CN110727737A - Intelligent medical data storage method based on multi-level block chain system architecture - Google Patents
Intelligent medical data storage method based on multi-level block chain system architecture Download PDFInfo
- Publication number
- CN110727737A CN110727737A CN201911037847.6A CN201911037847A CN110727737A CN 110727737 A CN110727737 A CN 110727737A CN 201911037847 A CN201911037847 A CN 201911037847A CN 110727737 A CN110727737 A CN 110727737A
- Authority
- CN
- China
- Prior art keywords
- node
- block chain
- transaction
- user
- medical data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2246—Trees, e.g. B+trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/29—Geographical information databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The intelligent medical data storage method based on the multilevel block chain system architecture abandons the existing single-chain or double-layer block chain system design, and provides a multilevel block chain system architecture based on a Hyperridge Fabric platform to solve the storage problem of medical data, thereby realizing the efficient management of large-scale medical data and greatly improving the efficiency and expandability of the system. Meanwhile, the invention adopts a double-key encryption system combining public key encryption and symmetric encryption, realizes the storage and sharing of medical data under the condition of protecting the privacy of patients, and provides great convenience for medical institutions, patients and scientific research institutions.
Description
Technical Field
The invention provides an intelligent medical data storage method based on a multi-level block chain system architecture, belongs to the technical field of block chains, and particularly relates to the technical fields of data security, trusted storage, data sharing and the like.
Background
In the field of medical data, efficient storage and secure sharing of medical data have been a difficulty, and patients, doctors and researchers have strict limitations in accessing and sharing medical data. Although widespread use of centralized electronic Medical records emr (electronic Medical records) brings great convenience to the Medical field, with the development of society, the centralized electronic Medical records have failed to meet the requirement of large-scale Medical data storage and sharing because the Medical data of patients are difficult to interact, the operability is poor, the coordinated management is difficult, and the shared Medical data is often leaked due to resale of some staff without professional morality, thereby causing further loss to patients. Obviously, such centralized management and decentralized data storage are not the best choice for medical data storage and sharing.
A blockchain technology emerging in recent years becomes a feasible method for solving large-scale medical data storage and sharing, the blockchain technology is firstly proposed by a white paper Bitcoin A Peer-to-Peer electronic case System published in 2008 by Satoshi Nakamoto, and integrates the technologies of cryptography, game theory, P2P network, consensus mechanism and the like, the core is to adopt a chain data structure to ensure that data cannot be falsified, establish trust through the consensus mechanism, ensure transaction safety by utilizing the cryptography technology, have the characteristics of decentralization, high trust, high fault tolerance, incapability of falsification and the like, and have important application values in the fields of finance, supply chain, notarization, digital copyright, medical treatment and intelligent manufacturing. At present, a lot of intensive research is carried out at home and abroad on the application field of a block chain in the medical industry, for example, Media Lab of the massachusetts institute of technology proposes a MedRec framework based on the block chain, realizes decentralized integration of medical data across medical organizations, and realizes protection of private data of patients through intelligent contracts, but the MedRec uses a PoW consensus mechanism, and the computational cost required for maintaining the consistency of the block chain is too large.
The blockchain medical system related to the above is not very high in operation efficiency and expandability due to the lag of the adopted blockchain architecture and the improper selection of the consensus mechanism, and cannot meet the requirements of the blockchain system on transaction processing capability, safety supervision, privacy protection and the like.
Disclosure of Invention
The invention provides an intelligent medical data storage method based on a multilevel block chain system architecture based on a Hyperhedger Fabric platform. Meanwhile, the invention adopts a double-key encryption system combining public key encryption and symmetric encryption, realizes the sharing of medical data under the condition of protecting the privacy of patients, and provides great convenience for medical institutions, patients and scientific research institutions.
The intelligent medical data storage method based on the multilevel block chain system architecture comprises the following contents:
step 1, firstly, medical institutions are segmented and layered according to geographical positions of 34 provinces of a country to form a multi-level block chain system architecture similar to a domain name server or the Internet, the medical institutions of the provinces correspond to leaf block chains of the multi-level block chain system architecture one by one, each leaf block chain corresponds to one block chain sub-chain, a local block chain node is used for maintaining, updating and sharing transactions, and the leaf block chains store local medical data in parallel;
step 2, registering the medical institution of each province in a Fabric-ca, endowing different authorities to the Fabric-ca according to the roles of the participating nodes in the whole system, issuing digital certificates to users, generating necessary public information, and binding the Fabric-ca to a local block chain;
step 3, distributing nodes including a main node, an endorsement node, a submission node and a sequencing node for the authenticated user according to the registration certificate E-Cert of the authenticated user, adding the nodes into a local medical data block chain and the local block chain consisting of a plurality of medical institutions, and jointly verifying, maintaining and updating the medical data on the block chain and ensuring the independence of the data;
step 4, when the sequencing node group of the leaf block chain receives update applications submitted from different clients, the leaf block chain sequences the submitted update applications by adopting a PBFT consensus algorithm, and packs the transaction applications into blocks after sequencing is completed;
step 5, only the hash value of the encrypted medical data is stored in the block chain of the multi-level system architecture, so that medical institutions in various regions need to store original medical data by adopting a traditional cloud storage server, and the medical data can be stored under the chain;
step 6, according to the previous division of the geographical position of the medical institution, the data storage process of the medical institution in other regions is consistent with the steps, the leaf block chains of all regions work in parallel without mutual interference, but at the same time, the leaf block chain verification nodes submit transaction summary information to the father block chain verification node thereof in sequence until reaching the root block chain, thereby forming a multi-level block chain system;
step 7, when a user needs to access own medical data or an authorized user needs to access the medical data, the user authorized to access the transaction data uses own TCert-skxDecrypting the symmetric encryption key to obtain the symmetric encryption keyThe encrypted transaction data can be decrypted to obtain the medical data of the user.
Further, the step 2 is specifically realized by the following steps:
step 2-1, a user to be authenticated firstly submits an id capable of proving the uniqueness of the identity to a Fabric-ca-server, and a credible authentication center distributes a key pair (sk) for the authenticated user through an ECC algorithm based on the discrete logarithm calculation problem (ECDLP) on an elliptic curvex, vkx) Wherein skxIs a private key, vkxThe certificate is a public key and issues a certificate TLS-CA Cert containing a user name and the public key, wherein the certificate is held by a user for a long time and is mainly used for secure socket protocol/secure transport protocol (SSL/TLS) communication;
step 2-2, the user to be authenticated submits a registration request to a Fabric Member Service Provider (MSP) (Membership Service provider) through a Fabric-ca-client, the MSP verifies according to a user name and a password submitted by the user, and returns a registration certificate E-Cert (Enrolment Cert) and a transaction certificate T-Cert (transaction Cert) to the user after the verification, wherein the E-Cert is used for identity authentication and is held by the user for a long time, carries or can trace user information, and the T-Cert is used for signing each transaction;
and 2-3, recording the registration certificate E-Cert, the transaction certificate T-Cert and the certificate TLS-CA Cert containing the user name and the public key of the user who obtains the authentication into a local database for standby.
Further, the step 3 is specifically realized by the following steps:
step 3-1, when the medical institution needs to store medical data onto the leaf sub-block chain, informing the patient to encrypt the transaction data using a symmetric encryption key (AES-GMN) generated for the transaction, and then the patient's doctor granting access to the transaction data uses the public key TCert-vkxEncrypting the symmetric key, whereby the transaction includes the encrypted medical data and the encrypted symmetric key;
step 3-2, the medical institution collects medical data submitted by a patient, uses the T-Cert of the medical institution to carry out digital signature, generates a transaction from a client and submits the transaction to an endorsement node, the endorsement node receives the transaction of the client and then carries out simulation and generates read-write sets RWSets, and after the simulation and execution are completed, the endorsement node returns the read-write sets RWSets to the client with the digital signature of the endorsement node;
step 3-3, the client collects read-write sets RWSets which are digitally signed by different endorsement nodes, when the endorsement policy specified in advance is met, the client puts forward an update application to the sequencing node cluster, and the sequencing node cluster verifies the digital signatures of the endorsement nodes;
3-4, if no problem exists in the verification, sequencing the update applications by the endorsement node by adopting a PBFT consensus mechanism, packaging the sequenced transactions in a block by the sequencing node, carrying out digital signature, and sending the block to the submission node;
step 3-5, submitting the digital signature of the transaction endorsement node in the verification block according to the strategy, checking whether the RWSets are effective on the current data state, if the RWSets are effective, updating the world state WorldState of the data in the block chain account book, keeping the world state WorldState on the Fabric account book, if the transaction is invalid, keeping the transaction on the Fabric account book, and not updating the world state WorldState of the data at the moment;
and 3-6, no matter whether the block can be added into the block chain or not, after the verification is finished, submitting the node and needing to send a notice to the client, and notifying the node in each block chain to update the block chain.
Further, the step 4 is specifically realized by the following steps:
step 4-1, calculating and selecting a main node through a formula p = v mod | R |, sending request operation information to the main node by a client, storing the information after the main node receives the request operation information and checks the request operation information correctly, generating a pre-preparation message according to the request operation information, and broadcasting the pre-preparation message to each backup node;
step 4-2, after each backup node receives the pre-preparation message and checks the pre-preparation message correctly, the pre-preparation message is stored, and a preparation message is generated and broadcasted to the main node and other backup nodes according to the pre-preparation message;
4-3, after each node storing the copy receives the preparation message and checks the message correctly, storing the message, and generating a submission message to the client, the main node and other backup nodes according to the preparation message;
step 4-4, after the nodes storing the copies receive (2n +1)/3 submission messages and verify the submission, executing the operation in the request operation message from the client, wherein the condition that each copy receives the confirmation message is as follows:
(1) the signature is correct;
(2) the view number of the message is consistent with the current view number of the node;
(3) the sequence number n of the message satisfies the waterline condition, between H and H.
And 4-5, the client receives (n +2)/3 submitted messages, and after the messages are verified to be correct and accepted, the messages are considered to be accepted and executed by the sequencing node cluster.
Further, the step 6 is specifically realized by the following steps:
step 6-1, the local medical institution submits medical data to a leaf block chain, the leaf block chain verification node records the data or verifies transactions, the sequencing node uses a PBFT mechanism to sequence, a plurality of transactions are packaged into a block, and the head of the block is signed by the verification node;
step 6-2, when the leaf block chain generates a certain number of blocks, submitting the block head and the digital signature generated by the leaf block chain to a father block chain as the transaction of the father chain, verifying the signature by a father chain verification node, recording the signature in a new block of the father chain if the signature is a rule, and jointly signing the block head by the father chain verification node;
and 6-3, continuing to submit the signed block head to the upper layer, and performing the same processing until the signed block head is uploaded to the root block chain, thereby forming a multi-level block chain system architecture.
The invention has the beneficial effects that:
1. by using a block chain technology, the problem of 'single point failure' possibly occurring in centralized storage of medical data is solved, and decentralized storage and distributed sharing of the medical data are realized by a distributed solution;
2. the multi-level blockchain system architecture abandons the existing single-chain or double-layer blockchain system design, realizes the efficient management of large-scale medical data, and greatly improves the efficiency and expandability of the system;
3. the method adopts cryptography methods such as a double-key encryption system combining public key encryption and symmetric encryption to protect personal identity privacy and data privacy, realizes storage and sharing of medical data under the condition of protecting patient privacy, and provides great convenience for medical institutions, patients and scientific research institutions;
4. the leaf block chain adopts a PBFT consensus mechanism, reduces the system overhead, improves the consensus efficiency, has high consistency and accuracy of consensus results, and achieves quick consensus time.
Drawings
FIG. 1 is a diagram illustrating a multi-level blockchain architecture according to an embodiment of the present invention.
Fig. 2 is a block structure diagram according to an embodiment of the invention.
FIG. 3 is a flowchart illustrating the operation of the multi-level blockchain system according to the embodiment of the present invention.
FIG. 4 is a diagram illustrating a transaction encryption/decryption process according to an embodiment of the present invention.
Detailed Description
The technical method of the present invention is further described in detail with reference to the accompanying drawings.
The present invention relates to the following technical terms and constraints.
Fabric: fabric is a core project of hyper-leader, is essentially a distributed shared account book, adopts a modular architecture in design, and has the advantages that components can be flexibly configured according to needs, and can be inserted and used, and the Fabric comprises five core modules:
(1) the peer node module comprises a main node, an endorsement node, a submission node, a sequencing node and is responsible for storing block data, operating and maintaining chain codes, providing an external service interface and the like;
(2) the cryptogen module is responsible for generating a certificate file related to an organization structure and an account;
(3) the configxgen module is responsible for generating an initialization file of the sequencing node and generating a transaction;
(4) and the configxlator module is responsible for block analysis and transaction analysis.
Fabric-ca: the Fabric-ca certificate authority is an open source project initiated specially for solving the problem of Fabric account number, and consists of a Fabric-ca-server and a Fabric-ca-client. Functions are provided for issuing a registration certificate for a user, updating and revoking the certificate, connecting to LDAP as a user registry, and the like. A Fabric-ca-server may contain multiple Fabric-cas, each Fabric-ca being either a root Fabric-ca or an intermediate Fabric-ca.
MSP: the MSP (member Service provider) is a pluggable interface, which is used to support various authentication architectures, and the MSP provides the functions of user certificate verification, user certificate revocation, signature generation and verification, etc. The MSP is truly initialized by the Fabric-ca used to generate certificates and keys, which is the default implementation of the MSP interface for identity management, i.e. the MSP is only one interface, which is an implementation of the MSP interface.
RWSets: after the endorsement node simulates and executes the transaction submitted by the client, a Read-Write Set RWSets is generated for the transaction and returned to the client, wherein the Read Set comprises a list of the unique Key Read during the simulation execution of the transaction and the submitted version thereof, and the Write Set comprises a Key value, a written new value and a delete mark. Further, if Transaction is a key write-many value, only the last written value is retained.
WorldState: the world state WorldState represents the current values of all the account book states, and when a user needs to access the current state values of the account book, the user does not need to traverse the whole block chain to calculate the current state values of the account book, but can directly obtain the current state values from WorldState. Physically, WorldState is realized through a database, and operations such as storing, accessing and deleting states are performed on data by adopting a Key-Value method.
Merkle tree: the Merkle hash tree is a type of binary or multi-way tree based on hash values, the values of leaf nodes of which are typically hash values of data blocks, and the values of non-leaf nodes are hash values of the combined result of all child nodes of the node. All transaction data generate a unique Merkle tree root value based on the Hash process of the Merkle tree and are stored in the block head, the Merkle tree is usually used for integrity verification processing, and particularly when the verification is carried out in a distributed environment, the operation efficiency and expansibility of inquiring and verifying transaction information are greatly improved by the memory structure of the Merkle tree. SPV verification employed by lightweight nodes of bitcoin takes advantage of the Merkle tree.
The intelligent medical data storage method based on the multilevel block chain system architecture comprises the following contents:
step 1, firstly, medical institutions are segmented and layered according to geographical positions of 34 provinces of a country to form a multi-level blockchain system architecture similar to a domain name server or the Internet, the medical institutions of the provinces correspond to leaf blockchains of the multi-level blockchain system architecture one by one, each leaf blockchain corresponds to one blockchain sub-chain, transactions are carried out by taking charge of maintenance, updating and sharing through local blockchain nodes, and local medical data are stored in parallel in the leaf blockchains.
And 2, registering the medical institution of each province in the Fabric-ca respectively, endowing different authorities to the Fabric-ca according to the roles of the participating nodes in the whole system, issuing digital certificates to users, generating necessary public information, and binding the Fabric-ca to a local block chain.
The step 2 is realized by the following steps:
step 2-1, a user to be authenticated firstly submits an id capable of proving the uniqueness of the identity to a Fabric-ca-server, and a credible authentication center distributes a key pair (sk) for the authenticated user through an ECC algorithm based on the discrete logarithm calculation problem (ECDLP) on an elliptic curvex, vkx) Wherein skxIs a private key, vkxIs a public key and issues a certificate TLS-CA Cert containing user name and public key, which is held by user for a long time and is mainly used for secure socket protocol/secure transmission protocol(SSL/TLS) communication.
Step 2-2, the user to be authenticated submits a registration request to a member Service provider MSP (Membership Service provider) of the Fabric through the Fabric-ca-client, the MSP verifies according to a user name and a password submitted by the user, and returns a registration certificate E-Cert (Enrolment Cert) and a transaction certificate T-Cert (transaction Cert) to the user after the verification is passed, wherein the E-Cert is used for identity authentication and is held by the user for a long time, carries or can trace user information, and the T-Cert is used for signing each transaction.
And 2-3, recording the registration certificate E-Cert, the transaction certificate T-Cert and the certificate TLS-CA Cert containing the user name and the public key of the user who obtains the authentication into a local database for standby.
And 3, distributing nodes including a main node, an endorsement node, a submission node and a sequencing node for the authenticated user according to the registration certificate E-Cert of the authenticated user, adding the nodes into a local medical data block chain and the local block chain consisting of a plurality of medical institutions, and jointly verifying, maintaining and updating the medical data on the block chain and ensuring the independence of the data.
The step 3 is realized by the following steps:
step 3-1, when the medical institution needs to store medical data onto the leaf sub-block chain, informing the patient to encrypt the transaction data using a symmetric encryption key (AES-GMN) generated for the transaction, and then the patient's doctor granting access to the transaction data uses the public key TCert-vkxThe symmetric key is encrypted, so the transaction includes the encrypted medical data and the encrypted symmetric key.
And 3-2, the medical institution collects medical data submitted by the patient, uses the T-Cert of the medical institution to carry out digital signature, generates a transaction from the client and submits the transaction to the endorsement node, the endorsement node receives the transaction of the client and then carries out simulation and generates read-write sets RWSets, and after the simulation and execution are completed, the endorsement node returns the read-write sets RWSets to the client with the digital signature of the endorsement node.
And 3-3, collecting read-write sets RWSets subjected to digital signature by the client from different endorsement nodes, and when a preset endorsement strategy is met, proposing an updating application to the sequencing node cluster by the client, and verifying the digital signature of the endorsement nodes by the sequencing node cluster.
And 3-4, if no problem exists in the verification, sequencing the update applications by the endorsement node by adopting a PBFT consensus mechanism, packaging the sequenced transactions in a block by the sequencing node, carrying out digital signature, and sending the block to the submission node.
And 3-5, the submitting node verifies the digital signature of the transaction endorsement node in the block according to the strategy, and checks whether the RWSets are effective on the current data state, if the RWSets are effective, the world state WorldState of the data in the block chain account book is updated and is kept on the Fabric account book, if the transaction is invalid, the transaction is also kept on the Fabric account book, but the world state WorldState of the data is not updated at the moment.
And 3-6, no matter whether the block can be added into the block chain or not, after the verification is finished, submitting the node and needing to send a notice to the client, and notifying the node in each block chain to update the block chain.
And 4, when the sequencing node group of the leaf block chain receives the update applications submitted from different clients, sequencing the submitted update applications by the leaf block chain by adopting a PBFT consensus algorithm, and packaging the transaction applications into blocks after sequencing is completed.
The step 4 is realized by the following steps:
and 4-1, calculating and selecting a main node according to a formula p = v mod | R |, sending request operation information to the main node by the client, storing the information after the main node receives the request operation information and checks the request operation information correctly, generating a pre-preparation message according to the request operation information, and broadcasting the pre-preparation message to each backup node.
And 4-2, after each backup node receives the pre-preparation message and checks the pre-preparation message correctly, storing the message, generating a preparation message according to the pre-preparation message and broadcasting the preparation message to the main node and other backup nodes.
And 4-3, after each node for storing the copy receives the preparation message and checks the preparation message correctly, storing the message, and generating a submission message to the client, the main node and other backup nodes according to the preparation message.
Step 4-4, after the nodes storing the copies receive (2n +1)/3 submission messages and verify the submission, executing the operation in the request operation message from the client, wherein the condition that each copy receives the confirmation message is as follows:
(1) the signature is correct;
(2) the view number of the message is consistent with the current view number of the node;
(3) the sequence number n of the message satisfies the waterline condition, between H and H.
And 4-5, the client receives (n +2)/3 submitted messages, and after the messages are verified to be correct and accepted, the messages are considered to be accepted and executed by the sequencing node cluster.
And 5, only storing the encrypted hash value of the medical data in the block chain of the multi-level system architecture, so that medical institutions in various regions need to store the original medical data by adopting a traditional cloud storage server to realize the down-chain storage of the medical data.
And 6, according to the previous division of the geographical position of the medical institution, the data storage process of the medical institution in other regions is consistent with the steps, the leaf block chains of all regions work in parallel without mutual interference, and meanwhile, the leaf block chain verification nodes submit transaction summary information to the father block chain verification node of the leaf block chain verification node in sequence until reaching the root block chain, so that a multi-level block chain system is formed.
The step 6 is realized by the following steps:
step 6-1, the local medical institution submits medical data to a leaf block chain, the leaf block chain verification node records the data or verifies transactions, the sequencing node uses a PBFT mechanism to sequence, a plurality of transactions are packaged into a block, and the head of the block is signed by the verification node.
And 6-2, generating a certain number of blocks every time the leaf block chain generates, submitting the block head and the digital signature generated by the leaf block chain to a father block chain to be used as the transaction of the father chain, verifying the signature by a father chain verification node, recording the signature in a new block of the father chain if the signature is combined, and jointly signing the block head by the father chain verification node.
And 6-3, continuing to submit the signed block head to the upper layer, and performing the same processing until the signed block head is uploaded to the root block chain, thereby forming a multi-level block chain system architecture.
Step 7, when a user needs to access own medical data or an authorized user needs to access the medical data, the user authorized to access the transaction data uses own TCert-skxAnd decrypting the symmetric encryption key to obtain the symmetric key, and then decrypting the encrypted transaction data to obtain the medical data of the user.
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.
Claims (5)
1. The intelligent medical data storage method based on the multilevel block chain system architecture is characterized by comprising the following contents:
step 1, firstly, medical institutions are segmented and layered according to geographical positions of 34 provinces of a country to form a multi-level block chain system architecture similar to a domain name server or the Internet, the medical institutions of the provinces correspond to leaf block chains of the multi-level block chain system architecture one by one, each leaf block chain corresponds to one block chain sub-chain, a local block chain node is used for maintaining, updating and sharing transactions, and the leaf block chains store local medical data in parallel;
step 2, registering the medical institution of each province in a Fabric-ca, endowing different authorities to the Fabric-ca according to the roles of the participating nodes in the whole system, issuing digital certificates to users, generating necessary public information, and binding the Fabric-ca to a local block chain;
step 3, distributing nodes including a main node, an endorsement node, a submission node and a sequencing node for the authenticated user according to the registration certificate E-Cert of the authenticated user, adding the nodes into a local medical data block chain and the local block chain consisting of a plurality of medical institutions, and jointly verifying, maintaining and updating the medical data on the block chain and ensuring the independence of the data;
step 4, when the sequencing node group of the leaf block chain receives update applications submitted from different clients, the leaf block chain sequences the submitted update applications by adopting a PBFT consensus algorithm, and packs the transaction applications into blocks after sequencing is completed;
step 5, only the hash value of the encrypted medical data is stored in the block chain of the multi-level system architecture, so that medical institutions in various regions need to store original medical data by adopting a traditional cloud storage server, and the medical data can be stored under the chain;
step 6, according to the previous division of the geographical position of the medical institution, the data storage process of the medical institution in other regions is consistent with the steps, the leaf block chains of all regions work in parallel without mutual interference, but at the same time, the leaf block chain verification nodes submit transaction summary information to the father block chain verification node thereof in sequence until reaching the root block chain, thereby forming a multi-level block chain system;
step 7, when a user needs to access own medical data or an authorized user needs to access the medical data, the user authorized to access the transaction data uses own TCert-skxAnd decrypting the symmetric encryption key to obtain the symmetric key, and then decrypting the encrypted transaction data to obtain the medical data of the user.
2. The method of claim 1, wherein the method comprises: the step 2 is realized by the following steps:
step 2-1, a user to be authenticated firstly submits an id capable of proving the uniqueness of the identity to a Fabric-ca-server, and a credible authentication center distributes a key pair (sk) for the authenticated user through an ECC algorithm based on the discrete logarithm calculation problem (ECDLP) on an elliptic curvex, vkx) Wherein skxIs the use of a private key, and,vkxthe certificate is a public key and issues a certificate TLS-CA Cert containing a user name and the public key, wherein the certificate is held by a user for a long time and is mainly used for secure socket protocol/secure transport protocol (SSL/TLS) communication;
step 2-2, the user to be authenticated submits a registration request to a Fabric Member Service Provider (MSP) (Membership Service provider) through a Fabric-ca-client, the MSP verifies according to a user name and a password submitted by the user, and returns a registration certificate E-Cert (Enrolment Cert) and a transaction certificate T-Cert (transaction Cert) to the user after the verification, wherein the E-Cert is used for identity authentication and is held by the user for a long time, carries or can trace user information, and the T-Cert is used for signing each transaction;
and 2-3, recording the registration certificate E-Cert, the transaction certificate T-Cert and the certificate TLS-CA Cert containing the user name and the public key of the user who obtains the authentication into a local database for standby.
3. The method of claim 1, wherein the method comprises: the step 3 is realized by the following steps:
step 3-1, when the medical institution needs to store medical data onto the leaf sub-block chain, informing the patient to encrypt the transaction data using a symmetric encryption key (AES-GMN) generated for the transaction, and then the patient's doctor granting access to the transaction data uses the public key TCert-vkxEncrypting the symmetric key, whereby the transaction includes the encrypted medical data and the encrypted symmetric key;
step 3-2, the medical institution collects medical data submitted by a patient, uses the T-Cert of the medical institution to carry out digital signature, generates a transaction from a client and submits the transaction to an endorsement node, the endorsement node receives the transaction of the client and then carries out simulation and generates read-write sets RWSets, and after the simulation and execution are completed, the endorsement node returns the read-write sets RWSets to the client with the digital signature of the endorsement node;
step 3-3, the client collects read-write sets RWSets which are digitally signed by different endorsement nodes, when the endorsement policy specified in advance is met, the client puts forward an update application to the sequencing node cluster, and the sequencing node cluster verifies the digital signatures of the endorsement nodes;
3-4, if no problem exists in the verification, sequencing the update applications by the endorsement node by adopting a PBFT consensus mechanism, packaging the sequenced transactions in a block by the sequencing node, carrying out digital signature, and sending the block to the submission node;
step 3-5, submitting the digital signature of the transaction endorsement node in the verification block according to the strategy, checking whether the RWSets are effective on the current data state, if the RWSets are effective, updating the world state WorldState of the data in the block chain account book, keeping the world state WorldState on the Fabric account book, if the transaction is invalid, keeping the transaction on the Fabric account book, and not updating the world state WorldState of the data at the moment;
and 3-6, no matter whether the block can be added into the block chain or not, after the verification is finished, submitting the node and needing to send a notice to the client, and notifying the node in each block chain to update the block chain.
4. The method of claim 1, wherein the method comprises: the step 4 is realized by the following steps:
step 4-1, calculating and selecting a main node through a formula p = v mod | R |, sending request operation information to the main node by a client, storing the information after the main node receives the request operation information and checks the request operation information correctly, generating a pre-preparation message according to the request operation information, and broadcasting the pre-preparation message to each backup node;
step 4-2, after each backup node receives the pre-preparation message and checks the pre-preparation message correctly, the pre-preparation message is stored, and a preparation message is generated and broadcasted to the main node and other backup nodes according to the pre-preparation message;
4-3, after each node storing the copy receives the preparation message and checks the message correctly, storing the message, and generating a submission message to the client, the main node and other backup nodes according to the preparation message;
step 4-4, after the nodes storing the copies receive (2n +1)/3 submission messages and verify the submission, executing the operation in the request operation message from the client, wherein the condition that each copy receives the confirmation message is as follows:
(1) the signature is correct;
(2) the view number of the message is consistent with the current view number of the node;
(3) the serial number n of the message meets the waterline condition and is between H and H;
and 4-5, the client receives (n +2)/3 submitted messages, and after the messages are verified to be correct and accepted, the messages are considered to be accepted and executed by the sequencing node cluster.
5. The method of claim 1, wherein the method comprises: the step 6 is realized by the following steps:
step 6-1, the local medical institution submits medical data to a leaf block chain, the leaf block chain verification node records the data or verifies transactions, the sequencing node uses a PBFT mechanism to sequence, a plurality of transactions are packaged into a block, and the head of the block is signed by the verification node;
step 6-2, when the leaf block chain generates a certain number of blocks, submitting the block head and the digital signature generated by the leaf block chain to a father block chain as the transaction of the father chain, verifying the signature by a father chain verification node, recording the signature in a new block of the father chain if the signature is a rule, and jointly signing the block head by the father chain verification node;
and 6-3, continuing to submit the signed block head to the upper layer, and performing the same processing until the signed block head is uploaded to the root block chain, thereby forming a multi-level block chain system architecture.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911037847.6A CN110727737B (en) | 2019-10-29 | 2019-10-29 | Intelligent medical data storage method based on multilevel block chain system architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911037847.6A CN110727737B (en) | 2019-10-29 | 2019-10-29 | Intelligent medical data storage method based on multilevel block chain system architecture |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110727737A true CN110727737A (en) | 2020-01-24 |
CN110727737B CN110727737B (en) | 2022-10-18 |
Family
ID=69222462
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911037847.6A Active CN110727737B (en) | 2019-10-29 | 2019-10-29 | Intelligent medical data storage method based on multilevel block chain system architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110727737B (en) |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111245861A (en) * | 2020-02-07 | 2020-06-05 | 上海应用技术大学 | Power data storage and sharing method |
CN111339086A (en) * | 2020-02-18 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Block processing method, and data query method and device based on block chain |
CN111414435A (en) * | 2020-05-22 | 2020-07-14 | 浙江工商大学 | Searchable encryption data cloud storage method based on block chain and homomorphic encryption |
CN111459672A (en) * | 2020-03-30 | 2020-07-28 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, equipment and medium based on block chain network |
CN111556140A (en) * | 2020-04-26 | 2020-08-18 | 北京师范大学珠海分校 | Multi-layer block chain network architecture and data storage and sharing method thereof |
CN111797170A (en) * | 2020-07-15 | 2020-10-20 | 智博云信息科技(广州)有限公司 | Medical data information coordination processing method, device and system |
CN111814176A (en) * | 2020-05-29 | 2020-10-23 | 上海申铁信息工程有限公司 | Block chain-based data access authority control method and device |
CN111901302A (en) * | 2020-06-28 | 2020-11-06 | 石家庄铁道大学 | Medical information attribute encryption access control method based on block chain |
CN112035896A (en) * | 2020-07-20 | 2020-12-04 | 江苏傲为控股有限公司 | Electronic contract deposit certificate system based on transaction mode |
CN112134834A (en) * | 2020-05-19 | 2020-12-25 | 北京天德科技有限公司 | Data lake system architecture based on block chain |
CN112365347A (en) * | 2020-11-12 | 2021-02-12 | 杭州卓健信息科技有限公司 | Medicine research and development clinical medical data safety sharing system based on block chain |
CN112381552A (en) * | 2020-11-19 | 2021-02-19 | 华南理工大学 | Supply chain tracing method based on hierarchical block chain and application |
CN112418790A (en) * | 2020-11-18 | 2021-02-26 | 江苏赞奇科技股份有限公司 | Block chain-based high-validity dynamic extension tracing method for service chain |
CN112435128A (en) * | 2021-01-27 | 2021-03-02 | 江苏恒鸿供应链管理有限公司 | Supply chain tracing system based on multi-level block chain technology |
CN112565289A (en) * | 2020-12-21 | 2021-03-26 | 北京航空航天大学 | System and method for credible issuing and verifying of medical certificate based on block chain |
CN112600678A (en) * | 2021-03-02 | 2021-04-02 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
CN112951357A (en) * | 2021-03-23 | 2021-06-11 | 电子科技大学 | Block chain-based virtual medical resource transverse expansion method |
CN112988889A (en) * | 2021-03-04 | 2021-06-18 | 京东数字科技控股股份有限公司 | Method, device, equipment and storage medium for realizing block chain service |
CN113098890A (en) * | 2021-04-15 | 2021-07-09 | 深圳市骑换科技有限公司 | Network security service guarantee method |
CN113380356A (en) * | 2021-05-10 | 2021-09-10 | 广州零端科技有限公司 | Medical examination data recording method, query method and device based on branch chain type tracing |
CN113468551A (en) * | 2021-05-31 | 2021-10-01 | 南京邮电大学 | Domestic intelligent electric meter data storage system and method based on alliance block chain |
CN113593691A (en) * | 2021-10-08 | 2021-11-02 | 青岛美迪康数字工程有限公司 | Medical data sharing system and method |
CN113709197A (en) * | 2020-05-21 | 2021-11-26 | 顺丰科技有限公司 | Alliance block chain organization system and block chain system |
CN114979210A (en) * | 2022-05-23 | 2022-08-30 | 南通大学 | Medical data sharing method based on block chain |
CN115002111A (en) * | 2022-05-23 | 2022-09-02 | 北京航空航天大学 | Block chain consensus method based on group tree structure |
CN114979210B (en) * | 2022-05-23 | 2024-05-07 | 南通大学 | Medical data sharing method based on blockchain |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109492419A (en) * | 2018-11-27 | 2019-03-19 | 众安信息技术服务有限公司 | For obtaining the method, apparatus and storage medium of the data in block chain |
CN109766673A (en) * | 2019-01-18 | 2019-05-17 | 四川大学 | A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method |
CN109871669A (en) * | 2019-03-14 | 2019-06-11 | 哈尔滨工程大学 | A kind of data sharing solution based on block chain technology |
CN109949882A (en) * | 2018-11-15 | 2019-06-28 | 陕西医链区块链集团有限公司 | A kind of medical treatment block chain data-storage system |
-
2019
- 2019-10-29 CN CN201911037847.6A patent/CN110727737B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109949882A (en) * | 2018-11-15 | 2019-06-28 | 陕西医链区块链集团有限公司 | A kind of medical treatment block chain data-storage system |
CN109492419A (en) * | 2018-11-27 | 2019-03-19 | 众安信息技术服务有限公司 | For obtaining the method, apparatus and storage medium of the data in block chain |
CN109766673A (en) * | 2019-01-18 | 2019-05-17 | 四川大学 | A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method |
CN109871669A (en) * | 2019-03-14 | 2019-06-11 | 哈尔滨工程大学 | A kind of data sharing solution based on block chain technology |
Non-Patent Citations (1)
Title |
---|
杨明 等: "基于区块链的医疗数据云存储共享方案", 《 南京信息工程大学学报(自然科学版)》 * |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111245861A (en) * | 2020-02-07 | 2020-06-05 | 上海应用技术大学 | Power data storage and sharing method |
CN111339086A (en) * | 2020-02-18 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Block processing method, and data query method and device based on block chain |
CN111459672B (en) * | 2020-03-30 | 2023-09-29 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, equipment and medium based on block chain network |
CN111459672A (en) * | 2020-03-30 | 2020-07-28 | 百度国际科技(深圳)有限公司 | Transaction processing method, device, equipment and medium based on block chain network |
CN111556140A (en) * | 2020-04-26 | 2020-08-18 | 北京师范大学珠海分校 | Multi-layer block chain network architecture and data storage and sharing method thereof |
CN111556140B (en) * | 2020-04-26 | 2023-05-12 | 北京师范大学珠海分校 | Multi-layer block chain network architecture and data storage and sharing method thereof |
CN112134834A (en) * | 2020-05-19 | 2020-12-25 | 北京天德科技有限公司 | Data lake system architecture based on block chain |
CN113709197B (en) * | 2020-05-21 | 2024-02-23 | 顺丰科技有限公司 | Alliance block chain organization system and block chain system |
CN113709197A (en) * | 2020-05-21 | 2021-11-26 | 顺丰科技有限公司 | Alliance block chain organization system and block chain system |
CN111414435A (en) * | 2020-05-22 | 2020-07-14 | 浙江工商大学 | Searchable encryption data cloud storage method based on block chain and homomorphic encryption |
CN111814176A (en) * | 2020-05-29 | 2020-10-23 | 上海申铁信息工程有限公司 | Block chain-based data access authority control method and device |
CN111901302A (en) * | 2020-06-28 | 2020-11-06 | 石家庄铁道大学 | Medical information attribute encryption access control method based on block chain |
CN111797170A (en) * | 2020-07-15 | 2020-10-20 | 智博云信息科技(广州)有限公司 | Medical data information coordination processing method, device and system |
CN112035896A (en) * | 2020-07-20 | 2020-12-04 | 江苏傲为控股有限公司 | Electronic contract deposit certificate system based on transaction mode |
CN112035896B (en) * | 2020-07-20 | 2024-03-29 | 傲为有限公司 | Electronic contract evidence-storing system based on transaction mode |
CN112365347A (en) * | 2020-11-12 | 2021-02-12 | 杭州卓健信息科技有限公司 | Medicine research and development clinical medical data safety sharing system based on block chain |
CN112418790A (en) * | 2020-11-18 | 2021-02-26 | 江苏赞奇科技股份有限公司 | Block chain-based high-validity dynamic extension tracing method for service chain |
CN112418790B (en) * | 2020-11-18 | 2024-03-26 | 江苏赞奇科技股份有限公司 | Service chain high-effectiveness dynamic expansion traceability method based on block chain |
CN112381552A (en) * | 2020-11-19 | 2021-02-19 | 华南理工大学 | Supply chain tracing method based on hierarchical block chain and application |
CN112565289A (en) * | 2020-12-21 | 2021-03-26 | 北京航空航天大学 | System and method for credible issuing and verifying of medical certificate based on block chain |
CN112565289B (en) * | 2020-12-21 | 2022-06-24 | 北京航空航天大学 | System and method for credible issuing and verifying of medical certificate based on block chain |
CN112435128B (en) * | 2021-01-27 | 2021-10-22 | 江苏恒鸿供应链管理有限公司 | Supply chain tracing system based on multi-level block chain technology |
CN112435128A (en) * | 2021-01-27 | 2021-03-02 | 江苏恒鸿供应链管理有限公司 | Supply chain tracing system based on multi-level block chain technology |
CN112600678A (en) * | 2021-03-02 | 2021-04-02 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
CN112988889A (en) * | 2021-03-04 | 2021-06-18 | 京东数字科技控股股份有限公司 | Method, device, equipment and storage medium for realizing block chain service |
CN112988889B (en) * | 2021-03-04 | 2024-02-02 | 京东科技控股股份有限公司 | Method, device, equipment and storage medium for realizing block chain service |
CN112951357A (en) * | 2021-03-23 | 2021-06-11 | 电子科技大学 | Block chain-based virtual medical resource transverse expansion method |
CN112951357B (en) * | 2021-03-23 | 2023-05-09 | 电子科技大学 | Virtual medical resource lateral expansion method based on blockchain |
CN113098890A (en) * | 2021-04-15 | 2021-07-09 | 深圳市骑换科技有限公司 | Network security service guarantee method |
CN113098890B (en) * | 2021-04-15 | 2022-05-17 | 深圳市骑换科技有限公司 | Network security service guarantee method |
CN113380356A (en) * | 2021-05-10 | 2021-09-10 | 广州零端科技有限公司 | Medical examination data recording method, query method and device based on branch chain type tracing |
CN113380356B (en) * | 2021-05-10 | 2024-04-16 | 广州零端科技有限公司 | Branch chain type traceable medical examination data recording method, inquiring method and device |
CN113468551A (en) * | 2021-05-31 | 2021-10-01 | 南京邮电大学 | Domestic intelligent electric meter data storage system and method based on alliance block chain |
CN113593691A (en) * | 2021-10-08 | 2021-11-02 | 青岛美迪康数字工程有限公司 | Medical data sharing system and method |
CN115002111A (en) * | 2022-05-23 | 2022-09-02 | 北京航空航天大学 | Block chain consensus method based on group tree structure |
CN114979210A (en) * | 2022-05-23 | 2022-08-30 | 南通大学 | Medical data sharing method based on block chain |
CN114979210B (en) * | 2022-05-23 | 2024-05-07 | 南通大学 | Medical data sharing method based on blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN110727737B (en) | 2022-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110727737B (en) | Intelligent medical data storage method based on multilevel block chain system architecture | |
US11139951B2 (en) | Blockchain system and data processing method for blockchain system | |
US20210377040A1 (en) | Trust and identity management systems and methods | |
US10673626B2 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
De Oliveira et al. | Towards a blockchain-based secure electronic medical record for healthcare applications | |
CN108418680B (en) | Block chain key recovery method and medium based on secure multi-party computing technology | |
CN109377198B (en) | Signing system based on multi-party consensus of alliance chain | |
CN109829326B (en) | Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain | |
Barsoum et al. | Provable multicopy dynamic data possession in cloud computing systems | |
JP6285454B2 (en) | Entity network translation (ENT) | |
US10432394B2 (en) | Method and system for sharing encrypted content | |
TW202125299A (en) | Chained structure data storage, verification and implementation method, system and device and medium | |
JP2021512569A (en) | Blockchain data processing method, management side, client side, converter and medium | |
WO2019080933A1 (en) | Block chain transaction privacy protection method and system | |
US20190295069A1 (en) | Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates | |
CN110149322A (en) | A kind of block chain encryption method that irreversible dynamic failure re-examination is rebuild | |
Zhou et al. | EverSSDI: blockchain-based framework for verification, authorisation and recovery of self-sovereign identity using smart contracts | |
Su et al. | A financial data security sharing solution based on blockchain technology and proxy re-encryption technology | |
US11604888B2 (en) | Digital storage and data transport system | |
Fan et al. | Identity Management Security Authentication Based on Blockchain Technologies. | |
CN115883214A (en) | Electronic medical data sharing system and method based on alliance chain and CP-ABE | |
CN114051031A (en) | Encryption communication method, system, equipment and storage medium based on distributed identity | |
CN114254284B (en) | Digital certificate generation and identity authentication method, quantum CA authentication center and system | |
Tian et al. | Fine‐grained assured insertion and deletion scheme based on onion encryption in cloud storage | |
Osmov et al. | On the blockchain-based general-purpose public key infrastructure |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |