the original medical data acquired by the patient from the hospital contains bulk files such as medical images, diagnostic process videos and the like, the number of bits is huge, the storage space occupation is large, and the raw medical data is not easy to be directly stored on a chain. The invention adopts a hybrid storage structure to safely store medical data, and the main idea of the hybrid storage is that a patient firstly verifies an original bulk medical data through an IPFS node group and stores the original bulk medical data on a private IPFS system, the IPFS system allocates a unique hash value for the medical data content stored in a network, and then verifies and stores the IPFS hash value on an alliance block chain through a verification node group. Since the IPFS hash value is only a few tens of bits in size, this hybrid storage model effectively frees up on-chain storage space.
In a preferred embodiment, the multi-rights attribute-based encryption algorithm employed by the patient to encrypt the raw medical data includes the following five algorithms:
s211, an initialization algorithm: inputting a security parameter K and outputting a global public parameter GP; the authority identifier aid and the user identity identifier uid are output.
Setup(k)→(GP,aid,uid)
S212, initializing an algorithm by an attribute authority: inputting a global common parameter GP; outputting the public key PK of the authorization organization related to the attributeaidAnd a private key, SKaid, wherein the public key is broadcast to entities in the organization.
AuthSetup(GP)→{PKaid,SKaid}
S213, a key generation algorithm: inputting a global public parameter GP of the system, a private key SKaid of an authority, a user identifier uid and an attribute set S; outputting a decryption key SK associated with a set of user attributesuid
KeyGen(GP,{SKaid},uid,S)→SKuid
S214, encryption algorithm: inputting global public parameter GP of system, public key PK of authority related to the attributeaidPlaintext M, access policy a; and outputting the ciphertext CT.
Encrypt(GP,{PKaid},M,A)→CT
S215, decryption algorithm: global common parameters GP, ciphertext CT of the input system, decryption key SK associated with the set of user attributesuid(ii) a If the attribute is larger than the attribute threshold value in the access strategy, decrypting and outputting the plaintext M; otherwise, decryption fails.
Dec(GP,CT,SKuid)→M
And S22, storing the IPFS hash value corresponding to the ciphertext in the block chain of the alliance by the patient, and constructing a shared connection between the data requester and the medical data of the patient, wherein the shared connection meets the access strategy. Since the IPFS hash value is only a few tens of bits in size, this hybrid storage model effectively frees up on-chain storage space.
In a preferred embodiment, the flowchart for uploading encrypted medical data by a patient is shown in fig. 3, and includes the following specific steps:
s221: after a patient acquires own medical data from a hospital, an access strategy related to the medical data is locally generated, an original text of the medical data and the access strategy are encrypted by using a multi-authority attribute-based encryption algorithm to generate a ciphertext, a digital signature is performed on the ciphertext by using a private key SKaid, and the ciphertext and the digital signature corresponding to the ciphertext are sent to an IPFS node cluster in a model;
s222: one IPFS node in the IPFS node cluster receives data uploaded by a patient, and the identity of the patient is verified by verifying the digital signature of the patient; after the identity of the patient is confirmed, uploading the ciphertext to a private IPFS network in the model, and returning a unique hash value to the IPFS node by the IPFS network according to the uploaded content of the node; IPFS node utilizes public key PKaidCarrying out digital signature on the received hash value to obtain a digital signature of the hash value, and sending the ciphertext, the returned hash value and the digital signature of the hash value to each IPFS node in the IPFS network node cluster for verification;
s223: each IPFS node in the IPFS node cluster verifies the identity of a patient, locally calculates the hash value of the ciphertext, passes the verification if the hash value is consistent with the hash value returned by the IPFS network, and sends a confirmation message to the IPFS node interacting with the patient; after receiving the confirmation messages of other IPFS nodes, the IPFS node packs the identity of the patient, the hash value of the sent ciphertext and the timestamp when the ciphertext is sent into a class transaction, and uses the public key of the patient as the serial number of the class transaction; sending the numbered class transaction to a alliance blockchain Fabric;
s224: after receiving the class transaction sent by the IPFS node, a backup node in the alliance blockchain Fabric firstly verifies the identity of the IPFS node, then verifies each content in the metadata, if the verification is passed, the class transaction is locally backed up, interactive consensus nodes are randomly selected based on a verifiable random function, and the class transaction is sent to the consensus nodes;
s225: after the consensus node receives the similar transaction sent by the backup node, verifying each content and node identity in the similar transaction, after the verification is successful, signing the similar transaction, sending the signature to each node in a verification node group in an alliance block chain, performing consensus verification on the similar transaction by using a PBFT algorithm, and packaging and chaining the similar transaction after consensus confirmation exceeding 2/3 is obtained.
In a preferred embodiment, the group of verification nodes in a federation blockchain Fabric contains two types of nodes: a backup node and a consensus node; the backup node is responsible for interacting with the IPFS node, receiving information and sending the received information to the consensus node; the consensus node is responsible for verification packaging and confirmation chaining of transactions.
S3, when a data requester requests to access medical data of a patient, an IPFS hash value (namely, a storage position in the IPFS network) of encrypted medical data (ciphertext) of the patient is obtained by searching class transactions numbered by a patient public key on a chain, the data requester downloads the original medical data encrypted by the patient in the IPFS network according to the IPFS hash value of the ciphertext in the class transactions, whether decryption is successful depends on whether the attribute set of the data requester meets an attribute threshold value in an encrypted medical data access strategy set by the patient, and if the attribute set of the data requester meets the attribute threshold value in the access strategy set by the patient, the medical data of the patient is successfully decrypted to obtain a data plaintext; otherwise, the decryption is not successful.
In a preferred embodiment, a multi-authority attribute-based encryption algorithm (MA-ABE) is adopted as a core algorithm to implement medical data sharing between the patient DO and the data requester DU, as shown in fig. 4, when the data requester accesses the encrypted medical data of the patient, the following processes are specifically included:
s31: taking the data requester as a doctor as an example, the CID is obtained from the real identity sent to the central authority CA. Sending CID to each attribute authority AA to obtain an attribute set S and a private key set SK related to the identity;
s32: and the doctor sends a data access request to the nodes in the alliance blockchain Fabric verification node group, wherein the request comprises the CID of the doctor, the name and the owner of the access data. After receiving the access request, the node firstly verifies the identity of the doctor, after the identity verification is passed, the class transaction is retrieved on the chain according to the name of the accessed data and the owner, and after the corresponding class transaction is found, the related class transaction containing the request content and the CID of the doctor are sent to the IPFS node group;
s33: the method comprises the steps that firstly, a node in an IPFS node group verifies the identity of a doctor, after the verification is passed, an IPFS hash value corresponding to access data is extracted from class transaction, complete encrypted data of a patient is searched in a private IPFS network in a model according to the hash value, and after the complete encrypted data is found, a ciphertext is sent to the doctor;
s34: after receiving the encrypted original medical data of the patient, the doctor decrypts the ciphertext by using the attribute set S and the key related to the attribute, and if the attribute value of the doctor meets the access strategy set by the patient, the complete medical data of the patient is successfully decrypted; otherwise, decryption fails.
The embodiment provides an IPFS-based alliance blockchain medical data storage sharing system, which comprises but is not limited to an alliance blockchain network, a data storage module and a data sharing module. The federation blockchain network is used for providing a federation blockchain network environment; the data storage module is used for storing the medical data chain of the patient to a corresponding network in an uplink and downlink mode; the data sharing module is used for safely sharing the medical data of the patient to the data requester who obtains permission.
Further, the digital storage module comprises a hybrid storage model, the hybrid storage model is a chain uplink and downlink hybrid storage structure, and original bulk medical data are stored under a chain by using a private distributed storage platform IPFS network; the private IPFS network assigns a unique IPFS hash value to the content stored in the network, and stores the IPFS hash value on the federation blockchain. The downlink IPFS stores raw medical data of the patient; an IPFS hash value corresponding to medical data stored on a chain), since the size of the IPFS hash value is only dozens of bits, the chain uplink and downlink hybrid storage model effectively releases the chain storage space.
The characteristic that a patient can efficiently store a large number of files by using an IPFS system is used for storing original medical data into a private IPFS network, and the returned IPFS hash value with the size of only tens of bits is stored into a federation block chain, so that the storage pressure on the chain is relieved.
Furthermore, the security of the medical data of the patient in the transmission process and the control of the patient on the access control of the medical data are guaranteed by using a multi-authority attribute-based encryption algorithm.
It should be noted that, as one of ordinary skill in the art would understand, all or part of the processes of the above method embodiments may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when executed, the computer program may include the processes of the above method embodiments. The storage medium may be a magnetic disk, an optical disk, a Read-0nly Memory (ROM), a Random Access Memory (RAM), or the like.
The embodiments in the present description are all described in a progressive manner, some features of the method and system of the present invention may be cited, which are not listed in the present invention, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, they are described in a relatively simple manner, and reference may be made to some descriptions of method embodiments for relevant points. The above-described system embodiments are merely illustrative, and the units and modules described as separate components may or may not be physically separate. In addition, some or all of the units and modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is directed to embodiments of the present invention and it will be appreciated by those skilled in the art that changes may be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.