CN115314225A - Electronic medical record sharing and verifiable system based on block chain - Google Patents
Electronic medical record sharing and verifiable system based on block chain Download PDFInfo
- Publication number
- CN115314225A CN115314225A CN202210958197.4A CN202210958197A CN115314225A CN 115314225 A CN115314225 A CN 115314225A CN 202210958197 A CN202210958197 A CN 202210958197A CN 115314225 A CN115314225 A CN 115314225A
- Authority
- CN
- China
- Prior art keywords
- medical record
- knowledge proof
- data
- electronic medical
- medical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 claims abstract description 27
- 230000002452 interceptive effect Effects 0.000 claims abstract description 4
- 238000000034 method Methods 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 claims description 9
- 201000010099 disease Diseases 0.000 claims description 5
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000010845 search algorithm Methods 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 3
- 230000036541 health Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 239000003814 drug Substances 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000002059 diagnostic imaging Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/88—Medical equipments
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Primary Health Care (AREA)
- Public Health (AREA)
- Epidemiology (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The invention discloses a block chain-based electronic medical record sharing and verifiable system, which comprises the steps of firstly, constructing a user identity authentication system by using zk-SNARK (simple non-interactive zero knowledge proof), and improving the privacy and anonymity of user identity; secondly, a lattice searchable encryption scheme based on the improved Merkle-Tree is provided, and searchable encryption of the electronic medical record is realized by using a lattice public key searchable encryption (NTRU-PEKS) algorithm; on the basis, double verification of a search scheme is constructed through an intelligent contract and a merkel hash tree (NR-MHT) based on digital ranking; finally, corresponding encrypted data are outsourced to an interplanetary file system (IPFS) so as to reduce the storage cost; the invention can improve the sharing efficiency of the electronic medical records, increase the integrity of the electronic medical records and reduce the possibility of being attacked maliciously.
Description
Technical Field
The invention relates to the field of block chains and electronic medical records, in particular to an electronic medical record sharing and verifiable system based on the block chains.
Background
In recent years, with the rapid development of hospital informatization, various medical information systems have been built. Paper medical records and medical imaging data have begun to translate into computer-stored electronic data. Although the advantages of cloud-assisted electronic medical systems are apparent, there are inevitably some sharing and privacy issues. The administrative work typically responsible for electronic health systems is the medical institution at which the patient is attending a medical visit. Thus, the pre-processing and storage procedures of the EMR are typically performed by the hospital authorized by the patient. The patient can only access the EMR during interaction with the hospital. Meanwhile, because these centralized medical information centers lack reliable platforms for sharing medical data, if a patient goes from one hospital to another hospital for treatment, the efficiency of accessing electronic medical records by doctors and patients is low due to information isolation. Besides the difficulty in sharing and the easiness in forming an information island, a centralized storage mode is also vulnerable to malicious attacks by hackers or data stealing by internal staff, so that irreparable loss is caused. Therefore, the safety sharing and integrity protection of the electronic medical record are problems to be solved urgently
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide an electronic medical record sharing and verifiable system based on a block chain, so as to improve the shareability of electronic medical records in different hospitals, improve the searching efficiency of encrypted electronic medical records and improve the integrity of the electronic medical records.
To achieve the above object, an embodiment of the present invention provides an electronic medical record sharing and verifiable system based on a block chain, which includes five entity portions: hospital Information Center (HIC), data Owner (DO), data consumer (DU), smart Contract (SC), IPFS;
the Hospital Information Center (HIC) is composed of a hospital information department or a health department and is mainly responsible for deploying and initializing an intelligent contract, generating a public and private key pair, registering a qualified doctor (a supervisor) to the intelligent contract, operating an algorithm, verifying zero-knowledge proof and corresponding computing operation;
the data owner mainly plays a role in generating electronic medical records for patients and doctors (or hospital-related personnel), calculating electronic medical record ciphertext and keyword ciphertext indexes, and uploading the keyword indexes to the HIC;
the data user obtains the authorized role of the patient, such as the patient himself, a doctor in a hospital, a nurse, a researcher and the like, and the main task is to calculate the keyword which the user wants to search into a search trapdoor, search medical records and verify the integrity of the medical records;
the intelligent contract performs patient and doctor registration, uploads encrypted medical records to the IPFS, verifies data integrity, and performs the above functions through a predefined process;
the IPFS server is used for storing the encrypted file of the electronic medical record, returning the hash address of the uploaded encrypted medical record to the intelligent contract SC, inputting the address, and returning the ciphertext to the data user by the IPFS.
Specifically, the electronic medical record sharing and verifiable system based on the block chain comprises the following steps:
s1: registering a patient and medical personnel meeting the conditions with the HIS, and generating a zero-knowledge proof pi by the HIS by using a zk-SNARKs technology;
s2: after treatment, DO generates electronic medical record EMR, index algorithm PEKS () is used, after index extraction, NR-MHT is used for constructing a Merkle tree;
s3: after the step S2, the DO uses the public key pk to execute an encryption algorithm Encrypt on the medical data EMR to obtain a ciphertext D Emr And then ciphertext D Emr Storing to an IPFS server to realize the 'down-link' storage of medical data;
s4: the DO submits a transaction to the blockchain network, and executes a digital signature algorithm AuthSign to sign the transaction, wherein the transaction records a hash value of the medical data so as to realize the 'on-chain' storage of the medical data;
s5: when the user and the medical care personnel need to retrieve the electronic disease duration, the identity of the user and the medical care personnel needs to be firstly verified: firstly, constructing a digital circuit C according to the calculation requirement of the intelligent contract, then executing a zero-knowledge proof generation algorithm pro based on medical data of the user to generate a credible zero-knowledge proof pi, and submitting the credible zero-knowledge proof pi to the intelligent contract for verification:
s6: after the DU submits the zero knowledge proof pi to the intelligent contract, the intelligent contract automatically verifies whether the zero knowledge proof pi submitted by the patient, the hash value are consistent with the zero knowledge proof pi ', the result set R ' and the hash value h ' stored by the intelligent contract through a zero knowledge proof verification algorithm Verify;
s7: if the zero knowledge proof passes the verification, DU inputs a keyword w' to be retrieved, a trapdoor generation algorithm is operated to generate a trapdoor tw, the trapdoor tw is uploaded to HIC, the HIC executes a search algorithm, and then a result d is output;
s8: in order to ensure the integrity of the medical record, two times of verification are required; for the first time: when the smart contract is received, verify () function is executed, and the hash of HIC returned to DU is checked' ipfs Whether the hash address is the same as the hash address stored in MapAddr or not; the second verification is Merkle tree verification, and the medical record file can be returned to the DU after the two verifications are passed.
Has the advantages that:
compared with the prior art, the invention has the following beneficial effects:
1. compared with the traditional electronic medical record storage scheme, the invention provides a solution for data sharing and integrity by using the block chain technology;
2. compared with the electronic medical record sharing system based on the block chain, the electronic medical record sharing system based on the block chain has the advantages that a searchable encryption scheme based on grids is added, and the quantum attack resistance is realized on the premise of encrypted medical record searching;
3. compared with the medicine tracing method based on the block chain, the method adopts the double verification of the merkel tree based on digital sequencing and the intelligent contract, so that the integrity of the electronic medical record is improved;
4. compared with the method which also uses the block chain-based medicine source tracing, the method uses the simple non-interactive zero-knowledge proof to verify the identity of the participating user.
Drawings
FIG. 1 is a flowchart of an electronic medical record sharing and verifiable system based on block chain technology according to an embodiment of the present invention;
fig. 2 is a system diagram of an electronic medical record sharing and verifiable system based on the block chain technology according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In one embodiment of the invention, a blockchain-based electronic medical record sharing to verifiable systems is provided. Specifically, a zk-SNARK (simple non-interactive zero knowledge proof) is firstly used for constructing a user identity authentication system in an electronic medical record sharing system, so that the privacy and anonymity of the user identity are improved; a lattice searchable encryption scheme based on an improved Merkle-Tree is provided, and searchable encryption of the electronic medical record is realized by using a lattice public key searchable encryption (NTRU-PEKS) algorithm; on the basis, double verification of a search scheme is constructed through an intelligent contract and a merkel hash tree (NR-MHT) based on digital ranking, and finally corresponding encrypted data is outsourced to an interplanetary file system (IPFS) so as to reduce storage cost. Specifically, the method can be realized by the following steps:
s1: registering a patient and medical personnel meeting the conditions with the HIS, and generating a zero-knowledge proof by the HIS by using a zk-SNARKs technology;
specifically, the step S1 includes system initialization, registration, and zk-SNRAKs zero knowledge proof generation, which are three stages:
in the system initialization stage, a second power integer N and a prime number q are given, and parameters are selected
Wherein
Running key generationAlgorithm KeyGen (q, N) → (pk, sk), exports public and private keys (pk, sk):
pk=h=g*f -1 modq
in the registration stage, after intelligent contracts are deployed in a block chain by a hospital information center HIC, relevant users can be registered;
furthermore, for a patient, the identity card number of the patient needs to be provided, after the intelligent contract function Adducter () judges that the user is a new user, a 'successful registration' message is popped up to complete registration, and the unique ID information ID is mapped u Otherwise, popping up a failure message. For hospital doctors or medical staff who have been authorized, the hospital information center HIC automatically registers them in the system and also generates the user ID information ID u 。
Generating zk-SNRAKs zero knowledge proof stage, when DU wants to search medical record information, DU needs to verify own identity;
specifically, the user ID u A time stamp T, and a random number r, to generate a patient digital signature Sig z =sign(ID u T, r) while generating a secret key p from zero knowledge rove k, electronic medical record Emr, patient digital signature. By the save calculation:
Prove(p rove k,Emr,Sig z )→π
s2: after treatment, DO generates electronic medical record EMR, index algorithm PEKS () is used, after index extraction, NR-MHT is used for constructing a Merkle tree;
specifically, the step is divided into two stages of generating indexes and constructing NR-MHT:
an index generation stage which is a searchable index generation stage, when a patient finishes diagnosis, a doctor generates a plaintext electronic medical record Emr, extracts keywords, and generates search indexes according to the keywords of the files;
in particular, a hash function is given
And
public key pk, keyword w ∈ {0,1} * Algorithm output searchable ciphertext I w 。
Constructing an NR-MHT phase by generating a Merck tree based on a digital ranking and signing a Merkle tree root;
specifically, the DO first divides the medical record file Emr into s sub-files, i.e., emr = { M = { (M) } i } i∈[1,n] ={m ij } i∈[1,n],j∈[1,s] (ii) a After the data processing is finished, the DO constructs an NR-MHT tree comprising N leaf nodes, and each leaf node of the tree structure stores electronic medical record subfiles, namely the leaf node N i The subfile of (a) is M i =(m i1 ,m i2 ,…m is ) Leaf node N i Has a hash value of h 1i =H(m i1 ||m i2 ||…||m is I | | s | | | i), where s is a number and i is a sequence number ranking;
further, the data owner calculates the signature Sig of the Merkle root R I.e. by
H R Is the hash value of the Merkle root and sign is the signature generation algorithm of BLS.
S3: after step S2, the DO uses the public key pk to execute an encryption algorithm Encrypt () on the medical data EMR to obtain a ciphertext D Emr And then ciphertext D Emr Storing to an IPFS server to realize the 'down-link' storage of medical data;
specifically, the data owner runs an encryption algorithm to encrypt the bright Wen Dianzi medical record Emr into a ciphertext file D Emr For ciphertext file D Emr Number, generate Emr i Num (ii) a After numbering is finished, the electronic medical record D is encrypted Emr Uploading the IPFS server, and returning the hash address hash of the encrypted file by the IPFS ipfs The hash address is then hashed ipfs Matching with encrypted medical record number to construct mapping structure MapAddr={hash ipfs ||Emr i Num And simultaneously using a hash function to perform hash operation on the encrypted medical record: h (D) Emr )→hash Emr And the hash is paired with the private key sk of the patient Emr Signature Sig (hash) Emr )。
S4: the DO submits a transaction to the blockchain network, and executes a digital signature algorithm AuthSign () to sign the transaction, wherein the transaction records the hash value of the medical data so as to realize the 'on-chain' storage of the medical data;
in particular, index I will be searched w Map Address MapAddr, encrypted e-disease Hash value hash Emr Signature Sig (hash) Emr ) And forming a transaction list: tx add =(hash Emr ,MapAddr,I w ,Sig(hash Emr ) To ensure transaction invariability after confirmation by the consensus algorithm.
S5: when the user and the medical care personnel need to retrieve the electronic disease duration, the identity of the user and the medical care personnel needs to be firstly verified: firstly, constructing a digital circuit C according to the calculation requirement of an intelligent contract, then executing a zero-knowledge proof generation algorithm pro based on medical data of the user to generate a credible zero-knowledge proof pi, and submitting the credible zero-knowledge proof pi to the intelligent contract for verification;
s6: after the DU submits the zero knowledge proof pi to the intelligent contract, the intelligent contract automatically verifies whether the zero knowledge proof pi and the hash value h 'submitted by the patient are consistent with the zero knowledge proof pi', the result set R 'and the hash value h' stored by the intelligent contract through a zero knowledge proof verification algorithm Verify ();
s7: if the zero knowledge proof passes the verification, DU inputs a keyword w' to be retrieved, a trapdoor generation algorithm is operated to generate a trapdoor tw, the trapdoor tw is uploaded to HIC, the HIC executes a search algorithm, and then a result d is output;
specifically, the step is divided into a trapdoor generation stage and a search stage:
in the trap door generation phase, when a DU wishes to search for some electronic diseases, the DU firstly authenticates itself to the system and obtains a search trap door after the authorization of the intelligent contract;
further, privacy is givenThe key sk, and the keyword w' e {0,1} * DU calculates keyword hash t ← H (w'), using gaussian original image sampling algorithm to calculate (s, t) w ) ← (B, σ, (t, 0)), and output a trapdoor t w 。
Search phase, given public key pk, trapdoor t w And searching the ciphertext index I w =<A,B,H 2 (k,B)>Calculating
If H is present 2 (y,c 1 )=H 2 (k,c 1 ) If yes, outputting d =1, otherwise, outputting d =0;
if Test (pk, t) w ,s w ) When the output is 1, the medical record is successfully retrieved, the intelligent contract checking function is triggered, when the verification is passed, the HIC system finds the hash address corresponding to the ciphertext through the address mapping MapAddr, the address is retrieved to the IPFS server, and the IPFS returns the encrypted electronic medical record.
S8: in order to ensure the integrity of the medical record, two times of verification are required; for the first time: when the smart contract is received, verify () function is executed, and the hash of HIC returned to DU is checked' ipfs Whether the hash address is the same as the hash address stored in MapAddr or not; the second verification is Merkle tree verification, and the medical record file can be returned to the DU after the two verifications are passed.
Specifically, the Merkle tree verification process is as follows: DU first randomly selects an integer i in the integer set {1,2, …, n }, i.e.
Then, DU searches medical record subfile M needing verification i =(m i1 ,m i2 ,…,m is ) And corresponding auxiliary authentication information
(same as the classical Merkle tree secondary authentication information construction), including from leaf node N i All hash values, relative numbering and ordering on the path to the Merkle root, from which a new Merkle root H 'is reconstructed' R (ii) a If H cannot be satisfied simultaneously R =H′ R And H' R Sig of R The signature is correct and the system returns an error identification.
Although the present invention has been described with reference to the above embodiments, it should be understood that the present invention is not limited to the above embodiments, and those skilled in the art can make various changes and modifications without departing from the scope of the present invention.
Claims (5)
1. An electronic medical record sharing and verifiable system based on a block chain is characterized by comprising the following steps:
s1: registering a patient and medical personnel meeting the conditions with the HIS, and generating a zero-knowledge proof pi by the HIS by using a zk-SNARKs technology;
s2: after treatment, DO generates electronic medical record EMR, index algorithm PEKS () is used, after index extraction, NR-MHT is used for constructing a Merkle tree;
s3: after the step S2, the DO uses the public key pk to execute an encryption algorithm Encrypt () on the medical data EMR to obtain a ciphertext D Emr And then cipher text D Emr Storing to an IPFS server to realize the 'down-link' storage of medical data;
s4: the DO submits a transaction to the blockchain network, and executes a digital signature algorithm AuthSign () to sign the transaction, wherein the transaction records the hash value of the medical data so as to realize the 'on-chain' storage of the medical data;
s5: when the user and the medical care personnel need to retrieve the electronic disease duration, the identity of the user and the medical care personnel needs to be firstly verified: firstly, constructing a digital circuit C according to the calculation requirement of an intelligent contract, then executing a zero-knowledge proof generation algorithm pro based on medical data of the user to generate a credible zero-knowledge proof pi, and submitting the credible zero-knowledge proof pi to the intelligent contract for verification;
s6: after the DU submits the zero knowledge proof pi to the intelligent contract, the intelligent contract automatically verifies whether the zero knowledge proof pi and the hash value h 'submitted by the patient are consistent with the zero knowledge proof pi', the result set R 'and the hash value h' stored by the intelligent contract through a zero knowledge proof verification algorithm Verify ();
s7: if the zero knowledge proof passes the verification, DU inputs a keyword w' to be retrieved, a trapdoor generation algorithm is operated to generate a trapdoor tw, the trapdoor tw is uploaded to HIC, the HIC executes a search algorithm, and then a result d is output;
s8: in order to ensure the integrity of the medical record, two times of verification are required; for the first time: when the smart contract is received, verify () function is executed, and the hashi 'of HIC returned to DU is checked' pfs Whether the hash address is the same as the hash address stored in MapAddr or not; the second verification is Merkle tree verification, and the medical record file can be returned to the DU after the two verifications are passed.
2. A block chain-based electronic medical record sharing and verifiable system is characterized by comprising five parts: hospital Information Center (HIC), data Owner (DO), data User (DU), smart Contract (SC), IPFS;
the Hospital Information Center (HIC) is composed of a hospital information department or a health department and is mainly responsible for deploying and initializing an intelligent contract, generating a public and private key pair, registering a qualified doctor (a supervisor) to the intelligent contract, operating an algorithm, verifying zero-knowledge proof and corresponding computing operation;
the data owner mainly plays a role in generating electronic medical records for patients and doctors (or hospital-related personnel), calculating electronic medical record ciphertext and keyword ciphertext indexes, and uploading the keyword indexes to the HIC;
the data user obtains the authorized role of the patient, such as the patient himself, a doctor in a hospital, a nurse, a researcher and the like, and the main task is to calculate the keyword which the user wants to search into a search trapdoor, search medical records and verify the integrity of the medical records;
the intelligent contract performs patient and doctor registration, uploads encrypted medical records to the IPFS, verifies data integrity, and performs the above functions through a predefined process;
the IPFS server is used for storing the encrypted file of the electronic medical record, returning the hash address of the uploaded encrypted medical record to the intelligent contract SC, inputting the address, and returning the ciphertext to the data user by the IPFS.
3. The sharing and verifiable system of step S1 based on the blockchain technique of claim 1, wherein the zk-SNARKs technique is: non-interactive zero knowledge proof.
4. The step S2 of the system for sharing and verifiable based on block chain technology of claim 1 is characterized in that the NR-MHT technology is based on a numeric ranking Merkle hash tree, each leaf node of a classical MHT (Merkle hash tree) can only maintain one data block, and each leaf node of the NR-MHT can store a plurality of data blocks.
5. The block chain technology-based sharing and verifiable system step S7 of claim 1, wherein said search algorithm is lattice-based searchable encryption (NTRU-PEKS).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210958197.4A CN115314225A (en) | 2022-08-08 | 2022-08-08 | Electronic medical record sharing and verifiable system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210958197.4A CN115314225A (en) | 2022-08-08 | 2022-08-08 | Electronic medical record sharing and verifiable system based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115314225A true CN115314225A (en) | 2022-11-08 |
Family
ID=83860870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210958197.4A Pending CN115314225A (en) | 2022-08-08 | 2022-08-08 | Electronic medical record sharing and verifiable system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115314225A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109409100A (en) * | 2018-09-10 | 2019-03-01 | 北京航空航天大学 | Information storage and shared platform applied to medical data |
| US20210287770A1 (en) * | 2020-03-10 | 2021-09-16 | Lumedic Acquisition Co, Inc. | Electronic patient credentials |
| CN114021164A (en) * | 2021-10-29 | 2022-02-08 | 河南大学 | Block chain-based credit investigation system privacy protection method |
| CN114143080A (en) * | 2021-11-30 | 2022-03-04 | 兰州理工大学 | Block chain data privacy protection and sharing method based on zero knowledge proof |
| US11282139B1 (en) * | 2013-06-28 | 2022-03-22 | Gemini Ip, Llc | Systems, methods, and program products for verifying digital assets held in a custodial digital asset wallet |
| CN114567465A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | Searchable encryption method for classified medical data based on block chain |
| CN114610815A (en) * | 2022-03-29 | 2022-06-10 | 西南石油大学 | Knowledge graph storage system based on block chain |
-
2022
- 2022-08-08 CN CN202210958197.4A patent/CN115314225A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11282139B1 (en) * | 2013-06-28 | 2022-03-22 | Gemini Ip, Llc | Systems, methods, and program products for verifying digital assets held in a custodial digital asset wallet |
| CN109409100A (en) * | 2018-09-10 | 2019-03-01 | 北京航空航天大学 | Information storage and shared platform applied to medical data |
| US20210287770A1 (en) * | 2020-03-10 | 2021-09-16 | Lumedic Acquisition Co, Inc. | Electronic patient credentials |
| CN114021164A (en) * | 2021-10-29 | 2022-02-08 | 河南大学 | Block chain-based credit investigation system privacy protection method |
| CN114143080A (en) * | 2021-11-30 | 2022-03-04 | 兰州理工大学 | Block chain data privacy protection and sharing method based on zero knowledge proof |
| CN114567465A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | Searchable encryption method for classified medical data based on block chain |
| CN114610815A (en) * | 2022-03-29 | 2022-06-10 | 西南石油大学 | Knowledge graph storage system based on block chain |
Non-Patent Citations (4)
| Title |
|---|
| HAIPING HUANG ECT.: "Blockchain-based eHealth system for auditable EHRs manipulation in cloud environments", 《J. PARALLEL DISTRIB. COMPUT.》, 5 October 2020 (2020-10-05) * |
| JIN SUN ECT.: "Blockchain-Based Secure Storage and Access Scheme For Electronic Medical Records in IPFS", JIN SUN ECT., 24 March 2020 (2020-03-24) * |
| 孙萌;王昀飚;: "基于区块链的可追踪匿名电子投票方案", 网络空间安全, no. 09, 25 September 2019 (2019-09-25) * |
| 李佩丽;徐海霞;: "区块链用户匿名与可追踪技术", 电子与信息学报, no. 05, 15 May 2020 (2020-05-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | Blockchain-based secure storage and access scheme for electronic medical records in IPFS | |
| CN107105041B (en) | One medical big data management system and method based on block chain | |
| CN111914027B (en) | Block chain transaction keyword searchable encryption method and system | |
| CN106330865B (en) | The attribute base keyword searching method efficiently cancelled and cloud computing application system are supported under cloud environment | |
| Lee et al. | Medical blockchain: Data sharing and privacy preserving of EHR based on smart contract | |
| Ying et al. | A lightweight policy preserving EHR sharing scheme in the cloud | |
| CN110910977A (en) | Medical data safe storage method integrated with block chain technology | |
| Soni et al. | Blockchain Implementation for Privacy preserving and securing the Healthcare data | |
| CN109117662B (en) | Block chain-based electronic medical record security searching method | |
| CN109088719B (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
| Qin et al. | A secure storage and sharing scheme of stroke electronic medical records based on consortium blockchain | |
| CN108092766A (en) | A kind of cipher text searching method for verifying authority and its system | |
| Fan et al. | Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting | |
| Mishra et al. | DS-Chain: A secure and auditable multi-cloud assisted EHR storage model on efficient deletable blockchain | |
| Ge et al. | Verifiable keyword search supporting sensitive information hiding for the cloud-based healthcare sharing system | |
| Bhadula et al. | Hybrid Blockchain and IPFS for Secure Industry 4.0 Framework of IoT-based Skin Monitoring System | |
| Al Baqari et al. | Biometric-based blockchain ehr system (bbehr) | |
| Xue et al. | Blockchain-based fair and fine-grained data trading with privacy preservation | |
| CN113889208B (en) | Block chain-based on-and-off-chain medical data sharing method, device and equipment | |
| Prabha et al. | Securing telecare medical information system with blockchain technology | |
| CN115412259B (en) | Block chain-based cloud health system searchable proxy signcryption method and product | |
| Gan et al. | An encrypted medical blockchain data search method with access control mechanism | |
| CN115314225A (en) | Electronic medical record sharing and verifiable system based on block chain | |
| Liu et al. | A Blockchain-based normalized searchable encryption system for medical data | |
| CN110660450A (en) | Safety counting query and integrity verification device and method based on encrypted genome data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |