CN116469501A - Electronic medical record sharing method, system, equipment and storage medium based on blockchain - Google Patents
Electronic medical record sharing method, system, equipment and storage medium based on blockchain Download PDFInfo
- Publication number
- CN116469501A CN116469501A CN202310223775.4A CN202310223775A CN116469501A CN 116469501 A CN116469501 A CN 116469501A CN 202310223775 A CN202310223775 A CN 202310223775A CN 116469501 A CN116469501 A CN 116469501A
- Authority
- CN
- China
- Prior art keywords
- medical record
- electronic medical
- data
- blockchain
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 12
- 238000010845 search algorithm Methods 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 5
- 230000009466 transformation Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 10
- 238000004364 calculation method Methods 0.000 description 9
- 238000006243 chemical reaction Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Public Health (AREA)
- Primary Health Care (AREA)
- Medical Informatics (AREA)
- Epidemiology (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The invention discloses a blockchain-based electronic medical record sharing method, a blockchain-based electronic medical record sharing system, blockchain-based electronic medical record sharing equipment and a storage medium, and relates to the technical field of blockchains. The method comprises the following steps: the authority center generates a system master key and a system public key, and generates a user private key by combining a user attribute set; the doctor generates and signs an electronic medical record for the patient, the patient encrypts the electronic medical record and uploads the encrypted electronic medical record to the IPFS, a storage address is acquired, a security index is generated, and the security index, a symmetric key and the storage address are sent to the blockchain system; the data requester searches the blockchain system by submitting trapdoor and identity information, and the blockchain system sends search data after successful attribute matching, and the data requester decrypts to obtain plaintext data. The invention merges the blockchain and the IPFS file system, realizes the distributed storage under the ciphertext chain of the electronic medical record and the sharing on the key data chain, establishes a safe and efficient electronic medical record data sharing method, and ensures the safe sharing of the data of the electronic medical record under the scene of multiple medical institutions.
Description
Technical Field
The invention belongs to the technical field of blockchains, and particularly relates to a blockchain-based electronic medical record sharing method, a blockchain-based electronic medical record sharing system, blockchain-based electronic medical record sharing equipment and a blockchain-based electronic medical record storage medium.
Background
Along with the development of information technology, more and more medical institutions use a digital technology to store medical electronic medical records, so that the service quality of hospitals is improved, and convenience is provided for patients in the medical treatment process, however, most medical electronic medical records are independently stored by the medical institutions at present, when patients seek medical treatment across institutions, the institutions cannot communicate electronic medical records, data sharing among the institutions is poor, and the problem of data island exists; the privacy protection of medical data and the safety of the data sharing process also lead to low enthusiasm for sharing medical electronic medical records among institutions, and in view of the fact, a medical electronic medical record sharing system focusing on the data privacy protection and the safety and high-efficiency storage of the data sharing process is generated.
Blockchain is known as the next generation internet, and is used as a distributed billing system with decentralization, low trust cost and tamper-proof information, and the blockchain is combined with an electronic medical record data sharing system to form a research trend. With the development of blockchain technology and the increasing range of applications, the value carried on blockchains is increasing.
The cross fusion of blockchains and various fields is more frequent, the pace of application and landing is continuously accelerated, and the applications are being explored and explored in industries such as trade finance, supply chains, social public services, elections, judicial evidence, tax, logistics, medical health, agriculture, energy and the like. Especially, the tamper-proof characteristic of the blockchain system obviously increases the security problem of the trusted intercommunication of data. The security of medical data influences the popularization of sharing medical data among various institutions, how to ensure the trusted sharing and the secure storage of electronic medical records is a problem to be solved urgently, and the problems of leakage, tampering and the like of private data can seriously infringe the privacy of patients and influence the reputation of medical institutions.
Therefore, in order to solve the existing problems, it is needed to provide a method for sharing medical data with high security and high reliability, so as to ensure the privacy of the user and the security of the medical record.
Disclosure of Invention
The invention aims to provide a blockchain-based electronic medical record sharing method, a blockchain-based electronic medical record sharing system, blockchain-based electronic medical record sharing equipment and a blockchain-based electronic medical record storage medium.
The aim of the invention can be achieved by the following technical scheme:
in a first aspect, an embodiment of the present application provides a blockchain-based electronic medical record sharing method, including the following steps:
s1, inputting security parameters into an authoritative center to generate a system master key and a system public key;
s2, the authority center generates a private key of the user according to the system public key, the system master key and the attribute set of the user;
s3, the patient finishes medical treatment, and the doctor generates and signs an electronic medical record;
s4, the patient verifies the correctness of the electronic medical record and generates a symmetric key;
s5, encrypting the electronic medical record according to the symmetric key, generating a medical record ciphertext and uploading the medical record ciphertext to an IPFS file system to obtain a storage address of the medical record ciphertext;
s6, generating a security index for the electronic medical record, and storing the symmetric key, the medical record ciphertext, the storage address and the security index into a blockchain system;
s7, the data requester of the electronic medical record performs data retrieval to the blockchain system by submitting trapdoor and identity information;
s8, the blockchain system matches the trapdoor with the security index, and after matching is successful, the search data is sent to the data requester;
s9, the data requester decrypts the retrieval data to obtain plaintext data of the electronic medical record.
As a preferred technical scheme of the invention, a data owner constructs an access structure, and encrypts the storage address and the symmetric key by using an attribute-based encryption algorithm; wherein the data owner comprises the patient.
As a preferred technical scheme of the invention, the data owner extracts the keyword set according to the electronic medical record and encrypts the keyword set by using a search key to generate the security index.
As a preferable technical scheme of the invention, the data requester generates the trapdoor according to the key words and the secret key; the data retrieval adopts a searchable encryption algorithm; the blockchain system adopts a keyword search algorithm to search the security index.
As a preferable technical scheme of the invention, if the attribute of the data requester is not matched with the access structure, sending a data sharing request to the data owner; the data owner builds a new access structure, generates a re-encryption key and sends it to the blockchain system.
As a preferred technical scheme of the invention, the blockchain system executes re-encryption conversion, generates re-encryption ciphertext and sends the re-encryption ciphertext to the data requester.
As a preferred technical scheme of the present invention, the data requester decrypts the re-encrypted ciphertext, obtains the storage address, and downloads the medical record ciphertext from the IPFS file system; and decrypting the medical record ciphertext through the symmetric key to obtain plaintext data of the electronic medical record.
In a second aspect, an embodiment of the present application provides an electronic medical record sharing system based on a blockchain, including an authority center initialization module, an electronic medical record encryption module, an electronic medical record access module, an electronic medical record storage module, an electronic medical record search module and an electronic medical record decryption module that are sequentially connected;
the authority center initialization module is used for the authority center to generate a system public key and a system master key required by the blockchain system according to the security parameters input into the blockchain system; the authority center generates a private key of the user according to the system public key, the system master key and the attribute set of the user;
the electronic medical record encryption module is used for encrypting the electronic medical record data by a patient by adopting a symmetric encryption algorithm to generate medical record ciphertext, uploading the medical record ciphertext to the IPFS file system, and obtaining a storage address of the medical record ciphertext;
the electronic medical record access module is used for constructing an access structure by a data owner, extracting a keyword set according to the electronic medical record data and encrypting the keyword set by using a search key so as to generate a security index; the data owner encrypts the storage address and the symmetric key using an attribute-based encryption algorithm;
the electronic medical record storage module is used for storing the security index, the symmetric key and the storage address into the blockchain system;
the electronic medical record searching module is used for searching and inquiring the electronic medical record data from the blockchain system by submitting trapdoor and identity information by a data requester;
the electronic medical record decryption module is used for matching the data requester with the access structure by the blockchain system, and after the matching is successful, the data requester decrypts the medical record ciphertext to obtain the electronic medical record data.
In a third aspect, embodiments of the present application provide a computer device, including a memory and a processor, where the memory is electrically connected to the processor, and the memory stores a computer program; the computer program, when executed by the processor, causes the processor to implement a blockchain-based electronic medical record sharing method as described in any of the above.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program; the computer program, when executed by a processor, implements a blockchain-based electronic medical record sharing method as described in any of the above.
The beneficial effects of the invention are as follows:
the invention merges the blockchain and the IPFS file system, realizes the distributed storage under the complete ciphertext chain of the medical electronic medical record and the sharing on the key data chain, establishes a safe and efficient electronic medical record data sharing method, and ensures the safe sharing of the electronic medical record data in a decentralization mode under the scene of multiple medical institutions.
Drawings
For a better understanding and implementation, the technical solutions of the present application are described in detail below with reference to the accompanying drawings.
FIG. 1 is a flowchart illustrating steps of a blockchain-based electronic medical record sharing method according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of generating and storing an electronic medical record according to an embodiment of the present application;
FIG. 3 is a flowchart of a data user obtaining an electronic medical record according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic medical record sharing system based on blockchain according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
For further explanation of the technical means and effects adopted by the present invention for achieving the intended purpose, exemplary embodiments will be described in detail herein, examples of which are shown in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of methods and systems that are consistent with aspects of the present application, as detailed in the accompanying claims.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
The following detailed description of specific embodiments, features and effects according to the present invention is provided with reference to the accompanying drawings and preferred embodiments.
Example 1
As shown in fig. 1, an embodiment of the present application provides a blockchain-based electronic medical record sharing method, which specifically includes the following steps:
s101, inputting security parameters into an authoritative center to generate a system master key and a system public key;
s102, the authority center generates a private key of the user according to the system public key, the system master key and the attribute set of the user;
s103, the patient finishes medical treatment, and the doctor generates and signs an electronic medical record;
s104, the patient verifies the correctness of the electronic medical record and generates a symmetric key;
s105, encrypting the electronic medical record according to the symmetric key, generating a medical record ciphertext and uploading the medical record ciphertext to the IPFS file system to obtain a storage address of the medical record ciphertext;
s106, generating a security index for the electronic medical record, and storing the symmetric key, the medical record ciphertext, the storage address and the security index into the blockchain system;
s107, the data requester of the electronic medical record performs data retrieval to the blockchain system by submitting trapdoors and identity information;
s108, matching the trapdoor with the security index by the block chain system, and transmitting the retrieval data to a data requester after the matching is successful;
s109, the data requester decrypts the search data to obtain plaintext data of the electronic medical record.
The above steps S101 to S109 will be described in detail below.
With respect to step S101, after the security parameters and the anti-collision hash function are input into the blockchain system, the authority center outputs the public parameters, the public key and the system master key of the blockchain system according to the input security parameters and anti-collision hash function. In this embodiment, a user refers to an owner joining the blockchain system, including the data owner and the data requestor, and the data owner includes the patient, including the doctor, wherein the patient may be either the data owner or the data requestor.
Specifically, the authority executes an initialization algorithm Setup (Ω, a, γ), where Ω is a set of attributes within the blockchain system, a is an attribute common to all roles within the blockchain system, and γ is a security parameter required for the blockchain system.
Firstly, inputting a security parameter gamma required by a block chain system, selecting a generation element G, and selecting a bilinear cyclic group G with an order of a large prime number p 1 Wherein the bilinear map e: G 1 ×G 1 →G T ;
Next, randomly select g 1 ∈G 1 Randomly selecting element alpha 1 ,β 1 ,α 2 , Is a non-zero integer set; for any attribute A and any i E omega, select T A ,T i ∈G 1 Calculate->
Subsequently, a collision-resistant hash function is selectedH 2 :{0,1} * →{0,1} γ Then define the code conversion E: G 1 →{0,1} γ ;
Finally, the system public key PK is output, and the formula is as follows:
the output system master key MSK is formulated as follows:
meanwhile, the authority mechanism uploads the generated system public key PK to the blockchain system for parameter sharing, and nodes in the blockchain system can access the PK.
With respect to step S102, a key generation algorithm KeyGen (PK, MSK, S) is executed: when a user registers in a blockchain system, submitting an attribute set S of the user to the blockchain system, wherein the blockchain system firstly generates a unique identity id representing the user; meanwhile, when generating a private key of a user in the blockchain system, random numbers are randomly generatedAnd randomly generates for each attribute i epsilon SAnd further obtaining a user private key SK, wherein the formula is as follows:
wherein N is A And N A ' is an attribute A key sub-item.
With regard to step S103, after the medical institution attends a doctor, the doctor generates electronic medical record data m pertaining to the patient, randomly selects an integerCalculate->Electronic signature τ= (S) for generating electronic medical record data 1 ,S 2 ). The doctor sends the electronic signature tau and the original electronic medical record data m to the patient for storage.
Regarding step S104, after the patient completes the medical treatment and obtains the complete electronic medical record data m and the electronic signature τ, firstly, the correctness of the electronic medical record is verified by using the identity information id of the doctor, and the verification formula is as follows:
secondly, after confirming that the electronic medical record data m is correct, encrypting the electronic medical record m by using a symmetric key dek to obtain medical record ciphertext data CF, uploading the encrypted medical record ciphertext CF to an IPFS file system for storage, and finally, the IPFS file system hashing the storage address of the medical record ciphertext CF file Returned to the patient.
With regard to step S105 and step S106, an encryption algorithm Encrypt (PK, (M, ρ), kv) is performed.
In order to realize efficient sharing of data, the storage address hash of the electronic medical record is used for storing the data file The symmetric key dek is stored in the uplink. Although the roles under the blockchain system can be added only after the identities are approved, because the blockchain has the characteristic of public transparency, in order to ensure the security of the data, the data is encrypted and stored, and the algorithm needs to input a system public key PK and the data kv= (hash file Dek) and a linear secret sharing access policy (M, p), where p is a uniradially functionEach row of the matrix M may be mapped to an attribute name. The specific calculation process of the algorithm comprises the following steps:
randomly selectCalculation of z=g z ,η=H 1 (hash kv ) Wherein, hash kv A hash value of the data kv to be encrypted is used as a unique identifier of the data;
randomly selecting a vector v= { s', v 2 ,...,v n } T WhereinCalculating lambda i =M i v, wherein M i Is the ith row of the matrix;
randomly selecting R epsilon G T Calculating s=h i (R,kv),r=H 2 (R). Let s "=s-s', calculate ciphertext sub-itemC 0 =h s ,C' 0 =g 1 s' ,/>
Selecting a random numberGet->C″ A =x A /z;
Finally calculate
Finally, the complete ciphertext CT of the encrypted data kv is obtained, and the formula is as follows:
in one embodiment of the invention, the data owner extracts the set of keywords from the electronic medical record and encrypts it using the search key to generate the security index. For faster retrieval of data afterwards, a searchable encryption algorithm safe_index_gen (PK, W) is therefore added: extracting a keyword set W= { W from an electronic medical record 1 ,w 2 ,...,w t Building a security index idx by a security index generation algorithm, the specific building algorithm of which is shown in the following algorithm 3.1:
wherein, selecting random numbert is the number of keywords contained in W; h is a 0 A public key that is the encryption key of the data owner.
Finally, key data = (idx, CT, hash) kv ) Uploading the data to a block chain system, and storing the data in the block chain system after consensus by a consensus mechanism
With respect to step S107, the patient initiates a history medical record sharing request to the patient by the doctor at the time of the second medical visit, at which time the doctor is the data requester and the patient is the data owner. The data requester generates a search keyword set K= { K 1 ,k 2 ,...,k t The data owner generates trapdoor TD according to the generated keyword set K and the private key SK, and the trapdoor generation algorithm is specifically shown as the following algorithm 3.2:
executing a keyword Search algorithm Search (TD, id), submitting the generated trapdoor TD and identity identification information id to a blockchain system by a data requester, using nodes in the blockchain system as Search nodes, searching indexes by using the keyword Search algorithm, inquiring matched data, and terminating the Search algorithm if the inquiry fails, wherein the keyword Search algorithm is as shown in the following algorithm 3.3:
wherein t is the number of key indexes stored by me.
When the search node executes the search algorithm, the formula of the correctness verification mode is as follows:
with respect to steps S108-S109, in one embodiment provided by the present invention, the data owner builds an access structure, encrypting the storage address and symmetric key using an attribute-based encryption algorithm.
After the retrieval is successful, the key data can be obtained, and because the attribute-based encryption mode based on ciphertext is used during storage, the data requester may not conform to the preset access structure, and therefore, the related data sent to the data requester can be divided into the following two cases:
the first case is: the data requester conforms to the access structure;
if the data requester accords with the access structure, after the data requester is successfully searched, decrypting the medical record ciphertext CT contained in the searched data by using a private key of the data requester, so as to obtain a symmetric key of the encrypted electronic medical record, wherein a specific decryption algorithm is as follows:
selecting random numbersCalculating η=h 1 (hash kv );
The calculation section decrypts the key PSK,
selecting a constant w i So thatAnd simultaneously, calculating the attribute A as follows:
after the calculation of the attribute A is completed, the calculation is performed according to the ciphertext access strategy set during encryption
According to ciphertext sub-items C, C 1 F obtained by calculation * Calculating R
Calculation ofs=H 1 (R, kv), if->And-> The decryption is successful, and key data kv is obtained; otherwise, the decryption fails.
Second case: the data requestor does not conform to the access structure.
In one embodiment provided by the invention, if the attribute of the data requester is not matched with the access structure, a data sharing request is sent to the data owner; the data owner builds a new access structure, generates a re-encryption key and sends it to the blockchain system.
Further, the blockchain system performs a re-encryption transformation, generates a re-encrypted ciphertext and sends it to the data requester.
Further, the data requester decrypts the re-encrypted ciphertext to obtain a storage address, and downloads the medical record ciphertext from the IPFS file system; and decrypting the medical record ciphertext through the symmetric key to obtain plaintext data of the electronic medical record.
Specifically, the data requester does not conform to the access structure, the data requester does not need to use the private key of the data requester to decrypt the ciphertext CT, the data requester needs to convert key data into ciphertext which can be decrypted by the data requester through a re-encryption algorithm and sends the ciphertext to the data requester, and the data requester obtains the key data after decryption, therefore, the data requester submits an attribute set of the data requester and initiates a data sharing request, after the data owner agrees, the data requester firstly builds a new access structure, generates a re-encryption key according to the new access structure and sends the re-encryption key to the blockchain system, takes a node in the blockchain system as an agent node to perform re-encryption conversion on the related ciphertext, generates the re-encryption ciphertext and sends the re-encryption ciphertext to the data requester, and the data requester obtains the data and obtains the related plaintext data after decryption, and the data requester comprises the following specific steps:
firstly, a new access strategy (M ', ρ') and a private key Sk of a data owner are constructed, and a re-encryption key RSK is generated, wherein the specific calculation process is as follows: selecting random numbersCalculate g d And encoded to obtain E (g) d ) Calculating a re-encryption key RSK
C RSK =Encrypt(E(g d ),(M',ρ'),PK)
The RSK is obtained as
Secondly, the data requester accords with a new access structure, the generated re-encryption key RSK is sent to the blockchain system, and after the agent node receives the re-encryption key RSK, the agent node executes an agent re-encryption conversion algorithm, which is specifically calculated as follows: selecting a constantw i Make Sigma ρ(i)∈S w i M i = (1, 0,..0), F ', F "and F'" are calculated for attribute a, specifically as follows:
finally, the re-encrypted ciphertext is obtained as CT' as follows:
CT'=<(M',ρ'),C,C 1 ,C' 0 ,C',F″′,C rsk >
after the proxy node finishes the re-encryption conversion, the proxy re-encryption ciphertext CT' is sent to the data requester, and after the data requester receives the re-encryption ciphertext, the data requester firstly performs re-encryption ciphertext verification and calculation
If it isAnd indicating that the proxy re-encryption result calculated by the proxy node of the blockchain system is correct, otherwise, indicating that the re-encryption is wrong, and directly terminating.
Key data kv of the data requester for decrypting the re-encrypted ciphertext is obtained by first performing encryption on ciphertext C rsk Decryption to obtain E (g) d ) Decoding to obtain g d Next, according to ciphertext sub-item C, C 1 、C' 0 The F calculated at the time of re-encryption decrypts R,
finally calculates=H 1 (R, kv), if->And-> Then the key data is obtained by outputting kv, and the storage address hash of the complete medical record ciphertext of the electronic medical record is obtained file And a symmetric key dek.
The data requester hashes according to the acquired storage address file And downloading ciphertext data CF of the electronic medical record from the IPFS file system, and decrypting by using the symmetric key to obtain plaintext electronic medical record data m.
As shown in fig. 2, in this embodiment, after the patient completes the medical treatment, the doctor generates an electronic medical record according to the medical treatment condition of the patient, signs the electronic medical record, and sends the electronic medical record to the patient. After the patient receives the electronic medical record, the data of the electronic medical record is checked, after the check is passed, a symmetric key is randomly generated to encrypt the data of the electronic medical record, and the encrypted data is uploaded to the IPFS to obtain the storage address of the electronic medical record.
And the patient builds an access structure, encrypts a storage address and a symmetric key of the electronic medical record in the IPFS by using the access structure, extracts a keyword set according to the plaintext electronic medical record, encrypts the keyword set to generate a security index, creates a transaction uplink by the patient, and stores the symmetric key, the storage address and the security index into a blockchain system. The data included in the blockchain system is the data and the security index after the access structure is encrypted.
Because the IPFS storage address, the symmetric key and the security index generated by the medical record data keyword information are encrypted by the attribute base of the patient and then stored in the blockchain system, the link up-link and link down-link collaborative storage is realized, the pressure of the blockchain system is reduced, and the data storage optimization is realized; therefore, when the user of the electronic medical record wants to acquire a certain duration of the electronic medical record, the user generates trapdoor and identity information and retrieves data in the blockchain system; after the searching is successful, the blockchain node sends the searched data to the user, and if the identity information of the user accords with the access structure set by the patient, the storage address and the symmetric key of the electronic medical record data can be decrypted.
Because the access structure of the attribute-based encryption cannot be changed once the access structure is set, decryption can be performed only when the access structure accords with the setting of a patient, but in real life, a scene of temporarily accessing medical data of the patient exists, so that for the scene, a temporary visitor randomly generates a symmetric key, identity information and a public key are sent to a medical data owner, a data access application is initiated, the data owner verifies the identity, a symmetric key is generated, a storage address and an encryption key are encrypted, the data owner generates a re-encryption key for the data requester by utilizing the private key of the data owner and the public key of the data requester, the encryption key is converted into a key which can be decrypted by the data requester, the key is sent to the data requester, and the data requester obtains corresponding data of a required electronic medical record from an IPFS after decrypting by utilizing the key.
As shown in fig. 3, a data requestor submits trapdoors and identity information to a blockchain system that queries data using an encryption searchable algorithm, and terminates the query if the data does not exist; if the data exists, the queried data is returned to the data requester, and the identity of the data requester is judged.
If the identity of the data requester accords with the access structure, the data owner sends the retrieved data to the data requester, the data requester obtains the storage address of the electronic medical record after receiving and decrypting the data, downloads the data from the IPFS file system, and obtains the plaintext data of the electronic medical record after decrypting the data by using the symmetric key.
If the identity of the data requester does not accord with the access structure, the data requester initiates electronic medical record request information to the data owner, the data owner builds a new access structure, a re-encryption key is generated and sent to the blockchain system, a node of the blockchain system serves as a proxy node to execute re-encryption conversion, a re-encryption ciphertext generated after the re-encryption conversion is sent to the data requester, the data requester decrypts the re-encryption ciphertext to obtain a storage address and a symmetric key of the electronic medical record, the data requester obtains data from the IPFS through the storage address, and the symmetric key is used for decryption to obtain plaintext data of the electronic medical record.
The invention merges the blockchain and the IPFS file system, realizes the distributed storage under the complete ciphertext chain of the medical electronic medical record and the sharing on the key data chain, establishes a safe and efficient electronic medical record data sharing method, and ensures the safe sharing of the electronic medical record data in a decentralization mode under the scene of multiple medical institutions.
Example 2
As shown in fig. 4, an embodiment of the present application provides a blockchain-based electronic medical record sharing system, which includes an authority center initialization module 10, an electronic medical record encryption module 20, an electronic medical record access module 30, an electronic medical record storage module 40, an electronic medical record search module 50 and an electronic medical record decryption module 60 that are sequentially connected;
the authority center initialization module 10 is used for the authority center to generate a system public key and a system master key required by the blockchain system according to the security parameters input into the blockchain system; the authority center generates a private key of the user according to the system public key, the system master key and the attribute set of the user;
the electronic medical record encryption module 20 is used for encrypting the electronic medical record data by the patient by adopting a symmetric encryption algorithm to generate a medical record ciphertext, uploading the medical record ciphertext to the IPFS file system, and obtaining a storage address of the medical record ciphertext;
an electronic medical record access module 30, configured to construct an access structure according to the data owner, extract a keyword set from the electronic medical record data and encrypt the keyword set using a search key, thereby generating a security index; encrypting the storage address and the symmetric key by the data owner by using an attribute-based encryption algorithm;
an electronic medical record storage module 40 for storing the security index, the symmetric key and the storage address into the blockchain system;
an electronic medical record searching module 50 for searching and inquiring the electronic medical record data from the blockchain system by submitting trapdoor and identity information;
and the electronic medical record decryption module is used for matching the data requester with the access structure by the block chain system, and decrypting medical record ciphertext by the data requester after the matching is successful to obtain electronic medical record data.
As shown in fig. 5, the embodiment of the present application further provides a computer device 21, including a memory 211 and a processor 210, where the memory 211 is electrically connected to the processor 210, and the memory 211 stores a computer program 212, and when the computer program 212 is executed by the processor 211, the processor 211 implements the steps of a blockchain-based electronic medical record sharing method according to any of the foregoing embodiments.
Wherein the processor 210 may include one or more processing cores. The processor 210 performs various functions of the computer device 21 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 211, and invoking data in the memory 211, using various interfaces and lines to connect various parts within the computer device 21, alternatively, the processor 210 may be implemented in at least one hardware form of digital signal processing (Digital Signal Processing, DSP), field-programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programble Logic Array, PLA). The processor 210 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the touch display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 210 and may be implemented by a single chip.
The Memory 211 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 211 includes a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 211 may be used to store instructions, programs, code sets, or instruction sets. The memory 211 may include a storage program area and a storage data area, wherein the storage program area may store instructions for implementing an operating system, instructions for at least one function (such as touch instructions, etc.), instructions for implementing the above-described various method embodiments, etc.; the storage data area may store data or the like involved in the above respective method embodiments. The memory 211 may optionally also be at least one storage device located remotely from the aforementioned processor 210.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, when the computer program is executed by a processor, the processor implements the steps of the blockchain-based electronic medical record sharing method according to any one of the foregoing embodiments, and a specific implementation process may refer to a specific description of the foregoing embodiment, which is not repeated herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The present invention is not limited to the above embodiments, but is capable of modification and variation in detail, and other modifications and variations can be made by those skilled in the art without departing from the scope of the present invention.
Claims (10)
1. A block chain-based electronic medical record sharing method is characterized by comprising the following steps of: the method comprises the following steps:
s1, inputting security parameters into an authoritative center to generate a system master key and a system public key;
s2, the authority center generates a private key of the user according to the system public key, the system master key and the attribute set of the user;
s3, the patient finishes medical treatment, and the doctor generates and signs an electronic medical record;
s4, the patient verifies the correctness of the electronic medical record and generates a symmetric key;
s5, encrypting the electronic medical record according to the symmetric key, generating a medical record ciphertext and uploading the medical record ciphertext to an IPFS file system to obtain a storage address of the medical record ciphertext;
s6, generating a security index for the electronic medical record, and storing the symmetric key, the medical record ciphertext, the storage address and the security index into a blockchain system;
s7, the data requester of the electronic medical record performs data retrieval to the blockchain system by submitting trapdoor and identity information;
s8, the blockchain system matches the trapdoor with the security index, and after matching is successful, the search data is sent to the data requester;
s9, the data requester decrypts the retrieval data to obtain plaintext data of the electronic medical record.
2. The blockchain-based electronic medical record sharing method of claim 1, wherein: constructing an access structure by a data owner, and encrypting the storage address and the symmetric key by using an attribute-based encryption algorithm; wherein the data owner comprises the patient.
3. The electronic medical record sharing method based on blockchain as in claim 2, wherein the method comprises the steps of: and the data owner extracts the keyword set according to the electronic medical record and encrypts the keyword set by using a search key to generate the security index.
4. The blockchain-based electronic medical record sharing method of claim 1, wherein: the data requester generates the trapdoor according to the key words and the secret key; the data retrieval adopts a searchable encryption algorithm; the blockchain system adopts a keyword search algorithm to search the security index.
5. The electronic medical record sharing method based on blockchain as in claim 2, wherein the method comprises the steps of: the attribute of the data requester is not matched with the access structure, and then a data sharing request is sent to the data owner; the data owner builds a new access structure, generates a re-encryption key and sends it to the blockchain system.
6. The electronic medical record sharing method based on blockchain of claim 5, wherein the method comprises the steps of: the blockchain system performs a re-encryption transformation to generate and send a re-encrypted ciphertext to the data requester.
7. The blockchain-based electronic medical record sharing method of claim 6, wherein: the data requester decrypts the re-encrypted ciphertext to obtain the storage address, and downloads the medical record ciphertext from the IPFS file system; and decrypting the medical record ciphertext through the symmetric key to obtain plaintext data of the electronic medical record.
8. An electronic medical record sharing system based on a blockchain is characterized in that: the system comprises an authority center initialization module, an electronic medical record encryption module, an electronic medical record access module, an electronic medical record storage module, an electronic medical record search module and an electronic medical record decryption module which are connected in sequence;
the authority center initialization module is used for the authority center to generate a system public key and a system master key required by the blockchain system according to the security parameters input into the blockchain system; the authority center generates a private key of the user according to the system public key, the system master key and the attribute set of the user;
the electronic medical record encryption module is used for encrypting the electronic medical record data by a patient by adopting a symmetric encryption algorithm to generate medical record ciphertext, uploading the medical record ciphertext to the IPFS file system, and obtaining a storage address of the medical record ciphertext;
the electronic medical record access module is used for constructing an access structure by a data owner, extracting a keyword set according to the electronic medical record data and encrypting the keyword set by using a search key so as to generate a security index; the data owner encrypts the storage address and the symmetric key using an attribute-based encryption algorithm;
the electronic medical record storage module is used for storing the security index, the symmetric key and the storage address into the blockchain system;
the electronic medical record searching module is used for searching and inquiring the electronic medical record data from the blockchain system by submitting trapdoor and identity information by a data requester;
the electronic medical record decryption module is used for matching the data requester with the access structure by the blockchain system, and after the matching is successful, the data requester decrypts the medical record ciphertext to obtain the electronic medical record data.
9. A computer device comprising a memory and a processor, the memory being electrically connected to the processor, the memory storing a computer program, characterized in that: the computer program, when executed by the processor, causes the processor to implement the method of any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, characterized in that: the computer program, when executed by a processor, implements the method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310223775.4A CN116469501A (en) | 2023-03-09 | 2023-03-09 | Electronic medical record sharing method, system, equipment and storage medium based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310223775.4A CN116469501A (en) | 2023-03-09 | 2023-03-09 | Electronic medical record sharing method, system, equipment and storage medium based on blockchain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116469501A true CN116469501A (en) | 2023-07-21 |
Family
ID=87183207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310223775.4A Pending CN116469501A (en) | 2023-03-09 | 2023-03-09 | Electronic medical record sharing method, system, equipment and storage medium based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116469501A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117792604A (en) * | 2023-12-26 | 2024-03-29 | 兰州理工大学 | Block chain transaction data storage and access method combining chain up-chain and chain down-chain |
| CN117874144A (en) * | 2024-03-11 | 2024-04-12 | 西康软件有限责任公司 | Medical data sharing method, device, equipment and storage medium based on blockchain |
-
2023
- 2023-03-09 CN CN202310223775.4A patent/CN116469501A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117792604A (en) * | 2023-12-26 | 2024-03-29 | 兰州理工大学 | Block chain transaction data storage and access method combining chain up-chain and chain down-chain |
| CN117792604B (en) * | 2023-12-26 | 2024-05-24 | 兰州理工大学 | Block chain transaction data storage and access method combining chain up-chain and chain down-chain |
| CN117874144A (en) * | 2024-03-11 | 2024-04-12 | 西康软件有限责任公司 | Medical data sharing method, device, equipment and storage medium based on blockchain |
| CN117874144B (en) * | 2024-03-11 | 2024-05-28 | 西康软件有限责任公司 | Medical data sharing method, device, equipment and storage medium based on blockchain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Cloud-assisted EHR sharing with security and privacy preservation via consortium blockchain | |
| Avudaiappan et al. | Medical image security using dual encryption with oppositional based optimization algorithm | |
| Xu et al. | Achieving searchable and privacy-preserving data sharing for cloud-assisted E-healthcare system | |
| CN112019591B (en) | Cloud data sharing method based on block chain | |
| CN110086608B (en) | User authentication method, device, computer equipment and computer readable storage medium | |
| CN101593196B (en) | Method, device and system for rapidly searching ciphertext | |
| TWI463857B (en) | Weight authentication and secret retrieval | |
| CN108092766B (en) | Ciphertext search authority verification method and system | |
| CN116469501A (en) | Electronic medical record sharing method, system, equipment and storage medium based on blockchain | |
| CN112365945B (en) | Electronic medical record fine granularity access control and ciphertext searchable method based on blockchain | |
| CN106657059A (en) | Database query method and system having access control function | |
| CN108171066A (en) | The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection | |
| CN111107094B (en) | Lightweight ground-oriented medical Internet of things big data sharing system | |
| CN114048448A (en) | Block chain based dynamic searchable encryption method and device | |
| CN108632385B (en) | Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure | |
| Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
| Picazo-Sanchez et al. | Two RFID Standard-based Security protocols for healthcare environments | |
| CN115987592A (en) | Block chain-based mobile medical internet of things fine-grained access control method and system | |
| WO2018070932A1 (en) | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure | |
| Ma et al. | Cp‐abe‐based secure and verifiable data deletion in cloud | |
| CN109344637A (en) | A kind of data sharing cloud auxiliary electron medical system can search for and protect privacy | |
| CN113836571B (en) | Medical data possession terminal position matching method and system based on cloud and blockchain | |
| Xu et al. | A privacy-preserving and efficient data sharing scheme with trust authentication based on blockchain for mHealth | |
| CN113468440A (en) | Anonymous query method for protecting location privacy based on SF-blind filtering protocol | |
| CN116668149A (en) | Electronic medical data sharing method based on policy hiding and attribute updating |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |