CN110727737A - Intelligent medical data storage method based on multi-level block chain system architecture - Google Patents

Intelligent medical data storage method based on multi-level block chain system architecture Download PDF

Info

Publication number
CN110727737A
CN110727737A CN201911037847.6A CN201911037847A CN110727737A CN 110727737 A CN110727737 A CN 110727737A CN 201911037847 A CN201911037847 A CN 201911037847A CN 110727737 A CN110727737 A CN 110727737A
Authority
CN
China
Prior art keywords
node
block chain
transaction
user
medical data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911037847.6A
Other languages
Chinese (zh)
Other versions
CN110727737B (en
Inventor
黄海平
朱鹏
肖甫
沙乐天
孙翔
陈龙
马子洋
戴铭俞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201911037847.6A priority Critical patent/CN110727737B/en
Publication of CN110727737A publication Critical patent/CN110727737A/en
Application granted granted Critical
Publication of CN110727737B publication Critical patent/CN110727737B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/29Geographical information databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Abstract

The intelligent medical data storage method based on the multilevel block chain system architecture abandons the existing single-chain or double-layer block chain system design, and provides a multilevel block chain system architecture based on a Hyperridge Fabric platform to solve the storage problem of medical data, thereby realizing the efficient management of large-scale medical data and greatly improving the efficiency and expandability of the system. Meanwhile, the invention adopts a double-key encryption system combining public key encryption and symmetric encryption, realizes the storage and sharing of medical data under the condition of protecting the privacy of patients, and provides great convenience for medical institutions, patients and scientific research institutions.

Description

Intelligent medical data storage method based on multi-level block chain system architecture
Technical Field
The invention provides an intelligent medical data storage method based on a multi-level block chain system architecture, belongs to the technical field of block chains, and particularly relates to the technical fields of data security, trusted storage, data sharing and the like.
Background
In the field of medical data, efficient storage and secure sharing of medical data have been a difficulty, and patients, doctors and researchers have strict limitations in accessing and sharing medical data. Although widespread use of centralized electronic Medical records emr (electronic Medical records) brings great convenience to the Medical field, with the development of society, the centralized electronic Medical records have failed to meet the requirement of large-scale Medical data storage and sharing because the Medical data of patients are difficult to interact, the operability is poor, the coordinated management is difficult, and the shared Medical data is often leaked due to resale of some staff without professional morality, thereby causing further loss to patients. Obviously, such centralized management and decentralized data storage are not the best choice for medical data storage and sharing.
A blockchain technology emerging in recent years becomes a feasible method for solving large-scale medical data storage and sharing, the blockchain technology is firstly proposed by a white paper Bitcoin A Peer-to-Peer electronic case System published in 2008 by Satoshi Nakamoto, and integrates the technologies of cryptography, game theory, P2P network, consensus mechanism and the like, the core is to adopt a chain data structure to ensure that data cannot be falsified, establish trust through the consensus mechanism, ensure transaction safety by utilizing the cryptography technology, have the characteristics of decentralization, high trust, high fault tolerance, incapability of falsification and the like, and have important application values in the fields of finance, supply chain, notarization, digital copyright, medical treatment and intelligent manufacturing. At present, a lot of intensive research is carried out at home and abroad on the application field of a block chain in the medical industry, for example, Media Lab of the massachusetts institute of technology proposes a MedRec framework based on the block chain, realizes decentralized integration of medical data across medical organizations, and realizes protection of private data of patients through intelligent contracts, but the MedRec uses a PoW consensus mechanism, and the computational cost required for maintaining the consistency of the block chain is too large.
The blockchain medical system related to the above is not very high in operation efficiency and expandability due to the lag of the adopted blockchain architecture and the improper selection of the consensus mechanism, and cannot meet the requirements of the blockchain system on transaction processing capability, safety supervision, privacy protection and the like.
Disclosure of Invention
The invention provides an intelligent medical data storage method based on a multilevel block chain system architecture based on a Hyperhedger Fabric platform. Meanwhile, the invention adopts a double-key encryption system combining public key encryption and symmetric encryption, realizes the sharing of medical data under the condition of protecting the privacy of patients, and provides great convenience for medical institutions, patients and scientific research institutions.
The intelligent medical data storage method based on the multilevel block chain system architecture comprises the following contents:
step 1, firstly, medical institutions are segmented and layered according to geographical positions of 34 provinces of a country to form a multi-level block chain system architecture similar to a domain name server or the Internet, the medical institutions of the provinces correspond to leaf block chains of the multi-level block chain system architecture one by one, each leaf block chain corresponds to one block chain sub-chain, a local block chain node is used for maintaining, updating and sharing transactions, and the leaf block chains store local medical data in parallel;
step 2, registering the medical institution of each province in a Fabric-ca, endowing different authorities to the Fabric-ca according to the roles of the participating nodes in the whole system, issuing digital certificates to users, generating necessary public information, and binding the Fabric-ca to a local block chain;
step 3, distributing nodes including a main node, an endorsement node, a submission node and a sequencing node for the authenticated user according to the registration certificate E-Cert of the authenticated user, adding the nodes into a local medical data block chain and the local block chain consisting of a plurality of medical institutions, and jointly verifying, maintaining and updating the medical data on the block chain and ensuring the independence of the data;
step 4, when the sequencing node group of the leaf block chain receives update applications submitted from different clients, the leaf block chain sequences the submitted update applications by adopting a PBFT consensus algorithm, and packs the transaction applications into blocks after sequencing is completed;
step 5, only the hash value of the encrypted medical data is stored in the block chain of the multi-level system architecture, so that medical institutions in various regions need to store original medical data by adopting a traditional cloud storage server, and the medical data can be stored under the chain;
step 6, according to the previous division of the geographical position of the medical institution, the data storage process of the medical institution in other regions is consistent with the steps, the leaf block chains of all regions work in parallel without mutual interference, but at the same time, the leaf block chain verification nodes submit transaction summary information to the father block chain verification node thereof in sequence until reaching the root block chain, thereby forming a multi-level block chain system;
step 7, when a user needs to access own medical data or an authorized user needs to access the medical data, the user authorized to access the transaction data uses own TCert-skxDecrypting the symmetric encryption key to obtain the symmetric encryption keyThe encrypted transaction data can be decrypted to obtain the medical data of the user.
Further, the step 2 is specifically realized by the following steps:
step 2-1, a user to be authenticated firstly submits an id capable of proving the uniqueness of the identity to a Fabric-ca-server, and a credible authentication center distributes a key pair (sk) for the authenticated user through an ECC algorithm based on the discrete logarithm calculation problem (ECDLP) on an elliptic curvex, vkx) Wherein skxIs a private key, vkxThe certificate is a public key and issues a certificate TLS-CA Cert containing a user name and the public key, wherein the certificate is held by a user for a long time and is mainly used for secure socket protocol/secure transport protocol (SSL/TLS) communication;
step 2-2, the user to be authenticated submits a registration request to a Fabric Member Service Provider (MSP) (Membership Service provider) through a Fabric-ca-client, the MSP verifies according to a user name and a password submitted by the user, and returns a registration certificate E-Cert (Enrolment Cert) and a transaction certificate T-Cert (transaction Cert) to the user after the verification, wherein the E-Cert is used for identity authentication and is held by the user for a long time, carries or can trace user information, and the T-Cert is used for signing each transaction;
and 2-3, recording the registration certificate E-Cert, the transaction certificate T-Cert and the certificate TLS-CA Cert containing the user name and the public key of the user who obtains the authentication into a local database for standby.
Further, the step 3 is specifically realized by the following steps:
step 3-1, when the medical institution needs to store medical data onto the leaf sub-block chain, informing the patient to encrypt the transaction data using a symmetric encryption key (AES-GMN) generated for the transaction, and then the patient's doctor granting access to the transaction data uses the public key TCert-vkxEncrypting the symmetric key, whereby the transaction includes the encrypted medical data and the encrypted symmetric key;
step 3-2, the medical institution collects medical data submitted by a patient, uses the T-Cert of the medical institution to carry out digital signature, generates a transaction from a client and submits the transaction to an endorsement node, the endorsement node receives the transaction of the client and then carries out simulation and generates read-write sets RWSets, and after the simulation and execution are completed, the endorsement node returns the read-write sets RWSets to the client with the digital signature of the endorsement node;
step 3-3, the client collects read-write sets RWSets which are digitally signed by different endorsement nodes, when the endorsement policy specified in advance is met, the client puts forward an update application to the sequencing node cluster, and the sequencing node cluster verifies the digital signatures of the endorsement nodes;
3-4, if no problem exists in the verification, sequencing the update applications by the endorsement node by adopting a PBFT consensus mechanism, packaging the sequenced transactions in a block by the sequencing node, carrying out digital signature, and sending the block to the submission node;
step 3-5, submitting the digital signature of the transaction endorsement node in the verification block according to the strategy, checking whether the RWSets are effective on the current data state, if the RWSets are effective, updating the world state WorldState of the data in the block chain account book, keeping the world state WorldState on the Fabric account book, if the transaction is invalid, keeping the transaction on the Fabric account book, and not updating the world state WorldState of the data at the moment;
and 3-6, no matter whether the block can be added into the block chain or not, after the verification is finished, submitting the node and needing to send a notice to the client, and notifying the node in each block chain to update the block chain.
Further, the step 4 is specifically realized by the following steps:
step 4-1, calculating and selecting a main node through a formula p = v mod | R |, sending request operation information to the main node by a client, storing the information after the main node receives the request operation information and checks the request operation information correctly, generating a pre-preparation message according to the request operation information, and broadcasting the pre-preparation message to each backup node;
step 4-2, after each backup node receives the pre-preparation message and checks the pre-preparation message correctly, the pre-preparation message is stored, and a preparation message is generated and broadcasted to the main node and other backup nodes according to the pre-preparation message;
4-3, after each node storing the copy receives the preparation message and checks the message correctly, storing the message, and generating a submission message to the client, the main node and other backup nodes according to the preparation message;
step 4-4, after the nodes storing the copies receive (2n +1)/3 submission messages and verify the submission, executing the operation in the request operation message from the client, wherein the condition that each copy receives the confirmation message is as follows:
(1) the signature is correct;
(2) the view number of the message is consistent with the current view number of the node;
(3) the sequence number n of the message satisfies the waterline condition, between H and H.
And 4-5, the client receives (n +2)/3 submitted messages, and after the messages are verified to be correct and accepted, the messages are considered to be accepted and executed by the sequencing node cluster.
Further, the step 6 is specifically realized by the following steps:
step 6-1, the local medical institution submits medical data to a leaf block chain, the leaf block chain verification node records the data or verifies transactions, the sequencing node uses a PBFT mechanism to sequence, a plurality of transactions are packaged into a block, and the head of the block is signed by the verification node;
step 6-2, when the leaf block chain generates a certain number of blocks, submitting the block head and the digital signature generated by the leaf block chain to a father block chain as the transaction of the father chain, verifying the signature by a father chain verification node, recording the signature in a new block of the father chain if the signature is a rule, and jointly signing the block head by the father chain verification node;
and 6-3, continuing to submit the signed block head to the upper layer, and performing the same processing until the signed block head is uploaded to the root block chain, thereby forming a multi-level block chain system architecture.
The invention has the beneficial effects that:
1. by using a block chain technology, the problem of 'single point failure' possibly occurring in centralized storage of medical data is solved, and decentralized storage and distributed sharing of the medical data are realized by a distributed solution;
2. the multi-level blockchain system architecture abandons the existing single-chain or double-layer blockchain system design, realizes the efficient management of large-scale medical data, and greatly improves the efficiency and expandability of the system;
3. the method adopts cryptography methods such as a double-key encryption system combining public key encryption and symmetric encryption to protect personal identity privacy and data privacy, realizes storage and sharing of medical data under the condition of protecting patient privacy, and provides great convenience for medical institutions, patients and scientific research institutions;
4. the leaf block chain adopts a PBFT consensus mechanism, reduces the system overhead, improves the consensus efficiency, has high consistency and accuracy of consensus results, and achieves quick consensus time.
Drawings
FIG. 1 is a diagram illustrating a multi-level blockchain architecture according to an embodiment of the present invention.
Fig. 2 is a block structure diagram according to an embodiment of the invention.
FIG. 3 is a flowchart illustrating the operation of the multi-level blockchain system according to the embodiment of the present invention.
FIG. 4 is a diagram illustrating a transaction encryption/decryption process according to an embodiment of the present invention.
Detailed Description
The technical method of the present invention is further described in detail with reference to the accompanying drawings.
The present invention relates to the following technical terms and constraints.
Fabric: fabric is a core project of hyper-leader, is essentially a distributed shared account book, adopts a modular architecture in design, and has the advantages that components can be flexibly configured according to needs, and can be inserted and used, and the Fabric comprises five core modules:
(1) the peer node module comprises a main node, an endorsement node, a submission node, a sequencing node and is responsible for storing block data, operating and maintaining chain codes, providing an external service interface and the like;
(2) the cryptogen module is responsible for generating a certificate file related to an organization structure and an account;
(3) the configxgen module is responsible for generating an initialization file of the sequencing node and generating a transaction;
(4) and the configxlator module is responsible for block analysis and transaction analysis.
Fabric-ca: the Fabric-ca certificate authority is an open source project initiated specially for solving the problem of Fabric account number, and consists of a Fabric-ca-server and a Fabric-ca-client. Functions are provided for issuing a registration certificate for a user, updating and revoking the certificate, connecting to LDAP as a user registry, and the like. A Fabric-ca-server may contain multiple Fabric-cas, each Fabric-ca being either a root Fabric-ca or an intermediate Fabric-ca.
MSP: the MSP (member Service provider) is a pluggable interface, which is used to support various authentication architectures, and the MSP provides the functions of user certificate verification, user certificate revocation, signature generation and verification, etc. The MSP is truly initialized by the Fabric-ca used to generate certificates and keys, which is the default implementation of the MSP interface for identity management, i.e. the MSP is only one interface, which is an implementation of the MSP interface.
RWSets: after the endorsement node simulates and executes the transaction submitted by the client, a Read-Write Set RWSets is generated for the transaction and returned to the client, wherein the Read Set comprises a list of the unique Key Read during the simulation execution of the transaction and the submitted version thereof, and the Write Set comprises a Key value, a written new value and a delete mark. Further, if Transaction is a key write-many value, only the last written value is retained.
WorldState: the world state WorldState represents the current values of all the account book states, and when a user needs to access the current state values of the account book, the user does not need to traverse the whole block chain to calculate the current state values of the account book, but can directly obtain the current state values from WorldState. Physically, WorldState is realized through a database, and operations such as storing, accessing and deleting states are performed on data by adopting a Key-Value method.
Merkle tree: the Merkle hash tree is a type of binary or multi-way tree based on hash values, the values of leaf nodes of which are typically hash values of data blocks, and the values of non-leaf nodes are hash values of the combined result of all child nodes of the node. All transaction data generate a unique Merkle tree root value based on the Hash process of the Merkle tree and are stored in the block head, the Merkle tree is usually used for integrity verification processing, and particularly when the verification is carried out in a distributed environment, the operation efficiency and expansibility of inquiring and verifying transaction information are greatly improved by the memory structure of the Merkle tree. SPV verification employed by lightweight nodes of bitcoin takes advantage of the Merkle tree.
The intelligent medical data storage method based on the multilevel block chain system architecture comprises the following contents:
step 1, firstly, medical institutions are segmented and layered according to geographical positions of 34 provinces of a country to form a multi-level blockchain system architecture similar to a domain name server or the Internet, the medical institutions of the provinces correspond to leaf blockchains of the multi-level blockchain system architecture one by one, each leaf blockchain corresponds to one blockchain sub-chain, transactions are carried out by taking charge of maintenance, updating and sharing through local blockchain nodes, and local medical data are stored in parallel in the leaf blockchains.
And 2, registering the medical institution of each province in the Fabric-ca respectively, endowing different authorities to the Fabric-ca according to the roles of the participating nodes in the whole system, issuing digital certificates to users, generating necessary public information, and binding the Fabric-ca to a local block chain.
The step 2 is realized by the following steps:
step 2-1, a user to be authenticated firstly submits an id capable of proving the uniqueness of the identity to a Fabric-ca-server, and a credible authentication center distributes a key pair (sk) for the authenticated user through an ECC algorithm based on the discrete logarithm calculation problem (ECDLP) on an elliptic curvex, vkx) Wherein skxIs a private key, vkxIs a public key and issues a certificate TLS-CA Cert containing user name and public key, which is held by user for a long time and is mainly used for secure socket protocol/secure transmission protocol(SSL/TLS) communication.
Step 2-2, the user to be authenticated submits a registration request to a member Service provider MSP (Membership Service provider) of the Fabric through the Fabric-ca-client, the MSP verifies according to a user name and a password submitted by the user, and returns a registration certificate E-Cert (Enrolment Cert) and a transaction certificate T-Cert (transaction Cert) to the user after the verification is passed, wherein the E-Cert is used for identity authentication and is held by the user for a long time, carries or can trace user information, and the T-Cert is used for signing each transaction.
And 2-3, recording the registration certificate E-Cert, the transaction certificate T-Cert and the certificate TLS-CA Cert containing the user name and the public key of the user who obtains the authentication into a local database for standby.
And 3, distributing nodes including a main node, an endorsement node, a submission node and a sequencing node for the authenticated user according to the registration certificate E-Cert of the authenticated user, adding the nodes into a local medical data block chain and the local block chain consisting of a plurality of medical institutions, and jointly verifying, maintaining and updating the medical data on the block chain and ensuring the independence of the data.
The step 3 is realized by the following steps:
step 3-1, when the medical institution needs to store medical data onto the leaf sub-block chain, informing the patient to encrypt the transaction data using a symmetric encryption key (AES-GMN) generated for the transaction, and then the patient's doctor granting access to the transaction data uses the public key TCert-vkxThe symmetric key is encrypted, so the transaction includes the encrypted medical data and the encrypted symmetric key.
And 3-2, the medical institution collects medical data submitted by the patient, uses the T-Cert of the medical institution to carry out digital signature, generates a transaction from the client and submits the transaction to the endorsement node, the endorsement node receives the transaction of the client and then carries out simulation and generates read-write sets RWSets, and after the simulation and execution are completed, the endorsement node returns the read-write sets RWSets to the client with the digital signature of the endorsement node.
And 3-3, collecting read-write sets RWSets subjected to digital signature by the client from different endorsement nodes, and when a preset endorsement strategy is met, proposing an updating application to the sequencing node cluster by the client, and verifying the digital signature of the endorsement nodes by the sequencing node cluster.
And 3-4, if no problem exists in the verification, sequencing the update applications by the endorsement node by adopting a PBFT consensus mechanism, packaging the sequenced transactions in a block by the sequencing node, carrying out digital signature, and sending the block to the submission node.
And 3-5, the submitting node verifies the digital signature of the transaction endorsement node in the block according to the strategy, and checks whether the RWSets are effective on the current data state, if the RWSets are effective, the world state WorldState of the data in the block chain account book is updated and is kept on the Fabric account book, if the transaction is invalid, the transaction is also kept on the Fabric account book, but the world state WorldState of the data is not updated at the moment.
And 3-6, no matter whether the block can be added into the block chain or not, after the verification is finished, submitting the node and needing to send a notice to the client, and notifying the node in each block chain to update the block chain.
And 4, when the sequencing node group of the leaf block chain receives the update applications submitted from different clients, sequencing the submitted update applications by the leaf block chain by adopting a PBFT consensus algorithm, and packaging the transaction applications into blocks after sequencing is completed.
The step 4 is realized by the following steps:
and 4-1, calculating and selecting a main node according to a formula p = v mod | R |, sending request operation information to the main node by the client, storing the information after the main node receives the request operation information and checks the request operation information correctly, generating a pre-preparation message according to the request operation information, and broadcasting the pre-preparation message to each backup node.
And 4-2, after each backup node receives the pre-preparation message and checks the pre-preparation message correctly, storing the message, generating a preparation message according to the pre-preparation message and broadcasting the preparation message to the main node and other backup nodes.
And 4-3, after each node for storing the copy receives the preparation message and checks the preparation message correctly, storing the message, and generating a submission message to the client, the main node and other backup nodes according to the preparation message.
Step 4-4, after the nodes storing the copies receive (2n +1)/3 submission messages and verify the submission, executing the operation in the request operation message from the client, wherein the condition that each copy receives the confirmation message is as follows:
(1) the signature is correct;
(2) the view number of the message is consistent with the current view number of the node;
(3) the sequence number n of the message satisfies the waterline condition, between H and H.
And 4-5, the client receives (n +2)/3 submitted messages, and after the messages are verified to be correct and accepted, the messages are considered to be accepted and executed by the sequencing node cluster.
And 5, only storing the encrypted hash value of the medical data in the block chain of the multi-level system architecture, so that medical institutions in various regions need to store the original medical data by adopting a traditional cloud storage server to realize the down-chain storage of the medical data.
And 6, according to the previous division of the geographical position of the medical institution, the data storage process of the medical institution in other regions is consistent with the steps, the leaf block chains of all regions work in parallel without mutual interference, and meanwhile, the leaf block chain verification nodes submit transaction summary information to the father block chain verification node of the leaf block chain verification node in sequence until reaching the root block chain, so that a multi-level block chain system is formed.
The step 6 is realized by the following steps:
step 6-1, the local medical institution submits medical data to a leaf block chain, the leaf block chain verification node records the data or verifies transactions, the sequencing node uses a PBFT mechanism to sequence, a plurality of transactions are packaged into a block, and the head of the block is signed by the verification node.
And 6-2, generating a certain number of blocks every time the leaf block chain generates, submitting the block head and the digital signature generated by the leaf block chain to a father block chain to be used as the transaction of the father chain, verifying the signature by a father chain verification node, recording the signature in a new block of the father chain if the signature is combined, and jointly signing the block head by the father chain verification node.
And 6-3, continuing to submit the signed block head to the upper layer, and performing the same processing until the signed block head is uploaded to the root block chain, thereby forming a multi-level block chain system architecture.
Step 7, when a user needs to access own medical data or an authorized user needs to access the medical data, the user authorized to access the transaction data uses own TCert-skxAnd decrypting the symmetric encryption key to obtain the symmetric key, and then decrypting the encrypted transaction data to obtain the medical data of the user.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.

Claims (5)

1. The intelligent medical data storage method based on the multilevel block chain system architecture is characterized by comprising the following contents:
step 1, firstly, medical institutions are segmented and layered according to geographical positions of 34 provinces of a country to form a multi-level block chain system architecture similar to a domain name server or the Internet, the medical institutions of the provinces correspond to leaf block chains of the multi-level block chain system architecture one by one, each leaf block chain corresponds to one block chain sub-chain, a local block chain node is used for maintaining, updating and sharing transactions, and the leaf block chains store local medical data in parallel;
step 2, registering the medical institution of each province in a Fabric-ca, endowing different authorities to the Fabric-ca according to the roles of the participating nodes in the whole system, issuing digital certificates to users, generating necessary public information, and binding the Fabric-ca to a local block chain;
step 3, distributing nodes including a main node, an endorsement node, a submission node and a sequencing node for the authenticated user according to the registration certificate E-Cert of the authenticated user, adding the nodes into a local medical data block chain and the local block chain consisting of a plurality of medical institutions, and jointly verifying, maintaining and updating the medical data on the block chain and ensuring the independence of the data;
step 4, when the sequencing node group of the leaf block chain receives update applications submitted from different clients, the leaf block chain sequences the submitted update applications by adopting a PBFT consensus algorithm, and packs the transaction applications into blocks after sequencing is completed;
step 5, only the hash value of the encrypted medical data is stored in the block chain of the multi-level system architecture, so that medical institutions in various regions need to store original medical data by adopting a traditional cloud storage server, and the medical data can be stored under the chain;
step 6, according to the previous division of the geographical position of the medical institution, the data storage process of the medical institution in other regions is consistent with the steps, the leaf block chains of all regions work in parallel without mutual interference, but at the same time, the leaf block chain verification nodes submit transaction summary information to the father block chain verification node thereof in sequence until reaching the root block chain, thereby forming a multi-level block chain system;
step 7, when a user needs to access own medical data or an authorized user needs to access the medical data, the user authorized to access the transaction data uses own TCert-skxAnd decrypting the symmetric encryption key to obtain the symmetric key, and then decrypting the encrypted transaction data to obtain the medical data of the user.
2. The method of claim 1, wherein the method comprises: the step 2 is realized by the following steps:
step 2-1, a user to be authenticated firstly submits an id capable of proving the uniqueness of the identity to a Fabric-ca-server, and a credible authentication center distributes a key pair (sk) for the authenticated user through an ECC algorithm based on the discrete logarithm calculation problem (ECDLP) on an elliptic curvex, vkx) Wherein skxIs the use of a private key, and,vkxthe certificate is a public key and issues a certificate TLS-CA Cert containing a user name and the public key, wherein the certificate is held by a user for a long time and is mainly used for secure socket protocol/secure transport protocol (SSL/TLS) communication;
step 2-2, the user to be authenticated submits a registration request to a Fabric Member Service Provider (MSP) (Membership Service provider) through a Fabric-ca-client, the MSP verifies according to a user name and a password submitted by the user, and returns a registration certificate E-Cert (Enrolment Cert) and a transaction certificate T-Cert (transaction Cert) to the user after the verification, wherein the E-Cert is used for identity authentication and is held by the user for a long time, carries or can trace user information, and the T-Cert is used for signing each transaction;
and 2-3, recording the registration certificate E-Cert, the transaction certificate T-Cert and the certificate TLS-CA Cert containing the user name and the public key of the user who obtains the authentication into a local database for standby.
3. The method of claim 1, wherein the method comprises: the step 3 is realized by the following steps:
step 3-1, when the medical institution needs to store medical data onto the leaf sub-block chain, informing the patient to encrypt the transaction data using a symmetric encryption key (AES-GMN) generated for the transaction, and then the patient's doctor granting access to the transaction data uses the public key TCert-vkxEncrypting the symmetric key, whereby the transaction includes the encrypted medical data and the encrypted symmetric key;
step 3-2, the medical institution collects medical data submitted by a patient, uses the T-Cert of the medical institution to carry out digital signature, generates a transaction from a client and submits the transaction to an endorsement node, the endorsement node receives the transaction of the client and then carries out simulation and generates read-write sets RWSets, and after the simulation and execution are completed, the endorsement node returns the read-write sets RWSets to the client with the digital signature of the endorsement node;
step 3-3, the client collects read-write sets RWSets which are digitally signed by different endorsement nodes, when the endorsement policy specified in advance is met, the client puts forward an update application to the sequencing node cluster, and the sequencing node cluster verifies the digital signatures of the endorsement nodes;
3-4, if no problem exists in the verification, sequencing the update applications by the endorsement node by adopting a PBFT consensus mechanism, packaging the sequenced transactions in a block by the sequencing node, carrying out digital signature, and sending the block to the submission node;
step 3-5, submitting the digital signature of the transaction endorsement node in the verification block according to the strategy, checking whether the RWSets are effective on the current data state, if the RWSets are effective, updating the world state WorldState of the data in the block chain account book, keeping the world state WorldState on the Fabric account book, if the transaction is invalid, keeping the transaction on the Fabric account book, and not updating the world state WorldState of the data at the moment;
and 3-6, no matter whether the block can be added into the block chain or not, after the verification is finished, submitting the node and needing to send a notice to the client, and notifying the node in each block chain to update the block chain.
4. The method of claim 1, wherein the method comprises: the step 4 is realized by the following steps:
step 4-1, calculating and selecting a main node through a formula p = v mod | R |, sending request operation information to the main node by a client, storing the information after the main node receives the request operation information and checks the request operation information correctly, generating a pre-preparation message according to the request operation information, and broadcasting the pre-preparation message to each backup node;
step 4-2, after each backup node receives the pre-preparation message and checks the pre-preparation message correctly, the pre-preparation message is stored, and a preparation message is generated and broadcasted to the main node and other backup nodes according to the pre-preparation message;
4-3, after each node storing the copy receives the preparation message and checks the message correctly, storing the message, and generating a submission message to the client, the main node and other backup nodes according to the preparation message;
step 4-4, after the nodes storing the copies receive (2n +1)/3 submission messages and verify the submission, executing the operation in the request operation message from the client, wherein the condition that each copy receives the confirmation message is as follows:
(1) the signature is correct;
(2) the view number of the message is consistent with the current view number of the node;
(3) the serial number n of the message meets the waterline condition and is between H and H;
and 4-5, the client receives (n +2)/3 submitted messages, and after the messages are verified to be correct and accepted, the messages are considered to be accepted and executed by the sequencing node cluster.
5. The method of claim 1, wherein the method comprises: the step 6 is realized by the following steps:
step 6-1, the local medical institution submits medical data to a leaf block chain, the leaf block chain verification node records the data or verifies transactions, the sequencing node uses a PBFT mechanism to sequence, a plurality of transactions are packaged into a block, and the head of the block is signed by the verification node;
step 6-2, when the leaf block chain generates a certain number of blocks, submitting the block head and the digital signature generated by the leaf block chain to a father block chain as the transaction of the father chain, verifying the signature by a father chain verification node, recording the signature in a new block of the father chain if the signature is a rule, and jointly signing the block head by the father chain verification node;
and 6-3, continuing to submit the signed block head to the upper layer, and performing the same processing until the signed block head is uploaded to the root block chain, thereby forming a multi-level block chain system architecture.
CN201911037847.6A 2019-10-29 2019-10-29 Intelligent medical data storage method based on multilevel block chain system architecture Active CN110727737B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911037847.6A CN110727737B (en) 2019-10-29 2019-10-29 Intelligent medical data storage method based on multilevel block chain system architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911037847.6A CN110727737B (en) 2019-10-29 2019-10-29 Intelligent medical data storage method based on multilevel block chain system architecture

Publications (2)

Publication Number Publication Date
CN110727737A true CN110727737A (en) 2020-01-24
CN110727737B CN110727737B (en) 2022-10-18

Family

ID=69222462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911037847.6A Active CN110727737B (en) 2019-10-29 2019-10-29 Intelligent medical data storage method based on multilevel block chain system architecture

Country Status (1)

Country Link
CN (1) CN110727737B (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245861A (en) * 2020-02-07 2020-06-05 上海应用技术大学 Power data storage and sharing method
CN111339086A (en) * 2020-02-18 2020-06-26 腾讯科技(深圳)有限公司 Block processing method, and data query method and device based on block chain
CN111414435A (en) * 2020-05-22 2020-07-14 浙江工商大学 Searchable encryption data cloud storage method based on block chain and homomorphic encryption
CN111459672A (en) * 2020-03-30 2020-07-28 百度国际科技(深圳)有限公司 Transaction processing method, device, equipment and medium based on block chain network
CN111556140A (en) * 2020-04-26 2020-08-18 北京师范大学珠海分校 Multi-layer block chain network architecture and data storage and sharing method thereof
CN111797170A (en) * 2020-07-15 2020-10-20 智博云信息科技(广州)有限公司 Medical data information coordination processing method, device and system
CN111814176A (en) * 2020-05-29 2020-10-23 上海申铁信息工程有限公司 Block chain-based data access authority control method and device
CN111901302A (en) * 2020-06-28 2020-11-06 石家庄铁道大学 Medical information attribute encryption access control method based on block chain
CN112035896A (en) * 2020-07-20 2020-12-04 江苏傲为控股有限公司 Electronic contract deposit certificate system based on transaction mode
CN112134834A (en) * 2020-05-19 2020-12-25 北京天德科技有限公司 Data lake system architecture based on block chain
CN112365347A (en) * 2020-11-12 2021-02-12 杭州卓健信息科技有限公司 Medicine research and development clinical medical data safety sharing system based on block chain
CN112381552A (en) * 2020-11-19 2021-02-19 华南理工大学 Supply chain tracing method based on hierarchical block chain and application
CN112418790A (en) * 2020-11-18 2021-02-26 江苏赞奇科技股份有限公司 Block chain-based high-validity dynamic extension tracing method for service chain
CN112435128A (en) * 2021-01-27 2021-03-02 江苏恒鸿供应链管理有限公司 Supply chain tracing system based on multi-level block chain technology
CN112565289A (en) * 2020-12-21 2021-03-26 北京航空航天大学 System and method for credible issuing and verifying of medical certificate based on block chain
CN112600678A (en) * 2021-03-02 2021-04-02 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
CN112951357A (en) * 2021-03-23 2021-06-11 电子科技大学 Block chain-based virtual medical resource transverse expansion method
CN112988889A (en) * 2021-03-04 2021-06-18 京东数字科技控股股份有限公司 Method, device, equipment and storage medium for realizing block chain service
CN113098890A (en) * 2021-04-15 2021-07-09 深圳市骑换科技有限公司 Network security service guarantee method
CN113380356A (en) * 2021-05-10 2021-09-10 广州零端科技有限公司 Medical examination data recording method, query method and device based on branch chain type tracing
CN113468551A (en) * 2021-05-31 2021-10-01 南京邮电大学 Domestic intelligent electric meter data storage system and method based on alliance block chain
CN113593691A (en) * 2021-10-08 2021-11-02 青岛美迪康数字工程有限公司 Medical data sharing system and method
CN113709197A (en) * 2020-05-21 2021-11-26 顺丰科技有限公司 Alliance block chain organization system and block chain system
CN114979210A (en) * 2022-05-23 2022-08-30 南通大学 Medical data sharing method based on block chain
CN115002111A (en) * 2022-05-23 2022-09-02 北京航空航天大学 Block chain consensus method based on group tree structure
CN114979210B (en) * 2022-05-23 2024-05-07 南通大学 Medical data sharing method based on blockchain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109492419A (en) * 2018-11-27 2019-03-19 众安信息技术服务有限公司 For obtaining the method, apparatus and storage medium of the data in block chain
CN109766673A (en) * 2019-01-18 2019-05-17 四川大学 A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method
CN109871669A (en) * 2019-03-14 2019-06-11 哈尔滨工程大学 A kind of data sharing solution based on block chain technology
CN109949882A (en) * 2018-11-15 2019-06-28 陕西医链区块链集团有限公司 A kind of medical treatment block chain data-storage system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109949882A (en) * 2018-11-15 2019-06-28 陕西医链区块链集团有限公司 A kind of medical treatment block chain data-storage system
CN109492419A (en) * 2018-11-27 2019-03-19 众安信息技术服务有限公司 For obtaining the method, apparatus and storage medium of the data in block chain
CN109766673A (en) * 2019-01-18 2019-05-17 四川大学 A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method
CN109871669A (en) * 2019-03-14 2019-06-11 哈尔滨工程大学 A kind of data sharing solution based on block chain technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨明 等: "基于区块链的医疗数据云存储共享方案", 《 南京信息工程大学学报(自然科学版)》 *

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245861A (en) * 2020-02-07 2020-06-05 上海应用技术大学 Power data storage and sharing method
CN111339086A (en) * 2020-02-18 2020-06-26 腾讯科技(深圳)有限公司 Block processing method, and data query method and device based on block chain
CN111459672B (en) * 2020-03-30 2023-09-29 百度国际科技(深圳)有限公司 Transaction processing method, device, equipment and medium based on block chain network
CN111459672A (en) * 2020-03-30 2020-07-28 百度国际科技(深圳)有限公司 Transaction processing method, device, equipment and medium based on block chain network
CN111556140A (en) * 2020-04-26 2020-08-18 北京师范大学珠海分校 Multi-layer block chain network architecture and data storage and sharing method thereof
CN111556140B (en) * 2020-04-26 2023-05-12 北京师范大学珠海分校 Multi-layer block chain network architecture and data storage and sharing method thereof
CN112134834A (en) * 2020-05-19 2020-12-25 北京天德科技有限公司 Data lake system architecture based on block chain
CN113709197B (en) * 2020-05-21 2024-02-23 顺丰科技有限公司 Alliance block chain organization system and block chain system
CN113709197A (en) * 2020-05-21 2021-11-26 顺丰科技有限公司 Alliance block chain organization system and block chain system
CN111414435A (en) * 2020-05-22 2020-07-14 浙江工商大学 Searchable encryption data cloud storage method based on block chain and homomorphic encryption
CN111814176A (en) * 2020-05-29 2020-10-23 上海申铁信息工程有限公司 Block chain-based data access authority control method and device
CN111901302A (en) * 2020-06-28 2020-11-06 石家庄铁道大学 Medical information attribute encryption access control method based on block chain
CN111797170A (en) * 2020-07-15 2020-10-20 智博云信息科技(广州)有限公司 Medical data information coordination processing method, device and system
CN112035896A (en) * 2020-07-20 2020-12-04 江苏傲为控股有限公司 Electronic contract deposit certificate system based on transaction mode
CN112035896B (en) * 2020-07-20 2024-03-29 傲为有限公司 Electronic contract evidence-storing system based on transaction mode
CN112365347A (en) * 2020-11-12 2021-02-12 杭州卓健信息科技有限公司 Medicine research and development clinical medical data safety sharing system based on block chain
CN112418790A (en) * 2020-11-18 2021-02-26 江苏赞奇科技股份有限公司 Block chain-based high-validity dynamic extension tracing method for service chain
CN112418790B (en) * 2020-11-18 2024-03-26 江苏赞奇科技股份有限公司 Service chain high-effectiveness dynamic expansion traceability method based on block chain
CN112381552A (en) * 2020-11-19 2021-02-19 华南理工大学 Supply chain tracing method based on hierarchical block chain and application
CN112565289A (en) * 2020-12-21 2021-03-26 北京航空航天大学 System and method for credible issuing and verifying of medical certificate based on block chain
CN112565289B (en) * 2020-12-21 2022-06-24 北京航空航天大学 System and method for credible issuing and verifying of medical certificate based on block chain
CN112435128B (en) * 2021-01-27 2021-10-22 江苏恒鸿供应链管理有限公司 Supply chain tracing system based on multi-level block chain technology
CN112435128A (en) * 2021-01-27 2021-03-02 江苏恒鸿供应链管理有限公司 Supply chain tracing system based on multi-level block chain technology
CN112600678A (en) * 2021-03-02 2021-04-02 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
CN112988889A (en) * 2021-03-04 2021-06-18 京东数字科技控股股份有限公司 Method, device, equipment and storage medium for realizing block chain service
CN112988889B (en) * 2021-03-04 2024-02-02 京东科技控股股份有限公司 Method, device, equipment and storage medium for realizing block chain service
CN112951357A (en) * 2021-03-23 2021-06-11 电子科技大学 Block chain-based virtual medical resource transverse expansion method
CN112951357B (en) * 2021-03-23 2023-05-09 电子科技大学 Virtual medical resource lateral expansion method based on blockchain
CN113098890A (en) * 2021-04-15 2021-07-09 深圳市骑换科技有限公司 Network security service guarantee method
CN113098890B (en) * 2021-04-15 2022-05-17 深圳市骑换科技有限公司 Network security service guarantee method
CN113380356A (en) * 2021-05-10 2021-09-10 广州零端科技有限公司 Medical examination data recording method, query method and device based on branch chain type tracing
CN113380356B (en) * 2021-05-10 2024-04-16 广州零端科技有限公司 Branch chain type traceable medical examination data recording method, inquiring method and device
CN113468551A (en) * 2021-05-31 2021-10-01 南京邮电大学 Domestic intelligent electric meter data storage system and method based on alliance block chain
CN113593691A (en) * 2021-10-08 2021-11-02 青岛美迪康数字工程有限公司 Medical data sharing system and method
CN115002111A (en) * 2022-05-23 2022-09-02 北京航空航天大学 Block chain consensus method based on group tree structure
CN114979210A (en) * 2022-05-23 2022-08-30 南通大学 Medical data sharing method based on block chain
CN114979210B (en) * 2022-05-23 2024-05-07 南通大学 Medical data sharing method based on blockchain

Also Published As

Publication number Publication date
CN110727737B (en) 2022-10-18

Similar Documents

Publication Publication Date Title
CN110727737B (en) Intelligent medical data storage method based on multilevel block chain system architecture
US11139951B2 (en) Blockchain system and data processing method for blockchain system
US20210377040A1 (en) Trust and identity management systems and methods
US10673626B2 (en) Threshold secret share authentication proof and secure blockchain voting with hardware security modules
De Oliveira et al. Towards a blockchain-based secure electronic medical record for healthcare applications
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
CN109377198B (en) Signing system based on multi-party consensus of alliance chain
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
Barsoum et al. Provable multicopy dynamic data possession in cloud computing systems
JP6285454B2 (en) Entity network translation (ENT)
US10432394B2 (en) Method and system for sharing encrypted content
TW202125299A (en) Chained structure data storage, verification and implementation method, system and device and medium
JP2021512569A (en) Blockchain data processing method, management side, client side, converter and medium
WO2019080933A1 (en) Block chain transaction privacy protection method and system
US20190295069A1 (en) Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates
CN110149322A (en) A kind of block chain encryption method that irreversible dynamic failure re-examination is rebuild
Zhou et al. EverSSDI: blockchain-based framework for verification, authorisation and recovery of self-sovereign identity using smart contracts
Su et al. A financial data security sharing solution based on blockchain technology and proxy re-encryption technology
US11604888B2 (en) Digital storage and data transport system
Fan et al. Identity Management Security Authentication Based on Blockchain Technologies.
CN115883214A (en) Electronic medical data sharing system and method based on alliance chain and CP-ABE
CN114051031A (en) Encryption communication method, system, equipment and storage medium based on distributed identity
CN114254284B (en) Digital certificate generation and identity authentication method, quantum CA authentication center and system
Tian et al. Fine‐grained assured insertion and deletion scheme based on onion encryption in cloud storage
Osmov et al. On the blockchain-based general-purpose public key infrastructure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant