CN111865965A - Cloud electronic medical data encryption system - Google Patents

Cloud electronic medical data encryption system Download PDF

Info

Publication number
CN111865965A
CN111865965A CN202010685571.9A CN202010685571A CN111865965A CN 111865965 A CN111865965 A CN 111865965A CN 202010685571 A CN202010685571 A CN 202010685571A CN 111865965 A CN111865965 A CN 111865965A
Authority
CN
China
Prior art keywords
key
computer terminal
cloud
pct
medical data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010685571.9A
Other languages
Chinese (zh)
Inventor
董海霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010685571.9A priority Critical patent/CN111865965A/en
Publication of CN111865965A publication Critical patent/CN111865965A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The invention relates to the technical field of cloud electronic medical data encryption, and discloses a cloud electronic medical data encryption system, which comprises: cloud data server CDS running medical data encryption system softwareDSCloud authorization server CASKComputer terminal PCT for authorizing electronic medical data reading operationDOComputer terminal PCT for authorizing electronic medical data writing operationDMComputer terminal PCT for reading electronic medical dataDR(ii) a CDS stored in cloud data serverDSOnly the electronic medical data passes through the computer terminal PCT with the read operation authorityDMIs authorized to allow the computer terminal PCTDRUser u ofiDecrypt the ciphertext and cause storage at the cloud data server CDSDSThe electronic medical data only has a computer terminal PCT with writing operation authorityDMCan the modification be made. The invention solves the technical problem that the data authenticity cannot be ensured on the premise of ensuring the privacy of the cloud electronic medical data at present.

Description

Cloud electronic medical data encryption system
Technical Field
The invention relates to the technical field of cloud electronic medical data encryption, in particular to a cloud electronic medical data encryption system.
Background
With the widespread use of cloud computing, it has become a trend to outsource Personal Health Record (PHR) data to third party service providers, with the patient then having full control over the authorization of access to the data. The main idea of the PHR service is that each patient can remotely modify and manage his own personal health information, thereby making the storage, retrieval and sharing of personal health data more efficient. To provide privacy protection, patients may have full control over access to their own Electronic Medical Record (EMR) data and share personal health information only with legitimate users. Generally, in order to better treat diseases and monitor health conditions, patients share personal health record information with their attending physicians, family members, and close friends.
Although the PHR service can exchange patient health information to benefit patients through a patient-centric model, the PHR system has an application drawback of allowing data owners to arbitrarily modify data, resulting in an inability to guarantee data authenticity.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a cloud electronic medical data encryption system to solve the technical problem that the authenticity of data cannot be ensured on the premise of ensuring the privacy of cloud electronic medical data.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a cloud electronic medical data encryption system, comprising: cloud data server CDS running medical data encryption system softwareDSCloud authorization server CASKComputer terminal PCT for authorizing electronic medical data reading operationDOComputer terminal PCT for authorizing electronic medical data writing operationDMComputer terminal PCT for reading electronic medical dataDR
Cloud authorization server CASKPCT respectively with computer terminalsDOAnd computer terminal PCTDMCarrying out communication connection; computer terminal PCTDOAnd computer terminal PCTDMCDS (uniform cloud data server)DSCarrying out communication connection; cloud data server CDSDSPCT with computer terminalDRCarrying out communication connection;
the encryption method of the medical data encryption system specifically comprises the following steps:
the method comprises the following steps: cloud authorization server CASKAnd (3) setting parameters: let n ═ pq, Φ (n) ═ p-1 (q-1), where p ≠ q is prime, select e, d, and satisfy ed ≡ 1mod Φ (n), public key PK ≡ e, n, and private key SK ≡ d, n;
cloud authorization server CASKRandom selection of ei1、ei2And e is ai1ei2E.g. Emod phi (n), ei1Sending to a computer terminal PCT DME is to bei2Sending to a cloud data server CDSDS
Cloud authorization server CASKRandom selection of dj1、dj2And d isj1dj2D is equal to dmod phi (n)j1Sending to a computer terminal PCTDOD is mixingj2Sending to a cloud data server CDSDS
Step two: computer terminal PCTDOAnd (3) setting parameters: let G and GTIs a cyclic group of order prime p, and G is the generator of G, H and HwIs {0, 1}*Hash function of → G, HeIs composed of
Figure BDA0002587441770000021
The hash function of (1);
computer terminal PCTDORandom selection
Figure BDA0002587441770000022
And kaGenerating a master key MK ═ { k ═ k }a,β,gαH, p, G, pβ,e(g,g)α,H,Hw,He};
Let U be { U ═ U1,…,unIs the user set, Λ ═ att1,…,attpGenerating a computer terminal PCT by taking the attribute as an attribute baseDRUser u ofiAttribute key of
Figure BDA0002587441770000031
Wherein the content of the first and second substances,
Figure BDA0002587441770000032
selecting randomly;
computer terminal PCTDORandom selection
Figure BDA0002587441770000033
As a challenge key, and calculating a complementary key
Figure BDA0002587441770000034
Will be provided with
Figure BDA0002587441770000035
Sent to user uiWill be
Figure BDA0002587441770000036
And all attribute groups GiSending to a cloud data server CDSDS
Step three: cloud data server CDSDSConstructing a KEK binary tree according to the attribute group information and giving a PCT (PCT) to the computer terminalDRUser u ofiDistribution path key PKt
Computer terminal PCTDOSelecting
Figure BDA0002587441770000037
Computing
Figure BDA0002587441770000038
I(w)*=[R,HMACk(R)]Wherein k is He(I (w)), w represents a keyword, I (w))*Indexing the ciphertext;
computer terminal PCTDOReading key d for electronic medical data jEncrypting to obtain a read key djIs encrypted by the encryption key
Figure BDA0002587441770000039
Wherein the random selection is
Figure BDA00025874417700000310
Omega is a leaf node set;
cloud data server CDSDSFor reading secret key djCiphertext E ofABE(dj) Performing re-encryption operation, specifically comprising:
random selection
Figure BDA00025874417700000311
Calculating and outputting:
Figure BDA00025874417700000312
Figure BDA00025874417700000313
wherein E isK(M) denotes the encryption of the message M, KEK (G) using the symmetric key Ki) Representing an attribute group GiThe minimum coverage set of;
step four: computer terminal PCTDMRandom selection of a key k from a key spacexAs a symmetric key, the message M is encrypted by using a symmetric encryption algorithm E to obtain a ciphertext
Figure BDA0002587441770000041
Reuse of write key ei1Encrypting a symmetric key kxTo obtain a ciphertext
Figure BDA0002587441770000042
Finally, the message cipher text C is equal to (C)i1,Ci2) Sending to a cloud data server CDSDS
Cloud data server CDSDSUsing the corresponding write key ei2For ciphertext Ci2Performing re-encryption operation to obtain
Figure BDA0002587441770000043
Step five: CDS (server CDS) of cloud dataDSReading key d using corresponding electronic medical dataj2For ciphertext
Figure BDA0002587441770000044
Carry out decryption to obtainTo ciphertext
Figure BDA0002587441770000045
Cipher text of message
Figure BDA0002587441770000046
Reading key ciphertext
Figure BDA0002587441770000047
And sending the Hdr to the computer terminal PCTDRUser u ofi
Computer terminal PCTDRUser u ofiDecrypting Hdr to obtain attribute group key
Figure BDA0002587441770000048
Updating the attribute key is as follows:
Figure BDA0002587441770000049
computer terminal PCTDRUser u ofiDecrypting read key ciphertext
Figure BDA00025874417700000410
Obtaining a read key d j1Then decrypt the symmetric key
Figure BDA00025874417700000411
Further, the user uiThe search key is w*Using the inquiry key
Figure BDA00025874417700000412
Calculating trap door
Figure BDA00025874417700000413
Mixing Q (w)*) Sending to a cloud data server CDSDS
Further, the CDS is the cloud data serverDSComputing
Figure BDA00025874417700000414
k′=He(Q*(w*) Carry out keyword search.
Further, the user uiUsing kxRecovering a message
Figure BDA00025874417700000415
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
in the scheme of the invention, as a read-write permission separation mechanism is adopted, the CDS stored in the cloud data serverDSOnly the electronic medical data passes through the computer terminal PCT with the read operation authorityDMIs authorized to allow the computer terminal PCTDRUser u ofiDecrypt the ciphertext and cause storage at the cloud data server CDSDSThe electronic medical data only has a computer terminal PCT with writing operation authorityDMThe modification can be carried out, so that the technical problem that the authenticity of data cannot be guaranteed on the premise of ensuring the privacy of cloud electronic medical data at present is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A cloud electronic medical data encryption system, comprising: cloud data server CDS running with medical data encryption system software and used for storing electronic medical data, responding to user requests and providing corresponding servicesDSCloud authorization server CAS running medical data encryption system software and used for distributing read and write keysKRunning medical data encryption system software and used for electronic medical treatmentComputer terminal PCT for authorizing data reading operationDOComputer terminal PCT running with medical data encryption system software and used for authorizing electronic medical data writing operationsDMComputer terminal PCT running with medical data encryption system software and used for reading electronic medical dataDR
Cloud authorization server CASKPCT respectively connected with computer terminals on medical data encryption system through network communication equipmentDOAnd computer terminal PCTDMCarrying out communication connection;
computer terminal PCTDOAnd computer terminal PCTDMCDS (CDS) of all cloud data servers on medical data encryption system through network communication equipmentDSCarrying out communication connection;
cloud data server CDSDSPCT with computer terminal on medical data encryption system through network communication equipmentDRCarrying out communication connection;
The encryption method of the medical data encryption system specifically comprises the following steps:
the method comprises the following steps: cloud authorization server CASKAnd (3) setting parameters: let n ═ pq, Φ (n) ═ p-1 (q-1), where p ≠ q is prime, select e, d, and satisfy ed ≡ 1mod Φ (n), public key PK ≡ e, n, and private key SK ≡ d, n;
cloud authorization server CASKRandom selection of ei1、ei2And e is ai1ei2E.g. Emod phi (n), ei1Sending to a computer terminal PCTDME is to bei2Sending to a cloud data server CDSDS
Cloud authorization server CASKRandom selection of dj1、dj2And d isj1dj2D is equal to dmod phi (n)j1Sending to a computer terminal PCTDOD is mixingj2Sending to a cloud data server CDSDS
Step two: computer terminal PCTDOAnd (3) setting parameters: let G and GTIs a cyclic group of order prime p, and G is the generator of G, H and HwIs {0, 1}*→GHash function of HeIs composed of
Figure BDA0002587441770000061
The hash function of (1);
computer terminal PCTDORandom selection
Figure BDA0002587441770000062
And kaGenerating a master key MK ═ { k ═ k }a,β,gαH, p, G, pβ,e(g,g)α,H,Hw,He};
Let U be { U ═ U1,…,unIs the user set, Λ ═ att1,…,attpGenerating a computer terminal PCT by taking the attribute as an attribute baseDRUser u ofiAttribute key of
Figure BDA0002587441770000071
Wherein the content of the first and second substances,
Figure BDA0002587441770000072
selecting randomly;
computer terminal PCTDORandom selection
Figure BDA0002587441770000073
As a challenge key, and calculating a complementary key
Figure BDA0002587441770000074
Will be provided with
Figure BDA0002587441770000075
Sending to a computer terminal PCT DRUser u ofiWill be
Figure BDA0002587441770000076
And all attribute groups GiSending to a cloud data server CDSDS
Step three: cloud data server CDSDSConstructing a KEK binary tree according to the attribute group information and giving a PCT (PCT) to the computer terminalDRTo a useruiDistribution path key PKtWherein each user must be uniquely assigned a leaf node, i.e. leaf node and user u, when constructing the binary treeiThe identities are in one-to-one correspondence;
computer terminal PCTDOSelecting
Figure BDA0002587441770000077
Computing
Figure BDA0002587441770000078
I(w)*=[R,HMACk(R)]Wherein k is He(I (w)), w represents a keyword, I (w))*Indexing the ciphertext;
computer terminal PCTDOReading key d for electronic medical datajEncrypting to obtain a read key djIs encrypted by the encryption key
Figure BDA0002587441770000079
Wherein the random selection is
Figure BDA00025874417700000710
Omega is a leaf node set;
cloud data server CDSDSFor reading secret key djCiphertext E ofABE(dj) Performing re-encryption operation, specifically comprising:
random selection
Figure BDA00025874417700000711
Calculating and outputting:
Figure BDA00025874417700000712
Figure BDA00025874417700000713
wherein E isK(M) denotes the encryption of the message M, KEK (G) using the symmetric key Ki) Representing an attribute group GiThe minimum coverage set of;
step four: computer terminal PCTDMRandom selection of a key k from a key spacexAs a symmetric key, the message M is encrypted by using a symmetric encryption algorithm E to obtain a ciphertext
Figure BDA0002587441770000081
Reuse of write key ei1Encrypting a symmetric key kxTo obtain a ciphertext
Figure BDA0002587441770000082
Finally, the message cipher text C is equal to (C) i1,Ci2) Sending to a cloud data server CDSDS
Cloud data server CDSDSUsing the corresponding write key ei2For ciphertext Ci2Performing re-encryption operation to obtain
Figure BDA0002587441770000083
Step five: when computer terminal PCTDRUser u ofiThe required search key is w*Using the inquiry key
Figure BDA0002587441770000084
Calculating trap door
Figure BDA0002587441770000085
Mixing Q (w)*) Sending to a cloud data server CDSDS
Cloud data server CDSDSComputing
Figure BDA0002587441770000086
k′=He(Q*(w*) ) then perform a key search, if there is an index satisfying HMACk(R)=HMACk′(R), then the corresponding ciphertext is added to the search result;
cloud data server CDSDSReading key d using corresponding electronic medical dataj2For ciphertext
Figure BDA0002587441770000087
Decrypting to obtain ciphertext
Figure BDA0002587441770000088
Cipher text of message
Figure BDA0002587441770000089
Reading key ciphertext
Figure BDA00025874417700000810
And Hdr to user ui
User uiDecrypting Hdr to obtain attribute group key
Figure BDA00025874417700000811
Updating the attribute key is as follows:
Figure BDA00025874417700000812
user uiDecrypting read key ciphertext
Figure BDA00025874417700000813
Obtaining a read key dj1Then decrypt the symmetric key
Figure BDA00025874417700000814
User uiUsing kxRecovering a message
Figure BDA00025874417700000815
Due to the adoption of a read-write permission separation mechanism, the CDS stored in the cloud data server is enabledDSOnly the electronic medical data passes through the computer terminal PCT with the read operation authorityDMIs authorized to allow the computer terminal PCTDRUser u ofiDecrypt the ciphertext and cause storage at the cloud data server CDS DSThe electronic medical data only has a computer terminal PCT with writing operation authorityDMCan be repairedAnd (5) changing.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A cloud electronic medical data encryption system, comprising: cloud data server CDS running medical data encryption system softwareDSCloud authorization server CASKComputer terminal PCT for authorizing electronic medical data reading operationDOComputer terminal PCT for authorizing electronic medical data writing operationDMComputer terminal PCT for reading electronic medical dataDR
Cloud authorization server CASKPCT respectively with computer terminalsDOAnd computer terminal PCTDMCarrying out communication connection; computer terminal PCTDOAnd computer terminal PCTDMCDS (uniform cloud data server)DSCarrying out communication connection; cloud data server CDSDSPCT with computer terminalDRCarrying out communication connection;
the encryption method of the medical data encryption system specifically comprises the following steps:
The method comprises the following steps: cloud authorization server CASKAnd (3) setting parameters: let n ═ pq, Φ (n) ═ p-1 (q-1), where p ≠ q is prime, select e, d, and satisfy ed ≡ 1mod Φ (n), public key PK ≡ e, n, and private key SK ≡ d, n;
cloud authorization server CASKRandom selection of ei1、ei2And e is ai1ei2E mode phi (n), ei1Sending to a computer terminal PCTDME is to bei2Sending to a cloud data server CDSDS
Cloud authorization server CASKRandom selection of dj1、dj2And d isj1dj2D mod φ (n), dj1Is sent to the meterComputer terminal PCTDOD is mixingj2Sending to a cloud data server CDSDS
Step two: computer terminal PCTDOAnd (3) setting parameters: let G and GTIs a cyclic group of order prime p, and G is the generator of G, H and HwIs {0, 1}*Hash function of → G, HeIs composed of
Figure FDA0002587441760000011
The hash function of (1);
computer terminal PCTDOThe alpha is randomly selected and the alpha is randomly selected,
Figure FDA0002587441760000012
and kaGenerating a master key MK ═ { k ═ k }a,β,gαH, p, G, pβ,e(g,g)α,H,Hw,He};
Let U be { U ═ U1,…,unIs the user set, Λ ═ att1,…,attpGenerating a computer terminal PCT by taking the attribute as an attribute baseDRUser u ofiAttribute key of
Figure FDA0002587441760000021
Wherein, r is a linear or branched alkyl group,
Figure FDA0002587441760000022
selecting randomly;
computer terminal PCTDORandom selection
Figure FDA0002587441760000023
As a challenge key, and calculating a complementary key
Figure FDA0002587441760000024
Will be provided with
Figure FDA0002587441760000025
Sent to user uiWill be
Figure FDA0002587441760000026
And all attribute groups GiSending to a cloud data server CDS DS
Step three: cloud data server CDSDSConstructing a KEK binary tree according to the attribute group information and giving a PCT (PCT) to the computer terminalDRUser u ofiDistribution path key PKt
Computer terminal PCTDOSelecting
Figure FDA0002587441760000027
Computing
Figure FDA0002587441760000028
I(w)*=[R,HMACk(R)]Wherein k is He(I (w)), w represents a keyword, I (w))*Indexing the ciphertext;
computer terminal PCTDOReading key d for electronic medical datajEncrypting to obtain a read key djIs encrypted by the encryption key
Figure FDA0002587441760000029
Wherein the random selection is
Figure FDA00025874417600000210
Omega is a leaf node set;
cloud data server CDSDSFor reading secret key djCiphertext E ofABE(dj) Performing re-encryption operation, specifically comprising:
random selection
Figure FDA00025874417600000211
Calculating and outputting:
Figure FDA00025874417600000212
Figure FDA00025874417600000213
wherein E isK(M) denotes the encryption of the message M, KEK (G) using the symmetric key Ki) Representing an attribute group GiThe minimum coverage set of;
step four: computer terminal PCTDMRandom selection of a key k from a key spacexAs a symmetric key, the message M is encrypted by using a symmetric encryption algorithm E to obtain a ciphertext
Figure FDA0002587441760000031
Reuse of write key ei1Encrypting a symmetric key kxTo obtain a ciphertext
Figure FDA0002587441760000032
Finally, the message cipher text C is equal to (C)i1,Ci2) Sending to a cloud data server CDSDS
Cloud data server CDSDSUsing the corresponding write key ei2For ciphertext Ci2Performing re-encryption operation to obtain
Figure FDA0002587441760000033
Step five: CDS (server CDS) of cloud dataDSReading key d using corresponding electronic medical data j2For ciphertext
Figure FDA0002587441760000034
Decrypting to obtain ciphertext
Figure FDA0002587441760000035
Cipher text of message
Figure FDA0002587441760000036
Reading key ciphertext
Figure FDA0002587441760000037
And Hdr sends to the meterComputer terminal PCTDRUser u ofi
Computer terminal PCTDRUser u ofiDecrypting Hdr to obtain attribute group key
Figure FDA0002587441760000038
Updating the attribute key is as follows:
Figure FDA0002587441760000039
computer terminal PCTDRUser u ofiDecrypting read key ciphertext
Figure FDA00025874417600000310
Obtaining a read key dj1Then decrypt the symmetric key
Figure FDA00025874417600000311
2. The cloud electronic medical data encryption system of claim 1, wherein the user uiThe search key is w*Using the inquiry key
Figure FDA00025874417600000312
Calculating trap door
Figure FDA00025874417600000313
Mixing Q (w)*) Sending to a cloud data server CDSDS
3. The cloud electronic medical data encryption system of claim 2 wherein the cloud data server CDSDSComputing
Figure FDA0002587441760000041
k′=He(Q*(w*) Carry out keyword search.
4. The cloud electronic medical data encryption system of claim 3, wherein the user uiUsing kxRecovering a message
Figure FDA0002587441760000042
CN202010685571.9A 2020-07-16 2020-07-16 Cloud electronic medical data encryption system Pending CN111865965A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010685571.9A CN111865965A (en) 2020-07-16 2020-07-16 Cloud electronic medical data encryption system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010685571.9A CN111865965A (en) 2020-07-16 2020-07-16 Cloud electronic medical data encryption system

Publications (1)

Publication Number Publication Date
CN111865965A true CN111865965A (en) 2020-10-30

Family

ID=72983570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010685571.9A Pending CN111865965A (en) 2020-07-16 2020-07-16 Cloud electronic medical data encryption system

Country Status (1)

Country Link
CN (1) CN111865965A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120144210A1 (en) * 2010-12-03 2012-06-07 Yacov Yacobi Attribute-based access-controlled data-storage system
CN103729603A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Secure file management system and method capable of achieving read/write splitting
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120144210A1 (en) * 2010-12-03 2012-06-07 Yacov Yacobi Attribute-based access-controlled data-storage system
CN103729603A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Secure file management system and method capable of achieving read/write splitting
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
张馨月等: "加密云数据多级安全访问控制方案", 《小型微型计算机系统》 *
王于丁等: "DACPCC:一种包含访问权限的云计算数据访问控制方案", 《电子学报》 *
黄容: "基于属性加密的数据共享方案研究与设计", 《中国优秀硕士学位论文全文数据库(电子期刊)》 *

Similar Documents

Publication Publication Date Title
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
Yu et al. Achieving secure, scalable, and fine-grained data access control in cloud computing
Huang et al. Survey on securing data storage in the cloud
US10050777B2 (en) Method of updating a file tree stored on a storage server
CN114065265B (en) Fine-grained cloud storage access control method, system and equipment based on blockchain technology
Gao et al. BSSPD: a blockchain-based security sharing scheme for personal data with fine-grained access control
CN106656997B (en) One kind being based on the cross-domain friend-making method for secret protection of mobile social networking proxy re-encryption
CN113411323B (en) Medical record data access control system and method based on attribute encryption
CN115296817B (en) Data access control method based on block chain technology and attribute encryption
CN113645195B (en) Cloud medical record ciphertext access control system and method based on CP-ABE and SM4
Gardiyawasam Pussewalage et al. A distributed multi-authority attribute based encryption scheme for secure sharing of personal health records
Qinlong et al. Improving security and efciency for encrypted data sharing in online social networks
Fugkeaw A lightweight policy update scheme for outsourced personal health records sharing
US20070098156A1 (en) Digital rights management
CN115694974A (en) Ciphertext data sharing method and system based on collaborative searchable
CN114124392B (en) Data controlled circulation method, system, device and medium supporting access control
CN111865965A (en) Cloud electronic medical data encryption system
CN110474873B (en) Electronic file access control method and system based on knowledge range encryption
Tian et al. Fine‐grained assured insertion and deletion scheme based on onion encryption in cloud storage
Eswara Narayanan et al. A highly secured and streamlined cloud collaborative editing scheme along with an efficient user revocation in cloud computing
Kuo et al. Medical information digital right management on the information-centric networking
Merdassi et al. A new LTMA-ABE location and time access security control scheme for mobile cloud
Peethambaran et al. Cloud Based Access Control Model For Selective Encryption Of Documents With Traitor Detection
CN116094826A (en) Function encryption system based on attribute and online medical diagnosis encryption access method
THUSHARA et al. Chebyshev Chaotic Map with Attribute Based Encryption on Session Based Data Sharing in Fog Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201030

RJ01 Rejection of invention patent application after publication