CN114091091B - Case data remote authorization lookup method based on block chain - Google Patents

Case data remote authorization lookup method based on block chain Download PDF

Info

Publication number
CN114091091B
CN114091091B CN202111151827.9A CN202111151827A CN114091091B CN 114091091 B CN114091091 B CN 114091091B CN 202111151827 A CN202111151827 A CN 202111151827A CN 114091091 B CN114091091 B CN 114091091B
Authority
CN
China
Prior art keywords
case data
patient
doctor
case
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111151827.9A
Other languages
Chinese (zh)
Other versions
CN114091091A (en
Inventor
高镇
石林
张东彬
张久志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN202111151827.9A priority Critical patent/CN114091091B/en
Publication of CN114091091A publication Critical patent/CN114091091A/en
Application granted granted Critical
Publication of CN114091091B publication Critical patent/CN114091091B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a case data remote authorization consulting method based on a block chain, and the adopted system comprises a registration and management platform, a case data distributed storage subsystem, a block chain network and a user terminal: (1) registering and managing a platform: involving three-party users, including patients, doctors, and patient family members; (2) case data distributed storage system: the hash value of the encrypted case data is used as a case index and is recorded in the blockchain network together with a case encryption key encrypted by the patient public key; (3) blockchain network: the system is used for carrying out credible recording on the case index, the patient identity, the doctor identity, the case data authorization condition and the case data use condition and completing the functions of patient identity and doctor identity authentication and remote authorization based on an intelligent contract; (4) the user terminal: the medical data inquiry doctor terminal can send out medical data inquiry applications, and the family members of the patient carry out remote authorization.

Description

Case data remote authorization lookup method based on block chain
Technical Field
The invention is suitable for an emergency case data consulting scene in a medical aid process, and relates to a case data remote authorization consulting method.
Background
Patient case data relates to personal privacy. To secure patient case data, the case data may be encrypted and a key (data usage right) may be personally managed by the patient. In a general application scene, personal identity information (such as an identity card, a fingerprint, an iris, a human face and the like) of a patient can be bound with decryption operation, so that the on-the-spot data decryption can be completed through personal identity recognition in a common diagnosis scene, and the consulting requirements of doctors are met. However, in some special medical assistance procedures (especially in emergency scenes), the patient is unconscious and the family members are not around. In order to make a treatment plan as soon as possible and shorten the treatment time, doctors need to obtain the case data of patients in time with the consent of the family members of the patients. Three important issues are faced at this time: firstly, how to obtain case data under the condition that a key uniquely held by a patient cannot be obtained; secondly, how to obtain case data consulting authorization of the family members of the patient in a remote mode; and thirdly, the whole authorization process and the data use process are faithfully recorded, and a reliable basis is provided for the tracing of the treatment process. The invention provides a case data remote authorization query system and a case data remote authorization query method by combining a block chain and a proxy re-encryption technology, and can better solve the problems.
Disclosure of Invention
The invention aims to provide a case data remote authorization lookup method capable of shortening treatment time and tracing a treatment process. The technical scheme is as follows:
a case data remote authorization consulting method based on a block chain is disclosed, and an adopted system comprises a registration and management platform, a case data distributed storage subsystem, a block chain network and a user terminal:
(1) A registration and management platform: the method comprises the following steps that three-party users are involved, wherein the three-party users comprise patients, doctors and patient family members, each user main body is registered on a registration and management platform based on respective terminal or software, and a Public Key (PK) and a private key (SK) pair are obtained; the public key is public and is stored by the block chain link point for the authentication of the legal user; the private key is stored by each user for digital signature and key transmission so as to realize case data uploading, application for reference and remote authorization; binding the public key of the patient with the identity identification information thereof, and storing the public key in the blockchain network; the public and private key pairs of the patient, the family member of the patient, the case data generating doctor and the case data inquiring doctor are respectively expressed as (PK) p ,SK p )、(PK f ,SK f )、(PK dg ,SK dg ) And (PK) dq ,SK dq );
(2) Case data distributed storage system: patient case data is generated by case data generation doctors and exists in data centers of various hospitals in a distributed mode, and the case data generation doctors carry out digital signature when uploading the case data; in order to ensure the privacy of a patient, case data generated after doctor signature is generated by case data is encrypted and stored, a secret key K is managed by a blockchain intelligent contract, and the hash value of the encrypted case data is used as a case index and is recorded in a blockchain network together with a case encryption secret key encrypted by a patient public key;
(3) Block chain network: the system is used for carrying out credible recording on the case index, the patient identity, the doctor identity, the case data authorization condition and the case data use condition and completing the functions of patient identity and doctor identity authentication and remote authorization based on an intelligent contract; the whole block chain network adopts an alliance chain form, and a plurality of nodes are respectively deployed in organizations related to medical treatment; each node has storage and calculation capabilities, wherein the storage part is used for trusted records, and the calculation part is used for identity authentication and remote authorization;
(4) A user terminal: the functions of the patient terminal and the patient family terminal are consistent, the patient terminal can inquire case data and authorize a doctor to look up a case, and the function of the doctor terminal is a case data look-up application; the medical data inquiry doctor terminal can send out medical data inquiry applications, and the family members of the patient carry out remote authorization. The case data remote authorization query step comprises the following steps:
1) Case data early storage:
first, after a case data generation doctor generates case data C, a hash value H of the case data C is calculated c = Hash (C) and calculates the digital signature S based on its own private key dg =Enc_a(H c ,SK dg ) Wherein, hash is a function algorithm to generate a character string with fixed length, and Enc _ a represents an asymmetric encryption algorithm; case data Generation doctor will sign case data C and digital signature S dg Sending the contract to an intelligent contract;
secondly, the intelligent contract randomly generates an encryption key K and symmetrically encrypts the case data attached with the digital signature to generate a case data ciphertext C K =Enc_s(C+S dg K), where, + denotes data splicing or packaging, enc _ s is a symmetric encryption algorithm;
thirdly, the intelligent contract respectively carries out asymmetric encryption on the secret key K based on the public key of the patient and the public key of the family of the patient to obtain K p =Enc_a(K,PK p ) And K f =Enc_a(K,PK f ) Then, K is destroyed;
fourthly, the intelligent contract calculates case data ciphertext C K Hash value of (H) Ck =Hash(C K ) As C K Indexing the cases of C, and then K Storing the data (H) in a case data center of a local hospital Ck ,K p ,K f ) Adding the index into a patient case index list stored by the blockchain node;
2) Case data query application: a doctor terminal of a case data inquiry doctor identifies patient identity information, acquires a case index and patient family information of a patient from a block link point based on the identity information, selects case data and a patient family which the case data inquiry doctor wants to inquire, then sends a case data inquiry application, and carries out digital signature by using a private key of the case data inquiry doctor; the digital signature process is completed based on the identification of the identity information of the medical data inquiry doctor;
3) And carrying out validity verification on the blockchain network: the case data query application is broadcasted in a block chain network, after each block chain link point receives the application, the identity information of a case data query doctor is verified based on a digital signature and a locally maintained legal doctor directory, and the validity of the query application is verified based on a locally maintained patient directory, a patient family directory and a case data directory; after the verification is passed, sending a case data query application to a family terminal of the patient, wherein the whole process is carried out in an intelligent contract;
4) Remote authorization of family members of patients: after the family members of the patients receive the data consulting application on the terminal, the family members select the case data which can be consulted, and the case index corresponding to the case data is H Ck And authorization is carried out through digital signature; the digital signature process is completed based on the identification of the identity information of the family members of the patient; the process is as follows:
firstly, acquiring case data from block link points to inquire doctor public key PK dq And case data encryption key K f
Second, generating a conversion key K f-q =KeyReGen(K f ,SK f ,PK dq ) Wherein, keyReGen is a key conversion algorithm;
thirdly, adding K f-q Send back to intelligent contract;
5) Block chain network final authorization: the authorization information of the family of the patient is broadcasted in the block chain network, and after the validity of the identity of the family of the patient is confirmed by each node, the secret key re-encryption K is executed dq =ReEnc(K f ,K f-q ,PK dq ) And indexing the case data H Ck And K d-q Sending the data to a doctor inquiring terminal;
6) The doctor decrypts the case data: case data query doctor obtains H Ck And K dq Then, first, the key K = Dec _ a (K) is decrypted based on its own private key dq ,SK dq ) Where Dec _ a is an asymmetric decryption algorithm; second step, based on H Ck Retrieving and retrieving encrypted case data C K (ii) a Thirdly, encrypting case data C based on the secret key K K Decrypting to obtain C + S dg =Dec_s(C K K), where Dec _ s is a symmetric decryption algorithm; fourthly, generating a public key pair S of the doctor based on the case data dg Decrypting to obtain H c =Dec_a(S dg ,PK dg ) And locally recalculates the case data hash value H c ' = Hash (C); final comparison H c And H c ', if consistent, the data is proved to be complete and to be from PK dg The corresponding case data generation doctor can use normally; if the data are inconsistent, the data are damaged and cannot be used;
7) And recording the block chain process.
Further, the specific process of the family member remote authorization of the patient is as follows:
firstly, acquiring case data from block link points to inquire doctor public key PK dq And case data encryption key K f
Second, generating a conversion key K f-q =KeyReGen(K f ,SK f ,PK dq ) Wherein, keyReGen is a key conversion algorithm;
third, K is added f-q And sending back to the intelligent contract.
Further, the blockchain process record includes: the case inquiry application of the case data inquiry doctor is independently recorded in the locally maintained doctor application history by each block chain node, and the family authorization process is independently recorded in the locally maintained data authorization history by each block chain node.
Detailed Description
The invention relates to a case data remote authorization consulting method based on a block chain, wherein an adopted system comprises a registration and management platform, a case data distributed storage subsystem, a block chain network and a user terminal:
(1) A registration and management platform: the entire system involves three-party users, including patients, doctors, and patient's family members. Each principal registers on the platform based on a respective terminal or software and obtains a Public Key (PK) and private key (SK) pair. The public key is public and is stored by the block chain nodes for the authentication of the legal user. The private key is then kept by each user himself for digital signature (data upload and refer application) and key transmission (remote authorization). In specific application, the doctor directory can be directly input by a hospital, the patient directory can be completed by a registration system, and the family information can be automatically input by the patient. In order to support the emergency scene under the condition that the patient is unconscious, the public key of the patient is bound with the identification information of the patient (such as fingerprints, irises, faces and the like) and is stored in the block chain network. In order to facilitate the operation of doctors and family members of patients, the private key can be bound with identification information (such as fingerprints, irises, faces and the like) and stored in the user terminal. Hereinafter, the public and private key pair of the patient, the family of the patient, the case data producing doctor, and the case data inquiring doctor are respectively expressed as (PK) p ,SK p )、(PK f ,SK f )、(PK dg ,SK dg ) And (PK) dq ,SK dq )。
(2) Case data distributed storage system: patient case data is generated by a case data generating doctor, and exists in a distributed form in data centers of various hospitals. In order to ensure the authenticity and integrity of the data, the case data should be digitally signed by the doctor who generated the data. In order to ensure the privacy of patients, the data signed by doctors should be stored in an encrypted manner, and the secret key K is managed by a block chain intelligent contract. The hash value of the encrypted case data is used as a case index, and is recorded in a block chain network together with a case encryption key encrypted by a patient private key.
(3) Block chain network: the system is used for carrying out credible recording on the index of the encrypted case (comprising the ciphertext of the encryption key), the patient identity, the doctor identity, the data authorization condition and the data use condition, and completing the functions of patient identity and doctor identity authentication and remote authorization based on the intelligent contract. The whole network adopts a alliance chain form, and a plurality of nodes are respectively deployed in organizations related to medical treatment, such as hospitals, emergency centers, health hospitals, supervision agencies and the like. Each node is provided with storage and calculation capabilities, wherein the storage part is used for trusted records, and the calculation part is used for identity authentication and remote authorization;
(4) A user terminal: the patient terminal and the patient family members have the same functions, and can inquire case data and authorize doctors to check cases, and the function of the doctor terminal is a case data lookup application. The functions mainly related to the invention comprise case data consulting application sent by a doctor terminal and remote authorization carried out by a family terminal of a patient.
The case data remote authorization query step comprises the following steps:
(1) Case data early storage:
in the first step, after the case data generation doctor generates case data C, the hash value H of C is calculated c = Hash (C), and calculates the digital signature S on the basis of its own private key dg =Enc_a(H c ,SK dg ) Where Hash is a functional algorithm (resulting in a string of fixed length) and Enc _ a represents an asymmetric encryption algorithm. The case data and the signature are sent to the intelligent contract.
Secondly, the intelligent contract randomly generates an encryption key K and symmetrically encrypts case data with a signature C K =Enc_s(C+S dg K), where "+ denotes data splicing or packing, enc _ s is a symmetric encryption algorithm.
Thirdly, the intelligent contract respectively carries out asymmetric encryption on the secret key K based on the public key of the patient and the public key of the family of the patient to obtain K p =Enc_a(K,PK p ) And K f =Enc_a(K,PK f ) And then destroy K.
Fourthly, the intelligent contract calculates case data ciphertext C K Hash value of (H) Ck =Hash(C K ) As C K Then C is indexed K Storing the data (H) in a case data center of a local hospital Ck ,K p ,K f ) And adding the data into a patient case index list stored by the blockchain node.
(2) Case data query application: a doctor terminal of a case data inquiry doctor identifies patient identity information, acquires a patient case index and patient family information from a block link point based on the identity information, selects case data to be inquired and a patient family, then sends a case data inquiry application, and carries out digital signature by using a private key of the doctor; the digital signature process is completed based on the identification of the identity information of a doctor (such as fingerprints, face identification, iris and the like) for inquiring the case data;
(3) And carrying out validity verification on the blockchain network: the case data query application is broadcasted in a block chain network, after each block chain link point receives the application, the identity information of a case data query doctor is verified based on a digital signature and a locally maintained legal doctor directory, and the validity of the query application is verified based on a locally maintained patient directory, a patient family directory and a case data directory; after the verification is passed, sending a case data query application to a family terminal of the patient, wherein the whole process is carried out in an intelligent contract;
(4) Remote authorization of family members of patients: after the family members receive the data consulting application on the terminal, the family members select the data which can be consulted, and the case data has the corresponding index H Ck And authorization is carried out through digital signature; the digital signature process is completed based on the identification of the identity information of the family members of the patient (such as fingerprints, face identification, iris and the like); the basic process is as follows:
first, acquiring case data from block link points to inquire doctor public key PK dq And case data encryption key K f
Second, generating a conversion key K f-q =KeyReGen(K f ,SK f ,PK dq ) Wherein KeyReGen is a key conversion algorithm;
third, K is added f-q And sending back to the intelligent contract.
(5) Block chain network final authorization: the authorization information of the family of the patient is broadcasted in the blockchain network, and after the identity validity of the family of the patient is confirmed by each node, the secret key re-encryption K is executed dq =ReEnc(K f ,K f-q ,PK dq ) And indexing the case data H Ck And K d-q And sending the data to a doctor inquiring terminal.
(6) The doctor decrypts the case data: doctor obtains H Ck And K dq Then, first, the key K = Dec _ a (K) is decrypted based on its own private key dq ,SK dq ) Where Dec _ a is an asymmetric decryption algorithm; second step, based on H Ck Retrieving and retrieving encrypted case data C K (ii) a Third, the encrypted case data C is encrypted based on the secret key K K Decrypting to obtain C + S dg =Dec_s(C K K), where Dec _ s is a symmetric decryption algorithm; fourthly, generating a public key pair S of the doctor based on the case data dg Decrypting to obtain H c =Dec_a(S dg ,PK dg ) And locally recalculates the case data hash value H c ' = Hash (C); final comparison H c And H c ', if consistent, the data is proved to be complete and must be from PK dg The corresponding case data generation doctors can use the case data normally; if not, the data is destroyed and can not be used. In practice, the integrity of the data storage needs to be protected, and this part of the disclosure is not in the scope of this patent.
(7) Block chain process recording: the case inquiry application of the case data inquiry doctor is independently recorded in the locally maintained doctor application history by each block chain node, and the family authorization process is independently recorded in the locally maintained data authorization history by each block chain node.

Claims (3)

1. A case data remote authorization consulting method based on a block chain is disclosed, and an adopted system comprises a registration and management platform, a case data distributed storage subsystem, a block chain network and a user terminal:
(1) A registration and management platform: the method comprises the following steps that three-party users are involved, wherein the three-party users comprise patients, doctors and patient family members, each user main body is registered on a registration and management platform based on respective terminals or software, and a public key PK and a private key SK pair are obtained; the public key is public and is stored by the block chain nodes and used for the identity verification of a legal user; the private key is stored by each user for digital signature and key transmission so as to realize case data uploading, application for reference and remote authorization; binding the public key of the patient with the identity identification information thereof, and storing the public key in the blockchain network; the public and private key pairs of the patient, the family member of the patient, the case data generating doctor and the case data inquiring doctor are respectively expressed as (PK) p ,SK p )、(PK f ,SK f )、(PK dg ,SK dg ) And (PK) dq ,SK dq );
(2) Case data distributed storage system: patient case data is generated by case data generation doctors and exists in data centers of various hospitals in a distributed mode, and the case data generation doctors carry out digital signature when uploading the case data; in order to ensure the privacy of a patient, case data generated after doctor signature is generated by case data is encrypted and stored, a secret key K is managed by a blockchain intelligent contract, and the hash value of the encrypted case data is used as a case index and is recorded in a blockchain network together with a case encryption secret key encrypted by a patient public key;
(3) Block chain network: the system is used for carrying out credible recording on case indexes, patient identities, doctor identities, case data authorization conditions and case data use conditions, and completing patient identity and doctor identity authentication and remote authorization functions based on an intelligent contract; the whole block chain network adopts an alliance chain form, and a plurality of nodes are respectively deployed in organizations related to medical treatment; each node is provided with storage and calculation capabilities, wherein the storage part is used for trusted records, and the calculation part is used for identity authentication and remote authorization;
(4) A user terminal: the patient terminal and the family terminal of the patient have the same functions, and can inquire case data and authorize a doctor to look up a case, and the function of the doctor terminal is a case data look-up application; the case data inquiry doctor terminal can send out a case data inquiry application, and the family terminal of the patient carries out remote authorization, and the case data remote authorization inquiry step comprises the following steps:
1) Early storage of case data:
first, after a case data generation doctor generates case data C, a hash value H of the case data C is calculated c = Hash (C) and calculates the digital signature S based on its own private key dg = Enc_a(H c ,SK dg ) Wherein, hash is a function algorithm to generate a character string with fixed length, and Enc _ a represents an asymmetric encryption algorithm; case data Generation doctor will sign case data C and digital signature S dg Sending the contract to an intelligent contract;
secondly, the intelligent contract randomly generates an encryption key K and symmetrically encrypts the case data attached with the digital signature to generate a case data ciphertext C K = Enc_s(C+S dg K), where, + denotes data splicing or packaging, enc _ s is a symmetric encryption algorithm;
thirdly, the intelligent contract respectively carries out asymmetric encryption on the secret key K based on the public key of the patient and the public key of the family of the patient to obtain K p = Enc_a(K,PK p ) And K f = Enc_a(K,PK f ) Then, destroy K;
fourthly, calculating case data ciphertext C by the intelligent contract K Hash value of (H) Ck = Hash(C K ) As C K Indexing the cases of C, and then K Storing the data (H) in a case data center of a local hospital Ck ,K p ,K f ) Adding the index into a patient case index list stored by the blockchain node;
2) Case data query application: a doctor terminal of a case data inquiry doctor identifies patient identity information, acquires a case index and patient family information of a patient from a block link point based on the identity information, selects case data and a patient family which the case data inquiry doctor wants to inquire, then sends a case data inquiry application, and carries out digital signature by using a private key of the case data inquiry doctor; the digital signature process is completed based on the identification of the identity information of the medical data inquiry doctor;
3) And carrying out validity verification on the blockchain network: the case data query application is broadcasted in a block chain network, after each block chain link point receives the application, the identity information of a case data query doctor is verified based on a digital signature and a locally maintained legal doctor directory, and the validity of the query application is verified based on a locally maintained patient directory, a patient family directory and a case data directory; after the verification is passed, sending a case data query application to a family terminal of the patient, wherein the whole process is carried out in an intelligent contract;
4) Remote authorization of family members of patients: after the family members of the patients receive the data consulting application on the terminal, the family members select the case data which can be consulted, and the case index corresponding to the case data is H Ck And authorization is carried out through digital signature; the digital signature process is completed based on the identification of the identity information of the family members of the patient; the process is as follows:
firstly, acquiring case data from block link points to inquire doctor public key PK dq And case data encryption key K f
Second, generating a conversion key K f-q = KeyReGen(K f ,SK f ,PK dq ) Wherein, keyReGen is a key conversion algorithm;
thirdly, adding K f-q Sending back the intelligent contract;
5) Block chain network final authorization: the authorization information of the family of the patient is broadcasted in the blockchain network, and after the identity validity of the family of the patient is confirmed by each node, the secret key re-encryption K is executed dq = ReEnc(K f ,K f-q ,PK dq ) And indexing the case data H Ck And K d-q Sending the data to a doctor terminal for inquiring case data;
6) The doctor decrypts the case data: case data query doctor obtains H Ck And K dq Thereafter, the key K = Dec _ a (K) is first decrypted based on its own private key dq ,SK dq ) Where Dec _ a is an asymmetric decryption algorithm; second step, based on H Ck Retrieving and retrieving encrypted case dataC K (ii) a Thirdly, encrypting case data C based on the secret key K K Decrypting to obtain C + S dg = Dec_s(C K K), where Dec _ s is a symmetric decryption algorithm; fourthly, generating a public key pair S of the doctor based on the case data dg Decrypting to obtain H c = Dec_a(S dg ,PK dg ) And locally recalculates the case data hash value H c ' = Hash (C); final comparison H c And H c ', if consistent, the data is proved to be complete and to be from PK dg The corresponding case data generation doctors can use the case data normally; if the data are inconsistent, the data are damaged and cannot be used;
7) And recording the block chain process.
2. The remote authorized medical data review method as set forth in claim 1, wherein the remote authorization of the family members of the patient is performed by the following steps:
firstly, acquiring case data from block link points to inquire doctor public key PK dq And case data encryption key K f
Second, generating a conversion key K f-q = KeyReGen(K f ,SK f ,PK dq ) Wherein, keyReGen is a key conversion algorithm;
thirdly, adding K f-q And sending back to the intelligent contract.
3. The case data remote authorized review method of claim 1, wherein the blockchain process record includes: the case inquiry application of the case data inquiry doctor is independently recorded in the locally maintained doctor application history by each block chain node, and the family authorization process is independently recorded in the locally maintained data authorization history by each block chain node.
CN202111151827.9A 2021-09-29 2021-09-29 Case data remote authorization lookup method based on block chain Active CN114091091B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111151827.9A CN114091091B (en) 2021-09-29 2021-09-29 Case data remote authorization lookup method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111151827.9A CN114091091B (en) 2021-09-29 2021-09-29 Case data remote authorization lookup method based on block chain

Publications (2)

Publication Number Publication Date
CN114091091A CN114091091A (en) 2022-02-25
CN114091091B true CN114091091B (en) 2022-10-11

Family

ID=80296371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111151827.9A Active CN114091091B (en) 2021-09-29 2021-09-29 Case data remote authorization lookup method based on block chain

Country Status (1)

Country Link
CN (1) CN114091091B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114866288B (en) * 2022-04-12 2024-10-18 平安国际智慧城市科技股份有限公司 Private information protection method and device based on blockchain and storage medium
CN115242449A (en) * 2022-06-23 2022-10-25 上海微创医疗机器人(集团)股份有限公司 Medical data uploading method, downloading method, transmission system, equipment and medium
CN116013552B (en) * 2023-03-27 2023-06-06 慧医谷中医药科技(天津)股份有限公司 Remote consultation method and system based on blockchain
CN118536096A (en) * 2024-04-23 2024-08-23 常州科强智能科技有限公司 Intelligent storage method and system based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109346139A (en) * 2018-09-17 2019-02-15 深圳市天达国际商业咨询有限公司 A kind of medical analysis systems based on block chain
TWI674513B (en) * 2018-12-06 2019-10-11 財團法人工業技術研究院 System, apparatus and methods for accessing health information
CN109948367B (en) * 2019-03-27 2022-12-06 南京星链高科技发展有限公司 Medical data authorization method based on block chain technology
CN111916172B (en) * 2020-08-07 2023-08-29 安徽师范大学 Medical data sharing system based on blockchain intelligent contract
AU2020101946A4 (en) * 2020-08-22 2020-10-01 Dr. Khaleel Ahmad (Assistant Professor) HIHO- Blockchain Technology: HEALTH INFORMATION AND HEALTHCARE OBSERVATION USING BLOCKCHAIN TECHNOLOGY
CN112349368A (en) * 2020-09-29 2021-02-09 福建西岸康健管理有限公司 Electronic health record authorization sharing and management system based on medical block chain
CN112733164B (en) * 2021-01-07 2023-12-08 中南大学 Case sharing method, system and private key storage medium based on blockchain

Also Published As

Publication number Publication date
CN114091091A (en) 2022-02-25

Similar Documents

Publication Publication Date Title
CN114091091B (en) Case data remote authorization lookup method based on block chain
Cao et al. Cloud-assisted secure eHealth systems for tamper-proofing EHR via blockchain
CN107104982B (en) It can search for encryption system with traitor tracing function in mobile electron medical treatment
WO2016106752A1 (en) Shared data access control method, device and system
CN110049016B (en) Data query method, device, system, equipment and storage medium of block chain
CN111415718B (en) Electronic prescription sharing method based on blockchain and conditional proxy re-encryption
CN107579979A (en) The sharing query method of electronic health record based on block chain technology
Iqbal et al. Efficient and secure attribute-based heterogeneous online/offline signcryption for body sensor networks based on blockchain
Huang et al. Secure and Privacy‐Preserving Data Sharing and Collaboration in Mobile Healthcare Social Networks of Smart Cities
CN107635018B (en) Cross-domain medical cloud storage system supporting emergency access control and safe deduplication
CN110197081B (en) Cloud data sharing privacy protection method based on block chain
CN113987443A (en) Multi-cloud and multi-chain collaborative electronic medical data security sharing method
Pussewalage et al. A patient-centric attribute based access control scheme for secure sharing of personal health records using cloud computing
CN112543099B (en) Certificateless searchable encryption method based on edge calculation
KR20200032412A (en) Method of data sharing based on blockchain, cloud server for performing the method and data sharing system including the cloud server
KR101701304B1 (en) Method and system for managing medical data using attribute-based encryption in cloud environment
CN114938382B (en) Electronic medical record safe and controllable sharing method based on alliance block chain
CN115766098A (en) Personal health data sharing method based on block chain and proxy re-encryption
CN114979210B (en) Medical data sharing method based on blockchain
CN113411323A (en) Medical record data access control system and method based on attribute encryption
JPH10111897A (en) Clinical consultation information sharing method
CN112836240A (en) Block chain-based electronic medical data security sharing method, system and medium
CN115879153B (en) Case history access method based on block chain
CN115174072B (en) Privacy-protecting medical information similarity range query method
CN113890755B (en) Patient family remote confirmation system and authorization method based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant