CN115174175A - Data access method and device, electronic equipment and storage medium - Google Patents
Data access method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115174175A CN115174175A CN202210733520.8A CN202210733520A CN115174175A CN 115174175 A CN115174175 A CN 115174175A CN 202210733520 A CN202210733520 A CN 202210733520A CN 115174175 A CN115174175 A CN 115174175A
- Authority
- CN
- China
- Prior art keywords
- medical data
- user
- target
- access
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 91
- 238000004422 calculation algorithm Methods 0.000 claims description 33
- 230000015654 memory Effects 0.000 claims description 32
- 238000012545 processing Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 238000012946 outsourcing Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 206010020751 Hypersensitivity Diseases 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000007815 allergy Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Abstract
The embodiment of the disclosure relates to a data access method, a data access device, an electronic device and a storage medium, wherein the method comprises the following steps: acquiring attribute information of a second user requesting access to a medical data set of a first user; determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data which the second user has access right; and controlling the user terminal of the second user to access the target medical data. According to the scheme, the target medical data with the access authority of the second user in the medical data set can be determined based on the attribute information of the second user, so that different second users can access different target medical data, management and access of the medical data in the medical data set in a finer granularity mode are achieved, and the privacy of the first user is protected.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, and in particular, to a data access method, a data access device, an electronic device and a storage medium.
Background
Nowadays, people pay more and more attention to their privacy. For example, during a medical procedure, each patient is the owner of their own medical data, and for some physicians, the patient may wish to have some medical history hidden from them, such as some diseases that are susceptible to discrimination. Some clinical history should be visible to all physicians.
Therefore, how to achieve finer-grained data access is a significant problem.
Disclosure of Invention
In view of this, in order to solve some or all of the above technical problems, embodiments of the present disclosure provide a data access method, an apparatus, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a data access method, where the method includes:
acquiring attribute information of a second user requesting access to a medical data set of a first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data which the second user has access right;
and controlling the user terminal of the second user to access the target medical data.
Optionally, in the method according to any embodiment of the present disclosure, the medical data set is stored in a form of a medical data ciphertext, the medical data ciphertext is obtained by processing the medical data set by using an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the determining target medical data in the medical data set based on the attribute information includes:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
Optionally, in a method according to any embodiment of the present disclosure, the user key includes a user identifier; and
the method further comprises the following steps:
and if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to track the user.
Optionally, in the method according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain target medical data in the medical data set;
wherein, the executing device of the first decryption step is different from the executing device of the second decryption step.
Optionally, in the method according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain target medical data in the medical data set;
the preset user set is a set of users who do not have the right of accessing the medical data in the medical data set.
Optionally, in the method according to any embodiment of the present disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the following steps:
encrypting the user key by adopting an agent re-encryption algorithm to obtain a key ciphertext; and
before the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set, the method further includes:
and decrypting the key ciphertext to obtain the user key.
Optionally, in a method according to any embodiment of the present disclosure, the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data within a target time limit according to the frequency within the target frequency interval;
forbidding the user terminal to access non-target medical data in the medical data set;
and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether to allow the user terminal to access the target medical data or not through the first user and the target server.
In a second aspect, an embodiment of the present disclosure provides a data access apparatus, where the apparatus includes:
an acquisition unit configured to acquire attribute information of a second user requesting access to a medical data set of a first user;
a first determining unit configured to determine target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data to which the second user has access authority;
a control unit configured to control the user terminal of the second user to access the target medical data.
Optionally, in the apparatus according to any embodiment of the present disclosure, the medical data set is stored in a form of a medical data ciphertext, the medical data ciphertext is obtained by processing the medical data set by using an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the first determining unit is specifically configured to:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
Optionally, in an apparatus according to any embodiment of the present disclosure, the user key includes a user identifier; and
the above-mentioned device still includes:
and a second determining unit configured to determine a user identifier included in the leaked user key for user tracking if it is determined that the user key is leaked.
Optionally, in an apparatus according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain target medical data in the medical data set;
wherein, the executing device of the first decryption step is different from the executing device of the second decryption step.
Optionally, in an apparatus according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain target medical data in the medical data set;
the preset user set is a set of users who do not have the right of accessing the medical data in the medical data set.
Optionally, in the apparatus according to any embodiment of the present disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext; and
the above-mentioned device still includes:
the encryption unit is configured to encrypt the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext; and
before the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set, the apparatus further includes:
and the decryption unit is configured to decrypt the key ciphertext to obtain the user key.
Optionally, in an apparatus according to any embodiment of the present disclosure, the control unit is specifically configured to:
allowing the user terminal of the second user to access the target medical data within a target time limit according to the frequency within the target frequency interval;
forbidding the user terminal to access non-target medical data in the medical data set;
and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether to allow the user terminal to access the target medical data or not through the first user and the target server.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including:
a memory for storing a computer program;
a processor configured to execute the computer program stored in the memory, and when the computer program is executed, the method of any embodiment of the data access method of the first aspect of the present disclosure is implemented.
In a fourth aspect, the disclosed embodiments provide a computer-readable storage medium, which when executed by a processor implements the method of any of the embodiments of the data access method of the first aspect described above.
In a fifth aspect, embodiments of the present disclosure provide a computer program comprising computer readable code which, when run on a device, causes a processor in the device to execute instructions for implementing the steps of the method as in any one of the embodiments of the data access method of the first aspect described above.
According to the data access method provided by the embodiment of the disclosure, attribute information of a second user requesting to access a medical data set of a first user is acquired, and then target medical data in the medical data set is determined based on the attribute information, wherein the target medical data is medical data of which the second user has access authority, and then, a user terminal of the second user is controlled to access the target medical data. According to the scheme, the target medical data with the access authority of the second user in the medical data set can be determined based on the attribute information of the second user, so that different second users can access different target medical data, management and access on the medical data in the medical data set in a finer granularity mode are achieved, and the privacy of the first user is protected.
Drawings
Fig. 1 is a schematic flowchart of a data access method according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of another data access method provided in the embodiment of the present disclosure;
fig. 3 is a schematic flowchart of another data access method provided in an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a data access device according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of parts and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those within the art that the terms "first," "second," and the like in the embodiments of the present disclosure are used merely to distinguish one object, step, device, or module from another object, and do not denote any particular technical meaning or logical order therebetween.
It is also understood that in the present embodiment, "a plurality" may mean two or more, and "at least one" may mean one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the present disclosure may be generally understood as one or more, unless explicitly defined otherwise or indicated to the contrary hereinafter.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B, may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
It should be noted that, in the present disclosure, the embodiments and the features of the embodiments may be combined with each other without conflict. For the purpose of facilitating an understanding of the embodiments of the present disclosure, the present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments. It is to be understood that the described embodiments are only a few, and not all, of the disclosed embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, it should be noted that the users (including the first user and the second user) described in the present disclosure may be distinguished by using the user identifier. For example, the user identifier may be a login account, and in this scenario, if different people use the same account to log in, the different people may be considered as the same user; if the same person respectively adopts different accounts to log in, the same person who logs in different accounts can be considered as different users.
Fig. 1 is a schematic flowchart of a data access method provided in an embodiment of the present disclosure, and as shown in fig. 1, the method specifically includes:
101. attribute information of a second user requesting access to a medical data set of a first user is obtained.
In the present embodiment, an executing subject of the data access method (e.g., a server, a terminal device, a data access apparatus, etc.) may acquire attribute information of a second user who requests access to a medical data set of a first user.
The first user may be any user.
The second user may be any user different from the first user.
As an example, the first user, may be a patient; the second user may be a doctor.
Alternatively, the first user may also be a person participating in an interview and the second user may also be a staff member of a company responsible for the interview.
The first user and the second user may be registered users of a preset platform (such as a medical website, a medical application program, and the like).
The medical data set may include one or more items of medical data. By way of example, the medical data set may include allergy history, age, name, sex, surgical history, illness history, and the like.
The attribute information may be information input by the second user on the preset platform, or may be information generated based on operation history information of the second user on the preset platform. As an example, the attribute information may include a sex, an age, a department to which, a hospital to which, a medical data leakage frequency, a medical data leakage probability, and the like of the second user.
102. And determining the target medical data in the medical data set based on the attribute information.
In this embodiment, the execution subject may determine the target medical data in the medical data set based on the attribute information.
The target medical data is medical data which the second user has access right.
As an example, the first user may set an association relationship between the attribute information and the medical data in the medical data set, and thus, by the association relationship, the target medical data in the medical data set may be determined based on the attribute information. The attribute information and the medical data having the association relationship, and the user (for example, the second user) representing the attribute indicated by the attribute information have the right to access the medical data.
Specifically, the first user may set the association between the attribute information and the medical data as follows: the attribute information a has an association relationship with the medical data a. In addition, other attribute information does not have an association with the medical data. The medical data set includes medical data a and medical data B.
Thus, if the attribute information of the second user includes the attribute information a, it can be determined that the target medical data is the medical data a. If the attribute information of the second user does not include the attribute information a, it may be determined that the second user does not have access to any medical data in the medical data set, that is, the target medical data cannot be determined, or the determined target medical data is empty.
In some cases, the attribute information and the user key may have the following association relationship:
if it is determined that the user having the attribute indicated by the attribute information a has the right to access the medical data a in the medical data set according to the access policy, a user key for decrypting the medical data ciphertext into the medical data a may be generated to establish an association relationship between the user key and the attribute information a.
Each piece of medical data in the medical data set may correspond to one user key, and the medical data may be generated when the medical data ciphertext is decrypted using the user key. Therefore, the user key which is in the association relation with the attribute information can be determined, and the medical data ciphertext is decrypted by the user key to obtain the target medical data in the medical data set.
103. And controlling the user terminal of the second user to access the target medical data.
In this embodiment, the executing entity may control the user terminal of the second user to access the target medical data.
Here, the execution subject may be a user terminal or a server. In a case where the execution subject is a user terminal, the second user may access the target medical data through the user terminal. In the case where the execution subject is a server, if the second user accesses the server through the user terminal used by the second user, the server may return the target medical data to the user terminal so that the second user can access the target medical data.
According to the data access method provided by the embodiment of the disclosure, attribute information of a second user requesting to access a medical data set of a first user is acquired, and then target medical data in the medical data set is determined based on the attribute information, wherein the target medical data is medical data of which the second user has access authority, and then, a user terminal of the second user is controlled to access the target medical data. According to the scheme, the target medical data with the access authority of the second user in the medical data set can be determined based on the attribute information of the second user, so that different second users can access different target medical data, management and access on the medical data in the medical data set in a finer granularity mode are achieved, and the privacy of the first user is protected.
In some optional implementation manners of this embodiment, the executing body may further allow the user terminal of the second user to access the target medical data according to a frequency within the target frequency interval and within the target time limit.
The target frequency interval may be determined by the first user and/or the target server. The target server may be any server communicatively connected to the execution subject, and may be software or hardware (e.g., a server).
As a first example, here, the target server may determine the target frequency interval in the following manner:
first, the frequency of accessing medical data by each user who has leaked the user key is acquired, and the minimum frequency determined therefrom is denoted as f1.
Thereafter, the frequency of accessing the medical data by the user other than the user who leaked the user key is acquired, and the minimum frequency obtained therefrom is denoted as f2.
Then, the target frequency interval is determined to be [ f2, f1 ].
As a second example, the target server and the first user may determine the target frequency interval in the following manner:
first, a first frequency interval set by a first user and a second frequency interval determined by a target server (e.g., frequency interval [ f2, f1 ] determined in the manner described in the first example described above) are acquired.
And then, determining the intersection of the first frequency interval and the second frequency interval as a target frequency interval.
The target duration may be determined by the first user and/or the target server.
As an example, the target server and the first user may determine the target duration in the following manner:
first, a first time limit set by a first user and a second time limit determined by a target server are obtained.
And then, determining the intersection of the first deadline and the second deadline as a target deadline.
It can be understood that, in the alternative implementation manner, by allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target time limit, the security of data access is improved.
Fig. 2 is a schematic flow chart of another data access method provided in the embodiment of the present disclosure, and as shown in fig. 2, the method specifically includes:
201. attribute information of a second user requesting access to a medical data set of a first user is obtained.
In the present embodiment, an execution subject (e.g., a server, a terminal device, a data access apparatus, etc.) of the data access method may acquire attribute information of a second user who requests access to a medical data set of the first user.
In this embodiment, step 201 is substantially the same as step 101 in the embodiment corresponding to fig. 1, and is not described here again.
202. And if the attribute information meets the access policy, determining a user key pre-associated with the attribute information.
In this embodiment, if the attribute information satisfies the access policy, the executing entity may determine a user key previously associated with the attribute information.
Wherein the access policy may characterize: the user having the attribute indicated by the attribute information has the right to access the medical data in the medical data set, and if the user has the right, the user also characterizes which medical data in the medical data set the user has the right to access.
The medical data set is stored in a medical data ciphertext mode.
The medical data ciphertext is obtained by processing the medical data set by adopting an attribute encryption algorithm.
The medical data ciphertext is associated with an access policy of the medical data set.
The attribute information satisfying the access policy can be characterized as follows: the user having the attribute indicated by the attribute information has the right to access the medical data in the medical data set.
As an example, the access policy may be: if the attribute information includes dermatologic, zhang san, and chairman, the user having the attribute indicated by the attribute information has the right to access the medical data a in the medical data set.
Further, the attribute information and the user key may have an association relationship as follows:
in some application scenarios of this embodiment, if it is determined that the user having the attribute indicated by the attribute information a has the right to access the medical data a in the medical data set according to the access policy, a user key for decrypting the medical data ciphertext into the medical data a may be generated to establish an association relationship between the user key and the attribute information a.
Here, in ciphertext-policy-based attribute encryption, a user key is associated with attribute information, and a medical data ciphertext specifies an access policy over a defined range of attributes in the system. The second user may decrypt the medical data ciphertext if and only if the second user's attributes satisfy the access policy of the corresponding medical data ciphertext. The access policy can be defined using a conjunction, disjunctive, and (k, n) threshold (k of n attributes must exist). For example, assume that the range of attributes is defined as { A, B, C, D }, and that second user 1 receives the user key for attribute information { A, B } and second user 2 receives the user key for attribute information { D }. If the medical data is encrypted according to the access policy (a C) v, the second user 2 will be able to decrypt and the second user 1 will not be able to decrypt.
203. And decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
In this embodiment, the executive body may decrypt the medical data ciphertext by using the user key to obtain the target medical data in the medical data set.
The target medical data is medical data which the second user has access right.
Taking the application scenario described in step 202 as an example, the target medical data obtained by the executive body may be medical data a.
204. And controlling the user terminal of the second user to access the target medical data.
In this embodiment, the executing entity may control the user terminal of the second user to access the target medical data.
In this embodiment, step 204 is substantially the same as step 103 in the corresponding embodiment of fig. 1, and is not described herein again.
According to the data access method provided by the embodiment of the disclosure, the attribute encryption algorithm is adopted to encrypt the medical data set, so that management and access of medical data in the medical data set in a finer granularity can be realized through the attribute encryption algorithm, and different medical data which can be accessed by different second users can be different, so that the privacy of the first user is protected.
In some optional implementations of the foregoing embodiments, the user key includes a user identifier. On this basis, if it is determined that the user key is leaked, the executing body may further determine a user identifier included in the leaked user key for user tracking.
In the above alternative implementation, a tracking factor may be added to the user key as the user identifier, and a unique tracking factor may be assigned to each user (including the above registered user). Once a user in the system reveals an individual user key, a tracking factor in the user key can be analyzed according to the obtained revealed user key, and then the key revealing user is tracked.
It can be understood that, in the above alternative implementation manner, the key disclosure user can be located and tracked, and further, the operation authority of the key disclosure user can be limited, so that the security of medical data access is improved.
In some optional implementations of the foregoing embodiment, the executing subject may execute the step 203 to obtain the target medical data in the medical data set in the following manner:
and after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain the target medical data in the medical data set.
Wherein, the executing device of the first decryption step is different from the executing device of the second decryption step.
As an example, the decryption algorithm may be split into two parts, namely a first decryption step and a second decryption step. Wherein the performing device (e.g., security arbitrator) of the first decryption step first performs a portion of the decryption of the medical data ciphertext. Then, the performing device of the second decryption step (e.g., the device used by the second user) performs another part of decryption on the partially decrypted medical data ciphertext (i.e., the intermediate decryption result).
It will be appreciated that in the alternative implementation described above, two different devices are used to perform a portion of the decryption, respectively, thereby improving the security of medical data access.
In some optional implementations of the foregoing embodiment, the executing main body may execute the foregoing step 203 to obtain the target medical data in the medical data set in the following manner:
and if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain the target medical data in the medical data set. The preset user set is a set of users who do not have the right of accessing the medical data in the medical data set.
Here, a user who does not have authority to access the medical data in the medical data set may be determined by maintaining the user set. The users in the preset user set may include revoked users, users who divulge user keys, and the like.
It can be understood that, in the above optional implementation manner, the user key is used to decrypt the medical data ciphertext only when the second user does not belong to the preset user set, so that the security of the medical data is further improved, and the computational resource consumed in the decryption process is reduced to a certain extent.
In some optional implementations of the above embodiment, the medical data ciphertext is generated by: and encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext.
On this basis, the execution main body can encrypt the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext. The execution body may decrypt the key ciphertext to obtain the user key before decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set.
It can be understood that, in the above optional implementation manner, the symmetric encryption algorithm is used to obtain the medical data ciphertext, and compared with the symmetric encryption algorithm, the encryption efficiency can be improved.
Fig. 3 is a flowchart of another data access method provided by an embodiment of the present disclosure, where the method may be applied to a terminal and/or a server. The terminal and the server can be hardware devices or software programs.
Specifically, as shown in fig. 3, the method specifically includes:
301. attribute information of a second user requesting access to a medical data set of a first user is obtained.
In the present embodiment, an executing subject of the data access method (e.g., a server, a terminal device, a data access apparatus, etc.) may acquire attribute information of a second user who requests access to a medical data set of a first user.
In this embodiment, step 301 is substantially the same as step 101 in the embodiment corresponding to fig. 1, and is not described herein again.
302. And determining the target medical data in the medical data set based on the attribute information.
In this embodiment, the execution subject may determine the target medical data in the medical data set based on the attribute information. Wherein the target medical data is medical data to which the second user has access right.
In this embodiment, step 302 is substantially the same as step 102 in the corresponding embodiment of fig. 1, and is not described herein again.
303. Allowing the user terminal of the second user to access the target medical data within the target time limit according to the frequency within the target frequency interval.
In this embodiment, the execution body may allow the user terminal of the second user to access the target medical data within a target time limit according to a frequency within a target frequency interval.
The target frequency interval may be determined by the first user and/or the target server. The target server may be any server communicatively connected to the execution entity, which may be software or hardware (e.g., a server).
As a first example, the target server may determine the target frequency interval in the following manner:
first, the frequency of accessing medical data by each user who has leaked the user key is acquired, and the minimum frequency determined therefrom is denoted as f1.
Thereafter, the frequency of accessing the medical data by the user other than the user who leaked the user key is acquired, and the minimum frequency obtained therefrom is denoted as f2.
Then, the target frequency interval is determined to be [ f2, f1 ].
As a second example, the target server and the first user may determine the target frequency interval in the following manner:
first, a first frequency interval set by a first user and a second frequency interval determined by a target server (e.g., frequency interval [ f2, f1 ] determined in the manner described in the first example described above) are acquired.
And then, determining the intersection of the first frequency interval and the second frequency interval as a target frequency interval.
The target duration may be determined by the first user and/or the target server.
As an example, the target server and the first user may determine the target duration in the following manner:
first, a first time limit set by a first user and a second time limit determined by a target server are obtained.
And then, determining the intersection of the first deadline and the second deadline as a target deadline.
Optionally, the executing entity may prohibit the user terminal from accessing non-target medical data in the medical data set.
304. And if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether to allow the user terminal to access the target medical data or not through the first user and the target server.
In this embodiment, if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval, or the time when the user terminal requests to access the target medical data is not within the target time limit, the executive agent may determine whether to allow the user terminal to access the target medical data via the first user and the target server.
As an example, if one of the first user and the target server does not allow the user terminal to access the target medical data, it may be determined that the user terminal is not allowed to access the target medical data finally.
As another example, in a case where the first user allows the user terminal to access the target medical data, the target server may determine a probability that the second user reveals the user key, and if the probability is greater than a preset threshold, determine that the user terminal is not allowed to access the target medical data finally; if the probability is less than or equal to the preset threshold, it is determined that the user terminal is finally allowed to access the target medical data. Wherein, the probability that the second user reveals the user key may be a similarity between the attribute information of the second user and the attribute information of the user who has determined to reveal the user key.
The following description is made for the purpose of illustrating the embodiments of the present disclosure, but it should be noted that the embodiments of the present disclosure may have the features described below, but the following description is not to be construed as limiting the scope of the embodiments of the present disclosure.
Firstly, processing the medical data set by adopting an attribute encryption algorithm. Wherein, the encrypted medical data (i.e. the medical data cryptogram) is associated with a set of attributes (i.e. the attribute information). The key (i.e., the user key) is associated with a policy (i.e., the access policy). Thereby, different doctors (i.e. the second user) have different access rights to the data (i.e. the medical data set) of the patient (i.e. the first user).
Here, the system architecture may be composed of three parties, the first is that a trusted third party serves as a generation mechanism of a user key, the second is that a patient owns data (i.e., the medical data set) and encrypts attribute of the data, and the third is that different doctors have different access rights to the encrypted data (i.e., the medical data ciphertext).
Specifically, firstly, a dynamic ciphertext cloud data access sharing technology supporting attribute revocation and access policy updating is realized through the following scheme:
in the above scheme of encrypting the medical data set by using the attributes, each second user has an attribute set (i.e., attribute information), and each attribute set corresponds to a private key (i.e., the user key). When a second user is revoked, in order to ensure that the second user leaving the system can not decrypt the medical data ciphertext in the system any more, the access right of the second user needs to be timely revoked. According to the revocation granularity division, the dynamic revocation of the second user and the dynamic revocation problem of the attribute of the second user can be distinguished. In addition, after the data owner (i.e., the first user) encrypts its private data (i.e., the medical data ciphertext) and sends the ciphertext (i.e., the medical data set) to the server, it may be necessary to change an originally specified access policy on the ciphertext, so as to dynamically adjust the access sharing authority for the private data.
Furthermore, to avoid excessive reliance and trust on a central server, multiple servers may be introduced. In the system establishing stage, the number of the attributes of the second user does not need to be specially appointed, so that the scheme is easy to expand the system and has higher practicability.
Secondly, an attribute encryption technology supporting traitor tracing and user revocation is realized by the following scheme:
tracing problem against traitors: a tracking factor c (i.e. the user identifier) is added to the user key, and a unique c is assigned to each user (including the second user) in the system. Once a user in the system reveals an individual user key, the system server can analyze c contained in the revealed user key according to the obtained revealed user key, and then track the key revealing user.
For the user revocation problem: a Security Mediator (SEM) mechanism is introduced. In particular, the decryption algorithm is split into two parts. The security arbitrator server first performs one part of decryption on the medical data ciphertext, and then the user himself performs the other part of decryption on the medical data ciphertext after the part of decryption. Here, the security mediator server will be responsible for maintaining a revocation list in which decryption can only be performed if the user requesting partial decryption is not present.
Thirdly, the following scheme realizes the attribute encryption technology supporting off-line operation and outsourcing decryption
The server responsible for the key issuance issues private keys (namely the user keys) for all users in the system; the data owner (i.e. the first user) is responsible for encrypting the data to be shared (i.e. the medical data set); and the data visitor (i.e. the second user) is responsible for decrypting the medical data ciphertext according to the private key (i.e. the user key) of the data visitor. When the number of users in the system is large and the user keys need to be updated periodically for all the users in the system, the server responsible for key issuance needs to perform a large number of calculation operations intensively, and thus it may become a system performance bottleneck. The more complex the access policy specified when the data owner encrypts the data, the more computationally expensive it will be to perform the encryption operation. Similarly, when the attribute of the data visitor meets the access policy, the computational cost of performing the decryption operation increases linearly with the number of attributes.
In order to alleviate the problem of insufficient computing power of resource-limited equipment and further improve the real-time computing efficiency of the system, an offline/online mode can be adopted to finish most of the computation in an offline stage, so that the online stage is ensured to execute only a small amount of computation. And an outsourcing calculation mode is adopted, namely most of calculated amount is executed by an outsourcing server with high performance, and the terminal equipment only needs to execute smaller calculated amount. When outsourced computation is employed, the results of outsourced decryption are verified.
From time to time, the proxy re-encryption technology supporting policy updating is realized through the following scheme:
the data owner (i.e., the first user) combines the own encryption key and the decryption key (i.e., the user key) of the receiver (i.e., the second user) to generate a re-encryption key, which is sent to the cloud server, and the cloud server is responsible for converting the medical data ciphertext into a ciphertext suitable for the data receiver (i.e., the second user) to decrypt. Accordingly, the medical data set may be encrypted using a symmetric encryption algorithm to obtain a medical data ciphertext. Then, the symmetric key is encrypted by using the proxy re-encryption algorithm to obtain a key ciphertext, when a user wants to access the medical data set, the key ciphertext can be decrypted firstly to obtain the symmetric key, and then the medical data ciphertext is decrypted by using the symmetric key to obtain the target medical data.
Thus, in the above example, the set of medical data is processed using an attribute encryption algorithm such that the medical data ciphertext is associated with the attribute information and the user key is associated with the access policy, which may support traitor tracing and user revocation, as well as support attribute revocation and access policy updates.
The data access method according to the embodiment of the present disclosure allows a user terminal of a second user to access the target medical data within a target time limit according to a frequency within a target frequency interval, and determines whether to allow the user terminal to access the target medical data via both the first user and the target server if the frequency at which the user terminal requests access to the target medical data does not belong to the target frequency interval or the time at which the user terminal requests access to the target medical data does not fall within the target time limit. This further improves the security of data access.
Fig. 4 is a schematic structural diagram of a data access device provided in an embodiment of the present disclosure, which specifically includes:
an obtaining unit 401 configured to obtain attribute information of a second user requesting access to a medical data set of a first user;
a first determining unit 402, configured to determine target medical data in the medical data set based on the attribute information, where the target medical data is medical data to which the second user has access right;
a control unit 403 configured to control the user terminal of the second user to access the target medical data.
Optionally, in the apparatus according to any embodiment of the present disclosure, the medical data set is stored in a form of a medical data ciphertext, where the medical data ciphertext is obtained by processing the medical data set with an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the first determining unit 402 is specifically configured to:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
Optionally, in an apparatus according to any embodiment of the present disclosure, the user key includes a user identifier; and
the above-mentioned device still includes:
and a second determining unit (not shown in the figure) configured to determine, if it is determined that the user key is leaked, a user identifier included in the leaked user key for user tracking.
Optionally, in an apparatus according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain target medical data in the medical data set;
wherein, the executing device of the first decryption step is different from the executing device of the second decryption step.
Optionally, in an apparatus according to any embodiment of the present disclosure, the decrypting the medical data ciphertext with the user key to obtain target medical data in the medical data set includes:
if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain target medical data in the medical data set;
the preset user set is a set of users who do not have the right of accessing the medical data in the medical data set.
Optionally, in an apparatus according to any embodiment of the present disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext; and
the above-mentioned device still includes:
an encryption unit (not shown in the figure) configured to encrypt the user key by using a proxy re-encryption algorithm to obtain a key ciphertext; and
before the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set, the apparatus further includes:
and the decryption unit is configured to decrypt the key ciphertext to obtain the user key.
Optionally, in an apparatus according to any embodiment of the present disclosure, the control unit 403 is specifically configured to:
allowing the user terminal of the second user to access the target medical data within a target time limit according to the frequency within the target frequency interval;
forbidding the user terminal to access non-target medical data in the medical data set;
and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether to allow the user terminal to access the target medical data or not through the first user and the target server.
The data access device provided in this embodiment may be the data access device shown in fig. 4, and may perform all the steps of the data access method shown in fig. 1 to 3, so as to achieve the technical effect of the data access method shown in fig. 1 to 3, and for brevity, it is specifically described with reference to fig. 1 to 3, and no further description is provided here.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device 500 shown in fig. 5 includes: at least one processor 501, memory 502, at least one network interface 504, and other user interfaces 503. The various components in the electronic device 500 are coupled together by a bus system 505. It is understood that the bus system 505 is used to enable connection communications between these components. The bus system 505 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 505 in FIG. 5.
The user interface 503 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.
It is to be understood that the memory 502 in embodiments of the present disclosure may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), double Data Rate Synchronous Dynamic random access memory (ddr Data Rate SDRAM, ddr SDRAM), enhanced Synchronous SDRAM (ESDRAM), synchlronous SDRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 502 described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some embodiments, memory 502 stores elements, executable units or data structures, or a subset thereof, or an expanded set thereof: an operating system 5021 and application programs 5022.
The operating system 5021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application 5022 includes various applications, such as a Media Player (Media Player), a Browser (Browser), and the like, for implementing various application services. A program implementing the method of the embodiments of the present disclosure may be included in the application program 5022.
In this embodiment, by calling a program or an instruction stored in the memory 502, specifically, a program or an instruction stored in the application 5022, the processor 501 is configured to execute the method steps provided by the method embodiments, for example, including:
acquiring attribute information of a second user requesting access to a medical data set of a first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data which the second user has access right;
and controlling the user terminal of the second user to access the target medical data.
Optionally, in the method according to any embodiment of the present disclosure, the medical data set is stored in a form of a medical data ciphertext, the medical data ciphertext is obtained by processing the medical data set by using an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the determining target medical data in the medical data set based on the attribute information includes:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
Optionally, in a method according to any embodiment of the present disclosure, the user key includes a user identifier; and
the method further comprises the following steps:
and if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to track the user.
Optionally, in the method according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain target medical data in the medical data set;
wherein, the executing device of the first decryption step is different from the executing device of the second decryption step.
Optionally, in the method according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain target medical data in the medical data set;
the preset user set is a set of users who do not have the right of accessing the medical data in the medical data set.
Optionally, in the method according to any embodiment of the present disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the following steps:
encrypting the user key by adopting an agent re-encryption algorithm to obtain a key ciphertext; and
before the decrypting the medical data ciphertext by using the user key to obtain the target medical data in the medical data set, the method further includes:
and decrypting the key ciphertext to obtain the user key.
Optionally, in a method according to any embodiment of the present disclosure, the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data within a target time limit according to the frequency within the target frequency interval;
forbidding the user terminal to access non-target medical data in the medical data set;
and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether to allow the user terminal to access the target medical data or not through the first user and the target server.
The method disclosed by the embodiment of the present disclosure can be applied to the processor 501, or implemented by the processor 501. The processor 501 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 501. The Processor 501 may be a general-purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present disclosure may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present disclosure may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software elements in the decoding processor. The software elements may be located in ram, flash, rom, prom, or eprom, registers, among other storage media that are well known in the art. The storage medium is located in the memory 502, and the processor 501 reads the information in the memory 502 and completes the steps of the method in combination with the hardware.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented in one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units configured to perform the above-described functions of the present disclosure, or a combination thereof.
For a software implementation, the techniques described herein may be implemented by means of units performing the functions described herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
The electronic device provided in this embodiment may be the electronic device shown in fig. 5, and may perform all the steps of the data access method shown in fig. 1 to 3, so as to achieve the technical effect of the data access method shown in fig. 1 to 3, and for brevity, it is not described herein again.
The disclosed embodiments also provide a storage medium (computer-readable storage medium). The storage medium herein stores one or more programs. Among others, the storage medium may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, a hard disk, or a solid state disk; the memory may also comprise a combination of the above kinds of memories.
When one or more programs in the storage medium are executable by one or more processors, the data access method performed on the electronic device side as described above is implemented.
The processor is configured to execute the data access program stored in the memory to implement the following steps of the data access method executed on the electronic device side:
acquiring attribute information of a second user requesting access to a medical data set of a first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data which the second user has access right;
and controlling the user terminal of the second user to access the target medical data.
Optionally, in the method according to any embodiment of the present disclosure, the medical data set is stored in a form of a medical data ciphertext, the medical data ciphertext is obtained by processing the medical data set by using an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the determining target medical data in the medical data set based on the attribute information includes:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
Optionally, in a method according to any embodiment of the present disclosure, the user key includes a user identifier; and
the method further comprises the following steps:
and if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to track the user.
Optionally, in the method according to any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain target medical data in the medical data set;
wherein, the executing device of the first decryption step is different from the executing device of the second decryption step.
Optionally, in a method according to any embodiment of the present disclosure, the decrypting the medical data ciphertext with the user key to obtain target medical data in the medical data set includes:
if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain target medical data in the medical data set;
the preset user set is a set of users who do not have the right of accessing the medical data in the medical data set.
Optionally, in the method according to any embodiment of the present disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the following steps:
encrypting the user key by adopting an agent re-encryption algorithm to obtain a key ciphertext; and
before the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set, the method further includes:
and decrypting the key ciphertext to obtain the user key.
Optionally, in a method according to any embodiment of the present disclosure, the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data within a target time limit according to the frequency within the target frequency interval;
forbidding the user terminal to access non-target medical data in the medical data set;
and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether to allow the user terminal to access the target medical data or not through the first user and the target server.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments, objects, technical solutions and advantages of the present disclosure are described in further detail, it should be understood that the above-mentioned embodiments are merely illustrative of the present disclosure and are not intended to limit the scope of the present disclosure, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A method of data access, the method comprising:
acquiring attribute information of a second user requesting access to a medical data set of a first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data which the second user has access right;
and controlling the user terminal of the second user to access the target medical data.
2. The method of claim 1, wherein the set of medical data is stored as a ciphertext of medical data obtained via processing the set of medical data using an attribute encryption algorithm, the ciphertext of medical data being associated with an access policy of the set of medical data; and
the determining target medical data in the medical data set based on the attribute information comprises:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain the target medical data in the medical data set.
3. The method of claim 2, wherein the user key comprises a user identification; and
the method further comprises the following steps:
and if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to perform user tracking.
4. The method according to claim 2, wherein the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set comprises:
after the medical data ciphertext is decrypted by adopting the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by adopting the second decryption step through the user key to obtain target medical data in the medical data set;
wherein the executing device of the first decryption step is different from the executing device of the second decryption step.
5. The method according to claim 2, wherein the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set comprises:
if the second user does not belong to a preset user set, decrypting the medical data ciphertext by using the user key to obtain target medical data in the medical data set;
wherein the preset user set is a set of users who do not have the right to access the medical data in the medical data set.
6. The method of one of claims 2 to 5, wherein the ciphertext of the medical data is generated by:
encrypting the medical data set by using the user key by using a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the following steps:
encrypting the user key by adopting an agent re-encryption algorithm to obtain a key ciphertext; and
before the decrypting the medical data ciphertext by using the user key to obtain the target medical data in the medical data set, the method further includes:
and decrypting the key ciphertext to obtain the user key.
7. The method according to any one of claims 1-6, wherein said controlling access to said target medical data by a user terminal of said second user comprises:
allowing the user terminal of the second user to access the target medical data within a target time limit according to the frequency within the target frequency interval;
and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time when the user terminal requests to access the target medical data is not within the target time limit, determining whether the user terminal is allowed to access the target medical data or not through the first user and the target server.
8. A data access apparatus, the apparatus comprising:
an acquisition unit configured to acquire attribute information of a second user who requests access to a medical data set of a first user;
a first determining unit configured to determine target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data which the second user has access right;
a control unit configured to control a user terminal of the second user to access the target medical data.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in the memory, and when executed, implementing the method of any of the preceding claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210733520.8A CN115174175B (en) | 2022-06-24 | 2022-06-24 | Data access method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210733520.8A CN115174175B (en) | 2022-06-24 | 2022-06-24 | Data access method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115174175A true CN115174175A (en) | 2022-10-11 |
| CN115174175B CN115174175B (en) | 2024-03-22 |
Family
ID=83487020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210733520.8A Active CN115174175B (en) | 2022-06-24 | 2022-06-24 | Data access method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174175B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101379507A (en) * | 2006-01-31 | 2009-03-04 | 皇家飞利浦电子股份有限公司 | Role-based access control |
| KR20120041904A (en) * | 2010-10-22 | 2012-05-03 | 동국대학교 경주캠퍼스 산학협력단 | Proxy based privilege management method and apparatus for accessing health data in cloud computing environment |
| CN111901302A (en) * | 2020-06-28 | 2020-11-06 | 石家庄铁道大学 | Medical information attribute encryption access control method based on block chain |
| CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN113642024A (en) * | 2021-08-30 | 2021-11-12 | 西安邮电大学 | Block chain-based medical data fine-grained management method and system |
| CN114584295A (en) * | 2022-03-01 | 2022-06-03 | 南京大学 | Universal black box traceable method and device for attribute-based proxy re-encryption system |
-
2022
- 2022-06-24 CN CN202210733520.8A patent/CN115174175B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101379507A (en) * | 2006-01-31 | 2009-03-04 | 皇家飞利浦电子股份有限公司 | Role-based access control |
| KR20120041904A (en) * | 2010-10-22 | 2012-05-03 | 동국대학교 경주캠퍼스 산학협력단 | Proxy based privilege management method and apparatus for accessing health data in cloud computing environment |
| CN111901302A (en) * | 2020-06-28 | 2020-11-06 | 石家庄铁道大学 | Medical information attribute encryption access control method based on block chain |
| CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN113642024A (en) * | 2021-08-30 | 2021-11-12 | 西安邮电大学 | Block chain-based medical data fine-grained management method and system |
| CN114584295A (en) * | 2022-03-01 | 2022-06-03 | 南京大学 | Universal black box traceable method and device for attribute-based proxy re-encryption system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115174175B (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220182365A1 (en) | Techniques for shared private data objects in a trusted execution environment | |
| US10735202B2 (en) | Anonymous consent and data sharing on a blockchain | |
| CN110099043B (en) | Multi-authorization-center access control method supporting policy hiding and cloud storage system | |
| CN108390876B (en) | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server | |
| Sajid et al. | Data privacy in cloud-assisted healthcare systems: state of the art and future challenges | |
| Fabian et al. | Collaborative and secure sharing of healthcare data in multi-clouds | |
| US11239994B2 (en) | Techniques for key provisioning in a trusted execution environment | |
| Sadat et al. | Safety: secure gwas in federated environment through a hybrid solution | |
| US9356936B2 (en) | Method and apparatus for managing access to electronic content | |
| Zuo et al. | BCAS: A blockchain-based ciphertext-policy attribute-based encryption scheme for cloud data security sharing | |
| US9275249B1 (en) | Accelerated encrypted database operations | |
| US20150006893A1 (en) | Topic protection policy for publish-subscribe messaging system | |
| Eom et al. | Patient-controlled attribute-based encryption for secure electronic health records system | |
| Martínez et al. | A user-centric Internet of Things platform to empower users for managing security and privacy concerns in the Internet of Energy | |
| Sangeetha et al. | Multi keyword searchable attribute based encryption for efficient retrieval of health Records in Cloud | |
| US9137014B2 (en) | Systems and methods for controlling electronic document use | |
| Zaghloul et al. | $ d $ d-MABE: Distributed Multilevel Attribute-Based EMR Management and Applications | |
| Ikuomola et al. | Securing patient privacy in e-health cloud using homomorphic encryption and access control | |
| CN115174175B (en) | Data access method, device, electronic equipment and storage medium | |
| Kandasamy et al. | Flexible access control for outsourcing personal health services in cloud computing using hierarchical attribute set based encryption | |
| Rai et al. | Prototype implementation of patient controlled pseudonym-based mechanism for electronic health record (PcPbEHR) | |
| Exceline et al. | Flexible access control mechanism for cloud stored EHR using consortium blockchain | |
| Suganthi et al. | Secure and privacy in healthcare data using quaternion based neural network and encoder-elliptic curve deep neural network with blockchain on the cloud environment | |
| Kelarev et al. | A survey of state-of-the-art methods for securing medical databases | |
| Kiran Dash et al. | An approach to securely store electronic health record (EHR) using blockchain with proxy re-encryption and behavioral analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |