CN107579980A - Lightweight double call control system in medical Internet of Things - Google Patents
Lightweight double call control system in medical Internet of Things Download PDFInfo
- Publication number
- CN107579980A CN107579980A CN201710798569.0A CN201710798569A CN107579980A CN 107579980 A CN107579980 A CN 107579980A CN 201710798569 A CN201710798569 A CN 201710798569A CN 107579980 A CN107579980 A CN 107579980A
- Authority
- CN
- China
- Prior art keywords
- key
- medical
- patient
- mrow
- hip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to the lightweight double call control system in a kind of medical Internet of Things.Patient obtains medical services by the medical infrastructure provider, medical Internet of Things is responsible for collecting the physiological data of patient and medical imaging forms medical document, and specifies access strategy encryption medical document to be then sent to the cloud platform by internet by patient;Patient also generates the urgent access key based on password by key generation centre, and specifies programmed emergency to know password;User is registered by key generation centre, obtains attribute key, its basis and access strategy match condition, generates corresponding authorization key, and the authorization key has the appropriate section decrypted rights that medical document is encrypted to cloud platform;Programmed emergency is by password, and being interacted with cloud platform, medical infrastructure provider can recover promptly to access key, so as to decrypt encryption medical document.The present invention solves the problems such as urgent access can not being supported in existing scheme, storage and computing cost are big.
Description
Technical field
The present invention relates to the lightweight double call control system in a kind of medical Internet of Things.
Background technology
Data are collected and exchanged to Internet of Things (IoT) by the different physical equipment of Internet connection.Body-worn medical is set
The medical Internet of Things of intelligence sensor composition on standby and medicine equipment can remotely monitor the health condition of patient.But wear
The electricity for wearing formula or implantable sensor is extremely limited.Continually consuming patient can be made to sensor and ambulatory medical device charging
With nurse's plenty of time, Consumer's Experience is greatly reduced.In addition, during wireless medical equipment out of power, it may threaten patient's
Life.Therefore, in medical Internet of Things calculate must lightweight could reduce the consumption of electricity.
Medical Devices in medical Internet of Things can monitor the vital sign of patient, and the medical data monitored is collected
Into medical document.The storage capacity of medical Internet of Things is limited, it is necessary to which third-party platform stores the medical document of magnanimity.Cloud meter
Calculation can provide the user calculating and storage resource, support anywhere or anytime data access on demand.Cloud platform storage can be utilized
Medical document is locally stored expense and enjoys convenient data access service to save.Because medical document includes sensitive physiology
Data, it is therefore necessary to data are conducted interviews with control to prevent unauthorized persons from accessing data.
Conventional access control mechanisms are not particularly suited for emergency common in medical system.In emergency circumstances (such as
Patient's heart onste is fallen in a swoon suddenly), access rights can not be licensed to first-aid personnel after patient unconscious, this may
Delay treatment even results in death.In order to save the life of patient in time, it is necessary to which that realizes in emergency circumstances urgent connects
Enter access mechanism.
Urgent access mechanism has bypassed the access strategy of routine, obtains the power of urgent access patient medical document
Power.Because the authority of urgent insertion authority has bypassed access strategy and can access the medical data of patient, some malice easily
User is in order to break through the limitation of access strategy, it is desirable to the authority promptly accessed.Therefore, promptly access power must be controlled
System, is not abused.
2007, Ostrovsky et al. proposed the ABE schemes with non-monotonic (non-monotonic) access structure, it
It is to assume to construct based on prejudgementing character bilinear Diffie-Hellman.Itd is proposed to reduce the computing cost, Lai et al. of decryption
Cryptographic operation part is outsourced to public cloud, and proposed with the ABE schemes that can verify that outsourcing decryption.If malicious user tries
Figure sells decruption key to obtain interests, then needs the identity of Tracing traitors and deprive its decrypted rights.The artificial electricity such as Zhou
Sub- medical system proposes more mandate ABE schemes with whitepack traceability.Rouselakis et al. proposes that dynamic more and authorizes ABE
Scheme reduces systematic parameter.Medical Internet of Things in the artificial distributed environment such as Yang proposes lightweight ABE schemes.Deng etc.
People proposes the layering ABE schemes with short ciphertext.The artificial mobile social networking such as Luo proposes the classification with more authorization centers
ABE schemes.
2009, Brucker et al. proposed the urgent access Controlling model based on different emergency prioritys, and it will be tight
Anxious situation is divided into different brackets and made a distinction.Afterwards, they apply to urgent access concept in ABE, and propose urgent category
Property hierarchy.Marinovic et al. proposes entitled Rampole novel emergency access model, and it is in decision process
In need policy development person to limit time and access module.The artificial wireless senser medical network such as Maw proposes that urgent access is visited
Model is asked, its based role model and the unlawful practice of user can be detected.However, these researchs only give basic framework
But there is no concrete scheme.2016, Zhang et al. proposed a urgent access scheme based on password, and it utilizes base
In the cryptographic construction of identity, fine-granularity access control can not be carried out to shared ciphertext under nonemergency.
For urgent access in currently existing scheme, can not be supported, the problems such as storage and computing cost are big, the present invention devises
Lightweight double call control system in medical Internet of Things.
The content of the invention
It is an object of the invention to provide the lightweight double call control system in a kind of medical Internet of Things, solves existing
There is the problems such as urgent access can not being supported in scheme, storage and computing cost are big.
To achieve the above object, the technical scheme is that:A kind of lightweight double call control in medical Internet of Things
System processed, including key generation centre, cloud platform, medical infrastructure provider;
The key generation centre, it is that patient and user generate attribute key for generating main public/private keys pair;
The cloud platform, provide the user outsourcing storage and calculate service;
The medical infrastructure provider, medical Internet of Things infrastructure is provided for patient, and by medical Internet of Things base
Infrastructure forms medical Internet of Things by Internet connection;
Patient obtains medical services by the medical infrastructure provider, and medical Internet of Things is responsible for collecting the life of patient
Manage data and medical imaging forms medical document, and specify access strategy encryption medical document then to be sent out by internet by patient
Give the cloud platform;Patient also generates the urgent access key based on password by key generation centre, and specifies urgent connection
It is that people knows password;
User is registered by key generation centre, obtains attribute key, its basis and access strategy match condition, generates phase
The authorization key answered, the authorization key has the appropriate section decrypted rights that medical document is encrypted to cloud platform, so as to obtain
Obtain the medical document of appropriate section in plain text;
Programmed emergency by password, interacted with cloud platform, medical infrastructure provider can recover promptly to access it is close
Key, so as to decrypt encryption medical document.
In an embodiment of the present invention, the key generation centre is with security parameter 1κFor input, given birth to using Setup algorithms
It is specific as follows into main public/private keys pair:
Setup(1κ)→(MPK,MSK):Key generation centre selects hash function Symmetric cryptography/decipherment algorithm SEnc/SDec of safety and symmetric key spaceIn then key generation
The heart selects random numberCalculate g2=g1 β, Y=e (g1,g1)α;It is MPK=finally to obtain Your Majesty's key
(g1,g2, Y), main private key is MSK=(α, β);Wherein,WithIt is cyclic group, g1It isGeneration member.
In an embodiment of the present invention, user is as follows by attribute key SK generation authorization keys DK concrete mode:
KeyGen.Del(SK)→DK:CalculateAnd
Authorization key is DK=(dk1,{dk2,i}i∈[k],dk3,dk4)。
In an embodiment of the present invention, patient generates the side of the urgent access key based on password by key generation centre
Formula is:
Patient selects the urgent access key BK of password pw generations, while generates the auxiliary information (bk of urgent access key1,
bk2), utilize password pw, auxiliary information (bk1,bk2) can recover to obtain key BK;Patient specifies programmed emergency ECP, and will
Password pw informs ECP;It is implemented as follows,
KeyGen.BK(pw)→(BK,bk1,bk2):Calculate ζ=H1(IDPA, pw), select random numberSo that
ζ=ζ1+ζ2;Random selectionAnd make urgent access key BK=K;Wherein, IDPAThat is patient identity;
Cloud platform CP is randomly choosedCalculateAnd PCPIt is sent to patient;Medical infrastructure provider
HIP is randomly choosedCalculateAnd PHIPIt is sent to patient;Patient receives (PCP,PHIP) after, selectionCalculate:K2=K (K1)-1·(PCP,PHIP)τ,Urgent access key
Auxiliary information is bk1=(K1,Λ1) and bk2=(K2,Λ2);Patient is by auxiliary information bk1And bk2It is sent respectively to CP and HIP;
CP is responsible for storing (bk1,PCP,θ1), HIP is responsible for storing (bk2,PHIP,θ2)。
In an embodiment of the present invention, by password, the mode for generating urgent access key is programmed emergency:ECP with
Passwords of the password pw as input generation encapsulation, and it is sent respectively to CP and HIP;The auxiliary letter of the urgent access key of input
Cease bk1/bk2With the password of encapsulation, CP/HIP is calculated and auxiliary is recovered into information ψ1/ψ2It is sent to ECP;ECP respectively from CP and
ψ is received at HIP1And ψ2Recover to obtain promptly accessing key BK afterwards;It is implemented as follows,
Extract.BK(pw,bk1,bk2)→BK:After CP and HIP receives urgent access cipher key-extraction request, respectively will
PCPAnd PHIPIt is sent to ECP;ECP choosesCalculate ζ=H1(IDPA, pw),And point
Other handle (Γ1,Γ2) it is sent to CP and HIP;CP is calculatedAnd send it to ECP;HIP is calculatedAnd send it to ECP;ECP is by calculating BK=(ψ1·ψ2)·(PCP·PHIP)-sPromptly accessed
Key BK.
In an embodiment of the present invention, the mode of the specified access strategy encryption medical document of patient is:Patient utilizes access
StrategyMedical document M is encrypted with urgent access key BK, wherein,ρ is by matrixRow vector be mapped to category
Property;It is implemented as follows,
Patient choosesMake v=(z, λ2,...λn)Τ;For i ∈
[l], calculateCalculate ciphertext CT:Υ=H2(BK,IDPA, FID), C0=Υ Yz,C2,i=ρ (i) zi/r1,
C3,i=zi/r2,WhereinHave after representing MIndividual 0;The ciphertext of generation is CT=(CM,C0,
C1,{C2,i,C3,i}i∈[l]);Patient willCloud platform CP is sent to be stored.
In an embodiment of the present invention, user is decrypted by authorization key to the part for encrypting medical document, is obtained corresponding
The mode of partial medical document plaintext is:After cloud platform CP receives the data access request that user sends, the category of user is verified
Property set whether meet encrypt medical document access strategy, if satisfied, then CP using user authorization key DK to encryption cure
Treat document and carry out part decryption, then user passes through attribute key and decipherment algorithm Dec1Recover in plain text and verify its correctness,
It is implemented as follows,
CP carries out part decrypting process using the authorization key DK of user to encryption medical document:
PDec(CT,DK)→CT':CP is calculated using linear cipher secret sharing LSSSSo thatCP is calculated:
And by CT'=(CM,C0, Ω) and it is sent to user;
User passes through attribute key and decipherment algorithm Dec1Recover in plain text and verify its correctness process:
Dec1(CT',SK)→M/⊥:User calculatesM'=SDec (H3(Υ),CM);If
Represent that the ciphertext CT' of CP parts decryption is correct, and the medical document recovered is correct M;Otherwise ⊥ is exported.
In an embodiment of the present invention, ECP is by promptly accessing key BK and decipherment algorithm Dec2Decryption encryption medical treatment text
Shelves, concrete mode is as follows,
Dec2(CT,BK)→M/⊥:ECP calculates Υ=H2(BK,IDPA, FID) and M'=SDec (H3(Υ),CM);IfRepresent that programmed emergency correctly extracts BK, and the medical document recovered is correct M;Otherwise ⊥ is exported.
Compared to prior art, the invention has the advantages that:
(1) Patients' rights encryption mechanism:In the present invention, patient is responsible for encrypting its medical data;In order in medical worker, friend
Safely shared data between friend and household, access strategy is formulated by patient;
(2) access based on attribute:The present invention carries out the particulate in medical Internet of Things using the encryption method based on attribute
Spend access control;System is distinguished according to the attribute set of user (such as kinsfolk, clinician, researcher and insurance personnel)
Key is distributed for it, therefore they have different data access authorities;
(3) urgent access:The present invention realizes the urgent access based on password.Patient presets a mouth
Make and be shared with programmed emergency;In emergency circumstances, programmed emergency using the urgent access key of password extraction and solves
Close medical document;Urgent access key could be extracted by only knowing the programmed emergency of password, and this method effectively prevent tightly
The abuse of anxious insertion authority;
(4) lightweight:Encryption in the present invention, decryption are urgent to access key generation and extract all using lightweight
Algorithm;In the access mechanism based on attribute, cloud platform carries out part decryption using authorization key to ciphertext so that user only needs
Carry out the decryption burden that single index computing in plain text, greatly reduces user with regard to that can recover.
Brief description of the drawings
Fig. 1 is present system framework.
Fig. 2 is the urgent access key generation process of the present invention.
Fig. 3 is the urgent access cipher key-extraction process of the present invention.
Fig. 4 is the two kinds of access control mechanisms used in the present invention.
Embodiment
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
Lightweight double call control system in a kind of medical Internet of Things of the present invention, including key generation centre, cloud
Platform, medical infrastructure provider;
The key generation centre, it is that patient and user generate attribute key for generating main public/private keys pair;
The cloud platform, provide the user outsourcing storage and calculate service;
The medical infrastructure provider, medical Internet of Things infrastructure is provided for patient, and by medical Internet of Things base
Infrastructure forms medical Internet of Things by Internet connection;
Patient obtains medical services by the medical infrastructure provider, and medical Internet of Things is responsible for collecting the life of patient
Manage data and medical imaging forms medical document, and specify access strategy encryption medical document then to be sent out by internet by patient
Give the cloud platform;Patient also generates the urgent access key based on password by key generation centre, and specifies urgent connection
It is that people knows password;
User is registered by key generation centre, obtains attribute key, its basis and access strategy match condition, generates phase
The authorization key answered, the authorization key has the appropriate section decrypted rights that medical document is encrypted to cloud platform, so as to obtain
Obtain the medical document of appropriate section in plain text;
Programmed emergency by password, interacted with cloud platform, medical infrastructure provider can recover promptly to access it is close
Key, so as to decrypt encryption medical document.
In the present invention, the key generation centre is with security parameter 1κFor input, Your Majesty is generated using Setup algorithms
Key/private key pair, it is specific as follows:
Setup(1κ)→(MPK,MSK):Key generation centre selects hash function Symmetric cryptography/decipherment algorithm SEnc/SDec of safety and symmetric key spaceIn then key generation
The heart selects random numberCalculate g2=g1β, Y=e (g1,g1)α;It is MPK=finally to obtain Your Majesty's key
(g1,g2, Y), main private key is MSK=(α, β);Wherein,WithIt is cyclic group, g1It isGeneration member.
In the present invention, user is as follows by attribute key SK generation authorization keys DK concrete mode:
KeyGen.Del(SK)→DK:CalculateAnd
Authorization key is DK=(dk1,{dk2,i}i∈[k],dk3,dk4)。
In the present invention, patient is by way of key generation centre generates the urgent access key based on password:
Patient selects the urgent access key BK of password pw generations, while generates the auxiliary information (bk of urgent access key1,
bk2), utilize password pw, auxiliary information (bk1,bk2) can recover to obtain key BK;Patient specifies programmed emergency ECP, and will
Password pw informs ECP;It is implemented as follows,
KeyGen.BK(pw)→(BK,bk1,bk2):Calculate ζ=H1(IDPA, pw), select random numberSo that
ζ=ζ1+ζ2;Random selectionAnd make urgent access key BK=K;Wherein, IDPAThat is patient identity;
Cloud platform CP is randomly choosedCalculateAnd PCPIt is sent to patient;Medical infrastructure provider
HIP is randomly choosedCalculateAnd PHIPIt is sent to patient;Patient receives (PCP,PHIP) after, selectionCalculate:K2=K (K1)-1·(PCP,PHIP)τ,Urgent access key
Auxiliary information is bk1=(K1,Λ1) and bk2=(K2,Λ2);Patient is by auxiliary information bk1And bk2It is sent respectively to CP and HIP;
CP is responsible for storing (bk1,PCP,θ1), HIP is responsible for storing (bk2,PHIP,θ2)。
In the present invention, by password, the mode for generating urgent access key is programmed emergency:ECP is made with password pw
The password encapsulated for input generation, and it is sent respectively to CP and HIP;The auxiliary information bk of the urgent access key of input1/bk2
With the password of encapsulation, CP/HIP is calculated and auxiliary is recovered into information ψ1/ψ2It is sent to ECP;ECP is received at CP and HIP respectively
ψ1And ψ2Recover to obtain promptly accessing key BK afterwards;It is implemented as follows,
Extract.BK(pw,bk1,bk2)→BK:After CP and HIP receives urgent access cipher key-extraction request, respectively will
PCPAnd PHIPIt is sent to ECP;ECP choosesCalculate ζ=H1(IDPA, pw),And point
Other handle (Γ1,Γ2) it is sent to CP and HIP;CP is calculatedAnd send it to ECP;HIP is calculatedAnd send it to ECP;ECP is by calculating BK=(ψ1·ψ2)·(PCP·PHIP)-sPromptly accessed
Key BK.
In the present invention, the mode of the specified access strategy encryption medical document of patient is:Patient utilizes access strategy
Medical document M is encrypted with urgent access key BK, wherein,ρ is by matrixRow vector be mapped to attribute;Specific implementation
It is as follows,
Patient choosesMake v=(z, λ2,...λn)Τ;For i ∈
[l], calculateCalculate ciphertext CT:Υ=H2(BK,IDPA, FID), C0=Υ Yz,C2,i=ρ (i) zi/r1,
C3,i=zi/r2,WhereinHave after representing MIndividual 0;The ciphertext of generation is CT=(CM,C0,
C1,{C2,i,C3,i}i∈[l]);Patient willCloud platform CP is sent to be stored.
In the present invention, user is decrypted by authorization key to the part for encrypting medical document, obtains the doctor of appropriate section
Treat document plaintext mode be:After cloud platform CP receives the data access request that user sends, verifying the attribute set of user is
The no access strategy for meeting encryption medical document, if satisfied, then CP is entered using the authorization key DK of user to encryption medical document
Row part is decrypted, and then user passes through attribute key and decipherment algorithm Dec1Recover in plain text and verify its correctness, implement
It is as follows,
CP carries out part decrypting process using the authorization key DK of user to encryption medical document:
PDec(CT,DK)→CT':CP is calculated using linear cipher secret sharing LSSSSo thatCP is calculated:
And by CT'=(CM,C0, Ω) and it is sent to user;
User passes through attribute key and decipherment algorithm Dec1Recover in plain text and verify its correctness process:
Dec1(CT',SK)→M/⊥:User calculatesM'=SDec (H3(Υ),CM);If
Represent that the ciphertext CT' of CP parts decryption is correct, and the medical document recovered is correct M;Otherwise ⊥ is exported.
In the present invention, ECP is by promptly accessing key BK and decipherment algorithm Dec2Decryption encryption medical document, specific side
Formula is as follows,
Dec2(CT,BK)→M/⊥:ECP calculates Υ=H2(BK,IDPA, FID) and M'=SDec (H3(Υ),CM);IfRepresent that programmed emergency correctly extracts BK, and the medical document recovered is correct M;Otherwise ⊥ is exported.
It is below the specific implementation process of the present invention.
Fig. 1 is the system framework of the present invention.System includes following various types of entities.The characteristics of each entity and function
It is described below:
Key generation centre (KGC):KGC is that system generates main public/private keys pair, is that patient and user's generation attribute are close
Key.
Cloud platform (CP):CP has powerful storage and computing capability, provides the user outsourcing storage and calculates service.
Medical infrastructure provider (HIP):HIP be for patient provide medical Internet of Things infrastructure hospital or its
His medical institutions.Medical Devices (such as electrocardiograph, B ultrasound instrument, electronic sphygmomanometer, CT scanner) in HIP are special by English
Net connection, forms medical Internet of Things (IOT).
Patient (PA):PA obtains medical services from HIP.Medical Internet of Things is responsible for collecting the physiological data of patient and medical shadow
Picture.In order to protect the medical data of sensitivity and realize fine-granularity access control, patient can specify access strategy to encrypt medical treatment
Document simultaneously sends it to CP by internet.In view of emergency, patient generates the urgent access key based on password, should
Key can recovers all encrypted documents of patient.Patient specifies emergency contact list, and password secret is informed promptly
Contact person.
User:User can be other medical workers of doctor, nurse and HIP, or the friend and relative of patient.
User needs to register to KGC, and obtains attribute key.If the attribute of user meets access strategy, it becomes possible to accesses patient's
Data.After user receives the encryption medical document that CP is sent, it is decrypted using attribute key so as to obtain medical document
Plaintext.
Programmed emergency (ECPs):ECPs is specified by patient, and knows the password of patient.In emergency circumstances, Ta Menyu
CP, HIP are interacted so as to recover promptly to access key.ECPs inquires about the encrypted document of patient in CP, uses urgent access key
Recover the medical records of patient.
1st, system is established
With security parameter 1κFor input, main public/private keys pair are generated using Setup algorithms, it is specific as follows:
Setup(1κ)→(MPK,MSK):Key generation centre selects hash function Symmetric cryptography/decipherment algorithm SEnc/SDec of safety and symmetric key spaceIn then key generation
The heart selects random numberCalculate g2=g1 β, Y=e (g1,g1)α;It is MPK=finally to obtain Your Majesty's key
(g1,g2, Y), main private key is MSK=(α, β);MPK is acquiescence input in following algorithm.
2nd, user key generates
User sends it to CP using attribute key SK generation authorization key DK.
KeyGen.Del(SK)→DK:CalculateAndAuthorization key is DK=(dk1,{dk2,i}i∈[k],dk3,dk4)。
3rd, the urgent access key generation based on password
Fig. 2 is urgent access key generation process.Patient (identity IDPA) the urgent access key BK of selection password pw generations,
Auxiliary information (the bk of urgent access key is generated simultaneously1,bk2), utilize password pw, auxiliary information (bk1,bk2) can recover
To key BK.Auxiliary information (bk1,bk2) it is respectively stored in CP and HIP.Patient specifies ECPs lists, and password pw secrets are accused
Know ECPs.HIP is responsible for storing ECPs lists.
KeyGen.BK(pw)→(BK,bk1,bk2):Calculate ζ=H1(IDPA, pw), select random numberSo that
ζ=ζ1+ζ2;Random selectionAnd make urgent access key BK=K;
CP is randomly choosedCalculateAnd PCPIt is sent to patient;Medical infrastructure provider HIP is random
SelectionCalculateAnd PHIPIt is sent to patient;Patient receives (PCP,PHIP) after, selectionCalculate:
K2=K (K1)-1·(PCP,PHIP)τ,The auxiliary information of urgent access key is bk1
=(K1,Λ1) and bk2=(K2,Λ2);Patient is by auxiliary information bk1And bk2It is sent respectively to CP and HIP;CP is responsible for storage
(bk1,PCP,θ1), HIP is responsible for storing (bk2,PHIP,θ2)。
4th, the urgent access cipher key-extraction based on password
Fig. 3 is urgent access cipher key-extraction process.In order to protect password pw, ECP to be used as input generation encapsulation using password pw
Password, and be sent respectively to CP and HIP.CP and HIP can not be inferred to password pw from the password of encapsulation.Input is urgent
Access the auxiliary information bk of key1/bk2With the password of encapsulation, CP/HIP is calculated and auxiliary is recovered into information ψ1/ψ2It is sent to
ECP;ECP receives ψ at CP and HIP respectively1And ψ2Recover to obtain promptly accessing key BK afterwards, own using BK decryption patients
Encryption medical document.
Extract.BK(pw,bk1,bk2)→BK:After CP and HIP receives urgent access cipher key-extraction request, respectively by PCP
And PHIPIt is sent to ECP;ECP choosesCalculate ζ=H1(IDPA, pw),And respectively
(Γ1,Γ2) it is sent to CP and HIP;CP is calculatedAnd send it to ECP;HIP is calculated
And send it to ECP;ECP is by calculating BK=(ψ1·ψ2)·(PCP·PHIP)-sObtain promptly accessing key BK.
5th, encrypt
Patient utilizes access strategyMedical document M (document code FID) is encrypted with urgent access key BK, its
In,ρ is by matrixRow vector be mapped to attribute
Patient choosesMake v=(z, λ2,...λn)Τ;For i ∈
[l], calculateCalculate ciphertext CT:Υ=H2(BK,IDPA, FID), C0=Υ Yz,C2,i=ρ (i) zi/r1,
C3,i=zi/r2,WhereinHave after representing MIndividual 0;The ciphertext of generation is CT=(CM,C0,
C1,{C2,i,C3,i}i∈[l]);Patient willCloud platform CP is sent to be stored.
6th, part is decrypted
After CP receives the data access request that user sends, verify whether the attribute set of user meets the access of ciphertext
Strategy.If be unsatisfactory for, CP can refuse the request.Otherwise CP carries out part decryption using the authorization key DK of user to ciphertext,
So as to reduce the operand of user's decryption.
PDec(CT,DK)→CT':CP is calculated using linear cipher secret sharing LSSSSo thatCP is calculated:
And by CT'=(CM,C0, Ω) and it is sent to user;
7th, it is decrypted and is verified with attribute key
Under normal circumstances, user utilizes its attribute key SK and decipherment algorithm Dec1Recover in plain text and verify its correctness.
Dec1(CT',SK)→M/⊥:User calculatesM'=SDec (H3(Υ),CM);If
Represent that the ciphertext CT' of CP parts decryption is correct, and the medical document recovered is correct M;Otherwise ⊥ is exported.
8th, it is decrypted and is verified with urgent access key
In emergency circumstances, ECP is by promptly accessing key BK and decipherment algorithm Dec2Decrypt ciphertext.
Dec2(CT,BK)→M/⊥:ECP calculates Υ=H2(BK,IDPA, FID) and M'=SDec (H3(Υ),CM);IfRepresent that programmed emergency correctly extracts BK, and the medical document recovered is correct M;Otherwise ⊥ is exported.
9th, Bilinear map
WithIt is cyclic group, g1It isGeneration member.Bilinear mapThere are following characteristics:
(1) bilinearity:AndHave
(2) non-degeneracy:e(g1,g1)≠1。
(3) computability:By effectively can be calculated e (h1,h2)。
10th, difficulty is assumed
Prejudgementing character bilinear Diffie-Hellman is assumed.OrderT is random numberg1It is groupLife
Cheng Yuan.Given tupleIn the absence of probabilistic polynomial time algorithmE (g can be distinguished1,g1)abcAnd T.'s
Advantage ε is defined as:
11st, linear secret sharing scheme
Define 1:(linear secret sharing scheme (LSSS)).SetOn secret sharing scheme Π be referred to as it is linear (
On) and if only if:1. share (share) formation of each sideOn vector.2. l × n matrix be presentIt is referred to as Π
Share (share) generator matrix.For all i=1 ..., l, M the i-th row by ρ (i) marks (ρ be { 1 ..., l } toA function).Make vector v=(z, λ2,...λn), wherein z is the secret to be sharedRandomly selectAccording to Π,Be secret z share vector (Belong to ρ (i)).
According to definition, each LSSS has linear reconstruction property.Assuming that Π is access structure Φ LSSS, S ∈ are made
Φ is any sets of authorizations, defines I={ i:ρ (i) ∈ S }, whereinAccording to Π, if there is constant
So that { zi}i∈IIt is any secret z effective share (validshare), then have ∑i∈Iωizi=z andFor unauthorized set, in the absence of such constant.
12nd, two kinds of access control mechanisms
Fig. 4 show two kinds of access control mechanisms:Access mechanism and urgent access mechanism based on attribute, including with
Lower algorithm:Authorization key generating algorithm KeyGen.Del, part decipherment algorithm PDec, promptly accesses key-extraction algorithm
Extract.BK, the decipherment algorithm of type -1 Dec1, the decipherment algorithm of type -2 Dec2。
For the access based on attribute, ECP utilizes attribute key SK decryption ciphertexts.The present invention using outsourcing decryption technology come
Mitigate the decryption burden of user.User performs authorization key generating algorithm KeyGen.Del, is generated by input of attribute key SK
Authorization key DK, and send it to CP.During data access, CP carries out part decryption to encryption medical document.CP is performed
Part decipherment algorithm PDec, ciphertext CT is changed into CT' using authorization key DK.User performs the decipherment algorithm of type -1 Dec1,
Recover the plaintext of medical document using attribute key SK.In the decipherment algorithm of type -1 Dec1In, user only needs once to be referred to
Number calculates can just recover in plain text from CT'.
For urgent access, ECP utilizes password pw, performs urgent access key-extraction algorithm Extract.BK and recovers
Go out urgent access key BK.ECP performs the decipherment algorithm of type -2 Dec2Obtain the plaintext of medical document.
After performing decipherment algorithm, the invention provides verification algorithm to verify whether the medical document of recovery is correct, so as to
Detect that the part decryption ciphertext CT' of mistake is sent to user, or CP (or HIP) by CP or HIP malicious act, such as CP
The auxiliary of mistake is recovered information and is sent to ECP.
Advantages of the present invention:
(1) Patients' rights encryption mechanism:In the present invention, patient is responsible for encrypting its medical data.In order in medical worker, friend
Safely shared data between friend and household, access strategy is formulated by patient.
(2) access based on attribute:The present invention carries out the particulate in medical Internet of Things using the encryption method based on attribute
Spend access control.System is distinguished according to the attribute set of user (such as kinsfolk, clinician, researcher and insurance personnel)
Key is distributed for it, therefore they have different data access authorities.
(3) urgent access:The present invention realizes the urgent access based on password.Patient presets a mouth
Make and be shared with programmed emergency.In emergency circumstances, programmed emergency using the urgent access key of password extraction and solves
Close medical document.Urgent access key could be extracted by only knowing the programmed emergency of password, and this method effectively prevent tightly
The abuse of anxious insertion authority.
(4) lightweight:Encryption in the present invention, decryption are urgent to access key generation and extract all using lightweight
Algorithm.In the access mechanism based on attribute, cloud platform carries out part decryption using authorization key to ciphertext so that user only needs
Carry out the decryption burden that single index computing in plain text, greatly reduces user with regard to that can recover.
The purposes of the present invention:Medical Internet of Things (IOT) is the effective means that quality of medical care and efficiency improve in medical institutions.Doctor
The vital sign of patient can be monitored by treating the Medical Devices in Internet of Things, these tidal data recoverings into medical document, and by document
It is sent in Cloud Server and is stored, medical worker can accesses relevant documentation.In order to protect the privacy of patient, can use
Encrypt to control access of the authorized person to document, while prevent the access of unauthorized persons.In addition it is also necessary to can be in emergency
The lower medical document for accessing patient in time.The present invention proposes the lightweight double call control system in a medical Internet of Things,
It provides two kinds of methods for accessing encryption medical document:Access and urgent access based on attribute.Under normal circumstances, cure
Business personnel could be decrypted and access to data only when possessing attribute key.In emergency circumstances, urgent access machine
System can get around the access strategy of medical document, it is allowed to which medical worker conducts interviews to data so as to save the life of patient in time
Life.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the application can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the application can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
Its
The instruction that he performs on programmable device is provided for realizing in one flow of flow chart or multiple flows and/or side
The step of function of being specified in one square frame of block diagram or multiple square frames.
Above is presently preferred embodiments of the present invention, all changes made according to technical solution of the present invention, caused function are made
During with scope without departing from technical solution of the present invention, protection scope of the present invention is belonged to.
Claims (8)
- A kind of 1. lightweight double call control system in medical Internet of Things, it is characterised in that:Including key generation centre, cloud Platform, medical infrastructure provider;The key generation centre, it is that patient and user generate attribute key for generating main public/private keys pair;The cloud platform, provide the user outsourcing storage and calculate service;The medical infrastructure provider, medical Internet of Things infrastructure is provided for patient, and medical Internet of Things basis is set Apply by Internet connection, form medical Internet of Things;Patient obtains medical services by the medical infrastructure provider, and medical Internet of Things is responsible for collecting the physiology number of patient Medical document is formed according to medical imaging, and specifies access strategy encryption medical document to be then sent to by internet by patient The cloud platform;Patient also generates the urgent access key based on password by key generation centre, and specifies programmed emergency Know password;User is registered by key generation centre, obtains attribute key, and it is according to corresponding with access strategy match condition, generation Authorization key, the authorization key has the appropriate section decrypted rights that medical document is encrypted to cloud platform, so as to obtain phase Answer the medical document of part in plain text;By password, being interacted with cloud platform, medical infrastructure provider can recover promptly to access key programmed emergency, from And encryption medical document can be decrypted.
- 2. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that:It is described Key generation centre is with security parameter 1κFor input, main public/private keys pair are generated using Setup algorithms, it is specific as follows:Setup(1κ)→(MPK,MSK):Key generation centre selects hash function Symmetric cryptography/decipherment algorithm SEnc/SDec of safety and symmetric key spaceIn then key generation The heart selects random numberCalculate g2=g1 β, Y=e (g1,g1)α;It is MPK=finally to obtain Your Majesty's key (g1,g2, Y), main private key is MSK=(α, β);Wherein,WithIt is cyclic group, g1It isGeneration member.
- 3. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that:User The concrete mode that authorization key DK is generated by attribute key SK is as follows:KeyGen.Del(SK)→DK:CalculateAndAward Power key is DK=(dk1,{dk2,i}i∈[k],dk3,dk4)。
- 4. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that:Patient It is by way of key generation centre generates the urgent access key based on password:Patient selects the urgent access key BK of password pw generations, while generates the auxiliary information (bk of urgent access key1,bk2), Utilize password pw, auxiliary information (bk1,bk2) can recover to obtain key BK;Patient specifies programmed emergency ECP, and by password Pw informs ECP;It is implemented as follows,KeyGen.BK(pw)→(BK,bk1,bk2):Calculate ζ=H1(IDPA, pw), select random numberSo that ζ=ζ1 +ζ2;Random selectionAnd make urgent access key BK=K;Wherein, IDPAThat is patient identity;Cloud platform CP is randomly choosedCalculateAnd PCPIt is sent to patient;Medical infrastructure provider HIP with Machine selectsCalculateAnd PHIPIt is sent to patient;Patient receives (PCP,PHIP) after, selectionMeter Calculate:K2=K (K1)-1·(PCP,PHIP)τ,The auxiliary information of urgent access key For bk1=(K1,Λ1) and bk2=(K2,Λ2);Patient is by auxiliary information bk1And bk2It is sent respectively to CP and HIP;CP is responsible for depositing Store up (bk1,PCP,θ1), HIP is responsible for storing (bk2,PHIP,θ2)。
- 5. the lightweight double call control system in medical Internet of Things according to claim 4, it is characterised in that:Promptly By password, the mode for generating urgent access key is contact person:Passwords of the ECP using password pw as input generation encapsulation, and It is sent respectively to CP and HIP;The auxiliary information bk of the urgent access key of input1/bk2With the password of encapsulation, CP/HIP is calculated And auxiliary is recovered into information ψ1/ψ2It is sent to ECP;ECP receives ψ at CP and HIP respectively1And ψ2Recover promptly to be connect afterwards Enter key BK;It is implemented as follows,Extract.BK(pw,bk1,bk2)→BK:After CP and HIP receives urgent access cipher key-extraction request, respectively by PCPWith PHIPIt is sent to ECP;ECP choosesCalculate ζ=H1(IDPA, pw),And respectively (Γ1,Γ2) it is sent to CP and HIP;CP is calculatedAnd send it to ECP;HIP is calculated And send it to ECP;ECP is by calculating BK=(ψ1·ψ2)·(PCP·PHIP)-sObtain promptly accessing key BK.
- 6. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that:Patient Specify access strategy encryption medical document mode be:Patient utilizes access strategyWith urgent access key BK encryption medical treatment Document M, wherein,ρ is by matrixRow vector be mapped to attribute;It is implemented as follows,Patient choosesMake v=(z, λ2,...λn)Τ;For i ∈ [l], CalculateCalculate ciphertext CT:Υ=H2(BK,IDPA, FID), C0=Υ Yz,C2,i=ρ (i) zi/r1, C3,i= zi/r2,WhereinHave after representing MIndividual 0;The ciphertext of generation is CT=(CM,C0,C1, {C2,i,C3,i}i∈[l]);Patient willCloud platform CP is sent to be stored.
- 7. the lightweight double call control system in medical Internet of Things according to claim 3, it is characterised in that:User The part for encrypting medical document is decrypted by authorization key, the mode for obtaining the medical document plaintext of appropriate section is:Yun Ping After platform CP receives the data access request that user sends, verify whether the attribute set of user meets the access for encrypting medical document Strategy, if satisfied, then CP carries out part decryption using the authorization key DK of user to encryption medical document, then user passes through category Property key and decipherment algorithm Dec1Recover in plain text and verify its correctness, be implemented as follows,CP carries out part decrypting process using the authorization key DK of user to encryption medical document:PDec(CT,DK)→CT':CP is calculated using linear cipher secret sharing LSSSSo thatCP is calculated:<mrow> <mi>&Omega;</mi> <mo>=</mo> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>dk</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>dk</mi> <mn>3</mn> </msub> <mo>,</mo> <munder> <mo>&Pi;</mo> <mrow> <mi>i</mi> <mo>&Element;</mo> <mi>I</mi> </mrow> </munder> <msubsup> <mi>dk</mi> <mrow> <mn>2</mn> <mo>,</mo> <mi>i</mi> </mrow> <mrow> <msub> <mi>C</mi> <mrow> <mn>2</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&CenterDot;</mo> <msub> <mi>&omega;</mi> <mi>i</mi> </msub> </mrow> </msubsup> <mo>)</mo> </mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>dk</mi> <mn>4</mn> </msub> <mo>,</mo> <munder> <mo>&Pi;</mo> <mrow> <mi>i</mi> <mo>&Element;</mo> <mi>I</mi> </mrow> </munder> <msubsup> <mi>dk</mi> <mrow> <mn>2</mn> <mo>,</mo> <mi>i</mi> </mrow> <mrow> <msub> <mi>C</mi> <mrow> <mn>3</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&CenterDot;</mo> <msub> <mi>&omega;</mi> <mi>i</mi> </msub> </mrow> </msubsup> <mo>)</mo> </mrow> <mo>=</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>g</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>g</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mrow> <mi>&alpha;</mi> <mo>&CenterDot;</mo> <mi>z</mi> <mo>&CenterDot;</mo> <mi>&tau;</mi> </mrow> </msup> </mrow>And by CT'=(CM,C0, Ω) and it is sent to user;User passes through attribute key and decipherment algorithm Dec1Recover in plain text and verify its correctness process:Dec1(CT',SK)→M/⊥:User calculatesM'=SDec (H3(Υ),CM);IfRepresent CP The ciphertext CT' of part decryption is correct, and the medical document recovered is correct M;Otherwise ⊥ is exported.
- 8. the lightweight double call control system in medical Internet of Things according to claim 5, it is characterised in that:ECP By promptly accessing key BK and decipherment algorithm Dec2Decryption encryption medical document, concrete mode is as follows,Dec2(CT,BK)→M/⊥:ECP calculates Υ=H2(BK,IDPA, FID) and M'=SDec(H3(Υ),CM);IfRepresent that programmed emergency correctly extracts BK, and the medical document recovered is correct M;Otherwise export ⊥。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710798569.0A CN107579980A (en) | 2017-09-07 | 2017-09-07 | Lightweight double call control system in medical Internet of Things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710798569.0A CN107579980A (en) | 2017-09-07 | 2017-09-07 | Lightweight double call control system in medical Internet of Things |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107579980A true CN107579980A (en) | 2018-01-12 |
Family
ID=61031212
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710798569.0A Pending CN107579980A (en) | 2017-09-07 | 2017-09-07 | Lightweight double call control system in medical Internet of Things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107579980A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109583232A (en) * | 2018-11-20 | 2019-04-05 | 深圳大学 | Medical archive management method, device, equipment and storage medium based on CP-ABE |
CN111241375A (en) * | 2019-12-31 | 2020-06-05 | 上海汇智融合科技集团有限公司 | Regional medical information sharing query system |
CN111324898A (en) * | 2020-01-20 | 2020-06-23 | 福州大学 | Block chain-based electronic medical document dual-access control system |
CN112039880A (en) * | 2020-08-30 | 2020-12-04 | 河南大学 | Block chain distributed outsourcing-based dual-policy access control method |
CN112735566A (en) * | 2020-12-28 | 2021-04-30 | 武汉联影医疗科技有限公司 | Medical image management method and device, computer equipment and storage medium |
CN112989375A (en) * | 2021-03-05 | 2021-06-18 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN113904818A (en) * | 2021-09-27 | 2022-01-07 | 九江学院 | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation |
CN115394392A (en) * | 2022-08-31 | 2022-11-25 | 西安交通大学 | Medical data sharing system and method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103391192A (en) * | 2013-07-16 | 2013-11-13 | 国家电网公司 | Cross-safety-domain access control system and method based on privacy protection |
CN103763319A (en) * | 2014-01-13 | 2014-04-30 | 华中科技大学 | Method for safely sharing mobile cloud storage light-level data |
CN104683351A (en) * | 2015-03-17 | 2015-06-03 | 西安电子科技大学 | System and method for controlling anonymous hospitalizing and security access of medical information based on property |
US20150331999A1 (en) * | 1996-02-17 | 2015-11-19 | Robert H. Shelton | Standing order database search system and method for internet and intranet application |
CN105959111A (en) * | 2016-07-01 | 2016-09-21 | 何钟柱 | Information security big-data resource access control system based on cloud computing and credible computing |
CN106101131A (en) * | 2016-07-06 | 2016-11-09 | 杨炳 | A kind of encryption system realizing supporting fine-granularity access control |
CN106209357A (en) * | 2016-07-06 | 2016-12-07 | 杨炳 | A kind of ciphertext based on cloud computing platform accesses control system |
CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
-
2017
- 2017-09-07 CN CN201710798569.0A patent/CN107579980A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150331999A1 (en) * | 1996-02-17 | 2015-11-19 | Robert H. Shelton | Standing order database search system and method for internet and intranet application |
CN103391192A (en) * | 2013-07-16 | 2013-11-13 | 国家电网公司 | Cross-safety-domain access control system and method based on privacy protection |
CN103763319A (en) * | 2014-01-13 | 2014-04-30 | 华中科技大学 | Method for safely sharing mobile cloud storage light-level data |
CN104683351A (en) * | 2015-03-17 | 2015-06-03 | 西安电子科技大学 | System and method for controlling anonymous hospitalizing and security access of medical information based on property |
CN105959111A (en) * | 2016-07-01 | 2016-09-21 | 何钟柱 | Information security big-data resource access control system based on cloud computing and credible computing |
CN106101131A (en) * | 2016-07-06 | 2016-11-09 | 杨炳 | A kind of encryption system realizing supporting fine-granularity access control |
CN106209357A (en) * | 2016-07-06 | 2016-12-07 | 杨炳 | A kind of ciphertext based on cloud computing platform accesses control system |
CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109583232A (en) * | 2018-11-20 | 2019-04-05 | 深圳大学 | Medical archive management method, device, equipment and storage medium based on CP-ABE |
CN109583232B (en) * | 2018-11-20 | 2022-03-18 | 深圳大学 | CP-ABE-based medical archive management method, device, equipment and storage medium |
CN111241375A (en) * | 2019-12-31 | 2020-06-05 | 上海汇智融合科技集团有限公司 | Regional medical information sharing query system |
CN111324898A (en) * | 2020-01-20 | 2020-06-23 | 福州大学 | Block chain-based electronic medical document dual-access control system |
CN111324898B (en) * | 2020-01-20 | 2023-04-07 | 福州大学 | Block chain-based electronic medical document dual-access control system |
CN112039880A (en) * | 2020-08-30 | 2020-12-04 | 河南大学 | Block chain distributed outsourcing-based dual-policy access control method |
CN112735566A (en) * | 2020-12-28 | 2021-04-30 | 武汉联影医疗科技有限公司 | Medical image management method and device, computer equipment and storage medium |
CN112989375A (en) * | 2021-03-05 | 2021-06-18 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN112989375B (en) * | 2021-03-05 | 2022-04-29 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN113904818A (en) * | 2021-09-27 | 2022-01-07 | 九江学院 | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation |
CN113904818B (en) * | 2021-09-27 | 2023-04-18 | 九江学院 | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation |
CN115394392A (en) * | 2022-08-31 | 2022-11-25 | 西安交通大学 | Medical data sharing system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yang et al. | Lightweight break-glass access control system for healthcare Internet-of-Things | |
Yang et al. | Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system | |
CN107579980A (en) | Lightweight double call control system in medical Internet of Things | |
Yang et al. | Lightweight sharable and traceable secure mobile health system | |
CN111986755B (en) | Data sharing system based on blockchain and attribute-based encryption | |
Li et al. | A blockchain based data aggregation and group authentication scheme for electronic medical system | |
CN107635018B (en) | Cross-domain medical cloud storage system supporting emergency access control and safe deduplication | |
CN103391192B (en) | A kind of based on secret protection across security domain access control system and control method thereof | |
Chen et al. | An infrastructure framework for privacy protection of community medical internet of things: Transmission protection, storage protection and access control | |
CN108040056A (en) | Safety medical treatment big data system based on Internet of Things | |
CN107104982A (en) | Have traitor tracing function in mobile electron medical treatment can search for encryption system | |
Sharma et al. | RSA based encryption approach for preserving confidentiality of big data | |
Castiglione et al. | On secure data management in health-care environment | |
Wazid et al. | Healthcare 5.0 security framework: applications, issues and future research directions | |
Lee et al. | Service-oriented security framework for remote medical services in the Internet of Things environment | |
Xu et al. | A secure mutual authentication scheme of blockchain-based in WBANs | |
WO2017148162A1 (en) | Electronic prescription processing system and method applied to internet hospital | |
KR101022213B1 (en) | Method and apparatus for sharing and secondary use of medical data based on multi-proxy re-encryption | |
CN112364376A (en) | Attribute agent re-encryption medical data sharing method | |
CN115378966A (en) | Intelligent medical online service system and intelligent medical online service method | |
CN105978918A (en) | Bilinear identity authentication method suitable for wireless body area network communication access | |
Venkatasubramanian et al. | Security solutions for pervasive healthcare | |
Padmashree et al. | SIRLC: Secure information retrieval using lightweight cryptography in HIoT | |
Wang et al. | Data transmission and access protection of community medical internet of things | |
Wenhua et al. | A lightweight security model for ensuring patient privacy and confidentiality in telehealth applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180112 |