CN118118150A - EHR data safety access and sharing system based on block chain - Google Patents
EHR data safety access and sharing system based on block chain Download PDFInfo
- Publication number
- CN118118150A CN118118150A CN202410231415.3A CN202410231415A CN118118150A CN 118118150 A CN118118150 A CN 118118150A CN 202410231415 A CN202410231415 A CN 202410231415A CN 118118150 A CN118118150 A CN 118118150A
- Authority
- CN
- China
- Prior art keywords
- data
- ehr
- patient
- blockchain
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 claims abstract description 20
- 238000013500 data storage Methods 0.000 claims abstract description 10
- 238000004422 calculation algorithm Methods 0.000 claims description 19
- 238000013475 authorization Methods 0.000 claims description 15
- 230000007246 mechanism Effects 0.000 claims description 15
- 238000012550 audit Methods 0.000 claims description 8
- 238000011160 research Methods 0.000 claims description 6
- 238000000034 method Methods 0.000 claims description 5
- 230000036541 health Effects 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- IBBLRJGOOANPTQ-JKVLGAQCSA-N quinapril hydrochloride Chemical compound Cl.C([C@@H](C(=O)OCC)N[C@@H](C)C(=O)N1[C@@H](CC2=CC=CC=C2C1)C(O)=O)CC1=CC=CC=C1 IBBLRJGOOANPTQ-JKVLGAQCSA-N 0.000 description 2
- OJRLTEJFYMZKQB-UHFFFAOYSA-N 5-nitro-6-(3-nitrophenyl)-2-oxo-4-(trifluoromethyl)-1h-pyridine-3-carbonitrile Chemical compound [O-][N+](=O)C1=CC=CC(C2=C(C(=C(C#N)C(=O)N2)C(F)(F)F)[N+]([O-])=O)=C1 OJRLTEJFYMZKQB-UHFFFAOYSA-N 0.000 description 1
- KZSNJWFQEVHDMF-UHFFFAOYSA-N Valine Chemical compound CC(C)C(N)C(O)=O KZSNJWFQEVHDMF-UHFFFAOYSA-N 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain-based Electronic Health Record (EHR) data security access and sharing system, which belongs to the technical field of medical data access and sharing, and comprises a plurality of participating entities, and specifically comprises the following steps: data viewer, patient, doctor, authority, blockchain, and store under chain, which involves the following operations: identity registration, identity verification, data storage, and data viewing. The EHR data safety access and sharing system based on the blockchain can share the EHR data on the premise of ensuring the data safety and protecting the privacy, can provide an efficient and safe data sharing and access control scheme for a medical care system, and has higher performance, a more complete scheme and attack resistance characteristics.
Description
Technical Field
The invention relates to the technical field of medical data access and sharing, in particular to an EHR data security access and sharing system based on a blockchain.
Background
In the context of digital transformation in the medical industry, the use of electronic health records (Electronic Health Records, EHR) is becoming increasingly common. Based on the statistics of 2021, recently authenticated EHR technology has been adopted by hospitals in the united states and the health information of patients is sent and acquired electronically, which brings convenience to patients and medical structures. The electronization of the medical data promotes the sharing of the medical data, and the sharing of the medical data not only can improve the diagnosis and treatment efficiency of doctors and provide data support for the research work of medical research institutions, but also can assist insurance companies in carrying out insurance plan design, risk management and the like.
EHR data has high value properties and contains a large amount of sensitive information for the patient, making it vulnerable to various security threats such as data tampering, privacy disclosure, malicious sharing, etc. Data security and privacy protection have become an important issue in EHR sharing. In addition, EHRs are highly dispersed among individual medical institutions, and it is difficult for the individual medical institutions to share each other's EHRs, thereby creating "islands of medical data" for data security and privacy protection. Furthermore, as a valuable asset for a patient, the patient should have full access control to his EHR and be able to observe activities related to his own EHR at any time. However, in existing healthcare systems, patients have very limited control over their EHR data.
The regional chain technology has the characteristics of decentralization, non-tampering, traceability and the like, and can solve the problems of decentralization storage, easy tampering, opaque process and the like in the traditional medical data sharing. Smart contracts act as key technologies in blockchain, allowing users to interact through automatically executed programmable scripts without the need for a centralized trusted authority.
Based on the related research, some researchers realize the access control to the EHR through intelligent contracts, and some students combine CP-ABE (CP-ABE) with blockchain technology to realize the fine-grained access control to the EHR. However, in healthcare systems, patients often need to share EHR data with different users or organizations, which often have different attributes, such that CP-ABE needs to maintain a large number of mappings between attributes and keys, increasing the complexity of key management. In addition, in a multi-attribute environment, the CP-ABE has a high computational overhead. Compared with the CP-ABE, the proxy re-encryption technology can realize ciphertext conversion under the condition of not revealing data privacy, and provides a more efficient and safe data sharing mode. Combining proxy re-encryption with intelligent contracts in the blockchain may provide an efficient, secure data sharing and access control scheme for healthcare systems.
In addition, the cloud service is adopted in the scheme to relieve the storage pressure of the blockchain, and the quality of the medical care service is improved. But storing the data on a cloud service provider or third party server also presents a risk of data security and privacy protection. More importantly, none of these schemes take into account the identity of the user invoking the smart contract, so that the smart contract may be attacked by an illegitimate user.
In order to avoid the problems of complicated key management operation, fine-granularity access control of high-generation payment, potential safety hazards of mass data storage and the like, a block chain-based large-scale EHR access and sharing system (BCAS) is provided, and EHR data is shared on the premise of ensuring data safety and protecting patient privacy.
Disclosure of Invention
The invention aims to provide an EHR data safety access and sharing system based on a blockchain, which can share the EHR data on the premise of ensuring the data safety and protecting the privacy, can provide an efficient and safe data sharing and access control scheme for a medical care system, and has higher performance, a more complete scheme and attack resistance characteristics.
In order to achieve the above object, the present invention provides a blockchain-based EHR data security access and sharing system, in which a data viewer granted viewing authority views an EHR of a patient by calling Client-API-view;
The patient grants or removes the access right of other users to the EHR data by calling the Client-API-permission;
After obtaining the write-in authority granted by the patient, the doctor uploads the generated medical record after the patient treatment by calling the Client-API-uploading;
intelligent contracts are deployed on channels of the block chain;
The user provides personal information to the authorization mechanism for identity registration, and before the user calls the intelligent contract, the user needs to call the Client-API-genToken to perform identity verification to the authorization mechanism so as to obtain a token for calling the intelligent contract;
the method comprises the steps of selecting a trusted server in a hospital as a CA center, selecting internal equipment as nodes from the hospitals, forming a hospital alliance private IPFS network together by the internal nodes, and performing distributed storage under a chain to finish data storage of a user, wherein a data viewing module is also arranged.
Preferably, the data viewers are doctors, insurers and research institutions, and are users requesting to view the EHR of the patient, the patient being the owner of the EHR, and the authority being a fully trusted entity.
Preferably, the specific operation steps of the identity registration are as follows:
Step 1, a user invokes kpGen to generate a key pair kp, and provides PK i, encrypted personal information cUserinfo and signature uSign to an authority to request registration;
Step2, the authority verifies uSign and audits the user information, generates a virtual identity VID i for the user passing the audit, and uploads REGUSER to the blockchain;
And step 3, searching on the blockchain by the user according to the PK i of the user to obtain the VID i of the user.
Preferably, the specific operation steps of the identity verification are as follows:
Step 1, a user provides VID i, contract name SC Name, contract parameter SC Param and uses a private key to sign the contract name and the contract parameter to an authority to perform identity verification on a result rSign;
step 2, the authorization mechanism invokes an algorithm to verify the identity of the user, after verification, a blockchain access token is issued for the user, and the user accesses an intelligent contract by the token;
And 3, the user accesses the intelligent contract by using the token, the correctness of the token is verified by using a block chain execution algorithm, and if the verification is passed, the user calls the intelligent contract SC.
Preferably, the specific operation steps of the data storage are as follows:
Step 1, a patient looks for a doctor to see a doctor, the doctor requests the patient to grant the writing authority of the patient to EHR data, and the patient grants the writing authority to the doctor;
step 2, after obtaining authorization, the doctor encrypts the EHR by using the public key of the patient, and uploads IPFS the encrypted EHR to obtain CID; the doctor signs the CID using his private key and uploads the ACCESS to the blockchain;
And 3, transmitting doctor access information to a patient by the blockchain, obtaining related information of the EHR by the patient through the blockchain, ensuring that the EHR is written by the doctor by verifying the signature of the doctor, and obtaining the EHR by decrypting the EHR in the CID IPFS.
Preferably, the specific operation steps of the data viewing are as follows:
Step 1, a data viewer requests a patient to grant viewing authority, the patient grants the viewing authority to the data viewer, after granting the viewing authority, the patient calls reKeyGen to generate a re-encryption key RK P→V, pEHR (0) is obtained according to CID lookup IPFS, and the blockchain network calls reEnc to generate a re-encryption ciphertext pEHR (P→V) and sends the re-encryption ciphertext to the VID V together with the CID;
Step 2, the data viewer uses the private key SK V to decrypt the ciphertext again to obtain the plaintext pEHR of the EHR, inputs the obtained pEHR into the hash function H, calculates to obtain a hash value, compares the hash value with the hash value of pEHR stored in the chain to determine that the obtained pEHR is not tampered, and uploads the ACCESS to the blockchain.
Therefore, the EHR data safety access and sharing system based on the blockchain can share the EHR data on the premise of ensuring the data safety and protecting the privacy, can provide an efficient and safe data sharing and access control scheme for a medical care system, and has higher performance, a more complete scheme and attack resistance characteristics.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
FIG. 1 is a system architecture of an embodiment of a blockchain-based EHR data secure access and sharing system of the present invention;
FIG. 2 is a particular flow diagram of identity registration of an embodiment of a blockchain-based EHR data secure access and sharing system of the present invention;
FIG. 3 is a particular flow diagram of authentication of an embodiment of a blockchain-based EHR data secure access and sharing system of the present invention;
FIG. 4 is a particular flow diagram of data storage for one embodiment of a blockchain-based EHR data secure access and sharing system of the present invention;
FIG. 5 is a specific flow diagram of data viewing for a blockchain-based EHR data secure access and sharing system embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further described below through the attached drawings and the embodiments.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention belongs.
Example 1
The invention provides an EHR data safety access and sharing system based on a blockchain, which comprises six participating entities of a data viewer, a patient, a doctor, an authorized mechanism, the blockchain and under-chain storage, as shown in figure 1.
The data viewer can be a doctor, an insurance company, a research institution and the like, is a user requesting to view the EHR of the patient, and the data viewer granted with the viewing authority views the EHR of the patient by calling the Client-API-view;
The patient is taken as an owner of the EHR, and the patient can grant or revoke the access right of other users to the EHR data by calling the Client-API-permission;
After obtaining the write-in authority granted by the patient, the doctor uploads the generated medical record after the patient treatment by calling the Client-API-uploading;
The authorization mechanism is a complete trusted entity, a user registers by providing personal information to the authorization mechanism, and before the user calls the intelligent contract, the user needs to call the Client-API-genToken to carry out identity verification to the authorization mechanism so as to obtain a token for calling the intelligent contract;
The intelligent contracts are deployed on the channels of the block chain, and the channels serve as a logic isolation environment, so that privacy and safety among the participants are ensured; the hospital is taken as an organization, a trusted server in the hospital is taken as a CA center, equipment which is networked in the hospital, has a storage space and has certain calculation power is taken as a node, and the identity legitimacy of the node and the network safety are ensured by adding the equipment into a blockchain through the authentication of the CA;
The Orderer node is used as a network node for providing consensus service, the transactions are ordered according to time sequence, the transactions are packed into blocks, and then the blocks are broadcast to all peer nodes on a channel; the user may execute the smart contract by calling the Client-API, send a transaction request, and interact with the smart contract. The intelligent complex is automatically executed after being called, the transaction request is processed according to preset rules and conditions, and the result is recorded in a distributed account book of the blockchain.
The storage under the chain is specifically as follows: the internal nodes are selected by all hospitals to form a hospital alliance private IPFS network together, so that the internal nodes are used as under-chain distributed storage to store encrypted mass EHR data, and the sharing efficiency of the system is improved.
Some symbols in the system and their associated descriptions are shown in the following table.
Table 1 symbols and related description thereof
The core algorithms of the system mainly comprise a registration algorithm register, a contract access token generation algorithm genToken, an identity verification algorithm verifyToken, a permission request algorithm requestPermission, a permission grant algorithm grantPermission, a permission revocation algorithm revokePermission, EHR uploading algorithm uploadEHR, EHR viewing algorithm viewEHR, a permission verification algorithm hasPermission and the like.
Algorithm 1, authority generation tokens
Input: VID Requestor, name of SC (SC Name), parameters of SC (SC Param), and rSign;
and (3) outputting: a token for a user to access the smart contract;
Initializing: VID i needs to be registered in the system, SC Name must be the name of the existing smart contract, and SC Param must be the valid parameter specifying the smart contract
Process genToken
1: Data= (VID Requestor,SCName,SCParam)
2:PKRequest=selectPK(VIDRequestor)
3: If (VERIFYSIGN (data, rSign, PK Request) = false), then
4: Return "failure"
5: X1, x2=random 128 bits
6:x3=H(H(x1)+H(x2))
7:x4=H(VIDi+SCName+SCParam)
8:aSig=S(SKAu,x3,x4)
9:token=(x1,x2,aSig)
10: When (selectToken (token) in bc=null) execute
11:genToken(VIDi,SCName,SCParam)
12: Ending while
13: Returning tokens
14: Ending program
Algorithm 2 Algorithm for verifying tokens by Smart contracts
Input: user VID call, SC, and token invoking an Intelligent contract
And (3) outputting: permit or deny access initialization of VID call: for SC-C and SC-D, defined as sc=sc Name(SCParam
1: Process authentication token
2: If (selectToken (token) in BC=null)
3: Denying access
4: If it ends
5:SCName=SC.getName()
6:SCParam=SC.getParam()
7 _X1, _x2, _ aSign) =token
8: Data = (H (x 1) +h (x 2)); H (VID call+SCName+SCParam)) 9: if (VERIFYSIGN (data, _ aSign, PK Au) = true), then
10: Allowing access
11: Otherwise
12: Denying access
13: If it ends
14: Ending program
The system involves the following operations: identity registration, identity verification, data storage, and data viewing.
The specific flow of identity registration is shown in fig. 2, where the patient, doctor and data viewer need to submit identity information to the authority for registration, and access the system after successful registration. The authority generates a virtual identity VID i for the user based on the user's identity information, thereby protecting the user privacy.
The specific operation steps of identity registration are as follows:
Step 1, a user calls a Client-API-register to execute the following operations: kpGen generates a key pair kp= (PK i,SKi), requests registration by providing PK i, encrypted personal information cUserinfo =encrypt (userinfo, PK Au) and signature uSign =s (SK i, userinfo) to the authority; wherein the personal information includes age, gender, character, name, date of birth, etc.
Step 2, the authority verifies uSign and audits the user information, generates a virtual identity VID i for the user passing the audit, and uploads REGUSER = { VID i,PKi } to the blockchain;
And step 3, searching on the blockchain by the user according to the PK i of the user to obtain the VID i of the user.
The specific flow of authentication is shown in fig. 3, where the user needs to send a contract calling application to the authority, and the authority generates a disposable blockchain intelligent contract access token for the authority after authenticating the user, and the user uses the token to access the intelligent contract.
The detailed steps of the identity verification are as follows:
Step 1, a user calls a Client-API-genToken to execute the following operations: providing VID i, contract name SC Name, contract parameter SC Param, and signing the contract name and contract parameter with a private key to an authority for authentication rSign =s (SK i,VIDi,SCName,SCParam);
step 2, the authorization mechanism verifies the identity of the user, and after verification, algorithm 1 is called to issue a blockchain access token for the user, and the user accesses an intelligent contract by the token;
And 3, the user accesses the intelligent contract by using the token, the blockchain execution algorithm 2 verifies the correctness of the token, and if the verification is passed, the user calls the intelligent contract sc=sc Name(SCParam.
The data store and data look-up default users obtain token through authentication and access the smart contract using the correct token.
The specific flow of data storage is shown in fig. 4, where the patient looks for his doctor, who requests the patient to grant write rights. After being authorized, the doctor encrypts and uploads the EHR of the patient to IPFS, and invokes the intelligent contract to upload the relevant information to the blockchain.
The specific operation steps of data storage are as follows:
step 1, a patient looks for a doctor to see a doctor, the doctor requests the patient to grant the writing authority of the patient to EHR data, and the patient calls a Client-API-permission to grant the writing authority to the doctor;
Step 2, after obtaining authorization, a doctor calls the Client-API-upload to execute the following operations: encrypting the EHR by using the public key of the patient, and uploading IPFS the encrypted EHR to obtain the identifier of each file corresponding to the CID [ IPFS ]; the doctor signs the CID with his private key and uploads access= { uploadEHR, (VID P,VIDD, CID, hVal, dSign, timestamp), token };
And 3, transmitting doctor access information to a patient by the blockchain, obtaining related information of the EHR by the patient through the blockchain, ensuring that the EHR is written by the doctor by verifying the signature of the doctor, and obtaining the EHR by decrypting the EHR in the CID IPFS.
And 4, the patient can cancel the writing authority of the doctor at any time.
The specific flow of data viewing is shown in fig. 5, where a data viewer needs to inform the patient of the viewing purpose and request the patient to grant rights if he wants to view his EHR. After authorization, the blockchain network will perform proxy re-encryption and send the EHR to the data viewer in the form of re-encrypted ciphertext. After decryption, the data viewer verifies the integrity of the EHR via the blockchain.
The specific operation steps of data viewing are as follows:
And step1, the data viewer requests the patient to grant the viewing authority, and then the patient calls the Client-API-permission to grant the viewing authority to the data viewer. After granting the viewing authority, the patient calls reKeyGen (after SK P,PKV)→RKP→V generates the re-encryption key, pEHR (0) is obtained from CID lookup IPFS, and the blockchain network calls reEnc (pEHR (0),RKP→V)→pEHR(P→V) generates re-encryption ciphertext EHR (P→V) and sends it to VID V along with CID).
Step 2, the data viewer re-decrypts the ciphertext by using the private key SK V to obtain a plaintext of pEHR, inputs the obtained pEHR into a hash function H, calculates a hash value, compares the hash value with a hash value of pEHR stored in a chain to determine that the obtained pEHR is not tampered, and uploads access= { ViewEHR, (VID V,VIDP, CID, timestamp), token } to the blockchain. The patient may view the access record of his EHR through the blockchain.
And 3, the patient can cancel the viewing authority of the data viewer at any time.
In the system, all EHRs are stored encrypted in IPFS. If a particular patient's EHR is to be viewed, the data viewer must obtain patient authorization and the party may obtain the re-encrypted data sent by the blockchain network. Only the patient himself or herself, and the data viewer granted viewing authority, can decrypt and acquire EHR contents. Attacker a, although able to obtain any message of the blockchain network, cannot decrypt the obtained patient EHR content because of the lack of the correct private key. Thus, the system can ensure confidentiality of EHR data, preventing unauthorized visitors from acquiring the data.
In the system, a doctor may upload CID, S (SK D, CID), and H (EHR) of an EHR stored in IPFS to the blockchain by invoking smart contract uploadEHR. IPFS can help detect tampering or corruption of data because each file has a unique CID in IPFS and IPFS uses content addressing to identify and retrieve data. The participant may verify the doctor's signature with the doctor's public key to verify the doctor's identity. This way, the uploaded data is associated with a particular doctor and provides a verification mechanism for the identity of the doctor. The data viewer may verify the integrity of the data by comparing the hash value of the EHR. If the EHR is tampered in the transmission process, the hash value of the EHR changes, so that the tampering of the data can be detected. In addition, access control mechanisms are implemented that only allow users who are authorized by the patient to access a particular EHR.
The system may ensure data integrity of the EHR by combining IPFS storage and retrieval functions, signature verification by the doctor, hash comparison of data integrity, and access control mechanisms. Any tampered or damaged EHR can be found, thereby improving the trustworthiness of the data and security of the system.
In the system, a user needs to submit identity information to an authority for registration. The authority will audit the user's information and assign a unique virtual identity VID to the user that passed the audit. In each flow, the user uses this VID to interact instead of the real identity information. Thus, the system ensures privacy protection of the identity of the user while allowing secure interactions between users.
In the system, all operations of user registration, doctor upload EHR, and data viewer access EHR are recorded in a block of the blockchain. Each chunk contains a collection of transactions that occur over a period of time, which are ordered, packaged, and added with signatures, hash values, time stamps, and other metadata to form a merck tree (MERKLE TREE). Such a design ensures traceability of the operation, and the user cannot deny the previously recorded operation. The non-tamperability of the blockchain ensures the integrity and trustworthiness of the record. Each block contains the hash value of the previous block, forming a chain structure. Any tampering with the blockchain will result in a mismatch in the hash values of the blocks, which in turn are detected by the system. In addition, each block in the blockchain is time stamped, so that the occurrence sequence of the operations can be determined, and the non-repudiation is further enhanced. By looking at the records on the blockchain, all operations can be verified and audited at any time, preventing users from repudiating or repudiating their past behavior.
The system utilizes blockchain records and protects the non-tamper-ability of operations, ensuring the credibility of data records and the traceability of user behaviors, thereby providing strong non-repudiation.
DDos attack resistance (DDos ATTACK RESISTANCE): in such an attack, an attacker sends network traffic that overloads the target system to make it unable to function properly. The distributed storage structure on the chain and under the chain is adopted in the system, and the block chains and IPFS can effectively avoid single-point faults and a centralized attack target, so that DDos attack is resisted. Through the effective registration and identity verification mechanism, an attacker can be prevented from forging a registration entity and unauthorized access to the system, and the confidentiality of data and the security of the system are improved.
In summary, the system has data confidentiality, data integrity, better privacy protectiveness, non-repudiation and attack resistance.
Therefore, the EHR data safety access and sharing system based on the blockchain can share the EHR data on the premise of ensuring the data safety and protecting the privacy, can provide an efficient and safe data sharing and access control scheme for a medical care system, and has higher performance, a more complete scheme and attack resistance characteristics.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention and not for limiting it, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that: the technical scheme of the invention can be modified or replaced by the same, and the modified technical scheme cannot deviate from the spirit and scope of the technical scheme of the invention.
Claims (6)
1. An EHR data security access and sharing system based on a blockchain is characterized in that: the data viewer granted viewing rights views the patient's EHR by calling Client-API-view;
The patient grants or removes the access right of other users to the EHR data by calling the Client-API-permission;
After obtaining the write-in authority granted by the patient, the doctor uploads the generated medical record after the patient treatment by calling the Client-API-uploading;
intelligent contracts are deployed on channels of the block chain;
The user provides personal information to the authorization mechanism for identity registration, and before the user calls the intelligent contract, the user needs to call the Client-API-genToken to perform identity verification to the authorization mechanism so as to obtain a token for calling the intelligent contract;
the method comprises the steps of selecting a trusted server in a hospital as a CA center, selecting internal equipment as nodes from the hospitals, forming a hospital alliance private IPFS network together by the internal nodes, and performing distributed storage under a chain to finish data storage of a user, wherein a data viewing module is also arranged.
2. The blockchain-based EHR data secure access and sharing system of claim 1, wherein: the data viewers are doctors, insurers and research institutions, and are users requesting to view the EHR of the patient, the patient is the owner of the EHR, and the authority is a completely trusted entity.
3. The blockchain-based EHR data secure access and sharing system of claim 1, wherein the identity registration comprises the following steps:
Step 1, a user invokes kpGen to generate a key pair kp, and provides PK i, encrypted personal information cUserinfo and signature uSign to an authority to request registration;
Step2, the authority verifies uSign and audits the user information, generates a virtual identity VID i for the user passing the audit, and uploads REGUSER to the blockchain;
And step 3, searching on the blockchain by the user according to the PK i of the user to obtain the VID i of the user.
4. The blockchain-based EHR data secure access and sharing system of claim 1, wherein the authentication specifically comprises the following steps:
Step 1, a user provides VID i, contract name SC Name, contract parameter SC Param and uses a private key to sign the contract name and the contract parameter to an authority to perform identity verification on a result rSign;
step 2, the authorization mechanism invokes an algorithm to verify the identity of the user, after verification, a blockchain access token is issued for the user, and the user accesses an intelligent contract by the token;
And 3, the user accesses the intelligent contract by using the token, the correctness of the token is verified by using a block chain execution algorithm, and if the verification is passed, the user calls the intelligent contract SC.
5. The EHR data secure access and sharing system based on blockchain as in claim 1, wherein the specific operation steps of the data storage are as follows:
Step 1, a patient looks for a doctor to see a doctor, the doctor requests the patient to grant the writing authority of the patient to EHR data, and the patient grants the writing authority to the doctor;
step 2, after obtaining authorization, the doctor encrypts the EHR by using the public key of the patient, and uploads IPFS the encrypted EHR to obtain CID; the doctor signs the CID using his private key and uploads the ACCESS to the blockchain;
And 3, transmitting doctor access information to a patient by the blockchain, obtaining related information of the EHR by the patient through the blockchain, ensuring that the EHR is written by the doctor by verifying the signature of the doctor, and obtaining the EHR by decrypting the EHR in the CID IPFS.
6. The EHR data security access and sharing system based on blockchain as in claim 1, wherein the specific operation steps of data viewing are as follows:
Step 1, a data viewer requests a patient to grant viewing authority, the patient grants the viewing authority to the data viewer, after granting the viewing authority, the patient calls reKeyGen to generate a re-encryption key RK P→V, pEHR (0) is obtained according to CID lookup IPFS, and the blockchain network calls reEnc to generate a re-encryption ciphertext pEHR (P→V) and sends the re-encryption ciphertext to the VID V together with the CID;
Step 2, the data viewer uses the private key SK V to decrypt the ciphertext again to obtain the plaintext pEHR of the EHR, inputs the obtained pEHR into the hash function H, calculates to obtain a hash value, and uses the hash value to obtain the data viewer's data
Comparing with the hash value of pEHR stored on the chain, to determine that the obtained pEHR has not been tampered with,
And upload ACCESS to the blockchain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410231415.3A CN118118150A (en) | 2024-02-29 | 2024-02-29 | EHR data safety access and sharing system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410231415.3A CN118118150A (en) | 2024-02-29 | 2024-02-29 | EHR data safety access and sharing system based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118118150A true CN118118150A (en) | 2024-05-31 |
Family
ID=91213464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410231415.3A Pending CN118118150A (en) | 2024-02-29 | 2024-02-29 | EHR data safety access and sharing system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118118150A (en) |
-
2024
- 2024-02-29 CN CN202410231415.3A patent/CN118118150A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110008746B (en) | Block chain-based medical record storage, sharing and safety claim settlement model and method | |
| Chenthara et al. | Security and privacy-preserving challenges of e-health solutions in cloud computing | |
| CN110321721B (en) | Block chain-based electronic medical record access control method | |
| Pussewalage et al. | Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions | |
| Zhang et al. | Blockchain-based privacy preserving e-health system for healthcare data in cloud | |
| Lee et al. | A cryptographic key management solution for HIPAA privacy/security regulations | |
| CN111901302B (en) | Medical information attribute encryption access control method based on block chain | |
| EP1914951B1 (en) | Methods and system for storing and retrieving identity mapping information | |
| CN111261250B (en) | Medical data sharing method and device based on block chain technology, electronic equipment and storage medium | |
| US20210273812A1 (en) | Data system with information provenance | |
| CN114513533A (en) | Classified and graded fitness and health big data sharing system and method | |
| Jeong et al. | Blockchain-based management of video surveillance systems | |
| MX2010012645A (en) | Identity-based encryption of data items for secure access thereto. | |
| John et al. | Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation | |
| Ramesh et al. | Blockchain based efficient tamper-proof EHR storage for decentralized cloud-assisted storage | |
| Vidhya et al. | A blockchain based secure and privacy aware medical data sharing using smart contract and encryption scheme | |
| CN116344013A (en) | Medical data management method and system | |
| Harbach et al. | Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions | |
| Chao et al. | A patient-identity security mechanism for electronic medical records during transit and at rest | |
| CN114124392B (en) | Data controlled circulation method, system, device and medium supporting access control | |
| Xu et al. | A decentralized pseudonym scheme for cloud-based eHealth systems | |
| CN118118150A (en) | EHR data safety access and sharing system based on block chain | |
| Fitri et al. | Secure attribute-based encryption with access control to data medical records | |
| Vidya et al. | Secured Personal Health Records transactions using homomorphic encryption in cloud computing | |
| CN117294496B (en) | Intelligent home monitoring data safety management method based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |