CN113407627A - Intelligent medical network system based on block chain and medical data sharing method - Google Patents

Intelligent medical network system based on block chain and medical data sharing method Download PDF

Info

Publication number
CN113407627A
CN113407627A CN202110669068.9A CN202110669068A CN113407627A CN 113407627 A CN113407627 A CN 113407627A CN 202110669068 A CN202110669068 A CN 202110669068A CN 113407627 A CN113407627 A CN 113407627A
Authority
CN
China
Prior art keywords
data
search
owning
user side
blockchain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110669068.9A
Other languages
Chinese (zh)
Other versions
CN113407627B (en
Inventor
张爱清
聂雪丽
陈金豆
叶新荣
高雅
胡院院
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Normal University
Original Assignee
Anhui Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Normal University filed Critical Anhui Normal University
Priority to CN202110669068.9A priority Critical patent/CN113407627B/en
Publication of CN113407627A publication Critical patent/CN113407627A/en
Application granted granted Critical
Publication of CN113407627B publication Critical patent/CN113407627B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2471Distributed queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses an intelligent medical network system based on a block chain and a medical data sharing method, which relate to the technical field of search safety and privacy protection and comprise the following steps: a data owning end for: encrypting and sending the encrypted original data to an interplanetary file system; encrypting a keyword and a file identifier corresponding to original data into an encryption index; uploading the encryption index to a block chain for sharing, wherein a data owning end can authorize a data user end so that the data owning end can configure keywords and decrypt the keywords to obtain original data; a data client configured to: sending a search request to a data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time; generating a search trapdoor; and when the actual search result is verified to be correct, the authority of accessing the original data of the decrypted data owning end is obtained. The invention combines searchable encryption and intelligent contracts to realize time control and verifiable keyword search.

Description

Intelligent medical network system based on block chain and medical data sharing method
Technical Field
The invention relates to the technical field of search safety and privacy protection, in particular to an intelligent medical network system based on a block chain and a medical data sharing method.
Background
For many years, the intelligent healthcare network (SHN) has been properly called the internet of medical things (IoMT). The killer level of SHN is used in many applications. For example, Facebook initiated a new preventive care tool. The electronic health record is a digital record, which is a collection of patient health records, which are shared in the SHN. The electronic medical record is highly private and has great financial value. Accordingly, more and more research is being focused on securing security and privacy protecting shared electronic medical records. Sharing an electronic medical record can help a doctor to effectively assess the patient's condition and make a correct diagnosis of the disease.
Electronic Health Record (EHR) sharing is inherently private data sharing, thus leading to storage security and privacy leakage issues. To address these issues, cloud-based electronic medical record sharing has been proposed. The authors propose a fine-grained access control scheme to enable patient-centric personal health record privacy in cloud computing. To access a patient's health record for a limited period of time, a federated key search with a designed tester and a time-enabled proxy re-encryption function is proposed. Even though these works combine different cryptographic algorithms and cloud computing to enable EHR sharing to enable revocation of data security and time control, there are still some security threats. In particular, cloud servers are semi-trusted. If the cloud server is attacked or lacks adequate monitoring, a single point of failure will result.
Disclosure of Invention
The invention aims to provide an intelligent medical network system and a medical data sharing method based on a block chain, which can improve the safety of data, and users with proper access authority can search required data by using the limited authorization of a data owner and verify the authenticity of a search result.
In order to achieve the above object, the present invention provides an intelligent medical network system based on a blockchain, including: a data owning end for: encrypting original data and sending the encrypted original data to an interplanetary file system; encrypting the corresponding keywords and file identifiers of the original data into encryption indexes; uploading the encryption index to a block chain for sharing, wherein the data owning end can authorize a data user end, so that the data user end can configure expected keywords and decrypt to obtain the original data; the data user side is used for: sending a search request to the data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time; generating a search trapdoor through a public key and the search authorization token; and calling a search intelligent contract on the block chain to search so as to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interplanetary file system when the actual search result is verified to be correct by the search result.
Preferably, the encrypting, by the data owning side, the key word and the file identifier corresponding to the original data into the encrypted index includes: and the data owning terminal is used for encrypting the corresponding keywords and file identifiers of the original data at different time to obtain an encryption index set.
Preferably, the present invention further provides a method for sharing medical data based on a blockchain, which uses the above intelligent medical network system based on a blockchain, and the method for sharing medical data based on a blockchain includes: initializing the intelligent medical network system; generating keys of the data owning terminal and the data user terminal; generating an EHR ciphertext and an encryption index corresponding to the original data of the data owning end; generating a search authorization token and a search trapdoor of the data user side; the data user side searches and verifies the correctness of the search result and generates a symmetric key; and the data user side obtains the authority of accessing the decrypted original data of the data owning side from the interplanetary file system to finish data sharing.
Preferably, the initializing the intelligent medical network system includes: configuring a security parameter lambda, selecting two large prime numbers p, q and a bilinear pair e, G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is a group of numbers of generating elements on the elliptic curve of the cyclic group G, and the following four Hash functions are selected:
H0:{0,1}*→G,
H1:
Figure BDA0003118336490000031
H2:
Figure BDA0003118336490000032
H3:
Figure BDA0003118336490000033
randomly selecting two parameters
Figure BDA0003118336490000034
And calculating H ═ α P, T ═ β P;
initializing the public parameters of the intelligent medical network system as follows:
param=(G,GT,e,P,H00,H1,H2,H3,H,T)。
preferably, the generating the keys of the data owning side and the data user side includes:
the data user side diRandom selection
Figure BDA0003118336490000035
Calculating Xi=xiP, wherein the data user side diRespectively is pki=Xi,ski=xi(ii) a And
the data owning terminal noRandom selection
Figure BDA0003118336490000036
Calculating Yo=yoP, wherein the data-owning terminal noRespectively is pko=Y,sko=yo
Preferably, the generating the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data owning end includes:
the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
Figure BDA0003118336490000037
The data-owning computation { t }gj}j∈[1,l]←0-ENC(tg) (ii) a For each tgj∈{tgj}j∈[1,l]Calculating vij=H3(k1,tgj,wi),i∈[1,n],wi∈W=(w1,....,wn) (ii) a Random selection
Figure BDA0003118336490000041
ComputingVij=rvijP,j∈[1,l],i∈[1,n](ii) a Calculating Z ═ rH0(wi),
Figure BDA0003118336490000042
Obtaining an encryption index I ═ Vi1,Vi2,…,Vil,Z,cf,cp,tg]。
Preferably, the generating of the search authorization token and the search trapdoor at the data user side comprises:
the data owning terminal configures keyword search authorization time taCalculating { t }aj}j∈[1,l]←1-ENC(ta) For each taj∈{taj}j∈[1,l]Calculating uij=H3(k1′,taj,wi′),i∈[1,n],j∈[1,l],Uij=uijXi,T1=[Ui1,Ui2,…,Uil,ta],Pf=k2′P+yoh3Xi,h3=H1(Xi,Yo,ta) Obtaining a search authorization token T1And a search result proof P contained in the search authorization tokenf(ii) a And
data owning terminal computing T2=xiH0(wi′) Obtaining said search trapdoor Tw=(T1,T2)。
Preferably, the searching and verifying the correctness of the search result by the data user side, and generating the symmetric key includes:
the data user side extracts t from the encryption index IgIf t isg<taCalculating { t }gj}j∈[1,l]←0-ENC(tg),{taj}j∈[1,l]←1-ENC(ta) Calculating to obtain a satisfied tab=tgbB is an integer of (a); judgment e (U)ij,Z)=e(Vij,T2) If yes, obtaining an encryption index I and adding the I into the set S;
for each S e S, S [ V ]i1,Vi2,…,Vil,Z,cf,cp,tg]And calculating: h is3=H1(Xi,Yo,ta),A=Pf-xih3Yo,
Figure BDA0003118336490000043
Judgment equation
Figure BDA0003118336490000044
Whether the verification result is valid or not is judged if the verification result is valid;
the data user side sends a verification result shown to be valid to the block chain, and the verification result passes through a public key X of the data user sideiEncrypting a symmetric key k, uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user end accesses data:
preferably, the public key X of the user side of the data is usediThe method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the block chain comprises the following steps:
encrypting the symmetric key k by the following formula;
Ck1=ke(H,Xi),Ck2=αT;
cipher text C of symmetric keyk=(Ck1,Ck2) And sending the block chain.
Preferably, the obtaining, by the data user side, the authority to access the decrypted original data of the data owning side from the interplanetary file system, and the completing data sharing and obtaining the original data includes:
the data user side uses the file address
Figure BDA0003118336490000052
Obtaining an EHR ciphertext from an interplanetary file system;
the symmetric key k is obtained by the following formula:
Figure BDA0003118336490000051
the original data m is obtained by the following formula calculation based on the symmetric key k:
m=Deck(Cm)。
according to the technical scheme, the medical data are safely stored by combining a symmetric encryption Algorithm (AES) and IPFS distributed storage, the medical data are safely searched and privacy protected by adopting keyword search encryption based on time limitation, and authorized users can be efficiently searched within the effective time of the token by using intelligent contract. The invention not only realizes the safe storage and sharing functions of the medical data of the data owner, but also protects the privacy and the data safety of the owner, realizes that a data user efficiently searches the desired data, reduces the data searching time, and conforms to the development trend of the medical data searching under the background of the current value Internet.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is an interactive block diagram illustrating a blockchain-based intelligent medical network system of the present invention;
FIG. 2 is a block diagram illustrating a blockchain-based intelligent medical network system of the present invention; and
fig. 3 is a flow chart illustrating a blockchain-based medical data sharing method of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
Example 1
Fig. 1 is a block diagram of module interaction of an intelligent medical network system based on a blockchain according to an embodiment 1 of the present invention, as shown in fig. 1 and 2, the intelligent medical network system based on a blockchain includes:
a data owning end for:
encrypting original data and sending the encrypted original data to an interplanetary File system (IPFS);
encrypting the corresponding keywords and file identifiers of the original data into encryption indexes;
uploading the encryption index to a block chain for sharing, wherein the data owning end can authorize a data user end, so that the data user end can configure expected keywords and decrypt to obtain the original data;
the data user side is used for:
sending a search request to the data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time;
generating a search trapdoor through a public key and the search authorization token;
and calling a search intelligent contract on the block chain to search so as to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interplanetary file system when the actual search result is verified to be correct by the search result.
Preferably, the encrypting, by the data owning side, the key word and the file identifier corresponding to the original data into the encrypted index includes: and the data owning terminal is used for encrypting the corresponding keywords and file identifiers of the original data at different time to obtain an encryption index set.
To summarize, all ends of the data send EHR ciphertext to the IPFS and receive file hash addresses. Then, all the data terminals calculate time and encrypt indexes, and then the encrypted indexes are uploaded to a block chain, and all the encrypted indexes form an encrypted index set at different time by all the data terminals which generate different data; the data user side wants to search the keywords in the file set from the data owner side, sends a search request to the data owner, generates a keyword search authorization token, and distributes effective time to the data owner side at the search authorization token. In addition, all sides of the data generate a proof for verifying the search results. The data user side can generate a search trapdoor using the authorization token and the key. The data client with the trapdoor calls the search intelligence contract to search the interested indexes stored on the blockchain, and the data client can verify the correctness of the search result by using the key and the generated proof. If the result is correct, the data user can download the ciphertext from the IPFS and decrypt the ciphertext. The invention realizes efficient search in the intelligent health network and verifiable search with time limit.
Example 2
In embodiment 1, a blockchain-based intelligent medical network system is disclosed, and for the method for establishing the system and using the system to implement a blockchain-based medical data sharing method, the method needs to be implemented by a method as shown in fig. 3, and the method for establishing and using the blockchain-based intelligent medical network system according to claim 1 or 2 to implement the blockchain-based medical data sharing method comprises:
s301, initializing the intelligent medical network system;
s302, generating keys of the data owning terminal and the data user terminal;
s303, generating an EHR ciphertext and an encryption index corresponding to the original data of the data owning end;
s304, generating a search authorization token and a search trapdoor of the data user side;
s305, the data user side searches and verifies the correctness of the search result, and generates a symmetric key; and
s306, the data user side obtains the authority of accessing the decrypted original data of the data owning side from the interplanetary file system, and data sharing is completed.
Preferably, S301, the initializing the intelligent medical network system includes:
s3011, configuring security parameter lambda, selecting two large prime numbers p and q and a bilinear pair e, G is multiplied by G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is a group of numbers of generating elements on the elliptic curve of the cyclic group G, and the following four Hash functions are selected:
H0:{0,1}*→G,
H1:
Figure BDA0003118336490000081
H2:
Figure BDA0003118336490000082
H3:
Figure BDA0003118336490000083
s3012, the system randomly selects two parameters
Figure BDA0003118336490000084
And calculating H ═ α P, T ═ β P;
s3013, initializing the public parameters of the intelligent medical network system as follows:
param=(G,GT,e,P,H00,H1,H2,H3,H,T)。
preferably, the generating the keys of the data owner side and the data user side in S302 includes:
s3021, the data user end diRandom selection
Figure BDA0003118336490000085
Calculating Xi=xiP, wherein the data user side diRespectively is pki=Xi,ski=xi(ii) a And
s3022, the data owning terminal noRandom selection
Figure BDA0003118336490000086
Calculating Yo=yoP, wherein the data-owning terminal noRespectively is pko=Y,sko=yo
Preferably, the generating of the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data owning end in S303 includes:
s3031, the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
Figure BDA0003118336490000094
S3032, the data owning terminal calculates { tgj}j∈[1,l]←0-ENC(tg) (ii) a For each tgj∈{tgj}j∈[1,l]Calculating vij=H3(k1,tgj,wi),i∈[1,n],wi∈W=(w1,....,wn) (ii) a Random selection
Figure BDA0003118336490000091
Calculating Vij=rvijP,j∈[1,l],i∈[1,n](ii) a Calculating Z ═ rH0(wi),
Figure BDA0003118336490000092
Obtaining an encryption index I ═ Vi1,Vi2,…,Vil,Z,cf,cp,tg]。
Preferably, the generating of the search authorization token and the search trapdoor at the data user end in S304 includes:
s3041 saidData owning terminal configures keyword search authorization time taCalculating { t }aj}j∈[1,l]←1-ENC(ta) For each taj∈{taj}j∈[1,l]Calculating uij=H3(k1′,taj,wi′),i∈[1,n],j∈[1,l],Uij=uijXi,T1=[Ui1,Ui2,…,Uil,ta],Pf=k2′P+yoh3Xi,h3=H1(Xi,Yo,ta) Obtaining a search authorization token T1And a search result proof P contained in the search authorization tokenf(ii) a And
s3042, data owning terminal calculates T2=xiH0(wi′) Obtaining said search trapdoor Tw=(T1,T2)。
Preferably, the searching and verifying the correctness of the search result by the data user side in S305, and generating the symmetric key includes:
s3051, the data user side extracts t from the encryption index IgIf t isg<taCalculating { t }gj}j∈[1,l]←0-ENC(tg),{taj}j∈[1,l]←1-ENC(ta) Calculating to obtain a satisfied tab=tgbB is an integer of (a); judgment e (U)ij,Z)=e(Vij,T2) If yes, obtaining an encryption index I and adding the I into the set S;
s3052, for each S ∈ S, S [ V ]i1,Vi2,…,Vil,Z,cf,cp,tg]And calculating: h is3=H1(Xi,Yo,ta),A=Pf-xih3Yo,
Figure BDA0003118336490000093
Judgment equation
Figure BDA0003118336490000101
Whether the verification result is valid or not is judged if the verification result is valid; i.e., if the equation holds, the output is "valid". Otherwise, output "invalid";
s3053, the data user end sends a verification result shown to be valid to the block chain, and the verification result passes through a public key X of the data user endiEncrypting a symmetric key k, uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user end accesses data:
preferably, the public key X of the data user side is used in S3053iThe method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the block chain comprises the following steps:
encrypting the symmetric key k by the following formula;
Ck1=ke(H,Xi),Ck2=αT;
cipher text C of symmetric keyk=(Ck1,Ck2) And sending the block chain.
Preferably, the step S306 of obtaining, by the data user side, the authority to access the decrypted original data of the data owner side from the interplanetary file system, and completing data sharing and obtaining the original data includes:
s3061, the data user side uses the file address
Figure BDA0003118336490000103
Obtaining an EHR ciphertext from an interplanetary file system;
s3062, a symmetric key k is obtained by the following equation:
Figure BDA0003118336490000102
the original data m is obtained by the following formula calculation based on the symmetric key k:
m=Deck(Cm)。
the embodiment 2 includes a generation method of the intelligent medical network system based on the block chain and a sharing method of the whole data in the embodiment 1, and the generation establishment process and the sharing are synchronously executed, or the generation establishment process and the sharing can be realized after the establishment.
For example, the data owner may be a patient a who generates a health record by interacting with a doctor, which may be of interest to other institutions or companies, who encrypts his raw data and sends it to the IPFS in order to protect his privacy and data security. Meanwhile, corresponding keywords and file identifiers are encrypted to form encryption indexes, and the encryption indexes are uploaded to a block link for searching and sharing, so that the accuracy of disease diagnosis of the patient A is improved. Only patient a can authorize the data user and decrypt the ciphertext. The data user may be a medical facility B who wishes to access the health record of patient a. He can search for the expected keywords on the blockchain, first the medical institution B needs to send a search request to the patient a and obtain a search authorization token, then the medical institution B generates a search trapdoor using his/her public key and token, and finally, he invokes a search intelligence contract on the blockchain to search. The results of the search are sent by the blockchain to medical institution B, who will use the proof in the search to verify the results authorization token. If the search results are correct, medical facility B may access the patient A's data.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. An intelligent medical network system based on a block chain, which is characterized by comprising:
a data owning end for:
encrypting original data and sending the encrypted original data to an interplanetary file system;
encrypting the corresponding keywords and file identifiers of the original data into encryption indexes;
uploading the encryption index to a block chain for sharing, wherein the data owning end can authorize a data user end, so that the data user end can configure expected keywords and decrypt to obtain the original data;
the data user side is used for:
sending a search request to the data owner and obtaining a search authorization token, wherein the search authorization token comprises search result certification data and token valid time;
generating a search trapdoor through a public key and the search authorization token;
and calling a search intelligent contract on the block chain to search so as to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interplanetary file system when the actual search result is verified to be correct by the search result.
2. The intelligent blockchain-based medical network system according to claim 1, wherein the data owning process for encrypting the corresponding keyword and file identifier of the original data into an encrypted index comprises:
and the data owning terminal is used for encrypting the corresponding keywords and file identifiers of the original data at different time to obtain an encryption index set.
3. A blockchain-based medical data sharing method using the blockchain-based intelligent medical network system according to claim 1 or 2, the blockchain-based medical data sharing method comprising:
initializing the intelligent medical network system;
generating keys of the data owning terminal and the data user terminal;
generating an EHR ciphertext and an encryption index corresponding to the original data of the data owning end;
generating a search authorization token and a search trapdoor of the data user side;
the data user side searches and verifies the correctness of the search result and generates a symmetric key; and
and the data user side obtains the authority of accessing the decrypted original data of the data owning side from the interplanetary file system, and data sharing is completed.
4. The blockchain-based medical data sharing method according to claim 3, wherein the initializing the intelligent medical network system includes:
configuring a security parameter lambda, selecting two large prime numbers p, q and a bilinear pair e, G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is a group of numbers of generating elements on the elliptic curve of the cyclic group G, and the following four Hash functions are selected:
H0:{0,1}*→G,
Figure FDA0003118336480000021
Figure FDA0003118336480000022
Figure FDA0003118336480000023
randomly selecting two parameters
Figure FDA0003118336480000024
And calculating H ═ α P, T ═ β P;
initializing the public parameters of the intelligent medical network system as follows:
param=(G,GT,e,P,H00,H1,H2,H3,H,T)。
5. the blockchain-based medical data sharing method according to claim 4, wherein the generating the keys of the data-owning side and the data-user side includes:
the data user side diRandom selection
Figure FDA0003118336480000031
Calculating Xi=xiP, wherein the data user side diRespectively is pki=Xi,ski=xi(ii) a And
the data owning terminal noRandom selection
Figure FDA0003118336480000032
Calculating Yo=yoP, wherein the data-owning terminal noRespectively is pko=Y,sko=yo
6. The method according to claim 5, wherein the generating of the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data-owning side comprises:
the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
Figure FDA0003118336480000033
The data-owning computation { t }gj}j∈[1,l]←0-ENC(tg) (ii) a For each tgj∈{tgj}j∈[1,l]Calculating vij=H3(k1,tgj,wi),i∈[1,n],wi∈W=(w1,....,wn) (ii) a Random selection
Figure FDA0003118336480000034
Calculating Vij=rvijP,j∈[1,l],i∈[1,n](ii) a Calculating Z ═ rH0(wi),cf=f⊕H1(Z,k2P,tg),cp=H0(f)⊕H2(Z,wi,f,tg) (ii) a Obtaining an encryption index I ═ Vi1,Vi2,…,Vil,Z,cf,cp,tg]。
7. The blockchain-based medical data sharing method according to claim 6, wherein the generating of the search authorization token and the search trapdoor of the data user side comprises:
the data owning terminal configures keyword search authorization time taCalculating { t }aj}j∈[1,l]←1-ENC(ta) For each taj∈{taj}j∈[1,l]Calculating uij=H3(k1′,taj,w′i),i∈[1,n],j∈[1,l],Uij=uijXi,T1=[Ui1,Ui2,…,Uil,ta],Pf=k2′P+yoh3Xi,h3=H1(Xi,Yo,ta) Obtaining a search authorization token T1And a search result proof P contained in the search authorization tokenf(ii) a And
data owning terminal computing T2=xiH0(wi′) Obtaining said search trapdoor Tw=(T1,T2)。
8. The blockchain-based medical data sharing method according to claim 7, wherein the searching and verifying the correctness of the search result at the data user side and generating a symmetric key comprises:
the data user side extracts t from the encryption index IgIf t isg<taCalculating { t }gj}j∈[1,l]←0-ENC(tg),{taj}j∈[1,l]←1-ENC(ta) Calculating to obtain a satisfied tab=tgbB is an integer of (a); judgment e (U)ij,Z)=e(Vij,T2) If yes, obtaining an encryption index I and adding the I into the set S;
for each S e S, S [ V ]i1,Vi2,…,Vil,Z,cf,cp,tg]And calculating: h is3=H1(Xi,Yo,ta),A=Pf-xih3Yo,f′=cf⊕H1(Z,A,tg) Judging equation H0(f′)=cp⊕H2(Z,w′i,f′,tg) Whether the verification result is valid or not is judged if the verification result is valid;
the data user side sends a verification result shown to be valid to the block chain, and the verification result passes through a public key X of the data user sideiEncrypting a symmetric key k, and uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user end accesses data.
9. The blockchain-based medical data sharing method according to claim 8, wherein the public key X of the data user side is passediThe symmetric key k is encrypted and,the method for uploading the generated symmetric key ciphertext to the block chain comprises the following steps:
encrypting the symmetric key k by the following formula;
Ck1=ke(H,Xi),Ck2=αT;
cipher text C of symmetric keyk=(Ck1,Ck2) And sending the block chain.
10. The blockchain-based medical data sharing method according to claim 9, wherein the data client obtains an authority to access the decrypted original data of the data owner from the interplanetary file system, and completing data sharing and obtaining the original data includes:
the data user side uses the file address
Figure FDA0003118336480000051
Obtaining an EHR ciphertext from an interplanetary file system;
the symmetric key k is obtained by the following formula:
Figure FDA0003118336480000052
the original data m is obtained by the following formula calculation based on the symmetric key k:
m=Deck(Cm)。
CN202110669068.9A 2021-06-17 2021-06-17 Block chain-based intelligent medical network system and medical data sharing method Active CN113407627B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110669068.9A CN113407627B (en) 2021-06-17 2021-06-17 Block chain-based intelligent medical network system and medical data sharing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110669068.9A CN113407627B (en) 2021-06-17 2021-06-17 Block chain-based intelligent medical network system and medical data sharing method

Publications (2)

Publication Number Publication Date
CN113407627A true CN113407627A (en) 2021-09-17
CN113407627B CN113407627B (en) 2024-03-01

Family

ID=77684553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110669068.9A Active CN113407627B (en) 2021-06-17 2021-06-17 Block chain-based intelligent medical network system and medical data sharing method

Country Status (1)

Country Link
CN (1) CN113407627B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567465A (en) * 2022-02-17 2022-05-31 安徽师范大学 Searchable encryption method for classified medical data based on block chain
CN114827212A (en) * 2022-06-27 2022-07-29 浙江省邮电工程建设有限公司 Vehicle communication management method for intelligent traffic
CN115225669A (en) * 2022-07-14 2022-10-21 山东大学 Distributed private data processing system and method
CN115314321A (en) * 2022-10-09 2022-11-08 湖南天河国云科技有限公司 Searchable encryption system and method based on block chain without secure channel
CN115622700A (en) * 2022-11-28 2023-01-17 南方电网数字电网研究院有限公司 Electricity data encryption searching method and device, computer equipment and storage medium
CN115659378A (en) * 2022-12-13 2023-01-31 湖南工商大学 Case record information evidence storing method and related equipment
CN115996151A (en) * 2023-03-22 2023-04-21 中南大学 Electronic medical data sharing method, system, equipment and medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107104982A (en) * 2017-05-26 2017-08-29 福州大学 Have traitor tracing function in mobile electron medical treatment can search for encryption system
US20190237169A1 (en) * 2018-01-30 2019-08-01 Humana Inc. System for providing a data market for health data and for providing rewards to data market participants
CN110688673A (en) * 2019-09-19 2020-01-14 安徽师范大学 Medical data sharing method, device and system based on cloud server and block chain
CN111916173A (en) * 2020-08-07 2020-11-10 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN112149184A (en) * 2020-11-25 2020-12-29 南京可信区块链与算法经济研究院有限公司 Block chain external storage system and method based on time-limited access
CN112365945A (en) * 2020-10-27 2021-02-12 扬州大学 Block chain-based electronic medical record fine-grained access control and ciphertext searchable method
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN112836240A (en) * 2021-02-26 2021-05-25 广东工业大学 Block chain-based electronic medical data security sharing method, system and medium
CN112910840A (en) * 2021-01-14 2021-06-04 重庆邮电大学 Medical data storage and sharing method and system based on alliance blockchain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107104982A (en) * 2017-05-26 2017-08-29 福州大学 Have traitor tracing function in mobile electron medical treatment can search for encryption system
US20190237169A1 (en) * 2018-01-30 2019-08-01 Humana Inc. System for providing a data market for health data and for providing rewards to data market participants
CN110688673A (en) * 2019-09-19 2020-01-14 安徽师范大学 Medical data sharing method, device and system based on cloud server and block chain
CN111916173A (en) * 2020-08-07 2020-11-10 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN112365945A (en) * 2020-10-27 2021-02-12 扬州大学 Block chain-based electronic medical record fine-grained access control and ciphertext searchable method
CN112149184A (en) * 2020-11-25 2020-12-29 南京可信区块链与算法经济研究院有限公司 Block chain external storage system and method based on time-limited access
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN112910840A (en) * 2021-01-14 2021-06-04 重庆邮电大学 Medical data storage and sharing method and system based on alliance blockchain
CN112836240A (en) * 2021-02-26 2021-05-25 广东工业大学 Block chain-based electronic medical data security sharing method, system and medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567465A (en) * 2022-02-17 2022-05-31 安徽师范大学 Searchable encryption method for classified medical data based on block chain
CN114827212A (en) * 2022-06-27 2022-07-29 浙江省邮电工程建设有限公司 Vehicle communication management method for intelligent traffic
CN114827212B (en) * 2022-06-27 2022-09-16 浙江省邮电工程建设有限公司 Vehicle communication management method for intelligent traffic
CN115225669A (en) * 2022-07-14 2022-10-21 山东大学 Distributed private data processing system and method
CN115225669B (en) * 2022-07-14 2024-04-05 山东大学 Distributed privacy data processing system and method
CN115314321A (en) * 2022-10-09 2022-11-08 湖南天河国云科技有限公司 Searchable encryption system and method based on block chain without secure channel
CN115622700A (en) * 2022-11-28 2023-01-17 南方电网数字电网研究院有限公司 Electricity data encryption searching method and device, computer equipment and storage medium
CN115659378A (en) * 2022-12-13 2023-01-31 湖南工商大学 Case record information evidence storing method and related equipment
CN115996151A (en) * 2023-03-22 2023-04-21 中南大学 Electronic medical data sharing method, system, equipment and medium

Also Published As

Publication number Publication date
CN113407627B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
CN113407627B (en) Block chain-based intelligent medical network system and medical data sharing method
Liang et al. Towards decentralized accountability and self-sovereignty in healthcare systems
Wu et al. Security and privacy of patient information in medical systems based on blockchain technology
US11212264B1 (en) Systems and methods for third party data protection
Darwish et al. Decentralizing privacy implementation at cloud storage using blockchain-based hybrid algorithm
CN110610102B (en) Data access method, device and system
CN115242518A (en) Medical health data protection system and method under mixed cloud environment
John et al. Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation
CN115987592A (en) Block chain-based mobile medical internet of things fine-grained access control method and system
Sethia et al. CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder.
Jyoti et al. A blockchain and smart contract-based data provenance collection and storing in cloud environment
Pawar et al. Privacy preserving model-based authentication and data security in cloud computing
Yoosuf Lightweight fog‐centric auditing scheme to verify integrity of IoT healthcare data in the cloud environment
Xu et al. A privacy-preserving and efficient data sharing scheme with trust authentication based on blockchain for mHealth
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
CN113889208A (en) Block chain-based method, device and equipment for sharing medical data between uplink and downlink
CN112836240A (en) Block chain-based electronic medical data security sharing method, system and medium
US20220191034A1 (en) Technologies for trust protocol with immutable chain storage and invocation tracking
Sassi et al. Security and privacy protection in the e-health system: Remote monitoring of covid-19 patients as a use case
WO2022212396A1 (en) Systems and methods of protecting secrets in use with containerized applications
Mante et al. A study of searchable and auditable attribute based encryption in cloud
CN114762291A (en) Method, computer program and data sharing system for sharing user specific data of a user
Satheesh et al. AB-DAM: attribute-based data access model in blockchain for healthcare applications
Ding et al. Leveraging self-sovereign identity in decentralized data aggregation
Devassy Research Project Questions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant