CN117373599A - Medical information sharing system and method based on block chain - Google Patents

Medical information sharing system and method based on block chain Download PDF

Info

Publication number
CN117373599A
CN117373599A CN202311625219.6A CN202311625219A CN117373599A CN 117373599 A CN117373599 A CN 117373599A CN 202311625219 A CN202311625219 A CN 202311625219A CN 117373599 A CN117373599 A CN 117373599A
Authority
CN
China
Prior art keywords
signature
data
information sharing
public key
medical record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311625219.6A
Other languages
Chinese (zh)
Other versions
CN117373599B (en
Inventor
徐熠
李超
祁良辉
匡翌婕
董逢华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Tianyu Information Industry Co Ltd
Original Assignee
Wuhan Tianyu Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Tianyu Information Industry Co Ltd filed Critical Wuhan Tianyu Information Industry Co Ltd
Priority to CN202311625219.6A priority Critical patent/CN117373599B/en
Publication of CN117373599A publication Critical patent/CN117373599A/en
Application granted granted Critical
Publication of CN117373599B publication Critical patent/CN117373599B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The application provides a medical information sharing system and method based on a blockchain. The information sharing application is used for signing the uploading data carried by the preset request according to the first private key to obtain a first signature, signing the uploading data according to the second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the block chain access layer; and the block chain access layer is used for signing the uploaded data according to a third private key to obtain a third signature if the second signature passes the signature verification, and sending the uploaded data, the first signature and the third signature to the intelligent contract. The intelligent contract is used for responding to the preset request to execute related operations if the first signature and the third signature pass the signature verification. By the method and the device, the premise that the preset request is responded is that the source of the uploaded data is legal and not tampered, and the initiator of the preset request has operation authority, so that the data security is further improved.

Description

Medical information sharing system and method based on block chain
Technical Field
The application relates to the technical field of blockchains, in particular to a medical information sharing system and method based on a blockchain.
Background
Currently, in the design and construction of medical conjuncts of hospitals at all levels, the realization of hierarchical diagnosis and treatment reform and the optimization of the uniformity of the distribution of medical resource areas are all problems to be solved urgently. In addition, the diagnosis and treatment data in each hospital follow the principle that the data is not discharged, so that the medical diagnosis data cannot be effectively shared among a plurality of hospitals, and the problem of repeated medical resource waste such as one disease and multiple diagnosis is avoided.
In the related art, the blockchain technology is applied to the medical information sharing system, on one hand, the data sharing purpose of a plurality of hospitals in a medical conjunct is achieved based on the safety, the non-tamper property and the like of the blockchain technology, and therefore the medical resource waste of one disease and multiple diagnosis is avoided. On the other hand, the aim of decentralizing the data is achieved by means of the block chain technology, and the safety and the authenticity of the data are improved. However, the existing medical information sharing system based on the blockchain has defects in the design of a data security part, cannot ensure the security of data in the transmission process, and cannot ensure that the operation of the data has corresponding operation authority.
Disclosure of Invention
The application provides a medical information sharing system and method based on a blockchain, which can solve the technical problems that the medical information sharing system based on the blockchain in the prior art cannot ensure the safety of data in the transmission process and cannot ensure that the operation aiming at the data has corresponding operation authority.
In a first aspect, embodiments of the present application provide a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract;
the information sharing application is used for signing uploading data carried by a preset request according to a first private key to obtain a first signature, signing the uploading data according to a second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer is used for checking the second signature according to the uploaded data and the second public key, if the second signature passes the check, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
the intelligent contract is used for checking a third signature according to the uploading data and the third public key, if the third signature passes the checking, the first signature is checked according to the uploading data and the target public key, if the first signature passes the checking, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record uploading request, the uploading data is medical record data, and the target public key is an owner public key of the medical record data;
the intelligent contract is used for determining the public keys of owners of the medical record data from public keys of all registered patients according to patient information in the medical record data if the third signature passes the signature verification, verifying the first signature according to the medical record data and the public keys of the owners thereof, and storing the medical record data if the first signature passes the signature verification, wherein the public keys of all registered patients are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier;
the intelligent contract is used for checking the first signature according to the medical record identifier and the public keys of owners of the target medical record data if the third signature passes the check, and marking the public key to be authorized as the public key of the authorizer of the target medical record data if the first signature passes the check and the public key to be authorized is the public key of the registered doctor, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of target medical record data corresponding to the medical record identifier;
and if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the owner public key and the authorizer public key of the target medical record data, and if the first signature passes the signature verification, the target medical record data is returned to the initiator of the medical record checking request through the blockchain access layer and the information sharing application.
Further, in an embodiment, the smart contract is configured to calculate a first public key according to the first signature and the medical record identifier, and if the first public key is an owner public key or an authorizer public key of the target medical record data, the first signature passes the signature verification.
Further, in an embodiment, the smart contract is further configured to sign the issued data according to a fourth private key to obtain a fourth signature, and return the issued data and the fourth signature to the blockchain access layer, where the fourth private key is preset in the smart contract;
the block chain access layer is further configured to check a fourth signature according to the issued data and a fourth public key, if the fourth signature passes the check, sign the issued data according to a third private key to obtain a fifth signature, and return the issued data and the fifth signature to the information sharing application, where the fourth public key is preset in the block chain access layer;
the information sharing application is further configured to perform signature verification on the fifth signature according to the issued data and the third public key, and if the fifth signature passes the signature verification, perform a related operation on the issued data, where the third public key is preset in the information sharing application.
Further, in an embodiment, the information sharing application is further configured to encrypt the uploaded data, the first signature and the second signature according to a symmetric key, so as to send the uploaded data, the first signature and the second signature to the blockchain access layer in a ciphertext form, where the symmetric key is preset in the information sharing application;
the block chain access layer is further used for decrypting the uploading data in the ciphertext form, the first signature and the second signature according to a symmetric key, wherein the symmetric key is pre-arranged in the block chain access layer;
the block chain access layer is further used for encrypting the issued data and the fifth signature according to the symmetric key so as to return the issued data and the fifth signature to the information sharing application in a ciphertext mode;
the information sharing application is further configured to decrypt the ciphertext-form of the transmitted data and the fifth signature based on the symmetric key.
Further, in an embodiment, the information sharing application is further configured to generate a temporary public-private key pair, and send a public key of the temporary public-private key pair to the blockchain access layer;
the block chain access layer is also used for generating a symmetric key, encrypting the symmetric key according to the public key of the temporary public-private key pair, and returning the symmetric key in a ciphertext form to the information sharing application after encryption;
the information sharing application is also used for decrypting the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroying the temporary public-private key pair after decrypting.
Further, in an embodiment, the blockchain access layer is further configured to verify a source IP of the data packet corresponding to the uploaded data, the first signature, and the second signature, where if the source IP is consistent with the IP of the information sharing application and the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature.
In a second aspect, an embodiment of the present application further provides a blockchain-based medical information sharing method applied to a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract, the blockchain-based medical information sharing method including:
the information sharing application signs uploading data carried by a preset request according to a first private key to obtain a first signature, signs the uploading data according to a second private key to obtain a second signature, and sends the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer performs signature verification on the second signature according to the uploaded data and the second public key, if the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
and the intelligent contract performs signature verification on the third signature according to the uploading data and the third public key, if the third signature passes the signature verification, the first signature is subjected to signature verification according to the uploading data and the target public key, and if the first signature passes the signature verification, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
In the application, the second signature verification is derived from the information sharing application and is not tampered by indicating that the uploading data received by the blockchain access layer is derived from the blockchain access layer and is not tampered by indicating that the uploading data received by the intelligent contract is derived from the blockchain access layer, and the first signature verification is provided with the operation authority by indicating that the initiator of the preset request. By the method and the device, the premise that the preset request is responded is that the source of the uploaded data is legal and not tampered, and the initiator of the preset request has operation authority, so that the data security is further improved.
Drawings
FIG. 1 is a block chain based medical information sharing system architecture according to one embodiment of the present application;
FIG. 2 is a timing diagram of data uploading in an embodiment of the present application;
FIG. 3 is a timing diagram of data distribution in an embodiment of the present application;
FIG. 4 is a timing diagram of symmetric key generation in one embodiment of the present application;
FIG. 5 is a flowchart of a block chain based medical information sharing method according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will clearly and completely describe the technical solution in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In a first aspect, embodiments of the present application provide a blockchain-based medical information sharing system.
FIG. 1 is a schematic diagram of a block chain based medical information sharing system according to an embodiment of the present application.
Referring to FIG. 1, in one embodiment, a blockchain-based medical information sharing system includes an information sharing application, a blockchain access layer, and a smart contract. Specifically, the intelligent contracts are arranged on the blockchain nodes, and the information sharing application, the blockchain access layer and the blockchain nodes are all deployed inside hospitals of all medical conjuncts. The independent medical records, diagnosis and other data of each department in the internal hospital system are transmitted to the blockchain access layer through the information sharing application and then transmitted into the intelligent contract on the blockchain node through the blockchain access layer. Personnel operating the information sharing application mainly include hospital data administrators, doctors, and patients, wherein the operation of patients is typically performed under the direction of or instead performed by the hospital data administrators.
The information sharing application is used for signing the uploading data carried by the preset request according to a first private key to obtain a first signature, signing the uploading data according to a second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application. Specifically, the initiator of the preset request mainly comprises a doctor and a patient, and the uploading data carried by the preset request is data such as medical records, diagnoses and the like. The first private key belongs to the user private key, the first private key cannot be stored in the information sharing application, the record is deleted after the signature is finished, and the privacy of the user private key is ensured.
The block chain access layer is used for checking the second signature according to the uploaded data and the second public key, if the second signature passes the check, the uploaded data is signed according to the third private key to obtain the third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are preset in the block chain access layer. The intelligent contract is used for checking the third signature according to the uploading data and the third public key, if the third signature passes the checking, the first signature is checked according to the uploading data and the target public key, if the first signature passes the checking, the related operation is executed in response to the preset request, wherein the third public key and the target public key are preset in the intelligent contract.
In this embodiment, the first signature is used to represent the identity of the initiator of the preset request, and the second and third signatures are used to represent the source of the uploaded data. The second signature verification is carried out by indicating that the uploading data received by the blockchain access layer is derived from the information sharing application and is not tampered, the third signature verification is carried out by indicating that the uploading data received by the intelligent contract is derived from the blockchain access layer and is not tampered, and the first signature verification is carried out by indicating that an initiator of a preset request has operation authority. By the embodiment, the precondition that the preset request is responded is that the source of the uploaded data is legal and not tampered, and the initiator of the preset request has the operation authority, so that the data security is further improved. In addition, the signature operation in the embodiment is executed locally, transmission of private key data is not involved, and private key leakage risk is reduced, so that data security is ensured.
Optionally, the second public-private key pair and the third public-private key pair are privately negotiated and saved in the hospital and are replaced regularly, so that the reliability of the second signature and the third signature on the verification result of the legal source of the data is ensured.
In the following, three preset requests, namely a medical record uploading request, a medical record authorizing request and a medical record viewing request, which are commonly used in a medical information sharing scene are taken as examples, so that details of the application are further described.
In an embodiment, when the preset request is a medical record uploading request, the uploading data is medical record data, and the target public key is an owner public key of the medical record data. The intelligent contract is used for determining the public keys of owners of the medical record data from the public keys of all registered patients according to patient information in the medical record data if the third signature passes the signature verification, verifying the first signature according to the medical record data and the public keys of the owners thereof, and storing the medical record data if the first signature passes the signature verification, wherein the public keys of all registered patients are preset in the intelligent contract.
In this embodiment, the first signature verification indicates that the initiator of the medical record uploading request is the owner of the medical record data, or that the medical record uploading request has the operation authority of medical record uploading after the agreement of the owner of the medical record data.
In an embodiment, when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier. The intelligent contract is used for checking the first signature according to the medical record identifier and the public keys of owners of the target medical record data if the third signature passes the checking, and marking the public key to be authorized as the public key of the authorizer of the target medical record data if the first signature passes the checking and the public key to be authorized is the public key of the registered doctor, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
In this embodiment, the first signature verification indicates that the initiator of the medical record authorization request is the owner of the medical record data, or that the medical record authorization request has the operation authority of medical record authorization after the approval of the owner of the medical record data. In this embodiment, in addition to verifying the operation authority of the request initiator, the identity corresponding to the public key to be authorized is verified, so that the authorizer needs to be ensured to be a registered doctor. Specifically, the medical record identifier is included in the medical record data, the public key of the registered doctor is disclosed to the outside, and the request initiator can acquire the public key of the registered doctor as the public key to be authorized through operations such as code scanning and the like.
Optionally, the information sharing application is further configured to enable the user to perform a registration operation, generate a public-private key pair of the user when registration is completed, and destroy the public-private key pair of the user after registration is completed, where the private key of the registered user is kept by the user, and the public key of the registered user is stored in the intelligent contract. User types include patients and doctors.
Further, in an embodiment, when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of the target medical record data corresponding to the medical record identifier. The intelligent contract is used for checking the first signature according to the medical record identification and the owner public key and the authorizer public key of the target medical record data if the third signature passes, and returning the target medical record data to the initiator of the medical record checking request through the blockchain access layer and the information sharing application if the first signature passes.
In this embodiment, the first signature verification indicates that the initiator of the medical record viewing request is the owner (patient) or the authorizer (doctor) of the medical record data, or the medical record viewing request has the operation authority of medical record viewing after the consent of the owner of the medical record data. Because the identity of the authorizer is ensured to be a registered doctor in the medical record authorization process, in the case that the request initiator is not the owner of the medical record data, the request initiator does not need to be verified whether the identity of the request initiator is the registered doctor or not, and whether the request initiator is the authorizer of the medical record data or not is verified directly in the embodiment.
Optionally, to ensure the safety of the system operation, a redundant verification link may be set according to the actual situation. For example, the general identity of the request initiator is verified by the first signature to be a registered user (patient or doctor), and then the specific identity (owner or authorizer of medical record data) is further verified, so that the potential safety hazard of data caused by irregular path marking of the public key of the owner or the public key of the authorizer is avoided.
Further, in an embodiment, the smart contract is configured to calculate a first public key according to the first signature and the medical record identifier, and if the first public key is an owner public key or an authorizer public key of the target medical record data, the first signature passes the signature verification.
The conventional signature verification operation is to decrypt the signature by using a public key to obtain a digest A, hash the original text by using a hash function to obtain a digest B, and compare the contents of the digest A and the digest B. The medical record checking request needs to check the first signature to try to find out the public key matched with the first private key from a plurality of public keys (an owner public key and an authorizer public key, and the authorizer public key is usually more than one), if the conventional checking operation is adopted, multiple times of decryption and hash processing are needed besides multiple times of comparison, and the operation amount is large. According to the embodiment, the signature verification of the first signature can be completed through one-time reverse calculation and multiple comparison, so that the operation amount is reduced, and the processing speed is improved.
For example, the public and private key pair of the user can be generated through an elliptic curve algorithm, wherein the public key data can be obtained by calculating private key data through the elliptic curve algorithm, and can also be obtained by calculating three data of r, s and v of a signature value and the original text through the elliptic curve algorithm.
Further, in an embodiment, the smart contract is further configured to sign the issued data according to a fourth private key to obtain a fourth signature, and return the issued data and the fourth signature to the blockchain access layer, where the fourth private key is preset in the smart contract. The blockchain access layer is further configured to check the fourth signature according to the issued data and the fourth public key, if the fourth signature passes the check, then sign the issued data according to the third private key to obtain a fifth signature, and return the issued data and the fifth signature to the information sharing application, where the fourth public key is preset in the blockchain access layer. The information sharing application is further configured to perform signature verification on the fifth signature according to the issued data and a third public key, and if the signature verification of the fifth signature passes, perform a related operation on the issued data, where the third public key is preset in the information sharing application.
In this embodiment, the fourth signature and the fifth signature are used to represent the source of the issued data, the fourth signature verifies that the issued data received by the blockchain access layer originates from the intelligent contract and is not tampered, and the fifth signature verifies that the issued data received by the information sharing application originates from the blockchain access layer and is not tampered, so that the data security is further improved. The signature operation in the embodiment is executed locally, does not involve transmission of private key data, and is beneficial to reducing the risk of private key leakage, so that the data security is ensured.
Optionally, the second public-private key pair, the third public-private key pair and the fourth public-private key pair are privately negotiated and stored in the hospital, and are replaced regularly, so that the reliability of the verification results of the second signature to the fifth signature on the legal source of the data is ensured.
FIG. 2 shows a timing diagram of data upload in an embodiment of the present application; fig. 3 shows a timing diagram of data delivery in an embodiment of the present application.
Further, in an embodiment, referring to fig. 2, the information sharing application is further configured to encrypt the upload data, the first signature, and the second signature according to a symmetric key, so as to send the upload data, the first signature, and the second signature to the blockchain access layer in a ciphertext form, where the symmetric key is pre-placed in the information sharing application. The block chain access layer is further configured to decrypt the uploaded data in the ciphertext form, the first signature, and the second signature according to a symmetric key, where the symmetric key is pre-placed in the block chain access layer. Referring to fig. 3, the blockchain access layer is further configured to encrypt the outgoing data and the fifth signature according to the symmetric key to return the outgoing data and the fifth signature to the information sharing application in ciphertext. The information sharing application is further configured to decrypt the ciphertext-form of the transmitted data and the fifth signature based on the symmetric key.
In this embodiment, the symmetric key encryption is performed on the basis of SSL (Secure Sockets Layer, secure socket layer) communication protocol encryption. Because the communication related to the information sharing application comprises intranet communication and extranet communication, the data transmission between the information sharing application and the blockchain access layer is additionally encrypted through the symmetric key, so that the data security is further improved. The blockchain access layer and the intelligent contracts only relate to intranet communication, and no additional encryption is needed. The signing operation and the encrypting operation in the embodiment are carried out locally, transmission of private key data is not involved, private key leakage risk is reduced, and therefore data security is ensured.
Fig. 4 shows a timing diagram of symmetric key generation in an embodiment of the present application.
Further, in an embodiment, referring to fig. 4, the information sharing application is further configured to generate a temporary public-private key pair, and send a public key of the temporary public-private key pair to the blockchain access layer. The block chain access layer is also used for generating a symmetric key, encrypting the symmetric key according to the public key of the temporary public-private key pair, and returning the symmetric key in the ciphertext form to the information sharing application after encryption. The information sharing application is also used for decrypting the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroying the temporary public-private key pair after decrypting.
In the embodiment, in the whole process of symmetric key generation, the symmetric key is not transmitted in a plaintext form, and the temporary public-private key pair is destroyed after use, so that the security of the symmetric key is ensured.
Alternatively, the symmetric encryption algorithm referred to in the present application may employ AES (Advanced Encryption Standard ) algorithm, national secret SM4 algorithm, or the like, and the asymmetric encryption algorithm may employ RSA algorithm, elliptic curve algorithm, national secret SM2 algorithm, or the like.
Further, in an embodiment, the blockchain access layer is further configured to verify a source IP of the data packet corresponding to the uploaded data, the first signature, and the second signature, where if the source IP is consistent with an IP of the information sharing application and the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature.
In this embodiment, for the characteristics of the information sharing application that there is external network communication, by verifying whether the source IP of the data packet is consistent with the IP of the information sharing application, the source of the data packet is verified from the communication protocol layer, so as to further improve data security and avoid potential safety hazards caused by leakage of the second key.
In a second aspect, embodiments of the present application also provide a blockchain-based medical information sharing method applied to a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract.
Fig. 5 is a flowchart illustrating a medical information sharing method based on blockchain in an embodiment of the present application.
Referring to fig. 5, the blockchain-based medical information sharing method includes:
s11, the information sharing application signs uploading data carried by a preset request according to a first private key to obtain a first signature, signs the uploading data according to a second private key to obtain a second signature, and sends the uploading data, the first signature and the second signature to a block chain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
s12, the block chain access layer carries out signature verification on the second signature according to the uploaded data and the second public key, if the second signature passes the signature verification, the uploaded data is signed according to the third private key to obtain the third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are preset in the block chain access layer;
s13, the intelligent contract performs signature verification on the third signature according to the uploading data and the third public key, if the third signature passes the signature verification, the first signature is subjected to signature verification according to the uploading data and the target public key, if the first signature passes the signature verification, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record uploading request, the uploading data is medical record data, and the target public key is an owner public key of the medical record data;
if the third signature passes, the first signature is checked according to the uploading data and the target public key, and if the first signature passes, the step of responding to the preset request to execute the related operation comprises the following steps:
if the third signature passes the signature verification, determining the public keys of owners of the medical record data from the public keys of all registered patients according to the patient information in the medical record data, verifying the first signature according to the medical record data and the public keys of the owners thereof, and if the first signature passes the signature verification, storing the medical record data, wherein the public keys of all registered patients are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier;
if the third signature passes, the first signature is checked according to the uploading data and the target public key, and if the first signature passes, the step of responding to the preset request to execute the related operation comprises the following steps:
if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the public keys of owners of the target medical record data, and if the first signature passes the signature verification and the public key to be authorized is the public key of the registered doctor, the public key to be authorized is marked as the public key of the authorizer of the target medical record data, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of target medical record data corresponding to the medical record identifier;
if the third signature passes, the first signature is checked according to the uploading data and the target public key, and if the first signature passes, the step of responding to the preset request to execute the related operation further comprises:
if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the owner public key and the authorizer public key of the target medical record data, and if the first signature passes the signature verification, the target medical record data is returned to the initiator of the medical record checking request through the blockchain access layer and the information sharing application.
Further, in an embodiment, the medical information sharing method based on the blockchain further includes:
the intelligent contract signs the issued data according to a fourth private key to obtain a fourth signature, and returns the issued data and the fourth signature to the block chain access layer, wherein the fourth private key is preset in the intelligent contract;
the block chain access layer performs signature verification on the fourth signature according to the issued data and the fourth public key, if the fourth signature passes the signature verification, the issued data is signed according to the third private key to obtain a fifth signature, and the issued data and the fifth signature are returned to the information sharing application, wherein the fourth public key is preset in the block chain access layer;
and the information sharing application performs signature verification on the fifth signature according to the issued data and the third public key, and if the fifth signature passes the signature verification, related operation is executed for the issued data, wherein the third public key is preset in the information sharing application.
Further, in an embodiment, before the step of sending the upload data, the first signature and the second signature to the blockchain access layer, the method further includes:
the information sharing application encrypts the uploading data, the first signature and the second signature according to the symmetric key so as to send the uploading data, the first signature and the second signature to the blockchain access layer in a ciphertext form, wherein the symmetric key is pre-arranged in the information sharing application;
before the step of signing the second signature based on the uploaded data and the second public key, further comprising:
the block chain access layer decrypts the uploading data in the ciphertext form, the first signature and the second signature according to the symmetric key, wherein the symmetric key is pre-arranged in the block chain access layer;
before the step of returning the issue data and the fifth signature to the information sharing application, further comprising:
the block chain access layer encrypts the issued data and the fifth signature according to the symmetric key so as to return the issued data and the fifth signature to the information sharing application in a ciphertext mode;
before the step of signing the fifth signature according to the issued data and the third public key, the method further comprises:
the information sharing application decrypts the cryptographically transmitted data and the fifth signature according to the symmetric key.
Further, in an embodiment, the medical information sharing method based on the blockchain further includes:
the information sharing application generates a temporary public-private key pair and sends a public key of the temporary public-private key pair to the block chain access layer;
the block chain access layer generates a symmetric key, encrypts the symmetric key according to the public key of the temporary public-private key pair, and returns the symmetric key in a ciphertext form to the information sharing application after encryption;
the information sharing application decrypts the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroys the temporary public-private key pair after decrypting.
Further, in an embodiment, before the step of signing the first signature according to the uploaded data and the target public key, the method further includes:
the block chain access layer verifies source IP of the data packet corresponding to the uploaded data, the first signature and the second signature, wherein if the source IP is consistent with the IP of the information sharing application and the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature.
The analysis of each step in the medical information sharing method based on the blockchain corresponds to the functions and implementation processes of each component in the medical information sharing system based on the blockchain, and are not described in detail herein.
It should be noted that, the foregoing embodiment numbers are merely for describing the embodiments, and do not represent the advantages and disadvantages of the embodiments.
The terms "comprising" and "having" and any variations thereof in the description and claims of the present application and in the foregoing drawings are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The terms "first," "second," and "third," etc. are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order, and are not limited to the fact that "first," "second," and "third" are not identical.
In the description of embodiments of the present application, "exemplary," "such as," or "for example," etc., are used to indicate an example, instance, or illustration. Any embodiment or design described herein as "exemplary," "such as" or "for example" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary," "such as" or "for example," etc., is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, "/" means or, for example, a/B may represent a or B; the text "and/or" is merely an association relation describing the associated object, and indicates that three relations may exist, for example, a and/or B may indicate: the three cases where a exists alone, a and B exist together, and B exists alone, and in addition, in the description of the embodiments of the present application, "plural" means two or more than two.
In some of the processes described in the embodiments of the present application, a plurality of operations or steps occurring in a particular order are included, but it should be understood that these operations or steps may be performed out of the order in which they occur in the embodiments of the present application or in parallel, the sequence numbers of the operations merely serve to distinguish between the various operations, and the sequence numbers themselves do not represent any order of execution. In addition, the processes may include more or fewer operations, and the operations or steps may be performed in sequence or in parallel, and the operations or steps may be combined.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising several instructions for causing a terminal device to perform the method described in the various embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the claims, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application, or direct or indirect application in other related technical fields are included in the scope of the claims of the present application.

Claims (10)

1. A blockchain-based medical information sharing system, wherein the blockchain-based medical information sharing system includes an information sharing application, a blockchain access layer, and an intelligent contract;
the information sharing application is used for signing uploading data carried by a preset request according to a first private key to obtain a first signature, signing the uploading data according to a second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer is used for checking the second signature according to the uploaded data and the second public key, if the second signature passes the check, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
the intelligent contract is used for checking a third signature according to the uploading data and the third public key, if the third signature passes the checking, the first signature is checked according to the uploading data and the target public key, if the first signature passes the checking, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
2. The blockchain-based medical information sharing system of claim 1, wherein when the preset request is a medical record upload request, the upload data is medical record data, and the target public key is an owner public key of the medical record data;
the intelligent contract is used for determining the public keys of owners of the medical record data from public keys of all registered patients according to patient information in the medical record data if the third signature passes the signature verification, verifying the first signature according to the medical record data and the public keys of the owners thereof, and storing the medical record data if the first signature passes the signature verification, wherein the public keys of all registered patients are preset in the intelligent contract.
3. The blockchain-based medical information sharing system of claim 1, wherein when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier;
the intelligent contract is used for checking the first signature according to the medical record identifier and the public keys of owners of the target medical record data if the third signature passes the check, and marking the public key to be authorized as the public key of the authorizer of the target medical record data if the first signature passes the check and the public key to be authorized is the public key of the registered doctor, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
4. The blockchain-based medical information sharing system of claim 3, wherein when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of target medical record data corresponding to the medical record identifier;
and if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the owner public key and the authorizer public key of the target medical record data, and if the first signature passes the signature verification, the target medical record data is returned to the initiator of the medical record checking request through the blockchain access layer and the information sharing application.
5. The blockchain-based medical information sharing system of claim 4, wherein the smart contract is configured to calculate a first public key based on the first signature and the medical record identifier, and wherein the first signature passes the verification if the first public key is an owner public key or an authorizer public key of the target medical record data.
6. The blockchain-based medical information sharing system of any of claims 1-5, wherein the smart contract is further configured to sign the outgoing data according to a fourth private key to obtain a fourth signature, and return the outgoing data and the fourth signature to the blockchain access layer, wherein the fourth private key is pre-placed in the smart contract;
the block chain access layer is further configured to check a fourth signature according to the issued data and a fourth public key, if the fourth signature passes the check, sign the issued data according to a third private key to obtain a fifth signature, and return the issued data and the fifth signature to the information sharing application, where the fourth public key is preset in the block chain access layer;
the information sharing application is further configured to perform signature verification on the fifth signature according to the issued data and the third public key, and if the fifth signature passes the signature verification, perform a related operation on the issued data, where the third public key is preset in the information sharing application.
7. The blockchain-based medical information sharing system of claim 6, wherein the information sharing application is further configured to encrypt the uploaded data, the first signature, and the second signature according to a symmetric key to send the uploaded data, the first signature, and the second signature in ciphertext form to the blockchain access layer, wherein the symmetric key is pre-placed to the information sharing application;
the block chain access layer is further used for decrypting the uploading data in the ciphertext form, the first signature and the second signature according to a symmetric key, wherein the symmetric key is pre-arranged in the block chain access layer;
the block chain access layer is further used for encrypting the issued data and the fifth signature according to the symmetric key so as to return the issued data and the fifth signature to the information sharing application in a ciphertext mode;
the information sharing application is further configured to decrypt the ciphertext-form of the transmitted data and the fifth signature based on the symmetric key.
8. The blockchain-based medical information sharing system of claim 7, wherein the information sharing application is further configured to generate a temporary public-private key pair, send a public key of the temporary public-private key pair to the blockchain access layer;
the block chain access layer is also used for generating a symmetric key, encrypting the symmetric key according to the public key of the temporary public-private key pair, and returning the symmetric key in a ciphertext form to the information sharing application after encryption;
the information sharing application is also used for decrypting the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroying the temporary public-private key pair after decrypting.
9. The blockchain-based medical information sharing system of any of claims 1-5, wherein the blockchain access layer is further configured to verify a source IP of the data packet corresponding to the uploaded data, the first signature, and the second signature, wherein if the source IP is consistent with the IP of the information sharing application and the second signature passes the signature verification, then signing the uploaded data according to a third private key to obtain a third signature.
10. A blockchain-based medical information sharing method applied to a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract, the blockchain-based medical information sharing method comprising:
the information sharing application signs uploading data carried by a preset request according to a first private key to obtain a first signature, signs the uploading data according to a second private key to obtain a second signature, and sends the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer performs signature verification on the second signature according to the uploaded data and the second public key, if the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
and the intelligent contract performs signature verification on the third signature according to the uploading data and the third public key, if the third signature passes the signature verification, the first signature is subjected to signature verification according to the uploading data and the target public key, and if the first signature passes the signature verification, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
CN202311625219.6A 2023-11-30 2023-11-30 Medical information sharing system and method based on block chain Active CN117373599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311625219.6A CN117373599B (en) 2023-11-30 2023-11-30 Medical information sharing system and method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311625219.6A CN117373599B (en) 2023-11-30 2023-11-30 Medical information sharing system and method based on block chain

Publications (2)

Publication Number Publication Date
CN117373599A true CN117373599A (en) 2024-01-09
CN117373599B CN117373599B (en) 2024-04-09

Family

ID=89396858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311625219.6A Active CN117373599B (en) 2023-11-30 2023-11-30 Medical information sharing system and method based on block chain

Country Status (1)

Country Link
CN (1) CN117373599B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109948367A (en) * 2019-03-27 2019-06-28 南京星链高科技发展有限公司 A kind of medical data authorization method based on block chain technology
CN111540449A (en) * 2020-04-03 2020-08-14 肾泰网健康科技(南京)有限公司 Electronic medical record sharing method based on block chain, electronic medical record interface and system
US20200381088A1 (en) * 2018-01-12 2020-12-03 Industrial Cooperation Foundation Chonbuk National University Method and system for clinical trial resource management using block chain
CN112434336A (en) * 2020-11-25 2021-03-02 深圳前海微众银行股份有限公司 Block chain-based electronic medical record sharing method, device and system and storage medium
CN112614558A (en) * 2020-12-26 2021-04-06 西安科锐盛创新科技有限公司 Electronic medical record sharing method based on block chain and electronic equipment
KR20210067353A (en) * 2019-11-29 2021-06-08 주식회사 아우룸블록체인 Method and system for storing and providing medical records by strengthening individual's control over medical records with multi-signature smart contract on blockchain
US20210375408A1 (en) * 2018-08-03 2021-12-02 Siemens Healthcare Gmbh Blockchain-based distribution of medical data records
KR20220005277A (en) * 2020-07-06 2022-01-13 코리 컴퍼니 리미티드 Method for management medical data based on blockchain and system for the method
CN114360673A (en) * 2021-10-18 2022-04-15 上海旺链信息科技有限公司 Block chain-based medical information sharing method, device, equipment and storage medium
CN115021903A (en) * 2022-05-23 2022-09-06 湖北工业大学 Electronic medical record sharing method and system based on block chain
CN117037988A (en) * 2023-08-22 2023-11-10 广州视景医疗软件有限公司 Electronic medical record storage method and device based on blockchain

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200381088A1 (en) * 2018-01-12 2020-12-03 Industrial Cooperation Foundation Chonbuk National University Method and system for clinical trial resource management using block chain
US20210375408A1 (en) * 2018-08-03 2021-12-02 Siemens Healthcare Gmbh Blockchain-based distribution of medical data records
CN109948367A (en) * 2019-03-27 2019-06-28 南京星链高科技发展有限公司 A kind of medical data authorization method based on block chain technology
KR20210067353A (en) * 2019-11-29 2021-06-08 주식회사 아우룸블록체인 Method and system for storing and providing medical records by strengthening individual's control over medical records with multi-signature smart contract on blockchain
CN111540449A (en) * 2020-04-03 2020-08-14 肾泰网健康科技(南京)有限公司 Electronic medical record sharing method based on block chain, electronic medical record interface and system
KR20220005277A (en) * 2020-07-06 2022-01-13 코리 컴퍼니 리미티드 Method for management medical data based on blockchain and system for the method
CN112434336A (en) * 2020-11-25 2021-03-02 深圳前海微众银行股份有限公司 Block chain-based electronic medical record sharing method, device and system and storage medium
CN112614558A (en) * 2020-12-26 2021-04-06 西安科锐盛创新科技有限公司 Electronic medical record sharing method based on block chain and electronic equipment
CN114360673A (en) * 2021-10-18 2022-04-15 上海旺链信息科技有限公司 Block chain-based medical information sharing method, device, equipment and storage medium
CN115021903A (en) * 2022-05-23 2022-09-06 湖北工业大学 Electronic medical record sharing method and system based on block chain
CN117037988A (en) * 2023-08-22 2023-11-10 广州视景医疗软件有限公司 Electronic medical record storage method and device based on blockchain

Also Published As

Publication number Publication date
CN117373599B (en) 2024-04-09

Similar Documents

Publication Publication Date Title
CN103138939B (en) Based on the key access times management method of credible platform module under cloud memory module
CN109377198A (en) A kind of signing system known together in many ways based on alliance's chain
CN101090316B (en) Identify authorization method between storage card and terminal equipment at off-line state
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN113553574A (en) Internet of things trusted data management method based on block chain technology
Tan et al. Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
CN111181928B (en) Vehicle diagnosis method, server, and computer-readable storage medium
US11831753B2 (en) Secure distributed key management system
Symeonidis et al. Sepcar: A secure and privacy-enhancing protocol for car access provision
CN105471833A (en) Safe communication method and device
US9215070B2 (en) Method for the cryptographic protection of an application
CN113886771A (en) Software authorization authentication method
CN114244534A (en) Data storage method, device, equipment and storage medium
CN111130775A (en) Key negotiation method, device and equipment
US20240089097A1 (en) Key update management system and key update management method
CN117373599B (en) Medical information sharing system and method based on block chain
CN113364803B (en) Block chain-based security authentication method for power distribution Internet of things
US20210111906A1 (en) Pseudonym credential configuration method and apparatus
CN114338091A (en) Data transmission method and device, electronic equipment and storage medium
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
CN113676330A (en) Digital certificate application system and method based on secondary key
Ibrahim et al. A secure framework for medical information exchange (MI-X) between healthcare providers
CN113301026A (en) Method for communication between servers
CN109104393B (en) Identity authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant