CN113407627B - Block chain-based intelligent medical network system and medical data sharing method - Google Patents
Block chain-based intelligent medical network system and medical data sharing method Download PDFInfo
- Publication number
- CN113407627B CN113407627B CN202110669068.9A CN202110669068A CN113407627B CN 113407627 B CN113407627 B CN 113407627B CN 202110669068 A CN202110669068 A CN 202110669068A CN 113407627 B CN113407627 B CN 113407627B
- Authority
- CN
- China
- Prior art keywords
- data
- search
- symmetric key
- blockchain
- original data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000013475 authorization Methods 0.000 claims abstract description 32
- 230000006870 function Effects 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 6
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000004422 calculation algorithm Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims description 3
- 230000036541 health Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 201000010099 disease Diseases 0.000 description 3
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2255—Hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2471—Distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses an intelligent medical network system based on a blockchain and a medical data sharing method, which relate to the technical field of search safety and privacy protection and comprise the following steps: a data possession terminal for: encrypting and transmitting the encrypted original data to an interstellar file system; encrypting the corresponding key words and file identifiers of the original data into encryption indexes; uploading the encryption index to the blockchain for sharing, wherein the data owner can authorize the data user end so that the data user end can configure keywords and decrypt the keywords to obtain original data; a data user end for: sending a search request to a data possession terminal and obtaining a search authorization token, wherein the search authorization token comprises search result proving data and token valid time; generating a search trapdoor; and when the actual search result is verified to be correct, obtaining the authority for accessing the original data of the decrypted data possessor. The invention combines the searchable encryption and intelligent contracts to realize time control and verifiable keyword search.
Description
Technical Field
The invention relates to the technical field of search safety and privacy protection, in particular to an intelligent medical network system based on a blockchain and a medical data sharing method.
Background
For many years, intelligent healthcare networks (Smart healthcare networks, SHN) have been properly referred to as the medical internet of things (IoMT). The killer class of SHNs is used in many applications. For example, facebook has started a new health care tool. Electronic health records are digital records, which are collections of patient health records, and these information are shared in the SHN. The electronic medical record is highly private and has great financial value. Accordingly, more and more research is being focused on security and privacy preserving shared electronic medical records. Sharing the electronic medical records can help doctors to effectively evaluate the disease condition of patients and make correct disease diagnosis.
Electronic health record (EHR, electronic health record) sharing is inherently a private data sharing, thus resulting in storage security and privacy leakage issues. To address these issues, cloud-based electronic medical record sharing has been proposed. The authors propose a fine-grained access control scheme to achieve patient-centric personal health record privacy in cloud computing. In order to access a patient's health record for a limited period of time, a federated keyword search with a designed tester and time-enabled proxy re-encryption function is proposed. Even though these works combine different cryptographic algorithms and cloud computing to enable EHR sharing to enable revocation of data security and time control, there are still some security threats. In particular, cloud servers are semi-trusted. If the cloud server is attacked or lacks adequate monitoring, a single point of failure will result.
Disclosure of Invention
The invention aims to provide an intelligent medical network system and a medical data sharing method based on a blockchain, which can improve the safety of data, and users with proper access rights can search for required data by using the limited authorization of a data owner and verify the authenticity of a search result.
In order to achieve the above object, the present invention provides a blockchain-based intelligent medical network system including: a data possession terminal for: encrypting the original data and sending the encrypted original data to an interstellar file system; encrypting the corresponding key words and file identifiers of the original data into encryption indexes; uploading the encryption index to a blockchain for sharing, wherein the data owner can authorize a data user side, so that the data user side can configure expected keywords and decrypt the expected keywords to obtain the original data; the data user side is configured to: sending a search request to the data possession terminal and obtaining a search authorization token, wherein the search authorization token comprises search result proving data and token valid time; generating a search trapdoor through the public key and the search authorization token; and calling a search intelligent contract on the blockchain to search to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interstellar file system when the search result proves that the data verifies that the actual search result is correct.
Preferably, the encrypting, by the data owner, the key words and the file identifiers corresponding to the original data into the encrypted index includes: the data possession terminal is used for encrypting the corresponding key words and the file identifiers of the original data at different times to obtain an encryption index set.
Preferably, the present invention further provides a medical data sharing method based on a blockchain, using the above-mentioned intelligent medical network system based on a blockchain, where the medical data sharing method based on a blockchain includes: initializing the intelligent medical network system; generating keys of the data possession end and the data user end; generating an EHR ciphertext and an encryption index corresponding to the original data of the data possession terminal; generating a search authorization token and a search trapdoor of the data user; the data user side searches and verifies the correctness of the search result and generates a symmetric key; and the data user side obtains the authority of accessing the decrypted original data of the data possession side from the interstellar file system to complete data sharing.
Preferably, the initializing the intelligent medical network system includes: matching withA safety parameter lambda is set, two large prime numbers p, q and a bilinear pair e are selected, G is G → G T Wherein G is an addition cycle group, G T Is a multiplicative cyclic group; p is a group of the number of generation elements on the elliptic curve of the cyclic group G, the following four Hash functions are selected:
H 0 :{0,1} * →G,
randomly selecting two parametersAnd calculating h=αp, t=βp;
the public parameters of the intelligent medical network system are initialized as follows:
param=(G,G T ,e,P,H 0 ,H 1 ,H 2 ,H 3 ,H,T)。
preferably, the generating the keys of the data owner and the data user includes:
the data user end d i Random selectionCalculate X i =x i P, wherein the data client d i The public and private keys of (1) are pk respectively i =X i ,sk i =x i The method comprises the steps of carrying out a first treatment on the surface of the And
the data owner n o Random selectionCalculation of Y o =y o P, wherein the data possessor n o The public and private keys of (1) are pk respectively o =Y,sk o =y o 。
Preferably, the generating the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data owner includes:
the data owner selects a symmetric key k random execution algorithm Enc (·) to generate EHR ciphertext C for the original data m m =Enc k (m) the data owner side uploads C m To the interstellar file system and obtaining the hash address of said original data
The data possession end records the time t of generating the encryption index g Calculate { t } gj } j∈[1,l] ←0-ENC(t g ) Wherein { t } gj } j∈[1,l] ←0-ENC(t g ) Is t g 0 code of (2); for each t gj ∈{t gj } j∈[1,l] Calculate v ij =H 3 (k 1 ,t gj ,w i ) Wherein k is 1 Is a symmetric key, i.e. [1, n ]],w i ∈W=(w 1 ,....,w n ) The method comprises the steps of carrying out a first treatment on the surface of the Random selectionCalculate V ij =rv ij P,j∈[1,l],i∈[1,n]The method comprises the steps of carrying out a first treatment on the surface of the Calculation of z=rh 0 (w i ),/> Wherein k is 2 Is a symmetric key, f is a file identifier; obtain encryption index i= [ V i1 ,V i2 ,…,V il ,Z,c f ,c p ,t g ]。
Preferably, the generating the search authorization token and the search trapdoor of the data user terminal includes:
the data owner configures the keyword w i ' search authorization time t a Calculate { t } aj } j∈[1,l] ←1-ENC(t a ) Wherein { t } aj } j∈[1,l] ←1-ENC(t a ) Is t a 1 code of (2); for each t aj ∈{t aj } j∈[1,l] Calculate u ij =H 3 (k 1′ ,t aj ,w i ') where k 1′ Is a symmetric key, i.e. [1, n ]],j∈[1,l],U ij =u ij X i ,T 1 =[U i1 ,U i2 ,…,U il ,t a ],P f =k 2′ P+y o h 3 X i ,h 3 =H 1 (X i ,Y o ,t a ) Obtaining a search authorization token T 1 And the search result proof P contained in the search authorization token f The method comprises the steps of carrying out a first treatment on the surface of the And
data owner computing T 2 =x i H 0 (w i′ ) Obtaining the search trapdoor T w =(T 1 ,T 2 )。
Preferably, the searching and verifying the correctness of the searching result by the data user side, and generating the symmetric key includes:
the data user side extracts t from the encryption index I g If t g <t a Calculate { t } gj } j∈[1,l] ←0-ENC(t g ),{t aj } j∈[1,l] ←1-ENC(t a ) Calculating to obtain a meeting t ab =t gb An integer b of (2); judgment e (U) ij ,Z)=e(V ij ,T 2 ) If so, obtaining an encryption index I and adding the I into the set S;
for each S e S, s= [ V i1 ,V i2 ,…,V il ,Z,c f ,c p ,t g ]And (3) calculating:judgment equation->Whether the verification result is valid is judged if the verification result is valid;
the data client sends the validation result shown as valid to the blockchain by the public key X of the data client i Encrypting a symmetric key k, and uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user side accesses data:
preferably, the public key X passing through the data user i The method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the blockchain comprises the following steps:
encrypting the symmetric key k by the following formula;
C k1 =ke(H,X i ),C k2 =αT;
ciphertext C of symmetric key k =(C k1 ,C k2 ) And sending to the block chain.
Preferably, the data user side obtains authority of accessing the decrypted original data of the data owner side from the interstellar file system, and the completing data sharing and obtaining the original data includes:
the data user uses the file addressAn EHR ciphertext is obtained from an interstellar file system;
the symmetric key k is obtained by the following formula:
the original data m is calculated based on the symmetric key k by the following formula:
m=Dec k (C m )。
according to the technical scheme, the invention realizes the safe storage of medical data by combining the symmetric encryption Algorithm (AES) and the IPFS distributed storage, adopts keyword search encryption based on time limitation to realize the safe search and privacy protection of the medical data, and also realizes the efficient search of authorized users within the effective time of the token by using intelligent contracts. The invention not only realizes the safe storage and sharing functions of the medical data of the data owner, but also protects the privacy and data safety of the owner, realizes the efficient searching of the desired data of the data user, reduces the time of data searching, and accords with the development trend of medical data searching under the background of the Internet of current value.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate the invention and together with the description serve to explain, without limitation, the invention. In the drawings:
FIG. 1 is an interactive block diagram illustrating a blockchain-based intelligent medical network system of the present invention;
FIG. 2 is a block diagram illustrating a blockchain-based intelligent medical network system of the present invention; and
FIG. 3 is a flow chart illustrating a blockchain-based medical data sharing method of the present invention.
Detailed Description
The following describes specific embodiments of the present invention in detail with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
Example 1
Fig. 1 is a block diagram of module interaction of a blockchain-based intelligent medical network system according to embodiment 1 of the present invention, as shown in fig. 1 and 2, where the blockchain-based intelligent medical network system includes:
a data possession terminal for:
encrypting the original data and transmitting the encrypted original data to an interstellar file system IPFS (InterPlanetary File System);
encrypting the corresponding key words and file identifiers of the original data into encryption indexes;
uploading the encryption index to a blockchain for sharing, wherein the data owner can authorize a data user side, so that the data user side can configure expected keywords and decrypt the expected keywords to obtain the original data;
the data user side is configured to:
sending a search request to the data possession terminal and obtaining a search authorization token, wherein the search authorization token comprises search result proving data and token valid time;
generating a search trapdoor through the public key and the search authorization token;
and calling a search intelligent contract on the blockchain to search to obtain an actual search result, and obtaining the authority of accessing the decrypted original data of the data owning end from the interstellar file system when the search result proves that the data verifies that the actual search result is correct.
Preferably, the encrypting, by the data owner, the key words and the file identifiers corresponding to the original data into the encrypted index includes: the data possession terminal is used for encrypting the corresponding key words and the file identifiers of the original data at different times to obtain an encryption index set.
To summarize, the data owner sends EHR ciphertext to the IPFS and receives the file hash address. Then, calculating time and encrypting indexes by all data terminals, and uploading the encrypting indexes to a blockchain, wherein all the encrypting indexes are used for making an encrypting index set at different time by all data terminals generated by different data terminals; the data user terminal wants to search keywords in the file collection from all the data terminals, the data user terminal sends a search request to the data owner, the data user terminal generates a keyword search authorization token, and the data owner terminal allocates a valid time in the search authorization token. In addition, the data owner may generate a proof for verifying the search results. The data user may use the authorization token and the key to generate a search trapdoor. The data user terminal with trapdoor invokes the search intelligence to cancel the search for the index of interest stored on the blockchain, and the data user terminal can verify the correctness of the search result by using the key and the generated proof. If the result is correct, the data user may download the ciphertext from the IPFS and decrypt the ciphertext. The invention realizes efficient searching in the intelligent health network and verifiable searching with time limitation.
Example 2
In embodiment 1, a blockchain-based intelligent medical network system is disclosed, for the establishment of the system and a method for implementing a blockchain-based medical data sharing method using the system, the implementation needs to be implemented by the following method, as shown in fig. 3, and the establishment and use of the blockchain-based intelligent medical network system to implement the blockchain-based medical data sharing method includes:
s301, initializing the intelligent medical network system;
s302, generating keys of the data possession terminal and the data user terminal;
s303, generating an EHR ciphertext and an encryption index corresponding to the original data of the data possession terminal;
s304, generating a search authorization token and a search trapdoor of the data user;
s305, the data user side searches and verifies the correctness of the search result, and generates a symmetric key; and
s306, the data user side obtains the authority of accessing the decrypted original data of the data owner side from the interstellar file system, and data sharing is completed.
Preferably, S301, the initializing the intelligent medical network system includes:
s3011, configured with a security parameter lambda, selecting two large prime numbers p, q and a bilinear pair e, G x G → G T Wherein G is an addition cycle group, G T Is a multiplicative cyclic group; p is a generator on the elliptic curve of the cyclic group GThe following four Hash functions are selected for the group of element numbers:
H 0 :{0,1} * →G,
s3012, the system randomly selects two parametersAnd calculating h=αp, t=βp;
s3013, initializing common parameters of the intelligent medical network system as follows:
param=(G,G T ,e,P,H 0 ,H 1 ,H 2 ,H 3 ,H,T)。
preferably, generating the keys of the data owner and the data user in S302 includes:
s3021, the data user terminal d i Random selectionCalculate X i =x i P, wherein the data client d i The public and private keys of (1) are pk respectively i =X i ,sk i =x i The method comprises the steps of carrying out a first treatment on the surface of the And
s3022, the data owner n o Random selectionCalculation of Y o =y o P, wherein the data possessor n o The public and private keys of (1) are pk respectively o =Y,sk o =y o 。
Preferably, in S303, the generating the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data owner includes:
s3031, the data owner selects a symmetric key k random execution algorithm Enc (·) to generate EHR ciphertext C for the original data m m =Enc k (m) the data owner side uploads C m To the interstellar file system and obtaining the hash address of said original data
S3032, the data owner records the time t of generating the encryption index g Calculate { t } gj } j∈[1,l] ←0-ENC(t g ) Wherein { t } gj } j∈[1,l] ←0-ENC(t g ) Is t g 0 code of (2); for each t gj ∈{t gj } j∈[1,l] Calculate v ij =H 3 (k 1 ,t gj ,w i ) Wherein k is 1 Is a symmetric key, i.e. [1, n ]],w i ∈W=(w 1 ,....,w n ) The method comprises the steps of carrying out a first treatment on the surface of the Random selectionCalculate V ij =rv ij P,j∈[1,l],i∈[1,n]The method comprises the steps of carrying out a first treatment on the surface of the Calculation of z=rh 0 (w i ),/>Wherein k is 2 Is a symmetric key, f is a document identifier; obtain encryption index i= [ V i1 ,V i2 ,…,V il ,Z,c f ,c p ,t g ]。
Preferably, the generating a search authorization token and a search trapdoor of the data user terminal in S304 includes:
s3041, configuring keyword w 'at the data possession terminal' i ' search authorization time t a Calculate { t } aj } j∈[1,l] ←1-ENC(t a ) Wherein { t } aj } j∈[1,l] ←1-ENC(t a ) Is t a 1 code of (2); for each t aj ∈{t aj } j∈[1,l] Calculate u ij =H 3 (k 1′ ,t aj ,w′ i ') where k 1′ Is a symmetric key, i.e. [1, n ]],j∈[1,l],U ij =u ij X i ,T 1 =[U i1 ,U i2 ,…,U il ,t a ],P f =k 2′ P+y o h 3 X i ,h 3 =H 1 (X i ,Y o ,t a ) Obtaining a search authorization token T 1 And the search result proof P contained in the search authorization token f The method comprises the steps of carrying out a first treatment on the surface of the And
s3042, data owner calculates T 2 =x i H 0 (w i′ ) Obtaining the search trapdoor T w =(T 1 ,T 2 )。
Preferably, the searching and verifying the correctness of the search result by the data user side in S305, and generating the symmetric key includes:
s3051, the data client extracts t from the encryption index I g If t g <t a Calculate { t } gj } j∈[1,l] ←0-ENC(t g ),{t aj } j∈[1,l] ←1-ENC(t a ) Calculating to obtain a meeting t ab =t gb An integer b of (2); judgment e (U) ij ,Z)=e(V ij ,T 2 ) If so, obtaining an encryption index I and adding the I into the set S;
s3052, s= [ V ] for each S e S i1 ,V i2 ,…,V il ,Z,c f ,c p ,t g ]And (3) calculating:judgment equation->Whether the verification result is valid is judged if the verification result is valid; i.e. asIf the effect equation is established, then "valid" is output. Otherwise, output "invalid";
s3053, the data client sends the validation result shown as valid to the blockchain by the public key X of the data client i Encrypting a symmetric key k, and uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt an EHR ciphertext when the data user side accesses data:
preferably, the public key X of the data user terminal is passed through in S3053 i The method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the blockchain comprises the following steps:
encrypting the symmetric key k by the following formula;
C k1 =ke(H,X i ),C k2 =αT;
ciphertext C of symmetric key k =(C k1 ,C k2 ) And sending to the block chain.
Preferably, in S306, the data client obtains the authority of accessing the decrypted original data of the data owner from the interstellar file system, and the completing data sharing and obtaining the original data includes:
s3061, the data user uses the file addressAn EHR ciphertext is obtained from an interstellar file system;
s3062, obtaining a symmetric key k by the following formula:
the original data m is calculated based on the symmetric key k by the following formula:
m=Dec k (C m )。
in embodiment 2, the generating method of the blockchain-based intelligent medical network system in embodiment 1 and the sharing method of the whole data are included, and the generating and establishing process and the sharing are synchronously executed, or the sharing can be realized after the generating and establishing process and the sharing are firstly established.
For example, the data owner may be a patient a who interacts with a doctor to generate a health record that may be of interest to other institutions or companies to protect his privacy and data security, and the patient a encrypts his original data and sends it to the IPFS. And meanwhile, corresponding keywords and file identifiers are encrypted as encryption indexes, and are uploaded to the block link for searching and sharing, so that the patient A is helped to improve the accuracy of disease diagnosis. Only patient a can authorize the data user and decrypt the ciphertext. The data user may be a medical institution B desiring to access a health record of patient a. He can search for the desired keyword on the blockchain, first medical institution B needs to send a search request to patient a and obtain a search authorization token, then medical institution B generates a search trapdoor using his/her public key and token, and finally he invokes the search intelligence contract on the blockchain to search. The results of the search are sent by the blockchain to medical facility B, which will verify the result authorization token using the proof in the search. If the search results are correct, medical facility B may access patient A's data.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (4)
1. A blockchain-based intelligent medical data sharing method, characterized in that a blockchain-based intelligent medical network system is used, comprising:
a data possession terminal for: encrypting the original data and sending the encrypted original data to an interstellar file system; encrypting the corresponding key words and file identifiers of the original data into encryption indexes; uploading the encryption index to a blockchain for sharing, wherein the data owner can authorize a data user side, so that the data user side can configure expected keywords and decrypt the expected keywords to obtain the original data; the data user side is configured to: sending a search request to the data possession terminal and obtaining a search authorization token, wherein the search authorization token comprises search result proving data and token valid time; generating a search trapdoor through the public key and the search authorization token; invoking a search intelligent contract on the blockchain to search to obtain an actual search result, and obtaining authority of accessing the decrypted original data of the data owning end from the interstellar file system when the search result proves that the data verifies that the actual search result is correct; the data possession terminal is configured to encrypt the key words and the file identifiers corresponding to the original data into an encrypted index, where the encrypting comprises: the data possession terminal is used for encrypting the corresponding keywords of the original data and the file identifier at different times to obtain an encryption index set;
the intelligent medical data sharing method comprises the following steps:
initializing an intelligent medical network system;
generating keys of the data possession end and the data user end;
generating an EHR ciphertext and an encryption index corresponding to the original data of the data possession terminal;
generating a search authorization token and a search trapdoor of the data user;
the data user side searches and verifies the correctness of the search result and generates a symmetric key; and
the data user side obtains the authority of the original data of the data possession side after the decryption is accessed from the interstellar file system, and data sharing is completed;
the initialization system includes:
is provided with a safety parameter lambda, two large prime numbers p, q and a bilinear pair e of G x G → G are selected T Wherein G is an addition cycle group, G T Is a multiplicative cyclic group; p is a group of the number of generation elements on the elliptic curve of the cyclic group G, the following four Hash functions are selected:
H 0 :{0,1} * →G,
H 1 :
H 2 :
H 3 :
randomly selecting two parametersAnd calculating h=αp, t=βp;
the public parameters of the intelligent medical network system are initialized as follows:
param=(G,G T ,e,P,H 0 ,H 1 ,H 2 ,H 3 ,H,T);
the generating the keys of the data possession terminal and the data user terminal comprises:
the data user end d i Random selectionCalculate X i =x i P, wherein the data client d i The public and private keys of (1) are pk respectively i =X i ,sk i =x i The method comprises the steps of carrying out a first treatment on the surface of the And
the data owner n o Random selectionCalculation of Y o =y o P, wherein the data possessor n o The public and private keys of (1) are pk respectively o =Y o ,sk o =y o ;
The generating the EHR ciphertext and the keyword ciphertext corresponding to the original data of the data possession terminal includes:
the data owner selects a symmetric key k random execution algorithm Enc (·) to generate EHR ciphertext C for the original data m m =Enc k (m) the data owner side uploads C m To the interstellar file system and obtaining the hash address of said original data
The data possession end records the time t of generating the encryption index g Calculate { t } gj } j∈[1,l] ←0-ENC(t g ) Wherein { t } gj } j∈[1,l] ←0-ENC(t g ) Is t g 0 code of (2); for each t gj ∈{t gj } j∈[1,l] Calculate v ij =H 3 (k 1 ,t gj ,w i ) Wherein k is 1 Is a symmetric key, i.e. [1, n ]],w i ∈W=(w 1 ,....,w n ) The method comprises the steps of carrying out a first treatment on the surface of the Random selectionCalculate V ij =rv ij P,j∈[1,l],i∈[1,n]The method comprises the steps of carrying out a first treatment on the surface of the Calculation of z=rh 0 (w i ),/> Wherein k is 2 Is a symmetric key, f is a document identifier; obtain encryption index i= [ V i1 ,V i2 ,…,V il ,Z,c f ,c p ,t g ];
The generating the search authorization token and the search trapdoor of the data user comprises the following steps:
the data owner configures the keyword w i ' search authorization time t a Calculate { t } aj } j∈[1,l] ←1-ENC(t a ) Wherein { t } aj } j∈[1,l] ←1-ENC(t a ) Is t a 1 code of (2); for each t aj ∈{t aj } j∈[1,l] Calculate u ij =H 3 (k 1′ ,t aj ,w′ i ),U ij =u ij X i ,T 1 =[U i1 ,U i2 ,…,U il ,t a ],P f =k 2′ P+y o h 3 X i ,h 3 =H 1 (X i ,Y o ,t a ) Wherein k is 1′ ,k 2′ Is a symmetric key, i.e. [1, n ]],j∈[1,l]Obtaining a search authorization token T 1 And the search result proof P contained in the search authorization token f The method comprises the steps of carrying out a first treatment on the surface of the And
data owner computing T 2 =x i H 0 (w i ') wherein w is i ' is a keyword, and the search trapdoor T is obtained w =(T 1 ,T 2 )。
2. The blockchain-based intelligent medical data sharing method of claim 1, wherein the data client searching and verifying the correctness of the search result and generating the symmetric key comprises:
the data user side extracts t from the encryption index I g If t g <t a Calculate { t } gj } j∈[1,l] ←0-ENC(t g ),{t aj } j∈[1,l] ←1-ENC(t a ) Calculating to obtain a meeting t ab =t gb An integer b of (2); judgment e (U) ij ,Z)=e(V ij ,T 2 ) Whether or not to establishIf so, obtaining an encryption index I and adding the I into the set S;
let i= [ V i1 ,V i2 ,…,V il ,Z,c f ,c p ,t g ]Wherein I ε S, calculate: h is a 3 =H 1 (X i ,Y o ,t a ),A=P f -x i h 3 Y o ,Judgment equation->Whether the verification result is valid is judged if the verification result is valid;
the data client sends the validation result shown as valid to the blockchain by the public key X of the data client i Encrypting a symmetric key k, and uploading the generated symmetric key ciphertext to the blockchain, wherein the symmetric key is configured to decrypt the EHR ciphertext when the data user side accesses data.
3. The blockchain-based intelligent medical data sharing method of claim 2, wherein the public key X by the data client i The method for encrypting the symmetric key k and uploading the generated symmetric key ciphertext to the blockchain comprises the following steps:
encrypting the symmetric key k by the following formula;
C k1 =ke(H,X i ),C k2 =αT;
ciphertext C of symmetric key k =(C k1 ,C k2 ) And sending to the block chain.
4. The blockchain-based intelligent medical data sharing method of claim 3, wherein the data client obtaining rights to access the decrypted original data of the data owner from the interstellar file system, completing data sharing and obtaining the original data comprises:
the data user uses the file addressAn EHR ciphertext is obtained from an interstellar file system;
the symmetric key k is obtained by the following formula:
the original data m is calculated based on the symmetric key k by the following formula, where Dec (·) is a decryption function:
m=Dec k (C m )。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110669068.9A CN113407627B (en) | 2021-06-17 | 2021-06-17 | Block chain-based intelligent medical network system and medical data sharing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110669068.9A CN113407627B (en) | 2021-06-17 | 2021-06-17 | Block chain-based intelligent medical network system and medical data sharing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113407627A CN113407627A (en) | 2021-09-17 |
| CN113407627B true CN113407627B (en) | 2024-03-01 |
Family
ID=77684553
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110669068.9A Active CN113407627B (en) | 2021-06-17 | 2021-06-17 | Block chain-based intelligent medical network system and medical data sharing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113407627B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114567465A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | Searchable encryption method for classified medical data based on block chain |
| CN114827212B (en) * | 2022-06-27 | 2022-09-16 | 浙江省邮电工程建设有限公司 | Vehicle communication management method for intelligent traffic |
| CN115225669B (en) * | 2022-07-14 | 2024-04-05 | 山东大学 | Distributed privacy data processing system and method |
| CN115314321B (en) * | 2022-10-09 | 2023-01-24 | 湖南天河国云科技有限公司 | Searchable encryption method based on block chain without need of secure channel |
| CN115622700B (en) * | 2022-11-28 | 2023-03-31 | 南方电网数字电网研究院有限公司 | Electricity consumption data encryption searching method and device, computer equipment and storage medium |
| CN115659378A (en) * | 2022-12-13 | 2023-01-31 | 湖南工商大学 | Case record information evidence storing method and related equipment |
| CN115996151B (en) * | 2023-03-22 | 2023-06-16 | 中南大学 | Electronic medical data sharing method, system, equipment and medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
| CN110688673A (en) * | 2019-09-19 | 2020-01-14 | 安徽师范大学 | Medical data sharing method, device and system based on cloud server and block chain |
| CN111916173A (en) * | 2020-08-07 | 2020-11-10 | 安徽师范大学 | Medical data safety sharing system and method based on IPFS and alliance chain |
| CN112149184A (en) * | 2020-11-25 | 2020-12-29 | 南京可信区块链与算法经济研究院有限公司 | Block chain external storage system and method based on time-limited access |
| CN112365945A (en) * | 2020-10-27 | 2021-02-12 | 扬州大学 | Block chain-based electronic medical record fine-grained access control and ciphertext searchable method |
| CN112765650A (en) * | 2021-01-05 | 2021-05-07 | 西安电子科技大学 | Attribute-based searchable encryption block chain medical data sharing method |
| CN112836240A (en) * | 2021-02-26 | 2021-05-25 | 广东工业大学 | Block chain-based electronic medical data security sharing method, system and medium |
| CN112910840A (en) * | 2021-01-14 | 2021-06-04 | 重庆邮电大学 | Medical data storage and sharing method and system based on alliance blockchain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11942195B2 (en) * | 2018-01-30 | 2024-03-26 | Humana Inc. | System for providing a data market for health data and for providing rewards to data market participants |
-
2021
- 2021-06-17 CN CN202110669068.9A patent/CN113407627B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
| CN110688673A (en) * | 2019-09-19 | 2020-01-14 | 安徽师范大学 | Medical data sharing method, device and system based on cloud server and block chain |
| CN111916173A (en) * | 2020-08-07 | 2020-11-10 | 安徽师范大学 | Medical data safety sharing system and method based on IPFS and alliance chain |
| CN112365945A (en) * | 2020-10-27 | 2021-02-12 | 扬州大学 | Block chain-based electronic medical record fine-grained access control and ciphertext searchable method |
| CN112149184A (en) * | 2020-11-25 | 2020-12-29 | 南京可信区块链与算法经济研究院有限公司 | Block chain external storage system and method based on time-limited access |
| CN112765650A (en) * | 2021-01-05 | 2021-05-07 | 西安电子科技大学 | Attribute-based searchable encryption block chain medical data sharing method |
| CN112910840A (en) * | 2021-01-14 | 2021-06-04 | 重庆邮电大学 | Medical data storage and sharing method and system based on alliance blockchain |
| CN112836240A (en) * | 2021-02-26 | 2021-05-25 | 广东工业大学 | Block chain-based electronic medical data security sharing method, system and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113407627A (en) | 2021-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113407627B (en) | Block chain-based intelligent medical network system and medical data sharing method | |
| CN111916173B (en) | Medical data safety sharing system and method based on IPFS and alliance chain | |
| Raisaro et al. | M ed C o: Enabling Secure and Privacy-Preserving Exploration of Distributed Clinical and Genomic Data | |
| Liang et al. | Towards decentralized accountability and self-sovereignty in healthcare systems | |
| Wu et al. | Security and privacy of patient information in medical systems based on blockchain technology | |
| Zhang et al. | Role‐based and time‐bound access and management of EHR data | |
| Chen et al. | A secure electronic medical record authorization system for smart device application in cloud computing environments | |
| Sun et al. | A searchable personal health records framework with fine-grained access control in cloud-fog computing | |
| CN110688673A (en) | Medical data sharing method, device and system based on cloud server and block chain | |
| CN115242518A (en) | Medical health data protection system and method under mixed cloud environment | |
| Jiang et al. | Attribute-based encryption with blockchain protection scheme for electronic health records | |
| John et al. | Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation | |
| CN115987592A (en) | Block chain-based mobile medical internet of things fine-grained access control method and system | |
| Sethia et al. | CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder. | |
| Noh et al. | Blockchain-based user-centric records management system | |
| Benil et al. | Blockchain based secure medical data outsourcing with data deduplication in cloud environment | |
| Guduri et al. | Blockchain-based federated learning technique for privacy preservation and security of smart electronic health records | |
| Ali et al. | Anonymous aggregate fine-grained cloud data verification system for smart health | |
| Fugkeaw et al. | Secure and Lightweight Blockchain-enabled Access Control for Fog-Assisted IoT Cloud based Electronic Medical Records Sharing | |
| Senthilkumar et al. | SCB-HC-ECC–based privacy safeguard protocol for secure cloud storage of smart card–based health care system | |
| Xu et al. | A privacy-preserving and efficient data sharing scheme with trust authentication based on blockchain for mHealth | |
| Gajmal et al. | Blockchain-based access control and data sharing mechanism in cloud decentralized storage system | |
| Lavanya et al. | Secure tamper-resistant electronic health record transaction in cloud system via blockchain | |
| Nie et al. | Time-enabled and verifiable secure search for blockchain-empowered electronic health record sharing in IoT | |
| Sassi et al. | Security and privacy protection in the e-health system: Remote monitoring of covid-19 patients as a use case |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |