CN115879153B - Case history access method based on block chain - Google Patents
Case history access method based on block chain Download PDFInfo
- Publication number
- CN115879153B CN115879153B CN202211618207.6A CN202211618207A CN115879153B CN 115879153 B CN115879153 B CN 115879153B CN 202211618207 A CN202211618207 A CN 202211618207A CN 115879153 B CN115879153 B CN 115879153B
- Authority
- CN
- China
- Prior art keywords
- client
- ciphertext
- identity
- hash
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 7
- 230000006870 function Effects 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 6
- 230000009286 beneficial effect Effects 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000004422 calculation algorithm Methods 0.000 abstract description 3
- 238000003745 diagnosis Methods 0.000 abstract description 2
- 238000004891 communication Methods 0.000 description 5
- 208000003443 Unconsciousness Diseases 0.000 description 3
- 238000013475 authorization Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The application discloses an electronic medical record access method based on a blockchain, which verifies the authority of doctors and patients through a hash algorithm and a registration authority array, and particularly improves the speed-up and the diagnosis efficiency when the number of registered patients and doctors is huge; the user privacy data is stored safely and anonymously through the IPFS network and the blockchain network, so that data leakage is prevented; in addition, the electronic medical record access mode of the method is flexible, the electronic medical record can be accessed through the custom key of the patient, when the patient forgets, the electronic medical record can be accessed through the private key stored by the client, in an emergency, the plaintext electronic medical record of the patient can be obtained under the condition that the private key of the patient is not exposed through the encryption technology, and the method is more beneficial to timely and accurately providing treatment for the patient in cooperation with efficient authority verification.
Description
Technical Field
The application relates to the technical field of data processing, in particular to an electronic medical record access method based on a blockchain.
Background
The electronic medical record is a system for recording patient medical record information in an electronic mode. It has many advantages over traditional paper medical records, such as faster, more convenient, safer, more efficient, etc. The electronic medical record can record and manage the medical record information of the patient through a computer system or mobile equipment, and can be checked, updated and reported anytime and anywhere.
Although electronic medical records have many advantages, because electronic medical record information is stored electronically, if a system fails or is under network attack, the risk of information loss or leakage may be created. To avoid this occurrence, hospitals and doctors need to take effective security measures such as encrypted storage, authorized access mechanisms, and the like.
Meanwhile, because the hospital service scene is very complex and life safety is concerned, the authorized access mechanism of the electronic medical record should not be stiff and rigid, for example, in case that a patient forgets an authorized key or an emergency, a doctor should also be able to access the original medical record of the patient in time, and meanwhile, the private information of the patient cannot be exposed.
Disclosure of Invention
The application aims at overcoming the defects of the prior art and provides an electronic medical record access method based on a blockchain.
In one aspect, the application provides a blockchain-based electronic medical record access method, which comprises the following steps:
the second client acquires a first identity and a second identity and verifies the first identity and the second identity; the second client calculates hash values for the first identity identifier and the second identity identifier respectively by using a first hash function, a second hash function and a third hash function, and when the hash values corresponding to the values at the corresponding positions of the authority array are all larger than 0, the verification is confirmed to be successful; the permission array is maintained updated in the blockchain network by an authentication center.
When the authority array is registered, acquiring a registration identity; calculating hash values of the registered identity by using the first hash function, the second hash function and the third hash function respectively, mapping the hash values to three corresponding positions in the authority array, and adding one operation to the stored values of the positions; each storage value in the authority array defaults to 0; when the authority array logs out, acquiring a log-out identity; and calculating hash values of the logout identity marks by using the first hash function, the second hash function and the third hash function respectively, mapping the hash values to three corresponding positions in the authority array, and subtracting one operation from the stored values of the positions.
The second client sends a request to the blockchain network according to the first identity identifier, and a first hash and a second hash are obtained; and the second client sends a request to the IPFS network according to the first hash and the second hash to acquire a first ciphertext and a second ciphertext.
The second client acquires a first symmetric key; and the second client decrypts the first ciphertext by using the first symmetric key to obtain a plaintext electronic medical record.
Preferably, the second client obtains the first symmetric key, which specifically includes:
the second client acquires a first private key; and the second client decrypts the second ciphertext by using the first private key to obtain the first symmetric key.
Preferably, the first client side also generates an asymmetric homomorphic encryption public key and an asymmetric homomorphic encryption private key according to the first identity identifier; the first client encrypts the first private key according to the asymmetric homomorphic encryption public key to generate a third ciphertext; the first client encrypts the first identity mark according to the asymmetric homomorphic encryption public key to generate an anonymous mark; and the first client encapsulates the anonymous identifier and the third ciphertext into a transaction, signs the transaction by using the first private key, and then issues the transaction to the blockchain network.
Preferably, the second client obtains the first symmetric key, which specifically includes:
the second client generates the asymmetric homomorphic encryption public key and the asymmetric homomorphic encryption private key according to the first identity identifier; the second client encrypts the first identity mark according to the asymmetric homomorphic encryption public key to obtain the anonymous mark; the second client initiates a request to the blockchain network according to the anonymous identifier to acquire the third ciphertext; the second client encrypts the second public key according to the asymmetric homomorphic encryption public key to obtain the fourth ciphertext; the second client encapsulates the second ciphertext, the third ciphertext and the fourth ciphertext into transactions, signs the transactions with the second private key, and then issues the transactions to the blockchain network for re-encryption operation to obtain a fifth ciphertext; the second client decrypts the fifth ciphertext according to the asymmetric homomorphic encryption private key to obtain a sixth ciphertext; and the second client decrypts the sixth ciphertext according to the second private key to obtain the first symmetric key.
In one aspect the application provides a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the method of one aspect of the application.
An aspect of the present application provides a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of the above aspect.
The blockchain-based electronic medical record access method provided by the application verifies the authority of doctors and patients through the hash algorithm and the registration authority array, and particularly, when the number of registered patients and doctors is huge, the speed is obviously increased, and the treatment efficiency is improved; the user privacy data is stored safely and anonymously through the IPFS network and the blockchain network, so that data leakage is prevented; in addition, the electronic medical record access mode of the method is flexible, the electronic medical record can be accessed through the custom key of the patient, when the patient forgets, the electronic medical record can be accessed through the private key stored by the client, in an emergency, the plaintext electronic medical record of the patient can be obtained under the condition that the private key of the patient is not exposed through the encryption technology, and the method is more beneficial to timely and accurately providing treatment for the patient in cooperation with efficient authority verification.
Drawings
In order to more clearly illustrate the embodiments of the application or the prior art solutions, the drawings which are used in the description of the embodiments or the prior art will be briefly described below, it being obvious that the drawings in the description below are only some of the embodiments described in the present application, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a flowchart of a blockchain-based electronic medical record access method according to an embodiment of the present application;
FIG. 2 is a flow chart of a method for accessing an electronic medical record in an emergency where a first symmetric key and a first private key cannot be directly obtained according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, a flowchart of a blockchain-based electronic medical record access method according to an embodiment of the application is shown in fig. 1.
A blockchain-based electronic medical record access method, the method comprising:
step S101: the second client acquires a first identity and a second identity and verifies the first identity and the second identity; the second client calculates hash values for the first identity identifier and the second identity identifier respectively by using a first hash function, a second hash function and a third hash function, and when the hash values corresponding to the values at the corresponding positions of the authority array are all larger than 0, the verification is confirmed to be successful; the permission array is maintained updated in the blockchain network by an authentication center.
The first identity mark can be the identity mark of a patient, and the second identity mark can be the identity mark of a doctor; the first hash function, the second hash function, and the third hash function represent three different hash functions, respectively.
Specifically, before using the blockchain to control access to the electronic medical record, the patient may register at the first client using the first identity, and after the first identity is authenticated by the authentication center, the authentication center may issue the first identity into the blockchain network and map the first identity into the permission array. Similarly, the doctor can register at the second client by using the second identity, and after the second identity is authenticated by the authentication center, the authentication center can issue the second identity to the blockchain network and map the second identity to the authority array.
When the authority array is registered, acquiring a registration identity; calculating hash values of the registered identity by using the first hash function, the second hash function and the third hash function respectively, mapping the hash values to three corresponding positions in the authority array, and adding one operation to the stored values of the positions; and each storage value in the authority array defaults to 0.
When the authority array logs out, acquiring a log-out identity; and calculating hash values of the logout identity marks by using the first hash function, the second hash function and the third hash function respectively, mapping the hash values to three corresponding positions in the authority array, and subtracting one operation from the stored values of the positions.
Specifically, the permission array may select a 4-bit bitset implementation.
Step S102: the second client sends a request to the blockchain network according to the first identity identifier, and a first hash and a second hash are obtained; and the second client sends a request to the IPFS network according to the first hash and the second hash to acquire a first ciphertext and a second ciphertext.
Wherein the IPFS network is made up of a number of nodes, each of which can store and transmit files. When a user wants to access a file, the IPFS looks for the file in the network based on the hash value and loads it from the nearest node onto the user's computer.
It should be noted that, before the second client obtains the first identity, the first client needs to package the first identity, the first hash and the second hash into a transaction and then issue the transaction to the blockchain network.
Specifically, the first client generates a first public key and a first private key; the second client generates a second public key and a second private key; the first client acquires a first symmetric key and a plaintext electronic medical record; the first client side symmetrically encrypts the plaintext electronic medical record according to the first symmetric key to generate a first ciphertext; the first client encrypts the first symmetric key according to the first public key to generate a second ciphertext; the first client uploads the first ciphertext and the second ciphertext to the IPFS network to obtain the corresponding first hash and the second hash; the first client encapsulates the first identity, the first hash and the second hash into transactions, signs the transactions with the first private key, and then issues the transactions to the blockchain network.
Wherein the first symmetric key may be patient-custom set.
Step S103: the second client acquires the first symmetric key; and the second client decrypts the first ciphertext by using the first symmetric key to obtain a plaintext electronic medical record.
Wherein the first symmetric key may be provided directly by the patient.
It should be noted that, when the patient forgets the first symmetric key, the method of the present application can still access the electronic medical record.
The second client acquires the first private key; and the second client decrypts the second ciphertext by using the first private key to obtain the first symmetric key.
Specifically, the first private key may be provided by the patient through the first client, preferably, the first private key is generated and stored locally in the first client, when in use, the first client generates the QR code according to the first private key, and the second client obtains the value of the first private key through code scanning. After the second client obtains the first private key, the second client can decrypt the second ciphertext to obtain a first symmetric key, and then the second client uses the first symmetric key to decrypt the first ciphertext to obtain the plaintext electronic medical record.
It should be noted that, before the second client obtains the first identity identifier, the first client needs to package the anonymous identifier and the third ciphertext into a transaction and then issue the transaction to the blockchain network.
Specifically, the first client side also generates an asymmetric homomorphic encryption public key and an asymmetric homomorphic encryption private key according to the first identity identifier; the first client encrypts the first private key according to the asymmetric homomorphic encryption public key to generate a third ciphertext; the first client encrypts the first identity mark according to the asymmetric homomorphic encryption public key to generate an anonymous mark; and the first client encapsulates the anonymous identifier and the third ciphertext into a transaction, signs the transaction by using the first private key, and then issues the transaction to the blockchain network.
The homomorphic encryption (homomorphic encryption) refers to a data result obtained by performing homomorphic encryption on original data, performing specific operation on the obtained ciphertext, and then performing homomorphic decryption on a calculation result to obtain a plaintext which is equivalent to the data result obtained by directly performing the same calculation on the original plaintext data.
Referring to fig. 2, fig. 2 is a flow chart of a method for accessing an electronic medical record in an emergency situation where a first symmetric key and a first private key cannot be directly obtained according to an embodiment of the application.
It should be noted that, when the patient is in an unconscious state, the first symmetric key and the first private key cannot be directly provided, the method of the present application can still access the electronic medical record.
The second client generates the asymmetric homomorphic encryption public key and the asymmetric homomorphic encryption private key according to the first identity identifier; the second client encrypts the first identity mark according to the asymmetric homomorphic encryption public key to obtain the anonymous mark; the second client initiates a request to the blockchain network according to the anonymous identifier to acquire the third ciphertext; the second client encrypts the second public key according to the asymmetric homomorphic encryption public key to obtain the fourth ciphertext; the second client encapsulates the second ciphertext, the third ciphertext and the fourth ciphertext into transactions, signs the transactions with the second private key, and then issues the transactions to the blockchain network for re-encryption operation to obtain a fifth ciphertext; the second client decrypts the fifth ciphertext according to the asymmetric homomorphic encryption private key to obtain a sixth ciphertext; and the second client decrypts the sixth ciphertext according to the second private key to obtain the first symmetric key.
Specifically, the above process can decrypt the second ciphertext into the first symmetric key without exposing the plaintext of the first private key, thereby decrypting the first ciphertext to obtain the electronic medical record data of the plaintext; can help doctors to obtain patient information efficiently under the condition that the patient is unconscious so as to provide accurate treatment for the patient.
The method is exemplified below by the case that the first patient loses consciousness and can not provide the secret key to provide the first electronic medical record access authorization for the second doctor, and the second doctor obtains the original data of the first electronic medical record of the patient in an emergency.
Before the patient A provides the original data of the electronic medical record for the doctor to access, the patient A must upload the encrypted electronic medical record through the patient application end and set an authorization key.
The method comprises the steps that firstly, a patient A uploads electronic medical record original data C0 through a patient application end, and a first self-defined symmetric key Ssk is input as an authorization key; of course, the uploading operation of the electronic medical record original data C0 can be completed with the assistance of doctors.
The patient application generates a first public-private key pair, and the first public key Ppk and the first private key Psk are used for accessing the medical record blockchain network. Meanwhile, the patient application end encrypts the original data of the electronic medical record by using a first symmetric key Ssk input by a user to generate a first ciphertext C1; the patient application end uses the first public key Ppk to encrypt the first symmetric key Ssk to generate a second ciphertext C2.
The patient application end uploads the encrypted first ciphertext C1 and the encrypted second ciphertext C2 to the IPFS network, and obtains Hash address values Hash1 and Hash2 of the first ciphertext C1 and the second ciphertext C2 on the IPFS network. Among them, IPFS, collectively referred to as "inter-plain file system", is a distributed file system. Its primary purpose is to provide a decentralised, addressable, secure way to store and share files. The goal of IPFS is to be a new type of internet infrastructure, providing high-speed, secure, reliable file transfer through decentralized storage and redundancy mechanisms.
After the patient application end obtains the Hash1 and the Hash2, the first identity identification PID of the patient A, the Hash1 and the Hash2 are packaged into a blockchain transaction, and then the blockchain transaction is signed by using the first private key Psk and then uploaded to an intelligent contract in a medical record blockchain network.
When the patient A looks for a doctor under normal conditions, the patient A can show the first identity identification PID to a doctor B, the doctor B can input the first identity identification PID of the patient A at a doctor application end, the doctor application end traverses and acquires the values of the Hash1 and the Hash2 corresponding to the first identity identification PID according to the first identity identification PID, and then the doctor application end requests the corresponding file first ciphertext C1 and second ciphertext C2 from the IPFS network according to the values of the Hash1 and the Hash2. At this time, the doctor application end may prompt the patient to input the first symmetric key Ssk set by the patient, and after the patient inputs the corresponding first symmetric key Ssk, the doctor client end decrypts the first ciphertext C1 according to the first symmetric key Ssk, so as to access the electronic medical record original data C0. Further, when the patient first forgets the first symmetric key Ssk, the patient first may further use the patient application end to generate a QR code corresponding to the first private key Psk, the doctor application end may scan the QR code to obtain the first private key Psk, use the first private key Psk to decode the second ciphertext C2 to obtain the first symmetric key Ssk, and then use the first symmetric key Ssk to decrypt the first ciphertext C1 to access the electronic medical record original data C0.
In the process, the information of the patient A is respectively stored in the IPFS network and the medical record blockchain network in the form of ciphertext, so that the privacy of the patient A is protected, and the data leakage is prevented; meanwhile, when the patient forgets the authorized password carelessly, the authorized password can be obtained by decoding the second ciphertext through the first private key, so that the convenience of medical record authorized access is improved.
It should be noted that, the above embodiment is that the patient a performs authorized access to the medical record original data of the doctor b under the normal and interesting condition. Furthermore, the doctor B can access the medical record original data of the patient A without exposing any private key of the patient A under the emergency that the patient A is unconscious and cannot carry out authorized access operation, and the details are as follows:
the patient application end can also generate an asymmetric homomorphic encryption public and private key pair according to a first identity identification PID of the patient A, and the asymmetric homomorphic encryption public key Ahpk and the asymmetric homomorphic encryption private key Ahsk; the patient application end encrypts the first private key Psk according to the asymmetric homomorphic encryption public key Ahpk to generate a third ciphertext C3; and the patient application end encrypts the first identity identifier PID according to the asymmetric homomorphic encryption public key Ahpk to generate an anonymous identifier APID.
After the patient application terminal obtains the anonymous identifier APID and the third ciphertext C3, the anonymous identifier APID and the third ciphertext C3 are packaged into a blockchain transaction, and then the blockchain transaction is signed by using the first private key Psk and then uploaded to an intelligent contract in a medical record blockchain network.
In an emergency, when the doctor B needs to access the original medical record data of the patient A, the doctor B can input a second identification DID of the doctor B and a first identification PID of the patient A at the doctor application end. Alternatively, the PID may be obtained by reading patient nail certificate information, scanning patient nail facial features or fingerprint features, and the like.
After the doctor client obtains the first identity identifier PID, the doctor client may obtain the first ciphertext C1 and the second ciphertext C2, and the obtaining process is the same as the foregoing embodiment, which is not repeated herein. The doctor client can also verify the doctor authority according to the first identity identification PID and the second identity identification DID.
When the verification is passed, the doctor application end can also generate an asymmetric homomorphic encryption public and private key pair according to the first identity identification PID of the patient A, and the asymmetric homomorphic encryption public key Ahpk and the asymmetric homomorphic encryption private key Ahsk.
Firstly, a doctor application end encrypts a first identity identification PID according to an asymmetric homomorphic encryption public key Ahpk to generate an anonymous identification APID, and then traverses and acquires a third ciphertext C3 corresponding to the anonymous identification APID on a medical record blockchain network according to the anonymous identification APID.
Secondly, the doctor application end encrypts the second public key Dpk according to the asymmetric homomorphic encryption public key Ahpk to generate a fourth ciphertext C4; then, the doctor application encapsulates the second ciphertext C2, the third ciphertext C3, and the fourth ciphertext C4 into blockchain transactions, signs the blockchain transactions with the second private key Dsk, and then issues the blockchain transactions into an intelligent contract in the medical record blockchain network, and the intelligent contract re-encrypts the second ciphertext C2, the third ciphertext C3, and the fourth ciphertext C4 to generate a fifth ciphertext C5.
Among them, re-encryption is an encryption technique that allows smart contracts to control encryption and decryption of data.
Wherein the second public key Dpk and the second april Dsk may be generated by the doctor b when registering the doctor application.
And thirdly, the doctor application end decrypts the fifth ciphertext C5 according to the asymmetric homomorphic encryption private key Ahsk to generate a sixth ciphertext C6. Among them, homomorphic encryption is an encryption method that can make encrypted data have the same form as original data. This means that even after the data is encrypted, the result of any operation performed on it is the same as the result of the same operation performed on the original data. Thus, the use of homomorphic encryption may allow useful operations to be performed on encrypted data while protecting the privacy of the data.
Finally, the doctor application end uses the second private key Dsk to decrypt the sixth ciphertext C6 to generate a first symmetric key Ssk, and the first symmetric key Ssk can decrypt the first ciphertext C1 to access the medical record original data C0 of the patient a.
Verifying the authority of doctors and patients through a hash algorithm and a registration authority array, wherein the speed is obviously increased especially when the number of registered patients and doctors is huge, and the diagnosis efficiency is improved; the user privacy data is stored safely and anonymously through the IPFS network and the blockchain network, so that data leakage is prevented; in addition, the electronic medical record access mode of the method is flexible, the electronic medical record can be accessed through the custom key of the patient, when the patient forgets, the electronic medical record can be accessed through the private key stored by the client, in an emergency, the plaintext electronic medical record of the patient can be obtained under the condition that the private key of the patient is not exposed through the encryption technology, and the method is more beneficial to timely and accurately providing treatment for the patient in cooperation with efficient authority verification.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the application.
As shown in fig. 3, the computer device 1000 may include: processor 1001, network interface 1004, and memory 1005, in addition, computer device 1000 may further comprise: a user interface 1003, and at least one communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display (Display), a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface, among others. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may also optionally be at least one storage platform located remotely from the processor 1001. As shown in fig. 3, an operating system, a network communication module, a user interface module, and a device control application may be included in the memory 1005, which is one type of computer storage medium.
In the computer device 1000 shown in FIG. 3, the network interface 1004 may provide network communication functions; while user interface 1003 is primarily used as an interface for providing input to a user; and the processor 1001 may be configured to invoke the device control application stored in the memory 1005 to implement the description of the blockchain-based electronic medical record access method in any of the embodiments corresponding to fig. 1 above.
Furthermore, it should be noted here that: the present application further provides a computer readable storage medium, in which a computer program is stored, and the computer program includes program instructions, when executed by a processor, can perform the description of the blockchain-based electronic medical record access method in any of the foregoing embodiments corresponding to fig. 1, and therefore, a detailed description will not be given here. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the embodiments of the computer storage medium according to the present application, please refer to the description of the method embodiments of the present application.
Those skilled in the art will appreciate that implementing all or part of the above-described methods may be accomplished by way of computer programs, which may be stored on a computer-readable storage medium, and which, when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a random access memory (RandomAccessMemory, RAM), or the like.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the spirit of the application. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.
Claims (3)
1. The electronic medical record access method based on the blockchain is characterized by comprising the following steps of:
the method comprises the steps that a first client generates a first public key and a first private key; the second client generates a second public key and a second private key; the first client acquires a first symmetric key and a plaintext electronic medical record; the first client side symmetrically encrypts the plaintext electronic medical record according to the first symmetric key to generate a first ciphertext; the first client encrypts the first symmetric key according to the first public key to generate a second ciphertext; the first client uploads the first ciphertext and the second ciphertext to an IPFS network to obtain a first hash and a second hash corresponding to the first ciphertext and the second ciphertext; the first client encapsulates the first identity identifier, the first hash and the second hash into transactions, signs the transactions with the first private key and then issues the transactions to a blockchain network;
the first client side also generates an asymmetric homomorphic encryption public key and an asymmetric homomorphic encryption private key according to the first identity identifier; the first client encrypts the first private key according to the asymmetric homomorphic encryption public key to generate a third ciphertext; the first client encrypts the first identity mark according to the asymmetric homomorphic encryption public key to generate an anonymous mark; the first client encapsulates the anonymous identifier and the third ciphertext into a transaction, signs the transaction by using the first private key, and then issues the transaction to the blockchain network;
the second client acquires a first identity and a second identity and verifies the first identity and the second identity; the second client calculates hash values for the first identity identifier and the second identity identifier respectively by using a first hash function, a second hash function and a third hash function, and when the hash values corresponding to the values at the corresponding positions of the authority array are all larger than 0, the verification is confirmed to be successful; the authority array is maintained and updated in the blockchain network by an authentication center;
when the authority array is registered, acquiring a registration identity; calculating hash values of the registered identity by using the first hash function, the second hash function and the third hash function respectively, mapping the hash values to three corresponding positions in the authority array, and adding one operation to the stored values of the positions; each storage value in the authority array defaults to 0; when the authority array logs out, acquiring a log-out identity; calculating hash values of the logout identity by using the first hash function, the second hash function and the third hash function respectively, mapping the hash values to three corresponding positions in the authority array, and subtracting one operation from the stored values of the positions;
the second client sends a request to the blockchain network according to the first identity identifier, and the first hash and the second hash are obtained; the second client sends a request to the IPFS network according to the first hash and the second hash, and the first ciphertext and the second ciphertext are obtained;
the second client acquires the first symmetric key; the second client generates the asymmetric homomorphic encryption public key and the asymmetric homomorphic encryption private key according to the first identity identifier; the second client encrypts the first identity mark according to the asymmetric homomorphic encryption public key to obtain the anonymous mark; the second client initiates a request to the blockchain network according to the anonymous identifier to acquire the third ciphertext; the second client encrypts the second public key according to the asymmetric homomorphic encryption public key to obtain a fourth ciphertext; the second client encapsulates the second ciphertext, the third ciphertext and the fourth ciphertext into transactions, signs the transactions with the second private key, and then issues the transactions to the blockchain network for re-encryption operation to obtain a fifth ciphertext; the second client decrypts the fifth ciphertext according to the asymmetric homomorphic encryption private key to obtain a sixth ciphertext; the second client decrypts the sixth ciphertext according to the second private key to obtain the first symmetric key;
and the second client decrypts the first ciphertext by using the first symmetric key to obtain the plaintext electronic medical record.
2. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method of claim 1.
3. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211618207.6A CN115879153B (en) | 2022-12-16 | 2022-12-16 | Case history access method based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211618207.6A CN115879153B (en) | 2022-12-16 | 2022-12-16 | Case history access method based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115879153A CN115879153A (en) | 2023-03-31 |
| CN115879153B true CN115879153B (en) | 2023-11-03 |
Family
ID=85754533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211618207.6A Active CN115879153B (en) | 2022-12-16 | 2022-12-16 | Case history access method based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115879153B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527859B (en) * | 2024-01-04 | 2024-03-19 | 深圳市联特微电脑信息技术开发有限公司 | Equipment monitoring method and system based on industrial Internet |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109886025A (en) * | 2019-01-04 | 2019-06-14 | 平安科技(深圳)有限公司 | Management method, device, computer equipment and the storage medium of user identifier |
| CN112434336A (en) * | 2020-11-25 | 2021-03-02 | 深圳前海微众银行股份有限公司 | Block chain-based electronic medical record sharing method, device and system and storage medium |
| CN112836225A (en) * | 2021-02-08 | 2021-05-25 | 西安邮电大学 | Electronic medical record sharing method based on block chain |
| CN113536359A (en) * | 2021-08-06 | 2021-10-22 | 东北大学 | Personal health record privacy protection and access system and method based on block chain |
| WO2022134119A1 (en) * | 2020-12-26 | 2022-06-30 | 西安科锐盛创新科技有限公司 | Blockchain-based electronic medical record sharing method and electronic device |
-
2022
- 2022-12-16 CN CN202211618207.6A patent/CN115879153B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109886025A (en) * | 2019-01-04 | 2019-06-14 | 平安科技(深圳)有限公司 | Management method, device, computer equipment and the storage medium of user identifier |
| CN112434336A (en) * | 2020-11-25 | 2021-03-02 | 深圳前海微众银行股份有限公司 | Block chain-based electronic medical record sharing method, device and system and storage medium |
| WO2022134119A1 (en) * | 2020-12-26 | 2022-06-30 | 西安科锐盛创新科技有限公司 | Blockchain-based electronic medical record sharing method and electronic device |
| CN112836225A (en) * | 2021-02-08 | 2021-05-25 | 西安邮电大学 | Electronic medical record sharing method based on block chain |
| CN113536359A (en) * | 2021-08-06 | 2021-10-22 | 东北大学 | Personal health record privacy protection and access system and method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115879153A (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11887705B2 (en) | Apparatus, system and method for patient-authorized secure and time-limited access to patient medical records utilizing key encryption | |
| US20220191031A1 (en) | Secure and zero knowledge data sharing for cloud applications | |
| Masud et al. | A robust and lightweight secure access scheme for cloud based E-healthcare services | |
| US10027489B2 (en) | Digital rights management system and method | |
| RU2602790C2 (en) | Secure access to personal health records in emergency situations | |
| KR101054970B1 (en) | A system, apparatus, method, and computer readable recording medium for authenticating a communication party using an electronic certificate containing personal information | |
| AU2008344384B2 (en) | Information distribution system and program for the same | |
| KR20180081108A (en) | Public / private key biometric authentication system | |
| CN103338196A (en) | Information certificate authority and safety use method and system | |
| CN115879153B (en) | Case history access method based on block chain | |
| KR101701304B1 (en) | Method and system for managing medical data using attribute-based encryption in cloud environment | |
| KR20120041904A (en) | Proxy based privilege management method and apparatus for accessing health data in cloud computing environment | |
| CN112671735B (en) | Data encryption sharing system and method based on block chain and re-encryption | |
| US20230328059A1 (en) | Authentication system for providing biometrics-based login service | |
| CN114091091B (en) | Case data remote authorization lookup method based on block chain | |
| JPH10111897A (en) | Clinical consultation information sharing method | |
| KR20180024390A (en) | Method and system for transporting patient information | |
| CN117216740A (en) | Digital identity authentication method based on blockchain technology | |
| Hamed et al. | Secure Patient Authentication Scheme in the Healthcare System Using Symmetric Encryption. | |
| KR102202152B1 (en) | Method, system and non-transitory computer-readable recording medium for de-identification of data on blockchain network | |
| Abbasi et al. | A lightweight and robust authentication scheme for the healthcare system using public cloud server | |
| JP6167667B2 (en) | Authentication system, authentication method, authentication program, and authentication apparatus | |
| US20230239154A1 (en) | Secure communication of user device data | |
| Sassi et al. | Security and privacy protection in the e-health system: Remote monitoring of covid-19 patients as a use case | |
| US20220019649A1 (en) | Verified base image in photo gallery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231012 Address after: 410000 room 105, building 5, R & D headquarters, Central South University Science Park, changzuo Road, Yuelu street, Yuelu District, Changsha City, Hunan Province Applicant after: Hunan Tiao Medical Technology Co.,Ltd. Address before: Xin Zhan Zhen Xin Zhan Cun, Jiaohe City, Jilin City, Jilin Province Applicant before: Gao Yajuan |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |