CN107635018B - Cross-domain medical cloud storage system supporting emergency access control and safe deduplication - Google Patents

Abstract

The invention relates to a cross-domain medical cloud storage system supporting emergency access control and safe duplicate removal, wherein a patient sets a password and an emergency access key based on the password, and informs an emergency contact of the password; the patient appoints an access strategy and an emergency access key to encrypt medical documents of the patient and then store the medical documents into the public cloud; the user registers to the medical institution to obtain an anonymous identity and an attribute key, obtains a corresponding proxy key and sends the proxy key to the public cloud, the public cloud generates a part of ciphertext of the encrypted medical document according to the proxy key, and the user obtains a plaintext of the encrypted medical document according to the attribute key and the part of ciphertext; the emergency contact acquires the emergency access key by using the password to decrypt the encrypted medical document of the patient; the public cloud interacts with a private cloud of the medical institution to perform a secure deduplication operation to eliminate copies of the encrypted medical documents. The invention supports emergency access, and adopts a safe duplicate removal mechanism to delete redundant ciphertext containing the same message, thereby saving storage space and transmission overhead.

Description

Cross-domain medical cloud storage system supporting emergency access control and safe deduplication

Technical Field

The invention relates to the technical field of cloud storage, in particular to a cross-domain medical cloud storage system supporting emergency access control and safe duplication elimination.

Background

The development of internet of things (IoT) technology has made it possible for medical institutions to provide high-quality, more convenient, and more widespread medical services. Medical institutions may implant tiny sets of wireless sensor nodes into patients (or attached to the surface of the patient's skin) to monitor their health and collect important physiological data, which facilitates emergency medical rescue and chronic disease detection. The elderly can enjoy modern medical services anytime and anywhere using wearable or implantable medical sensors.

After the medical IoT network collects the medical data, the medical data is transmitted to a data center for storage and disease diagnosis. To protect the privacy of the patient, the medical documents need to be encrypted before transmission to prevent eavesdropping on the public channel. The data owner defines authorization attributes and relationships by enforcing access policies on the protected data. Only the user (e.g., doctor, nurse, anesthesiologist, or patient's family) who possesses the attribute key has the authority to decrypt the ciphertext. This method is called attribute-based encryption (ABE).

In modern medical systems, a patient with a difficult condition may be diagnosed and treated in different hospitals. Therefore, there is a need to implement a cross-domain secure data sharing system to facilitate patient treatment between different hospitals. The doctor at hospital B can review the exam report generated at hospital a. Encrypted medical documents generated by different hospitals are sent to a public cloud server for storage, and the encrypted medical documents are accessed by users. The patient defines a cross-domain access policy for his encrypted medical records. Each medical professional registers with their medical institution to obtain a key for decrypting the patient's encrypted document.

Emergency situations such as car accidents or sudden coma of the patient may occur in the medical system. In these emergency situations, electronic medical documents of the patient need to be acquired to save their lives. While emergency personnel on site are likely to not have access to the patient's encrypted medical documents. Security mechanisms that protect data privacy may hinder emergency treatment of patients. It is therefore crucial to devise an emergency access method for emergency situations, which enables access to electronic medical documents even if emergency personnel do not have the associated attribute keys. At the same time, the emergency access rights should be controllable and protected against malicious access by an attacker.

Different medical personnel may use different access policies to encrypt the same medical data. The ciphertext is transmitted to a public cloud server, and a large amount of storage space is occupied. In order to save storage space and transmission overhead, an effective method is to eliminate redundant ciphertext containing the same message in the cloud server, and the method is called safe deduplication.

In 2009 Brucker et al proposed an access control model with emergency access functionality and a security architecture that supports emergency access. They then integrate the emergency access mechanism into an attribute-based encryption scheme to implement a security log system for analyzing the user's behavior during emergency access. Marinovic et al proposed a new emergency access model named Rampole that adds integrity constraints in the decision making process to enable a decision maker to manage emergency access privileges in a fine-grained manner. Maw et al devised an emergency access model for wireless sensor medical networks and are concerned with the problem of access rights management across medical domains. However, these studies only give a basic architecture and no specific solution. In 2016, Zhang et al proposed a password-based emergency access scheme based on two-factor encryption: password-based encryption and master private key-based encryption.

In 2013, Bellare et al proposed message locked encryption (message locked encryption) to implement secure deduplication and can derive encryption and decryption keys from messages. In 2014, Li et al proposed a system for managing aggregated keys in secure deduplication. The system is implemented by the Dekey technology and is based on a secret sharing scheme. Later, they proposed a secure deduplication system in a hybrid cloud architecture (including public and private clouds) and able to resist collusion attacks. In 2015, Liu et al constructed a novel secure deduplication system based on a password authenticated key exchange protocol. Since these security deduplication systems do not take into account the issue of access control, Cui et al propose a security deduplication system based on attribute access control using zero knowledge proof.

In 2007, Ostrovsky proposed an attribute-based encryption algorithm such that the user's key could represent both monotonic (monotone) and non-monotonic (non-monotone) access policies. To reduce the decryption computation overhead, Green et al propose outsourcing decryption methods so that users can recover messages using lightweight computing. In order to detect the correctness of the converted ciphertext, people research verifiable outsourcing decryption and provide an effective way for correctness verification. The traitor tracing problem in ABE was studied to recover the identity of a malicious user. One has studied the security search problem in ABE: the user sends the keyword trapdoor to the cloud server for searching, and the cloud server returns the ciphertext containing the same keyword. Yang et al propose a time domain attribute based access control scheme to protect cloud-based video content sharing that embeds time into the ciphertext and key to achieve time control. To reduce trust in a single authority center, the ABE scheme of multiple authority centers has been studied.

Disclosure of Invention

Aiming at the prior art, the invention provides a cross-domain medical cloud storage system supporting emergency access control and safe duplicate removal, which supports emergency access control and safe duplicate removal and solves the problems of data redundancy, high storage overhead and the like.

In order to achieve the purpose, the technical scheme of the invention is as follows: a cross-domain medical cloud storage system supporting emergency access control and safe duplicate removal comprises a key generation center, a medical institution and a public cloud;

the key generation center is used for generating public parameters and a main private key of the cross-domain medical cloud storage system, detecting the medical quality of the medical institution and generating a public key/private key for the medical institution;

the medical institution distributes an attribute set according to the characteristics of the user, generates an attribute key, and executes storage and calculation service for the user through a private cloud;

the public cloud is used for storing medical documents of patients of different medical institutions and responding to data access inquiry;

the patient acquires medical service through a medical institution, sets a password and an emergency access key based on the password, and informs an emergency contact of the password; the patient appoints an access strategy and an emergency access key to encrypt medical documents of the patient and then store the medical documents to the public cloud; the emergency contact list is managed by a private cloud of the medical institution;

the method comprises the steps that a user registers in a medical institution to obtain an anonymous identity and an attribute key, obtains a corresponding proxy key according to the anonymous identity and the attribute key and sends the proxy key to a public cloud, the public cloud generates a part of ciphertext of an encrypted medical document according to the proxy key, and the user obtains a plaintext of the encrypted medical document according to the attribute key and the part of ciphertext;

the emergency contact acquires the emergency access key by using the password to decrypt the encrypted medical document of the patient;

the public cloud interacts with a private cloud of the medical institution to perform a secure deduplication operation to eliminate copies of encrypted medical documents.

Further, the key generation center inputs security parameters 1^κGenerating public parameters and a main private key of the system by using a GlobalSetup algorithm, which comprises the following specific steps:

GlobalSetup(1^κ) → (PP, MSK): key generation centric randomly selected hash function

Secure symmetric encryption/decryption algorithm SEnc/SDec and symmetric key space

The key generation center then selects a cyclic group

Generating element of

And random number

Calculating Y ═ e (g)₁,g₂)^ηSetting the common parameter PP ═ g, g₁,g₂,g₃,Y,H₁,H₂,SEnc/SDec), setting a main private key MSK as eta; wherein,

p is a prime number,

represents from

And selecting a random value eta.

Further, when the ith medical institution registers to the cross-domain medical cloud storage system, the key generation center checks the medical quality of the ith medical institution; if qualified, the key generation center assigns an identity MI to the facility_iAnd generates a public key PK therefor_iAnd a private key SK_iCross-domain medical cloud storage system public PK_iSK is transmitted via a secure channel_iTo medical institutions MI_iThe method comprises the following steps:

KeyGen.MI(MI_i,MSK)→(PK_i,SK_i): random selection of alpha by key generation center_i,β_i,

Based on the master private key MSK and the identity MI of the medical institution_iIs calculated to obtain

MI_iPublic key PK_i：

MI_iPrivate key SK_i：

MI_iIs PK_i＝(pk_i,1,pk_i,2) The private key is SK_i＝(K_i,1,K_i,2,K_i,3,K_i,4,K_i,5)。

Further, when the jth user U_i,jTo medical institutions MI_iDuring registration, the medical institution verifies the identity of the user U_i,jDistributing anonymous identities

And hide its true identity, depending on the user identity, MI_iAssigning a set of attribute collections

To characterize the user and for anonymous identity PID_i,jUser generated attribute key SK_i,jThe method comprises the following steps:

medical institution MI_iV 'is chosen randomly'_i,j,

Setting v_i,j＝v_i+v'_i,jCalculating the user's attribute key SK_i,j：

sk_i,j,3＝g^t，

U_i,jThe attribute key of (A) is

Wherein

To represent

The number of attributes of the user.

Further, a random number is selected

PID based on user anonymous identity_i,jAnd attribute key SK_i,jComputing proxy key DK_i,jAnd sending to the public cloud, calculating as follows:

DK₃＝(sk_i,j,3)^τ＝(g^t)^τ

the user's proxy key is

Further, the emergency access key generation method is as follows:

the patient sets a password pw_i,jAnd emergency access key BGK based on the password_i,jUsing the password pw_i,jGenerating an emergency access key, BGK_i,jAuxiliary information (BGK)_i,j,1,BGK_i,j,2) BGK_i,j,1Sending the BGK to public cloud_i,j,2To medical institutions MI_iPrivate cloud, emergency contact utilizes password pw_i,jAnd auxiliary information (BGK)_i,j,1,BGK_i,j,2) Recovering to obtain BGK (emergency access key)_i,j(ii) a The concrete implementation is as follows:

KeyGen.BGK(PID_i,j,pw_i,j)→(BGK_i,j,1,BGK_i,j,2): randomly selecting ζ₁,ζ₂,σ₁,

Ψ,Ψ₁∈_RG, setting a BGK (emergency access key)_i,jΨ, PID based on the anonymous identity of the patient_i,jAnd password pw_i,jAnd (3) calculating:

further, emergency contacts are in contact with the public cloud and medical institutions MI_iInteracts according to the anonymous identity PID of the patient_i,jPassword pw_i,jAnd auxiliary information BGK_i,j,1,BGK_i,j,2Obtaining an emergency access key BGK_i,jThe specific process is as follows:

Extract.BGK(PID_i,j,pw_i,j,BGK_i,j,1,BGK_i,j,2)→BGK_i,j: emergency contact selection random number

Computing

And sends it to the public cloud and medical institution MI_i(ii) a Public cloud selection of random numbers

Computing

And transmits it to the medical structure MI_i(ii) a Medical institution MI_iSelecting random numbers

Computing

And send it to the public cloud; public cloud computing

And will be (A)₁,W₁) Sending the information to an emergency contact; medical institution MI_iComputing

And will be (A)₂,W₂) Sending the information to an emergency contact; by calculating BGK_i,j＝Ψ＝(W₁·W₂)·(A₁·A₂)^ξAn emergency access key is obtained.

Further, the way that the patient specifies the access policy and the emergency access key to encrypt his medical document is: patient embedding access policy in the process of encrypting medical document M

Access policy based on medical document M

Medical institution MI_iPublic key PK_iAnonymous identity of the patient PID_i,jAnd emergency access key BGK_i,jObtaining the ciphertext CT and the transformation key TK_i,jAnd the proof information pf is specifically realized as:

ρ will matrix

Is mapped to the medical institution, delta is the matrix

The row vector of (a) is mapped to an attribute,

is that

Line x of (1), patient random selection

Let v be (z, v)₂,...v_n)^T，w＝(0,w₂,...,w_n)^TLet us order

λ_xAnd w_xRespectively represent

Z and 0, sign<·>Computing a transformation key by performing an inner product operation

The patient is

X in each row of the random selection

For the medical document M, a document number is set

Computing the elements of the ciphertext CT:

γ＝H₂(Ψ,PID_i,j,FID)，

C_-1＝g₁ ^z，C₀＝γ·Y^z＝γ·e(g₁,g₂)^η·z，

wherein

After M represents

0, (C) ciphertext CT ═ C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l]) (ii) a Where x ∈ [ l ]]Denotes that x is more than or equal to 1 and l is a matrix

The number of rows of (c);

randomly selecting s, r₁,

Calculating the CT certification information pf:

D₂＝g^s，

θ＝H₁(C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l],D₁,D₂,D₃,B₁,B₂)，D₄＝r₁-θ·H₁(M)，

D₅＝r₂-θ·H₁(γ), the certification information pf ═ D₁,D₂,D₃,D₄,D₅θ), patient handle (PID)_i,jFID, CT, pf) to the public cloud, and the TK for the key conversion_i,jTo medical institutions MI_iAnd the proof information pf is used for enabling the public cloud to distinguish different ciphertexts encrypted by the same plaintext information.

Further, the secure deduplication operation comprises:

the method comprises the following steps: and detecting whether the ciphertext is valid:

ValidityTest (CT, pf) → 1/0: and calculating by the public cloud according to the ciphertext CT and the proof information pf:

θ'＝H₁(C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l],D₁,D₂,D₃,B₁',B₂')

verifying whether the equation theta' is true or not, if true, outputting 1 to indicate that the ciphertext is valid, and otherwise, outputting 0 to indicate that the ciphertext is invalid;

step two: detecting whether the ciphertext contains the same medical document:

MsgTest(pf₁,pf₂) → 1/0: let pf₁＝(D₁,D₂,D₃,D₄,D₅,θ)，pf₂＝(D₁',D₂',D₃',D₄',D₅', θ'), the public cloud proves information pf according to the ciphertext₁And pf₂Verification of equation e (D)₁,D₂')＝e(D₁',D₂) If yes, outputting 1 to show that the two ciphertexts are in the same plaintext encryption form, otherwise outputting 0;

step three: re-encrypting the ciphertext using the combined access policy, such that a user having access to the original ciphertext may also access the encrypted data:

assume that the ciphertext and corresponding access policy are

Medical institution MI_iDeriving a combined access policy

And using combined access policies

Re-encrypting the ciphertext to generate a new ciphertext CT', bundle (CT)₁,...,CT_m) The ciphertext with the smallest document number is denoted as CT, and CT is assumed to be₁，FID＝FID₁：

Medical institution MI_iPID based on anonymous identity of patient_i,jTK for converting secret key_i,jCiphertext CT and combined access strategy

Computing a new ciphertext CT', wherein

ρ' will

Is mapped to the medical institution, δ' will

The row of (a) is mapped to an attribute,

to represent

The x-th row of (a),

random selection

Let v ═ z ', v'₂,...v'_n)^T，w'＝(0,w'₂,...,w'_n)^TWherein

Order to

λ'_xAnd w'_xRespectively represent

Z and 0 fraction corresponding to the x-th row of (1), medical institution MI_iIs composed of

X in each row of the random selection

And calculates ciphertext CT '═ C'_M,C'_-1,C'₀,{C'_1,x,C'_2,x,C'_3,x,C'_4,x}_x∈[l])：C’_M＝C_M,

C'₀＝C₀·Y^z＝γ·Y^z'，

Due to the fact that

To obtain

Using a transfer key TK_i,jCalculating element C'_1,x：

Further, the specific way for the user to obtain the plaintext of the encrypted medical document by using the attribute key is as follows:

public cloud-based proxy key DK_i,jPartially decrypting the ciphertext and generating a partial ciphertext CT_p：

PartialDec(CT,DK_i,j)→CT_p: public cloud according to ciphertext CT and proxy key DK_i,jComputing

So that

CT partial cipher text_p＝(C_M,C₀,C_T) Sending the data to a user;

Dec₁(CT_p,SK_i,j) → M/. T: user with attribute key according to partial cipher text CT_p＝(C_M,C₀,C_T) And attribute key SK_i,jRecovering fromObtaining again

And M' ═ SDec (H)₂(γ),C_M) (ii) a If it is not

Outputting the medical document M; otherwise output ^ T, where

After M represents

And 0.

Compared with the prior art, the invention has the following beneficial effects:

(1) cross-domain fine-grained access control: the invention uses the encryption algorithm with cross-domain access strategy based on the attribute to encrypt the medical record of the patient, so that the authorized user (including the patient, the medical staff or the friends and relatives of the patient) in the system can access the medical record.

(2) Password-based emergency access: the invention provides an emergency access mechanism, a password and a group of emergency contacts are preset by a patient, and in an emergency situation, the emergency contacts can acquire an emergency access key by using the password so as to recover all medical data of the patient, so that the emergency access mechanism is favorable for timely treating the patient.

(3) Safe de-weighting: the invention supports the safe duplicate removal of the encrypted data based on the attribute, effectively saves the storage space and reduces the transmission cost between the public cloud and the user, and the duplicate removal operation comprises three stages: firstly, detecting whether a ciphertext is valid; secondly, detecting whether the ciphertext contains the same medical document; and finally, the ciphertext is re-encrypted by using the combined access strategy, so that an authorized user who can access the original ciphertext can access the encrypted data.

Drawings

FIG. 1 is a system framework diagram of the present invention;

FIG. 2 is a diagram of the system set up process of the present invention;

FIG. 3 is a key generation process for a medical facility of the present invention;

FIG. 4 is a user attribute key generation process of the present invention;

FIG. 5 is a proxy key generation process of the present invention;

FIG. 6 is a password-based emergency access key generation process of the present invention;

fig. 7 is a process of password-based emergency access key extraction according to the present invention.

Detailed Description

The invention is further explained below with reference to the drawings and the embodiments.

The invention relates to a cross-domain medical cloud storage system supporting emergency access control and safe duplicate removal, which comprises a key generation center, a medical institution and a public cloud;

the key generation center is used for generating public parameters and a main private key of the cross-domain medical cloud storage system, detecting the medical quality of the medical institution and generating a public key/private key for the medical institution;

the medical institution distributes an attribute set according to the characteristics of the user, generates an attribute key, and executes storage and calculation service for the user through the private cloud;

the public cloud is used for storing medical documents of patients of different medical institutions and responding to data access inquiry;

the patient acquires medical service through a medical institution, sets a password and an emergency access key based on the password, and informs an emergency contact of the password; the patient appoints an access strategy and an emergency access key to encrypt medical documents of the patient and then store the medical documents to the public cloud; the emergency contact list is managed by a private cloud of the medical institution;

the method comprises the steps that a user registers in a medical institution to obtain an anonymous identity and an attribute key, obtains a corresponding proxy key according to the anonymous identity and the attribute key and sends the proxy key to a public cloud, the public cloud generates a part of ciphertext of an encrypted medical document according to the proxy key, and the user obtains a plaintext of the encrypted medical document according to the attribute key and the part of ciphertext;

the emergency contact acquires the emergency access key by using the password to decrypt the encrypted medical document of the patient;

the public cloud interacts with a private cloud of the medical institution to perform a secure deduplication operation to eliminate copies of the encrypted medical documents.

The specific implementation process is as follows:

as shown in FIG. 1, the system framework of the present invention comprises the following entities of various types, each of which has the following features and functions:

key Generation Center (KGC): the KGC is a trusted third party entity and is responsible for generating system public parameters and generating a master private key and storing the master private key in a secret manner; the KGC is also responsible for detecting the medical quality of the medical institution and generating public/private keys for it.

Medical Institution (MI): the medical institution registers to the KGC to acquire a public key/private key pair, is responsible for treating patients and managing patients and medical staff in the medical field, distributes a group of attribute sets according to the characteristics of the patients and the medical staff and generates an attribute key, and executes storage and calculation services for the users through a private cloud, such as emergency contact list storage, cipher text re-encryption, emergency access key extraction and the like of the patients.

Data owner (based on medical internet of things): the data owner is typically a patient and the medical internet of things system is responsible for monitoring physiological data of the patient. Implanting several small wireless sensors in the patient or attached to the surface of the patient's skin to continuously monitor the patient's physiological parameters and send them to the aggregation node; medical data of a patient is recorded in an electronic medical document, in order to protect privacy of the patient, the medical document is encrypted into a ciphertext, an access policy is specified for the ciphertext so as to perform access control, only an authorized user can recover the document, then the protected medical document is outsourced to a public cloud for storage, and in order to deal with an emergency, the patient presets a password, an emergency access key and a set of emergency contacts (such as his main doctor, family or friend). The emergency access key may be used to decrypt all encrypted medical documents of the patient. The patient securely hands the password to an Emergency Contact (ECP). When the patient encounters an emergency, the ECP may derive the emergency access key from the password and recover the patient's medical documentation. The private cloud of the medical institution is responsible for managing ECP lists of patients.

Public cloud: the public cloud is responsible for storing medical documents of data owners from different medical institutions and responding to data access queries; according to the attributes of the data user and the access policy of the encrypted document, the public cloud can detect whether the user has the right to access the data, and provide partial decryption service for the user to reduce the calculation burden of the user. To eliminate copies of encrypted medical documents, the public cloud interacts with the private cloud of the medical institution to perform secure deduplication operations to save storage space.

The data user: a data user (e.g., a medical person or a patient's friend, relative) registers with a medical institution to obtain an attribute key, and the user sends a data access query to the public cloud to obtain an encrypted medical document and decrypts it using the attribute key.

Emergency Contact (ECP): the patient securely shares the password to the emergency contact and the ECP uses the password to obtain the emergency access key to decrypt the patient's medical documents when the patient is in a dangerous condition.

1. System set-up

FIG. 2 shows the system setup process, KGC inputs security parameters 1^κThe GlobalSetup algorithm generates the public parameters PP and the master private key MSK of the system. The public parameter PP is disclosed in the system, and the KGC secretly stores the MSK. Globalsetup (1)^κ) → (PP, MSK): the KGC executes the algorithm. KGC randomly selects a hash function

Secure symmetric encryption/decryption algorithm SEnc/SDec and symmetric key space

KGC selection cycle group

Generating element of

And random number

Calculating Y ═ e (g)₁,g₂)^η. KGC sets the common parameter PP ═ g, g₁,g₂,g₃,Y,H₁,H₂secc/SDec), MSK is set to η. Wherein,

represents from

And selecting a random value eta.

2. Key generation for medical institutions

As shown in fig. 3, when the ith medical facility registers with the system, the KGC checks whether it is a qualified facility. If qualified, the KGC assigns an identity MI to the medical facility_iAnd generates a public key PK therefor_iAnd a private key SK_i. System publication PK_iSK is transmitted via a secure channel_iTo MI_i。

KeyGen.MI(MI_i,MSK)→(PK_i,SK_i): the KGC executes the algorithm. Input of algorithm is main private key MSK and identity MI of medical institution_i. Random selection of alpha by KGC_i,β_i,

And calculating to obtain MI_iPublic key PK_i：

MI_iPrivate key SK_i：

MI_iIs PK_i＝(pk_i,1,pk_i,2) The private key is SK_i＝(K_i,1,K_i,2,K_i,3,K_i,4,K_i,5)。

3. User key generation

As shown in FIG. 4, when the jth user U_i,jTo medical institutions MI_iWhen registering, the medical institution first verifies his identity. The user may be a patient, doctor, nurse, or other persona. In order to protect user privacy, MI_iFor user U_i,jDistributing anonymous identities

And hide its true identity. Based on user identity, MI_iAssigning a set of attribute collections

To describe the characteristics of the user. Then MI_iFor anonymous identities to PID_i,jUser generated attribute key SK_i,j。

Medical institution MI_iThe algorithm is executed. The input to the algorithm is the medical institution MI_iIdentity of the user, anonymous identity PID of the user_i,j，MI_iPrivate key SK_iAnd attributes of the user

MI_iV 'is chosen randomly'_i,j,

Setting v_i,j＝v_i+v'_i,j(v_iUnknown), calculate PID_i,jIs a secret key SK_i,j：

sk_i,j,3＝g^t，

U_i,jIs

Wherein

To represent

The number of attributes of the user.

4. Proxy key generation

As shown in FIG. 5, at this stage, the user (anonymous identity PID)_i,j) Generating a proxy key DK_i,jAnd sends it to the public cloud. The public cloud converts the ciphertext by using the proxy key, so that the user can recover the medical document only by light-weight calculation. Meanwhile, the public cloud cannot acquire plaintext information of the medical document.

KeyGen.Del(PID_i,j,SK_i,j)→DK_i,j: the user executes the algorithm. The input of the algorithm is the anonymous identity PID of the user_i,jAnd a private key SK_i,j. User selection of random numbers

Computing authorizationKey DK_i,j：

DK₃＝(sk_i,j,3)^τ＝(g^t)^τ，

The user's proxy key is

The user sends its secret to the public cloud.

5. Password-based emergency access key generation

As shown in fig. 6, emergency access key generation process, to provide effective data access when a patient encounters an emergency situation (e.g., a sudden faint or heart attack), the patient presets a password-based emergency access key BGK_i,jIt can be used to decrypt encrypted medical documents that are all of the patient. Patient (anonymous identity PID)_i,j) Setting password pw_i,jAnd emergency access key BGK_i,j. The patient specifies a set of emergency contacts (e.g. his attending physician, family or friend) and tells them the password pw in secret_i,j. The emergency contact may utilize the password pw_i,jThe emergency access key for the patient is recovered. The private cloud of the medical facility where the patient is located is responsible for storing the emergency contact list. Patient utilizes password pw_i,jGenerating an emergency access key, BGK_i,jAuxiliary information (BGK)_i,j,1,BGK_i,j,2) And sends it to the public cloud and the MI, respectively_iA private cloud. The emergency contact may utilize the password pw_i,jObtaining emergency access key BGK by recovering auxiliary information_i,j。

KeyGen.BGK(PID_i,j,pw_i,j)→(BGK_i,j,1,BGK_i,j,2): the patient executes the algorithm. The input to the algorithm is the anonymous identity PID of the patient_i,jAnd password pw_i,j. Patient random selection ζ₁,ζ₂,σ₁,

Ψ,Ψ₁∈_RG, setting a BGK (emergency access key)_i,jΨ, calculate:

BGK for patients_i,j,1Sending the BGK to public cloud_i,j,2To medical institutions MI_iA private cloud.

6. Password-based emergency access key extraction

When the patient (anonymous identity PID)_i,j) In an emergency situation, the patient needs to have quick access to his encrypted medical documentation in order to give him immediate and effective treatment. Medical institution MI_iWill contact his designated emergency contact who knows the emergency access key BGK with the patient_i,jCorresponding password pw_i,j. Emergency contact with public cloud and MI_iThe private cloud carries out interaction to obtain an emergency access key BGK_i,j。

Extract.BGK(PID_i,j,pw_i,j,BGK_i,j,1,BGK_i,j,2)→BGK_i,j: the emergency contacts of the patient, the public cloud, and the medical institution interactively execute the algorithm. Anonymous identity PID entered into a patient_i,jPassword pw_i,jAnd auxiliary information BGK_i,j,1,BGK_i,j,2BGK outputs BGK_i,jThe interaction process of the algorithm is shown in fig. 7.

(1) Emergency contact selection random number

Computing

And sends it to the public cloud and MI_i。

(2) Public cloud selection of random numbers

Computing

And transmits it to MI_i。

(3) Medical institution MI_iSelecting random numbers

Computing

And sends it to the public cloud.

(4) Public cloud computing

And will be (A)₁,W₁) And sending to the emergency contact.

(5) Medical institution MI_iComputing

And will be (A)₂,W₂) And sending to the emergency contact.

(6) User BGK calculation_i,j＝Ψ＝(W₁·W₂)·(A₁·A₂)^ξAn emergency access key is obtained.

7. Encryption

When the medical internet of things generates a medical document, a patient encrypts the document M into a ciphertext and embeds an access strategy in the encryption process

Cipher-output and conversion key TK of encryption algorithm_i,jAnd certification information pf. According to a combined access strategy, a safe deduplication algorithm utilizes a transformed key TK_i,jAnd (5) encrypting the ciphertext again. The proving information pf enables the public cloud to distinguish different ciphertexts encrypted by the same plaintext information. TK for patient_i,jTo MI_iThe public cloud is responsible for storage (CT, pf).

The patient executes the algorithm. The input of the algorithm is a medical document M, and the access strategy

MI_iPublic key PK_iAnonymous identity of the patient PID_i,jAnd emergency access key BGK_i,jWherein

ρ will matrix

Is mapped to the medical institution, delta is the matrix

The row vector of (a) maps to an attribute.

Is that

Row x.

Patient random selection

Let v be (z, v)₂,...v_n)^T，w＝(0,w₂,...,w_n)^T. Order to

They are respectively represented

Z and 0 share (share), symbol, corresponding to row x<·>Representing an inner product operation. Patient calculation of a conversion key

The patient is

X in each row of the random selection

For the electronic medical document M, the patient sets the document number

Calculating elements of CT;

γ＝H₂(Ψ,PID_i,j,FID)，

C₀＝γ·Y^z＝γ·e(g₁,g₂)^η·z，

wherein

After M represents

0, (C) ciphertext CT ═ C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l])。

Then, the patient randomly selects s, r₁,

Calculating the CT certification information pf:

D₂＝g^s，

θ＝H₁(C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l],D₁,D₂,D₃,B₁,B₂)，

D₄＝r₁-θ·H₁(M)，

D₅＝r₂-θ·H₁(γ)。

the information is verified as pf ═ D (D)₁,D₂,D₃,D₄,D₅θ), patient handle (PID)_i,jFID, CT, pf) to the public cloud, secretly transmitting TK_i,jTo MI_i。

8. Safe deduplication

(1) Ciphertext validity detection

In the safe duplicate removal process, the public cloud firstly checks whether the stored ciphertext is valid. And outputting 1 by the ciphertext validity detection algorithm to show that the ciphertext is valid, and otherwise, outputting 0.

ValidityTest (CT, pf) → 1/0: the public cloud executes the algorithm. The inputs to the algorithm are the ciphertext CT and the proof information pf.

Public cloud computing

θ'＝H₁(C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l],D₁,D₂,D₃,B₁',B₂')，

It is verified whether the equation θ' holds. If true, the algorithm outputs 1, otherwise 0 is output.

(2) Information isocratic detection

If the validity detection algorithm has verified that both ciphertexts are valid, the information equality detection algorithm will detect whether they are in the form of ciphertexts of the same plaintext. If so, the algorithm outputs 1, otherwise outputs 0.

MsgTest(pf₁,pf₂) → 1/0: the public cloud executes the algorithm. The input of the algorithm is the certification information pf of the ciphertext₁And pf₂. Assuming pf₁＝(D₁,D₂,D₃,D₄,D₅,θ)，pf₂＝(D₁',D₂',D₃',D₄',D₅', θ'). Public cloud verification equation e (D)₁,D₂')＝e(D₁',D₂) Whether or not this is true. If yes, the algorithm outputs 1 to indicate that the two ciphertexts are in the encrypted form of the same plaintext, otherwise 0 is output.

(3) Re-encrypted ciphertext

If it is verified that a set of ciphertext sets contains the same information and belongs to the same data owner, the public cloud performs a secure deduplication operation. Assume that the ciphertext and corresponding access policy are

Medical institution MI_iFirstly, these access policies are combined into

(combination of Access policies

MI_iUsing combined access policies

Re-encrypting ciphertextA new ciphertext CT' is generated. Thus, Ciphertext (CT)₁,...,CT_m) Any predefined user of (2) can access the new ciphertext CT'. Handle (CT)₁,...,CT_m) The ciphertext with the minimum document number is marked as CT. Let CT be equal to CT₁，FID＝FID₁。

Medical institution MI_iThe algorithm is executed. The input to the algorithm is the anonymous identity PID of the patient_i,jTK for converting secret key_i,jCiphertext CT and combined access strategy

Wherein

ρ' will

Is mapped to the medical institution, δ' will

The rows of (2) map to attributes.

To represent

The x-th row of (a),

MI_irandom selection

Let v ═ z ', v'₂,...v'_n)^T，w'＝(0,w'₂,...,w'_n)^TWherein

(z unknown). Order to

They are respectively represented

Row x of (a) corresponds to z and 0 shares (share). MI_iIs composed of

X in each row of the random selection

And calculates ciphertext CT '═ C'_M,C'_-1,C'₀,{C'_1,x,C'_2,x,C'_3,x,C'_4,x}_x∈[l])：

C'_M＝C_M，

C'₀＝C₀·Y^z＝γ·Y^z'，

Due to the fact that

Can obtain

Using a transfer key TK_i,jCan calculate element C'_1,x：

Obviously, C'_1,xStructure of (2) and C in the original ciphertext_1,xHas consistency.

9. Partial decryption

To reduce the computational burden on the user, the public cloud utilizes a proxy key DK_i,jPartially decrypting the ciphertext and generating a partial ciphertext CT_p. In this process, the public cloud cannot acquire plaintext information M of the ciphertext.

PartialDec(CT,DK_i,j)→CT_p: the public cloud executes the algorithm. The input of the algorithm is ciphertext CT and authorization key DK_i,j. Public cloud computing

So that

Computing

And will CT_p＝(C_M,C₀,C_T) And sending the data to the user.

10. Decryption and authentication with attribute keys

Possession of an Attribute Key SK_i,jBy a decryption algorithm Dec₁And recovering to obtain the medical document M.

Dec₁(CT_p,SK_i,j) → M/. T: the user in possession of the attribute key executes the algorithm. The input of the algorithm is partial cipher text CT_p＝(C_M,C₀,C_T) And attribute key SK_i,jThe user resumes obtaining

And M' ═ SDec (H)₂(γ),C_M). If it is not

Indicating that the partial decryption algorithm executed by the public cloud is correct, and outputting a medical document M by the algorithm; otherwise, outputting ^ t.

11. Decryption and authentication with emergency access key

Extracting an emergency access key BGK by an emergency contact by using algorithm extract_i,jAnd using a decryption algorithm Dec₂The patient's medical document is decrypted.

Dec₂(PID_i,j,FID,C_M,BGK_i,j) → M/. T: the emergency contact of the patient executes the algorithm. The input to the algorithm is the anonymous identity PID of the patient_i,jDocument number FID and ciphertext C_MAnd emergency access key BGK_i,jThe emergency contact recovers γ ═ H₂(BGK_i,j,PID_i,jFID) and M' ═ SDec (H)₂(γ),C_M) If, if

Indicating that an emergency contact has correctly extracted BGK_i,jOutputting a medical document M by an algorithm; otherwise, outputting ^ t.

12. Access policy

Definition 1 (access architecture): defining a set of entities { P }₁,...,P_nH, if any set B and C satisfies: when in use

And is

Time of flight

Then

One access structure is { P₁,...,P_nNon-empty subset of

For example

Is called an authorization set, is not

A set in (2) is referred to as an unauthorized set.

Definition 2: (Linear secret sharing scheme (LSSS)). Entity collections

Above secret sharing scheme Π is called linearity

Above) if and only if: 1. share of each party (share) forming

The vector of (c). 2. There is a matrix M of l × n called the generator matrix of pi shares (share). The ith line of l, M is marked by ρ (i) (ρ is { 1.·, l } to) for all i ═ 1.·,.., l, M

A function of). Let vector v equal (s, r)₂,...r_n) Where s is the secret to be shared

Random selection

Mv is the share vector ((Mv) of the secret s according to Π_iBelonging to ρ (i)). By definition, each LSSS has linear reconstruction properties. Suppose Π is the Access Structure

LSSS of (1), order

Is an arbitrary authorization set, and defines I ═ { I: ρ (I) ∈ S }, where

According to Π, if any

So that

Is a valid share of any secret s, then is_i∈Iw_iλ_iS. For an unauthorized set, there is no such constant. The invention uses a LSSS matrix (M, p) to express the access policy associated with the ciphertext.

13. Bilinear group

Algorithm

Inputting a security parameter lambda, outputting prime order bilinear mapping parameters p, g,

e. wherein

And

is a multiplicative cyclic group of prime order p, g is

The generator of (1). Mapping

Is a bilinear map. The bilinear map e has three attributes: (1) bilinear:

and is

With e (u)^a,v^b)＝e(uv)^ab. (2) Non-degradability: e (g, g) ≠ 1. (3) Calculability: e can be obtained by efficient calculation.

The internet of things (IOT) technology allows medical devices in a wireless medical sensor network to be connected to the internet, which brings great convenience to daily health monitoring and diagnosis of patients and the elderly. Since the patient's medical information is very sensitive, it needs to be encrypted before transmission and storage. The invention provides a cross-domain medical cloud storage system supporting emergency access control and safe deduplication, which supports data sharing and access of cross-medical domains. In the encryption phase, the invention encrypts the medical document using a cross-domain access policy so that medical personnel from different medical domains can access it. Emergency situations may occur in medical applications, for example, a patient suddenly falls down and needs emergency rescue. To address emergency situations, the present invention provides a password-based emergency access mechanism that can decrypt any encrypted medical documents of a patient to save the patient's life. In addition, the invention adopts a safe deduplication mechanism to delete redundant ciphertext containing the same message, thereby saving storage space and transmission overhead.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks

Instructions which execute on the programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (7)

1. A cross-domain medical cloud storage system supporting emergency access control and safe duplicate removal is characterized by comprising a key generation center, a medical institution and a public cloud;

the key generation center is used for generating public parameters and a main private key of the cross-domain medical cloud storage system, detecting the medical quality of the medical institution and generating a public key/private key for the medical institution;

the medical institution distributes an attribute set according to the characteristics of the user, generates an attribute key, and executes storage and calculation service for the user through a private cloud;

the public cloud is used for storing medical documents of patients of different medical institutions and responding to data access inquiry;

the patient acquires medical service through a medical institution, sets a password and an emergency access key based on the password, and informs an emergency contact of the password; the patient appoints an access strategy and an emergency access key to encrypt medical documents of the patient and then store the medical documents to the public cloud; the emergency contact list is managed by a private cloud of the medical institution;

the method comprises the steps that a user registers in a medical institution to obtain an anonymous identity and an attribute key, obtains a corresponding proxy key according to the anonymous identity and the attribute key and sends the proxy key to a public cloud, the public cloud generates a part of ciphertext of an encrypted medical document according to the proxy key, and the user obtains a plaintext of the encrypted medical document according to the attribute key and the part of ciphertext;

the emergency contact acquires the emergency access key by using the password to decrypt the encrypted medical document of the patient;

the public cloud interacts with a private cloud of the medical institution, and performs a security deduplication operation to eliminate a copy of the encrypted medical document;

wherein the key generation center inputs a security parameter 1^κGenerating public parameters and a main private key of the system by using a GlobalSetup algorithm, which comprises the following specific steps:

GlobalSetup(1^κ) → (PP, MSK): key generation centric randomly selected hash function

Secure symmetric encryption/decryption algorithm SEnc/SDec and symmetric key space

The key generation center then selects a cyclic group

Generating element of

And random number

Calculating Y ═ e (g)₁,g₂)^ηWhere e denotes bilinear pairwise arithmetic, and a common parameter PP ═ g, g is set₁,g₂,g₃,Y,H₁,H₂SEnc/SDec), setting a main private key MSK as eta; wherein,

p is a prime number,

represents from

Selecting a random value eta;

when the ith medical institution registers to the cross-domain medical cloud storage system, the key generation center checks the medical quality of the ith medical institution; if qualified, the key generation center assigns an identity MI to the facility_iAnd generates a public key PK therefor_iAnd a private key SK_iCross-domain medical cloud storage system public PK_iSK is transmitted via a secure channel_iTo medical institutions MI_iThe method comprises the following steps:

KeyGen.MI(MI_i,MSK)→(PK_i,SK_i): key generation center random selection

Based on the master private key MSK and the identity MI of the medical institution_iIs calculated to obtain

MI_iPublic key PK_i：

MI_iPrivate key SK_i：

K_i,2＝β_i,

MI_iIs PK_i＝(pk_i,1,pk_i,2) The private key is SK_i＝(K_i,1,K_i,2,K_i,3,K_i,4,K_i,5)。

2. The cross-domain medical cloud storage system supporting emergency access control and security deduplication as claimed in claim 1, wherein when jth user U is present_i,jTo medical institutions MI_iDuring registration, the medical institution verifies the identity of the user U_i,jDistributing anonymous identities

And hide its true identity, depending on the user identity, MI_iAssigning a set of attribute collections

To characterize the user and for anonymous identity PID_i,jUser generated attribute key SK_i,jThe method comprises the following steps:

medical institution MI_iRandom selection

Setting v_i,j＝v_i+v'_i,jCalculating the user's attribute key SK_i,j：

sk_i,j,3＝g^t，

U_i,jThe attribute key of (A) is

Wherein

To represent

The number of attributes of the user.

3. The cross-domain medical cloud storage system supporting emergency access control and secure deduplication as claimed in claim 2System, characterized in that a random number is selected

PID based on user anonymous identity_i,jAnd attribute key SK_i,jComputing proxy key DK_i,jAnd sending to the public cloud, calculating as follows:

DK₃＝(sk_i,j,3)^τ＝(g^t)^τ

the user's proxy key is

4. The cross-domain medical cloud storage system supporting emergency access control and security deduplication as claimed in claim 1, wherein the emergency access key generation manner is:

the patient sets a password pw_i,jAnd emergency access key BGK based on the password_i,jUsing the password pw_i,jGenerating an emergency access key, BGK_i,jAuxiliary information (BGK)_i,j,1,BGK_i,j,2) BGK_i,j,1Sending the BGK to public cloud_i,j,2To medical institutions MI_iPrivate cloud, emergency contact utilizes password pw_i,jAnd auxiliary information (BGK)_i,j,1,BGK_i,j,2) Recovering to obtain BGK (emergency access key)_i,j(ii) a The concrete implementation is as follows: BGK (PID)_i,j,pw_i,j)→(BGK_i,j,1,BGK_i,j,2): random selection

Ψ,Ψ₁∈_RG, setting a BGK (emergency access key)_i,jΨ, PID based on the anonymous identity of the patient_i,jAnd password pw_i,jAnd (3) calculating:

5. the cross-domain medical cloud storage system supporting emergency access control and security deduplication of claim 4, wherein the emergency contact is MI with a public cloud and a medical institution_iInteracts according to the anonymous identity PID of the patient_i,jPassword pw_i,jAnd auxiliary information BGK_i,j,1,BGK_i,j,2Obtaining an emergency access key BGK_i,jThe specific process is as follows: extract.BGK (PID)_i,j,pw_i,j,BGK_i,j,1,BGK_i,j,2)→BGK_i,j: tighten upSelection of random number for emergency contact

Computing

And sends it to the public cloud and medical institution MI_i(ii) a Public cloud selection of random numbers

Computing

And transmits it to the medical structure MI_i(ii) a Medical institution MI_iSelecting random numbers

Computing

And send it to the public cloud; public cloud computing

And will be (A)₁,W₁) Sending the information to an emergency contact; medical institution MI_iComputing

And will be (A)₂,W₂) Sending the information to an emergency contact; by calculating BGK_i,j＝Ψ＝(W₁·W₂)·(A₁·A₂)^ξAn emergency access key is obtained.

6. The cross-domain medical cloud storage system supporting emergency access control and security deduplication as claimed in claim 1, wherein the patient-specified access policy and emergency access key encrypt their medical documents in a manner that: patient history in encrypted medical document MIn-flight embedded access policy

Access policy based on medical document M

Medical institution MI_iPublic key PK_iAnonymous identity of the patient PID_i,jAnd emergency access key BGK_i,jObtaining the ciphertext CT and the transformation key TK_i,jAnd the proof information pf is specifically realized as:

ρ will matrix

Is mapped to the medical institution, delta is the matrix

The row vector of (a) is mapped to an attribute,

is that

The x-th row of (a),

the expression is given by taking a matrix of l × n, the number of rows is l, the number of columns is n, and each element in the matrix is selected from

Is selected from, wherein

Represents the set 0,1, …, p-1;

patient random selection

Let v be (z, v)₂,...v_n)^T，w＝(0,w₂,...,w_n)^TLet us order

λ_xAnd w_xRespectively represent

Z and 0, sign<,>Computing a transformation key by performing an inner product operation

The patient is

X in each row of the random selection

Representing a positive integer, and setting a document number for the medical document M

Computing the elements of the ciphertext CT:

Υ＝H₂(Ψ,PID_i,j,FID)，

C₀＝Υ·Y^z＝Υ·e(g₁,g₂)^η·z,

wherein

After M represents

The number of the 0 s is 0,

presentation element PK_ρ(x),1T of_xThe power; ρ (x) represents the mapping of the access control function ρ to the input element x; alpha is alpha_ρ(x) Denotes an alpha element, beta, corresponding to ρ (x)_ρ(x)Denotes β elements corresponding to ρ (x), δ (x) denotes an access control function δ mapping an input element x, Ψ denotes an emergency access key, and CT ═ C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l]) (ii) a Where x ∈ [ l ]]Denotes that x is more than or equal to 1 and l is a matrix

The number of rows of (c);

random selection

Calculating the CT certification information pf:

D₂＝g^s，

θ＝H₁(C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l],D₁,D₂,D₃,B₁,B₂)，D₄＝r₁-θ·H₁(M)，

D₅＝r₂-θ·H₁(γ), confirmation information pf ═ D (D)₁,D₂,D₃,D₄,D₅θ), patient handle (PID)_i,jFID, CT, pf) to the public cloud, and the TK for the key conversion_i,jTo medical institutions MI_iAnd the proof information pf is used for enabling the public cloud to distinguish different ciphertexts encrypted by the same plaintext information.

7. The cross-domain medical cloud storage system supporting emergency access control and secure deduplication of claim 6, wherein secure deduplication operations comprise:

the method comprises the following steps: and detecting whether the ciphertext is valid:

ValidityTest (CT, pf) → 1/0: and calculating by the public cloud according to the ciphertext CT and the proof information pf:

θ'＝H₁(C_M,C_-1,C₀,{C_1,x,C_2,x,C_3,x,C_4,x}_x∈[l],D₁,D₂,D₃,B₁',B₂')

verifying whether the equation theta' is true or not, if true, outputting 1 to indicate that the ciphertext is valid, and otherwise, outputting 0 to indicate that the ciphertext is invalid;

step two: detecting whether the ciphertext contains the same medical document:

MsgTest(pf₁,pf₂) → 1/0: let pf₁＝(D₁,D₂,D₃,D₄,D₅,θ)，pf₂＝(D₁',D₂',D₃',D₄',D₅',θ')，D₁',D₂',D₃',D₄',D₅' indicating a proof message pf₂The first 5 elements in the public cloud according to the certification information pf of the ciphertext₁And pf₂Verification of equation e (D)₁,D₂')＝e(D₁',D₂) If yes, outputting 1 to show that the two ciphertexts are in the same plaintext encryption form, otherwise outputting 0;

step three: re-encrypting the ciphertext using the combined access policy, such that a user having access to the original ciphertext may also access the encrypted data:

assume that the ciphertext and corresponding access policy are

Medical institution MI_iDeriving a combined access policy

And using combined access policies

Re-encrypting the ciphertext to generate a new ciphertext CT', bundle (CT)₁,...,CT_m) The cipher text with the minimum number of the middle document is marked as CT, and the CT is made to be CT₁，FID＝FID₁：FID₁A representation of the identifier of the document,

medical institution MI_iPID based on anonymous identity of patient_i,jTK for converting secret key_i,jCiphertext CT and combined access strategy

Computing a new ciphertext CT', wherein

Representing a matrix of l '× n', with the number of rows l ', the number of columns n', and each element in the matrix from

Is selected from, wherein

Represents the set 0,1, …, p-1;

ρ' will

Is mapped to the medical institution, δ' will

The row of (a) is mapped to an attribute,

to represent

The x-th row of (a),

random selection

Let v ═ z ', v'₂,...v'_n)^T，w'＝(0,w'₂,...,w'_n)^TWherein

Order to

λ'_xAnd w'_xRespectively represent

Z and 0 fraction corresponding to the x-th row of (1), medical institution MI_iIs composed of

X in each row of the random selection

And calculates ciphertext CT '═ C'_M,C'_-1,C'₀,{C'_1,x,C'_2,x,C'_3,x,C'_4,x}_x∈[l])：

C'_M＝C_M,

Due to the fact that

To obtain

Using a transfer key TK_i,jCalculating element C'_1,x：

Images