CN116303437A - Medical data hierarchical storage and sharing method based on block chain - Google Patents
Medical data hierarchical storage and sharing method based on block chain Download PDFInfo
- Publication number
- CN116303437A CN116303437A CN202310153595.3A CN202310153595A CN116303437A CN 116303437 A CN116303437 A CN 116303437A CN 202310153595 A CN202310153595 A CN 202310153595A CN 116303437 A CN116303437 A CN 116303437A
- Authority
- CN
- China
- Prior art keywords
- data
- node
- medical data
- ciphertext
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000035945 sensitivity Effects 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims description 8
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000008520 organization Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 2
- 208000017667 Chronic Disease Diseases 0.000 description 1
- 208000035473 Communicable disease Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2255—Hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Epidemiology (AREA)
- Primary Health Care (AREA)
- Public Health (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a medical data hierarchical storage and sharing method based on a blockchain. The method comprises the following steps: the patient globally signs the medical data; dividing sub data and carrying out interceptable signature by doctors according to sensitivity dividing standards, encrypting the sub data with different grades by using a symmetric key by a affiliated institution node, uploading the sub data to an IPFS system, carrying out data access control processing by using a ciphertext policy attribute encryption algorithm (CP-ABE), and writing related information into an intelligent contract; the request node initiates a request transaction; triggering a corresponding intelligent contract by request transaction, and returning related request information; the request node decrypts the ciphertext, acquires the hash address of the data, downloads and decrypts the ciphertext to obtain the original text. The invention realizes the safe hierarchical storage and sharing of medical data by means of alliance chains, interceptable signatures, CP-ABE, intelligent contracts and other technologies.
Description
Technical Field
The invention relates to the technical field of medical block chains, in particular to a medical data hierarchical storage and sharing method based on a block chain.
Background
The storage and management of medical data is currently rendered electronic, with such medical data being of shared value. On the one hand, for patients suffering from serious diseases or chronic diseases, when the patients are in a doctor's visit, the doctor can carry out accurate analysis according to the past medical history of the patients, and a more efficient treatment scheme is provided for the patients; on the other hand, sharing of medical data of the type of infectious diseases with timeliness and locality can provide a comprehensive data set for research institutions to conduct medical research and analysis, etc.; in addition, the insurance entity can quickly handle medical insurance reimbursement business for the patient by quickly accessing the patient's records of the visit. However, the traditional medical data are mostly scattered in databases built by the medical institutions, so that not only is the data island caused, but also the data is easy to be maliciously attacked by a third party, and the data is lost. Meanwhile, the problems of manual tampering with medical records, leakage of privacy of patients and the like are unavoidable. Therefore, a safer, more reliable and transparent technology is needed to solve the above-mentioned problems, and the characteristics of the blockchain technology such as decentralization and non-falsification can solve the above-mentioned problems.
In the existing medical block chain research, medical data of a patient is shared as a whole, a requester can acquire all data of the patient, leakage of sensitive data of the patient is easy to cause, and safety of the data is not guaranteed sufficiently.
Disclosure of Invention
The invention provides a medical data hierarchical storage and sharing method based on a blockchain, which aims to solve the problems in the background technology, enhance the safety of data through hierarchical storage and sharing, and improve the safety of data through technologies such as a interceptable signature, a CP-ABE algorithm, an intelligent contract and the like.
In order to achieve the above purpose, the present invention provides the following technical solutions:
the medical data hierarchical storage and sharing method based on the blockchain is characterized by comprising the following specific steps of:
step 1: the patient carries out global signature on the medical data and returns the medical data to the doctor;
step 2: dividing sub data and carrying out interceptable signature by doctors according to sensitivity dividing standards, encrypting different sub data by using a symmetric key by a affiliated institution node, uploading the encrypted sub data to an IPFS system, carrying out data access control processing by using a CP-ABE algorithm, and writing related information into an intelligent contract;
step 3: the request node initiates a request transaction;
step 4: triggering a corresponding intelligent contract by request transaction, and returning related request information;
step 5: the request node decrypts the ciphertext, acquires the hash address of the data, downloads and decrypts the ciphertext to obtain the original text.
The step 1 specifically comprises the following steps:
a medical alliance chain system model suitable for medical data sharing is designed, the model consists of institutions such as hospitals, insurance institutions, research institutions and medical supervision departments, and is associated with a CA authentication center, all institutions are authenticated and authorized by the CA authentication center to join in the alliance chain, and all institutions are simultaneously set to store medical data by using an IPFS distributed system. After the patient is treated, the medical data of the patient is divided into n sub-messages according to different content names, and then the patient carries out global signature according to a content interception access structure (CEAS) and a public key of a corresponding doctor, and the signature is sent to the doctor.
The step 2 specifically comprises the following steps:
dividing the sub-data by the doctor according to the sensitivity dividing standard, forming intercepted subsets by the data with different sensitivity levels, intercepting the signature, signing each subset by the doctor, sending the signed subsets to the affiliated institution node, encrypting the different data subsets by the affiliated medical institution node by using different random symmetric keys, respectively uploading the encrypted data subsets to the IPFS system, and returning the corresponding subsets to store the hash addresses. The mechanism node encrypts the mechanism node by using a corresponding symmetric key; then, the node formulates different access strategies according to different sensitivity levels, and encrypts the symmetric keys of different level data subsets by using corresponding strategies; and finally, the mechanism node writes the encrypted symmetric key ciphertext, the hash address ciphertext, the data keyword and the hash value of the corresponding access policy leaf node into the intelligent contract, and sends the intelligent contract as a transaction to the whole network to wait for subsequent consensus verification and uplink.
The step 3 specifically comprises the following steps:
the request node initiates a request transaction, wherein the transaction comprises a keyword of the demand data and an attribute hash set of the keyword.
The step 4 specifically comprises the following steps:
after the request transaction is linked up, the corresponding intelligent contract is triggered, the intelligent contract preliminarily verifies the attribute hash set of the requester, and the related information is returned after verification.
The step 5 specifically comprises the following steps:
the request node decrypts the ciphertext according to the attribute key of the request node, acquires the hash address of the data, downloads the hash address and decrypts the ciphertext according to the attribute key to acquire the original text.
Compared with the prior art, the invention has the following beneficial effects:
the method reduces signature interaction between a patient and a doctor by utilizing the interceptable signature, and adds the public key of the corresponding doctor into the global signature, so that only a specific doctor can conduct interceptable signature, and the subsequent signature verification is ensured; meanwhile, the data are divided according to the sensitivity degree, and only institutions with high-level attributes are qualified to access higher-level data, so that the privacy of patients is protected; a ciphertext policy attribute encryption algorithm is used for making different policies for different grades of data, so that hierarchical access is realized; and meanwhile, intelligent contracts are used for improving the sharing efficiency and the security of data.
Drawings
FIG. 1 is a step diagram of the present invention;
FIG. 2 is a block chain system model diagram of the present invention;
FIG. 3 is a plot of sensitive data of the present invention.
Detailed Description
In order to clarify the technical problems, technical solutions, implementation processes and performance, the present invention will be further described in detail below with reference to examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The embodiment provides a medical data hierarchical storage and sharing method based on a blockchain, as shown in fig. 1, which is a specific step diagram, specifically including the following steps:
step 1: the patient carries out global signature on the medical data and returns the medical data to the doctor;
step 2: dividing sub data and carrying out interceptable signature by doctors according to sensitivity dividing standards, encrypting different sub data by using a symmetric key by a affiliated institution node, uploading the encrypted sub data to an IPFS system, carrying out data access control processing by using a CP-ABE algorithm, and writing related information into an intelligent contract;
step 3: the request node initiates a request transaction;
step 4: triggering a corresponding intelligent contract by request transaction, and returning related request information;
step 5: the request node decrypts the ciphertext, acquires the hash address of the data, downloads and decrypts the ciphertext to obtain the original text.
The step 1 specifically comprises the following steps:
the medical block chain system model provided by the invention is shown in fig. 2, the model comprises a alliance chain formed by institutions such as hospitals, insurance institutions, research institutions and medical supervision departments, and a CA authentication center is associated, all institutions can be added into the alliance chain after being authenticated and authorized by the CA authentication center, and all institutions are simultaneously set to store medical data by using an IPFS distributed system. After the patient is treated, the medical data m is divided into n sub-messages according to different content names, m i Representing the ith sub-message in the message m, then, the patient carries out global signature according to the content interception access structure (CEAS) and the public key of the corresponding doctor, and sends the signature to the doctor, wherein the signature process is as follows:
wherein H is hash calculation, sigma i For signing, sk patient For patient private key, pk doctor Sigma, the public key of doctor FULL Is a global signature.
The step 2 specifically comprises the following steps:
the doctor verifies the global signature by verifying each sub-message in m in the following way:
wherein g is the generator of the cyclic group,
after verification, dividing the sub-data according to sensitivity dividing criteria for the patient public key, as shown in fig. 3, listing a division diagram of the sensitive data; then, the data with different sensitivity levels are formed into a interception subset CI (m') according to the CEAS access structure and signature interception is carried out in the following manner:
wherein sigma tj (j=1,., f) is from σ FULL The signature of the corresponding sub-message in the extracted CI (m'). And meanwhile, the doctor signs each subset and then sends the signed subset to the affiliated institution node, and the affiliated medical institution node encrypts different data subsets by using different random symmetric keys and then uploads the encrypted data subsets to the IPFS system respectively, and returns the corresponding subsets to store the hash addresses. The mechanism node encrypts the mechanism node by using a corresponding symmetric key; then, the node formulates different access strategies according to different sensitivity levels, and encrypts the symmetric keys of different level data subsets by using corresponding strategies; finally, the organization node writes the encrypted symmetric key ciphertext, the hash address ciphertext, the data key and the hash value of the corresponding access policy leaf node into the intelligent contract,the smart contract is sent as a transaction to the whole network awaiting subsequent consensus verification and chaining.
The step 3 specifically comprises the following steps:
the request node initiates a request transaction, wherein the transaction comprises a keyword of the demand data and an attribute hash set of the keyword.
The step 4 specifically comprises the following steps:
after the request transaction is linked, the corresponding intelligent contract is triggered, the intelligent contract preliminarily verifies the attribute hash set of the requester, verifies whether the attribute hash set exists in the hash value of the leaf node of the corresponding access strategy in the contract, and returns related information if verification is successful, wherein the node with the high-grade attribute set can acquire the related information of all data with lower grade than the node with the high-grade attribute set.
The step 5 specifically comprises the following steps:
the request node decrypts the ciphertext according to the attribute key of the request node, acquires the hash address of the data, downloads the hash address and decrypts the ciphertext according to the attribute key to acquire the original text.
The above disclosure is only a preferred embodiment of the present invention, and it should be understood that the scope of the invention is not limited thereto, and those skilled in the art will appreciate that all or part of the procedures described above can be performed according to the equivalent changes of the claims, and still fall within the scope of the present invention.
Claims (6)
1. The medical data hierarchical storage and sharing method based on the blockchain is characterized by comprising the following specific steps of:
step 1: the patient carries out global signature on the medical data and returns the medical data to the doctor;
step 2: dividing sub data and carrying out interceptable signature by doctors according to sensitivity dividing standards, encrypting different sub data by using a symmetric key by a affiliated institution node, uploading the encrypted sub data to an IPFS system, carrying out data access control processing by using a CP-ABE algorithm, and writing related information into an intelligent contract;
step 3: the request node initiates a request transaction;
step 4: triggering a corresponding intelligent contract by request transaction, and returning related request information;
step 5: the request node decrypts the ciphertext, acquires the hash address of the data, downloads and decrypts the ciphertext to obtain the original text.
2. The blockchain-based medical data hierarchical storage and sharing method as in claim 1, wherein the medical institution nodes form a medical federation chain, and the medical data ciphertext is stored on the IPFS system, and the corresponding hash address and key are stored on the federation chain to achieve the storage and sharing of the medical data.
3. The blockchain-based hierarchical storage and sharing method of medical data of claim 1, wherein the patient returns the medical data to the doctor after globally signing the medical data after the patient is treated; dividing the sub-data by doctors according to sensitivity dividing standards, signing the sub-data in a interceptable way, encrypting the sub-data with different grades by using a symmetric key by a node of a medical institution, uploading the sub-data to an IPFS system, returning a corresponding hash address, and encrypting the sub-data by the node by using the corresponding symmetric key; and then, the node formulates different access strategies according to different sensitive grades, and encrypts the symmetric keys of the sub-data with different grades by using corresponding strategies to carry out CP-ABE encryption.
4. The blockchain-based medical data hierarchical storage and sharing method of claim 1, wherein the organization node writes the encrypted symmetric key ciphertext, the hash address ciphertext, the data key and the hash value of the corresponding access policy leaf node into the smart contract, and sends the smart contract transaction to the whole network awaiting subsequent consensus verification and uplink.
5. The blockchain-based medical data hierarchical storage and sharing method according to claim 1, wherein the request node initiates a request transaction, and the transaction comprises keywords of the required data and an attribute hash set of the request transaction; after the request transaction is linked up, the corresponding intelligent contract is triggered, the intelligent contract preliminarily verifies the attribute hash set of the requester, and the related information is returned after verification.
6. The blockchain-based medical data hierarchical storage and sharing method according to claim 1, wherein the requesting node decrypts the ciphertext according to its own attribute key, obtains the hash address of the data, downloads and decrypts the ciphertext according to the attribute key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310153595.3A CN116303437A (en) | 2023-02-23 | 2023-02-23 | Medical data hierarchical storage and sharing method based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310153595.3A CN116303437A (en) | 2023-02-23 | 2023-02-23 | Medical data hierarchical storage and sharing method based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116303437A true CN116303437A (en) | 2023-06-23 |
Family
ID=86800545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310153595.3A Pending CN116303437A (en) | 2023-02-23 | 2023-02-23 | Medical data hierarchical storage and sharing method based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116303437A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117874144A (en) * | 2024-03-11 | 2024-04-12 | 西康软件有限责任公司 | Medical data sharing method, device, equipment and storage medium based on blockchain |
-
2023
- 2023-02-23 CN CN202310153595.3A patent/CN116303437A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117874144A (en) * | 2024-03-11 | 2024-04-12 | 西康软件有限责任公司 | Medical data sharing method, device, equipment and storage medium based on blockchain |
| CN117874144B (en) * | 2024-03-11 | 2024-05-28 | 西康软件有限责任公司 | Medical data sharing method, device, equipment and storage medium based on blockchain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3451578B1 (en) | Turn-control rewritable blockchain | |
| US11790097B1 (en) | Systems and methods to track, store, and manage events, rights, and liabilities | |
| US10305875B1 (en) | Hybrid blockchain | |
| US10554421B2 (en) | Method for superseding log-in of user through PKI-based authentication by using smart contact and blockchain database, and server employing same | |
| CN110008746B (en) | Block chain-based medical record storage, sharing and safety claim settlement model and method | |
| CN109326337B (en) | Model and method for storing and sharing electronic medical record based on block chain | |
| CN113067857A (en) | Electronic medical record cross-hospital sharing method based on double-chain structure | |
| CN111783075A (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| CN115242518B (en) | Medical health data protection system and method in mixed cloud environment | |
| Tang et al. | A secure and trustworthy medical record sharing scheme based on searchable encryption and blockchain | |
| CN112530531A (en) | Electronic medical record storage and sharing method based on double block chains | |
| Zhang et al. | BDSS: Blockchain-based data sharing scheme with fine-grained access control and permission revocation in medical environment | |
| Zhang et al. | A survey on the efficiency, reliability, and security of data query in blockchain systems | |
| CN116303437A (en) | Medical data hierarchical storage and sharing method based on block chain | |
| Zhang et al. | Nano: Cryptographic enforcement of readability and editability governance in blockchain databases | |
| CN114978664A (en) | Data sharing method and device and electronic equipment | |
| CN114579998A (en) | Block chain assisted medical big data search mechanism and privacy protection method | |
| Yang et al. | An access control model based on blockchain master-sidechain collaboration | |
| Gao et al. | BFR‐SE: A Blockchain‐Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine‐Grained Access Control in Cloud Environment | |
| Gan et al. | An encrypted medical blockchain data search method with access control mechanism | |
| Venkatesan et al. | Secure and decentralized management of health records | |
| Hu et al. | Assuring spatio-temporal integrity on mobile devices with minimum location disclosure | |
| Zhao et al. | Feasibility study on security deduplication of medical cloud privacy data | |
| Xu et al. | BPDST: Blockchain-based privacy-preserving data sharing on thin client for electronic medical records | |
| Liu et al. | A Blockchain‐Based Personal Health Record System for Emergency Situation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |