CN113407627A - Intelligent medical network system based on block chain and medical data sharing method - Google Patents
Intelligent medical network system based on block chain and medical data sharing method Download PDFInfo
- Publication number
- CN113407627A CN113407627A CN202110669068.9A CN202110669068A CN113407627A CN 113407627 A CN113407627 A CN 113407627A CN 202110669068 A CN202110669068 A CN 202110669068A CN 113407627 A CN113407627 A CN 113407627A
- Authority
- CN
- China
- Prior art keywords
- data
- search
- owning
- user side
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000013475 authorization Methods 0.000 claims abstract description 32
- 238000012795 verification Methods 0.000 claims description 12
- 125000004122 cyclic group Chemical group 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 9
- 230000036541 health Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 238000003745 diagnosis Methods 0.000 description 2
- 201000010099 disease Diseases 0.000 description 2
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2255—Hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2471—Distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses an intelligent medical network system based on a block chain and a medical data sharing method, which relate to the technical field of search safety and privacy protection and comprise the following steps: a data owning end for: encrypting and sending the encrypted original data to an interplanetary file system; encrypting a keyword and a file identifier corresponding to original data into an encryption index; uploading the encryption index to a block chain for sharing, wherein a data owning end can authorize a data user end so that the data owning end can configure keywords and decrypt the keywords to obtain original data; a data client configured to: sending a search request to a data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time; generating a search trapdoor; and when the actual search result is verified to be correct, the authority of accessing the original data of the decrypted data owning end is obtained. The invention combines searchable encryption and intelligent contracts to realize time control and verifiable keyword search.
Description
Technical Field
The invention relates to the technical field of search safety and privacy protection, in particular to an intelligent medical network system based on a block chain and a medical data sharing method.
Background
For many years, the intelligent healthcare network (SHN) has been properly called the internet of medical things (IoMT). The killer level of SHN is used in many applications. For example, Facebook initiated a new preventive care tool. The electronic health record is a digital record, which is a collection of patient health records, which are shared in the SHN. The electronic medical record is highly private and has great financial value. Accordingly, more and more research is being focused on securing security and privacy protecting shared electronic medical records. Sharing an electronic medical record can help a doctor to effectively assess the patient's condition and make a correct diagnosis of the disease.
Electronic Health Record (EHR) sharing is inherently private data sharing, thus leading to storage security and privacy leakage issues. To address these issues, cloud-based electronic medical record sharing has been proposed. The authors propose a fine-grained access control scheme to enable patient-centric personal health record privacy in cloud computing. To access a patient's health record for a limited period of time, a federated key search with a designed tester and a time-enabled proxy re-encryption function is proposed. Even though these works combine different cryptographic algorithms and cloud computing to enable EHR sharing to enable revocation of data security and time control, there are still some security threats. In particular, cloud servers are semi-trusted. If the cloud server is attacked or lacks adequate monitoring, a single point of failure will result.
Disclosure of Invention
The invention aims to provide an intelligent medical network system and a medical data sharing method based on a block chain, which can improve the safety of data, and users with proper access authority can search required data by using the limited authorization of a data owner and verify the authenticity of a search result.
In order to achieve the above object, the present invention provides an intelligent medical network system based on a blockchain, including: a data owning end for: encrypting original data and sending the encrypted original data to an interplanetary file system; encrypting the corresponding keywords and file identifiers of the original data into encryption indexes; uploading the encryption index to a block chain for sharing, wherein the data owning end can authorize a data user end, so that the data user end can configure expected keywords and decrypt to obtain the original data; the data user side is used for: sending a search request to the data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time; generating a search trapdoor through a public key and the search authorization token; and calling a search intelligent contract on the block chain to search so as to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interplanetary file system when the actual search result is verified to be correct by the search result.
Preferably, the encrypting, by the data owning side, the key word and the file identifier corresponding to the original data into the encrypted index includes: and the data owning terminal is used for encrypting the corresponding keywords and file identifiers of the original data at different time to obtain an encryption index set.
Preferably, the present invention further provides a method for sharing medical data based on a blockchain, which uses the above intelligent medical network system based on a blockchain, and the method for sharing medical data based on a blockchain includes: initializing the intelligent medical network system; generating keys of the data owning terminal and the data user terminal; generating an EHR ciphertext and an encryption index corresponding to the original data of the data owning end; generating a search authorization token and a search trapdoor of the data user side; the data user side searches and verifies the correctness of the search result and generates a symmetric key; and the data user side obtains the authority of accessing the decrypted original data of the data owning side from the interplanetary file system to finish data sharing.
Preferably, the initializing the intelligent medical network system includes: configuring a security parameter lambda, selecting two large prime numbers p, q and a bilinear pair e, G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is a group of numbers of generating elements on the elliptic curve of the cyclic group G, and the following four Hash functions are selected:
H0:{0,1}*→G,
initializing the public parameters of the intelligent medical network system as follows:
param=(G,GT,e,P,H00,H1,H2,H3,H,T)。
preferably, the generating the keys of the data owning side and the data user side includes:
the data user side diRandom selectionCalculating Xi=xiP, wherein the data user side diRespectively is pki=Xi,ski=xi(ii) a And
the data owning terminal noRandom selectionCalculating Yo=yoP, wherein the data-owning terminal noRespectively is pko=Y,sko=yo。
Preferably, the generating the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data owning end includes:
the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
The data-owning computation { t }gj}j∈[1,l]←0-ENC(tg) (ii) a For each tgj∈{tgj}j∈[1,l]Calculating vij=H3(k1,tgj,wi),i∈[1,n],wi∈W=(w1,....,wn) (ii) a Random selectionComputingVij=rvijP,j∈[1,l],i∈[1,n](ii) a Calculating Z ═ rH0(wi),Obtaining an encryption index I ═ Vi1,Vi2,…,Vil,Z,cf,cp,tg]。
Preferably, the generating of the search authorization token and the search trapdoor at the data user side comprises:
the data owning terminal configures keyword search authorization time taCalculating { t }aj}j∈[1,l]←1-ENC(ta) For each taj∈{taj}j∈[1,l]Calculating uij=H3(k1′,taj,wi′),i∈[1,n],j∈[1,l],Uij=uijXi,T1=[Ui1,Ui2,…,Uil,ta],Pf=k2′P+yoh3Xi,h3=H1(Xi,Yo,ta) Obtaining a search authorization token T1And a search result proof P contained in the search authorization tokenf(ii) a And
data owning terminal computing T2=xiH0(wi′) Obtaining said search trapdoor Tw=(T1,T2)。
Preferably, the searching and verifying the correctness of the search result by the data user side, and generating the symmetric key includes:
the data user side extracts t from the encryption index IgIf t isg<taCalculating { t }gj}j∈[1,l]←0-ENC(tg),{taj}j∈[1,l]←1-ENC(ta) Calculating to obtain a satisfied tab=tgbB is an integer of (a); judgment e (U)ij,Z)=e(Vij,T2) If yes, obtaining an encryption index I and adding the I into the set S;
for each S e S, S [ V ]i1,Vi2,…,Vil,Z,cf,cp,tg]And calculating: h is3=H1(Xi,Yo,ta),A=Pf-xih3Yo,Judgment equationWhether the verification result is valid or not is judged if the verification result is valid;
the data user side sends a verification result shown to be valid to the block chain, and the verification result passes through a public key X of the data user sideiEncrypting a symmetric key k, uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user end accesses data:
preferably, the public key X of the user side of the data is usediThe method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the block chain comprises the following steps:
encrypting the symmetric key k by the following formula;
Ck1=ke(H,Xi),Ck2=αT;
cipher text C of symmetric keyk=(Ck1,Ck2) And sending the block chain.
Preferably, the obtaining, by the data user side, the authority to access the decrypted original data of the data owning side from the interplanetary file system, and the completing data sharing and obtaining the original data includes:
the data user side uses the file addressObtaining an EHR ciphertext from an interplanetary file system;
the symmetric key k is obtained by the following formula:
the original data m is obtained by the following formula calculation based on the symmetric key k:
m=Deck(Cm)。
according to the technical scheme, the medical data are safely stored by combining a symmetric encryption Algorithm (AES) and IPFS distributed storage, the medical data are safely searched and privacy protected by adopting keyword search encryption based on time limitation, and authorized users can be efficiently searched within the effective time of the token by using intelligent contract. The invention not only realizes the safe storage and sharing functions of the medical data of the data owner, but also protects the privacy and the data safety of the owner, realizes that a data user efficiently searches the desired data, reduces the data searching time, and conforms to the development trend of the medical data searching under the background of the current value Internet.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is an interactive block diagram illustrating a blockchain-based intelligent medical network system of the present invention;
FIG. 2 is a block diagram illustrating a blockchain-based intelligent medical network system of the present invention; and
fig. 3 is a flow chart illustrating a blockchain-based medical data sharing method of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
Example 1
Fig. 1 is a block diagram of module interaction of an intelligent medical network system based on a blockchain according to an embodiment 1 of the present invention, as shown in fig. 1 and 2, the intelligent medical network system based on a blockchain includes:
a data owning end for:
encrypting original data and sending the encrypted original data to an interplanetary File system (IPFS);
encrypting the corresponding keywords and file identifiers of the original data into encryption indexes;
uploading the encryption index to a block chain for sharing, wherein the data owning end can authorize a data user end, so that the data user end can configure expected keywords and decrypt to obtain the original data;
the data user side is used for:
sending a search request to the data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time;
generating a search trapdoor through a public key and the search authorization token;
and calling a search intelligent contract on the block chain to search so as to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interplanetary file system when the actual search result is verified to be correct by the search result.
Preferably, the encrypting, by the data owning side, the key word and the file identifier corresponding to the original data into the encrypted index includes: and the data owning terminal is used for encrypting the corresponding keywords and file identifiers of the original data at different time to obtain an encryption index set.
To summarize, all ends of the data send EHR ciphertext to the IPFS and receive file hash addresses. Then, all the data terminals calculate time and encrypt indexes, and then the encrypted indexes are uploaded to a block chain, and all the encrypted indexes form an encrypted index set at different time by all the data terminals which generate different data; the data user side wants to search the keywords in the file set from the data owner side, sends a search request to the data owner, generates a keyword search authorization token, and distributes effective time to the data owner side at the search authorization token. In addition, all sides of the data generate a proof for verifying the search results. The data user side can generate a search trapdoor using the authorization token and the key. The data client with the trapdoor calls the search intelligence contract to search the interested indexes stored on the blockchain, and the data client can verify the correctness of the search result by using the key and the generated proof. If the result is correct, the data user can download the ciphertext from the IPFS and decrypt the ciphertext. The invention realizes efficient search in the intelligent health network and verifiable search with time limit.
Example 2
In embodiment 1, a blockchain-based intelligent medical network system is disclosed, and for the method for establishing the system and using the system to implement a blockchain-based medical data sharing method, the method needs to be implemented by a method as shown in fig. 3, and the method for establishing and using the blockchain-based intelligent medical network system according to claim 1 or 2 to implement the blockchain-based medical data sharing method comprises:
s301, initializing the intelligent medical network system;
s302, generating keys of the data owning terminal and the data user terminal;
s303, generating an EHR ciphertext and an encryption index corresponding to the original data of the data owning end;
s304, generating a search authorization token and a search trapdoor of the data user side;
s305, the data user side searches and verifies the correctness of the search result, and generates a symmetric key; and
s306, the data user side obtains the authority of accessing the decrypted original data of the data owning side from the interplanetary file system, and data sharing is completed.
Preferably, S301, the initializing the intelligent medical network system includes:
s3011, configuring security parameter lambda, selecting two large prime numbers p and q and a bilinear pair e, G is multiplied by G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is a group of numbers of generating elements on the elliptic curve of the cyclic group G, and the following four Hash functions are selected:
H0:{0,1}*→G,
s3013, initializing the public parameters of the intelligent medical network system as follows:
param=(G,GT,e,P,H00,H1,H2,H3,H,T)。
preferably, the generating the keys of the data owner side and the data user side in S302 includes:
s3021, the data user end diRandom selectionCalculating Xi=xiP, wherein the data user side diRespectively is pki=Xi,ski=xi(ii) a And
s3022, the data owning terminal noRandom selectionCalculating Yo=yoP, wherein the data-owning terminal noRespectively is pko=Y,sko=yo。
Preferably, the generating of the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data owning end in S303 includes:
s3031, the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
S3032, the data owning terminal calculates { tgj}j∈[1,l]←0-ENC(tg) (ii) a For each tgj∈{tgj}j∈[1,l]Calculating vij=H3(k1,tgj,wi),i∈[1,n],wi∈W=(w1,....,wn) (ii) a Random selectionCalculating Vij=rvijP,j∈[1,l],i∈[1,n](ii) a Calculating Z ═ rH0(wi),Obtaining an encryption index I ═ Vi1,Vi2,…,Vil,Z,cf,cp,tg]。
Preferably, the generating of the search authorization token and the search trapdoor at the data user end in S304 includes:
s3041 saidData owning terminal configures keyword search authorization time taCalculating { t }aj}j∈[1,l]←1-ENC(ta) For each taj∈{taj}j∈[1,l]Calculating uij=H3(k1′,taj,wi′),i∈[1,n],j∈[1,l],Uij=uijXi,T1=[Ui1,Ui2,…,Uil,ta],Pf=k2′P+yoh3Xi,h3=H1(Xi,Yo,ta) Obtaining a search authorization token T1And a search result proof P contained in the search authorization tokenf(ii) a And
s3042, data owning terminal calculates T2=xiH0(wi′) Obtaining said search trapdoor Tw=(T1,T2)。
Preferably, the searching and verifying the correctness of the search result by the data user side in S305, and generating the symmetric key includes:
s3051, the data user side extracts t from the encryption index IgIf t isg<taCalculating { t }gj}j∈[1,l]←0-ENC(tg),{taj}j∈[1,l]←1-ENC(ta) Calculating to obtain a satisfied tab=tgbB is an integer of (a); judgment e (U)ij,Z)=e(Vij,T2) If yes, obtaining an encryption index I and adding the I into the set S;
s3052, for each S ∈ S, S [ V ]i1,Vi2,…,Vil,Z,cf,cp,tg]And calculating: h is3=H1(Xi,Yo,ta),A=Pf-xih3Yo,Judgment equationWhether the verification result is valid or not is judged if the verification result is valid; i.e., if the equation holds, the output is "valid". Otherwise, output "invalid";
s3053, the data user end sends a verification result shown to be valid to the block chain, and the verification result passes through a public key X of the data user endiEncrypting a symmetric key k, uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user end accesses data:
preferably, the public key X of the data user side is used in S3053iThe method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the block chain comprises the following steps:
encrypting the symmetric key k by the following formula;
Ck1=ke(H,Xi),Ck2=αT;
cipher text C of symmetric keyk=(Ck1,Ck2) And sending the block chain.
Preferably, the step S306 of obtaining, by the data user side, the authority to access the decrypted original data of the data owner side from the interplanetary file system, and completing data sharing and obtaining the original data includes:
s3061, the data user side uses the file addressObtaining an EHR ciphertext from an interplanetary file system;
s3062, a symmetric key k is obtained by the following equation:
the original data m is obtained by the following formula calculation based on the symmetric key k:
m=Deck(Cm)。
the embodiment 2 includes a generation method of the intelligent medical network system based on the block chain and a sharing method of the whole data in the embodiment 1, and the generation establishment process and the sharing are synchronously executed, or the generation establishment process and the sharing can be realized after the establishment.
For example, the data owner may be a patient a who generates a health record by interacting with a doctor, which may be of interest to other institutions or companies, who encrypts his raw data and sends it to the IPFS in order to protect his privacy and data security. Meanwhile, corresponding keywords and file identifiers are encrypted to form encryption indexes, and the encryption indexes are uploaded to a block link for searching and sharing, so that the accuracy of disease diagnosis of the patient A is improved. Only patient a can authorize the data user and decrypt the ciphertext. The data user may be a medical facility B who wishes to access the health record of patient a. He can search for the expected keywords on the blockchain, first the medical institution B needs to send a search request to the patient a and obtain a search authorization token, then the medical institution B generates a search trapdoor using his/her public key and token, and finally, he invokes a search intelligence contract on the blockchain to search. The results of the search are sent by the blockchain to medical institution B, who will use the proof in the search to verify the results authorization token. If the search results are correct, medical facility B may access the patient A's data.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. An intelligent medical network system based on a block chain, which is characterized by comprising:
a data owning end for:
encrypting original data and sending the encrypted original data to an interplanetary file system;
encrypting the corresponding keywords and file identifiers of the original data into encryption indexes;
uploading the encryption index to a block chain for sharing, wherein the data owning end can authorize a data user end, so that the data user end can configure expected keywords and decrypt to obtain the original data;
the data user side is used for:
sending a search request to the data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time;
generating a search trapdoor through a public key and the search authorization token;
and calling a search intelligent contract on the block chain to search so as to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interplanetary file system when the actual search result is verified to be correct by the search result.
2. The intelligent blockchain-based medical network system according to claim 1, wherein the data owning process for encrypting the corresponding keyword and file identifier of the original data into an encrypted index comprises:
and the data owning terminal is used for encrypting the corresponding keywords and file identifiers of the original data at different time to obtain an encryption index set.
3. A blockchain-based medical data sharing method using the blockchain-based intelligent medical network system according to claim 1 or 2, the blockchain-based medical data sharing method comprising:
initializing the intelligent medical network system;
generating keys of the data owning terminal and the data user terminal;
generating an EHR ciphertext and an encryption index corresponding to the original data of the data owning end;
generating a search authorization token and a search trapdoor of the data user side;
the data user side searches and verifies the correctness of the search result and generates a symmetric key; and
and the data user side obtains the authority of accessing the decrypted original data of the data owning side from the interplanetary file system, and data sharing is completed.
4. The blockchain-based medical data sharing method according to claim 3, wherein the initializing the intelligent medical network system includes:
configuring a security parameter lambda, selecting two large prime numbers p, q and a bilinear pair e, G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is a group of numbers of generating elements on the elliptic curve of the cyclic group G, and the following four Hash functions are selected:
H0:{0,1}*→G,
initializing the public parameters of the intelligent medical network system as follows:
param=(G,GT,e,P,H00,H1,H2,H3,H,T)。
5. the blockchain-based medical data sharing method according to claim 4, wherein the generating the keys of the data-owning side and the data-user side includes:
the data user side diRandom selectionCalculating Xi=xiP, wherein the data user side diRespectively is pki=Xi,ski=xi(ii) a And
6. The method according to claim 5, wherein the generating of the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data-owning side comprises:
the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
The data-owning computation { t }gj}j∈[1,l]←0-ENC(tg) (ii) a For each tgj∈{tgj}j∈[1,l]Calculating vij=H3(k1,tgj,wi),i∈[1,n],wi∈W=(w1,....,wn) (ii) a Random selectionCalculating Vij=rvijP,j∈[1,l],i∈[1,n](ii) a Calculating Z ═ rH0(wi),cf=f⊕H1(Z,k2P,tg),cp=H0(f)⊕H2(Z,wi,f,tg) (ii) a Obtaining an encryption index I ═ Vi1,Vi2,…,Vil,Z,cf,cp,tg]。
7. The blockchain-based medical data sharing method according to claim 6, wherein the generating of the search authorization token and the search trapdoor of the data user side comprises:
the data owning terminal configures keyword search authorization time taCalculating { t }aj}j∈[1,l]←1-ENC(ta) For each taj∈{taj}j∈[1,l]Calculating uij=H3(k1′,taj,w′i),i∈[1,n],j∈[1,l],Uij=uijXi,T1=[Ui1,Ui2,…,Uil,ta],Pf=k2′P+yoh3Xi,h3=H1(Xi,Yo,ta) Obtaining a search authorization token T1And a search result proof P contained in the search authorization tokenf(ii) a And
data owning terminal computing T2=xiH0(wi′) Obtaining said search trapdoor Tw=(T1,T2)。
8. The blockchain-based medical data sharing method according to claim 7, wherein the searching and verifying the correctness of the search result at the data user side and generating a symmetric key comprises:
the data user side extracts t from the encryption index IgIf t isg<taCalculating { t }gj}j∈[1,l]←0-ENC(tg),{taj}j∈[1,l]←1-ENC(ta) Calculating to obtain a satisfied tab=tgbB is an integer of (a); judgment e (U)ij,Z)=e(Vij,T2) If yes, obtaining an encryption index I and adding the I into the set S;
for each S e S, S [ V ]i1,Vi2,…,Vil,Z,cf,cp,tg]And calculating: h is3=H1(Xi,Yo,ta),A=Pf-xih3Yo,f′=cf⊕H1(Z,A,tg) Judging equation H0(f′)=cp⊕H2(Z,w′i,f′,tg) Whether the verification result is valid or not is judged if the verification result is valid;
the data user side sends a verification result shown to be valid to the block chain, and the verification result passes through a public key X of the data user sideiEncrypting a symmetric key k, and uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user end accesses data.
9. The blockchain-based medical data sharing method according to claim 8, wherein the public key X of the data user side is passediThe symmetric key k is encrypted and,the method for uploading the generated symmetric key ciphertext to the block chain comprises the following steps:
encrypting the symmetric key k by the following formula;
Ck1=ke(H,Xi),Ck2=αT;
cipher text C of symmetric keyk=(Ck1,Ck2) And sending the block chain.
10. The blockchain-based medical data sharing method according to claim 9, wherein the data client obtains an authority to access the decrypted original data of the data owner from the interplanetary file system, and completing data sharing and obtaining the original data includes:
the data user side uses the file addressObtaining an EHR ciphertext from an interplanetary file system;
the symmetric key k is obtained by the following formula:
the original data m is obtained by the following formula calculation based on the symmetric key k:
m=Deck(Cm)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110669068.9A CN113407627B (en) | 2021-06-17 | 2021-06-17 | Block chain-based intelligent medical network system and medical data sharing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110669068.9A CN113407627B (en) | 2021-06-17 | 2021-06-17 | Block chain-based intelligent medical network system and medical data sharing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113407627A true CN113407627A (en) | 2021-09-17 |
CN113407627B CN113407627B (en) | 2024-03-01 |
Family
ID=77684553
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110669068.9A Active CN113407627B (en) | 2021-06-17 | 2021-06-17 | Block chain-based intelligent medical network system and medical data sharing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113407627B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114567465A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | Searchable encryption method for classified medical data based on block chain |
CN114827212A (en) * | 2022-06-27 | 2022-07-29 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN115225669A (en) * | 2022-07-14 | 2022-10-21 | 山东大学 | Distributed private data processing system and method |
CN115314321A (en) * | 2022-10-09 | 2022-11-08 | 湖南天河国云科技有限公司 | Searchable encryption system and method based on block chain without secure channel |
CN115622700A (en) * | 2022-11-28 | 2023-01-17 | 南方电网数字电网研究院有限公司 | Electricity data encryption searching method and device, computer equipment and storage medium |
CN115659378A (en) * | 2022-12-13 | 2023-01-31 | 湖南工商大学 | Case record information evidence storing method and related equipment |
CN115996151A (en) * | 2023-03-22 | 2023-04-21 | 中南大学 | Electronic medical data sharing method, system, equipment and medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
US20190237169A1 (en) * | 2018-01-30 | 2019-08-01 | Humana Inc. | System for providing a data market for health data and for providing rewards to data market participants |
CN110688673A (en) * | 2019-09-19 | 2020-01-14 | 安徽师范大学 | Medical data sharing method, device and system based on cloud server and block chain |
CN111916173A (en) * | 2020-08-07 | 2020-11-10 | 安徽师范大学 | Medical data safety sharing system and method based on IPFS and alliance chain |
CN112149184A (en) * | 2020-11-25 | 2020-12-29 | 南京可信区块链与算法经济研究院有限公司 | Block chain external storage system and method based on time-limited access |
CN112365945A (en) * | 2020-10-27 | 2021-02-12 | 扬州大学 | Block chain-based electronic medical record fine-grained access control and ciphertext searchable method |
CN112765650A (en) * | 2021-01-05 | 2021-05-07 | 西安电子科技大学 | Attribute-based searchable encryption block chain medical data sharing method |
CN112836240A (en) * | 2021-02-26 | 2021-05-25 | 广东工业大学 | Block chain-based electronic medical data security sharing method, system and medium |
CN112910840A (en) * | 2021-01-14 | 2021-06-04 | 重庆邮电大学 | Medical data storage and sharing method and system based on alliance blockchain |
-
2021
- 2021-06-17 CN CN202110669068.9A patent/CN113407627B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
US20190237169A1 (en) * | 2018-01-30 | 2019-08-01 | Humana Inc. | System for providing a data market for health data and for providing rewards to data market participants |
CN110688673A (en) * | 2019-09-19 | 2020-01-14 | 安徽师范大学 | Medical data sharing method, device and system based on cloud server and block chain |
CN111916173A (en) * | 2020-08-07 | 2020-11-10 | 安徽师范大学 | Medical data safety sharing system and method based on IPFS and alliance chain |
CN112365945A (en) * | 2020-10-27 | 2021-02-12 | 扬州大学 | Block chain-based electronic medical record fine-grained access control and ciphertext searchable method |
CN112149184A (en) * | 2020-11-25 | 2020-12-29 | 南京可信区块链与算法经济研究院有限公司 | Block chain external storage system and method based on time-limited access |
CN112765650A (en) * | 2021-01-05 | 2021-05-07 | 西安电子科技大学 | Attribute-based searchable encryption block chain medical data sharing method |
CN112910840A (en) * | 2021-01-14 | 2021-06-04 | 重庆邮电大学 | Medical data storage and sharing method and system based on alliance blockchain |
CN112836240A (en) * | 2021-02-26 | 2021-05-25 | 广东工业大学 | Block chain-based electronic medical data security sharing method, system and medium |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114567465A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | Searchable encryption method for classified medical data based on block chain |
CN114827212A (en) * | 2022-06-27 | 2022-07-29 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN114827212B (en) * | 2022-06-27 | 2022-09-16 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
CN115225669A (en) * | 2022-07-14 | 2022-10-21 | 山东大学 | Distributed private data processing system and method |
CN115225669B (en) * | 2022-07-14 | 2024-04-05 | 山东大学 | Distributed privacy data processing system and method |
CN115314321A (en) * | 2022-10-09 | 2022-11-08 | 湖南天河国云科技有限公司 | Searchable encryption system and method based on block chain without secure channel |
CN115622700A (en) * | 2022-11-28 | 2023-01-17 | 南方电网数字电网研究院有限公司 | Electricity data encryption searching method and device, computer equipment and storage medium |
CN115659378A (en) * | 2022-12-13 | 2023-01-31 | 湖南工商大学 | Case record information evidence storing method and related equipment |
CN115996151A (en) * | 2023-03-22 | 2023-04-21 | 中南大学 | Electronic medical data sharing method, system, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN113407627B (en) | 2024-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113407627B (en) | Block chain-based intelligent medical network system and medical data sharing method | |
Liang et al. | Towards decentralized accountability and self-sovereignty in healthcare systems | |
Wu et al. | Security and privacy of patient information in medical systems based on blockchain technology | |
US11212264B1 (en) | Systems and methods for third party data protection | |
Darwish et al. | Decentralizing privacy implementation at cloud storage using blockchain-based hybrid algorithm | |
CN110610102B (en) | Data access method, device and system | |
CN115242518A (en) | Medical health data protection system and method under mixed cloud environment | |
John et al. | Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation | |
CN115987592A (en) | Block chain-based mobile medical internet of things fine-grained access control method and system | |
Sethia et al. | CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder. | |
Jyoti et al. | A blockchain and smart contract-based data provenance collection and storing in cloud environment | |
Pawar et al. | Privacy preserving model-based authentication and data security in cloud computing | |
Yoosuf | Lightweight fog‐centric auditing scheme to verify integrity of IoT healthcare data in the cloud environment | |
Xu et al. | A privacy-preserving and efficient data sharing scheme with trust authentication based on blockchain for mHealth | |
Gajmal et al. | Blockchain-based access control and data sharing mechanism in cloud decentralized storage system | |
CN113889208A (en) | Block chain-based method, device and equipment for sharing medical data between uplink and downlink | |
CN112836240A (en) | Block chain-based electronic medical data security sharing method, system and medium | |
US20220191034A1 (en) | Technologies for trust protocol with immutable chain storage and invocation tracking | |
Sassi et al. | Security and privacy protection in the e-health system: Remote monitoring of covid-19 patients as a use case | |
WO2022212396A1 (en) | Systems and methods of protecting secrets in use with containerized applications | |
Mante et al. | A study of searchable and auditable attribute based encryption in cloud | |
CN114762291A (en) | Method, computer program and data sharing system for sharing user specific data of a user | |
Satheesh et al. | AB-DAM: attribute-based data access model in blockchain for healthcare applications | |
Ding et al. | Leveraging self-sovereign identity in decentralized data aggregation | |
Devassy | Research Project Questions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |