CN115174175B - Data access method, device, electronic equipment and storage medium - Google Patents
Data access method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115174175B CN115174175B CN202210733520.8A CN202210733520A CN115174175B CN 115174175 B CN115174175 B CN 115174175B CN 202210733520 A CN202210733520 A CN 202210733520A CN 115174175 B CN115174175 B CN 115174175B
- Authority
- CN
- China
- Prior art keywords
- medical data
- user
- target
- access
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 230000015654 memory Effects 0.000 claims description 36
- 238000004422 calculation algorithm Methods 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 description 5
- 238000012946 outsourcing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013480 data collection Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 206010020751 Hypersensitivity Diseases 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000007815 allergy Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Abstract
The embodiment of the disclosure relates to a data access method, a device, an electronic device and a storage medium, wherein the method comprises the following steps: acquiring attribute information of a second user requesting access to the medical data set of the first user; determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data with access rights of the second user; and controlling the user terminal of the second user to access the target medical data. According to the scheme, the target medical data with the access right of the second user in the medical data set can be determined based on the attribute information of the second user, so that different second users can access different target medical data, management and access of finer granularity of the medical data in the medical data set are realized, and privacy of the first user is protected.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a data access method, a data access device, electronic equipment and a storage medium.
Background
Nowadays, people attach more and more importance to their own privacy. For example, during a medical visit, each patient is an owner of his own medical data, for which the patient wishes to be able to hide some medical history, such as some diseases susceptible to discrimination. But some clinical history should be visible to all doctors.
It can be seen that how to achieve finer granularity of data access is a concern.
Disclosure of Invention
In view of the above, in order to solve some or all of the above technical problems, embodiments of the present disclosure provide a data access method, apparatus, electronic device, and storage medium.
In a first aspect, an embodiment of the present disclosure provides a data access method, where the method includes:
acquiring attribute information of a second user requesting access to the medical data set of the first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data with access rights of the second user;
and controlling the user terminal of the second user to access the target medical data.
Optionally, in the method of any embodiment of the disclosure, the medical data set is stored in a manner of a medical data ciphertext, the medical data ciphertext is obtained after the medical data set is processed by adopting an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
The determining target medical data in the medical data set based on the attribute information includes:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
Optionally, in a method of any embodiment of the disclosure, the user key includes a user identifier; and
the method further comprises the following steps:
if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to carry out user tracking.
Optionally, in the method of any embodiment of the present disclosure, decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting a first decryption step to obtain an intermediate decryption result, decrypting the medical data ciphertext by adopting a second decryption step through the user key to obtain target medical data in the medical data set;
Wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
Optionally, in the method of any embodiment of the present disclosure, decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set;
the preset user set is a set of users without authority to access the medical data in the medical data set.
Optionally, in the method of any embodiment of the disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the following steps:
encrypting the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext; and
before decrypting the ciphertext of the medical data by using the user key to obtain the target medical data in the medical data set, the method further comprises:
And decrypting the key ciphertext to obtain the user key.
Optionally, in the method of any embodiment of the disclosure, the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
prohibiting the user terminal from accessing non-target medical data in the medical data set;
if the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or if the time of the user terminal requesting access to the target medical data does not fall within the target period, determining whether to allow the user terminal to access the target medical data via the first user and the target server.
In a second aspect, an embodiment of the present disclosure provides a data access apparatus, including:
an acquisition unit configured to acquire attribute information of a second user requesting access to the medical data set of the first user;
a first determination unit configured to determine target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data to which the second user has access;
And a control unit configured to control the user terminal of the second user to access the target medical data.
Optionally, in the apparatus of any embodiment of the disclosure, the medical data set is stored in a manner of a medical data ciphertext, the medical data ciphertext is obtained after the medical data set is processed by adopting an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the first determining unit is specifically configured to:
determining a user key pre-associated with the attribute information if the attribute information satisfies the access policy;
and decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
Optionally, in an apparatus of any embodiment of the disclosure, the user key includes a user identifier; and
the device further comprises:
and a second determining unit configured to determine, if it is determined that the user key is leaked, a user identifier included in the leaked user key, so as to perform user tracking.
Optionally, in the apparatus of any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
After the medical data ciphertext is decrypted by adopting a first decryption step to obtain an intermediate decryption result, decrypting the medical data ciphertext by adopting a second decryption step through the user key to obtain target medical data in the medical data set;
wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
Optionally, in the apparatus of any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set;
the preset user set is a set of users without authority to access the medical data in the medical data set.
Optionally, in an apparatus of any embodiment of the disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext; and
The device further comprises:
the encryption unit is configured to encrypt the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext; and
the apparatus further includes, before decrypting the ciphertext of the medical data using the user key to obtain the target medical data in the medical data set:
and the decryption unit is configured to decrypt the key ciphertext to obtain the user key.
Optionally, in an apparatus of any embodiment of the disclosure, the control unit is specifically configured to:
allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
prohibiting the user terminal from accessing non-target medical data in the medical data set;
if the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or if the time of the user terminal requesting access to the target medical data does not fall within the target period, determining whether to allow the user terminal to access the target medical data via the first user and the target server.
In a third aspect, an embodiment of the present disclosure provides an electronic device, including:
a memory for storing a computer program;
and a processor, configured to execute the computer program stored in the memory, and when the computer program is executed, implement a method of any embodiment of the data access method of the first aspect of the disclosure.
In a fourth aspect, embodiments of the present disclosure provide a computer readable storage medium, which when executed by a processor, implements a method as in any of the embodiments of the data access method of the first aspect described above.
In a fifth aspect, embodiments of the present disclosure provide a computer program comprising computer readable code which, when run on a device, causes a processor in the device to execute instructions for carrying out the steps of the method as in any of the embodiments of the data access method of the first aspect described above.
According to the data access method provided by the embodiment of the disclosure, attribute information of a second user requesting to access a medical data set of a first user is obtained, then, target medical data in the medical data set is determined based on the attribute information, wherein the target medical data is medical data with access authority of the second user, and then, a user terminal of the second user is controlled to access the target medical data. According to the scheme, the target medical data with the access right of the second user in the medical data set can be determined based on the attribute information of the second user, so that different second users can access different target medical data, management and access of finer granularity of the medical data in the medical data set are realized, and privacy of the first user is protected.
Drawings
Fig. 1 is a schematic flow chart of a data access method according to an embodiment of the disclosure;
FIG. 2 is a flowchart illustrating another data access method according to an embodiment of the present disclosure;
FIG. 3 is a flowchart illustrating a data access method according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a data access device according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present disclosure are used merely to distinguish between different steps, devices, or modules, and do not represent any particular technical meaning nor logical order between them.
It should also be understood that in this embodiment, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in the presently disclosed embodiments may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in this disclosure is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the front and rear association objects are an or relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. For an understanding of the embodiments of the present disclosure, the present disclosure will be described in detail below with reference to the drawings in conjunction with the embodiments. It will be apparent that the described embodiments are some, but not all, of the embodiments of the present disclosure. Based on the embodiments in this disclosure, all other embodiments that a person of ordinary skill in the art would obtain without making any inventive effort are within the scope of protection of this disclosure.
In addition, it should be noted that the users (including the first user and the second user) described in this disclosure may be distinguished by using the user identification. For example, the user identifier may be a login account, and in this scenario, if different people log in with the same account, the different people may be considered to be the same user; if the same person logs in by adopting different accounts, the same person logging in different accounts can be considered as different users.
Fig. 1 is a flow chart of a data access method according to an embodiment of the present disclosure, as shown in fig. 1, where the method specifically includes:
101. attribute information of a second user requesting access to a medical data set of the first user is obtained.
In this embodiment, an execution subject (e.g., a server, a terminal device, a data access apparatus, etc.) of the data access method may acquire attribute information of a second user requesting access to the medical data set of the first user.
The first user may be any user.
The second user may be any user different from the first user.
As an example, the first user may be a patient; the second user may be a doctor.
Alternatively, the first user may also be a person attending the interview and the second user may also be a corporate employee responsible for the interview.
The first user and the second user may be registered users of a preset platform (e.g., a medical website, a medical application, etc.).
The medical data set may include one or more items of medical data. By way of example, the medical data collection may include allergy history, age, name, gender, surgical history, illness history, and the like.
The attribute information may be information input by the second user on the preset platform, or may be information generated based on operation history information of the second user on the preset platform. As an example, the attribute information may include the sex, age, affiliated department, affiliated hospital, medical data leakage frequency, medical data leakage probability, and the like of the second user.
102. And determining target medical data in the medical data set based on the attribute information.
In this embodiment, the execution subject may determine the target medical data in the medical data set based on the attribute information.
The target medical data is medical data with access rights of the second user.
As an example, the first user may set an association relationship of the attribute information with the medical data in the medical data set, whereby, by the association relationship, the target medical data in the medical data set may be determined based on the attribute information. Wherein the attribute information and the medical data having the association relation, a user (e.g., a second user) characterizing the attribute indicated by the attribute information has a right to access the medical data.
Specifically, the first user may set the association relationship between the attribute information and the medical data as follows: the attribute information a has an association relationship with the medical data a. In addition, other attribute information has no association with medical data. The medical data set includes medical data a and medical data B.
Thus, if the attribute information of the second user includes attribute information a, it can be determined that the target medical data is medical data a. If the attribute information of the second user does not include attribute information a, it may be determined that the second user does not have access to any of the medical data in the medical data set, i.e., the target medical data cannot be determined, or the determined target medical data is empty.
In some cases, the attribute information and the user key may have the following association relationship:
if it is determined that the user having the attribute indicated by the attribute information a has the right to access the medical data a in the medical data set according to the access policy, a user key for decrypting the medical data ciphertext into the medical data a may be generated to establish an association between the user key and the attribute information a.
Each of the medical data in the set of medical data may correspond to a user key that may be generated when the ciphertext of the medical data is decrypted using the user key. Therefore, the user key with the association relation with the attribute information can be determined, and the medical data ciphertext is decrypted by the user key, so that the target medical data in the medical data set is obtained.
103. And controlling the user terminal of the second user to access the target medical data.
In this embodiment, the execution body may control the user terminal of the second user to access the target medical data.
Here, the execution body may be a user terminal or a server. In the case where the execution subject is a user terminal, the second user can access the target medical data through the user terminal. In the case that the execution subject is a server, if the second user accesses the server through the user terminal used by the second user, the server may return the target medical data to the user terminal for the second user to access.
According to the data access method provided by the embodiment of the disclosure, attribute information of a second user requesting to access a medical data set of a first user is obtained, then, target medical data in the medical data set is determined based on the attribute information, wherein the target medical data is medical data with access authority of the second user, and then, a user terminal of the second user is controlled to access the target medical data. According to the scheme, the target medical data with the access right of the second user in the medical data set can be determined based on the attribute information of the second user, so that different second users can access different target medical data, management and access of finer granularity of the medical data in the medical data set are realized, and privacy of the first user is protected.
In some optional implementations of this embodiment, the executing entity may further allow the user terminal of the second user to access the target medical data according to a frequency in a target frequency interval within a target period.
The target frequency interval may be determined by the first user and/or the target server. The target server may be any server communicatively coupled to the execution body, and may be software or hardware (e.g., a server).
As a first example, here, the target server may determine the target frequency interval in the following manner:
first, the frequency of access to medical data by each user revealing the user key is acquired, and the minimum frequency determined therefrom is denoted as f1.
Thereafter, the frequency of access to the medical data by other users than the user revealing the user key is acquired, and the minimum frequency obtained therefrom is denoted as f2.
Then, the target frequency interval is determined to be [ f2, f1 ].
As a second example, the target server and the first user may determine the target frequency interval in the following manner:
first, a first frequency interval set by a first user and a second frequency interval determined by the target server (e.g., frequency interval [ f2, f1 ] determined in the manner described in the first example as described above) are acquired.
Then, the intersection of the first frequency interval and the second frequency interval is determined as a target frequency interval.
The target deadline may be determined via the first user and/or the target server.
As an example, the target server and the first user may determine the target deadline in the following manner:
first, a first period set by a first user and a second period determined by a target server are acquired.
Then, the intersection of the first term and the second term is determined as the target term.
It can be appreciated that the above alternative implementation improves the security of data access by allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval within the target time period.
Fig. 2 is a flow chart of another data access method according to an embodiment of the disclosure, as shown in fig. 2, where the method specifically includes:
201. attribute information of a second user requesting access to a medical data set of the first user is obtained.
In this embodiment, an execution subject (e.g., a server, a terminal device, a data access apparatus, etc.) of the data access method may acquire attribute information of a second user requesting access to the medical data set of the first user.
In this embodiment, step 201 is substantially identical to step 101 in the corresponding embodiment of fig. 1, and will not be described herein.
202. And if the attribute information meets the access policy, determining a user key pre-associated with the attribute information.
In this embodiment, if the attribute information satisfies the access policy, the execution body may determine a user key associated in advance with the attribute information.
Wherein the access policy may characterize: a user having an attribute indicated by the attribute information has rights to access medical data in the set of medical data and, in case the user has the rights as described above, also characterizes which medical data in the set of medical data the user has rights to access.
Wherein the medical data set is stored in the form of a medical data ciphertext.
The medical data ciphertext is obtained by processing the medical data set by adopting an attribute encryption algorithm.
The medical data ciphertext is associated with an access policy of the medical data collection.
The attribute information satisfying the access policy may characterize: the user having the attribute indicated by the attribute information has a right to access the medical data in the medical data set.
As an example, the access policy may be: if the attribute information includes dermatology, zhang San, and mainly medical practitioners, then the user having the attribute indicated by the attribute information has the right to access the medical data A in the medical data set.
Further, the attribute information and the user key may have the following association relationship:
in some application scenarios of the present embodiment, if it is determined that, according to the access policy, the user having the attribute indicated by the attribute information a has the right to access the medical data a in the medical data set, a user key for decrypting the medical data ciphertext into the medical data a may be generated to establish the association relationship between the user key and the attribute information a.
Here, in attribute encryption based on a ciphertext policy, a user key is associated with attribute information, and a medical data ciphertext specifies an access policy over a defined attribute range in a system. The second user may decrypt the medical data ciphertext if and only if the attribute of the second user satisfies the access policy of the corresponding medical data ciphertext. The access policy may be defined using a conjunctive, disjunctive and (k, n) threshold (there must be k out of n attributes). For example, assume that the range of the attribute is defined as { a, B, C, D }, and that the second user 1 receives the user key of the attribute information { a, B }, and the second user 2 receives the user key of the attribute information { D }. If the medical data is encrypted according to the access policy (a C) D, the second user 2 will be able to decrypt, whereas the second user 1 will not be able to decrypt.
203. And decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
In this embodiment, the execution body may decrypt the medical data ciphertext by using the user key to obtain the target medical data in the medical data set.
The target medical data is medical data with access rights of the second user.
Taking the application scenario described in step 202 as an example, the target medical data obtained by the execution subject may be medical data a.
204. And controlling the user terminal of the second user to access the target medical data.
In this embodiment, the execution body may control the user terminal of the second user to access the target medical data.
In this embodiment, step 204 is substantially identical to step 103 in the corresponding embodiment of fig. 1, and will not be described herein.
According to the data access method provided by the embodiment of the disclosure, the medical data set is encrypted by adopting the attribute encryption algorithm, so that the medical data in the medical data set is managed and accessed in a finer granularity through the attribute encryption algorithm, and different medical data which can be accessed by different second users can be different, so that the privacy of the first user is protected.
In some optional implementations of the above embodiment, the user key includes a user identification. On this basis, if it is determined that the user key is leaked, the execution body may further determine a user identifier included in the leaked user key to perform user tracking.
In the above alternative implementation, a tracking factor may be added to the user key as the user identification, and each user (including the registered user) may be assigned a unique tracking factor. Once a user in the system leaks a personal user key, a tracking factor in the user key can be analyzed according to the obtained leaked user key, and then the key leakage user is tracked.
It can be appreciated that in the above alternative implementation manner, the positioning and tracking of the key leakage user can be realized, and further, the operation authority of the key leakage user can be limited, so that the security of medical data access is improved.
In some optional implementations of the foregoing embodiments, the executing body may execute the step 203 to obtain the target medical data in the medical data set in the following manner:
after the medical data ciphertext is decrypted by the first decryption step to obtain an intermediate decryption result, the medical data ciphertext is decrypted by the second decryption step through the user key to obtain target medical data in the medical data set.
Wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
As an example, the decryption algorithm may be split into two parts, namely a first decryption step and a second decryption step. Wherein the performing device of the first decryption step (e.g. a security arbitrator) first performs a part of the decryption of the ciphertext of the medical data. The performing device of the second decryption step (e.g. the device used by the second user) then performs another partial decryption on the partially decrypted medical data ciphertext (i.e. the intermediate decryption result).
It will be appreciated that in the alternative implementation described above, two different devices are used to perform a portion of the decryption separately, thereby improving the security of the medical data access.
In some optional implementations of the foregoing embodiments, the executing body may execute the step 203 to obtain the target medical data in the medical data set in the following manner:
and if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set. The preset user set is a set of users without authority to access the medical data in the medical data set.
Here, a user who does not have the right to access the medical data in the above-described medical data set may be determined by maintaining the above-described user set. The users in the preset user set may include revoked users, compromised users, and the like.
It can be appreciated that in the above alternative implementation manner, the user key is adopted to decrypt the medical data ciphertext only when the second user does not belong to the preset user set, so that the security of the medical data is further improved, and the computing resources consumed in the decryption process are reduced to a certain extent.
In some optional implementations of the above embodiments, the medical data ciphertext is generated by: and encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext.
On the basis, the execution main body can encrypt the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext. And, before decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set, the execution subject may further decrypt the key ciphertext to obtain the user key.
It can be appreciated that in the above alternative implementation, the medical data ciphertext is obtained by using a symmetric encryption algorithm, which can improve encryption efficiency relative to using a symmetric encryption algorithm.
Fig. 3 is a flowchart of another data access method according to an embodiment of the present disclosure, where the method may be applied to a terminal and/or a server. The terminal and the server may be hardware devices or software programs.
Specifically, as shown in fig. 3, the method specifically includes:
301. attribute information of a second user requesting access to a medical data set of the first user is obtained.
In this embodiment, an execution subject (e.g., a server, a terminal device, a data access apparatus, etc.) of the data access method may acquire attribute information of a second user requesting access to the medical data set of the first user.
In this embodiment, step 301 is substantially identical to step 101 in the corresponding embodiment of fig. 1, and will not be described herein.
302. And determining target medical data in the medical data set based on the attribute information.
In this embodiment, the execution subject may determine the target medical data in the medical data set based on the attribute information. The target medical data is medical data with access rights of the second user.
In this embodiment, step 302 is substantially identical to step 102 in the corresponding embodiment of fig. 1, and will not be described herein.
303. And allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval within the target time limit.
In this embodiment, the execution body may allow the user terminal of the second user to access the target medical data in accordance with the frequency in the target frequency interval within the target period.
The target frequency interval may be determined by the first user and/or the target server. The target server may be any server communicatively coupled to the execution body, and may be software or hardware (e.g., a server).
As a first example, the target server may determine the target frequency interval in the following manner:
first, the frequency of access to medical data by each user revealing the user key is acquired, and the minimum frequency determined therefrom is denoted as f1.
Thereafter, the frequency of access to the medical data by other users than the user revealing the user key is acquired, and the minimum frequency obtained therefrom is denoted as f2.
Then, the target frequency interval is determined to be [ f2, f1 ].
As a second example, the target server and the first user may determine the target frequency interval in the following manner:
first, a first frequency interval set by a first user and a second frequency interval determined by the target server (e.g., frequency interval [ f2, f1 ] determined in the manner described in the first example as described above) are acquired.
Then, the intersection of the first frequency interval and the second frequency interval is determined as a target frequency interval.
The target deadline may be determined via the first user and/or the target server.
As an example, the target server and the first user may determine the target deadline in the following manner:
first, a first period set by a first user and a second period determined by a target server are acquired.
Then, the intersection of the first term and the second term is determined as the target term.
Alternatively, the executing body may prohibit the user terminal from accessing non-target medical data in the medical data set.
304. If the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or if the time of the user terminal requesting access to the target medical data does not fall within the target period, determining whether to allow the user terminal to access the target medical data via the first user and the target server.
In this embodiment, if the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or the time when the user terminal requests access to the target medical data does not fall within the target period, the execution subject may determine whether to allow the user terminal to access the target medical data via the first user and the target server.
As an example, if one of the first user and the target server does not allow the user terminal to access the target medical data, it may be determined that the user terminal is not finally allowed to access the target medical data.
As yet another example, in the case where the first user allows the user terminal to access the target medical data, the target server may determine a probability that the second user leaks the user key, and if the probability is greater than a preset threshold, determine that the user terminal is not allowed to access the target medical data finally; if the probability is less than or equal to the preset threshold, determining that the user terminal is finally allowed to access the target medical data. The probability that the second user leaks the user key may be a similarity between attribute information of the second user and attribute information of the user determined to leak the user key.
The following exemplary description of the embodiments of the present disclosure, however, it should be noted that the embodiments of the present disclosure may have the features described below, but the following description does not limit the scope of protection of the embodiments of the present disclosure.
First, the medical data set is processed by an attribute encryption algorithm. Wherein the encrypted medical data (i.e., the medical data ciphertext) is associated with a set of attributes (i.e., the attribute information). The key (i.e. the user key described above) is associated with a policy (i.e. the access policy described above). Thus, different doctors (i.e. the second user) have different access rights to the data (i.e. the medical data set) of the patient (i.e. the first user).
Here, the system architecture may be composed of three parties, the first being a trusted third party as a user key generation mechanism, the second being that the patient has data (i.e. the above-mentioned medical data set) and encrypts the data attributes, and the third being that different doctors have different access rights to the encrypted data (i.e. the above-mentioned medical data ciphertext).
Specifically, firstly, a dynamic ciphertext cloud data access sharing technology supporting attribute revocation and access policy updating is realized through the following scheme:
In the above scheme of attribute encrypting a medical data set, each second user has an attribute set (i.e., attribute information), and each attribute set corresponds to a private key (i.e., the above-described user key). When a second user in the system is revoked, in order to ensure that the second user leaving the system can no longer decrypt the medical data ciphertext in the system, the access rights of the second user need to be revoked in time. According to the revocation granularity division, the problems of dynamic revocation to the second user and dynamic revocation to the attribute of the second user can be distinguished. In addition, after the data owner (i.e., the first user) encrypts its private data (i.e., the medical data ciphertext) and sends the ciphertext (i.e., the medical data set) to the server, it may be necessary to change the access policy originally specified on the ciphertext in order to dynamically adjust the access sharing rights to its private data.
Furthermore, to avoid excessive reliance and trust on a central server, multiple servers may be introduced. In the system establishment stage, the specific agreement on the attribute number of the second user is not needed, so that the scheme is easy to expand the system and has more practicability.
Secondly, an attribute encryption technique supporting traitor tracing and user revocation is implemented by:
traitor tracing problem: a tracking factor c (i.e. the user identification) is added to the user key and a unique c is assigned to each user in the system, including the second user. Once a user in the system leaks a personal user key, the system server can analyze c contained in the user key according to the obtained leaked user key, and then the user key leakage is tracked.
Aiming at the user revocation problem: security officer (Security Mediator, SEM) mechanisms were introduced. Specifically, the decryption algorithm is split into two parts. The security arbitrator server firstly performs a part of decryption on the medical data ciphertext, and then the user himself performs another part of decryption on the medical data ciphertext after the part of decryption. Here, the security broker server will be responsible for maintaining a revocation list, and only the users requesting partial decryption can decrypt without being in the revocation list.
Thirdly, the attribute encryption technology supporting offline operation and outsourcing decryption is realized through the following scheme
The server responsible for the key issuance issues private keys (i.e., the user keys described above) for all users in the system; the data owner (i.e. the first user) is responsible for encrypting the data to be shared (i.e. the medical data set); the data visitor (i.e., the second user) is responsible for decrypting the medical data ciphertext according to its private key (i.e., the user key). When the number of users in a system is large and the user keys need to be periodically updated for all users in the system, a server responsible for key issuance needs to perform a lot of computation operations densely, and thus it may become a bottleneck for system performance. The more complex the access policy that is specified when the data owner encrypts the data, the more computationally expensive it can perform the encryption operation. Similarly, when the attribute of the data visitor satisfies the access policy, the calculation cost of performing the decryption operation will also increase linearly with the number of attributes.
In order to alleviate the problem of insufficient computing power of the resource-constrained device, the real-time computing efficiency of the system is further improved, and most of computing power can be finished in an off-line/on-line mode, so that only a small computing power is required to be executed in an on-line stage. By adopting the outsourcing calculation mode, namely, most of calculation amount is executed by an outsourcing server with high performance, and the terminal equipment only needs to execute smaller calculation amount. And when the outsourcing calculation is adopted, verifying the result of the outsourcing decryption.
From time to time, the proxy re-encryption technology supporting policy updating is realized through the following scheme:
the data owner (i.e. the first user) generates a re-encryption key by combining the encryption key of the data owner (i.e. the first user) and the decryption key of the receiver (i.e. the second user) (i.e. the user key), and sends the re-encryption key to the cloud server, and the cloud server is responsible for converting the medical data ciphertext into a ciphertext suitable for decryption by the data receiver (i.e. the second user). Accordingly, the medical data set may be encrypted using a symmetric encryption algorithm to obtain the medical data ciphertext. Then, the symmetric key is encrypted by using a proxy re-encryption algorithm to obtain a key ciphertext, when a user wants to access the medical data set, the key ciphertext can be decrypted first to obtain the symmetric key, and then the medical data ciphertext is decrypted by using the symmetric key to obtain the target medical data.
Thus, in the above example, the medical data set is processed using the attribute encryption algorithm such that the medical data ciphertext is associated with the attribute information and the user key is associated with the access policy, thereby supporting traitor tracing and user revocation, and supporting attribute revocation and access policy updating.
The data access method provided in the embodiment of the present disclosure allows the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval within the target period, and if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval or the time of the user terminal requesting to access the target medical data does not fall within the target period, determines whether to allow the user terminal to access the target medical data together via both the first user and the target server. Thereby, the security of data access is further improved.
Fig. 4 is a schematic structural diagram of a data access device according to an embodiment of the present disclosure, which specifically includes:
an acquisition unit 401 configured to acquire attribute information of a second user requesting access to the medical data set of the first user;
A first determining unit 402 configured to determine target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data to which the second user has access;
a control unit 403 configured to control the user terminal of the second user to access the target medical data.
Optionally, in the apparatus of any embodiment of the disclosure, the medical data set is stored in a manner of a medical data ciphertext, the medical data ciphertext is obtained after the medical data set is processed by adopting an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the first determining unit 402 is specifically configured to:
determining a user key pre-associated with the attribute information if the attribute information satisfies the access policy;
and decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
Optionally, in an apparatus of any embodiment of the disclosure, the user key includes a user identifier; and
the device further comprises:
A second determining unit (not shown in the figure) configured to determine, if it is determined that the user key leaks, a user identifier contained in the leaked user key for user tracking.
Optionally, in the apparatus of any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting a first decryption step to obtain an intermediate decryption result, decrypting the medical data ciphertext by adopting a second decryption step through the user key to obtain target medical data in the medical data set;
wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
Optionally, in the apparatus of any embodiment of the present disclosure, the decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set;
The preset user set is a set of users without authority to access the medical data in the medical data set.
Optionally, in an apparatus of any embodiment of the disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext; and
the device further comprises:
an encryption unit (not shown) configured to encrypt the user key using a proxy re-encryption algorithm to obtain a key ciphertext; and
the apparatus further includes, before decrypting the ciphertext of the medical data using the user key to obtain the target medical data in the medical data set:
and the decryption unit is configured to decrypt the key ciphertext to obtain the user key.
Optionally, in an apparatus of any embodiment of the disclosure, the control unit 403 is specifically configured to:
allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
prohibiting the user terminal from accessing non-target medical data in the medical data set;
If the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or if the time of the user terminal requesting access to the target medical data does not fall within the target period, determining whether to allow the user terminal to access the target medical data via the first user and the target server.
The data access device provided in this embodiment may be a data access device as shown in fig. 4, and may perform all steps of the data access method shown in fig. 1-3, so as to achieve the technical effects of the data access method shown in fig. 1-3, and the detailed description will be omitted herein for brevity.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, and an electronic device 500 shown in fig. 5 includes: at least one processor 501, memory 502, at least one network interface 504, and other user interfaces 503. The various components in the electronic device 500 are coupled together by a bus system 505. It is understood that bus system 505 is used to enable connected communications between these components. The bus system 505 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various buses are labeled as bus system 505 in fig. 5.
The user interface 503 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, a trackball, a touch pad, or a touch screen, etc.).
It is to be appreciated that the memory 502 in embodiments of the present disclosure may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DRRAM). The memory 502 described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some implementations, the memory 502 stores the following elements, executable units or data structures, or a subset thereof, or an extended set thereof: an operating system 5021 and application programs 5022.
The operating system 5021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The application 5022 includes various application programs such as a Media Player (Media Player), a Browser (Browser), and the like for realizing various application services. A program implementing the method of the embodiment of the present disclosure may be included in the application 5022.
In this embodiment, the processor 501 is configured to execute the method steps provided in the method embodiments by calling a program or an instruction stored in the memory 502, specifically, a program or an instruction stored in the application 5022, for example, including:
acquiring attribute information of a second user requesting access to the medical data set of the first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data with access rights of the second user;
And controlling the user terminal of the second user to access the target medical data.
Optionally, in the method of any embodiment of the disclosure, the medical data set is stored in a manner of a medical data ciphertext, the medical data ciphertext is obtained after the medical data set is processed by adopting an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
the determining target medical data in the medical data set based on the attribute information includes:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
Optionally, in a method of any embodiment of the disclosure, the user key includes a user identifier; and
the method further comprises the following steps:
if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to carry out user tracking.
Optionally, in the method of any embodiment of the present disclosure, decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
After the medical data ciphertext is decrypted by adopting a first decryption step to obtain an intermediate decryption result, decrypting the medical data ciphertext by adopting a second decryption step through the user key to obtain target medical data in the medical data set;
wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
Optionally, in the method of any embodiment of the present disclosure, decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set;
the preset user set is a set of users without authority to access the medical data in the medical data set.
Optionally, in the method of any embodiment of the disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext; and
The method further comprises the following steps:
encrypting the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext; and
before decrypting the ciphertext of the medical data by using the user key to obtain the target medical data in the medical data set, the method further comprises:
and decrypting the key ciphertext to obtain the user key.
Optionally, in the method of any embodiment of the disclosure, the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
prohibiting the user terminal from accessing non-target medical data in the medical data set;
if the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or if the time of the user terminal requesting access to the target medical data does not fall within the target period, determining whether to allow the user terminal to access the target medical data via the first user and the target server.
The methods disclosed in the embodiments of the present disclosure described above may be applied to the processor 501 or implemented by the processor 501. The processor 501 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuitry in hardware or instructions in software in the processor 501. The processor 501 may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The various methods, steps and logic blocks of the disclosure in the embodiments of the disclosure may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present disclosure may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software elements in a decoded processor. The software elements may be located in a random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory 502, and the processor 501 reads information in the memory 502 and, in combination with its hardware, performs the steps of the method described above.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or a combination thereof. For a hardware implementation, the processing units may be implemented within one or more application specific integrated circuits (Application Specific Integrated Circuits, ASIC), digital signal processors (Digital Signal Processing, DSP), digital signal processing devices (dspev, DSPD), programmable logic devices (Programmable Logic Device, PLD), field programmable gate arrays (Field-Programmable Gate Array, FPGA), general purpose processors, controllers, microcontrollers, microprocessors, other electronic units for performing the above functions of the disclosure, or a combination thereof.
For a software implementation, the techniques described herein may be implemented by means of units that perform the functions described herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
The electronic device provided in this embodiment may be an electronic device as shown in fig. 5, and may perform all the steps of the data access method shown in fig. 1-3, so as to achieve the technical effects of the data access method shown in fig. 1-3, and the detailed description will be omitted herein for brevity.
The disclosed embodiments also provide a storage medium (computer-readable storage medium). The storage medium here stores one or more programs. Wherein the storage medium may comprise volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, hard disk, or solid state disk; the memory may also comprise a combination of the above types of memories.
When one or more programs in the storage medium are executable by one or more processors, the above-described data access method executed on the electronic device side is implemented.
The processor is configured to execute a data access program stored in the memory, so as to implement the following steps of a data access method executed on the electronic device side:
acquiring attribute information of a second user requesting access to the medical data set of the first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data with access rights of the second user;
and controlling the user terminal of the second user to access the target medical data.
Optionally, in the method of any embodiment of the disclosure, the medical data set is stored in a manner of a medical data ciphertext, the medical data ciphertext is obtained after the medical data set is processed by adopting an attribute encryption algorithm, and the medical data ciphertext is associated with an access policy of the medical data set; and
The determining target medical data in the medical data set based on the attribute information includes:
if the attribute information meets the access policy, determining a user key pre-associated with the attribute information;
and decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
Optionally, in a method of any embodiment of the disclosure, the user key includes a user identifier; and
the method further comprises the following steps:
if the user key is determined to be leaked, determining the user identification contained in the leaked user key so as to carry out user tracking.
Optionally, in the method of any embodiment of the present disclosure, decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
after the medical data ciphertext is decrypted by adopting a first decryption step to obtain an intermediate decryption result, decrypting the medical data ciphertext by adopting a second decryption step through the user key to obtain target medical data in the medical data set;
Wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
Optionally, in the method of any embodiment of the present disclosure, decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set includes:
if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set;
the preset user set is a set of users without authority to access the medical data in the medical data set.
Optionally, in the method of any embodiment of the disclosure, the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the following steps:
encrypting the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext; and
before decrypting the ciphertext of the medical data by using the user key to obtain the target medical data in the medical data set, the method further comprises:
And decrypting the key ciphertext to obtain the user key.
Optionally, in the method of any embodiment of the disclosure, the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
prohibiting the user terminal from accessing non-target medical data in the medical data set;
if the frequency of the user terminal requesting access to the target medical data does not belong to the target frequency interval, or if the time of the user terminal requesting access to the target medical data does not fall within the target period, determining whether to allow the user terminal to access the target medical data via the first user and the target server.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of function in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
While the foregoing embodiments have been described in some detail for purposes of clarity of understanding, it will be understood that the above description is by way of example only and is not intended to limit the scope of the disclosure, and that any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the disclosure are intended to be included within the scope of the disclosure.
Claims (10)
1. A method of data access, the method comprising:
acquiring attribute information of a second user requesting access to the medical data set of the first user;
determining target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data with access rights of the second user;
Controlling a user terminal of the second user to access the target medical data;
the controlling the user terminal of the second user to access the target medical data includes:
allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
the target frequency interval is determined by adopting the following method:
acquiring the frequency of accessing medical data by each user revealing the user key, and recording the minimum frequency determined by the frequency as f1;
acquiring the frequency of accessing medical data by other users except the user revealing the user key, and recording the minimum frequency obtained by the frequency as f2;
the target frequency interval is determined to be [ f2, f 1).
2. The method of claim 1, wherein the medical data set is stored as a medical data ciphertext obtained via processing the medical data set with an attribute encryption algorithm, the medical data ciphertext being associated with an access policy of the medical data set; and
the determining target medical data in the medical data set based on the attribute information includes:
Determining a user key pre-associated with the attribute information if the attribute information satisfies the access policy;
and decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set.
3. The method of claim 2, wherein the user key comprises a user identification; and
the method further comprises the steps of:
and if the user key is determined to be leaked, determining a user identifier contained in the leaked user key so as to carry out user tracking.
4. The method of claim 2, wherein decrypting the ciphertext of the medical data using the user key to obtain the target medical data in the medical data set comprises:
after the medical data ciphertext is decrypted by adopting a first decryption step to obtain an intermediate decryption result, decrypting the medical data ciphertext by adopting a second decryption step through the user key to obtain target medical data in the medical data set;
wherein the execution device of the first decryption step is different from the execution device of the second decryption step.
5. The method of claim 2, wherein decrypting the ciphertext of the medical data using the user key to obtain the target medical data in the medical data set comprises:
if the second user does not belong to the preset user set, decrypting the medical data ciphertext by adopting the user key to obtain target medical data in the medical data set;
the preset user set is a set of users without permission to access medical data in the medical data set.
6. The method according to one of claims 2 to 5, characterized in that the medical data ciphertext is generated by:
encrypting the medical data set by using the user key by adopting a symmetric encryption algorithm to obtain a medical data ciphertext; and
the method further comprises the steps of:
encrypting the user key by adopting a proxy re-encryption algorithm to obtain a key ciphertext; and
before decrypting the medical data ciphertext using the user key to obtain the target medical data in the medical data set, the method further includes:
And decrypting the key ciphertext to obtain the user key.
7. The method according to one of claims 1-5, wherein said controlling the user terminal of the second user to access the target medical data further comprises:
if the frequency of the user terminal requesting to access the target medical data does not belong to the target frequency interval, or the time when the user terminal requesting to access the target medical data is not within the target period, determining whether to allow the user terminal to access the target medical data through the first user and the target server.
8. A data access device, the device comprising:
an acquisition unit configured to acquire attribute information of a second user requesting access to the medical data set of the first user;
a first determination unit configured to determine target medical data in the medical data set based on the attribute information, wherein the target medical data is medical data to which the second user has access;
a control unit configured to control a user terminal of the second user to access the target medical data;
the controlling the user terminal of the second user to access the target medical data includes:
Allowing the user terminal of the second user to access the target medical data according to the frequency in the target frequency interval and within the target period;
the target frequency interval is determined by adopting the following method:
acquiring the frequency of accessing medical data by each user revealing the user key, and recording the minimum frequency determined by the frequency as f1;
acquiring the frequency of accessing medical data by other users except the user revealing the user key, and recording the minimum frequency obtained by the frequency as f2;
the target frequency interval is determined to be [ f2, f 1).
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in said memory, and which, when executed, implements the method of any of the preceding claims 1-7.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of the preceding claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210733520.8A CN115174175B (en) | 2022-06-24 | 2022-06-24 | Data access method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210733520.8A CN115174175B (en) | 2022-06-24 | 2022-06-24 | Data access method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115174175A CN115174175A (en) | 2022-10-11 |
| CN115174175B true CN115174175B (en) | 2024-03-22 |
Family
ID=83487020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210733520.8A Active CN115174175B (en) | 2022-06-24 | 2022-06-24 | Data access method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174175B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101379507A (en) * | 2006-01-31 | 2009-03-04 | 皇家飞利浦电子股份有限公司 | Role-based access control |
| KR20120041904A (en) * | 2010-10-22 | 2012-05-03 | 동국대학교 경주캠퍼스 산학협력단 | Proxy based privilege management method and apparatus for accessing health data in cloud computing environment |
| CN111901302A (en) * | 2020-06-28 | 2020-11-06 | 石家庄铁道大学 | Medical information attribute encryption access control method based on block chain |
| CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN113642024A (en) * | 2021-08-30 | 2021-11-12 | 西安邮电大学 | Block chain-based medical data fine-grained management method and system |
| CN114584295A (en) * | 2022-03-01 | 2022-06-03 | 南京大学 | Universal black box traceable method and device for attribute-based proxy re-encryption system |
-
2022
- 2022-06-24 CN CN202210733520.8A patent/CN115174175B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101379507A (en) * | 2006-01-31 | 2009-03-04 | 皇家飞利浦电子股份有限公司 | Role-based access control |
| KR20120041904A (en) * | 2010-10-22 | 2012-05-03 | 동국대학교 경주캠퍼스 산학협력단 | Proxy based privilege management method and apparatus for accessing health data in cloud computing environment |
| CN111901302A (en) * | 2020-06-28 | 2020-11-06 | 石家庄铁道大学 | Medical information attribute encryption access control method based on block chain |
| CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN113642024A (en) * | 2021-08-30 | 2021-11-12 | 西安邮电大学 | Block chain-based medical data fine-grained management method and system |
| CN114584295A (en) * | 2022-03-01 | 2022-06-03 | 南京大学 | Universal black box traceable method and device for attribute-based proxy re-encryption system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115174175A (en) | 2022-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11770368B2 (en) | Techniques for shared private data objects in a trusted execution environment | |
| US10735202B2 (en) | Anonymous consent and data sharing on a blockchain | |
| Sajid et al. | Data privacy in cloud-assisted healthcare systems: state of the art and future challenges | |
| US11239994B2 (en) | Techniques for key provisioning in a trusted execution environment | |
| Fabian et al. | Collaborative and secure sharing of healthcare data in multi-clouds | |
| US9356936B2 (en) | Method and apparatus for managing access to electronic content | |
| US20220286448A1 (en) | Access to data stored in a cloud | |
| US20120167197A1 (en) | Enabling granular discretionary access control for data stored in a cloud computing environment | |
| US9275249B1 (en) | Accelerated encrypted database operations | |
| Dias et al. | A blockchain-based scheme for access control in e-health scenarios | |
| Dias et al. | Blockchain for access control in e-health scenarios | |
| Sangeetha et al. | Multi keyword searchable attribute based encryption for efficient retrieval of health Records in Cloud | |
| US9137014B2 (en) | Systems and methods for controlling electronic document use | |
| Zaghloul et al. | $ d $ d-MABE: Distributed Multilevel Attribute-Based EMR Management and Applications | |
| Ikuomola et al. | Securing patient privacy in e-health cloud using homomorphic encryption and access control | |
| US11425143B2 (en) | Sleeper keys | |
| CN115174175B (en) | Data access method, device, electronic equipment and storage medium | |
| Kandasamy et al. | Flexible access control for outsourcing personal health services in cloud computing using hierarchical attribute set based encryption | |
| US11205223B2 (en) | Blockchain-based service processing methods and apparatuses | |
| Yousuf et al. | Security and privacy concerns for blockchain while handling healthcare data | |
| JP7465043B2 (en) | Method and apparatus for purpose-specific access control based on data encryption - Patents.com | |
| Elmogazy et al. | Securing Healthcare Records In The Cloud Using Attribute-Based Encryption. | |
| Kiran Dash et al. | An approach to securely store electronic health record (EHR) using blockchain with proxy re-encryption and behavioral analysis | |
| Samet et al. | Privacy-preserving personal health record (p3hr) a secure android application | |
| Masood et al. | A blockchain-based system for patient data privacy and security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |