CN112910840B - Medical data storage and sharing method and system based on alliance blockchain - Google Patents

Medical data storage and sharing method and system based on alliance blockchain Download PDF

Info

Publication number
CN112910840B
CN112910840B CN202110047989.1A CN202110047989A CN112910840B CN 112910840 B CN112910840 B CN 112910840B CN 202110047989 A CN202110047989 A CN 202110047989A CN 112910840 B CN112910840 B CN 112910840B
Authority
CN
China
Prior art keywords
ipfs
medical data
data
patient
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110047989.1A
Other languages
Chinese (zh)
Other versions
CN112910840A (en
Inventor
唐宏
刘双
向俊玲
周磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengju Technology Co ltd
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202110047989.1A priority Critical patent/CN112910840B/en
Publication of CN112910840A publication Critical patent/CN112910840A/en
Application granted granted Critical
Publication of CN112910840B publication Critical patent/CN112910840B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention relates to the technical field of medical data sharing, in particular to a medical data storage sharing method and system based on an alliance blockchain, which comprises the following steps: when medical data are stored, original medical data and an access strategy are encrypted by using a multi-authority attribute-based encryption algorithm, a ciphertext is stored in a private IPFS system, the IPFS system distributes a unique hash value for the stored ciphertext, and the hash value is stored on a block chain Fabric of the alliance, so that the storage efficiency and the safety of the medical data are improved; the private IPFS network can improve the system efficiency, and the multi-authority attribute-based encryption algorithm can guarantee the safety of the medical data of the patient and the complete control of the patient on the medical data. The method is suitable for the fields of medical data storage sharing and encrypted data access control; the IPFS-based alliance type medical block chain endows the medical data storage and sharing system with higher safety and efficiency, and improves the privacy of medical data of users.

Description

Medical data storage and sharing method and system based on alliance blockchain
Technical Field
The invention relates to the technical field of alliance blockchains and medical data sharing, in particular to a medical data storage sharing method and system based on alliance blockchains.
Background
Such problems often occur in life, and when a patient visits a doctor, if a doctor wants to obtain the previous visit records of the patient, the doctor needs to spend time on reviewing a plurality of medical records which are prescribed in different hospitals before. Due to the defects that paper medical records are easy to lose and easy to damage, complete medical record of a patient is difficult to obtain. With the development of internet and big data technology, the process of information-based medical data has gradually moved to the right track, however, most of the medical data managed by third-party organizations are vulnerable to malicious attacks, which causes data to be tampered, hidden and lost, and cannot ensure the security and integrity of the data, like centralized medical data storage and sharing platforms such as Electronic Medical Record (EMR), Electronic Health Record (EHR) and Personal health record (RHR); meanwhile, due to the difference of management modes and archiving habits, data sharing among mechanisms is troubled. Therefore, a technology which is not falsifiable, safe, efficient, transparent and reliable is urgently needed to solve the problems in the current medical industry. Block chaining is becoming the preferred solution as the most interesting emerging technology.
The blockchain is a point-to-point distributed database System, and as a bottom core technology of the Bitcoin, originates from Bitcoin: A Peer-to-Peer Electronic case System, published in the cryptology component in 2009 by China. The core characteristic of the block chain technology is decentralization, namely, each node in the system has the same status without a super node, a third-party management mechanism is abandoned, and each node supervises and maintains the distributed accounting book together. Meanwhile, a block chain integrates multiple mature technologies such as a consensus algorithm, a cryptography principle and distributed storage, so that the safety and integrity of data stored on the chain are ensured. For example, in a block chain system, a structure of a Mercker tree organized before data chaining is packed into blocks, a block head stores a hash value of a tree root, and once a position in the tree is slightly modified, the hash value in the block head changes, so that the data stored in the chain cannot be tampered. The block chains are classified into three categories according to whether the system control right and the transaction information are disclosed: the federation block chain is most suitable for solving the architecture of medical data storage sharing.
Although the block chain-based medical data storage and sharing method can provide the advantages of safety and tamper resistance for medical data, the medical data not only contains small-scale files such as texts and numbers, but also possibly contains a large amount of files such as medical images of patients and diagnostic process videos. The block chain has constraint on the size of the block on the chain; meanwhile, data can only be added to the chain and cannot be deleted from the chain, so that the block chain account book is continuously expanded, and the storage pressure on the chain is overlarge. In addition, the block chain system requires that each node needs to locally store a complete account book, data redundancy occurs in the system due to repeated storage of data, and higher storage space requirements are also provided for nodes newly added into the system.
Disclosure of Invention
In order to solve the problem that the current medical data is difficult to share, the invention provides an IPFS-based alliance blockchain medical data storage sharing method and system.
A medical data storage sharing method based on a block chain of alliances comprises the following steps:
s1, building a block chain of alliances and a private IPFS network, registering each entity in the model into the system, obtaining a public and private key pair, initializing the system, and generating public parameters and a master key of the system;
s2, the patient acquires medical data from the hospital, locally generates an access strategy related to the medical data, encrypts the medical data and the access strategy by using a multi-authority attribute-based encryption algorithm to obtain a ciphertext, locally stores the ciphertext in the built private IPFS network, and the private IPFS network distributes a unique IPFS hash value to the ciphertext stored in the network and feeds the unique IPFS hash value back to the patient; the patient stores the IPFS hash value corresponding to the ciphertext in the federation blockchain (since the size of the IPFS hash value is only dozens of bits, the hybrid storage model effectively releases the storage space on the chain);
s3, when a data requester requests to access medical data of a patient, obtaining an IPFS hash value (namely a storage position in the IPFS network) of encrypted medical data (ciphertext) of the patient through a chain retrieval type transaction, wherein the data requester downloads the original medical data encrypted by the patient in the IPFS network through the IPFS hash value of the ciphertext, but whether decryption is successful depends on whether the attribute set of the data requester meets an attribute threshold value in an encrypted medical data access strategy set by the patient, and if the attribute set of the data requester meets the attribute threshold value in the access strategy set by the patient, the medical data of the patient is successfully decrypted to obtain a data plaintext; otherwise, the decryption is not successful.
In a preferred embodiment, in step S2, the multi-rights attribute based encryption algorithm implements the encryption and decryption process of the data, including the following five algorithms:
s211: an initialization algorithm: inputting a security parameter K, and outputting a global public parameter GP, an authority identifier aid and a user identity identifier uid;
Setup(k)→(GP,aid,uid)
where Setup () represents the input to the initialization phase.
S212: attribute authority initialization algorithm: inputting a global common parameter GP; outputting the public key PK of the authorization organization related to the attributeaidWith a private key SKaid, where the public key PKaidBroadcast to entities in an organization;
AuthSetup(GP)→{PKaid,SKaid}
where authsetup (GP) indicates that the input to the attribute authority initialization phase is the global common parameter GP.
S213: the key generation algorithm: inputting global public parameter GP of system, private key SKaid of authority, user identifier uid and attribute set S; outputting a decryption key SK associated with a set of user attributesuid
KeyGen(GP,{SKaid},uid,S)→SKuid
Where KeyGen (-) represents the input to the key generation phase.
S214: and (3) encryption algorithm: inputting global public parameter GP of system, public key PK of authority related to the attributeaidPlaintext M, access policy a; outputting a ciphertext CT;
Encrypt(GP,{PKaid},M,A)→CT
where Encrypt (·) represents the input to the encryption phase.
S215: and (3) decryption algorithm: global common parameters GP, ciphertext CT of the input system, decryption key SK associated with the set of user attributesuid(ii) a If the attribute is larger than the attribute threshold value in the access strategy, decrypting and outputting the plaintext M; otherwise, decryption fails, and the expression is as follows:
Dec(GP,CT,SKuid)→M。
where Dec (-) represents the input to the decryption stage.
In a preferred embodiment, in step S2, the secure storage of the medical data is implemented by using a chain uplink and downlink hybrid storage structure, and the process of uploading the encrypted data by the patient includes the following specific steps:
s221: after a patient acquires own medical data from a hospital, an access strategy related to the medical data is locally generated, an original text of the medical data and the access strategy are encrypted by using a multi-authority attribute-based encryption algorithm to generate a ciphertext, a digital signature is performed on the ciphertext by using a private key SKaid, and the ciphertext and the digital signature corresponding to the ciphertext are sent to an IPFS node cluster in a model;
s222: one IPFS node in the IPFS node cluster receives data uploaded by a patient, and the identity of the patient is verified by verifying the digital signature of the patient; after the identity of the patient is confirmed, uploading the ciphertext to a private IPFS network in the model, and returning a unique hash value to the IPFS node by the IPFS network according to the uploaded content of the node; IPFS node utilizes public key PKaidCarrying out digital signature on the received hash value to obtain a digital signature of the hash value, and sending the ciphertext, the returned hash value and the digital signature of the hash value to each IPFS node in the IPFS network node cluster for verification;
s223: each IPFS node in the IPFS node cluster verifies the identity of a patient, locally calculates the hash value of the ciphertext, passes the verification if the hash value is consistent with the hash value returned by the IPFS network, and sends a confirmation message to the IPFS node interacting with the patient; after receiving the confirmation messages of other IPFS nodes, the IPFS node sends the ciphertext name, the hash value, the patient identity and the timestamp transaction to the alliance blockchain Fabric; the class transaction comprises a medical data owner and a corresponding IPFS hash value;
s224: after receiving the class transaction sent by the IPFS node, a backup node in the alliance blockchain Fabric firstly verifies the identity of the IPFS node, then verifies each content in the metadata, if the verification is passed, the class transaction is locally backed up, interactive consensus nodes are randomly selected based on a verifiable random function, and the class transaction is sent to the consensus nodes;
s225: after the consensus node receives the similar transaction sent by the backup node, verifying each content and node identity in the similar transaction, after the verification is successful, signing the similar transaction, sending the signature to each node in a verification node group in an alliance block chain, performing consensus verification on the similar transaction by using a PBFT algorithm, and packaging and chaining the similar transaction after consensus confirmation exceeding 2/3 is obtained.
In a preferred embodiment, the group of verification nodes in a federation blockchain Fabric contains two types of nodes: a backup node and a consensus node; the backup node is responsible for interacting with the IPFS node, receiving information and sending the received information to the consensus node; the consensus node is responsible for verification packaging and confirmation chaining of transactions.
In a preferred embodiment, in step S3, the process of accessing the encrypted medical data of the patient by the data requester specifically includes:
s31: the data requester sends the real identity to the central authority CA to obtain CID, sends CID to each attribute authority AA to obtain an attribute set S and a private key set P related to the identity;
s32: the data requester sends a data access request to a node in the alliance blockchain Fabric verification node group, wherein the request comprises a doctor CID, a name of access data and an owner; after receiving the access request, the node firstly verifies the identity of the data requester, after the identity verification is passed, the class transaction is retrieved on the chain according to the name of the accessed data and the owner, and after the corresponding class transaction is found, the related class transaction containing the request content and the CID of the data requester are sent to the IPFS node group;
s33: the method comprises the steps that firstly, the identity of a data requester is verified through nodes in an IPFS node group, after the identity of the data requester passes the verification, an IPFS hash value corresponding to access data is extracted from class transaction, complete encrypted data of a patient is searched in a private IPFS network in a model according to the hash value, and after the complete encrypted data are found, a ciphertext is sent to the data requester;
s34: after receiving the original medical data encrypted by the patient, the data requester decrypts the ciphertext by using the attribute set S and the key related to the attribute, and if the attribute value of the data requester meets the access strategy set by the patient, the complete medical data of the patient is successfully decrypted; otherwise, decryption fails.
A medical data storage sharing system based on a block chain of alliances comprises a block chain of alliances network, a data storage module and a data sharing module, wherein the block chain of alliances network is used for providing a block chain of alliances network environment; the data storage module is used for storing the medical data chain of the patient to a corresponding network in an uplink and downlink mode; the data sharing module is used for safely sharing the medical data of the patient to the data requester who obtains permission.
In a preferred embodiment, the digital storage module comprises a hybrid storage model, wherein the hybrid storage model is a chain uplink and downlink hybrid storage structure, and original bulk medical data is firstly stored under a chain by using a private IPFS network; the private IPFS network assigns a unique IPFS hash value to the stored content and stores the IPFS hash value on the federation blockchain.
The invention has the beneficial effects that:
the IPFS-based alliance type medical block chain endows the medical data storage sharing system with higher safety and efficiency, and is beneficial to privacy protection of users. The invention adopts a mixed storage mode, original medical data is stored in a private IPFS network, metadata is stored in a alliance chain, the effective storage of a large amount of medical data is realized, and meanwhile, the security of the medical data in the process of uploading by a patient and accessing by a data visitor is protected by utilizing a multi-authority attribute-based encryption algorithm, and the access control of the patient on the medical data is realized.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
FIG. 1 is a flowchart of a method for sharing medical data storage based on a federation blockchain according to the present invention;
FIG. 2 shows entities corresponding to various acronyms in accordance with the present invention;
FIG. 3 is a flow chart of a patient upload data of the present invention;
fig. 4 is a flow chart of patient data access in accordance with the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The table of the entities corresponding to the respective acronyms referred to in the description of the invention is shown in fig. 2.
In order to relieve data storage pressure on a blockchain and release a local storage space of a new node, the embodiment of the invention provides a medical data storage sharing method and system based on an alliance blockchain, which relate to a distributed storage platform IPFS (internet protocol file system), in particular to a medical data sharing model realized by adopting various adaptive encryption and decryption algorithms in different application scenes. Specifically, the distributed File System IPFS is used as a down-link storage platform of original medical data, an InterPlanetary File System (IPFS) is a point-to-point distributed File System, a unique hash value can be distributed to files added into a network, and the IPFS is an ideal choice for storing a large number of files, so that the files can be permanently stored and high throughput is provided. Since IPFS is based on content addressing rather than the usual address-based addressing, the hash values returned for the same file are the same, enabling the deletion of redundant files with the same content while providing efficient retrieval services. When storing medical data, the patient first stores the original medical data down-link into the IPFS and stores the returned IPFS hash value up-link onto the federation chain Fabric. Because IPFS adopts SHA256 algorithm to calculate the hash value, the returned hash value only occupies dozens of bits, thereby greatly releasing the storage space on the chain and improving the storage efficiency and the safety of the medical data. After the medical data is linked, in order to enable a patient to decide to accept or reject the access request of a data requester to the medical data, the invention adopts a multi-authority attribute-based encryption algorithm (MA-ABE);
the attribute-based encryption Algorithm (ABE) treats the identity as a series of attributes, and when the attribute owned by the user exceeds an attribute threshold value described in the sender access policy, the user can correctly receive the ciphertext and successfully decrypt the ciphertext. Depending on the different locations of the decryption policy, the ABE may be classified as key policy based attribute encryption (KP-ABE): the decryption strategy of the ciphertext is embedded into a private key of a user when a key is generated, and the related attribute is embedded into the ciphertext when the key is encrypted, namely the access strategy is associated with the key; ciphertext policy based Attribute encryption (CP-ABE): the decryption strategy of the ciphertext is embedded into the ciphertext during encryption, the user-related attribute is embedded into the private key during key generation, and namely the access strategy is associated with the ciphertext. The two differences are that whether a patient has the right to decide to receive or reject the encrypted data request or not, and because the invention wants to give the patient the control right on the medical data of the patient, the CP-ABE algorithm which embeds the decryption strategy formulated by the patient into the ciphertext is selected, but because a single authorization mechanism AA is introduced into the CP-ABE algorithm to distribute the secret key for each user, the privacy of the user is easy to leak, and in the face of a large number of requests, the workload processed by the single attribute authorization mechanism (AA) is too large to become the bottleneck of improving the system efficiency. Therefore, an attribute-based encryption algorithm (MA-ABE) of a plurality of authorities is selected as the encryption algorithm of the text;
the medical data storage sharing method based on the alliance block chain is suitable for the fields of medical data storage sharing and encrypted data access control; the alliance type medical block chain based on the distributed storage platform IPFS endows the medical data storage sharing system with higher safety and efficiency, and improves the privacy of medical data of users.
The present embodiment provides a method for sharing medical data storage based on federation blockchain, and the flow chart of the method is shown in fig. 1, and in a preferred embodiment, the method includes, but is not limited to, the following steps:
s1, building block chain of alliance and private IPFS network, registering each entity in the model to the system, obtaining public and private key pair, initializing the system, and generating public parameter and main key of the system.
In a preferred embodiment, step S1 specifically includes:
s11: and building an alliance blockchain Fabric network, building a verification node group and an IPFS node group, and building a private IPFS network. Uploading and downloading the local file, and detecting whether the network is successfully built;
s12: entities in the system register with a central authority CA, submit real identity IDs to obtain public and private key pairs (PK, SK), and generate public parameters and a system master key of the system.
Nodes in the public IPFS network are distributed all over the world, so that the data downloading rate and the network delay from a certain node cannot be guaranteed; in this embodiment, a private IPFS network is locally constructed, and the identity of each node in the network is known (e.g., an alliance block chain), so that data in the private network can be quickly downloaded, and system efficiency is improved.
And S2, realizing safe storage of the medical data by adopting a chain uplink and downlink mixed storage structure.
S21, the patient acquires medical data from the hospital, locally generates an access strategy related to the medical data, encrypts the medical data and the access strategy by using a multi-authority attribute-based encryption algorithm to obtain a ciphertext, locally stores the ciphertext in the built private IPFS network, and the private IPFS network generates a unique IPFS hash value for the stored ciphertext and feeds the unique IPFS hash value back to the patient to obtain the safety guarantee of the data.
Because the original medical data acquired by the patient from the hospital contains bulk files such as medical images, diagnostic process videos and the like, the number of bits is huge, the storage space occupation is large, and the raw medical data is not easy to be directly stored on a chain. The invention adopts a hybrid storage structure to safely store medical data, and the main idea of the hybrid storage is that a patient firstly verifies an original bulk medical data through an IPFS node group and stores the original bulk medical data on a private IPFS system, the IPFS system allocates a unique hash value for the medical data content stored in a network, and then verifies and stores the IPFS hash value on an alliance block chain through a verification node group. Since the IPFS hash value is only a few tens of bits in size, this hybrid storage model effectively frees up on-chain storage space.
In a preferred embodiment, the multi-rights attribute-based encryption algorithm employed by the patient to encrypt the raw medical data includes the following five algorithms:
s211, an initialization algorithm: inputting a security parameter K and outputting a global public parameter GP; the authority identifier aid and the user identity identifier uid are output.
Setup(k)→(GP,aid,uid)
S212, initializing an algorithm by an attribute authority: inputting a global common parameter GP; outputting the public key PK of the authorization organization related to the attributeaidAnd a private key, SKaid, wherein the public key is broadcast to entities in the organization.
AuthSetup(GP)→{PKaid,SKaid}
S213, a key generation algorithm: inputting a global public parameter GP of the system, a private key SKaid of an authority, a user identifier uid and an attribute set S; outputting a decryption key SK associated with a set of user attributesuid
KeyGen(GP,{SKaid},uid,S)→SKuid
S214, encryption algorithm: inputting global public parameter GP of system, public key PK of authority related to the attributeaidPlaintext M, access policy a; and outputting the ciphertext CT.
Encrypt(GP,{PKaid},M,A)→CT
S215, decryption algorithm: global common parameters GP, ciphertext CT of the input system, decryption key SK associated with the set of user attributesuid(ii) a If the attribute is larger than the attribute threshold value in the access strategy, decrypting and outputting the plaintext M; otherwise, decryption fails.
Dec(GP,CT,SKuid)→M
And S22, storing the IPFS hash value corresponding to the ciphertext in the block chain of the alliance by the patient, and constructing a shared connection between the data requester and the medical data of the patient, wherein the shared connection meets the access strategy. Since the IPFS hash value is only a few tens of bits in size, this hybrid storage model effectively frees up on-chain storage space.
In a preferred embodiment, the flowchart for uploading encrypted medical data by a patient is shown in fig. 3, and includes the following specific steps:
s221: after a patient acquires own medical data from a hospital, an access strategy related to the medical data is locally generated, an original text of the medical data and the access strategy are encrypted by using a multi-authority attribute-based encryption algorithm to generate a ciphertext, a digital signature is performed on the ciphertext by using a private key SKaid, and the ciphertext and the digital signature corresponding to the ciphertext are sent to an IPFS node cluster in a model;
s222: one IPFS node in the IPFS node cluster receives data uploaded by a patient, and the identity of the patient is verified by verifying the digital signature of the patient; after the identity of the patient is confirmed, uploading the ciphertext to a private IPFS network in the model, and returning a unique hash value to the IPFS node by the IPFS network according to the uploaded content of the node; IPFS node utilizes public key PKaidCarrying out digital signature on the received hash value to obtain a digital signature of the hash value, and sending the ciphertext, the returned hash value and the digital signature of the hash value to each IPFS node in the IPFS network node cluster for verification;
s223: each IPFS node in the IPFS node cluster verifies the identity of a patient, locally calculates the hash value of the ciphertext, passes the verification if the hash value is consistent with the hash value returned by the IPFS network, and sends a confirmation message to the IPFS node interacting with the patient; after receiving the confirmation messages of other IPFS nodes, the IPFS node packs the identity of the patient, the hash value of the sent ciphertext and the timestamp when the ciphertext is sent into a class transaction, and uses the public key of the patient as the serial number of the class transaction; sending the numbered class transaction to a alliance blockchain Fabric;
s224: after receiving the class transaction sent by the IPFS node, a backup node in the alliance blockchain Fabric firstly verifies the identity of the IPFS node, then verifies each content in the metadata, if the verification is passed, the class transaction is locally backed up, interactive consensus nodes are randomly selected based on a verifiable random function, and the class transaction is sent to the consensus nodes;
s225: after the consensus node receives the similar transaction sent by the backup node, verifying each content and node identity in the similar transaction, after the verification is successful, signing the similar transaction, sending the signature to each node in a verification node group in an alliance block chain, performing consensus verification on the similar transaction by using a PBFT algorithm, and packaging and chaining the similar transaction after consensus confirmation exceeding 2/3 is obtained.
In a preferred embodiment, the group of verification nodes in a federation blockchain Fabric contains two types of nodes: a backup node and a consensus node; the backup node is responsible for interacting with the IPFS node, receiving information and sending the received information to the consensus node; the consensus node is responsible for verification packaging and confirmation chaining of transactions.
S3, when a data requester requests to access medical data of a patient, an IPFS hash value (namely, a storage position in the IPFS network) of encrypted medical data (ciphertext) of the patient is obtained by searching class transactions numbered by a patient public key on a chain, the data requester downloads the original medical data encrypted by the patient in the IPFS network according to the IPFS hash value of the ciphertext in the class transactions, whether decryption is successful depends on whether the attribute set of the data requester meets an attribute threshold value in an encrypted medical data access strategy set by the patient, and if the attribute set of the data requester meets the attribute threshold value in the access strategy set by the patient, the medical data of the patient is successfully decrypted to obtain a data plaintext; otherwise, the decryption is not successful.
In a preferred embodiment, a multi-authority attribute-based encryption algorithm (MA-ABE) is adopted as a core algorithm to implement medical data sharing between the patient DO and the data requester DU, as shown in fig. 4, when the data requester accesses the encrypted medical data of the patient, the following processes are specifically included:
s31: taking the data requester as a doctor as an example, the CID is obtained from the real identity sent to the central authority CA. Sending CID to each attribute authority AA to obtain an attribute set S and a private key set SK related to the identity;
s32: and the doctor sends a data access request to the nodes in the alliance blockchain Fabric verification node group, wherein the request comprises the CID of the doctor, the name and the owner of the access data. After receiving the access request, the node firstly verifies the identity of the doctor, after the identity verification is passed, the class transaction is retrieved on the chain according to the name of the accessed data and the owner, and after the corresponding class transaction is found, the related class transaction containing the request content and the CID of the doctor are sent to the IPFS node group;
s33: the method comprises the steps that firstly, a node in an IPFS node group verifies the identity of a doctor, after the verification is passed, an IPFS hash value corresponding to access data is extracted from class transaction, complete encrypted data of a patient is searched in a private IPFS network in a model according to the hash value, and after the complete encrypted data is found, a ciphertext is sent to the doctor;
s34: after receiving the encrypted original medical data of the patient, the doctor decrypts the ciphertext by using the attribute set S and the key related to the attribute, and if the attribute value of the doctor meets the access strategy set by the patient, the complete medical data of the patient is successfully decrypted; otherwise, decryption fails.
The embodiment provides an IPFS-based alliance blockchain medical data storage sharing system, which comprises but is not limited to an alliance blockchain network, a data storage module and a data sharing module. The federation blockchain network is used for providing a federation blockchain network environment; the data storage module is used for storing the medical data chain of the patient to a corresponding network in an uplink and downlink mode; the data sharing module is used for safely sharing the medical data of the patient to the data requester who obtains permission.
Further, the digital storage module comprises a hybrid storage model, the hybrid storage model is a chain uplink and downlink hybrid storage structure, and original bulk medical data are stored under a chain by using a private distributed storage platform IPFS network; the private IPFS network assigns a unique IPFS hash value to the content stored in the network, and stores the IPFS hash value on the federation blockchain. The downlink IPFS stores raw medical data of the patient; an IPFS hash value corresponding to medical data stored on a chain), since the size of the IPFS hash value is only dozens of bits, the chain uplink and downlink hybrid storage model effectively releases the chain storage space.
The characteristic that a patient can efficiently store a large number of files by using an IPFS system is used for storing original medical data into a private IPFS network, and the returned IPFS hash value with the size of only tens of bits is stored into a federation block chain, so that the storage pressure on the chain is relieved.
Furthermore, the security of the medical data of the patient in the transmission process and the control of the patient on the access control of the medical data are guaranteed by using a multi-authority attribute-based encryption algorithm.
It should be noted that, as one of ordinary skill in the art would understand, all or part of the processes of the above method embodiments may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when executed, the computer program may include the processes of the above method embodiments. The storage medium may be a magnetic disk, an optical disk, a Read-0nly Memory (ROM), a Random Access Memory (RAM), or the like.
The embodiments in the present description are all described in a progressive manner, some features of the method and system of the present invention may be cited, which are not listed in the present invention, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, they are described in a relatively simple manner, and reference may be made to some descriptions of method embodiments for relevant points. The above-described system embodiments are merely illustrative, and the units and modules described as separate components may or may not be physically separate. In addition, some or all of the units and modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is directed to embodiments of the present invention and it will be appreciated by those skilled in the art that changes may be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (6)

1. A medical data storage sharing method based on a block chain of alliances is characterized by comprising the following steps:
s1, building a block chain of alliances and a private IPFS network, registering each entity in the model into the system, obtaining a public and private key pair, initializing the system, and generating public parameters and a master key of the system;
s2, realizing safe storage of medical data by adopting a chain uplink and downlink mixed storage structure: a patient acquires own medical data from a hospital, locally generates an access strategy related to the medical data, encrypts the medical data and the access strategy by using a multi-authority attribute-based encryption algorithm to obtain a ciphertext, locally stores the ciphertext in a built private IPFS network, and the private IPFS network allocates a unique IPFS hash value for the ciphertext stored in the network and feeds the unique IPFS hash value back to the patient; the patient stores the IPFS hash value corresponding to the ciphertext in the federation blockchain;
the process of realizing data encryption and decryption by the multi-authority attribute-based encryption algorithm comprises the following steps:
s211: an initialization algorithm: inputting a security parameter K, and outputting a global public parameter GP, an authority identifier aid and a user identity identifier uid;
Setup(k)→(GP,aid,uid)
wherein Setup () represents the input to the initialization phase;
s212: attribute authority initialization algorithm: inputting a global common parameter GP; outputting the public key PK of the authorization organization related to the attributeaidWith a private key SKaid, where the public key PKaidBroadcast to entities in an organization;
AuthSetup(GP)→{PKaid,SKaid}
wherein authsetup (GP) represents the input global common parameter GP;
s213: the key generation algorithm: inputting a global public parameter GP of the system, a private key SKaid of an authority, a user identifier uid and an attribute set S; outputting a decryption key SK associated with a set of user attributesuid
KeyGen(GP,{SKaid},uid,S)→SKuid
Where KeyGen (-) represents the input to the key generation phase;
s214: and (3) encryption algorithm: inputting global public parameter GP of system, public key PK of authority related to the attributeaidPlaintext M, access policy a; outputting a ciphertext CT;
Encrypt(GP,{PKaid},M,A)→CT
wherein Encrypt (-) represents the input of the encryption phase;
s215: and (3) decryption algorithm: global common parameters GP, ciphertext CT of the input system, decryption key SK associated with the set of user attributesuid(ii) a If the attribute is larger than the attribute threshold value in the access strategy, decrypting and outputting the plaintext M; otherwise, decryption fails, and the expression is as follows:
Dec(GP,CT,SKuid)→M;
s3, when a data requester requests to access medical data of a patient, obtaining an IPFS hash value of a ciphertext through a chain retrieval type transaction, downloading the original medical data encrypted by the patient in an IPFS network through the IPFS hash value of the ciphertext by the data requester, wherein whether decryption is successful depends on whether the attribute set of the data requester meets an attribute threshold value in an encrypted medical data access strategy set by the patient, and if the attribute set of the data requester meets the attribute threshold value in the access strategy set by the patient, the medical data of the patient is successfully decrypted to obtain a data plaintext; otherwise, the decryption is not successful.
2. The method for storing and sharing medical data based on a federation block chain as claimed in claim 1, wherein in step S2, the secure storage of the medical data is realized by using a chain uplink-downlink hybrid storage structure, which specifically includes the following steps:
s221: after a patient acquires own medical data from a hospital, an access strategy related to the medical data is locally generated, an original text of the medical data and the access strategy are encrypted by using a multi-authority attribute-based encryption algorithm to generate a ciphertext, a digital signature is performed on the ciphertext by using a private key SKaid, and the ciphertext and the digital signature corresponding to the ciphertext are sent to an IPFS node cluster in a model;
s222: one IPFS node in the IPFS node cluster receives data uploaded by a patient, and the identity of the patient is verified by verifying the digital signature of the patient; after the identity of the patient is confirmed, uploading the ciphertext to a private IPFS network in the model, and returning a unique hash value to the IPFS node by the IPFS network according to the uploaded content of the node; IPFS node utilizes public key PKaidCarrying out digital signature on the received hash value to obtain a digital signature of the hash value, and sending the ciphertext, the returned hash value and the digital signature of the hash value to each IPFS node in the IPFS network node cluster for verification;
s223: each IPFS node in the IPFS node cluster verifies the identity of a patient, locally calculates the hash value of the ciphertext, passes the verification if the hash value is consistent with the hash value returned by the IPFS network, and sends a confirmation message to the IPFS node interacting with the patient; after receiving the confirmation messages of other IPFS nodes, the IPFS node packs the identity of the patient, the hash value of the sent ciphertext and the timestamp when the ciphertext is sent into a class transaction, and uses the public key of the patient as the serial number of the class transaction; sending the numbered class transaction to a alliance blockchain Fabric;
s224: after receiving the class transaction sent by the IPFS node, a backup node in the alliance blockchain Fabric firstly verifies the identity of the IPFS node, then verifies each content in the metadata, if the verification is passed, the class transaction is locally backed up, interactive consensus nodes are randomly selected based on a verifiable random function, and the class transaction is sent to the consensus nodes;
s225: after the consensus node receives the similar transaction sent by the backup node, verifying each content and node identity in the similar transaction, after the verification is successful, signing the similar transaction, sending the signature to each node in a verification node group in an alliance block chain, performing consensus verification on the similar transaction by using a PBFT algorithm, and packaging and chaining the similar transaction after consensus confirmation exceeding 2/3 is obtained.
3. The federation blockchain-based medical data storage sharing method of claim 2, wherein the group of verification nodes in the federation blockchain Fabric comprises two types of nodes: a backup node and a consensus node; the backup node is responsible for interacting with the IPFS node, receiving information and sending the received information to the consensus node; the consensus node is responsible for verification packaging and confirmation chaining of transactions.
4. The method for sharing medical data storage based on federation blockchain as claimed in claim 1, wherein in step S3, the process of the data requester accessing the encrypted medical data of the patient specifically includes:
s31: the data requester sends the real identity to the central authority CA to obtain CID, sends CID to each attribute authority AA to obtain an attribute set S and a private key set P related to the identity;
s32: the data requester sends a data access request to a node in the alliance blockchain Fabric verification node group, wherein the request comprises a doctor CID, a name of access data and an owner; after receiving the access request, the node firstly verifies the identity of the data requester, after the identity verification is passed, the class transaction is retrieved on the chain according to the name of the accessed data and the owner, and after the corresponding class transaction is found, the related class transaction containing the request content and the CID of the data requester are sent to the IPFS node group;
s33: the method comprises the steps that firstly, the identity of a data requester is verified through nodes in an IPFS node group, after the identity of the data requester passes the verification, an IPFS hash value corresponding to access data is extracted from class transaction, complete encrypted data of a patient is searched in a private IPFS network in a model according to the hash value, and after the complete encrypted data are found, a ciphertext is sent to the data requester;
s34: after receiving the original medical data encrypted by the patient, the data requester decrypts the ciphertext by using the attribute set S and the key related to the attribute, and if the attribute value of the data requester meets the access strategy set by the patient, the complete medical data of the patient is successfully decrypted; otherwise, decryption fails.
5. A federation blockchain-based medical data storage sharing system for implementing the federation blockchain-based medical data storage sharing method of claim 1, comprising a federation blockchain network, a data storage module and a data sharing module, wherein the federation blockchain network is configured to provide a federation blockchain network environment; the data storage module is used for storing the medical data chain of the patient to a corresponding network in an uplink and downlink mode; the data sharing module is used for safely sharing the medical data of the patient to the data requester who obtains permission.
6. A federation block chain-based medical data storage sharing system according to claim 5, wherein the data storage module includes a hybrid storage model, the hybrid storage model being a chain uplink and downlink hybrid storage structure, storing original bulk medical data first under the chain using a private IPFS network; the private IPFS network assigns a unique IPFS hash value to the stored content and stores the IPFS hash value on the federation blockchain.
CN202110047989.1A 2021-01-14 2021-01-14 Medical data storage and sharing method and system based on alliance blockchain Active CN112910840B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110047989.1A CN112910840B (en) 2021-01-14 2021-01-14 Medical data storage and sharing method and system based on alliance blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110047989.1A CN112910840B (en) 2021-01-14 2021-01-14 Medical data storage and sharing method and system based on alliance blockchain

Publications (2)

Publication Number Publication Date
CN112910840A CN112910840A (en) 2021-06-04
CN112910840B true CN112910840B (en) 2022-04-05

Family

ID=76114106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110047989.1A Active CN112910840B (en) 2021-01-14 2021-01-14 Medical data storage and sharing method and system based on alliance blockchain

Country Status (1)

Country Link
CN (1) CN112910840B (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113360458B (en) * 2021-06-05 2023-05-26 湖南大学 Distributed file storage sharing system based on alliance chain
CN113407627B (en) * 2021-06-17 2024-03-01 安徽师范大学 Block chain-based intelligent medical network system and medical data sharing method
CN113326525B (en) * 2021-06-22 2024-01-16 深圳前海微众银行股份有限公司 Data processing method and device based on intelligent contract
CN113409928B (en) * 2021-06-29 2022-10-04 中国人民解放军总医院第一医学中心 Medical information sharing system
CN113688405B (en) * 2021-07-08 2023-05-26 电子科技大学 Bidirectional authentication hybrid encryption method based on blockchain
CN113489733B (en) * 2021-07-13 2022-07-29 郑州轻工业大学 Content center network privacy protection method based on block chain
CN113449322A (en) * 2021-07-16 2021-09-28 建信金融科技有限责任公司 Data sharing method and device based on block chain, electronic equipment and readable medium
CN113536359B (en) * 2021-08-06 2023-12-15 东北大学 Personal health record privacy protection and access system and method based on blockchain
CN113572618B (en) * 2021-08-10 2022-11-18 东北大学 Fabric and IPFS combined decentralized storage system and data storage method thereof
CN114205136A (en) * 2021-12-08 2022-03-18 北京工业大学 Traffic data resource sharing method and system based on block chain technology
CN114338034B (en) * 2021-12-09 2023-07-18 河南大学 Block chain-based dam bank monitoring data safe sharing method and system
CN114338717A (en) * 2021-12-17 2022-04-12 复旦大学 Digital archive management system based on block chain and attribute cryptography
CN114513533B (en) * 2021-12-24 2023-06-27 北京理工大学 Classified and graded body-building health big data sharing system and method
CN114185997B (en) * 2022-02-17 2022-05-13 天津眧合数字科技有限公司 Pet information credible storage system based on block chain
CN114697073B (en) * 2022-02-22 2023-12-22 昆明理工大学 Telecommunication operator data security sharing method based on blockchain
CN114219052A (en) * 2022-02-23 2022-03-22 富算科技(上海)有限公司 Graph data fusion method and device, electronic equipment and storage medium
CN114553582A (en) * 2022-03-02 2022-05-27 安徽师范大学 Electronic medical record sharing method based on national cryptographic algorithm and IPFS
CN114567491A (en) * 2022-03-03 2022-05-31 北京雁翎网卫智能科技有限公司 Medical record sharing method and system based on zero trust principle and block chain technology
CN115277040B (en) * 2022-03-23 2024-03-08 山东新一代信息产业技术研究院有限公司 Medical health data storage and sharing method and system based on blockchain technology
CN114884676A (en) * 2022-05-05 2022-08-09 浪潮软件股份有限公司 Block chain-based government affair data sharing method
CN115086049B (en) * 2022-06-21 2023-09-08 天津理工大学 Block chain medical data sharing system and method based on verifiable delay function
JP7357174B1 (en) * 2022-09-28 2023-10-05 株式会社Idホールディングス Viewing procedure management system, viewing procedure management method
CN115985436B (en) * 2022-12-12 2023-08-04 武汉东方赛思软件股份有限公司 Medical information sharing method based on intelligent medical treatment
CN115996151B (en) * 2023-03-22 2023-06-16 中南大学 Electronic medical data sharing method, system, equipment and medium
CN116052832B (en) * 2023-04-03 2023-06-30 青岛市妇女儿童医院(青岛市妇幼保健院、青岛市残疾儿童医疗康复中心、青岛市新生儿疾病筛查中心) Tamper-proof transmission method based on medical information
CN116155619B (en) * 2023-04-04 2023-07-07 江西农业大学 Data processing method, data request terminal, data possession terminal and data processing device
CN116389012B (en) * 2023-05-29 2023-09-15 国家卫生健康委统计信息中心 Medical health data trusted sharing method based on blockchain
CN116682543B (en) * 2023-08-03 2023-11-10 山东大学齐鲁医院 Sharing method and system of regional rehabilitation information
CN116910826B (en) * 2023-09-13 2023-12-15 电能易购(北京)科技有限公司 Purchasing data storage and sharing system for electric power equipment bidding
CN116992494B (en) * 2023-09-27 2023-12-08 四川启明芯智能科技有限公司 Security protection method, equipment and medium for scenic spot data circulation

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110797099A (en) * 2019-10-28 2020-02-14 河北北方学院 Medical data sharing method and system based on block chain
CA3016395A1 (en) * 2018-09-04 2020-03-04 Micky Multani Using geographically defined, private interplanetary file system clusters for the secure storage, retrieval and sharing of encrypted business data
CN111092882A (en) * 2019-12-12 2020-05-01 中国船舶工业系统工程研究院 Cross-domain multi-party information secure sharing method based on block chain and IPFS (Internet protocol File System)
CN111460395A (en) * 2020-04-03 2020-07-28 北京邮电大学 Shared data storage and copyright protection tracing method and system
CN111832038A (en) * 2020-05-22 2020-10-27 南京邮电大学 Implementation method of medical data sharing model based on block chain and IPFS
CN111916173A (en) * 2020-08-07 2020-11-10 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN112039855A (en) * 2020-08-14 2020-12-04 海南大学 Scientific and technological resource data safe storage and sharing method based on alliance chain
CN112100665A (en) * 2020-09-23 2020-12-18 江苏四象软件有限公司 Data sharing system based on block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11212347B2 (en) * 2019-02-05 2021-12-28 S&P Global Inc. Private content storage with public blockchain metadata

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA3016395A1 (en) * 2018-09-04 2020-03-04 Micky Multani Using geographically defined, private interplanetary file system clusters for the secure storage, retrieval and sharing of encrypted business data
CN110797099A (en) * 2019-10-28 2020-02-14 河北北方学院 Medical data sharing method and system based on block chain
CN111092882A (en) * 2019-12-12 2020-05-01 中国船舶工业系统工程研究院 Cross-domain multi-party information secure sharing method based on block chain and IPFS (Internet protocol File System)
CN111460395A (en) * 2020-04-03 2020-07-28 北京邮电大学 Shared data storage and copyright protection tracing method and system
CN111832038A (en) * 2020-05-22 2020-10-27 南京邮电大学 Implementation method of medical data sharing model based on block chain and IPFS
CN111916173A (en) * 2020-08-07 2020-11-10 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN112039855A (en) * 2020-08-14 2020-12-04 海南大学 Scientific and technological resource data safe storage and sharing method based on alliance chain
CN112100665A (en) * 2020-09-23 2020-12-18 江苏四象软件有限公司 Data sharing system based on block chain

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Distributed Off-Chain Storage of Patient Diagnostic Reports in Healthcare System Using IPFS and Blockchain;Randhir Kumar;Ningrinla Marchang;Rakesh Tripathi;《2020 International Conference on COMmunication Systems & NETworkS (COMSNETS)》;20200309;全文 *
一种基于联盟链的中医药海量异构数据安全共享解决方案;生慧; 周扬; 马金刚; 王振国;《世界科学技术-中医药现代化》;20190820;第21卷(第8期);1662-1669页 *
区块链技术在医疗数据存储方面的应用研究;褚孝鹏;《信息技术与信息化》;20200628;第2020卷(第6期);155-157页 *
基于区块链的医疗记录安全共享方案;张利华; 付东辉; 万源华;《华东交通大学学报》;20201015;第37卷(第5期);121-126页 *

Also Published As

Publication number Publication date
CN112910840A (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CN112910840B (en) Medical data storage and sharing method and system based on alliance blockchain
US10554392B2 (en) Cryptographic key distribution
Barsoum et al. Enabling dynamic data and indirect mutual trust for cloud computing storage systems
Wang et al. Ensuring data storage security in cloud computing
CN111523133B (en) Block chain and cloud data collaborative sharing method
JP5777630B2 (en) Method and apparatus for document sharing
KR20130084604A (en) Method to control and limit readability of electronic documents
CN105071936A (en) Systems and methods for secure data sharing
CN104836656B (en) A kind of storage of video file and transmission method
JP3871996B2 (en) Data division management method and program
Lu et al. A fine-grained IoT data access control scheme combining attribute-based encryption and blockchain
WO2014114080A1 (en) Method and system for data encryption protection
CN104901968B (en) A kind of key management distribution method in safe cloud storage system
CN115296838B (en) Block chain-based data sharing method, system and storage medium
CN108810063A (en) Secure distribution and restorative procedure, the system and medium of data under a kind of cloudy storage environment
CN106936579A (en) Cloud storage data storage and read method based on trusted third party agency
Giri et al. A survey on data integrity techniques in cloud computing
CN112382376A (en) Medical instrument management tracing system based on block chain
Pardeshi et al. Improving data integrity for data storage security in cloud computing
WO2017126571A1 (en) Ciphertext management method, ciphertext management device, and program
WO2022068362A1 (en) Block chain-based information processing method and apparatus, device, and medium
US20230275759A1 (en) Method and system of encoding data over distributed networks and method of assuring integrity of data transmission between sender and receiver in a communication system
CN112202555A (en) Information processing method, device and equipment for generating random number based on attribute of information
CN115085983B (en) Data processing method, data processing device, computer readable storage medium and electronic equipment
CN116204923A (en) Data management and data query methods and devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20231106

Address after: No. 197 Bagou Village, Zhanjie Town, Gongyi City, Zhengzhou City, Henan Province, 451200

Patentee after: Zhang Jianjun

Address before: 400065 Chongwen Road, Nanshan Street, Nanan District, Chongqing

Patentee before: CHONGQING University OF POSTS AND TELECOMMUNICATIONS

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20231122

Address after: No. 1601, 16th Floor, Zhongyuan Data Industry Building, No. 19 Chongde Street, Zhengdong New District, Zhengzhou City, Henan Province, 450000

Patentee after: Hengju Technology Co.,Ltd.

Address before: No. 197 Bagou Village, Zhanjie Town, Gongyi City, Zhengzhou City, Henan Province, 451200

Patentee before: Zhang Jianjun

TR01 Transfer of patent right