CN117373599A - Medical information sharing system and method based on block chain - Google Patents
Medical information sharing system and method based on block chain Download PDFInfo
- Publication number
- CN117373599A CN117373599A CN202311625219.6A CN202311625219A CN117373599A CN 117373599 A CN117373599 A CN 117373599A CN 202311625219 A CN202311625219 A CN 202311625219A CN 117373599 A CN117373599 A CN 117373599A
- Authority
- CN
- China
- Prior art keywords
- signature
- data
- information sharing
- public key
- medical record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012795 verification Methods 0.000 claims abstract description 66
- 239000003999 initiator Substances 0.000 claims abstract description 27
- 238000013475 authorization Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000003745 diagnosis Methods 0.000 description 6
- 238000013461 design Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 201000010099 disease Diseases 0.000 description 2
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The application provides a medical information sharing system and method based on a blockchain. The information sharing application is used for signing the uploading data carried by the preset request according to the first private key to obtain a first signature, signing the uploading data according to the second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the block chain access layer; and the block chain access layer is used for signing the uploaded data according to a third private key to obtain a third signature if the second signature passes the signature verification, and sending the uploaded data, the first signature and the third signature to the intelligent contract. The intelligent contract is used for responding to the preset request to execute related operations if the first signature and the third signature pass the signature verification. By the method and the device, the premise that the preset request is responded is that the source of the uploaded data is legal and not tampered, and the initiator of the preset request has operation authority, so that the data security is further improved.
Description
Technical Field
The application relates to the technical field of blockchains, in particular to a medical information sharing system and method based on a blockchain.
Background
Currently, in the design and construction of medical conjuncts of hospitals at all levels, the realization of hierarchical diagnosis and treatment reform and the optimization of the uniformity of the distribution of medical resource areas are all problems to be solved urgently. In addition, the diagnosis and treatment data in each hospital follow the principle that the data is not discharged, so that the medical diagnosis data cannot be effectively shared among a plurality of hospitals, and the problem of repeated medical resource waste such as one disease and multiple diagnosis is avoided.
In the related art, the blockchain technology is applied to the medical information sharing system, on one hand, the data sharing purpose of a plurality of hospitals in a medical conjunct is achieved based on the safety, the non-tamper property and the like of the blockchain technology, and therefore the medical resource waste of one disease and multiple diagnosis is avoided. On the other hand, the aim of decentralizing the data is achieved by means of the block chain technology, and the safety and the authenticity of the data are improved. However, the existing medical information sharing system based on the blockchain has defects in the design of a data security part, cannot ensure the security of data in the transmission process, and cannot ensure that the operation of the data has corresponding operation authority.
Disclosure of Invention
The application provides a medical information sharing system and method based on a blockchain, which can solve the technical problems that the medical information sharing system based on the blockchain in the prior art cannot ensure the safety of data in the transmission process and cannot ensure that the operation aiming at the data has corresponding operation authority.
In a first aspect, embodiments of the present application provide a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract;
the information sharing application is used for signing uploading data carried by a preset request according to a first private key to obtain a first signature, signing the uploading data according to a second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer is used for checking the second signature according to the uploaded data and the second public key, if the second signature passes the check, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
the intelligent contract is used for checking a third signature according to the uploading data and the third public key, if the third signature passes the checking, the first signature is checked according to the uploading data and the target public key, if the first signature passes the checking, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record uploading request, the uploading data is medical record data, and the target public key is an owner public key of the medical record data;
the intelligent contract is used for determining the public keys of owners of the medical record data from public keys of all registered patients according to patient information in the medical record data if the third signature passes the signature verification, verifying the first signature according to the medical record data and the public keys of the owners thereof, and storing the medical record data if the first signature passes the signature verification, wherein the public keys of all registered patients are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier;
the intelligent contract is used for checking the first signature according to the medical record identifier and the public keys of owners of the target medical record data if the third signature passes the check, and marking the public key to be authorized as the public key of the authorizer of the target medical record data if the first signature passes the check and the public key to be authorized is the public key of the registered doctor, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of target medical record data corresponding to the medical record identifier;
and if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the owner public key and the authorizer public key of the target medical record data, and if the first signature passes the signature verification, the target medical record data is returned to the initiator of the medical record checking request through the blockchain access layer and the information sharing application.
Further, in an embodiment, the smart contract is configured to calculate a first public key according to the first signature and the medical record identifier, and if the first public key is an owner public key or an authorizer public key of the target medical record data, the first signature passes the signature verification.
Further, in an embodiment, the smart contract is further configured to sign the issued data according to a fourth private key to obtain a fourth signature, and return the issued data and the fourth signature to the blockchain access layer, where the fourth private key is preset in the smart contract;
the block chain access layer is further configured to check a fourth signature according to the issued data and a fourth public key, if the fourth signature passes the check, sign the issued data according to a third private key to obtain a fifth signature, and return the issued data and the fifth signature to the information sharing application, where the fourth public key is preset in the block chain access layer;
the information sharing application is further configured to perform signature verification on the fifth signature according to the issued data and the third public key, and if the fifth signature passes the signature verification, perform a related operation on the issued data, where the third public key is preset in the information sharing application.
Further, in an embodiment, the information sharing application is further configured to encrypt the uploaded data, the first signature and the second signature according to a symmetric key, so as to send the uploaded data, the first signature and the second signature to the blockchain access layer in a ciphertext form, where the symmetric key is preset in the information sharing application;
the block chain access layer is further used for decrypting the uploading data in the ciphertext form, the first signature and the second signature according to a symmetric key, wherein the symmetric key is pre-arranged in the block chain access layer;
the block chain access layer is further used for encrypting the issued data and the fifth signature according to the symmetric key so as to return the issued data and the fifth signature to the information sharing application in a ciphertext mode;
the information sharing application is further configured to decrypt the ciphertext-form of the transmitted data and the fifth signature based on the symmetric key.
Further, in an embodiment, the information sharing application is further configured to generate a temporary public-private key pair, and send a public key of the temporary public-private key pair to the blockchain access layer;
the block chain access layer is also used for generating a symmetric key, encrypting the symmetric key according to the public key of the temporary public-private key pair, and returning the symmetric key in a ciphertext form to the information sharing application after encryption;
the information sharing application is also used for decrypting the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroying the temporary public-private key pair after decrypting.
Further, in an embodiment, the blockchain access layer is further configured to verify a source IP of the data packet corresponding to the uploaded data, the first signature, and the second signature, where if the source IP is consistent with the IP of the information sharing application and the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature.
In a second aspect, an embodiment of the present application further provides a blockchain-based medical information sharing method applied to a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract, the blockchain-based medical information sharing method including:
the information sharing application signs uploading data carried by a preset request according to a first private key to obtain a first signature, signs the uploading data according to a second private key to obtain a second signature, and sends the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer performs signature verification on the second signature according to the uploaded data and the second public key, if the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
and the intelligent contract performs signature verification on the third signature according to the uploading data and the third public key, if the third signature passes the signature verification, the first signature is subjected to signature verification according to the uploading data and the target public key, and if the first signature passes the signature verification, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
In the application, the second signature verification is derived from the information sharing application and is not tampered by indicating that the uploading data received by the blockchain access layer is derived from the blockchain access layer and is not tampered by indicating that the uploading data received by the intelligent contract is derived from the blockchain access layer, and the first signature verification is provided with the operation authority by indicating that the initiator of the preset request. By the method and the device, the premise that the preset request is responded is that the source of the uploaded data is legal and not tampered, and the initiator of the preset request has operation authority, so that the data security is further improved.
Drawings
FIG. 1 is a block chain based medical information sharing system architecture according to one embodiment of the present application;
FIG. 2 is a timing diagram of data uploading in an embodiment of the present application;
FIG. 3 is a timing diagram of data distribution in an embodiment of the present application;
FIG. 4 is a timing diagram of symmetric key generation in one embodiment of the present application;
FIG. 5 is a flowchart of a block chain based medical information sharing method according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will clearly and completely describe the technical solution in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In a first aspect, embodiments of the present application provide a blockchain-based medical information sharing system.
FIG. 1 is a schematic diagram of a block chain based medical information sharing system according to an embodiment of the present application.
Referring to FIG. 1, in one embodiment, a blockchain-based medical information sharing system includes an information sharing application, a blockchain access layer, and a smart contract. Specifically, the intelligent contracts are arranged on the blockchain nodes, and the information sharing application, the blockchain access layer and the blockchain nodes are all deployed inside hospitals of all medical conjuncts. The independent medical records, diagnosis and other data of each department in the internal hospital system are transmitted to the blockchain access layer through the information sharing application and then transmitted into the intelligent contract on the blockchain node through the blockchain access layer. Personnel operating the information sharing application mainly include hospital data administrators, doctors, and patients, wherein the operation of patients is typically performed under the direction of or instead performed by the hospital data administrators.
The information sharing application is used for signing the uploading data carried by the preset request according to a first private key to obtain a first signature, signing the uploading data according to a second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application. Specifically, the initiator of the preset request mainly comprises a doctor and a patient, and the uploading data carried by the preset request is data such as medical records, diagnoses and the like. The first private key belongs to the user private key, the first private key cannot be stored in the information sharing application, the record is deleted after the signature is finished, and the privacy of the user private key is ensured.
The block chain access layer is used for checking the second signature according to the uploaded data and the second public key, if the second signature passes the check, the uploaded data is signed according to the third private key to obtain the third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are preset in the block chain access layer. The intelligent contract is used for checking the third signature according to the uploading data and the third public key, if the third signature passes the checking, the first signature is checked according to the uploading data and the target public key, if the first signature passes the checking, the related operation is executed in response to the preset request, wherein the third public key and the target public key are preset in the intelligent contract.
In this embodiment, the first signature is used to represent the identity of the initiator of the preset request, and the second and third signatures are used to represent the source of the uploaded data. The second signature verification is carried out by indicating that the uploading data received by the blockchain access layer is derived from the information sharing application and is not tampered, the third signature verification is carried out by indicating that the uploading data received by the intelligent contract is derived from the blockchain access layer and is not tampered, and the first signature verification is carried out by indicating that an initiator of a preset request has operation authority. By the embodiment, the precondition that the preset request is responded is that the source of the uploaded data is legal and not tampered, and the initiator of the preset request has the operation authority, so that the data security is further improved. In addition, the signature operation in the embodiment is executed locally, transmission of private key data is not involved, and private key leakage risk is reduced, so that data security is ensured.
Optionally, the second public-private key pair and the third public-private key pair are privately negotiated and saved in the hospital and are replaced regularly, so that the reliability of the second signature and the third signature on the verification result of the legal source of the data is ensured.
In the following, three preset requests, namely a medical record uploading request, a medical record authorizing request and a medical record viewing request, which are commonly used in a medical information sharing scene are taken as examples, so that details of the application are further described.
In an embodiment, when the preset request is a medical record uploading request, the uploading data is medical record data, and the target public key is an owner public key of the medical record data. The intelligent contract is used for determining the public keys of owners of the medical record data from the public keys of all registered patients according to patient information in the medical record data if the third signature passes the signature verification, verifying the first signature according to the medical record data and the public keys of the owners thereof, and storing the medical record data if the first signature passes the signature verification, wherein the public keys of all registered patients are preset in the intelligent contract.
In this embodiment, the first signature verification indicates that the initiator of the medical record uploading request is the owner of the medical record data, or that the medical record uploading request has the operation authority of medical record uploading after the agreement of the owner of the medical record data.
In an embodiment, when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier. The intelligent contract is used for checking the first signature according to the medical record identifier and the public keys of owners of the target medical record data if the third signature passes the checking, and marking the public key to be authorized as the public key of the authorizer of the target medical record data if the first signature passes the checking and the public key to be authorized is the public key of the registered doctor, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
In this embodiment, the first signature verification indicates that the initiator of the medical record authorization request is the owner of the medical record data, or that the medical record authorization request has the operation authority of medical record authorization after the approval of the owner of the medical record data. In this embodiment, in addition to verifying the operation authority of the request initiator, the identity corresponding to the public key to be authorized is verified, so that the authorizer needs to be ensured to be a registered doctor. Specifically, the medical record identifier is included in the medical record data, the public key of the registered doctor is disclosed to the outside, and the request initiator can acquire the public key of the registered doctor as the public key to be authorized through operations such as code scanning and the like.
Optionally, the information sharing application is further configured to enable the user to perform a registration operation, generate a public-private key pair of the user when registration is completed, and destroy the public-private key pair of the user after registration is completed, where the private key of the registered user is kept by the user, and the public key of the registered user is stored in the intelligent contract. User types include patients and doctors.
Further, in an embodiment, when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of the target medical record data corresponding to the medical record identifier. The intelligent contract is used for checking the first signature according to the medical record identification and the owner public key and the authorizer public key of the target medical record data if the third signature passes, and returning the target medical record data to the initiator of the medical record checking request through the blockchain access layer and the information sharing application if the first signature passes.
In this embodiment, the first signature verification indicates that the initiator of the medical record viewing request is the owner (patient) or the authorizer (doctor) of the medical record data, or the medical record viewing request has the operation authority of medical record viewing after the consent of the owner of the medical record data. Because the identity of the authorizer is ensured to be a registered doctor in the medical record authorization process, in the case that the request initiator is not the owner of the medical record data, the request initiator does not need to be verified whether the identity of the request initiator is the registered doctor or not, and whether the request initiator is the authorizer of the medical record data or not is verified directly in the embodiment.
Optionally, to ensure the safety of the system operation, a redundant verification link may be set according to the actual situation. For example, the general identity of the request initiator is verified by the first signature to be a registered user (patient or doctor), and then the specific identity (owner or authorizer of medical record data) is further verified, so that the potential safety hazard of data caused by irregular path marking of the public key of the owner or the public key of the authorizer is avoided.
Further, in an embodiment, the smart contract is configured to calculate a first public key according to the first signature and the medical record identifier, and if the first public key is an owner public key or an authorizer public key of the target medical record data, the first signature passes the signature verification.
The conventional signature verification operation is to decrypt the signature by using a public key to obtain a digest A, hash the original text by using a hash function to obtain a digest B, and compare the contents of the digest A and the digest B. The medical record checking request needs to check the first signature to try to find out the public key matched with the first private key from a plurality of public keys (an owner public key and an authorizer public key, and the authorizer public key is usually more than one), if the conventional checking operation is adopted, multiple times of decryption and hash processing are needed besides multiple times of comparison, and the operation amount is large. According to the embodiment, the signature verification of the first signature can be completed through one-time reverse calculation and multiple comparison, so that the operation amount is reduced, and the processing speed is improved.
For example, the public and private key pair of the user can be generated through an elliptic curve algorithm, wherein the public key data can be obtained by calculating private key data through the elliptic curve algorithm, and can also be obtained by calculating three data of r, s and v of a signature value and the original text through the elliptic curve algorithm.
Further, in an embodiment, the smart contract is further configured to sign the issued data according to a fourth private key to obtain a fourth signature, and return the issued data and the fourth signature to the blockchain access layer, where the fourth private key is preset in the smart contract. The blockchain access layer is further configured to check the fourth signature according to the issued data and the fourth public key, if the fourth signature passes the check, then sign the issued data according to the third private key to obtain a fifth signature, and return the issued data and the fifth signature to the information sharing application, where the fourth public key is preset in the blockchain access layer. The information sharing application is further configured to perform signature verification on the fifth signature according to the issued data and a third public key, and if the signature verification of the fifth signature passes, perform a related operation on the issued data, where the third public key is preset in the information sharing application.
In this embodiment, the fourth signature and the fifth signature are used to represent the source of the issued data, the fourth signature verifies that the issued data received by the blockchain access layer originates from the intelligent contract and is not tampered, and the fifth signature verifies that the issued data received by the information sharing application originates from the blockchain access layer and is not tampered, so that the data security is further improved. The signature operation in the embodiment is executed locally, does not involve transmission of private key data, and is beneficial to reducing the risk of private key leakage, so that the data security is ensured.
Optionally, the second public-private key pair, the third public-private key pair and the fourth public-private key pair are privately negotiated and stored in the hospital, and are replaced regularly, so that the reliability of the verification results of the second signature to the fifth signature on the legal source of the data is ensured.
FIG. 2 shows a timing diagram of data upload in an embodiment of the present application; fig. 3 shows a timing diagram of data delivery in an embodiment of the present application.
Further, in an embodiment, referring to fig. 2, the information sharing application is further configured to encrypt the upload data, the first signature, and the second signature according to a symmetric key, so as to send the upload data, the first signature, and the second signature to the blockchain access layer in a ciphertext form, where the symmetric key is pre-placed in the information sharing application. The block chain access layer is further configured to decrypt the uploaded data in the ciphertext form, the first signature, and the second signature according to a symmetric key, where the symmetric key is pre-placed in the block chain access layer. Referring to fig. 3, the blockchain access layer is further configured to encrypt the outgoing data and the fifth signature according to the symmetric key to return the outgoing data and the fifth signature to the information sharing application in ciphertext. The information sharing application is further configured to decrypt the ciphertext-form of the transmitted data and the fifth signature based on the symmetric key.
In this embodiment, the symmetric key encryption is performed on the basis of SSL (Secure Sockets Layer, secure socket layer) communication protocol encryption. Because the communication related to the information sharing application comprises intranet communication and extranet communication, the data transmission between the information sharing application and the blockchain access layer is additionally encrypted through the symmetric key, so that the data security is further improved. The blockchain access layer and the intelligent contracts only relate to intranet communication, and no additional encryption is needed. The signing operation and the encrypting operation in the embodiment are carried out locally, transmission of private key data is not involved, private key leakage risk is reduced, and therefore data security is ensured.
Fig. 4 shows a timing diagram of symmetric key generation in an embodiment of the present application.
Further, in an embodiment, referring to fig. 4, the information sharing application is further configured to generate a temporary public-private key pair, and send a public key of the temporary public-private key pair to the blockchain access layer. The block chain access layer is also used for generating a symmetric key, encrypting the symmetric key according to the public key of the temporary public-private key pair, and returning the symmetric key in the ciphertext form to the information sharing application after encryption. The information sharing application is also used for decrypting the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroying the temporary public-private key pair after decrypting.
In the embodiment, in the whole process of symmetric key generation, the symmetric key is not transmitted in a plaintext form, and the temporary public-private key pair is destroyed after use, so that the security of the symmetric key is ensured.
Alternatively, the symmetric encryption algorithm referred to in the present application may employ AES (Advanced Encryption Standard ) algorithm, national secret SM4 algorithm, or the like, and the asymmetric encryption algorithm may employ RSA algorithm, elliptic curve algorithm, national secret SM2 algorithm, or the like.
Further, in an embodiment, the blockchain access layer is further configured to verify a source IP of the data packet corresponding to the uploaded data, the first signature, and the second signature, where if the source IP is consistent with an IP of the information sharing application and the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature.
In this embodiment, for the characteristics of the information sharing application that there is external network communication, by verifying whether the source IP of the data packet is consistent with the IP of the information sharing application, the source of the data packet is verified from the communication protocol layer, so as to further improve data security and avoid potential safety hazards caused by leakage of the second key.
In a second aspect, embodiments of the present application also provide a blockchain-based medical information sharing method applied to a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract.
Fig. 5 is a flowchart illustrating a medical information sharing method based on blockchain in an embodiment of the present application.
Referring to fig. 5, the blockchain-based medical information sharing method includes:
s11, the information sharing application signs uploading data carried by a preset request according to a first private key to obtain a first signature, signs the uploading data according to a second private key to obtain a second signature, and sends the uploading data, the first signature and the second signature to a block chain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
s12, the block chain access layer carries out signature verification on the second signature according to the uploaded data and the second public key, if the second signature passes the signature verification, the uploaded data is signed according to the third private key to obtain the third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are preset in the block chain access layer;
s13, the intelligent contract performs signature verification on the third signature according to the uploading data and the third public key, if the third signature passes the signature verification, the first signature is subjected to signature verification according to the uploading data and the target public key, if the first signature passes the signature verification, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record uploading request, the uploading data is medical record data, and the target public key is an owner public key of the medical record data;
if the third signature passes, the first signature is checked according to the uploading data and the target public key, and if the first signature passes, the step of responding to the preset request to execute the related operation comprises the following steps:
if the third signature passes the signature verification, determining the public keys of owners of the medical record data from the public keys of all registered patients according to the patient information in the medical record data, verifying the first signature according to the medical record data and the public keys of the owners thereof, and if the first signature passes the signature verification, storing the medical record data, wherein the public keys of all registered patients are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier;
if the third signature passes, the first signature is checked according to the uploading data and the target public key, and if the first signature passes, the step of responding to the preset request to execute the related operation comprises the following steps:
if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the public keys of owners of the target medical record data, and if the first signature passes the signature verification and the public key to be authorized is the public key of the registered doctor, the public key to be authorized is marked as the public key of the authorizer of the target medical record data, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
Further, in an embodiment, when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of target medical record data corresponding to the medical record identifier;
if the third signature passes, the first signature is checked according to the uploading data and the target public key, and if the first signature passes, the step of responding to the preset request to execute the related operation further comprises:
if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the owner public key and the authorizer public key of the target medical record data, and if the first signature passes the signature verification, the target medical record data is returned to the initiator of the medical record checking request through the blockchain access layer and the information sharing application.
Further, in an embodiment, the medical information sharing method based on the blockchain further includes:
the intelligent contract signs the issued data according to a fourth private key to obtain a fourth signature, and returns the issued data and the fourth signature to the block chain access layer, wherein the fourth private key is preset in the intelligent contract;
the block chain access layer performs signature verification on the fourth signature according to the issued data and the fourth public key, if the fourth signature passes the signature verification, the issued data is signed according to the third private key to obtain a fifth signature, and the issued data and the fifth signature are returned to the information sharing application, wherein the fourth public key is preset in the block chain access layer;
and the information sharing application performs signature verification on the fifth signature according to the issued data and the third public key, and if the fifth signature passes the signature verification, related operation is executed for the issued data, wherein the third public key is preset in the information sharing application.
Further, in an embodiment, before the step of sending the upload data, the first signature and the second signature to the blockchain access layer, the method further includes:
the information sharing application encrypts the uploading data, the first signature and the second signature according to the symmetric key so as to send the uploading data, the first signature and the second signature to the blockchain access layer in a ciphertext form, wherein the symmetric key is pre-arranged in the information sharing application;
before the step of signing the second signature based on the uploaded data and the second public key, further comprising:
the block chain access layer decrypts the uploading data in the ciphertext form, the first signature and the second signature according to the symmetric key, wherein the symmetric key is pre-arranged in the block chain access layer;
before the step of returning the issue data and the fifth signature to the information sharing application, further comprising:
the block chain access layer encrypts the issued data and the fifth signature according to the symmetric key so as to return the issued data and the fifth signature to the information sharing application in a ciphertext mode;
before the step of signing the fifth signature according to the issued data and the third public key, the method further comprises:
the information sharing application decrypts the cryptographically transmitted data and the fifth signature according to the symmetric key.
Further, in an embodiment, the medical information sharing method based on the blockchain further includes:
the information sharing application generates a temporary public-private key pair and sends a public key of the temporary public-private key pair to the block chain access layer;
the block chain access layer generates a symmetric key, encrypts the symmetric key according to the public key of the temporary public-private key pair, and returns the symmetric key in a ciphertext form to the information sharing application after encryption;
the information sharing application decrypts the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroys the temporary public-private key pair after decrypting.
Further, in an embodiment, before the step of signing the first signature according to the uploaded data and the target public key, the method further includes:
the block chain access layer verifies source IP of the data packet corresponding to the uploaded data, the first signature and the second signature, wherein if the source IP is consistent with the IP of the information sharing application and the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature.
The analysis of each step in the medical information sharing method based on the blockchain corresponds to the functions and implementation processes of each component in the medical information sharing system based on the blockchain, and are not described in detail herein.
It should be noted that, the foregoing embodiment numbers are merely for describing the embodiments, and do not represent the advantages and disadvantages of the embodiments.
The terms "comprising" and "having" and any variations thereof in the description and claims of the present application and in the foregoing drawings are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The terms "first," "second," and "third," etc. are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order, and are not limited to the fact that "first," "second," and "third" are not identical.
In the description of embodiments of the present application, "exemplary," "such as," or "for example," etc., are used to indicate an example, instance, or illustration. Any embodiment or design described herein as "exemplary," "such as" or "for example" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary," "such as" or "for example," etc., is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, "/" means or, for example, a/B may represent a or B; the text "and/or" is merely an association relation describing the associated object, and indicates that three relations may exist, for example, a and/or B may indicate: the three cases where a exists alone, a and B exist together, and B exists alone, and in addition, in the description of the embodiments of the present application, "plural" means two or more than two.
In some of the processes described in the embodiments of the present application, a plurality of operations or steps occurring in a particular order are included, but it should be understood that these operations or steps may be performed out of the order in which they occur in the embodiments of the present application or in parallel, the sequence numbers of the operations merely serve to distinguish between the various operations, and the sequence numbers themselves do not represent any order of execution. In addition, the processes may include more or fewer operations, and the operations or steps may be performed in sequence or in parallel, and the operations or steps may be combined.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising several instructions for causing a terminal device to perform the method described in the various embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the claims, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application, or direct or indirect application in other related technical fields are included in the scope of the claims of the present application.
Claims (10)
1. A blockchain-based medical information sharing system, wherein the blockchain-based medical information sharing system includes an information sharing application, a blockchain access layer, and an intelligent contract;
the information sharing application is used for signing uploading data carried by a preset request according to a first private key to obtain a first signature, signing the uploading data according to a second private key to obtain a second signature, and sending the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer is used for checking the second signature according to the uploaded data and the second public key, if the second signature passes the check, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
the intelligent contract is used for checking a third signature according to the uploading data and the third public key, if the third signature passes the checking, the first signature is checked according to the uploading data and the target public key, if the first signature passes the checking, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
2. The blockchain-based medical information sharing system of claim 1, wherein when the preset request is a medical record upload request, the upload data is medical record data, and the target public key is an owner public key of the medical record data;
the intelligent contract is used for determining the public keys of owners of the medical record data from public keys of all registered patients according to patient information in the medical record data if the third signature passes the signature verification, verifying the first signature according to the medical record data and the public keys of the owners thereof, and storing the medical record data if the first signature passes the signature verification, wherein the public keys of all registered patients are preset in the intelligent contract.
3. The blockchain-based medical information sharing system of claim 1, wherein when the preset request is a medical record authorization request, the uploaded data is a medical record identifier and a public key to be authorized, and the target public key is an owner public key of target medical record data corresponding to the medical record identifier;
the intelligent contract is used for checking the first signature according to the medical record identifier and the public keys of owners of the target medical record data if the third signature passes the check, and marking the public key to be authorized as the public key of the authorizer of the target medical record data if the first signature passes the check and the public key to be authorized is the public key of the registered doctor, wherein the public keys of the owners of the target medical record data and the public keys of all the registered doctors are preset in the intelligent contract.
4. The blockchain-based medical information sharing system of claim 3, wherein when the preset request is a medical record viewing request, the uploaded data is a medical record identifier, and the target public key is an owner public key and an authorizer public key of target medical record data corresponding to the medical record identifier;
and if the third signature passes the signature verification, the first signature is verified according to the medical record identification and the owner public key and the authorizer public key of the target medical record data, and if the first signature passes the signature verification, the target medical record data is returned to the initiator of the medical record checking request through the blockchain access layer and the information sharing application.
5. The blockchain-based medical information sharing system of claim 4, wherein the smart contract is configured to calculate a first public key based on the first signature and the medical record identifier, and wherein the first signature passes the verification if the first public key is an owner public key or an authorizer public key of the target medical record data.
6. The blockchain-based medical information sharing system of any of claims 1-5, wherein the smart contract is further configured to sign the outgoing data according to a fourth private key to obtain a fourth signature, and return the outgoing data and the fourth signature to the blockchain access layer, wherein the fourth private key is pre-placed in the smart contract;
the block chain access layer is further configured to check a fourth signature according to the issued data and a fourth public key, if the fourth signature passes the check, sign the issued data according to a third private key to obtain a fifth signature, and return the issued data and the fifth signature to the information sharing application, where the fourth public key is preset in the block chain access layer;
the information sharing application is further configured to perform signature verification on the fifth signature according to the issued data and the third public key, and if the fifth signature passes the signature verification, perform a related operation on the issued data, where the third public key is preset in the information sharing application.
7. The blockchain-based medical information sharing system of claim 6, wherein the information sharing application is further configured to encrypt the uploaded data, the first signature, and the second signature according to a symmetric key to send the uploaded data, the first signature, and the second signature in ciphertext form to the blockchain access layer, wherein the symmetric key is pre-placed to the information sharing application;
the block chain access layer is further used for decrypting the uploading data in the ciphertext form, the first signature and the second signature according to a symmetric key, wherein the symmetric key is pre-arranged in the block chain access layer;
the block chain access layer is further used for encrypting the issued data and the fifth signature according to the symmetric key so as to return the issued data and the fifth signature to the information sharing application in a ciphertext mode;
the information sharing application is further configured to decrypt the ciphertext-form of the transmitted data and the fifth signature based on the symmetric key.
8. The blockchain-based medical information sharing system of claim 7, wherein the information sharing application is further configured to generate a temporary public-private key pair, send a public key of the temporary public-private key pair to the blockchain access layer;
the block chain access layer is also used for generating a symmetric key, encrypting the symmetric key according to the public key of the temporary public-private key pair, and returning the symmetric key in a ciphertext form to the information sharing application after encryption;
the information sharing application is also used for decrypting the symmetric public key in the ciphertext form according to the private key of the temporary public-private key pair, and destroying the temporary public-private key pair after decrypting.
9. The blockchain-based medical information sharing system of any of claims 1-5, wherein the blockchain access layer is further configured to verify a source IP of the data packet corresponding to the uploaded data, the first signature, and the second signature, wherein if the source IP is consistent with the IP of the information sharing application and the second signature passes the signature verification, then signing the uploaded data according to a third private key to obtain a third signature.
10. A blockchain-based medical information sharing method applied to a blockchain-based medical information sharing system including an information sharing application, a blockchain access layer, and an intelligent contract, the blockchain-based medical information sharing method comprising:
the information sharing application signs uploading data carried by a preset request according to a first private key to obtain a first signature, signs the uploading data according to a second private key to obtain a second signature, and sends the uploading data, the first signature and the second signature to the blockchain access layer, wherein the first private key is provided by an initiator of the preset request, and the second private key is preset in the information sharing application;
the block chain access layer performs signature verification on the second signature according to the uploaded data and the second public key, if the second signature passes the signature verification, the uploaded data is signed according to a third private key to obtain a third signature, and the uploaded data, the first signature and the third signature are sent to the intelligent contract, wherein the second public key and the third private key are pre-arranged in the block chain access layer;
and the intelligent contract performs signature verification on the third signature according to the uploading data and the third public key, if the third signature passes the signature verification, the first signature is subjected to signature verification according to the uploading data and the target public key, and if the first signature passes the signature verification, related operations are executed in response to a preset request, wherein the third public key and the target public key are preset in the intelligent contract.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311625219.6A CN117373599B (en) | 2023-11-30 | 2023-11-30 | Medical information sharing system and method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311625219.6A CN117373599B (en) | 2023-11-30 | 2023-11-30 | Medical information sharing system and method based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117373599A true CN117373599A (en) | 2024-01-09 |
CN117373599B CN117373599B (en) | 2024-04-09 |
Family
ID=89396858
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311625219.6A Active CN117373599B (en) | 2023-11-30 | 2023-11-30 | Medical information sharing system and method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117373599B (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109948367A (en) * | 2019-03-27 | 2019-06-28 | 南京星链高科技发展有限公司 | A kind of medical data authorization method based on block chain technology |
CN111540449A (en) * | 2020-04-03 | 2020-08-14 | 肾泰网健康科技(南京)有限公司 | Electronic medical record sharing method based on block chain, electronic medical record interface and system |
US20200381088A1 (en) * | 2018-01-12 | 2020-12-03 | Industrial Cooperation Foundation Chonbuk National University | Method and system for clinical trial resource management using block chain |
CN112434336A (en) * | 2020-11-25 | 2021-03-02 | 深圳前海微众银行股份有限公司 | Block chain-based electronic medical record sharing method, device and system and storage medium |
CN112614558A (en) * | 2020-12-26 | 2021-04-06 | 西安科锐盛创新科技有限公司 | Electronic medical record sharing method based on block chain and electronic equipment |
KR20210067353A (en) * | 2019-11-29 | 2021-06-08 | 주식회사 아우룸블록체인 | Method and system for storing and providing medical records by strengthening individual's control over medical records with multi-signature smart contract on blockchain |
US20210375408A1 (en) * | 2018-08-03 | 2021-12-02 | Siemens Healthcare Gmbh | Blockchain-based distribution of medical data records |
KR20220005277A (en) * | 2020-07-06 | 2022-01-13 | 코리 컴퍼니 리미티드 | Method for management medical data based on blockchain and system for the method |
CN114360673A (en) * | 2021-10-18 | 2022-04-15 | 上海旺链信息科技有限公司 | Block chain-based medical information sharing method, device, equipment and storage medium |
CN115021903A (en) * | 2022-05-23 | 2022-09-06 | 湖北工业大学 | Electronic medical record sharing method and system based on block chain |
CN117037988A (en) * | 2023-08-22 | 2023-11-10 | 广州视景医疗软件有限公司 | Electronic medical record storage method and device based on blockchain |
-
2023
- 2023-11-30 CN CN202311625219.6A patent/CN117373599B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200381088A1 (en) * | 2018-01-12 | 2020-12-03 | Industrial Cooperation Foundation Chonbuk National University | Method and system for clinical trial resource management using block chain |
US20210375408A1 (en) * | 2018-08-03 | 2021-12-02 | Siemens Healthcare Gmbh | Blockchain-based distribution of medical data records |
CN109948367A (en) * | 2019-03-27 | 2019-06-28 | 南京星链高科技发展有限公司 | A kind of medical data authorization method based on block chain technology |
KR20210067353A (en) * | 2019-11-29 | 2021-06-08 | 주식회사 아우룸블록체인 | Method and system for storing and providing medical records by strengthening individual's control over medical records with multi-signature smart contract on blockchain |
CN111540449A (en) * | 2020-04-03 | 2020-08-14 | 肾泰网健康科技(南京)有限公司 | Electronic medical record sharing method based on block chain, electronic medical record interface and system |
KR20220005277A (en) * | 2020-07-06 | 2022-01-13 | 코리 컴퍼니 리미티드 | Method for management medical data based on blockchain and system for the method |
CN112434336A (en) * | 2020-11-25 | 2021-03-02 | 深圳前海微众银行股份有限公司 | Block chain-based electronic medical record sharing method, device and system and storage medium |
CN112614558A (en) * | 2020-12-26 | 2021-04-06 | 西安科锐盛创新科技有限公司 | Electronic medical record sharing method based on block chain and electronic equipment |
CN114360673A (en) * | 2021-10-18 | 2022-04-15 | 上海旺链信息科技有限公司 | Block chain-based medical information sharing method, device, equipment and storage medium |
CN115021903A (en) * | 2022-05-23 | 2022-09-06 | 湖北工业大学 | Electronic medical record sharing method and system based on block chain |
CN117037988A (en) * | 2023-08-22 | 2023-11-10 | 广州视景医疗软件有限公司 | Electronic medical record storage method and device based on blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN117373599B (en) | 2024-04-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103138939B (en) | Based on the key access times management method of credible platform module under cloud memory module | |
CN109377198A (en) | A kind of signing system known together in many ways based on alliance's chain | |
CN101090316B (en) | Identify authorization method between storage card and terminal equipment at off-line state | |
US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
CN113553574A (en) | Internet of things trusted data management method based on block chain technology | |
Tan et al. | Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks” | |
CN111181928B (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
US11831753B2 (en) | Secure distributed key management system | |
Symeonidis et al. | Sepcar: A secure and privacy-enhancing protocol for car access provision | |
CN105471833A (en) | Safe communication method and device | |
US9215070B2 (en) | Method for the cryptographic protection of an application | |
CN113886771A (en) | Software authorization authentication method | |
CN114244534A (en) | Data storage method, device, equipment and storage medium | |
CN111130775A (en) | Key negotiation method, device and equipment | |
US20240089097A1 (en) | Key update management system and key update management method | |
CN117373599B (en) | Medical information sharing system and method based on block chain | |
CN113364803B (en) | Block chain-based security authentication method for power distribution Internet of things | |
US20210111906A1 (en) | Pseudonym credential configuration method and apparatus | |
CN114338091A (en) | Data transmission method and device, electronic equipment and storage medium | |
CN110086627B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp | |
CN113676330A (en) | Digital certificate application system and method based on secondary key | |
Ibrahim et al. | A secure framework for medical information exchange (MI-X) between healthcare providers | |
CN113301026A (en) | Method for communication between servers | |
CN109104393B (en) | Identity authentication method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |