CN114708939A - Medical data sharing system based on block chain and access authority proxy method - Google Patents

Medical data sharing system based on block chain and access authority proxy method Download PDF

Info

Publication number
CN114708939A
CN114708939A CN202210391301.6A CN202210391301A CN114708939A CN 114708939 A CN114708939 A CN 114708939A CN 202210391301 A CN202210391301 A CN 202210391301A CN 114708939 A CN114708939 A CN 114708939A
Authority
CN
China
Prior art keywords
agent
medical data
ciphertext
person
proxy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210391301.6A
Other languages
Chinese (zh)
Inventor
张爱清
高雅
吴树
王勇
陶馨雅
许小洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Normal University
Original Assignee
Anhui Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Normal University filed Critical Anhui Normal University
Priority to CN202210391301.6A priority Critical patent/CN114708939A/en
Publication of CN114708939A publication Critical patent/CN114708939A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Epidemiology (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a medical data sharing system based on a block chain, which comprises: the agent side is used for: encrypting original medical data to obtain encrypted data and sending the encrypted data to an interplanetary file system; setting an access control strategy, encrypting a key of the encrypted data and a file hash address corresponding to the original medical data into a ciphertext, and uploading the ciphertext to a block chain for sharing; deploying an intelligent contract containing heavy agency authority and agency depth set for a person to be surrogated; the end where the person to be surrogated is located is used for: sending an access request to the terminal where the agent is located and obtaining the agent authority of the terminal where the agent is located; acquiring a heavy proxy authority and a proxy depth by calling an intelligent contract; acquiring a key for decrypting the ciphertext through a decryption algorithm; the encrypted data is retrieved from the interplanetary file system and decrypted to obtain the raw medical data. The invention combines the block chain technology and the attribute-based agent re-encryption technology to realize the multi-level agent of the data access authority, and the IPFS stores the medical data to make up for the short storage board of the block chain.

Description

Medical data sharing system based on block chain and access authority proxy method
Technical Field
The invention relates to the technical field of access control and privacy protection, in particular to a medical data sharing system and an access authority proxy method based on a block chain.
Background
Electronic Health Record (EHR) sharing enables patients to obtain better and more efficient medical services. The problems of unbalanced medical resources, high medical cost, low efficiency, isolated medical information and the like in the traditional medical system are gradually relieved. Due to the privacy-sensitive nature of EHRs, data security is a prerequisite for data sharing. Generally, access control is one of the key technologies for securing data in a data sharing system. Most existing access control mechanisms rely on the authorization of the owner of the data. These schemes require frequent interaction between the data owner and the data user, which is a significant challenge in EHR sharing systems because the data owner may typically be offline. One promising solution is to delegate permissions to a delegate, which helps to relieve the data owner of the burden.
The rights agent may enable access control by flexibly proxying the rights of the patient to other users, such as medical personnel. Most rights agent schemes are implemented by the cloud. The cloud not only can provide sufficient storage space, but also can facilitate data transmission among all interest-related parties. However, as the cloud is a honest and curious semi-trusted entity, the cloud-based rights agent scheme is prone to security problems such as single-point failure and collusion attack.
Disclosure of Invention
The medical data sharing system and the access authority proxy method based on the block chain allow a patient to set an access control strategy for a ciphertext, fine-grained access control is achieved, a data owner can control proxy depth while acting authority, and data security is improved. The invention combines the block chain technology and the attribute-based proxy re-encryption technology to realize the safe sharing of data, and the IPFS stores medical data to make up for the short storage board of the block chain.
In order to achieve the above object, an embodiment of the present invention provides a blockchain-based medical data sharing system, including:
the agent side is used for:
encrypting original medical data to obtain encrypted data and sending the encrypted data to an interplanetary file system;
setting an access control strategy, encrypting the key of the encrypted data and the file hash address corresponding to the original medical data into a ciphertext, and uploading the ciphertext to a block chain for sharing;
the end where the agent is located can authorize the end where the person to be surrogated is located, so that the end where the agent meeting the access policy is located can decrypt from the block chain to obtain the original medical data;
deploying an intelligent contract containing heavy agency authority and agency depth set for a person to be surrogated;
the end where the person to be surrogated is located is used for:
sending an access request to the terminal where the agent is located and obtaining the agent authority of the terminal where the agent is located;
acquiring a heavy proxy authority and a proxy depth by calling the intelligent contract;
acquiring a key for decrypting the ciphertext through a decryption algorithm;
obtaining the encrypted data from the interplanetary file system and decrypting the encrypted data to obtain raw medical data.
In addition, the invention also provides a medical data access authority proxy method based on the block chain, which uses the medical data sharing system based on the block chain, and the medical data access authority proxy method based on the block chain comprises the following steps:
initializing the medical data sharing system;
generating a private key of the surrogated person;
generating a ciphertext corresponding to the original medical data of the agent, acquiring a file hash address, encrypting a key for encrypting the medical data and the hash address, and generating the ciphertext with a hidden access control strategy;
the agent generates a re-encryption key for the agent and sets an agent depth, and the block chain performs re-encryption to convert the ciphertext into a ciphertext form that the agent can decrypt;
the surrogated person decrypts the ciphertext to obtain a key and a file hash address of the encrypted data, and acquires and decrypts the encrypted data from the interplanetary file system to finish data sharing;
the surrogated person can become a new agent to continue the proxy authority until the proxy depth is zero, and the multi-level authority proxy process is finished.
Preferably, the initializing the medical data sharing system comprises:
configuring a safety parameter x, selecting two large prime numbers p and q and a bilinear pair e, G is multiplied by G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p1And P2Two generator elements on the elliptic curve of the cyclic group G, the following three Hash functions are selected:
Figure BDA0003595681420000031
H2:{0,1}*→G,
H3:{0,1}*→G;
randomly selecting a parameter
Figure BDA0003595681420000032
And calculating h ═ aP1
Initializing the public parameters of the intelligent medical network system as follows:
param=(h,G,GT,P1,P2,H1,H2,H3,e(P1,P1))。
preferably, the generating of the private key of the person to be surrogated comprises:
the person to be surrogated randomly selects
Figure BDA0003595681420000033
Calculating K1=atP1+P1,K2=tP1,
Figure BDA0003595681420000034
x is an attribute in the attribute set S, wherein the private key of the surrogated person is
Figure BDA0003595681420000035
Preferably, the generating a ciphertext corresponding to the original medical data of the agent, obtaining a file hash address, encrypting the key for encrypting the medical data and the hash address, and generating the ciphertext with the hidden access control policy includes:
the data owning terminal selects a symmetric key k random execution algorithm Enc (-) to generate cryptograph C of the encrypted data aiming at the original medical datam=Enck(m), the data owning side uploads CmHash address to interplanetary file system and obtaining the raw medical data
Figure BDA0003595681420000041
The surrogated person selects a linear secret sharing scheme access structure (M, rho (i)), M is an l multiplied by n matrix, rho (i) function represents that row vectors of M are mapped to attributes, and s is set to H1(k) Let vector v equal (s, y)2,...,yn) Wherein
Figure BDA0003595681420000042
For i 1 to l, letPut lambdai=v·MiWherein M isiRow i vector which is M; selecting
Figure BDA0003595681420000043
Calculation of A1=k·e(P1,P1)s,A2=s·P1,A3=s·P2
Figure BDA0003595681420000044
Obtaining a ciphertext
Figure BDA0003595681420000045
Preferably, the agent generates a re-encryption key for the agent and sets an agent depth, and the re-encrypting the blockchain to convert the ciphertext into a ciphertext form that the agent can decrypt includes:
the agent assigns a secret value s to the agent jjJ is the number of times of proxy of the current authority; if j is 1, calculate
Figure BDA0003595681420000046
If j>1 hour, calculate
Figure BDA0003595681420000047
Said agent pair sjSignature, will(s)j,sign(sj) To the person being surrogated; the agent deploys an intelligent contract and sets an agent depth D on the intelligent contract;
the block chain calculates three equations
Figure BDA0003595681420000048
e(Aj-1,2,P2)=e(P1,Aj-1,3),
Figure BDA0003595681420000049
Whether the result is true or not; if the equation is true, calculate Aj,1=Aj-1,1·rkj-1→j,Aj,2=Aj-1,2,Aj,3=Aj-1,3
Figure BDA00035956814200000410
Figure BDA00035956814200000411
The block chain calls an intelligent contract to enable D to be D-1; obtaining the j-th level ciphertext
Figure BDA00035956814200000412
Preferably, the decrypting, by the delegate, the ciphertext to obtain the key and the file hash address of the encrypted data comprises:
the surrogated person calls an intelligent contract to judge whether D is more than or equal to 1; if yes, obtaining j-th-level ciphertext from the block chain
Figure BDA0003595681420000051
The person being surrogated calculates with a private key
Figure BDA0003595681420000052
Computing
Figure BDA0003595681420000053
Judgment Aj,3=H1(k′)P2If yes, the attribute of the surrogated person j meets the access control strategy set by the agent, and a symmetric key k' and a file hash address are obtained
Figure BDA0003595681420000054
Preferably, the acquiring and decrypting the encrypted data from the interplanetary file system by the surrogated person, and completing the data sharing includes:
the person to be surrogated uses a file hash address
Figure BDA0003595681420000055
Obtaining EHR ciphertext C from an interplanetary file systemm
The raw medical data m is obtained by calculation based on the symmetric key k' through the following formula: dec as mk(Cm) And finishing data sharing.
Preferably, the enabling of the delegate to become a new delegate to continue the delegate authority until the proxy depth is zero comprises:
and if the intelligent contract judges that D is not less than 1 and fails, ending the multi-level authority proxy process.
In addition, the invention also provides a machine-readable storage medium, which stores instructions for causing a machine to execute the above medical data access authority agency method based on the blockchain.
Through the technical scheme, the medical data security storage is realized by combining a symmetric encryption Algorithm (AES) and IPFS distributed storage, fine-grained access control is realized by adopting attribute encryption of a ciphertext strategy, the data security sharing is realized by using an improved proxy re-encryption technology, and the proxy depth of an authority proxy is controlled by a data owner by using an intelligent contract. The invention not only realizes the safe storage, access control and sharing functions of the medical data of the data owner, but also protects the privacy and data safety of the owner, realizes fine-grained access control and controllable authority proxy, and conforms to the development trend of medical data sharing under the background of the current value internet.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
FIG. 1 is an interactive block diagram illustrating a blockchain-based medical data sharing system of the present invention;
FIG. 2 is a block diagram illustrating a blockchain-based medical data sharing system of the present invention; and
fig. 3 is a flow chart illustrating a block chain based access right proxy method of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Example 1
Fig. 1 is a block diagram of interaction modules of a medical data sharing system based on a blockchain according to an embodiment 1 of the present invention. It should be noted that the end where the agent is located in the present invention refers to the end operated by the agent, and the end where the person to be surrogated is located refers to the end operated by the person to be surrogated. As shown in fig. 1 and 2, the block chain-based medical data sharing system includes:
the agent side is used for:
encrypting and sending the encrypted original data to an interplanetary file system;
setting an access control strategy, and encrypting a key for encrypting original data and a corresponding file identifier into a ciphertext;
uploading the ciphertext to a block chain for sharing, wherein the agent can authorize the agent, so that users meeting the access policy can decrypt to obtain original data;
deploying intelligent contract to set re-agent authority and agent depth for the person to be replaced;
the end where the person to be surrogated is located is used for:
sending an access request to the agent and obtaining an agent authority;
acquiring a heavy proxy authority and a proxy depth by calling an intelligent contract;
acquiring a key for decrypting the medical data ciphertext through a decryption algorithm;
and acquiring the medical data ciphertext from the interplanetary file system and decrypting to acquire the original medical data.
In summary, the system is divided into four phases: in the system initialization phase, each user registers a blockchain account in the alliance blockchain to join the system. And a Key Generation Center (KGC) generates system parameters and generates a private key for the user according to the attribute of the user. In the data storage phase, the agent uploads the encrypted EHR to the IPFS and receives the file hash address returned by the IPFS. And the agent uploads the symmetric key and the Hash address to the block chain through attribute encryption, and sets an access control strategy for the ciphertext. In the proxy phase, when a proxy is to initiate a proxy request to the proxy, the proxy generates a corresponding one-to-one re-encryption key and uploads it to the blockchain. The agent can control the re-delegation authority of the principal by setting the delegation depth through an intelligent contract. When the intelligent contract receives the re-encryption key, the intelligent contract automatically verifies the proxy condition, and if the condition is met, the intelligent contract re-encrypts the ciphertext to convert the ciphertext into a form which can be decrypted by the proxy. To implement multi-hop delegation, an authorized delegate can become a new delegate performing the same functions as described above until the delegation depth reaches zero. In the data sharing stage, if the surrogated person meets the access strategy, the surrogated person can decrypt the ciphertext to obtain the hash address and the symmetric key. The original ciphertext is received from the IPFS and decrypted. The invention realizes the high-efficiency data sharing in the medical data sharing system and realizes the fine-grained access control and authority proxy.
Example 2
In embodiment 1, a blockchain-based medical data sharing system is disclosed, and for a method for establishing the system and implementing a blockchain-based access right proxy method by using the system, the method needs to be implemented by a method as shown in fig. 3, and the method for establishing and implementing the blockchain-based access right proxy method by using the blockchain-based medical data sharing system includes:
s301, initializing the medical data sharing system;
s302, generating a private key of the surrogated person;
s303, generating a ciphertext corresponding to the original medical data of the agent, receiving a file hash address, and encrypting to generate the ciphertext with the hidden access control strategy;
s304, the agent generates a re-encryption key for the agent and sets an agent depth, and the block chain performs re-encryption to convert a ciphertext into a ciphertext form which can be decrypted by the agent;
s305, the surrogated person decrypts to generate a symmetric key and a file address; the surrogated person obtains the EHR from the interplanetary file system and decrypts the EHR to finish data sharing; and
s306, the surrogated person can become a new agent to further proxy the authority until the proxy depth is zero, and the multi-level authority proxy process is finished.
Preferably, S301, the initializing the medical data sharing system includes:
s3011, configuring security parameter χ, selecting two big prime numbers p and q and one bilinear pair e, G is multiplied by G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p1And P2Two generator elements on the elliptic curve of the cyclic group G, the following three Hash functions are selected:
Figure BDA0003595681420000081
H2:{0,1}*→G,
H3:{0,1}*→G;
s3012, the system randomly selects a parameter
Figure BDA0003595681420000082
And calculating h ═ aP1
S3013, initializing the public parameters of the intelligent medical network system as follows:
param=(h,G,GT,P1,P2,H1,H2,H3,e(P1,P1))。
preferably, the generating of the private key of the surrogated person in S302 includes:
s3021, the person being surrogated randomly selects
Figure BDA0003595681420000091
Calculating K1=atP1+P1,K2=tP1,
Figure BDA0003595681420000092
x is an attribute in the attribute set S, wherein the private key of the surrogated person is
Figure BDA0003595681420000093
Preferably, the generating of the ciphertext corresponding to the original medical data of the agent in S303, and in the IPFS, generating a file hash address, encrypting the key for encrypting the medical data with the hash address, and generating the ciphertext having the hidden access control policy includes:
s3031, the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate an EHR ciphertext C aiming at the original datam=Enck(m), the data owning side uploads CmTo the interplanetary file system and obtain the hash address of the original data
Figure BDA0003595681420000094
S3032, the agent selects a linear secret sharing scheme access structure (M, ρ (i)), M is a l × n matrix, ρ (i) function represents that the row vector of M is mapped to the attribute, and S is set to H1(k) Let vector v equal (s, y)2,...,yn) In which
Figure BDA0003595681420000095
For i 1 to l, λ is seti=v·MiWherein M isiRow i vector which is M; selecting
Figure BDA0003595681420000096
Calculation of A1=k·e(P1,P1)s,A2=s·P1,A3=s·P2
Figure BDA0003595681420000097
Obtaining a ciphertext
Figure BDA0003595681420000098
Preferably, the generating a one-to-one re-encryption key and setting an agent depth for the agent in S304, and the re-encrypting the blockchain to convert the ciphertext into a ciphertext form that the agent can decrypt includes:
s3041, the agent assigns a secret value S to the agent jjJ is the number of times of proxy of the current authority; if j is 1, calculate
Figure BDA0003595681420000099
If j>1 hour, calculate
Figure BDA00035956814200000910
Said agent pair sjSignature, will(s)j,sign(sj) To the victim; the agent deploys an intelligent contract and sets an agent depth D on the intelligent contract; and
s3042, the block chain calculates three equations
Figure BDA0003595681420000101
e(Aj-1,2,P2)=e(P1,Aj-1,3),
Figure BDA0003595681420000102
Whether the result is true or not; if the equation is true, calculate Aj,1=Aj-1,1·rkj-1→j,Aj,2=Aj-1,2,Aj,3=Aj-1,3
Figure BDA0003595681420000103
Figure BDA0003595681420000104
The block chain calls an intelligent contract to enable D to be D-1; obtaining the j-th level ciphertext
Figure BDA0003595681420000105
Preferably, the decrypting, by the agent, the ciphertext to obtain the key and the file hash address of the encrypted data in S305 includes:
the surrogated person calls an intelligent contract to judge whether D is more than or equal to 1; if yes, obtaining j-th-level ciphertext from the block chain
Figure BDA0003595681420000106
The person being surrogated calculates with a private key
Figure BDA0003595681420000107
Computing
Figure BDA0003595681420000108
Judgment Aj,3=H1(k′)P2If the two properties are satisfied, the attribute of the person to be surrogated j satisfies the access control strategy set by the agent, and a symmetric key k' and a file address can be obtained
Figure BDA0003595681420000109
Preferably, the decrypting, by the agent, the ciphertext to obtain the key and the file hash address of the encrypted data in S305 includes:
s3051, the person to be surrogated uses the file address
Figure BDA00035956814200001010
Obtaining EHR ciphertext C from an interplanetary file systemm
S3052, calculating to obtain original data m by the following formula based on the symmetric key k': dec as mk'(Cm)
Preferably, the enabling of the delegate to become a new delegate to continue the delegate authority until the proxy depth is zero comprises:
and if the intelligent contract judges that D is not less than 1 and fails, ending the multi-level authority proxy process.
The embodiment 2 includes a generation method of the medical data sharing system based on the blockchain in the embodiment 1 and a sharing method of the whole data, and the generation establishment process and the sharing are executed synchronously, or the generation establishment process and the sharing can be implemented after the establishment.
For example, the agent may be a patient a who generates a health record by interacting with a doctor, which may be of interest to other institutes or companies, who encrypts his raw data and sends it to the IPFS in order to protect his privacy and data security. After receiving IPFS feedback, patient A encrypts the symmetric key and file address information and uploads them to the blockchain for sharing. Only patient a can set the access control policy for the ciphertext, delegate authority to other users and set the proxy depth. The person being surrogated may be a health care facility B who wishes to access the health records of patient a. He may apply for an access request to a, for which a generates a one-to-one re-encryption key and sets the proxy depth for the user. The intelligent contract converts the ciphertext into a form which can be decrypted by B if B meets the access control strategy set by A. If B successfully acquires the authority, it is possible to become a new agent to proxy the authority to other users (such as a medical representative C), if the proxy depth is 0 at the moment, B does not have the authority of re-proxy, and if the proxy depth is greater than 0, B can re-proxy the access authority to C. The agent times are automatically intelligently calculated by the intelligent contract.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A blockchain-based medical data sharing system, the blockchain-based medical data sharing system comprising:
the agent side is used for:
encrypting original medical data to obtain encrypted data and sending the encrypted data to an interplanetary file system;
setting an access control strategy, encrypting the key of the encrypted data and the file hash address corresponding to the original medical data into a ciphertext, and uploading the ciphertext to a block chain for sharing;
the end where the agent is located can authorize the end where the agent is located, so that the end where the agent meeting the access policy is located can decrypt the original medical data from the block chain;
deploying an intelligent contract comprising a heavy proxy authority and a proxy depth set for a proxy; the end where the person to be surrogated is located is used for:
sending an access request to the terminal where the agent is located and obtaining the agent authority of the terminal where the agent is located;
acquiring a heavy proxy authority and a proxy depth by calling the intelligent contract;
acquiring a key for decrypting the ciphertext through a decryption algorithm;
obtaining the encrypted data from the interplanetary file system and decrypting the encrypted data to obtain raw medical data.
2. A blockchain-based medical data access right proxy method, using the blockchain-based medical data sharing system according to claim 1, the blockchain-based medical data access right proxy method comprising:
initializing the medical data sharing system;
generating a private key of the surrogated person;
generating a ciphertext corresponding to the original medical data of the agent, acquiring a file hash address, encrypting a key for encrypting the medical data and the hash address, and generating the ciphertext with a hidden access control strategy;
the agent generates a re-encryption key for the agent and sets an agent depth, and the block chain performs re-encryption to convert the ciphertext into a ciphertext form that the agent can decrypt;
the surrogated person decrypts the ciphertext to obtain a key and a file hash address of the encrypted data, and acquires and decrypts the encrypted data from the interplanetary file system to finish data sharing;
the surrogated person can become a new agent to continue the proxy authority until the proxy depth is zero, and the multi-level authority proxy process is finished.
3. The blockchain-based medical data access permission proxy method according to claim 2, wherein the initializing the medical data sharing system includes:
configuring a safety parameter x, selecting two large prime numbers p and q and a bilinear pair e, G is multiplied by G → GTWherein G is a cyclic group of addition, GTIs a multiplicative cyclic group; p is1And P2Two generator elements on the elliptic curve of the cyclic group G, the following three Hash functions are selected:
H1:
Figure FDA0003595681410000021
H2:{0,1}*→G,
H3:{0,1}*→G;
randomly selecting a parameter
Figure FDA0003595681410000022
And calculating h ═ aP1
Initializing the public parameters of the intelligent medical network system as follows:
param=(h,G,GT,P1,P2,H1,H2,H3,e(P1,P1))。
4. the blockchain-based medical data access right brokering method of claim 3, wherein the generating the private key of the proxied person comprises:
the person to be surrogated randomly selects
Figure FDA0003595681410000023
Calculating K1=atP1+P1,K2=tP1,
Figure FDA0003595681410000024
Lx=tH2(x) X is an attribute in the attribute set S, wherein the private key of the person to be surrogated is
Figure FDA0003595681410000031
5. The blockchain-based medical data access right agent method according to claim 4, wherein the generating a ciphertext corresponding to original medical data of the agent, obtaining a file hash address, encrypting a key for encrypting the medical data and the hash address, and generating the ciphertext having a hidden access control policy comprises:
the data owning terminal selects a symmetric key k to randomly execute an algorithm Enc (-) to generate a ciphertext C of the encrypted data aiming at the original medical datam=Enck(m), the data owning side uploads CmHash address to interplanetary file system and obtaining the raw medical data
Figure FDA0003595681410000032
The surrogated person selects a linear secret sharing scheme access structure (M, rho (i)), M is an l multiplied by n matrix, rho (i) function represents that the row vector of M is mapped to the attribute, and s is set to be equal toH1(k) Let v equal (s, y)2,...,yn) In which
Figure FDA0003595681410000033
For i 1 to l, λ is seti=v·MiWherein M isiRow i vector which is M; selecting
Figure FDA0003595681410000034
Calculation of A1=k·e(P1,P1)s,A2=s·P1,A3=s·P2
Figure FDA0003595681410000035
Obtaining a ciphertext
Figure FDA0003595681410000036
6. The blockchain-based medical data access permission agent method according to claim 5, wherein the agent generates a re-encryption key and sets an agent depth for the agent, and the block chain re-encrypting to convert the ciphertext into a ciphertext form that the agent can decrypt includes:
the agent assigns a secret value s to the agent jjJ is the number of times of proxy of the current authority; if j is 1, calculate
Figure FDA0003595681410000037
If j>1 hour, calculate
Figure FDA0003595681410000038
Said agent pair sjSignature, will(s)j,sign(sj) To the person being surrogated; the agent deploys an intelligent contract and sets an agent depth D on the intelligent contract;
the block chain calculates three equations
Figure FDA0003595681410000041
e(Aj-1,2,P2)=e(P1,Aj-1,3),
Figure FDA0003595681410000042
Whether the result is true or not; if the equation is true, calculate Aj,1=Aj-1,1·rkj-1→j,Aj,2=Aj-1,2,Aj,3=Aj-1,3
Figure FDA0003595681410000043
Figure FDA0003595681410000044
The block chain calls an intelligent contract to enable D to be D-1; obtaining the j-th level ciphertext
Figure FDA0003595681410000045
7. The blockchain-based medical data access right agent method according to claim 6, wherein the decryption of the ciphertext by the agent to obtain the key and the file hash address of the encrypted data includes:
the surrogated person calls an intelligent contract to judge whether D is more than or equal to 1; if yes, obtaining j-th-level ciphertext from the block chain
Figure FDA0003595681410000046
The person being surrogated calculates with a private key
Figure FDA0003595681410000047
Computing
Figure FDA0003595681410000048
Judgment Aj,3=H1(k′)P2If yes, indicating that the proxied agent is presentThe attribute of the person j meets the access control strategy set by the agent, and a symmetric key k' and a file hash address are obtained
Figure FDA0003595681410000049
8. The blockchain-based medical data access right agency method according to claim 7, wherein the proxied person acquires and decrypts the encrypted data from the interplanetary file system, and data sharing is completed by:
the person to be surrogated uses a file hash address
Figure FDA00035956814100000410
Obtaining EHR ciphertext C from an interplanetary file systemm
The raw medical data m is obtained by calculation based on the symmetric key k' through the following formula: dec as mk(Cm) And finishing data sharing.
9. The blockchain-based medical data access permission brokering method of claim 8, wherein said proxied person being able to become a new agent to continue brokering permission until a broker depth is zero comprises:
and if the intelligent contract judges that D is not less than 1 and fails, ending the multi-level authority proxy process.
10. A machine-readable storage medium having stored thereon instructions for causing a machine to perform the blockchain based medical data access rights proxy method of any one of claims 2-9.
CN202210391301.6A 2022-04-14 2022-04-14 Medical data sharing system based on block chain and access authority proxy method Pending CN114708939A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210391301.6A CN114708939A (en) 2022-04-14 2022-04-14 Medical data sharing system based on block chain and access authority proxy method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210391301.6A CN114708939A (en) 2022-04-14 2022-04-14 Medical data sharing system based on block chain and access authority proxy method

Publications (1)

Publication Number Publication Date
CN114708939A true CN114708939A (en) 2022-07-05

Family

ID=82174621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210391301.6A Pending CN114708939A (en) 2022-04-14 2022-04-14 Medical data sharing system based on block chain and access authority proxy method

Country Status (1)

Country Link
CN (1) CN114708939A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115733859A (en) * 2022-11-08 2023-03-03 昆明理工大学 IOT data credible collection and sharing method based on block chain and attribute encryption
CN115996151A (en) * 2023-03-22 2023-04-21 中南大学 Electronic medical data sharing method, system, equipment and medium
CN116913541A (en) * 2023-09-12 2023-10-20 万链指数(青岛)信息科技有限公司 Health data sharing method and system based on Internet of Things
CN117097566A (en) * 2023-10-18 2023-11-21 江西农业大学 Weighted attribute proxy re-encryption information fine granularity access control system and method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115733859A (en) * 2022-11-08 2023-03-03 昆明理工大学 IOT data credible collection and sharing method based on block chain and attribute encryption
CN115996151A (en) * 2023-03-22 2023-04-21 中南大学 Electronic medical data sharing method, system, equipment and medium
CN115996151B (en) * 2023-03-22 2023-06-16 中南大学 Electronic medical data sharing method, system, equipment and medium
CN116913541A (en) * 2023-09-12 2023-10-20 万链指数(青岛)信息科技有限公司 Health data sharing method and system based on Internet of Things
CN117097566A (en) * 2023-10-18 2023-11-21 江西农业大学 Weighted attribute proxy re-encryption information fine granularity access control system and method
CN117097566B (en) * 2023-10-18 2024-01-26 江西农业大学 Weighted attribute proxy re-encryption information fine granularity access control system and method

Similar Documents

Publication Publication Date Title
CN111191288B (en) Block chain data access right control method based on proxy re-encryption
US9866375B2 (en) Multi-level key management
Zhao et al. Trusted data sharing over untrusted cloud storage providers
CN113407627B (en) Block chain-based intelligent medical network system and medical data sharing method
CN103957109B (en) A kind of cloud data-privacy protects safe re-encryption method
CN114708939A (en) Medical data sharing system based on block chain and access authority proxy method
WO2016106752A1 (en) Shared data access control method, device and system
US20150067330A1 (en) Method and system for network data access
CN106161402A (en) Encryption equipment key injected system based on cloud environment, method and device
CN110266687B (en) Method for designing Internet of things security agent data sharing module by adopting block chain technology
Pussewalage et al. A patient-centric attribute based access control scheme for secure sharing of personal health records using cloud computing
CN104022869A (en) Fine-grained data access control method based on fragmenting of secret keys
CN116346318A (en) Data sharing method, sharing device, processor and system thereof
CN117056983B (en) Multistage controllable data sharing authorization method, device and blockchain system
de Melo Silva et al. A new architecture for secure storage and sharing of health records in the cloud using federated identity attributes
Chennam et al. Cloud security in crypt database server using fine grained access control
Wu et al. A trusted and efficient cloud computing service with personal health record
CN113382067A (en) Novel personal health record scheme based on attribute encryption
CN111698085A (en) CP-ABE decryption outsourcing
Marwan et al. Towards a secure cloud database using Paillier's homomorphic cryptosystem
Nagarani et al. A Flexible Access Control with User Revocation in Fog-Enabled Cloud Computing
KUMAR et al. Efficient data access control for multi-authority cloud storage using CP-ABE
Fotiou et al. Protecting Medical Data Stored in Public Clouds.
Kanamarlapudi et al. Privacy Preserving for Electronic Health Records Using Enhanced Attribute-based Encryption with Blockchain
Prince et al. Rsa-dabe: A novel approach for secure health data sharing in ubiquitous computing environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination