CN112699385A - Method and system for carrying out access control on electronic health record based on block chain - Google Patents

Abstract

The invention discloses a method and a system for carrying out access control on electronic health records based on a block chain, wherein the method comprises the following steps: establishing an intelligent contract based on the block chain, wherein the intelligent contract comprises a participant and an access control strategy; acquiring electronic health record data of a target object in a participant, and sending the electronic health record data to an edge node; when a target object initiates an access event of electronic health record data corresponding to the target object, providing a disposable self-destruction first resource positioning address for the target object through an edge node; the target object accesses the electronic health record data based on an access control strategy according to the access address; when any target object associated party in the participants initiates an access event of the electronic health record data corresponding to the target object, when the identity qualification of the target object associated party meets the access condition, a disposable self-destruction second resource positioning address is provided for the target object associated party through the edge node, and the access to the electronic health record data is realized based on the access control strategy.

Description

Method and system for carrying out access control on electronic health record based on block chain

Technical Field

The invention relates to the technical field of block chain technology application, in particular to a method and a system for performing access control on electronic health records based on a block chain.

Background

The global electronic health record market is growing dramatically and electronic health record data can collect data from multiple sources, such as wearable devices, smart sensors, and medical imaging devices. Access control is an important mechanism for managing electronic health record data. Currently, electronic health record data is facing significant access security risks, and significant electronic record data leakage events occur many times.

While encryption solves some of the basic security and privacy concerns of electronic health records, access control is difficult to implement efficiently due to the highly decentralized nature of electronic health record data and the complex relationship between the data owner and the data user. The prior art solution based on the blockchain has two significant drawbacks from the perspective of electronic medical record management. First, while blockchains can ensure data integrity, they lack the appropriate access control mechanisms to contain the operations performed by the different participants. Second, the block sizes in the block chain are too limited to accommodate electronic health record data containing images (e.g., X-rays, CT scans, and MRI) and/or video (e.g., ultrasound).

Therefore, it is important to provide a flexible and fine-grained access control solution for electronic health record data, and a technology is needed to realize access control of electronic health records based on block chains.

Disclosure of Invention

The technical scheme of the invention provides a method and a system for performing access control on an electronic health record based on a block chain, which aim to solve the problem of how to perform access control on the electronic health record based on the block chain.

In order to solve the above problem, the present invention provides a method for performing access control on an electronic health record based on a block chain, the method comprising:

establishing an intelligent contract based on the blockchain, the intelligent contract comprising a participant executing the intelligent contract and an access control policy defined by a target object in the participant;

acquiring electronic health record data of a target object in the participant, and sending the electronic health record data to an edge node; the edge node stores the electronic health record data;

when a target object initiates an access event of electronic health record data corresponding to the target object, providing a disposable self-destruction first resource location address for the target object through the edge node;

the target object analyzes the disposable self-destruction first resource positioning address to obtain an access address of the electronic health record data stored in the edge node; the target object accesses the electronic health record data based on the access control strategy according to the access address;

when any one target object associated party in the participants initiates an access event of electronic health record data corresponding to a target object, judging whether the identity qualification of the target object associated party meets an access condition or not based on the access control strategy;

when the identity qualification of the target object associated party meets the access condition, providing a disposable self-destruction second resource positioning address for the target object associated party through the edge node;

the target object correlation party analyzes the one-time self-destruction second resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object correlation party realizes the access to the electronic health record data according to the access address and based on the access control strategy.

Preferably, the access control policy includes:

defining participants in an access control process, wherein the participants comprise a target object and a target object associator associated with the target object;

defining operations in an access control process;

defining the participants to which the access control strategy is applicable;

defining a condition rule of an access control policy comprising a plurality of variables, and an effective time of the condition rule;

an enforcement action of the access control policy is defined.

Preferably, the method further comprises the following steps: when the target object completes the access to the electronic health record data according to the access address based on the access control strategy, deleting the disposable self-destruction first resource positioning address;

and deleting the disposable self-destruction second resource positioning address when the target object associated party completes the access to the electronic health record data according to the access address based on the access control strategy.

Preferably, the method further comprises the following steps: when the target object completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object;

and when the target object associated party completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object associated party.

Preferably, the method further comprises the following steps: establishing a hash abstract for the electronic health record data through the edge node, and sending the hash abstract to the target object;

and the target object compares the received hash abstract with the original hash abstract, and judges whether the electronic health record data is modified according to the comparison result.

Based on another aspect of the present invention, the present invention provides a system for access control of electronic health records based on a blockchain, the system comprising:

an initial unit configured to establish an intelligent contract based on a blockchain, the intelligent contract comprising a participant executing the intelligent contract and an access control policy defined by a target object in the participant;

the acquisition unit is used for acquiring electronic health record data of a target object in the participant and sending the electronic health record data to an edge node; the edge node stores the electronic health record data;

the first access unit is used for providing a one-time self-destruction first resource positioning address for the target object through the edge node when the target object initiates an access event of electronic health record data corresponding to the target object; the target object analyzes the disposable self-destruction first resource positioning address to obtain an access address of the electronic health record data stored in the edge node; the target object accesses the electronic health record data based on the access control strategy according to the access address;

the second access unit is used for judging whether the identity qualification of the target object associated party meets the access condition or not based on the access control strategy when any target object associated party in the participants initiates the access event of the electronic health record data corresponding to the target object; when the identity qualification of the target object associated party meets the access condition, providing a disposable self-destruction second resource positioning address for the target object associated party through the edge node; the target object correlation party analyzes the one-time self-destruction second resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object correlation party realizes the access to the electronic health record data according to the access address and based on the access control strategy.

Preferably, the access control policy includes:

defining participants in an access control process, wherein the participants comprise a target object and a target object associator associated with the target object;

defining operations in an access control process;

defining the participants to which the access control strategy is applicable;

defining a condition rule of an access control policy comprising a plurality of variables, and an effective time of the condition rule;

an enforcement action of the access control policy is defined.

Preferably, the first access unit is further configured to: when the target object completes the access to the electronic health record data according to the access address based on the access control strategy, deleting the disposable self-destruction first resource positioning address;

the second access unit is further configured to: and deleting the disposable self-destruction second resource positioning address when the target object associated party completes the access to the electronic health record data according to the access address based on the access control strategy.

Preferably, the recording unit is further included for: when the target object completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object;

and when the target object associated party completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object associated party.

Preferably, the device further comprises a judging unit, configured to: establishing a hash abstract for the electronic health record data through the edge node, and sending the hash abstract to the target object;

and the target object compares the received hash abstract with the original hash abstract, and judges whether the electronic health record data is modified according to the comparison result.

The technical solution of the present invention uses a hybrid architecture of blockchains and edge nodes to facilitate electronic health record based data access control. In the technical scheme of the invention, the block chain executes an intelligent contract which uses an access control list, namely an access control strategy programming, so as to implement the access control of the electronic health record data based on the identity, and the legal access event is recorded in the block chain to realize traceability and responsibility system. In collaboration, the edge nodes store the electronic health record data and further enforce attribute-based access control of the electronic health record data using policies specified in the abbreviated authorization language.

Drawings

A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:

FIG. 1 is a flow diagram of a method for block chain based access control to electronic health records in accordance with a preferred embodiment of the present invention;

FIG. 2 is a block chain-based framework for access control to electronic health records in accordance with a preferred embodiment of the present invention; and

fig. 3 is a block diagram of a system for access control to an electronic health record based on a blockchain in accordance with a preferred embodiment of the present invention.

Detailed Description

The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.

Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.

Fig. 1 is a flow chart of a method for access control to an electronic health record based on a blockchain in accordance with a preferred embodiment of the present invention. As shown in fig. 1, the present invention provides a method for controlling access to an electronic health record based on a block chain, the method comprising:

step 101: an intelligent contract is established based on the blockchain, the intelligent contract including a participant executing the intelligent contract and an access control policy defined by a target object in the participant.

Preferably, the access control policy comprises:

defining participants in the access control process, wherein the participants comprise a target object and a target object associator associated with the target object;

defining operations in an access control process;

defining the participants to which the access control strategy is applicable;

defining a condition rule of an access control policy including a plurality of variables, and an effective time of the condition rule;

an enforcement action of the access control policy is defined.

The invention realizes intelligent contracts through a block chain, and the first part of the intelligent contracts is to define network functions including participants, URL addresses, transactions and access control logs. The second part is to define access control policies for different participants of the access control. Finally, a database query pattern and requirements are defined in the query file.

The present invention is authorized by an access control policy, allowing a doctor to retrieve the electronic health record address of his patient, and only allowing the patient to retrieve his own electronic health record address.

The search query function in the present invention is defined as the transaction process in the intelligent contract and is invoked by the participant who submitted his request. All historical retrieval events are saved as an electronic health record access control log that is not modifiable and traceable on the blockchain network.

Step 102: acquiring electronic health record data of a target object in a participant, and sending the electronic health record data to an edge node; the edge node stores the electronic health record data. The present invention collects electronic health record data from a patient via smart sensors and imaging devices and uploads it to an edge node.

Step 103: when a target object initiates an access event of electronic health record data corresponding to the target object, providing a disposable self-destruction first resource positioning address for the target object through an edge node;

step 104: the target object analyzes the disposable self-destruction first resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object realizes the access to the electronic health record data based on the access control strategy according to the access address.

The invention sets access authority for the electronic health record data by applying the access control strategy through the edge node, and returns a disposable self-destruction URL (uniform resource locator) containing the address of the electronic health record on the edge node to a target object, such as a patient.

The present invention allows a patient to perform an access control policy on his or her electronic health record data after the edge node collects the electronic health record data from the patient. By defining an access control policy, it can determine data that allows a user to read, write, and update content. When an access control policy is available in the blockchain network, a data user (e.g., a doctor or nurse) may send an access request to the patient for access approval and receive the URL address of the actual electronic health record data stored in the edge node.

The access control policy in the present invention is defined by the following components:

subject matter: it defines the individuals or entities involved in the access control process.

The operation is as follows: indicating the operation of rule management. Such as the operations: READ, WRITE and UPDATE.

Object: it defines the objects to which the access control policy applies. It may be a single document of electronic health record data or a complex union of electronic health record data.

Conditions are as follows: it is a policy composition expression of multiple variables. In addition, our scheme can support if (..) expressions for complex access control policy conditions.

The actions are as follows: representing the final action of the access control policy. Such as ALLOW or DENY. We define two types of access control policies: unconditional rules and conditional rules. Unconditional rules are used to control access control policies to a particular group of participants. Instead, the conditional access control policy may represent various AND gate access control policies AND return a boolean result on the operation result. For example, only doctors in a people's hospital can read a patient's electronic health record data.

Time: a valid period of time for the rule to take effect is specified.

The access policy in the present invention is exemplified as follows:

rule1

The following steps are described: ' only doctors in people ' hospitals can read data '

Subject matter: doctor in people's hospital "

The operation is as follows: reading

Object: "renmin. parent # number. data"

Conditions are as follows: "role ═ sector & & institution ═ people hospital"

The operation is as follows: ALLOW

Time: "2020.1.1 to 2020.5.1" }

The invention can provide an access control log electronic health record data of an event by using an access control strategy, and determines the capacity of reading, writing or updating.

According to the invention, the patient can analyze the access address of the electronic health record at the edge node according to the disposable self-destruction URL. The patient electronic health record address is maintained as a personal asset in a blockchain network. That is, the patient and the electronic health record asset have a one-to-one relationship, both identified by the patient ID.

At the same time the patient will register on the blockchain and define access control list policies to assert access rights to the healthcare provider.

The one-time self-destruction URL comprises the address of the electronic health record data stored in the edge node, and can be realized in many ways, such as https://1ty.me/, without limitation. The one-time self-destruction URL service is typically run on HTTPS and the electronic health record data address information is encrypted. The key to decrypt the address is a portion of the data contained in the URL. The generated URL is not stored on the one-time self-destruct URL server. As a result, only valid one-time URL links can display and decrypt the address information. After viewing the address information, the encrypted information will be deleted from the system and the URL link will disappear and not be accessible again.

Step 105: when any one of the target object associated parties initiates an access event of the electronic health record data corresponding to the target object, whether the identity qualification of the target object associated party meets the access condition is judged based on the access control strategy.

Step 106: and when the identity qualification of the target object associated party meets the access condition, providing a disposable self-destruction second resource positioning address for the target object associated party through the edge node.

In the present invention, a healthcare provider (such as a doctor/nurse) associated with a patient may send an access request via an intelligent contract that will check identity information according to an access control policy. If the conditions are met, the intelligent contract generates a one-time self-destruction URL and returns a corresponding URL address to locate the edge node for separately storing the electronic health record data.

In the invention, as long as a doctor or a nurse meets the requirement of an access control strategy executed on the electronic health record data, the electronic health record data can be accessed.

Step 107: the target object correlation party analyzes the disposable self-destruction second resource positioning address to obtain an access address of the electronic health record data in the edge node; and the target object correlation party realizes the access to the electronic health record data based on the access control strategy according to the access address.

Preferably, the method further comprises the following steps: establishing a hash abstract for the electronic health record data through the edge node, and sending the hash abstract to a target object;

and the target object compares the received hash abstract with the original hash abstract and judges whether the electronic health record data is modified or not according to the comparison result.

In the invention, the edge node creates a hash summary for the electronic health record data, and when the edge node sends the URL result back to the patient, the edge node comprises the hash summary result of the electronic health record data. The hash digest result contains a string of numbers created by a one-way hash formula. The summarization function may protect the integrity of the electronic health record data and detect changes or alterations to any portion of the data. Comparing the hash digest results, it may be determined whether any changes have been made to the electronic health record data. If the electronic health record data has been modified, the hash digest is different from the original digest, and a sophisticated hash algorithm, such as SHA-3, may be used, without limitation.

Preferably, the method further comprises the following steps: when the target object completes the access to the electronic health record data according to the access address based on the access control strategy, deleting the disposable self-destruction first resource positioning address;

and when the target object associated party completes the access to the electronic health record data based on the access control strategy according to the access address, deleting the disposable self-destruction second resource positioning address.

Preferably, the method further comprises the following steps: when the target object completes the access to the electronic health record data based on the access control strategy according to the access address, recording the access event of the target object;

and when the target object associated party completes the access to the electronic health record data based on the access control strategy according to the access address, recording the access event of the target object associated party.

Fig. 2 is a block chain-based framework for access control of electronic health records according to a preferred embodiment of the present invention. The invention provides an access control method for an electronic health record based on a block chain. In particular, all access events may be verified and recorded by a consensus mechanism before being added to the blockchain. The present invention uses a hybrid architecture of blockchains and edge nodes to facilitate attribute-based electronic health record data access control. In particular, the blockchain executes intelligent contracts programmed with access control lists (access control) to enforce identity-based electronic health record data access control and to record legitimate access events into the blockchain to enable traceability and accountability. In collaboration, the edge nodes store the electronic health record data and further enforce attribute-based access control of the electronic health record data using policies specified in the abbreviated authorization language. In addition, the hash digest is used to protect the integrity of the electronic health record data stored in the edge node, which helps detect any changes to the electronic health record. In addition, one-time self-destruct URLs containing the data addresses of electronic health records on edge nodes are referenced in smart contracts that are returned to the healthcare provider after successful execution of the access control policy. The healthcare provider then uses the URL to access the electronic health record data from the edge node. Thus, only qualified users with attribute-based access control applied by the edge node can access the requested electronic health record data.

Patient (electronic health record data owner and manufacturer): a patient is an entity that has electronic health record data to access. The patient may specify an access control policy for the electronic health record data he/she owns.

Healthcare provider (electronic health record data visitor): general healthcare providers (e.g., doctors and nurses) are entities that need access to electronic health record data owned by patients. Medical personnel actively seek access authorization for the patient.

Smart diagnostic/medical device: typically a sensor/imaging device, is a device that collects electronic health record data from a patient and sends it to an edge node. Imaging devices may include X-rays, CT scans, MRI and ultrasound, which generate electronic health record data from a patient.

Electronic health record data: electronic health record data is a piece of information that a patient possesses and that can be accessed by authorized healthcare providers.

Edge nodes: an edge node is a computing and storage device that stores electronic health record data and enforces attribute-based access control policies.

Block chains: the blockchain is used as a controller for the architecture that manages access control policies and provides a tamper resistant access log.

Fig. 3 is a block diagram of a system for access control to an electronic health record based on a blockchain in accordance with a preferred embodiment of the present invention. As shown in fig. 3, the present invention provides a system for access control to an electronic health record based on a blockchain, the system comprising:

an initial unit 301 is configured to establish an intelligent contract based on a blockchain, the intelligent contract including a participant executing the intelligent contract and an access control policy defined by a target object in the participant. Preferably, the access control policy comprises:

defining participants in the access control process, wherein the participants comprise a target object and a target object associator associated with the target object;

defining operations in an access control process;

defining the participants to which the access control strategy is applicable;

defining a condition rule of an access control policy including a plurality of variables, and an effective time of the condition rule;

an enforcement action of the access control policy is defined.

The invention realizes intelligent contracts through a block chain, and the first part of the intelligent contracts is to define network functions including participants, URL addresses, transactions and access control logs. The second part is to define access control policies for different participants of the access control. Finally, a database query pattern and requirements are defined in the query file.

The present invention is authorized by an access control policy, allowing a doctor to retrieve the electronic health record address of his patient, and only allowing the patient to retrieve his own electronic health record address.

The search query function in the present invention is defined as the transaction process in the intelligent contract and is invoked by the participant who submitted his request. All historical retrieval events are saved as an electronic health record access control log that is not modifiable and traceable on the blockchain network.

An obtaining unit 302, configured to obtain electronic health record data of a target object in a participant, and send the electronic health record data to an edge node; the edge node stores the electronic health record data. The present invention collects electronic health record data from a patient via smart sensors and imaging devices and uploads it to an edge node.

A first accessing unit 303, configured to provide a one-time self-destruction first resource location address to a target object through an edge node when the target object initiates an access event of electronic health record data corresponding to the target object; the target object analyzes the disposable self-destruction first resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object realizes the access to the electronic health record data based on the access control strategy according to the access address.

The present invention allows a patient to perform an access control policy on his or her electronic health record data after the edge node collects the electronic health record data from the patient. By defining an access control policy, it can determine data that allows a user to read, write, and update content. When an access control policy is available in the blockchain network, a data user (e.g., a doctor or nurse) may send an access request to the patient for access approval and receive the URL address of the actual electronic health record data stored in the edge node.

The access control policy in the present invention is defined by the following components:

subject matter: it defines the individuals or entities involved in the access control process.

The operation is as follows: indicating the operation of rule management. Such as the operations: READ, WRITE and UPDATE.

Object: it defines the objects to which the access control policy applies. It may be a single document of electronic health record data or a complex union of electronic health record data.

Conditions are as follows: it is a policy composition expression of multiple variables. In addition, our scheme can support if (..) expressions for complex access control policy conditions.

The actions are as follows: representing the final action of the access control policy. Such as ALLOW or DENY. We define two types of access control policies: unconditional rules and conditional rules. Unconditional rules are used to control access control policies to a particular group of participants. Instead, the conditional access control policy may represent various AND gate access control policies AND return a boolean result on the operation result. For example, only doctors in a people's hospital can read a patient's electronic health record data.

Time: a valid period of time for the rule to take effect is specified.

The access policy in the present invention is exemplified as follows:

rule1

The following steps are described: ' only doctors in people ' hospitals can read data '

Subject matter: doctor in people's hospital "

The operation is as follows: reading

Object: "renmin. parent # number. data"

Conditions are as follows: "role ═ sector & & institution ═ people hospital"

The operation is as follows: ALLOW

Time: "2020.1.1 to 2020.5.1" }

The invention can provide an access control log electronic health record data of an event by using an access control strategy, and determines the capacity of reading, writing or updating.

According to the invention, the patient can analyze the access address of the electronic health record at the edge node according to the disposable self-destruction URL. The patient electronic health record address is maintained as a personal asset in a blockchain network. That is, the patient and the electronic health record asset have a one-to-one relationship, both identified by the patient ID.

At the same time the patient will register on the blockchain and define access control list policies to assert access rights to the healthcare provider.

The one-time self-destruction URL comprises the address of the electronic health record data stored in the edge node, and can be realized in many ways, such as https://1ty.me/, without limitation. The one-time self-destruction URL service is typically run on HTTPS and the electronic health record data address information is encrypted. The key to decrypt the address is a portion of the data contained in the URL. The generated URL is not stored on the one-time self-destruct URL server. As a result, only valid one-time URL links can display and decrypt the address information. After viewing the address information, the encrypted information will be deleted from the system and the URL link will disappear and not be accessible again.

A second accessing unit 304, configured to, when any one of the participants initiates an access event of the electronic health record data corresponding to the target object, determine, based on the access control policy, whether the identity qualification of the target object associated meets the access condition; when the identity qualification of the target object associated party meets the access condition, providing a disposable self-destruction second resource positioning address for the target object associated party through the edge node; the target object correlation party analyzes the disposable self-destruction second resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object correlation party realizes the access to the electronic health record data based on the access control strategy according to the access address. The invention sets access authority for the electronic health record data by applying the access control strategy through the edge node, and returns a disposable self-destruction URL (uniform resource locator) containing the address of the electronic health record on the edge node to a target object, such as a patient.

In the present invention, a healthcare provider (such as a doctor/nurse) associated with a patient may send an access request via an intelligent contract that will check identity information according to an access control policy. If the conditions are met, the intelligent contract generates a one-time self-destruction URL and returns a corresponding URL address to locate the edge node for separately storing the electronic health record data.

In the invention, as long as a doctor or a nurse meets the requirement of an access control strategy executed on the electronic health record data, the electronic health record data can be accessed.

Preferably, the first access unit is further configured to: when the target object completes the access to the electronic health record data according to the access address based on the access control strategy, deleting the disposable self-destruction first resource positioning address; the second access unit is further configured to: and when the target object associated party completes the access to the electronic health record data based on the access control strategy according to the access address, deleting the disposable self-destruction second resource positioning address.

Preferably, the recording unit is further included for: when the target object completes the access to the electronic health record data based on the access control strategy according to the access address, recording the access event of the target object; and when the target object associated party completes the access to the electronic health record data based on the access control strategy according to the access address, recording the access event of the target object associated party.

Preferably, the device further comprises a judging unit, configured to: establishing a hash abstract for the electronic health record data through the edge node, and sending the hash abstract to a target object;

and the target object compares the received hash abstract with the original hash abstract and judges whether the electronic health record data is modified or not according to the comparison result.

In the invention, the edge node creates a hash summary for the electronic health record data, and when the edge node sends the URL result back to the patient, the edge node comprises the hash summary result of the electronic health record data. The hash digest result contains a string of numbers created by a one-way hash formula. The summarization function may protect the integrity of the electronic health record data and detect changes or alterations to any portion of the data. Comparing the hash digest results, it may be determined whether any changes have been made to the electronic health record data. If the electronic health record data has been modified, the hash digest is different from the original digest, and a sophisticated hash algorithm, such as SHA-3, may be used, without limitation.

The invention has been described with reference to a few embodiments. However, other embodiments of the invention than the one disclosed above are equally possible within the scope of the invention, as would be apparent to a person skilled in the art from the appended patent claims.

Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the [ device, component, etc ]" are to be interpreted openly as referring to at least one instance of said device, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.

Claims (10)

1. A method of access control to an electronic health record based on a blockchain, the method comprising:

establishing an intelligent contract based on the blockchain, the intelligent contract comprising a participant executing the intelligent contract and an access control policy defined by a target object in the participant;

acquiring electronic health record data of a target object in the participant, and sending the electronic health record data to an edge node; the edge node stores the electronic health record data;

when a target object initiates an access event of electronic health record data corresponding to the target object, providing a disposable self-destruction first resource location address for the target object through the edge node;

the target object analyzes the disposable self-destruction first resource positioning address to obtain an access address of the electronic health record data stored in the edge node; the target object accesses the electronic health record data based on the access control strategy according to the access address;

when any one target object associated party in the participants initiates an access event of electronic health record data corresponding to a target object, judging whether the identity qualification of the target object associated party meets an access condition or not based on the access control strategy;

when the identity qualification of the target object associated party meets the access condition, providing a disposable self-destruction second resource positioning address for the target object associated party through the edge node;

the target object correlation party analyzes the one-time self-destruction second resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object correlation party realizes the access to the electronic health record data according to the access address and based on the access control strategy.

2. The method of claim 1, the access control policy comprising:

defining participants in an access control process, wherein the participants comprise a target object and a target object associator associated with the target object;

defining operations in an access control process;

defining the participants to which the access control strategy is applicable;

defining a condition rule of an access control policy comprising a plurality of variables, and an effective time of the condition rule;

an enforcement action of the access control policy is defined.

3. The method of claim 1, further comprising: when the target object completes the access to the electronic health record data according to the access address based on the access control strategy, deleting the disposable self-destruction first resource positioning address;

and deleting the disposable self-destruction second resource positioning address when the target object associated party completes the access to the electronic health record data according to the access address based on the access control strategy.

4. The method of claim 1, further comprising: when the target object completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object;

and when the target object associated party completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object associated party.

5. The method of claim 1, further comprising: establishing a hash abstract for the electronic health record data through the edge node, and sending the hash abstract to the target object;

and the target object compares the received hash abstract with the original hash abstract, and judges whether the electronic health record data is modified according to the comparison result.

6. A system for access control to an electronic health record based on a blockchain, the system comprising:

an initial unit configured to establish an intelligent contract based on a blockchain, the intelligent contract comprising a participant executing the intelligent contract and an access control policy defined by a target object in the participant;

the acquisition unit is used for acquiring electronic health record data of a target object in the participant and sending the electronic health record data to an edge node; the edge node stores the electronic health record data;

the first access unit is used for providing a one-time self-destruction first resource positioning address for the target object through the edge node when the target object initiates an access event of electronic health record data corresponding to the target object; the target object analyzes the disposable self-destruction first resource positioning address to obtain an access address of the electronic health record data stored in the edge node; the target object accesses the electronic health record data based on the access control strategy according to the access address;

the second access unit is used for judging whether the identity qualification of the target object associated party meets the access condition or not based on the access control strategy when any target object associated party in the participants initiates the access event of the electronic health record data corresponding to the target object; when the identity qualification of the target object associated party meets the access condition, providing a disposable self-destruction second resource positioning address for the target object associated party through the edge node; the target object correlation party analyzes the one-time self-destruction second resource positioning address to obtain an access address of the electronic health record data stored in the edge node; and the target object correlation party realizes the access to the electronic health record data according to the access address and based on the access control strategy.

7. The system of claim 6, the access control policy comprising:

defining participants in an access control process, wherein the participants comprise a target object and a target object associator associated with the target object;

defining operations in an access control process;

defining the participants to which the access control strategy is applicable;

defining a condition rule of an access control policy comprising a plurality of variables, and an effective time of the condition rule;

an enforcement action of the access control policy is defined.

8. The system of claim 6, the first access unit further to: when the target object completes the access to the electronic health record data according to the access address based on the access control strategy, deleting the disposable self-destruction first resource positioning address;

the second access unit is further configured to: and deleting the disposable self-destruction second resource positioning address when the target object associated party completes the access to the electronic health record data according to the access address based on the access control strategy.

9. The system of claim 6, further comprising a recording unit to: when the target object completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object;

and when the target object associated party completes the access to the electronic health record data according to the access address and based on the access control strategy, recording the access event of the target object associated party.

10. The system of claim 6, further comprising a determination unit to: establishing a hash abstract for the electronic health record data through the edge node, and sending the hash abstract to the target object;

and the target object compares the received hash abstract with the original hash abstract, and judges whether the electronic health record data is modified according to the comparison result.

Images