CN106131014A - The security system accessed for the case information of medical treatment - Google Patents

The security system accessed for the case information of medical treatment Download PDF

Info

Publication number
CN106131014A
CN106131014A CN201610544172.4A CN201610544172A CN106131014A CN 106131014 A CN106131014 A CN 106131014A CN 201610544172 A CN201610544172 A CN 201610544172A CN 106131014 A CN106131014 A CN 106131014A
Authority
CN
China
Prior art keywords
medical
information
key
encryption
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610544172.4A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201610544172.4A priority Critical patent/CN106131014A/en
Publication of CN106131014A publication Critical patent/CN106131014A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • G06Q50/24
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The invention discloses the security system of the case information access for medical treatment, including medical user mobile terminal, access customer mobile terminal, cloud storage server, information encrypting module, information deciphering module.The present invention is prevented from the leakage of medical record information, and effectively the safety of the medical record information of protection medical user mobile terminal, has stronger usability and practicality;According to access structure tree, the medical record information after coding is divided into different access levels, improves and access the efficiency controlled, utilize code division multiplexing technology for encoding medical record information, decrease the memory space of cloud storage server;Fine-granularity access control can be realized, effectively alleviate the computing cost of system encryption, deciphering.

Description

The security system accessed for the case information of medical treatment
Technical field
The present invention relates to medical data security technology area, be particularly used for the safety system that the case information of medical treatment accesses System.
Background technology
In correlation technique, medical record information system provides real-time, comprehensive, authoritative health and fitness information collection, biography for people Defeated, store, share and process function, but there is the safety problem of the following aspects in it: 1) medical record information is in transmission During, easily it is stolen and propagates;2) medical information scale is very big, and the storage of magnanimity information exists potential safety hazard;3) medical treatment The access control management system of medical record information is unsound, makes the sensitive data of medical user mobile terminal can be entered doctor easily Anyone acquisition in treatment system.
Summary of the invention
For the problems referred to above, the present invention is provided to the security system that the case information of medical treatment accesses
The purpose of the present invention realizes by the following technical solutions:
The security system accessed for the case information of medical treatment, moves end including medical user mobile terminal, access user End, cloud storage server, information encrypting module, information deciphering module:
(1) cloud storage server, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal, registers and arranges encryption policy, from described cloud storage server for medical user Middle storage encryption medical case information, check deciphering or encryption medical case information;
(3) access customer mobile terminal, be used for checking whether access user meets described encryption policy, meet, allow letter Breath deciphering module reads the medical case information of the encryption of storage in deciphering cloud storage server, checks for accessing user.
(4) information encrypting module, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module, for providing medical treatment case for medical user mobile terminal and access customer mobile terminal Information decryption services.
Wherein, the security system that the described case information for medical treatment accesses also includes data retrieval module, described data Retrieval module is used for setting up metadata for the medical case information after each encryption of cloud storage server, and to described metadata It is encrypted, in order to log in user's information by the metadata retrieval desired data after encryption of cloud storage server.
Wherein, described medical treatment case information includes patient health data, patient registration's information;Described medical user moves end End includes doctor's mobile terminal and patient's mobile terminal.
Wherein, described to medical treatment case information carry out pretreatment, including: according to system predefined access structure tree wound Build multiple user property collection, by code division multiplexing encoded medical case information, according to described access structure tree by the doctor after coding Treating case information and be divided into N number of access level, the span of N is [3,6].
Wherein, described information encrypting module includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is selected by medical user mobile terminal for using pretreated medical treatment case information m The symmetric key K takenmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal to described symmetry Key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents all access strategy trees The set of all leaf nodes;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server is that each is used Family group attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up three re-encryptions Ciphertext C "m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to triple encrypted cipher text C″mA message header Hdr:
In formula, kgsRepresent and share session key.
Wherein, described shared session key uses public encryption system and key agreement protocol to generate, particularly as follows: described cloud The identity of medical user mobile terminal is sent to information encrypting module by storage server, and information encrypting module is to cloud storage service Device send first public key certificate, cloud storage server so for medical user mobile terminal generation one session key, and After the secret keys of self and the encryption of open key, together with second public key certificate corresponding with secret keys and corresponding with open key the One public key certificate is sent to medical user mobile terminal, described secret keys and open key in the lump and utilizes the open parameter of system to generate.
Wherein, described information deciphering module includes:
1) user organizes attribute key deciphering submodule, for accessing the medical case after customer mobile terminal accesses encryption During information, user is organized attribute key to be decrypted, the medical case after being returned corresponding to encryption by cloud storage server during deciphering Triple encrypted cipher text of information and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user and organizes attribute key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
The invention have the benefit that
1, it is prevented from the leakage of medical record information, effectively protects the medical record information of medical user mobile terminal Safety, has stronger usability and practicality;
2, according to access structure tree, the medical record information after coding is divided into different access levels, improves access control The efficiency of system, utilizes code division multiplexing technology for encoding medical record information, decreases the memory space of cloud storage server;
3, fine-granularity access control can be realized, effectively alleviate the computing cost of system encryption, deciphering.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings Other accompanying drawing.
Fig. 1 is the structure connection diagram of the present invention;
Fig. 2 is the encryption operation workflow schematic diagram of the information encrypting module of the present invention.
Reference:
Medical user mobile terminal 1, access customer mobile terminal 2, cloud storage server 3, information encrypting module 4, information Deciphering module 5.
Detailed description of the invention
The invention will be further described with the following Examples.
Embodiment 1
See Fig. 1, Fig. 2, the security system that the case information for medical treatment of the present embodiment accesses, move including medical user Dynamic terminal 1, access customer mobile terminal 2, cloud storage server 3, information encrypting module 4, information deciphering module 5:
(1) cloud storage server 3, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal 1, registers and arranges encryption policy, services from described cloud storage for medical user Device 3 stores the medical case information of encryption, checks deciphering or the medical case information of encryption;
(3) access customer mobile terminal 2, be used for checking whether access user meets described encryption policy, meet, allow Information deciphering module 5 reads the medical case information of the encryption of storage in deciphering cloud storage server 3, checks for accessing user.
(4) information encrypting module 4, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module 5, for providing medical treatment sick for medical user mobile terminal 1 and access customer mobile terminal 2 Example information decryption services.
Wherein, the security system that the described case information for medical treatment accesses also includes data retrieval module, described data Retrieval module is used for setting up metadata for the medical case information after each encryption of cloud storage server 3, and to described unit number According to being encrypted, in order to log in user's information by the metadata retrieval desired data after encryption of cloud storage server 3.
Wherein, described medical treatment case information includes patient health data, patient registration's information;Described medical user moves end End 1 includes doctor's mobile terminal and patient's mobile terminal.
Wherein, described to medical treatment case information carry out pretreatment, including: according to system predefined access structure tree wound Build multiple user property collection, by code division multiplexing encoded medical case information, according to described access structure tree by the doctor after coding Treating case information and be divided into N number of access level, the span of N is [3,6].
Wherein, described information encrypting module 4 includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is for using by medical user mobile terminal 1 pretreated medical treatment case information m The symmetric key K chosenmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal 1 to described symmetry Key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents all access strategy trees The set of all leaf nodes;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server 3 is each User organizes attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple adding Ciphertext C "m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to three re-encryptions close Literary composition C "mA message header Hdr:
In formula, kgsRepresent and share session key.
Wherein, described shared session key uses public encryption system and key agreement protocol to generate, particularly as follows: described cloud The identity of medical user mobile terminal 1 is sent to information encrypting module 4 by storage server 3, and information encrypting module 4 is deposited to cloud Storage server 3 sends first public key certificate, cloud storage server 3 and then generate a meeting for medical user mobile terminal 1 Words key, and with after the secret keys of self and open key encryption, together with second public key certificate corresponding with secret keys and with open The first public key certificate that key is corresponding is sent to medical user mobile terminal 1, described secret keys and open key in the lump and utilizes system public Open parameter to generate.
Wherein, described information deciphering module 5 includes:
1) user organizes attribute key deciphering submodule, sick for the medical treatment after accessing customer mobile terminal 2 access encryption During example information, user is organized attribute key to be decrypted, the medical treatment after being returned corresponding to encryption by cloud storage server 3 during deciphering Triple encrypted cipher text of case information and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user, and to organize attribute close Key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
The present embodiment does not use simple public key encryp, but is encapsulated key, it is to avoid key quilt Steal the harm caused, it is possible to prevent the leakage of medical record information, effectively protect the medical record of medical user mobile terminal 1 The safety of information, has stronger usability and practicality;Fine-granularity access control can be realized, effectively alleviate system encryption, solution Close computing cost;According to access structure tree, the medical record information after coding is divided into different access levels, improves visit Ask the efficiency of control, utilize code division multiplexing technology for encoding medical record information, decrease the memory space of cloud storage server 3; Wherein sharing session key uses public encryption system and key agreement protocol to generate, and adds the peace of medical record information encryption Quan Xing.
Embodiment 2
See Fig. 1, Fig. 2, the security system that the case information for medical treatment of the present embodiment accesses, move including medical user Dynamic terminal 1, access customer mobile terminal 2, cloud storage server 3, information encrypting module 4, information deciphering module 5:
(1) cloud storage server 3, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal 1, registers and arranges encryption policy, services from described cloud storage for medical user Device 3 stores the medical case information of encryption, checks deciphering or the medical case information of encryption;
(3) access customer mobile terminal 2, be used for checking whether access user meets described encryption policy, meet, allow Information deciphering module 5 reads the medical case information of the encryption of storage in deciphering cloud storage server 3, checks for accessing user.
(4) information encrypting module 4, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module 5, for providing medical treatment sick for medical user mobile terminal 1 and access customer mobile terminal 2 Example information decryption services.
Wherein, the security system that the described case information for medical treatment accesses also includes data retrieval module, described data Retrieval module is used for setting up metadata for the medical case information after each encryption of cloud storage server 3, and to described unit number According to being encrypted, in order to log in user's information by the metadata retrieval desired data after encryption of cloud storage server 3.
Wherein, described medical treatment case information includes patient health data, patient registration's information;Described medical user moves end End 1 includes doctor's mobile terminal and patient's mobile terminal.
Wherein, described to medical treatment case information carry out pretreatment, including: according to system predefined access structure tree wound Build multiple user property collection, by code division multiplexing encoded medical case information, according to described access structure tree by the doctor after coding Treating case information and be divided into N number of access level, the span of N is [3,6].
Wherein, described information encrypting module 4 includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is for using by medical user mobile terminal 1 pretreated medical treatment case information m The symmetric key K chosenmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal 1 to described symmetry Key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents all access strategy trees The set of all leaf nodes;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server 3 is each User organizes attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple adding Ciphertext C "m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to three re-encryptions close Literary composition C "mA message header Hdr:
In formula, kgsRepresent and share session key.
Wherein, described information deciphering module 5 includes:
1) user organizes attribute key deciphering submodule, sick for the medical treatment after accessing customer mobile terminal 2 access encryption During example information, user is organized attribute key to be decrypted, the medical treatment after being returned corresponding to encryption by cloud storage server 3 during deciphering Triple encrypted cipher text of case information and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user, and to organize attribute close Key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
The present embodiment does not use simple public key encryp, but is encapsulated key, it is to avoid key quilt Steal the harm caused, it is possible to prevent the leakage of medical record information, effectively protect the medical record of medical user mobile terminal 1 The safety of information, has stronger usability and practicality;Fine-granularity access control can be realized, effectively alleviate system encryption, solution Close computing cost;According to access structure tree, the medical record information after coding is divided into different access levels, improves visit Ask the efficiency of control, utilize code division multiplexing technology for encoding medical record information, decrease the memory space of cloud storage server 3, Wherein setting access level number N=3, the memory space of cloud storage server 3 relatively reduces 4%.
Embodiment 3
See Fig. 1, Fig. 2, the security system that the case information for medical treatment of the present embodiment accesses, move including medical user Dynamic terminal 1, access customer mobile terminal 2, cloud storage server 3, information encrypting module 4, information deciphering module 5:
(1) cloud storage server 3, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal 1, registers and arranges encryption policy, services from described cloud storage for medical user Device 3 stores the medical case information of encryption, checks deciphering or the medical case information of encryption;
(3) access customer mobile terminal 2, be used for checking whether access user meets described encryption policy, meet, allow Information deciphering module 5 reads the medical case information of the encryption of storage in deciphering cloud storage server 3, checks for accessing user.
(4) information encrypting module 4, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module 5, for providing medical treatment sick for medical user mobile terminal 1 and access customer mobile terminal 2 Example information decryption services.
Wherein, the security system that the described case information for medical treatment accesses also includes data retrieval module, described data Retrieval module is used for setting up metadata for the medical case information after each encryption of cloud storage server 3, and to described unit number According to being encrypted, in order to log in user's information by the metadata retrieval desired data after encryption of cloud storage server 3.
Wherein, described medical treatment case information includes patient health data, patient registration's information;Described medical user moves end End 1 includes doctor's mobile terminal and patient's mobile terminal.
Wherein, described to medical treatment case information carry out pretreatment, including: according to system predefined access structure tree wound Build multiple user property collection, by code division multiplexing encoded medical case information, according to described access structure tree by the doctor after coding Treating case information and be divided into N number of access level, the span of N is [3,6].
Wherein, described information encrypting module 4 includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is for using by medical user mobile terminal 1 pretreated medical treatment case information m The symmetric key K chosenmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal 1 to described symmetry Key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents all access strategy trees The set of all leaf nodes;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server 3 is each User organizes attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple adding Ciphertext C "m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to three re-encryptions close Literary composition C "mA message header Hdr:
In formula, kgsRepresent and share session key.
Wherein, described information deciphering module 5 includes:
1) user organizes attribute key deciphering submodule, sick for the medical treatment after accessing customer mobile terminal 2 access encryption During example information, user is organized attribute key to be decrypted, the medical treatment after being returned corresponding to encryption by cloud storage server 3 during deciphering Triple encrypted cipher text of case information and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user, and to organize attribute close Key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
The present embodiment does not use simple public key encryp, but is encapsulated key, it is to avoid key quilt Steal the harm caused, it is possible to prevent the leakage of medical record information, effectively protect the medical record of medical user mobile terminal 1 The safety of information, has stronger usability and practicality;Fine-granularity access control can be realized, effectively alleviate system encryption, solution Close computing cost;According to access structure tree, the medical record information after coding is divided into different access levels, improves visit Ask the efficiency of control, utilize code division multiplexing technology for encoding medical record information, decrease the memory space of cloud storage server 3, Wherein setting access level number N=4, the memory space of cloud storage server 3 relatively reduces 3.2%.
Embodiment 4
See Fig. 1, Fig. 2, the security system that the case information for medical treatment of the present embodiment accesses, move including medical user Dynamic terminal 1, access customer mobile terminal 2, cloud storage server 3, information encrypting module 4, information deciphering module 5:
(1) cloud storage server 3, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal 1, registers and arranges encryption policy, services from described cloud storage for medical user Device 3 stores the medical case information of encryption, checks deciphering or the medical case information of encryption;
(3) access customer mobile terminal 2, be used for checking whether access user meets described encryption policy, meet, allow Information deciphering module 5 reads the medical case information of the encryption of storage in deciphering cloud storage server 3, checks for accessing user.
(4) information encrypting module 4, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module 5, for providing medical treatment sick for medical user mobile terminal 1 and access customer mobile terminal 2 Example information decryption services.
Wherein, the security system that the described case information for medical treatment accesses also includes data retrieval module, described data Retrieval module is used for setting up metadata for the medical case information after each encryption of cloud storage server 3, and to described unit number According to being encrypted, in order to log in user's information by the metadata retrieval desired data after encryption of cloud storage server 3.
Wherein, described medical treatment case information includes patient health data, patient registration's information;Described medical user moves end End 1 includes doctor's mobile terminal and patient's mobile terminal.
Wherein, described to medical treatment case information carry out pretreatment, including: according to system predefined access structure tree wound Build multiple user property collection, by code division multiplexing encoded medical case information, according to described access structure tree by the doctor after coding Treating case information and be divided into N number of access level, the span of N is [3,6].
Wherein, described information encrypting module 4 includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is for using by medical user mobile terminal 1 pretreated medical treatment case information m The symmetric key K chosenmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal 1 to described symmetry Key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents all access strategy trees The set of all leaf nodes;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server 3 is each User organizes attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple adding Ciphertext C "m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to three re-encryptions close Literary composition C "mA message header Hdr:
In formula, kgsRepresent and share session key.
Wherein, described information deciphering module 5 includes:
1) user organizes attribute key deciphering submodule, sick for the medical treatment after accessing customer mobile terminal 2 access encryption During example information, user is organized attribute key to be decrypted, the medical treatment after being returned corresponding to encryption by cloud storage server 3 during deciphering Triple encrypted cipher text of case information and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user, and to organize attribute close Key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
The present embodiment does not use simple public key encryp, but is encapsulated key, it is to avoid key quilt Steal the harm caused, it is possible to prevent the leakage of medical record information, effectively protect the medical record of medical user mobile terminal 1 The safety of information, has stronger usability and practicality;Fine-granularity access control can be realized, effectively alleviate system encryption, solution Close computing cost;According to access structure tree, the medical record information after coding is divided into different access levels, improves visit Ask the efficiency of control, utilize code division multiplexing technology for encoding medical record information, decrease the memory space of cloud storage server 3, Wherein setting access level number N=5, the memory space of cloud storage server 3 relatively reduces 4%.
Embodiment 5
See Fig. 1, Fig. 2, the security system that the case information for medical treatment of the present embodiment accesses, move including medical user Dynamic terminal 1, access customer mobile terminal 2, cloud storage server 3, information encrypting module 4, information deciphering module 5:
(1) cloud storage server 3, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal 1, registers and arranges encryption policy, services from described cloud storage for medical user Device 3 stores the medical case information of encryption, checks deciphering or the medical case information of encryption;
(3) access customer mobile terminal 2, be used for checking whether access user meets described encryption policy, meet, allow Information deciphering module 5 reads the medical case information of the encryption of storage in deciphering cloud storage server 3, checks for accessing user.
(4) information encrypting module 4, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module 5, for providing medical treatment sick for medical user mobile terminal 1 and access customer mobile terminal 2 Example information decryption services.
Wherein, the security system that the described case information for medical treatment accesses also includes data retrieval module, described data Retrieval module is used for setting up metadata for the medical case information after each encryption of cloud storage server 3, and to described unit number According to being encrypted, in order to log in user's information by the metadata retrieval desired data after encryption of cloud storage server 3.
Wherein, described medical treatment case information includes patient health data, patient registration's information;Described medical user moves end End 1 includes doctor's mobile terminal and patient's mobile terminal.
Wherein, described to medical treatment case information carry out pretreatment, including: according to system predefined access structure tree wound Build multiple user property collection, by code division multiplexing encoded medical case information, according to described access structure tree by the doctor after coding Treating case information and be divided into N number of access level, the span of N is [3,6].
Wherein, described information encrypting module 4 includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is for using by medical user mobile terminal 1 pretreated medical treatment case information m The symmetric key K chosenmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal 1 to described symmetry Key KmIt is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd q=px(0), X represents all access strategy trees The set of all leaf nodes;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server 3 is each User organizes attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple adding Ciphertext C "m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to three re-encryptions close Literary composition C "mA message header Hdr:
In formula, kgsRepresent and share session key.
Wherein, described information deciphering module 5 includes:
1) user organizes attribute key deciphering submodule, sick for the medical treatment after accessing customer mobile terminal 2 access encryption During example information, user is organized attribute key to be decrypted, the medical treatment after being returned corresponding to encryption by cloud storage server 3 during deciphering Triple encrypted cipher text of case information and the message header of correspondence thereof, utilize and share session key kgsDeciphering obtains user, and to organize attribute close Key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
The present embodiment does not use simple public key encryp, but is encapsulated key, it is to avoid key quilt Steal the harm caused, it is possible to prevent the leakage of medical record information, effectively protect the medical record of medical user mobile terminal 1 The safety of information, has stronger usability and practicality;Fine-granularity access control can be realized, effectively alleviate system encryption, solution Close computing cost;According to access structure tree, the medical record information after coding is divided into different access levels, improves visit Ask the efficiency of control, utilize code division multiplexing technology for encoding medical record information, decrease the memory space of cloud storage server 3, Wherein setting access level number N=6, the memory space of cloud storage server 3 relatively reduces 2.4%.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention Matter and scope.

Claims (7)

1. for medical treatment case information access security system, including medical user mobile terminal, access customer mobile terminal, Cloud storage server, information encrypting module, information deciphering module:
(1) cloud storage server, for providing storage and the management service of medical treatment case information;
(2) medical user mobile terminal, registers for medical user and arranges encryption policy, deposits from described cloud storage server Store up the medical case information of encryption, check deciphering or the medical case information of encryption;
(3) access customer mobile terminal, be used for checking whether access user meets described encryption policy, meet then permission information solution Close module reads the medical case information of the encryption of storage in deciphering cloud storage server, checks for accessing user.
(4) information encrypting module, for carrying out pretreatment and encryption to medical treatment case information;
(5) information deciphering module, for providing medical treatment case information for medical user mobile terminal and access customer mobile terminal Decryption services.
The security system that case information for medical treatment the most according to claim 1 accesses, it is characterised in that also include number According to retrieval module, described data retrieval module is for setting up unit for the medical case information after each encryption of cloud storage server Data, and described metadata is encrypted, in order to the user logging in cloud storage server is examined by the metadata after encryption The information of rope desired data.
The security system that case information for medical treatment the most according to claim 1 accesses, it is characterised in that described medical treatment Case information includes patient health data, patient registration's information;Described medical user mobile terminal include doctor's mobile terminal and Patient's mobile terminal.
The security system that case information for medical treatment the most according to claim 3 accesses, it is characterised in that described to doctor Treat case information and carry out pretreatment, including: create multiple user property collection according to system predefined access structure tree, pass through Code division multiplexing encoded medical case information, is divided into N number of access according to described access structure tree by the medical case information after coding Rank, the span of N is [3,6].
The security system that case information for medical treatment the most according to claim 4 accesses, it is characterised in that described information Encrypting module includes:
1) three re-encryption submodule, including the plain text encryption unit being sequentially connected with, secret key encryption unit and re-encryption unit;
Described plain text encryption unit is chosen by medical user mobile terminal for using pretreated medical treatment case information m Symmetric key KmIt is encrypted, obtains ciphertext Cm:
Described secret key encryption unit is for using the access strategy tree defined by medical user mobile terminal to described symmetric key Km It is encrypted, obtains key ciphertext Cm′:
Wherein, T represents described access strategy tree, arbitrarily chooses q ∈ ZpAnd %=px(0), X represents the institute of all access strategy trees There is the set of leaf node;It it is a self-defining open mapping function;
Described key ciphertext is encrypted by described re-encryption unit, and during encryption, described cloud storage server is each user's group Attribute GiRandomly choose a user and organize attribute keyAttribute G is organized for each useriSet up triple encrypted cipher text C″m, and utilize and share session key and encrypt user and organize attribute keyAnd then obtain corresponding to triple encrypted cipher text C "m's One message header Hdr:
In formula, kgsRepresent and share session key.
The security system that case information for medical treatment the most according to claim 5 accesses, it is characterised in that described shared Session key uses public encryption system and key agreement protocol to generate, particularly as follows: described cloud storage server is by medical user The identity of mobile terminal is sent to information encrypting module, and information encrypting module sends a first PKI card to cloud storage server Book, cloud storage server and then generate a session key for medical user mobile terminal, and by self secret keys and openly After key encryption, it is sent in the lump together with the second public key certificate corresponding with secret keys and the first public key certificate corresponding with open key Medical user mobile terminal, described secret keys and open key utilize the open parameter of system to generate.
The security system that case information for medical treatment the most according to claim 6 accesses, it is characterised in that described information Deciphering module includes:
1) user organizes attribute key deciphering submodule, for accessing the medical case information after customer mobile terminal accesses encryption Time user organized attribute key be decrypted, the medical case information after being returned corresponding to encryption by cloud storage server during deciphering Triple encrypted cipher text and the message header of correspondence, utilize share session key kgsDeciphering obtains user and organizes attribute key
2) triple encrypted cipher text deciphering submodule, for triple encrypted cipher text C "mIt is decrypted;
3) key ciphertext deciphering submodule, for key ciphertext Cm' it is decrypted:
4) ciphertext deciphering submodule, for ciphertext CmIt is decrypted;
5) decoding sub-module, for using code division multiplexing to be decoded the medical record information after deciphering.
CN201610544172.4A 2016-07-06 2016-07-06 The security system accessed for the case information of medical treatment Pending CN106131014A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610544172.4A CN106131014A (en) 2016-07-06 2016-07-06 The security system accessed for the case information of medical treatment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610544172.4A CN106131014A (en) 2016-07-06 2016-07-06 The security system accessed for the case information of medical treatment

Publications (1)

Publication Number Publication Date
CN106131014A true CN106131014A (en) 2016-11-16

Family

ID=57284175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610544172.4A Pending CN106131014A (en) 2016-07-06 2016-07-06 The security system accessed for the case information of medical treatment

Country Status (1)

Country Link
CN (1) CN106131014A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682353A (en) * 2017-10-25 2018-02-09 西安邮电大学 A kind of health account access control system and method in electron medical treatment cloud
CN108597562A (en) * 2018-04-16 2018-09-28 刘民堂 A kind of hospital clinical system based on Internet of Things
CN109413643A (en) * 2018-10-10 2019-03-01 湖北三好电子有限公司 Wireless medical gateway apparatus and system
CN114465828A (en) * 2022-04-12 2022-05-10 星辰启联(南京)数字技术有限责任公司 Case data processing method for medical system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130091357A1 (en) * 2011-10-10 2013-04-11 Altibase Corp. Database management system and encryption method performed in database
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103731475A (en) * 2013-12-06 2014-04-16 中国科学院深圳先进技术研究院 Data protection system
CN105450650A (en) * 2015-12-03 2016-03-30 中国人民大学 Safety mobile electronic health record access control system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130091357A1 (en) * 2011-10-10 2013-04-11 Altibase Corp. Database management system and encryption method performed in database
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103731475A (en) * 2013-12-06 2014-04-16 中国科学院深圳先进技术研究院 Data protection system
CN105450650A (en) * 2015-12-03 2016-03-30 中国人民大学 Safety mobile electronic health record access control system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
熊安萍: "云存储环境下基于属性的密文策略访问控制机制研究", 《中国博士学位论文全文数据库信息科技辑(月刊 )2016 年 第 03 期》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682353A (en) * 2017-10-25 2018-02-09 西安邮电大学 A kind of health account access control system and method in electron medical treatment cloud
CN107682353B (en) * 2017-10-25 2018-09-04 西安邮电大学 A kind of health account access control method in electron medical treatment cloud
WO2019080281A1 (en) * 2017-10-25 2019-05-02 西安邮电大学 Health record access control system and method in electronic medical cloud
CN108597562A (en) * 2018-04-16 2018-09-28 刘民堂 A kind of hospital clinical system based on Internet of Things
CN109413643A (en) * 2018-10-10 2019-03-01 湖北三好电子有限公司 Wireless medical gateway apparatus and system
CN114465828A (en) * 2022-04-12 2022-05-10 星辰启联(南京)数字技术有限责任公司 Case data processing method for medical system

Similar Documents

Publication Publication Date Title
Luo et al. Privacyprotector: Privacy-protected patient data collection in IoT-based healthcare systems
Pussewalage et al. Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions
Li et al. Data security and privacy in wireless body area networks
Li et al. A secure electronic medical record sharing mechanism in the cloud computing platform
KR20200006375A (en) Medical data service method and system based on block chain technology
CN106850656B (en) Multi-user's file-sharing control method under a kind of cloud environment
CN106203168B (en) Database security accesses system
CN106131014A (en) The security system accessed for the case information of medical treatment
CN106209357A (en) A kind of ciphertext based on cloud computing platform accesses control system
CN107846397A (en) A kind of cloud storage access control method based on the encryption of attribute base
KR20170142872A (en) Computer-implemented system and method for protecting sensitive data via data re-encryption
CN113645195B (en) Cloud medical record ciphertext access control system and method based on CP-ABE and SM4
CN106203137B (en) A kind of classified papers access safety system
CN106572076A (en) Web service access method, client side and server side
CN106131225A (en) The security system accessed for medical treatment case information
CN106101131A (en) A kind of encryption system realizing supporting fine-granularity access control
WO2012161417A1 (en) Method and device for managing the distribution of access rights in a cloud computing environment
John et al. Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation
Saha et al. A cloud security framework for a data centric WSN application
CN114500069A (en) Method and system for storing and sharing electronic contract
CN105915566A (en) Safety system used for real-time account access
Almuzaini et al. Key aggregation cryptosystem and double encryption method for cloud-based intelligent machine learning techniques-based health monitoring systems
Bhagyoday et al. Comprehensive study of E-Health security in cloud computing
CN106101260A (en) Smart Home security access system
CN114430321A (en) DFA self-adaptive security-based black box traceable key attribute encryption method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20161116