+

CN109326337B - Model and method for storing and sharing electronic medical record based on block chain - Google Patents

Model and method for storing and sharing electronic medical record based on block chain Download PDF

Info

Publication number
CN109326337B
CN109326337B CN201811034508.8A CN201811034508A CN109326337B CN 109326337 B CN109326337 B CN 109326337B CN 201811034508 A CN201811034508 A CN 201811034508A CN 109326337 B CN109326337 B CN 109326337B
Authority
CN
China
Prior art keywords
data
medical
signature
access
patient
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811034508.8A
Other languages
Chinese (zh)
Other versions
CN109326337A (en
Inventor
刘景伟
李鑫
李晓璐
孙蓉
裴庆祺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201811034508.8A priority Critical patent/CN109326337B/en
Publication of CN109326337A publication Critical patent/CN109326337A/en
Application granted granted Critical
Publication of CN109326337B publication Critical patent/CN109326337B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Storage Device Security (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

本发明公开了一种基于区块链的电子医疗记录安全存储和共享模型及方法,解决了现阶段病人对个人医疗数据访问权限的控制以及对敏感医疗数据的无法安全存储与共享的问题。该方案实现是:模型包括,数据创建者、数据所有者、云存储、联盟区块链及数据使用者,其中区块链是控制中心。方法包括,系统初始化;医疗数据的获取:采用截取签名的数据存储;采用改进的DPOS共识机制的数据发布;基于智能合约的数据共享。本发明具有安全性、可靠性、隐私保护以及安全存储的能力,结合云存储技术和可截取签名技术,在联盟区块链中,用户通过智能合约设置共享条件,可以实现数据安全有效的共享访问,实用性强。

Figure 201811034508

The invention discloses a block chain-based electronic medical record safe storage and sharing model and method, which solves the problems of patients' control over the access authority of personal medical data and the inability to securely store and share sensitive medical data at the present stage. The implementation of the scheme is: the model includes data creator, data owner, cloud storage, alliance blockchain and data user, of which blockchain is the control center. The method includes: system initialization; acquisition of medical data: data storage using intercepted signatures; data release using improved DPOS consensus mechanism; data sharing based on smart contracts. The invention has the capabilities of security, reliability, privacy protection and safe storage. Combined with cloud storage technology and interceptable signature technology, in the consortium blockchain, users can set sharing conditions through smart contracts, which can realize safe and effective shared access to data , strong practicability.

Figure 201811034508

Description

Model and method for storing and sharing electronic medical record based on block chain
Technical Field
The invention belongs to the technical field of information security, and particularly relates to improved technologies such as a stock authorization certification mechanism (DPOS), an intelligent contract, cloud storage and an interceptable signature, in particular to a model and a method for storing and sharing electronic medical records based on a block chain, which can be used for safely storing and sharing data under the block chain technology.
Background
With the rapid development of the internet, cloud computing and internet of things technologies, the data scale is increased rapidly, and the concepts of the internet and health care, medical health big data and the like come along. As an important data source of Medical big data, sharing of Electronic Medical Record (EMR) has great application value in the fields of hospital development, clinical service, clinical scientific research and the like. Actually, in the 90 s of the 20 th century, western countries such as meiying and ying have started to promote research of EMR, while research in this respect in China is started later, and in the opinion published by the common central national institute in 2009, the "establishment of health records of residents is particularly proposed as a key point to promote information-based construction of hospitals".
Electronic Medical Records (EMRs) are data integration systems that are created, stored, and used electronically by medical institutions, focusing on outpatient, inpatient (or healthcare object) clinical care and guidance intervention information. The ultimate goal of electronic medical record development is to achieve information sharing, which is advantageous in that different medical institutions can use this data to correlate with other electronic health record data to facilitate health monitoring, disease diagnosis and treatment, and reduce medical errors. The sharing of the electronic medical records can also realize remote medical treatment and make accurate and timely treatment schemes through consultation of a plurality of hospitals.
However, at the present stage, paper medical records are mainly used and are stored by a centralized medical institution, so that patients have difficulty in acquiring required medical records and medical history conditions, and the quality of medical treatment is affected. Data cannot be shared among medical institutions, and medical research is not facilitated. Moreover, conventional centralized networks are vulnerable to data leaks, such as 8000 thousand patient and related personnel records leaked by Anthem and 450 thousand patient data leaked by UCLA Health. Fortunately, the birth of blockchain technology provides a possibility to solve the medical "islanding information" phenomenon. It provides a new mode of distributed sharing that can remove the intermediate mechanism, increase data security.
Blockchain technology is the underlying support technology for bitcoin, and is considered to be the fifth subversive computational paradigm after mainframe computers, personal computers, the internet, mobile societies. The core technology of the method comprises a distributed ledger technology, an asymmetric encryption algorithm, an intelligent contract and the like, and has the characteristics of decentralization, high-redundancy storage, tamper resistance, high safety and the like. Based on the above characteristics of the block chain technology, the method is widely applied to various fields such as finance, election, medical treatment, supply chain and the like. Wherein the medical health field would likely be the second largest application market behind the financial field. When medical data is shared by the hospital-oriented medical data, all medical record information on the blockchain contains different timestamps and encryption keys, and the medical record data of the patients are stored on the distributed servers in this way. Because the billing process adopts a series of data encryption, signature and integrity verification, the medical record data which is stored in the distribution cannot be tampered at will and can only be recorded in the same server or the medical record of the patient, so that the confidentiality of the medical record data is improved.
However, managing medical data, acquiring, storing, and sharing are not simple tasks, especially privacy concerns. Electronic medical records contain a large amount of personal information, and the use of electronic medical records is clearly regulated by multi-national laws and regulations to take care of patient privacy protection. For example, when a patient purchases a medicine in an e-commerce pharmacy by showing an effective prescription, the patient does not want to reveal information such as the real name and identification number of the patient, the data used for scientific research does not need to know the information such as the real name and identification number of the patient, and the sensitive personal privacy data is deleted from the health data of the patient when the data is used. Therefore, the intercepted signature is very suitable for electronic medical records, and the patient can delete personal private data according to own will and can obtain an effective intercepted signature without interaction.
The blockchain technology can help doctors, patients and researchers to quickly and safely authenticate the authority, and free data access and sharing are achieved. Therefore, the application and research of the current block chain in the medical field are concerned, the Health bank company in switzerland is an innovator of global digital Health, and the absolute safety of Health data storage is ensured by processing the transactions of a Health system in a transparent mode through the block chain. A Health ecosystem comprising a block chain is constructed in a Gem Health joint Philips block chain laboratory, so that the global medical integration is promoted, and the medical Health is more personalized and civilized. In the country, the hospital (regional medical consortium) + blockchain trial project, which is a collaboration of ali health with the Changzhou city, is most compelling. At this stage, however, no specific embodiment or method has been disclosed.
At present, medical institutions mainly use paper medical records and store the paper medical records by medical institutions with centralized characteristics, and patients are difficult to acquire required medical records and medical history conditions, so that the medical quality is influenced. Data cannot be shared among medical institutions, and medical research is not facilitated. The ultimate goal of electronic medical record development is to achieve information sharing, which is advantageous in that different medical institutions can use this data to correlate with other electronic health record data for treatment or scientific research. But traditional centralized networks are vulnerable to attacks, resulting in data leakage. And sensitive information of patients is often involved in the medical data, and the dispersity and information circulation characteristics of the medical data make the block chain of the alliance very suitable. However, the existing stock authorization certification mechanism DPOS is used by 101 institutions, such a DPOS consensus mechanism determines the representative node according to the stock authorization, and it is obvious that the medical field related to the health of patients and medical research cannot determine the representative node according to the selection criteria of the stock authorization, because it needs a medical institution with high medical level and authority as the representative node to judge the validity of the release of the medical data and the access right of the medical data sharing, and only this is scientific, so the existing DPOS mechanism cannot be applied to the medical field.
Disclosure of Invention
The invention aims to overcome the defects and provides a safe storage and sharing model and a safe storage and sharing method of the electronic medical record based on the block chain, which can safely store and share the medical data.
The invention firstly relates to a block chain-based electronic medical record safe storage and sharing model which is characterized by comprising a data creator, a data owner, cloud storage, an alliance block chain and a data user, wherein the data creator firstly sends an electronic medical record of a patient to the data owner; the data owner intercepts data according to an intercepting rule, encrypts the data and stores the encrypted data in the cloud; the data owner distributes the citation of the medical data stored in the cloud in the alliance block chain, and sets access authority by using an intelligent contract; after the data user obtains the access application of the alliance block chain, the data user obtains the data to be accessed after decrypting the data in the cloud storage;
the data creator is a medical institution or doctor, the data owner is a patient, and the data user is a doctor or medical institution or institute or other person desiring to obtain the data.
The invention also relates to a block chain-based electronic medical record safe storage and sharing method, which is used on the block chain-based electronic medical record safe storage and sharing model of claims 1-3, and is characterized by comprising the following steps:
(1) model initialization: a certificate issuing (certification) authority CA in the federation blockchain is responsible for issuing a certificate for each new user, the certificate comprising an account ID, a public-private key pair (PK, SK); medical data such as electronic medical record of personal information of a patient, an examination report and the like are classified according to the medical data, the medical data are refined into M (name, gender, age, identification number, medical history, physical examination or laboratory sheet and medical prescription), and the M (M) is recorded as (M)1,m2,m3,m4,m5,m6,m7};
(2) Data acquisition: the data creator (medical institution) performs the revisable signature after dividing the data M into n segments and sends the signature and the original EMRs to the data owner:
(2a) dividing the electronic medical data M of the patient into n segments, namely: m ═ Mi|i=1,2,…,n};
(2b) Randomly selecting an integer
Figure BDA0001790531730000031
Calculating r ═ gk(mod p);
(2c) For each subdata M of the original data MiCalculating a hash value hi=H(MiIiiiiiiiiii) 1 ≦ i ≦ 7, where CEAS is the truncation rule for the truncatable signature and T is the CEAS marker;
(2d) calculate the subdata MiSignature of δi=(hi-ar)k-1mod(p-1),1≤i≤7;
(2e) Of the output data MGlobal signature deltaFull=(CEAS‖T‖δ1‖δ2‖…‖δ7);
(2f) The data creator combines the raw medical data MiHash value hiGlobal signature deltaFullAfter the CEAS and the mark T are cascaded, the symmetric key of a doctor is used for encryption, and then the encryption key K is used for encryptiondocUsing the public key PK of the patientpatEncrypted and then sent to the patient;
(3) data storage with intercepted signatures: after receiving the medical data sent by the doctor, the data owner (patient) uses the private key SKpatEncryption key K for decrypting medical datadocThen, the original medical data M is decryptediSecond, verify the global signature deltaFullIf the data is correct, the data owner generates a revised signature (intercepting signature) and stores the revised signature and the ciphertext of the original data into the cloud, and the steps are as follows:
(3a) for each sub-data M of the data MiCalculate hi=H(MiII T II I) of CEAS, wherein 1 ≦ i ≦ 7;
(3b) from global signatures δFullTo obtain deltaiAnd verify
Figure BDA0001790531730000041
Whether or not it is established, i.e.
Figure BDA0001790531730000042
If signature deltaFullIf the verification is passed, executing the following steps, otherwise, returning to failure;
(3c) intercepting the signature of the corresponding subdata by the patient according to CEAS specified by the doctor and the will of the patient;
(3d) the data owner encrypts and stores the intercepted medical data and the corresponding intercepted signature into cloud storage;
(4) data publishing with improved DPOS consensus mechanism: after the patient stores the medical data in the cloud storage, the patient needs to store the metadata, the hash value and the signature in a federation blockchain, and sets access authority by using an intelligent contract, wherein the steps are as follows:
(4a) the patient adopts a unique IDpat(independent of individual identity privacy) register and log on the blockchain;
(4b) for the subdata number i e CI (M'), the patient uses his own private key SKpatFor MetadataiHash value of the original data hiAnd performing common digital signature with the timestamp t to obtain
Figure BDA0001790531730000043
(4c) Requesting to store the medical record in the blockchain, issuing a request:
Figure BDA0001790531730000044
(4d) the current value in the block chain network represents that the node receives the transaction request and is responsible for generating an effective block, and block consensus is carried out by using an improved DPOS (distributed DPOS consensus) mechanism;
(5) data sharing based on smart contracts: a data user submits an access application to the blockchain, and needs to provide information such as a public key, an access object, an access purpose and the like of the data user, and the data user utilizes the urls based on CP-ABE access control, namely blockchain access authority authenticationiThe EMRs can be obtained, and the integrity and validity of the original data are verified through the hash value and the signature, and the process comprises the following steps:
(5a) CP-ABE access control;
(5b) medical data sharing in cloud storage;
(5c) data user verification signature deltaExtTo ensure the required raw medical data MiIf the intercepted signature passes verification, the fact that the original medical data are not tampered is indicated, the user can conduct access operation to obtain shared data, and if the verification fails, the user informs a cloud storage manager of the message to conduct processing.
The invention effectively realizes the control of ownership and access authority of the patient on the personal medical data and the safe storage and sharing of the sensitive medical data.
Compared with the prior art, the invention has the following advantages:
1) safety:
the medical data storage of the invention utilizes standard symmetric encryption and asymmetric encryption technologies, and has good resistance to the traditional security attack. For example, through an encryption and authentication mechanism, an attacker cannot open encrypted information through brute force cracking for a short time; the addition of the time stamp is well resistant to replay attacks; in the communication process, the communication node uses a digital signature technology to resist the attack of an attacker pretending to be a legal entity or forging false information; any entity can not forge the digital signature of other entities under the condition that the private key of the signer does not exist; a legitimate entity can verify the sender of the received message by digital signature techniques and verify that the received message has been altered. These techniques can ensure the authenticity and validity of electronic medical data.
2) Reliability:
authoritativeness: the invention is based on the alliance blockchain infrastructure, and the consensus process is controlled by part of the preselected nodes instead of all the nodes of the whole network, thereby greatly reducing the network overhead. Furthermore, with improved DPOS consensus, the selected medical institutions have influence and authority in ranking, thereby ensuring reliability of data sharing.
Tamper-proofing: all information in the federation chain is public and non-tampered, and each data block is stamped with a time stamp and arranged according to a certain time sequence. The distributed consensus mechanism enables trust to be built on the basis of cryptographic algorithms without relying on a trusted third party. Once written into the healthcare chain, the data cannot be tampered with because each tile holds the hash of its previous tile, which is almost impossible if it takes at least over 51% of the total network to modify the data of a tile. The hash of the original data of the medical record is saved in the medical chain of the invention, and any change of the original data can cause the change of the hash value, so that the non-tamper property of the medical record is directly ensured.
3) Privacy protection:
because the electronic medical record of the patient contains many sensitive information, such as name, identification card number, special illness state, etc., the electronic medical record does not need to be publicized. Due to the following technical characteristics, the privacy of the invention is well protected.
Anonymous trading: each node on the blockchain participates anonymously in transactions, and the user may use a different public and private key pair for each transaction. In addition, the consensus mechanism of the blockchain solves the trust problem in the peer-to-peer network, so that data transmission and even transaction can be anonymous, and only the blockchain address of the user needs to be known.
Secondly, cloud storage: the original data of the medical record are encrypted and stored in the cloud storage. In this way, the problem of limited blockchain storage capacity is solved while also greatly reducing the disclosure of raw medical data in the blockchain and securely storing the data.
Third, the signature can be intercepted: the invention adopts the signature which can be intercepted when a doctor signs medical data, and aims to facilitate the patient to intercept the sensitive data of the patient and obtain the effective signature without multiple interactions. The introduction of the signature can be intercepted, reducing the transmission of sensitive data from the beginning. Like ordinary digital signatures, any entity cannot forge the digital signatures of other entities without the private key of the signer.
4) And (4) safe storage:
the security of the storage of data is an important feature of the chain of the medical alliance, in which case the user has ownership of his own medical record and has full control over its use. The process from the production of the data to the use of the data is secure.
The patient encrypts and stores the original data and the signature in the cloud storage under the chain, and the distributed characteristic of the cloud storage ensures the safety of data storage.
And secondly, public information (metadata, hash values and access authority) of the medical records is stored in the block chain and cannot be modified by public. The blockchain is a safe and reliable distributed database, so that the risk that a centralized mechanism is easily attacked to cause data leakage is avoided. And each node on the blockchain stores the same data, so that the single-point attack cannot influence the whole system. The decentralized storage system has good expandability and reliability.
The data sharing authority is predefined in the intelligent contract by the user, only authorized users or mechanisms can access the data, and the access transaction can be recorded. Due to the presence of the time stamp, violations of rules or malicious use of the data can be traced. The user has the right to revoke his access rights and have him accept the audit.
Drawings
FIG. 1 is a general flow chart of an implementation of the present invention;
FIG. 2 is a sub-flow diagram of the signature generation algorithm SIG in the present invention;
FIG. 3 is a sub-flow diagram of the medical record data storage of the present invention;
FIG. 4 is a sub-flow diagram of an interceptable signature algorithm in a medical records data store in accordance with the present invention;
fig. 5 is a sub-flow diagram of the basic ciphertext access control scheme (BCAC) of the present invention.
Detailed Description
Embodiments and effects of the present invention will be described in detail below with reference to the accompanying drawings.
Example 1
At present, paper medical records are mainly used and stored by a medical institution with centralized characteristics, so that patients are difficult to obtain required medical records and medical history conditions, and the medical quality is influenced; data cannot be shared among medical institutions, which is not beneficial to medical research; traditional centralized networks are vulnerable to attacks, resulting in data leakage; the case history data is tampered by people randomly and frequently; the privacy protection of the sensitive information of the patient can not be obtained, and the like. To this end, the invention provides a model for safe storage and sharing of electronic medical records based on a block chain.
The invention relates to a safe storage and sharing model of electronic medical records based on a block chain, which comprises a data creator, a data owner, cloud storage, an alliance block chain and a data user, wherein the data creator firstly sends the electronic medical records of a patient to the data owner; the data owner intercepts data according to an intercepting rule, encrypts the data and stores the encrypted data in a cloud end, namely cloud storage; the data owner distributes the citation of the medical data stored in the cloud in the alliance block chain, and sets access authority by using an intelligent contract; and after the data user receives the access application of the alliance block chain, the data user decrypts the data in the cloud storage to obtain the data to be accessed.
The data creator is a medical institution or doctor, the data owner is a patient, and the data user is a doctor or medical institution or institute or other person desiring to obtain the data.
From the structure of the model, a data creator serves as a data source of the whole model and has a unidirectional data flow direction pointing to a data owner; as a block chain of the alliance of the whole model control center, the block chain has close relation with other four important nodes, namely other four components of the model: the data owner sends a release request and an intelligent contract access authority of the medical record data to the block chain of the alliance, after the block chain of the alliance passes the request, an intelligent contract is set, and a one-way relation that the data owner points to the block chain of the alliance exists between the block chain of the alliance and the intelligent contract; and the data user (including a data creator) sends a data stream of the information requested to be accessed to the alliance block chain, the alliance block chain feeds back the link of the data at the cloud end to the data user after being checked, and the data user and the alliance block chain are in a bidirectional link relationship. The cloud stores medical data of patients, references of the medical data of the patients stored in the block chain of the alliance and other control information, and the cloud and the data link layer of the block chain of the alliance have no direct data flow direction, but have reference connection on the network layer. The cloud end is used as the cloud end of the whole model storage center, the data owner points the encrypted medical data to the cloud end, the cloud end can return the link of the medical data to the data owner, and the data user and the cloud end are in a bidirectional link relation; the data user accesses the cloud end through the data access link returned by the block chain of the alliance, the cloud end can return the medical data to the data user, and the data user and the cloud end are in a bidirectional link relationship.
Example 2
The overall structure of the model for the safe storage and sharing of the electronic medical records based on the block chain is the same as that of the embodiment 1, in the invention, the block chain of the alliance is a control center of the whole model, wherein a certificate issuing (certification) authority CA is responsible for issuing a certificate for each new user (a data creator or a data owner), the certificate comprises an account ID and a public and private key pair (PK, SK), and in order to realize the sharing of the medical data, the data owner firstly needs to register and log in on the block chain of the alliance by adopting a unique identity account number of the data owner; because the storage capacity of the block chain of the alliance is limited, the personal medical records are stored in the cloud storage in an encrypted manner, only references of the data in the cloud storage, namely metadata, hash values and signatures, are reserved in the block chain, and a patient uses the private key SK of the patientpatFor MetadataiHash value of the original data hiAnd a timestamp t, generating a request to store the medical record in the blockchain. The invention adopts an improved DPOS consensus mechanism to carry out block consensus, wherein a current value represents a node RPN to verify each transaction, the current value represents the node RPN in the invention refers to a representative of an authoritative medical institution with high medical level and good credit, the current value represents the node RPN and integrates all collected effective data in the period of time into a data set, then a digital signature of the current value and a hash value of a new data block are attached to form a new data block, and a newly generated data block is broadcasted to other auditing nodes ATNs to be verified, the auditing nodes ATNs in the invention refer to other authoritative medical institutions with high medical level, good credit and being capable of being represented, after each ATN receives the data block, the validity and correctness of the data block are verified through information such as block hash value and digital signature sent by the RPN, and the result of the auditing is attached to the digital signature of the current value and encrypted by a public key of the RPN and sent back to the current value representing point, and the RPN checks the audit replies of all ATNs, and if the number of tickets passing the audit exceeds 51%, the block generation is considered to be successful. The RPN integrates the data block with the public key set of the ATNs of the audit node and the corresponding digital signature and sends the integrated data block to all nodes, and all nodes update data to form an effective block; and setting an intelligent contract according to the access authority set by the data creator.Based on CP-ABE access control, namely block chain access authority authentication, when a data user wants to obtain medical data of a patient, an access application is submitted to a block chain of a alliance, the access application comprises information of a public key of the data user, an access object, an access purpose and the like, if the access application passes, whether preset access conditions of the patient are met is judged according to identity information of a data visitor, if the preset access conditions are met, an intelligent contract is triggered to decrypt metadata by using a private key provided by the patient, ciphertext information of the metadata encrypted by the public key of the data user is returned, medical record data are obtained by using a link of data storage, and the integrity and the validity of original data are verified through a hash value and a signature.
Example 3
The overall structure of the model for safe storage and sharing of the electronic medical record based on the blockchain is the same as that of the embodiment 1-2, and all the quotes of the medical record data on the alliance blockchain contain different time stamps and encryption keys, namely, for the medical subdata, a patient uses the private key SK of the patientpatFor MetadataiHash value of the original data hiAnd performing common digital signature with the timestamp t to obtain
Figure BDA0001790531730000091
And then issuing a request to the alliance blockchain, and adopting an improved DPOS consensus mechanism to accept the transaction request and carry out blockchain consensus on the current value representative nodes in the blockchain network. When the value represents the node RPN, each transaction is verified, and all the collected effective data in the period is integrated into a data set (denoted as M)setAnd { Req | t }), the new data block is formed by attaching the digital signature of the new data block and the hash value of the new data block, and the newly generated data block is broadcasted to other auditing nodes ATNs to be verified. After each ATN receives the data block, the validity and the correctness of the data block are verified through information such as the block hash value, the digital signature and the like sent by the RPN, the audit Result (Result) of the ATN is attached to the digital signature of the ATN, and the audit Result (Result) is encrypted by the public key of the RPN and then is sent to the current value representative node as a Reply (Reply). The RPN checks the audit replies of all ATNs, and if the number of tickets passing the audit exceeds 51 percent, the RPN considers that the tickets pass the audit repliesThe block generation is successful. And the RPN integrates the data block with the public key set of the ATNs of the audit node and the corresponding digital signature and sends the integrated data block to all nodes, and all nodes update data. Thereafter, the data blocks will be stored in the federation chain in chronological order, with the value representing the reward that both the node and the node participating in the audit will receive credit. After the request is passed, the patient stores a reference to the medical data on a distributed server. Because the accounting process adopts a series of data encryption, signature and integrity verification, the medical record data stored in a distributed mode cannot be tampered randomly, and therefore the model has the characteristics of decentralization, tamper resistance, high safety and the like.
Example 4
The overall construction of the model for secure storage and sharing of electronic medical records based on blockchains is the same as in examples 1-3,
the invention is also a block chain based method for secure storage and sharing of electronic medical records. The method is used on the model of safe storage and sharing of the electronic medical record based on the block chain, and referring to fig. 1, comprises the following steps:
(1) model initialization: a certificate authority CA in the block chain of the alliance is responsible for issuing a certificate for each new user, wherein the certificate comprises an account ID and a public and private key pair (PK, SK), each new user with encryption and decryption requirements, namely a data creator, a data owner and a data user, needs to be initialized to obtain the own public and private key pair (PK, SK), and in addition, a symmetric encryption key may be needed. The invention adopts the existing signature algorithm capable of intercepting to design the signature, and the use of the digital signature technology can resist the attack of an attacker pretending to be a legal entity or forging false information. The data creator performs the following operations: key generation algorithm GK: let p be one such that in the multiplication loop group ZpThe prime numbers that are difficult to handle by the discrete logarithm problem,
Figure BDA0001790531730000101
is a primitive element, H is a hash function, and an integer is randomly selected
Figure BDA0001790531730000102
Calculating v ═ ga(mod p), the public key PK of the signerdocPrivate key SK { p, g, v }, anddoc=a。
(2) data creator obtains data: the data creator (medical institution) divides the medical data M into n segments and executes the revisable signature and sends the signature and the original electronic medical record EMRs to the data owner:
(2a) when a patient sees a doctor in a hospital or is examined in medical institutions such as the hospital, a doctor can generate medical data such as an electronic medical record containing personal information of the patient, an examination report and the like for the patient, and a data creator divides the electronic medical data M of the patient into n sections, namely: m ═ Mi1,2, …, n }, including name, sex, age, identification number, medical history, physical examination or laboratory sheet, medical prescription, similar medical record and other medically important information. N here can be flexibly designed according to actual situations and requirements.
(2b) The data creator randomly selects an integer
Figure BDA0001790531730000103
Calculating r ═ gk(mod p)。
(2c) Data creator for each sub-data M of original data MiCalculating a hash value hi=H(MiIiiiiiiii) 1 ≦ i ≦ 7, where CEAS is the truncation rule for the truncatable signature, T is the CEAS flag, and the truncation rule is the rule that the physician maximally preserves the validity of the patient medical data without removing the patient's privacy, such as: the sex and age of a patient are important reference factors influencing a part of pathology, so that a data creator needs to set the sex and age as an object to be intercepted, and the contact way of the name, identification card information, a telephone and the like of the patient is privacy of the patient, and the contact way has no great relation to medical data and can be set as a non-intercepted object. The interception signature of the CEAS can maximally protect the privacy of the patient on the premise of ensuring the validity of the medical data.
(2d) The data creator calculates each sub-data MiThe signature of (a), namely: deltai=(hi-ar)k-1mod(p-1),1≤i≤7。
(2e) The data creator obtains the global signature δ of the complete data MFull=(CEAS‖T‖δ1‖δ2‖…‖δ7)。
(2f) The data creator combines the raw medical data MiHash value hiGlobal signature deltaFullAfter the CEAS and the mark T are cascaded, the symmetric key of a doctor is used for encryption, and then the encryption key K is used for encryptiondocUsing the public key PK of the patientpatAfter encryption, the data are sent to the patient together, namely:
Figure BDA0001790531730000104
the medical data is symmetrically encrypted, and the key for symmetric encryption is asymmetrically encrypted. An attacker cannot open the encrypted information through brute force cracking in a short time, so that the medical data has good resistance to the traditional security attack.
(3) Data storage with intercepted signatures: after receiving the medical data and encrypted key from the data creator, the data owner (patient) uses its own private key SKpatEncryption key K for decrypting medical datadocThen, the original medical data M is decryptediSecond, verify the global signature deltaFullIf the data is correct, the data owner generates a revised signature (an intercepted signature) and stores the intercepted signature and the ciphertext of the original data into the cloud, and the steps are as follows:
(3a) decrypting each subdata M of the data M by the data owneriThen, the hash value h of each subdata is calculatedi=H(MiII | T | i) of CEAS, wherein 1 ≦ i ≦ 7.
(3b) From global signatures δFullEach subdata M is obtainediIs a signature deltaiAnd verify
Figure BDA0001790531730000111
Figure BDA0001790531730000112
Whether or not the above-mentioned conditions are satisfied,
namely, it is
Figure BDA0001790531730000113
If signature deltaFullIf the verification is passed, the following steps are executed, otherwise, failure is returned. The data owner can verify the identity of the sender of the received medical data and verify whether the obtained medical data is modified through a digital signature technology, and the technology can guarantee the authenticity and validity of the electronic medical data.
(3c) The patient follows the interception rules CEAS prescribed by the doctor and his privacy protection will, such as: the patient wants to protect his name and address, which in turn satisfies the interception rules CEAS, so he can hide this part of the data. The signature of the corresponding subdata is intercepted, so that the patient can conveniently protect the sensitive data of the patient, and the effective signature can be obtained without multiple interactions. The introduction of the signature can be intercepted, reducing the transmission of patient sensitive data from the outset.
(3d) The data owner encrypts and stores the intercepted medical data and the corresponding intercepted signature into cloud storage, and the original medical data are encrypted and stored in the cloud storage under the link, so that a foundation is laid for sharing the medical data. In this way, the problem of limited blockchain storage capacity is solved, meanwhile, the disclosure of original medical data in the blockchain is greatly reduced, the data is stored safely, and the safety of data storage is ensured due to the distributed characteristic of cloud storage.
(4) Data publishing with improved DPOS consensus mechanism: after the medical data is stored in the cloud by the patient, in order to really realize the sharing of the medical data safely and reliably, the patient needs to store the quote of the medical data, namely metadata, a hash value and a signature in a federation block chain, and set the access right by using an intelligent contract. All information in the federation chain is public and non-tampered, and each data block is stamped with a time stamp and arranged according to a certain time sequence. The distributed consensus mechanism enables trust to be built on the basis of cryptographic algorithms without relying on a trusted third party. Once written into the federation blockchain, data cannot be tampered with because each chunk holds the hash of its previous chunk, which is almost impossible if at least over 51% of the network effort is required to modify the data of a chunk. The hash of the original data of the medical record is saved in the medical chain of the invention, and any change of the original data can cause the change of the hash value, so that the non-tamper property of the medical record is directly ensured. The steps of data publishing in the model are as follows:
(4a) the data owner adopts the unique ID after registering on the block chain of the alliancepat(independent of privacy of individual identity) logs on to the federation blockchain.
(4b) The data owner has the sub-data number i e CI (M'), and the patient uses the private key SK of the patientpatFor MetadataiHash value of the original data hiDigitally signing with the timestamp t to obtain
Figure BDA0001790531730000121
Wherein the addition of the time stamp is well resistant to replay attacks.
(4c) The data owner requests that a reference to the medical data be stored in the blockchain, issues a request Req:
Figure BDA0001790531730000122
Figure BDA0001790531730000123
the block chain is a safe and reliable distributed database, and the risk of data leakage caused by the fact that a centralized mechanism is easily attacked is avoided. And each node on the block chain stores the same data, so that the single-point attack does not influence the whole system, and the decentralized storage system has good expandability and reliability.
(4d) The present invention is based on the alliance blockchain infrastructure, and the consensus process is controlled by part of the preselected nodes, not all nodes of the whole network, thereby greatly reducing the network overhead. The consensus mechanism of the blockchain solves the trust problem in the peer-to-peer network, so that data transmission and even transaction can be anonymous, and only the blockchain address of the user needs to be known. The invention adopts an improved DPOS consensus mechanism to carry out block consensus, and the selected medical institution has influence and authority on ranking, thereby ensuring the reliability of data sharing
(5) Data sharing based on smart contracts: along with the social progress, people pay more and more attention to their health, and besides the progress of medical technology, the improvement of the medical level of the society is also the sharing of medical data which cannot be ignored. The medical data is the record of pathological conditions, treatment conditions and treatment history of the patient, and has important reference value for further treatment of the patient, medical research of the pathological conditions by scientific research institutions and treatment of other patients with the same pathological conditions or similar pathological conditions, so that the importance of data sharing is self-evident. A data user needs to acquire medical data of a patient, submits an access application to a blockchain, provides information such as a public key, an access object and an access purpose of the data user, authenticates access authority of the blockchain based on CP-ABE access control, and utilizes a data access link urliThe EMRs of the electronic medical record data can be obtained, and the integrity and the validity of the original data are verified through the hash value and the signature, and the process comprises the following steps:
(5a) the block chain access authority is authenticated, the data sharing authority is completely predefined in an intelligent contract by a data owner, only authorized users or organizations can access the data, and each access transaction is recorded. Due to the existence of the time stamp, the behavior of violating the rules or maliciously using the data can be traced, and the user has the right to revoke the access right and accept the audit.
(5b) Medical data sharing in cloud storage, the identity of the data user may be the doctor or nurse responsible for the treatment of the data creator, a scientific research institution for medical research, and a patient with the same or similar pathology in order to assist in their treatment.
(5c) The data user needs to verify the signatureδExtTo ensure the required raw medical data MiIf the intercepted signature passes verification, the original medical data M is indicated to be not tampered, the user can carry out access operation to obtain shared data, and if the intercepted signature fails verification, the original medical data M is indicated to be not tamperediThe validity and integrity of the data are destroyed, and the data user informs the cloud storage manager of the message for processing.
The medical data is sent and stored, the reference of the medical data is stored in the alliance block chain and other processes, and the symmetric encryption technology and the asymmetric encryption technology are utilized, so that the traditional security attack resistance is good. During data transmission, the communication node uses a digital signature technology to resist the attack of an attacker pretending to be a legal entity or forging false information. Because the accounting process of the block chain of the alliance adopts a series of data encryption, signature and integrity verification, the medical record data stored in a distributed mode cannot be tampered randomly. These techniques can ensure the authenticity and validity of electronic medical data. In addition, the implementation of the intelligent contract effectively guarantees the access ownership of the data owner to the medical data of the data owner. In a word, the safe storage and sharing model of the electronic medical record based on the block chain can effectively ensure the safe storage and sharing of the data medical treatment.
Example 5
The overall structure of the model for safe storage and sharing of the electronic medical record based on the block chain is the same as that of the embodiment 1-4, in the step (3c), the patient intercepts the signature of the corresponding subdata according to the CEAS specified by the doctor and the will of the patient, and the process is carried out according to the following steps:
(3c1) the interception subset CI (M') is constructed according to the CEAS specified by the physician.
(3c2) Generating an intercepted sub data set M '{ M ═ according to the intercepted subset CI (M')i|i∈CI(M′)}。
(3c3) For each i ∈ CI (M'), from δFullTo take out deltai
(3c4) Generating a truncated signature deltaExt=(CEAS‖CI(M′)‖T‖δ1‖δ2‖…‖δf) Wherein δiAnd (i ═ 1,2, …, f) is the signature of the corresponding child data in CI (M').
The patient intercepts the signature of the corresponding subdata according to the intercepting rule CEAS specified by the doctor and the intention of the patient, and the protection of the sensitive data of the patient on the patient is realized to the maximum extent on the premise of meeting the intercepting rule CEAS.
Example 6
The overall structure of the model for safe storage and sharing of electronic medical records based on the block chain is the same as that of the embodiment 1-5, an improved DPOS consensus mechanism is adopted in the step (4d) for block consensus, and the original DPOS adopting the share authorization certification mechanism is improved into the DPOS consensus mechanism aiming at the medical field. The method comprises the following specific steps:
(4d1) when the value represents the node RPN, each transaction is verified, and all the collected effective data in the period is integrated into a data set (denoted as M)setAnd (Req | t }), attaching the digital signature of the node and the hash value of the new data block to form a new data block, and broadcasting the newly generated data block Records to other auditing nodes ATNs to be verified, wherein the process is specifically expressed as follows:
Figure BDA0001790531730000141
(4d2) after each ATN receives the data block, the validity and the correctness of the data block are verified through information such as a block hash value, a digital signature and the like sent by the RPN, an audit Result (Result) of the ATN is attached to a digital signature of the ATN, and the audit Result (Result) is encrypted by a public key of the RPN and then sent to a current value representative node as a Reply (Reply), wherein the process is specifically expressed as follows:
ATNs→RPN:
Figure BDA0001790531730000142
(4d3) the RPN checks the audit replies of all ATNs, if the number of tickets passing the audit exceeds 51%, the block is considered to be successfully generated, the RPN integrates the data block together with the public key set of the ATNs of the audit node and the corresponding digital signature and sends the integrated data block to all nodes, all the nodes update data, and then the data block is stored in a alliance chain in time sequence, the value represents that the nodes and the nodes participating in the audit all obtain the reward of credit points, and the process is specifically expressed as follows:
RPN→All:
Figure BDA0001790531730000143
the invention adopts an improved DPOS consensus mechanism to carry out block consensus, and improves the original DPOS adopting a share authorization certification mechanism into a DPOS consensus mechanism aiming at the medical field. The medical institutions selected by the invention have influence and authority in ranking, and the reliability of data sharing is ensured.
Example 7
The overall structure of the model for safe storage and sharing of electronic medical records based on the blockchain is the same as that in embodiments 1 to 6, and the access authority authentication of the blockchain in the step (5a) specifically comprises the following steps:
(5a1) a node N initiates a medical data sharing request transaction Req to a block chain, wherein the request contains a public key PK of the node NNObject account IDpatData access destination obj, access content MiAnd the time t, when the node N identity is checked by the value node, the transaction information is recorded into the block chain after the verification is passed, and the process is specifically expressed as follows:
N→RPN:Req=(PKN||IDpat‖obj‖Mi‖t),
note that: here MiM representing node N requesting access to patient onlyiData, if part of the data is accessed, is represented as (M)i1,2, …), denoted by M if a node wants to access all the data for that patient.
(5a2) Executing an intelligent contract: the intelligent contract is automatically executed, whether preset access conditions of patients are met is judged according to the identity information of the node N, and if the preset access conditions are met, the patient ID for the intelligent contract is triggeredpatThe provided private key decrypts the metadata and returns it to the secret that encrypted the metadata using the public key of node NText information:
Figure BDA0001790531730000151
(5a3) extracting data storage positions: after receiving the ciphertext information, the node N decrypts the ciphertext information by using the private key thereof to obtain the MetadataiAnd extracting the storage location urls thereiniAnd cloud removing, storing and searching the required original data.
According to the block chain access authority authentication method, the block chain access authority authentication, namely the data sharing authority, is predefined in an intelligent contract by a data owner, and only a user or an organization (a doctor, a nurse, a patient or a medical organization) authorized by the data owner can access data, so that the protection of the data owner on the medical privacy of the owner and the control of the data access authority are effectively guaranteed.
Example 8
The overall structure of the block chain-based electronic medical record secure storage and sharing model is the same as that in embodiments 1 to 7, and the specific implementation steps of the process of encrypting and storing the medical data and the corresponding intercepted signature to the cloud storage by the data owner in the step (3d) are as follows:
(3d1) user randomly generating document key Kpat
(3d2) Running a symmetric encryption algorithm E, and using a secret key K for the subdata number i epsilon CI (MpatEncryption (M)i‖hiII) t), wherein t is a time stamp, and the sub-data ciphertext is obtained
Figure BDA0001790531730000152
(3d3) Running symmetric encryption algorithm E, K is encrypted using master key UMKpatObtain a key ciphertext EUMK(Kpat)。
(3d4) Cipher text of data
Figure BDA0001790531730000153
The signature delta can be interceptedExtAnd key ciphertext EUMK(Kpat) By medical data categoryUploading the data to cloud storage, and returning the data to a storage position urls and a time stamp t corresponding to the patient, wherein the two form Metadatai(t | urls), that is, the data uploaded by the user to the cloud storage is:
Figure BDA0001790531730000161
the invention uses the symmetric encryption algorithm and the asymmetric encryption algorithm, and can effectively ensure that the medical data is safely protected in the storage process.
Example 9
The overall structure of the model for safe storage and sharing of the electronic medical record based on the blockchain is the same as that of the embodiment 1-8, and the specific steps of sharing the medical data in the cloud storage in the step (5b) are as follows:
(5b1) data consumers passing through storage locations urlsiRetrieve
Figure BDA0001790531730000162
EUMK(Kpat)、δExt
(5b2) The data consumer runs symmetric algorithm E, decrypts E using master key UMKUMK(Kpat) To solve the encryption key Kpat
(5b3) The data consumer runs a symmetric algorithm E, using a secret key KpatDecryption
Figure BDA0001790531730000163
Obtaining raw medical data (M)i‖hiT) and truncated signature δExt
The invention uses the symmetric encryption algorithm, and can effectively ensure that the medical data is safely protected in the reading process.
Example 10
The overall structure of the model for safe storage and sharing of electronic medical record based on block chain is the same as that of the embodiment 1-9, and the signature delta for verifying the data user in the step (5c)ExtTo ensure the required raw medical data MiThe specific steps of effectiveness and completeness are as follows:
(5c1) The verifier verifies first
Figure BDA0001790531730000164
If yes, executing the following steps, otherwise, returning failure, and indicating the medical data MiThe effectiveness and integrity of the system is compromised.
(5c2) For each medical subdata sequence number i belongs to CI (M'), h is calculatedi=H(MiIiiiiiiii) of CEAS by verifying
Figure BDA0001790531730000165
If true, to verify the truncated signature deltaExtThe correctness of the operation.
The invention uses the digital signature, and can effectively verify the validity and the integrity of the read medical data.
Embodiments and effects of the present invention will be further described below with reference to the accompanying drawings.
Example 11
The overall construction of the model for secure storage and sharing of electronic medical records based on blockchains is the same as in examples 1-10,
referring to fig. 1, the implementation steps of the invention are as follows:
step 1, system initialization: the certificate authority CA is responsible for issuing certificates for each new user, including an account ID, a public and private key pair (PK, SK). When a patient is seen in a hospital or examined in a medical institution such as a hospital, a doctor generates medical data such as an electronic medical record and an examination report containing personal information of the patient for the patient, classifies the medical data according to the medical data, and refines the medical data into M ═ name, gender, age, identification number, medical history, physical examination or laboratory sheet and medical prescription }, wherein the medical data are divided into 7 types, namely n is 7 and M is { M ═ 7 in the example1,m2,m3,m4,m5,m6,m7}。
The invention adopts the existing signature algorithm capable of intercepting to design the signature, and a data creator executes the following operations: key generation algorithm GK: let p be one such that in a multiplication loop groupZpThe prime numbers that are difficult to handle by the discrete logarithm problem,
Figure BDA0001790531730000171
is a primitive element. Randomly selecting integers
Figure BDA0001790531730000172
Calculating v ═ ga(mod p), the public key PK of the signerdocPrivate key SK { p, g, v }, anddoc=a。
step 2, data acquisition: the data creator performs the revisable signature after dividing the data M into 7 segments.
Referring to fig. 2, the data acquisition is specifically implemented as follows:
(2a) randomly selecting an integer
Figure BDA0001790531730000173
Calculating r ═ gk(mod p)。
(2b) For each subdata M of the original data MiCalculating a hash value hi=H(Mi‖CEAS‖T‖i),1≤i≤7。
(2c) Calculate the subdata MiSignature of δi=(hi-ar)k-1mod(p-1),1≤i≤7。
(2d) Global signature delta of output data MFull=(CEAS‖T‖δ1‖δ2‖…‖δ7)。
And 3, data storage: and the data owner generates a revised signature and stores the revised signature and the original data ciphertext into the cloud. After receiving the medical data sent by the doctor, the patient uses the private key SKpatEncryption key K for decrypting medical datadocThen, the original medical data M is decryptediFirst, the global signature δ is verifiedFullThe correctness of (2):
referring to fig. 3, the specific implementation steps of the signature verification of the received data are as follows:
(3a) for each sub-data M of the data MiCalculate hi=H(MiII | T | i) of CEAS, wherein 1 ≦ i ≦ 7.
(3b) From global signatures δFullTo obtain deltaiAnd verify
Figure BDA0001790531730000174
Whether or not the above-mentioned conditions are satisfied,
namely, it is
Figure BDA0001790531730000175
If signature deltaFullIf the verification is passed, the following steps are executed, otherwise, failure is returned.
(3c) The patient intercepts the signature of the corresponding subdata according to CEAS specified by the doctor and the will of the patient.
Referring to fig. 4, the specific implementation steps of the data interception signature process are as follows:
(3c1) the interception subset CI (M') is constructed according to the CEAS specified by the physician.
(3c2) Generating an intercepted sub data set M '{ M ═ according to the intercepted subset CI (M')i|i∈CI(M′)}。
(3c3) For each i ∈ CI (M'), from δFullTo take out deltai
(3c4) Generating a truncated signature deltaExt=(CEAS‖CI(M′)‖T‖δ1‖δ2‖…‖δf) Wherein δiAnd (i ═ 1,2, …, f) is the signature of the corresponding child data in CI (M').
(3d) And the data owner encrypts and stores the intercepted medical data and the corresponding intercepted signature into a cloud storage, respectively stores the medical data and the corresponding intercepted signature into corresponding folders according to categories, and adopts a basic ciphertext access control scheme (BCAC).
Referring to fig. 5, the specific implementation steps of data storage are as follows:
(3d1) user randomly generating document key Kpat
(3d2) Running a symmetric encryption algorithm E, and using a secret key K for the subdata number i epsilon CI (MpatEncryption (M)i‖hiIit), where t is the time stamp, resulting in the ciphertext
Figure BDA0001790531730000181
(3d3) Running symmetric encryption algorithm E, K is encrypted using master key UMKpatObtain the ciphertext EUMK(Kpat)。
(3d4) Will be provided with
Figure BDA0001790531730000182
δExt,EUMK(Kpat) Sequentially uploading the medical data to cloud storage according to the medical data category, returning the medical data to a corresponding storage position urls and a time stamp t of a patient, and forming Metadatai═ t (urls |). Namely, the data uploaded to the cloud storage by the user is as follows:
Figure BDA0001790531730000183
and 4, data release: after the intercepted medical data is stored in the cloud storage by the patient, in order to realize the sharing of the medical data, the patient only needs to store the metadata, the hash value and the signature into the union block chain, and set the access right by using the intelligent contract.
(4a) The patient adopts a unique IDpat(independent of privacy of personal identity) is registered and logged on the blockchain.
(4b) For the subdata number i e CI (M'), the patient uses his own private key SKpatFor MetadataiHash value of the original data hiAnd performing common digital signature with the timestamp t to obtain
Figure BDA0001790531730000184
(4c) The medical record is requested to be stored in the blockchain. Issuing a request:
Figure BDA0001790531730000185
(4d) the present invention adopts an improved DPOS consensus mechanism to carry out block consensus, and the specific steps are as follows:
(4d1) when the value represents the node RPN, each transaction is verified, and all the collected effective data in the period is integrated into a data set (denoted as M)setAnd { Req | t }), the new data block is formed by attaching the digital signature of the new data block and the hash value of the new data block, and the newly generated data block is broadcasted to other auditing nodes ATNs to be verified. The above process is specifically described as follows:
RPN→ATNs:
Figure BDA0001790531730000191
(4d2) after each ATN receives the data block, the validity and the correctness of the data block are verified through information such as the block hash value, the digital signature and the like sent by the RPN, the audit Result (Result) of the ATN is attached to the digital signature of the ATN, and the audit Result (Result) is encrypted by the public key of the RPN and then is sent to the current value representative node as a Reply (Reply). The above process is specifically described as follows:
ATNs→RPN:
Figure BDA0001790531730000192
(4d3) and the RPN checks the audit replies of all ATNs, and if the number of tickets passing the audit exceeds 51%, the block generation is considered to be successful. And the RPN integrates the data block with the public key set of the ATNs of the audit node and the corresponding digital signature and sends the integrated data block to all nodes, and all nodes update data. Thereafter, the data blocks will be stored in the federation chain in chronological order, with the value representing the reward that both the node and the node participating in the audit will receive credit. The above process is specifically described as follows:
RPN→All:
Figure BDA0001790531730000193
step 5, data sharing: the data user submits an access application to the blockchain, and the public key, the access object, the access destination and other information of the data user are provided. Utilizing urls based on CP-ABE access controliThe EMRs are obtained and passedThe hash value and signature verify the integrity and validity of the original data. The process comprises the following steps:
(5a) blockchain access rights authentication (CP-ABE access control):
(5a1) a node N initiates a medical data sharing request transaction Req to a block chain, wherein the request contains a public key PK of the node NNAccess object account IDpatData access destination obj, access content MiAnd the time t, when the node N identity is checked by the value node, the transaction information is recorded into the block chain after the verification is passed. The above process is specifically described as follows:
N→RPN:Req=(PKN||IDpat||Metadatai||Mi||t)
note that: here MiM representing node N requesting access to patient onlyiData; if part of the data is accessed, the data is expressed as (M)i1,2, …); if the node wants to access all the data of the patient, it is denoted by M.
(5a2) Executing an intelligent contract: the intelligent contract is automatically executed, whether preset access conditions of patients are met is judged according to the identity information of the node N, and if the preset access conditions are met, the patient ID for the intelligent contract is triggeredpatThe provided private key decrypts the metadata and returns to the ciphertext information that encrypted the metadata using the public key of node N:
Figure BDA0001790531730000194
(5a3) extracting data storage positions: after receiving the ciphertext information, the node N decrypts the ciphertext information by using the private key thereof to obtain MetadataiAnd extracting the storage location urls thereiniAnd cloud removing, storing and searching the required original data.
(5b) Medical data sharing in cloud storage:
(5b1) by storing the locations urlsiRetrieve
Figure BDA0001790531730000201
EUMK(Kpat)、δExt
(5b2) Running symmetric algorithm E, decrypting E using master key UMKUMK(Kpat) To solve the encryption key Kpat
(5b3) Running symmetric algorithm E, using secret key KpatDecryption
Figure BDA0001790531730000202
Obtaining raw medical data (M)i‖hiT) and truncated signature δExt
(5c) Data user verification signature deltaExtTo ensure the required raw medical data MiEffectiveness and integrity of (c):
(5c1) the verifier verifies first
Figure BDA0001790531730000203
And if so, executing the following steps, otherwise, returning to failure.
(5c2) For each i ∈ CI (M'), calculate hi=H(MiIiiiiiiii) of CEAS by verifying
Figure BDA0001790531730000204
Figure BDA0001790531730000205
If true, to verify the truncated signature deltaExtThe correctness of the operation.
If the intercepted signature is verified, indicating that the original medical data has not been tampered with, the user may perform his specific access operation. If the verification fails, the user may notify the cloud storage manager of the message for processing.
In summary, the model and the method for safely storing and sharing the electronic medical record based on the blockchain disclosed by the invention mainly solve the problems that the patient can control the access authority of the personal medical data and the sensitive medical data can not be safely stored and shared at the present stage. The model comprises a data creator, a data owner, cloud storage, a block chain of alliances and a data user, wherein the block chain is a control center. The scheme comprises the following steps: 1) initializing a system: the CA authority is responsible for issuing certificates for each new user, including account ID, public and private key pair (PK, SK); 2) data acquisition: the data creator divides the data M into n segments, then executes the revisable signature and sends the signature and the original EMRs to the data owner; 3) data storage: the data owner generates a revised signature and stores the revised signature and the original data ciphertext into the cloud; 4) data release: the data owner uploads information such as index ciphertext, a hash value, a signature and the like to obtain an effective block after the linkage block chain is approved; 5) data sharing: the data user submits an access application to the blockchain, and the public key, the access object, the access destination and other information of the data user are provided. And after the verification is passed, based on block chain access authority authentication, obtaining an access link of the medical data and reading the medical data at the cloud end. And verifies the integrity and validity of the original data by the hash value and the signature. The invention meets basic security requirements, reliability, privacy protection and secure storage capability, combines the cloud storage technology and the interceptable signature, realizes the secure and effective shared access of data by setting the sharing conditions through the intelligent contract by the user in the block chain of the alliance, and has strong practicability.

Claims (7)

1.一种基于区块链的电子医疗记录安全存储和共享的方法,其特征在于,包括有如下步骤:1. a method for the safe storage and sharing of electronic medical records based on block chain, is characterized in that, comprises the following steps: (1)初始化:联盟区块链中的证书颁发机构CA负责为每个新用户颁发证书,证书包括账户ID,公私钥对(PK,SK);病人个人信息的电子病历、检查报告医疗数据,按照医疗数据分类,细化医疗数据为M={姓名,性别,年龄,身份证号码,病史,体检或化验单,医药处方},记为M={m1,m2,m3,m4,m5,m6,m7};(1) Initialization: The certificate authority CA in the alliance blockchain is responsible for issuing certificates for each new user. The certificates include account ID, public and private key pairs (PK, SK); electronic medical records of patients’ personal information, medical data of inspection reports, According to the classification of medical data, the refined medical data is M={name, gender, age, ID number, medical history, physical examination or laboratory test list, medical prescription}, denoted as M={m 1 , m 2 , m 3 , m 4 , m 5 , m 6 , m 7 }; (2)数据获取:数据创建者将数据M划分为n段后执行可修订签名并将签名和原始EMRs发给数据所有者:(2) Data acquisition: The data creator divides the data M into n segments, executes a revised signature and sends the signature and original EMRs to the data owner: (2a)将病人的电子医疗数据M划分为n段,即:M={Mi|i=1,2,…,n};(2a) Divide the patient's electronic medical data M into n segments, namely: M={M i |i=1, 2, . . . , n}; (2b)随机选取一个整数
Figure FDA0003163313140000011
计算r=gk(mod p);(2b) randomly select an integer
Figure FDA0003163313140000011
Calculate r = g k (mod p); (2c)对原始数据M的每个子数据Mi,求哈希值hi=H(Mi||CEAS||T||i),1≤i≤7,其中CEAS为可截取签名的截取规则,T为CEAS标记;(2c) For each sub-data M i of the original data M, calculate the hash value h i =H(M i ||CEAS||T||i), 1≤i≤7, where CEAS is the interception of the interceptable signature rules, T is the CEAS mark; (2d)计算子数据Mi的签名,δi=(hi-ar)k-1mod(p-1),1≤i≤7;(2d) Calculate the signature of the sub-data Mi, δ i =( hi -ar) k -1 mod(p-1), 1≤i≤7; (2e)输出数据M的全局签名δFull=(CEAS||T||δ1||δ2||…||δ7);(2e) Global signature of output data M δ Full = (CEAS||T||δ 1 ||δ 2 ||…||δ 7 ); (2f)数据创建者将原始医疗数据Mi、哈希值hi、全局签名δFull、CEAS以及标记T级联后用医生的对称密钥加密,再将加密密钥Kdoc用病人的公钥PKpat加密后一起发送给病人,即:(2f) The data creator concatenates the original medical data M i , hash value hi , global signature δ Full , CEAS and tag T and encrypts it with the doctor's symmetric key, and then encrypts the encryption key K doc with the patient's public key The key PK pat is encrypted and sent to the patient together, namely:
Figure FDA0003163313140000012
Figure FDA0003163313140000012
 (3)采用截取签名的数据存储:数据所有者收到医生发来的医疗数据后,用自己的私钥SKpat解密出医疗数据的加密密钥Kdoc,然后解密出原始医疗数据Mi,其次验证全局签名δFull的正确性,若正确,数据所有者将生成截取签名并将截取签名、原始数据的密文存入云端,其步骤如下:(3) Data storage using intercepted signature: After the data owner receives the medical data sent by the doctor, he decrypts the encryption key K doc of the medical data with his private key SK pat , and then decrypts the original medical data Mi , Next, verify the correctness of the global signature δ Full . If it is correct, the data owner will generate the intercepted signature and store the intercepted signature and the ciphertext of the original data in the cloud. The steps are as follows: (3a)对数据M的每个子数据Mi,计算hi=H(Mi||CEAS||T||i),其中1≤i≤7;(3a) For each sub-data M i of the data M, calculate h i =H(M i ||CEAS||T||i), where 1≤i≤7; (3b)从全局签名δFull中得到δi并验证
Figure FDA0003163313140000013
是否成立,(3b) Obtain δ i from the global signature δ Full and verify
Figure FDA0003163313140000013
is it established,
Figure FDA0003163313140000014
若签名δFull验证通过,则执行下面的步骤,否则返回失败;which is
Figure FDA0003163313140000014
If the signature δ Full verification is passed, perform the following steps, otherwise return failure; (3c)病人按照医生规定的CEAS和自己的意愿,截取相应子数据的签名;(3c) The patient intercepts the signature of the corresponding sub-data according to the CEAS prescribed by the doctor and his own wishes; (3d)数据所有者将截取后的医疗数据和对应的截取签名加密存放到云存储中;(3d) The data owner encrypts and stores the intercepted medical data and the corresponding intercepted signature in cloud storage; (4)采用改进的DPOS共识机制的数据发布:病人将医疗数据存放在云存储后,病人须将元数据、哈希值和签名存放于联盟区块链,并利用智能合约设置访问权限,其步骤如下:(4) Data release using the improved DPOS consensus mechanism: After the patient stores medical data in cloud storage, the patient must store the metadata, hash value and signature in the consortium blockchain, and use smart contracts to set access rights, which Proceed as follows: (4a)病人采用自己独一无二的身份账号IDpat在区块链上注册并登录;(4a) The patient uses his unique identity account ID pat to register and log in on the blockchain; (4b)对于子数据编号i∈CI(M′),患者用自己的私钥SKpat对元数据Metadatai,原始数据哈希值hi和时间戳t进行普通数字签名,得到
Figure FDA0003163313140000021
(4b) For the sub-data number i∈CI(M′), the patient uses his own private key SK pat to perform an ordinary digital signature on the metadata Metadata i , the original data hash value hi and the timestamp t, and obtain
Figure FDA0003163313140000021
 (4c)请求将该医疗记录存储在区块链,发布请求:(4c) To request that the medical record be stored on the blockchain, issue the request:
Figure FDA0003163313140000022
Figure FDA0003163313140000022
 (4d)区块链网络中的当值代表节点接受交易请求并负责生成有效区块,用改进的DPOS共识机制进行区块共识;(4d) The on-duty representative node in the blockchain network accepts transaction requests and is responsible for generating valid blocks, and uses the improved DPOS consensus mechanism for block consensus; (5)基于智能合约的数据共享:数据使用者向区块链提交访问申请,需提供自己的公钥,访问对象,访问目的信息,基于CP-ABE访问控制,利用urlsi即可获取EMRs,并且通过哈希值和签名验证原始数据的完整性和有效性,该过程有以下步骤:(5) Data sharing based on smart contracts: When data users submit access applications to the blockchain, they need to provide their own public keys, access objects, and access purpose information. Based on CP-ABE access control, EMRs can be obtained by using urls i . And verify the integrity and validity of the original data through hash value and signature, the process has the following steps: (5a)CP-ABE访问控制;(5a) CP-ABE access control; (5b)云存储中的医疗数据共享;(5b) Medical data sharing in cloud storage; (5c)数据使用者验证签名δExt以确保所需原始医疗数据Mi的有效性和完整性;(5c) The data user verifies the signature δ Ext to ensure the validity and integrity of the required original medical data Mi ; 如果截取签名验证通过,则表明原始医疗数据未被篡改,该用户可进行访问操作,获得共享数据,如果验证未通过,用户将此消息通知云存储管理者进行处理。If the intercepted signature is verified, it indicates that the original medical data has not been tampered with, and the user can perform access operations to obtain the shared data. If the verification fails, the user will notify the cloud storage administrator of this message for processing. 2.根据权利要求1所述的基于区块链的电子医疗记录安全存储和共享的方法,其中步骤(3c)中病人按照医生规定的CEAS和自己的意愿,截取相应子数据的签名,按照以下步骤进行:2. The method for the safe storage and sharing of electronic medical records based on block chain according to claim 1, wherein in step (3c), the patient intercepts the signature of the corresponding sub-data according to the CEAS prescribed by the doctor and his own will, according to the following: Steps to proceed: (3c1)根据医生指定的CEAS构造截取子集CI(M′);(3c1) Construct the intercepted subset CI(M′) according to the CEAS specified by the doctor; (3c2)根据截取子集CI(M′),生成截取子数据集M′={Mi|i∈CI(M′)};(3c2) According to the intercepted subset CI(M'), generate the intercepted sub-data set M'={M i |i∈CI(M')}; (3c3)对每个i∈CI(M′),从δFull中取出δi(3c3) For each i∈CI(M′), extract δ i from δ Full ; (3c4)生成截取签名δExt=(CEAS||CI(M′)||T||δ1||δ2||…||δf),其中δi(i=1,2,…,f)为CI(M′)中对应子数据的签名。(3c4) Generate truncated signature δ Ext =(CEAS||CI(M′)||T||δ 1 ||δ 2 ||…||δ f ), where δ i (i=1, 2,…, f) is the signature of the corresponding sub-data in CI(M'). 3.根据权利要求1所述的基于区块链的电子医疗记录安全存储和共享的方法,其中步骤(4d)中采用改进的DPOS共识机制进行区块共识,具体步骤如下:3. The method for safe storage and sharing of electronic medical records based on block chain according to claim 1, wherein in step (4d), an improved DPOS consensus mechanism is adopted to carry out block consensus, and the specific steps are as follows: (4d1)当值代表节点RPN验证每笔交易,并把这段时间内所有收集到的有效数据整合成数据集合,该数据集合表示为Mset={Req||t},再附上自己的数字签名和新数据区块的哈希值构成新数据块,并向其他审计节点ATNs广播新生成的数据区块以待验证,上述过程具体表述如下:(4d1) When the value represents the node RPN to verify each transaction, and integrate all the valid data collected during this period into a data set, the data set is expressed as M set = {Req||t}, and then attach its own The digital signature and the hash value of the new data block form a new data block, and broadcast the newly generated data block to other audit nodes ATNs for verification. The above process is specifically described as follows:
Figure FDA0003163313140000031
Figure FDA0003163313140000031
 (4d2)每个ATN收到数据区块后,通过RPN发送过来的区块哈希值和数字签名信息验证数据区块的合法性和正确性,并把它的审计结果附上自己的数字签名并用RPN的公钥加密后作为回复发送给当值代表节点,上述过程具体表述如下:(4d2) After each ATN receives the data block, it verifies the legitimacy and correctness of the data block through the block hash value and digital signature information sent by the RPN, and attaches its own digital signature to the audit result. It is encrypted with the public key of the RPN and sent as a reply to the current value representative node. The above process is specifically described as follows:
Figure FDA0003163313140000032
Figure FDA0003163313140000032
 (4d3)RPN查看所有ATNs的审计回复,若审计通过的票数超过51%则认为区块生成成功,RPN将把数据区块连同审计节点ATNs的公钥集合和对应的数字签名整合后发送给所有节点,所有节点更新数据,此后,该数据区块将以时间先后顺序存储在联盟链中,该当值代表节点和参与审计的节点都将获得信用积分的奖励,上述过程具体表述如下:(4d3) RPN checks the audit responses of all ATNs. If the number of audited votes exceeds 51%, the block generation is considered successful. RPN will integrate the data block together with the public key set of the audit node ATNs and the corresponding digital signature and send it to all Node, all nodes update data, after that, the data block will be stored in the alliance chain in chronological order, the representative node and the node participating in the audit will be rewarded with credit points. The above process is specifically described as follows:
Figure FDA0003163313140000033
Figure FDA0003163313140000033
 4.根据权利要求1所述的基于区块链的电子医疗记录安全存储和共享的方法,其中步骤(5a)中区块链访问权限认证具体步骤如下:4. The method for safe storage and sharing of electronic medical records based on block chain according to claim 1, wherein the specific steps of block chain access authority authentication in step (5a) are as follows: (5a1)共享访问请求:节点N向区块链发起医疗数据共享请求交易Req,请求中包含自己的公钥PKN对象账号IDpat、数据访问目的obj、访问内容Mi、时间t 信息,当值节点查验节点N身份,验证通过后把交易信息记入区块链,上述过程具体表述如下:(5a1) Shared access request: Node N initiates a medical data sharing request transaction Req to the blockchain. The request contains its own public key PK N object account ID pat , data access purpose obj , access content Mi , and time t information. The value node checks the identity of node N, and records the transaction information into the blockchain after the verification is passed. The above process is specifically described as follows: N→RPN:Req=(PKN||IDpat||obj||Mi||t),N→RPN: Req=(PK N ||ID pat ||obj||M i ||t), 注释:此处Mi表示节点N只请求访问病人的Mi数据,i=1,2,…,若访问部分数据,则表示为Mi,若节点想要访问该患者的全部数据,则用M表示;Note: Here Mi means that node N only requests to access the patient's Mi data, i =1, 2, . M means; (5a2)智能合约执行:智能合约自动执行,根据节点N的身份信息来判断是否满足病人预先设定好的访问条件,如果满足,则触发智能合约用患者IDpat提供的私钥将元数据解密,并返回给使用节点N的公钥对元数据加密的密文信息:(5a2) Smart contract execution: The smart contract is automatically executed, according to the identity information of node N to determine whether the patient's pre-set access conditions are met, if so, the smart contract is triggered to decrypt the metadata with the private key provided by the patient ID pat , and returns the ciphertext information encrypted with the metadata of node N's public key:
Figure FDA0003163313140000041
Figure FDA0003163313140000041
 (5a3)读取数据存储位置:节点N收到密文信息后,使用自己的私钥解密,得到元数据Metadatai,并提取其中的存储位置urlsi,去云存储查找所需的原始数据。(5a3) Read the data storage location: After node N receives the ciphertext information, it decrypts with its own private key to obtain metadata Metadata i , and extracts the storage location urls i in it, and goes to cloud storage to find the required original data. 5.一种基于区块链的电子医疗记录安全存储和共享系统,根据权利要求1-4所述的任一基于区块链的电子医疗记录安全存储和共享的方法而实现,其特征在于,包括有数据创建者、数据所有者、云存储、联盟区块链及数据使用者,数据创建者首先将病人的电子医疗记录发给数据所有者;数据所有者根据可截取规则截取数据后,经加密后存入云端;数据所有者将存入云端的医疗数据的引用发布于联盟区块链中,并利用智能合约设置访问权限;数据使用者得到联盟区块链的访问申请通过后,在云存储中解密后得到想要访问的数据;5. A block chain-based electronic medical record safe storage and sharing system, realized according to the method for any block chain-based electronic medical record safe storage and sharing of claims 1-4, characterized in that, Including data creators, data owners, cloud storage, alliance blockchain and data users, the data creators first send the patient's electronic medical records to the data owners; after the data owners intercept the data according to the interceptable rules, the After encryption, it is stored in the cloud; the data owner publishes the reference of the medical data stored in the cloud in the consortium blockchain, and uses smart contracts to set access rights; after the data user obtains the access application from the consortium blockchain, the data is stored in the cloud. After decryption in storage, the data you want to access is obtained; 数据创建者是医疗机构或者医生,数据所有者是病人,数据使用者是医生或医疗机构或者研究所或其他想要获取数据者。Data creators are medical institutions or doctors, data owners are patients, and data users are doctors or medical institutions or research institutes or others who want to obtain data. 6.根据权利要求5所述的基于区块链的电子医疗记录安全存储和共享系统,其特征在于,所述联盟区块链是整个模型的控制中心,其中的证书颁发机构CA负责为每个新用户颁发证书,新用户或为数据创建者或为数据所有者,证书包括账户ID,公私钥对(PK,SK),数据所有者采用自己独一无二的身份账号在联盟区块链上注册并登录;由于联盟区块链的存储容量受限制,只保留对数据在云存储中的引用;采用改进的DPOS共识机制进行区块共识,联盟区块链中的当值代表节点接受交易请求并负责生成有效区块;利用智能合约设置访问权限;基于CP-ABE访问控制,数据使用者想要利用urlsi获取EMRs时须向联盟区块链提交访问申请,访问申请中包括自己的公钥,访问对象,访问目的信息,并且通过哈希值和签名验证原始数据的完整性和有效性。6. The blockchain-based electronic medical record security storage and sharing system according to claim 5, wherein the consortium blockchain is the control center of the entire model, and the certificate authority CA is responsible for each The new user issues a certificate. The new user is either the data creator or the data owner. The certificate includes account ID, public and private key pair (PK, SK). The data owner uses his unique identity account to register and log in on the alliance blockchain ;Due to the limited storage capacity of the consortium blockchain, only the reference to the data in cloud storage is retained; the improved DPOS consensus mechanism is used for block consensus, and the current representative node in the consortium blockchain accepts transaction requests and is responsible for generating Valid blocks; use smart contracts to set access rights; based on CP-ABE access control, when data users want to use urls i to obtain EMRs, they must submit an access application to the alliance blockchain, and the access application includes their own public key, access object , access purpose information, and verify the integrity and validity of the original data through hash values and signatures. 7.根据权利要求5所述的基于区块链的电子医疗记录安全存储和共享系统,其特征在于,联盟区块链上所有的病历数据的引用都将含有不同的时间戳和加密密钥。7. The blockchain-based electronic medical record secure storage and sharing system according to claim 5, characterized in that, all references to medical record data on the consortium blockchain will contain different time stamps and encryption keys.
CN201811034508.8A 2018-09-06 2018-09-06 Model and method for storing and sharing electronic medical record based on block chain Active CN109326337B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811034508.8A CN109326337B (en) 2018-09-06 2018-09-06 Model and method for storing and sharing electronic medical record based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811034508.8A CN109326337B (en) 2018-09-06 2018-09-06 Model and method for storing and sharing electronic medical record based on block chain

Publications (2)

Publication Number Publication Date
CN109326337A CN109326337A (en) 2019-02-12
CN109326337B true CN109326337B (en) 2021-09-03

Family

ID=65264739

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811034508.8A Active CN109326337B (en) 2018-09-06 2018-09-06 Model and method for storing and sharing electronic medical record based on block chain

Country Status (1)

Country Link
CN (1) CN109326337B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230090453A1 (en) * 2020-10-30 2023-03-23 KnowBe4, Inc. Systems and methods for determination of level of security to apply to a group before display of user data

Families Citing this family (140)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210375409A1 (en) * 2018-10-19 2021-12-02 Longenesis Ltd. Systems and methods for blockchain-based health data validation and access management
CN110010213A (en) * 2019-02-18 2019-07-12 深圳壹账通智能科技有限公司 Electronic health record storage method, system, device, equipment and readable storage medium storing program for executing
CN110022216B (en) * 2019-02-18 2022-02-01 西安链融科技有限公司 Efficient asynchronous Byzantine consensus method with low communication complexity and network communication platform
CN109743406A (en) * 2019-02-26 2019-05-10 北京工业大学 A blockchain-based trusted data service model for the Internet of Things
CN109768987B (en) * 2019-02-26 2022-01-28 重庆邮电大学 Block chain-based data file safe and private storage and sharing method
CN109768867A (en) * 2019-03-08 2019-05-17 上海一健事信息科技有限公司 A method of the data access control based on block chain technology
SG10201902395SA (en) * 2019-03-18 2019-11-28 Qrypted Tech Pte Ltd Method and system for a secure transaction
CN109934012A (en) * 2019-03-20 2019-06-25 福建师范大学 Secure storage and access method of medical records based on blockchain network
CA3058238C (en) 2019-03-21 2021-03-02 Alibaba Group Holding Limited Data isolation in blockchain networks
CN110049016B (en) * 2019-03-21 2022-02-18 深圳壹账通智能科技有限公司 Data query method, device, system, equipment and storage medium of block chain
CN109948367B (en) * 2019-03-27 2022-12-06 南京星链高科技发展有限公司 Medical data authorization method based on block chain technology
SG11201908982QA (en) 2019-03-29 2019-10-30 Alibaba Group Holding Ltd Managing sensitive data elements in a blockchain network
CN110071966B (en) * 2019-03-29 2022-01-04 广州中国科学院软件应用技术研究所 Block chain networking and data processing method based on cloud platform
CN110148475B (en) * 2019-04-03 2023-10-27 平安科技(深圳)有限公司 Medical information sharing method and device, readable storage medium and server
CN110059280A (en) * 2019-04-04 2019-07-26 中山大学 A kind of information issuing method based on block chain
WO2020206695A1 (en) * 2019-04-12 2020-10-15 Hangzhou Nuowei Information Technology Co., Ltd. System for decentralized ownership and secure sharing of personalized health data
CN110083604B (en) * 2019-04-17 2021-10-08 上海脆皮网络科技有限公司 Data right confirming method and device
CN111508575A (en) * 2019-04-19 2020-08-07 中国医学科学院阜外医院 A medical system integrating big data
CN110097935A (en) * 2019-04-24 2019-08-06 杭州宇链科技有限公司 A kind of medical rescue platform based on block chain
CN110084071A (en) * 2019-04-24 2019-08-02 苏州国利岳康软件科技有限公司 Physical examination secure storage method of data based on block chain
US11009859B2 (en) * 2019-05-06 2021-05-18 Fisher-Rosemount Systems, Inc. Framework for privacy-preserving big-data sharing using distributed ledger
CN110233828B (en) * 2019-05-14 2022-01-04 深圳市科迈爱康科技有限公司 Mobile office method and device based on block chain
EP3659149A4 (en) * 2019-05-21 2020-09-16 Alibaba Group Holding Limited METHODS AND DEVICES FOR STORING AND PROCESSING AN ELECTRONIC MEDICAL RECORDING ON A BLOCKCHAIN
CN110222518B (en) * 2019-05-30 2021-09-17 北京工业大学 Trusted authority access control method based on block chain
CN110166476B (en) * 2019-05-30 2021-09-17 中国联合网络通信集团有限公司 Anti-brute force cracking method and device
CN110299195B (en) * 2019-06-11 2023-05-30 中国矿业大学 Electronic medical record sharing system with privacy protection based on alliance chain and application method
CN110197084B (en) * 2019-06-12 2021-07-30 上海联息生物科技有限公司 Medical data joint learning system and method based on trusted computing and privacy protection
CN110400642A (en) * 2019-06-12 2019-11-01 梁胤豪 A kind of medical data shared system and design method based on block chain technology
CN110321721B (en) * 2019-07-02 2021-03-30 石家庄铁道大学 Blockchain-based electronic medical record access control method
CN110489430B (en) * 2019-07-03 2020-07-17 特斯联(北京)科技有限公司 Tracing method and system based on data block signature and verification
CN110445840B (en) * 2019-07-09 2020-07-03 北京健网未来科技有限公司 File storage and reading method based on block chain technology
CN110417750B (en) * 2019-07-09 2020-07-03 北京健网未来科技有限公司 Block chain technology-based file reading and storing method, terminal device and storage medium
CN111835762A (en) * 2019-07-11 2020-10-27 中国医学科学院阜外医院 A Hardware System Based on Asymmetric Key Algorithm
CN111863168A (en) * 2019-07-11 2020-10-30 中国医学科学院阜外医院 A hardware system with exchange protocol
CN110322940B (en) * 2019-07-15 2023-06-27 山东浪潮智慧医疗科技有限公司 Access authorization method and system for medical data sharing
CN110414203B (en) * 2019-07-26 2022-06-17 郑州大学 An Internet medical identity authentication method based on blockchain technology
CN110457958A (en) * 2019-08-22 2019-11-15 重庆华医康道科技有限公司 A kind of sharing method and its system of doctors and patients' Dynamic data exchange management based on block chain
US11126752B2 (en) 2019-09-04 2021-09-21 Fresenius Medical Care Holdings, Inc. Authentication of medical device computing systems by using metadata signature
CN110602089B (en) * 2019-09-11 2021-08-10 腾讯科技(深圳)有限公司 Block chain-based medical data storage method, device, equipment and storage medium
CN111049902B (en) * 2019-09-16 2021-08-13 腾讯科技(深圳)有限公司 Data storage method, device, storage medium and equipment based on block chain network
CN110600096B (en) * 2019-09-16 2023-06-30 上海保险交易所股份有限公司 Medical data management method and system and computer storage medium
CN110598435B (en) * 2019-09-17 2021-11-19 上海保险交易所股份有限公司 Method, apparatus and readable medium for managing insurance agent history through blockchain
CN110808958A (en) * 2019-10-07 2020-02-18 复旦大学 A medicine separation management system based on CP-ABE and blockchain
CN110797099B (en) * 2019-10-28 2022-06-17 河北北方学院 A method and system for sharing medical data based on blockchain
CN110727737B (en) * 2019-10-29 2022-10-18 南京邮电大学 Intelligent medical data storage method based on multilevel block chain system architecture
CN110781153B (en) * 2019-10-30 2020-08-04 中道新职坊科技发展有限公司 Cross-application information sharing method and system based on block chain
CN114762291A (en) * 2019-12-03 2022-07-15 索尼集团公司 Method, computer program and data sharing system for sharing user specific data of a user
CN111047295B (en) * 2019-12-13 2023-04-07 红云红河烟草(集团)有限责任公司 Data acquisition method for cigarette shred manufacturing process
CN110995751B (en) * 2019-12-18 2022-02-22 北京择天众康科技有限公司 Big data intelligent medical treatment and old age care service method and system based on block chain
CN111163156A (en) * 2019-12-26 2020-05-15 山东爱城市网信息技术有限公司 Blockchain-based data processing method, equipment and storage medium
CN111062721B (en) * 2019-12-31 2023-12-12 南京金宁汇科技有限公司 Signature method, system and storage medium applied to blockchain
CN113065951A (en) * 2020-01-02 2021-07-02 苏州同济区块链研究院有限公司 Transaction method, system, device, equipment and medium based on block chain
CN112541034A (en) * 2020-01-02 2021-03-23 北京融信数联科技有限公司 Government affair data sharing method based on alliance chain technology
CN111311257A (en) * 2020-01-20 2020-06-19 福州数据技术研究院有限公司 Medical data sharing excitation method and system based on block chain
CN111274273A (en) * 2020-01-22 2020-06-12 北京瑞卓喜投科技发展有限公司 Contract intelligent method and system and storage medium
CN111352999A (en) * 2020-03-06 2020-06-30 九次方大数据信息集团有限公司 National data circulation and data right confirming method and platform based on block chain
CN111461710B (en) * 2020-03-06 2023-06-23 重庆邮电大学 Distributed account book access control method based on alliance chain
CN113536388B (en) * 2020-04-16 2023-02-28 中移物联网有限公司 A blockchain-based data sharing method and system
CN111682934B (en) * 2020-04-21 2023-08-01 国网天津市电力公司电力科学研究院 Method and system for storing, accessing and sharing comprehensive energy metering data
CN111599423B (en) * 2020-04-24 2023-03-21 广东职业技术学院 Block chain-based electronic medical record access method and system
CN111526200B (en) * 2020-04-27 2023-05-09 远光软件股份有限公司 Data storage access method and system based on blockchain and cloud platform
CN111581292B (en) * 2020-05-18 2023-12-15 中国工业互联网研究院 Industrial Internet data asset right-determining and trading method and platform
CN111832069B (en) * 2020-06-05 2023-08-29 广东科学技术职业学院 Multi-block chain on-chain data storage system and method based on cloud computing
CN111831743B (en) * 2020-06-05 2023-11-14 广东科学技术职业学院 Block chain data storage system and method based on cloud storage
CN111884805B (en) * 2020-06-24 2023-08-01 易联众信息技术股份有限公司 Data hosting method and system based on blockchain and distributed identity
CN111901302B (en) * 2020-06-28 2022-02-25 石家庄铁道大学 Medical information attribute encryption access control method based on block chain
CN111863165B (en) * 2020-06-28 2023-07-14 石家庄铁道大学 Blockchain-based medical information sharing authentication method
CN111831662B (en) * 2020-07-24 2021-01-12 深圳市网通兴技术发展有限公司 Medical data information processing method and system
CN111966749B (en) * 2020-08-04 2021-08-17 中国科学院上海微系统与信息技术研究所 A data processing method, device, electronic device and storage medium
CN111967028B (en) * 2020-08-04 2021-05-25 中国科学院上海微系统与信息技术研究所 Data interaction system
CN111916172B (en) * 2020-08-07 2023-08-29 安徽师范大学 Medical data sharing system based on blockchain intelligent contract
CN111916173B (en) * 2020-08-07 2023-08-25 安徽师范大学 Medical data safety sharing system and method based on IPFS and alliance chain
CN112019348B (en) * 2020-08-26 2022-02-11 合肥工业大学 A smart phone cloud location method based on blockchain privacy protection
CN112163191A (en) * 2020-09-15 2021-01-01 广东工业大学 Education resource sharing method and system based on national secret block chain
CN112116335B (en) * 2020-09-23 2024-08-06 中国工商银行股份有限公司 Medical information processing method, device and system based on block chain
CN112530531B (en) * 2020-09-24 2023-11-21 扬州大学 Electronic medical record storage and sharing method based on dual blockchain
CN111933292B (en) * 2020-09-27 2021-01-29 浙江杜比医疗科技有限公司 Block chain-based hospital body and medical data interaction method and storage medium
CN112349368A (en) * 2020-09-29 2021-02-09 福建西岸康健管理有限公司 Electronic health record authorization sharing and management system based on medical block chain
CN112261112B (en) * 2020-10-16 2023-04-18 华人运通(上海)云计算科技有限公司 Information sharing method, device and system, electronic equipment and storage medium
CN112181922B (en) * 2020-10-22 2023-10-03 中山大学 Block chain data sharing method, system, device and medium
CN112380543B (en) * 2020-10-23 2024-03-19 重庆大学 Electronic medical data privacy protection and safe sharing system based on blockchain
CN112447291B (en) * 2020-11-23 2023-03-28 四川大学华西医院 Block chain-based method for sharing hospital data
CN112149080B (en) * 2020-11-24 2021-03-12 国网江苏省电力有限公司苏州供电分公司 An authorization information verification system and method
CN112562811B (en) * 2020-12-15 2023-09-15 昆明理工大学 A blockchain-based thin client electronic medical data security sharing method
CN112565289B (en) * 2020-12-21 2022-06-24 北京航空航天大学 Blockchain-based trusted issuance and verification system and method for medical licenses
US12432069B2 (en) * 2020-12-26 2025-09-30 Xi'an Creation Keji Co. , Ltd. Blockchain-based electronic medical record sharing method and electronic device
CN112635010B (en) * 2020-12-28 2023-07-07 扬州大学 Data storage and sharing method under edge computing based on dual blockchain
CN112560070B (en) * 2020-12-28 2024-03-22 杭州趣链科技有限公司 Data sharing method with auditing function
CN112559456B (en) * 2020-12-28 2022-07-05 杭州趣链科技有限公司 Data sharing method with privacy protection auditing and deleting functions
CN112733164B (en) * 2021-01-07 2023-12-08 中南大学 Case sharing method, system and private key storage medium based on blockchain
CN112735551B (en) * 2021-01-15 2023-01-31 山东科技大学 Medical record storage sharing model and its implementation method based on H-Algorand consensus mechanism
CN112766965B (en) * 2021-01-25 2022-09-02 天津理工大学 Privacy protection data sharing method based on intelligent contracts
CN112765640A (en) * 2021-01-29 2021-05-07 重庆卡歌科技有限公司 Data sharing method based on block chain technology
CN112927819A (en) * 2021-02-02 2021-06-08 杭州云嘉健康管理有限公司 5G cloud consulting room system
CN112908440A (en) * 2021-02-07 2021-06-04 深圳万海思数字医疗有限公司 Health management data sharing method and device and remote medical platform
CN112989406A (en) * 2021-02-26 2021-06-18 未鲲(上海)科技服务有限公司 Information processing method, device, equipment and storage medium
CN112837776A (en) * 2021-03-05 2021-05-25 成都库珀区块链科技有限公司 Block chain data privacy security protection method based on prescription transfer platform
CN112951356B (en) * 2021-03-23 2023-03-31 电子科技大学 Cross-modal medical data joint sharing method based on alliance chain
CN113066563A (en) * 2021-04-02 2021-07-02 青岛科技大学 Credible medical bad information reporting processing system
CN112989111B (en) * 2021-04-20 2021-09-10 南京百伦斯智能科技有限公司 Video storage management method and system based on block chain
CN113539510B (en) * 2021-04-23 2024-09-03 江苏大学 Novel infectious disease discovery and control system based on intelligent contract
CN113268756B (en) * 2021-06-01 2024-08-20 上海交通大学医学院附属仁济医院 Patient sharing and quality control system based on blockchain technology and human assisted reproduction technology
CN113507360B (en) * 2021-06-26 2024-01-09 暨南大学 System and method for exchanging and sharing technical big data based on blockchain
CN113468570A (en) * 2021-07-15 2021-10-01 湖北央中巨石信息技术有限公司 Private data sharing method based on intelligent contract
CN113689228A (en) * 2021-07-16 2021-11-23 杭州医康慧联科技股份有限公司 Integral data management method based on block chain
CN113570461B (en) * 2021-07-23 2024-09-27 芯安微众(上海)微电子技术有限公司 User data transaction system based on block chain
CN113538149B (en) * 2021-07-28 2024-02-27 浙江数秦科技有限公司 Multi-source data fusion platform based on block chain
CN113488128B (en) * 2021-07-28 2024-07-05 深圳平安智慧医健科技有限公司 Electronic medical record retrieval method and device based on blockchain and related equipment
CN113535663A (en) * 2021-08-09 2021-10-22 恒安嘉新(北京)科技股份公司 Data sharing processing method, device, equipment and medium based on block chain
CN113764060B (en) * 2021-09-09 2023-09-22 安徽师范大学 A medical data management system and patient-authorized medical record sharing method based on dual blockchains
CN113889208B (en) * 2021-09-17 2023-12-01 郑州轻工业大学 Block chain-based on-and-off-chain medical data sharing method, device and equipment
CN113645368A (en) * 2021-10-14 2021-11-12 深圳市云创精密医疗科技有限公司 Data image encryption processing method for high-precision medical treatment
CN113851203B (en) * 2021-12-01 2022-02-15 南京可信区块链与算法经济研究院有限公司 Collaborative learning method and system for neonatal fundus screening based on POS mechanism
CN113990429B (en) * 2021-12-29 2022-03-15 医典云(南京)数据科技有限公司 Electronic medical record data protection method and device
CN116506127A (en) * 2022-01-18 2023-07-28 厦门云在科技有限公司 TEE-based under-blockchain verifiable storage method
CN114564541A (en) * 2022-03-15 2022-05-31 平安国际智慧城市科技股份有限公司 Blockchain-based electronic evidence calling method, device, device and medium
CN114726533B (en) * 2022-03-23 2023-12-01 扬州大学 Method for detecting and deleting redundant data in edge computing environment based on block chain
CN115277040B (en) * 2022-03-23 2024-03-08 山东新一代信息产业技术研究院有限公司 Medical health data storage and sharing method and system based on blockchain technology
CN114844675B (en) * 2022-03-31 2024-04-09 四川链向科技集团有限公司 Block chain data exchange method for Internet of things
CN115033912B (en) * 2022-04-20 2023-04-25 郑州轻工业大学 Medical data cross-equipment anonymous verification method, device and equipment based on blockchain
CN114565326B (en) * 2022-04-29 2022-08-30 深圳市誉兴通科技股份有限公司 Medicine management method and system based on Internet of things
CN114818010B (en) * 2022-06-23 2022-09-16 南京理工大学 A method for secure storage and sharing of blockchain medical records based on double-chain structure
CN115114368A (en) * 2022-06-28 2022-09-27 福州中康信息科技有限公司 A medical data application visualization page display system
CN115186296B (en) * 2022-07-15 2025-09-26 中国石油大学(华东) A process traceability method for sensitive oilfield data
CN115147224A (en) * 2022-07-27 2022-10-04 中国银行股份有限公司 Transaction data sharing method and device based on alliance chain
CN115297118B (en) * 2022-10-09 2023-01-31 北京航空航天大学杭州创新研究院 A blockchain-based data sharing method and data sharing system
CN115440332B (en) * 2022-11-07 2023-02-10 南京邮电大学 Clinical trial data storage and sharing method based on public chain and alliance chain
CN116303437A (en) * 2023-02-23 2023-06-23 桂林电子科技大学 Blockchain-based medical data hierarchical storage and sharing method
CN116978502B (en) * 2023-06-21 2025-05-16 中山大学肿瘤防治中心(中山大学附属肿瘤医院、中山大学肿瘤研究所) Blockchain-based paperless examination and approval method, system and storage medium for clinical trial
CN116506123B (en) * 2023-06-27 2023-09-15 广州信安数据有限公司 Multi-subject data community construction method, medium and system based on convention agreement
CN116644478B (en) * 2023-07-27 2024-03-26 深圳达实旗云健康科技有限公司 Medical data privacy protection method and device, electronic equipment and readable storage medium
CN116707835B (en) * 2023-08-09 2023-10-17 北京信创达科技有限公司 Method and system for realizing patient information interaction based on blockchain
CN117037988B (en) * 2023-08-22 2024-05-17 广州视景医疗软件有限公司 Electronic medical record storage method and device based on blockchain
CN117874144B (en) * 2024-03-11 2024-05-28 西康软件有限责任公司 Medical data sharing method, device, equipment and storage medium based on blockchain
CN118368154B (en) * 2024-06-20 2024-08-23 宁波梦创信息科技有限公司 Project cloud data sharing method based on block chain
CN119272317B (en) * 2024-08-05 2025-09-26 国网河北省电力有限公司 Cloud-chain combined with privacy protection method for electronic archive data
CN118611887A (en) * 2024-08-09 2024-09-06 济南大学 A general framework for sharing medical data on alliance chains that supports cross-domain interoperability
CN119180039A (en) * 2024-09-04 2024-12-24 北京翕动科技有限公司 Data security management method and system based on distributed storage
CN118862187B (en) * 2024-09-27 2025-01-21 山东野藤生物科技有限公司 A blockchain-based drug development clinical medical data security sharing system
CN119150327B (en) * 2024-11-11 2025-04-15 江西省通信产业服务有限公司 A data asset full life cycle management method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603544A (en) * 2016-12-22 2017-04-26 中国科学技术大学 Data storage and cloud control method capable of lightweight auditing
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology
CN107579979A (en) * 2017-09-07 2018-01-12 成都理工大学 Shared query method of electronic medical records based on block chain technology
CN108063752A (en) * 2017-11-02 2018-05-22 暨南大学 A kind of credible genetic test and data sharing method based on block chain and proxy re-encryption technology
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603544A (en) * 2016-12-22 2017-04-26 中国科学技术大学 Data storage and cloud control method capable of lightweight auditing
CN106682530A (en) * 2017-01-10 2017-05-17 杭州电子科技大学 Method and device for medical information sharing privacy protection based on blockchain technology
CN107579979A (en) * 2017-09-07 2018-01-12 成都理工大学 Shared query method of electronic medical records based on block chain technology
CN108063752A (en) * 2017-11-02 2018-05-22 暨南大学 A kind of credible genetic test and data sharing method based on block chain and proxy re-encryption technology
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于CES的电子病历签名系统研究与实现;王昌达;《计算机工程》;20100816;第1-5节 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230090453A1 (en) * 2020-10-30 2023-03-23 KnowBe4, Inc. Systems and methods for determination of level of security to apply to a group before display of user data
US11943253B2 (en) * 2020-10-30 2024-03-26 KnowBe4, Inc. Systems and methods for determination of level of security to apply to a group before display of user data

Also Published As

Publication number Publication date
CN109326337A (en) 2019-02-12

Similar Documents

Publication Publication Date Title
CN109326337B (en) Model and method for storing and sharing electronic medical record based on block chain
Zhou et al. Med-PPPHIS: blockchain-based personal healthcare information system for national physique monitoring and scientific exercise guiding
CN111448565B (en) Data authorization based on decentralised identification
Kumar et al. Blockchain inspired secure and reliable data exchange architecture for cyber-physical healthcare system 4.0
CN110299195B (en) Electronic medical record sharing system with privacy protection based on alliance chain and application method
CN112534433B (en) Blockchain-based distribution of medical data records
CN111527489A (en) Data authorization based on decentralized identity
Babu et al. MediBlocks: secure exchanging of electronic health records (EHRs) using trust-based blockchain network with privacy concerns
Razaque et al. Privacy preservation models for third-party auditor over cloud computing: A survey
Qin et al. A secure storage and sharing scheme of stroke electronic medical records based on consortium blockchain
CN112530531A (en) Electronic medical record storage and sharing method based on double block chains
Wang et al. Health data security sharing method based on hybrid blockchain
Benil et al. Blockchain based secure medical data outsourcing with data deduplication in cloud environment
Ghorbel et al. Accountable privacy preserving attribute-based access control for cloud services enforced using blockchain
CN115883214A (en) Electronic medical data sharing system and method based on alliance chain and CP-ABE
Yeh et al. GDPR-compliant personal health record sharing mechanism with redactable blockchain and revocable IPFS
Bodur et al. An Improved blockchain-based secure medical record sharing scheme
CN116599706A (en) Block chain-based data sharing fine granularity access control method for Internet of things
Srivastava et al. Attack resistant blockchain-based healthcare record system using modified RSA Algorithm
CN112991045A (en) Medical health consumption financing method, device, equipment and medium based on block chain
Mittal et al. A novel two-level secure access control approach for blockchain platform in healthcare
Liu et al. A fine‐grained medical data sharing scheme based on federated learning
Chen et al. MASS: A multi-attribute sketch secure data sharing scheme for IoT wearable medical devices based on blockchain
CN119382856A (en) A blockchain-based EHR data secure access and sharing system
Mahapatra et al. A secure health management framework with anti-fraud healthcare insurance using blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载