+

CN112349368A - Electronic health record authorization sharing and management system based on medical block chain - Google Patents

Electronic health record authorization sharing and management system based on medical block chain Download PDF

Info

Publication number
CN112349368A
CN112349368A CN202011275393.9A CN202011275393A CN112349368A CN 112349368 A CN112349368 A CN 112349368A CN 202011275393 A CN202011275393 A CN 202011275393A CN 112349368 A CN112349368 A CN 112349368A
Authority
CN
China
Prior art keywords
doctor
patient
electronic health
management system
medical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011275393.9A
Other languages
Chinese (zh)
Inventor
赵嘉然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian West Coast Health Management Co ltd
Original Assignee
Fujian West Coast Health Management Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian West Coast Health Management Co ltd filed Critical Fujian West Coast Health Management Co ltd
Publication of CN112349368A publication Critical patent/CN112349368A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Public Health (AREA)
  • Primary Health Care (AREA)
  • Epidemiology (AREA)
  • Automation & Control Theory (AREA)
  • Data Mining & Analysis (AREA)
  • Biomedical Technology (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

本发明涉及一种基于医疗区块链的电子健康档案授权共享与管理系统,包括用户端、医疗信息管理系统、混合链上‑链下医疗信息数据库和身份认证系统;用户端包括患者端和医生端,分别用于进行电子健康档案相关操作;医疗信息管理系统是用户端进行相关操作的平台,用于将相关操作发送至混合链上‑链下医疗信息数据库;其还是分布式加解密模块的实施平台,并与身份认证系统协作,用于加解密患者电子健康档案及校验用户端身份真实性;混合链上‑链下医疗信息数据库由区块链网络和云端医疗数据库组成;身份认证系统由身份验证中心和证书颁发中心组成。该系统有利于安全、快捷地进行电子健康档案授权共享,并保障电子健康档案的私密性、安全性和可靠性。

Figure 202011275393

The invention relates to an electronic health file authorization sharing and management system based on medical blockchain, including a user terminal, a medical information management system, a hybrid on-chain-off-chain medical information database and an identity authentication system; the user terminal includes a patient terminal and a doctor The medical information management system is a platform for the user to perform related operations, and is used to send related operations to the hybrid on-chain-off-chain medical information database; it is also a distributed encryption and decryption module. Implement the platform and cooperate with the identity authentication system to encrypt and decrypt the patient's electronic health records and verify the authenticity of the client's identity; the hybrid on-chain-off-chain medical information database is composed of the blockchain network and the cloud medical database; the identity authentication system It consists of an authentication center and a certificate issuing center. The system is conducive to the safe and fast authorized sharing of electronic health records, and guarantees the privacy, security and reliability of electronic health records.

Figure 202011275393

Description

Electronic health record authorization sharing and management system based on medical block chain
Technical Field
The invention belongs to the technical field of blockchains, and particularly relates to an electronic health file authorization sharing and management system based on a medical blockchain.
Background
In the prior art, health files and physical examination reports of patients are exchanged mainly through a hospital HIS system, patient information is subjected to closed circulation in the hospital HIS system, information sharing of a large health medical platform is avoided, and authorization and sharing of electronic health files cannot be achieved among different hospital HIS systems. In addition, electronic health archives are many to be saved in hospital local server or high in the clouds database, manage health archives's distribution through the HIS system, and data control right is mastered by the hospital alone, is difficult to guarantee patient's health archives's privacy and security, and has the problem of single point trouble.
Disclosure of Invention
The invention aims to provide an electronic health file authorization sharing and management system based on a medical block chain, which is favorable for safely and quickly carrying out electronic health file authorization sharing and ensures the privacy, the safety and the reliability of electronic health files.
In order to achieve the purpose, the invention adopts the technical scheme that: an electronic health file authorization sharing and management system based on a medical block chain comprises a user side, a medical information management system, a hybrid uplink-downlink medical information database and an identity authentication system;
the user side comprises a patient side and a medical service provider, namely a doctor side, the patient side and the doctor side are two main transaction initiators in the system, the patient side is used for browsing and authorizing the electronic health record, and the doctor side is used for creating, browsing and modifying the electronic health record;
the medical information management system is a platform for carrying out electronic health record related operation on a patient end and a doctor end and is used for sending the operation of the patient end and the doctor end to a hybrid chain up-chain down medical information database; the medical information management system is also an implementation platform of the electronic health file distributed encryption and decryption module, is cooperated with the identity authentication system, and is used for encrypting and decrypting the electronic health file of the patient and verifying the identity authenticity of the user side;
the hybrid uplink-downlink medical information database consists of a block chain network and a cloud medical database; the blockchain network is used to accomplish tasks including executing intelligent contracts, storing patient core medical data, verifying patient and doctor initiated operations, and adding new blockchain blocks; the cloud medical database is used for storing the linked medical data with the space occupation larger than a set value and generating a disposable URL (uniform resource locator) address for accessing the patient medical data stored in the cloud node under the link;
the identity authentication system consists of an identity verification center and a certificate issuing center; the identity authentication center is used for storing identity authentication materials related to the user and authenticating the identity information of the access user based on the stored identity authentication materials; the certificate authority provides effective identity certificates for participants in the block chain network on the basis of public key infrastructure, so that the identity verification center can recognize the identity of the participants and the authenticity of the user identity is guaranteed.
Further, the doctor end performs the operation related to the electronic health record in the system, and the method comprises the following steps:
A1) a doctor end logs in a medical information management system;
A2) the identity authentication system determines the authenticity of the identity of the doctor end by verifying the login information of the doctor end;
A3) after the verification is successful, the doctor end user logs in the medical information management system to create, browse or modify the electronic health record;
A4) the doctor end encrypts the related information of the electronic health record by using a symmetric key authorized by the patient, attaches signature information of the doctor end and then sends the signature information to a hybrid uplink-downlink medical information database;
A5) after receiving an operation application of a doctor end, a block chain network in a hybrid uplink-downlink medical information database verifies the authenticity of the identity of the doctor end through an identity authentication system according to signature information attached by a doctor;
A6) after the doctor identity verification is successful, the block chain network starts a consensus mechanism according to the intelligent contract content corresponding to the doctor operation so as to obtain the agreement of the peer node on the doctor operation;
A7) after the doctor operation is agreed, according to an intelligent contract, the block chain link points with the authorization permission of the patient add doctor operation generated data into respective block chains;
A8) if the doctor operates to create or modify the electronic health file, uploading data of which the space occupation is larger than a set value in the electronic health file to a cloud medical database; if the operation of the doctor is to browse the file, the cloud medical database returns a one-time URL address to the created new block;
A9) after the operation application of the doctor is linked to each block chain node, the block chain network sends a doctor related operation notice to the patient end through the medical information management system;
A10) and the block chain network returns the reply of the operation applied by the doctor to the doctor through the medical information management system so as to complete the closed loop of the electronic health record management at the doctor end.
Further, the patient end performs the electronic health record related operation in the system, which comprises the following steps:
B1) a patient logs in a medical information management system;
B2) the identity authentication system determines the authenticity of the identity of the patient end by verifying the login information of the patient;
B3) after the verification is successful, the patient end user logs in the medical information management system to browse or authorize the electronic health record operation;
B4) the authorization or browsing operation application of the patient end is attached with the signature information of the patient and sent to the block chain network through the medical information management system;
B5) after receiving the operation application of the patient end, the block chain network verifies the authenticity of the identity of the patient end according to the signature information attached to the patient through the identity authentication system;
B6) after the patient end identity verification is passed, the blockchain network sends a data calling application to the cloud medical database to obtain the relevant information of all the patient electronic health files;
B7) the hybrid uplink-downlink medical information database feeds back the operation result to the medical information management system; if the operation of the patient is authorization, returning an authorization success prompt; if the operation of the patient is to browse the file, the electronic health file is directly browsed in the medical information management system.
Furthermore, the electronic health file distributed encryption and decryption module is used for encrypting and decrypting all contents stored in the hybrid uplink-downlink medical information database and providing an identity for a user in the system; the electronic health file distributed encryption and decryption module guarantees safe sharing of the electronic health file through mixed use of an asymmetric encryption algorithm and a symmetric encryption algorithm and distribution of a secret key in the system.
Further, the specific steps of the user side generating the identity key in the medical information management system are as follows:
101) a user enters a medical information management system and registers an account by using a self identity;
102) the system being dependent on the identity of the userIdentification information generation identity identification key PAuWhile the system also generates an encryption key P for the user login informationpass(ii) a In addition, the system generates a pair of asymmetric public and private key pairs { P }pub,PpriH and a symmetric key PkThe system is used for sharing and encrypting the electronic health file;
103) system use PpubTo PkEncryption generation
Figure BDA0002778857610000031
Using PpassTo PpriPerform encryption generation
Figure BDA0002778857610000032
104) Generated secret key Ppub
Figure BDA0002778857610000033
And
Figure BDA0002778857610000034
the information is packaged into a user registration request and then uploaded to an identity verification system;
105) after the identity authentication system receives the registration request, the system generates a new object on the block chain; including personal information of a user and a generated key P in an objectpubAnd
Figure BDA0002778857610000035
106) after the object is successfully generated, the system generates an identification certificate C for the user through a certificate authority to serve as an identification of the user in the block chain; identification certificate C is shared by public key P of userpubEncryption generation
Figure BDA0002778857610000036
Figure BDA0002778857610000037
And
Figure BDA0002778857610000038
stored in the authentication system for the user's identification.
Further, the key interaction steps of the patient authentication process in the system are as follows:
201) a user logs in a medical information management system;
202) the system generates a secret key P according to the login information of the userAuAnd PpassComparing the generated key with a stored key in an identity verification system to verify the authenticity of the user identity;
203) if the identity authentication fails, rejecting the user login request; if the authentication succeeds, the authentication system sends the encrypted identification certificate of the patient
Figure BDA0002778857610000041
And personal private key
Figure BDA0002778857610000042
Entering a medical information management system;
204) system use PpubAnd PpassKey pair encrypted identification certificate
Figure BDA0002778857610000043
And personal private key
Figure BDA0002778857610000044
Decrypting to obtain the user identification certificate C and the private key Ppri
205) And the user acquires the identity recognition certificate C and obtains the permission of entering the block chain network.
Further, the system comprises the following specific steps of acquiring the authorization of the electronic health record of the patient by the doctor end user:
301) the doctor end initiates an electronic health record authorization request through the medical information management system;
302) the authorization request of the doctor is regarded as a block chain transaction and sent to a block chain network;
303) after the authorization transaction passes through a consensus mechanism in the block chain network, sending an authorization request of a doctor to a patient end;
304) if the patient end does not agree with the authorization, the process is terminated, and the system returns a notice of application rejection to the doctor end; if the patient agrees to the authorization, the patient end sends the shared secret key P to the blockchain network through the medical information management systemkA transaction request;
305) after the request is successfully sent, the medical information management system obtains the public key D of the medical end from the blockchain networkpub
306) Secret key DpubAfter success, it is used to encrypt the patient key Pk(ii) a Generated encryption key
Figure BDA0002778857610000045
Is added to a shared key transaction generated in a blockchain network;
307) after the shared key transaction is sent to the blockchain network, according to the provision of the intelligent contract,
Figure BDA0002778857610000046
is added to the blockchain ledger; meanwhile, the doctor end user is added to the authorization list of the patient;
308) after the authorization is completed, the doctor end user receives an authorization success notice sent by the blockchain network through the medical information management system, and the doctor can obtain the permission of browsing the electronic health file of the patient.
Further, after obtaining the authorization of the electronic health record, the doctor initiates an application for browsing the patient record to the system, and the specific steps are as follows:
401) the medical end initiates an electronic health record browsing request through the medical information management system;
402) the medical information management system converts the doctor request into a block chain transaction and sends the block chain transaction to a block chain network;
403) after receiving a doctor request, an intelligent contract in the block chain network confirms whether the doctor is in an authorization list of a patient;
404) after the confirmation is passed, the blockchain network encrypts the patientElectronic health file
Figure BDA0002778857610000051
And an encryption key
Figure BDA0002778857610000052
Returning to the medical information management system of the doctor end;
405) public key D of system use doctor endpubDecrypting returned encryption keys
Figure BDA0002778857610000053
Deriving a secret Pk
406) Key PkIs used for decrypting the electronic health record of the patient
Figure BDA0002778857610000054
Thereby finally obtaining the electronic health record R of the patient.
Further, the block chain link points of the block chain network are arranged in each hospital or community health service center, and all the nodes are connected with each other to form the block chain network.
Compared with the prior art, the invention has the following beneficial effects: the system can provide a safe and quick case authorization sharing mechanism for electronic health files existing in different hospital information management systems, and can provide electronic health files with consistent information and updated in real time for hospitals with different HIS systems on the premise of ensuring the privacy and the safety of electronic health cases of patients. The electronic health record encryption and decryption technology adopted by the system can ensure the privacy of the information of the relevant patients in the block chain network and the cloud database. Meanwhile, the authenticity of the user identity is guaranteed by establishing an identity authentication system, so that a malicious attacker is prevented from stealing the information of the patient. In addition, by establishing a hybrid uplink-downlink medical information database and combining the blockchain network with the cloud database, the content carrying capacity of the blockchain network is greatly improved, and the calling requirement of the electronic health record data is met. Therefore, the invention has strong practicability and wide application prospect.
Drawings
FIG. 1 is a system architecture diagram of an embodiment of the present invention.
Fig. 2 is a system work flow diagram of an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and the embodiments.
Referring to fig. 1, the present invention provides an electronic health record authorization sharing and management system based on a medical block chain, which includes a user end, a medical information management system, a hybrid uplink-downlink medical information database, and an identity authentication system.
The user side comprises a patient side and a medical service provider, namely a doctor side, the patient side and the doctor side are two main transaction initiators in the system, the patient side is used for browsing and authorizing the electronic health record, and the doctor side is used for creating, browsing and modifying the electronic health record.
The medical information management system is a platform for carrying out electronic health record related operation on a patient end and a doctor end and is used for sending the operation of the patient end and the doctor end to a hybrid chain up-chain down medical information database; the medical information management system is also an implementation platform of the electronic health record distributed encryption and decryption module, cooperates with the identity authentication system, and is used for encrypting and decrypting the electronic health record of the patient and verifying the identity authenticity of the user side.
The hybrid uplink-downlink medical information database is the core of the system and consists of a block chain network and a cloud medical database; the blockchain network is responsible for executing tasks such as intelligent contracts (Smart contracts), storing core medical data of patients, verifying operations (transactions) initiated by patients and doctors, adding new blockchain blocks and the like; the block chain links are arranged in each hospital or community health service center and are connected with each other to form a block chain network; the cloud medical database is used for storing the medical data under the chain, the occupied space of which is larger than a set value, such as an electronic Computed Tomography (CT) image, an X-ray film, Magnetic Resonance Imaging (MRI) and the like, and is also used for generating a disposable URL (uniform resource locator) address which is used for accessing the medical data of the patient stored in the cloud node under the chain.
The identity Authentication system consists of an identity Authentication center (Authentication Authority) and a certificate Authority (Certification Authority); the identity authentication center is used for storing identity authentication materials related to the user, such as a user name and a password, face identification information, fingerprint information and the like, and authenticating the identity information of the access user based on the stored identity authentication materials; the certificate authority provides effective identity certificates for participants in the block chain network on the basis of Public Key Infrastructure (Public Key Infrastructure), so that the identity of the participants can be identified by the identity verification center, and the authenticity of the identity of the users is guaranteed.
In the system of the present invention, the flow of the operations related to the electronic health record performed by the patient side and the doctor side is shown in fig. 2.
The doctor end carries out the operation related to the electronic health record in the system, and the operation comprises the following steps:
A1) the medical doctor end logs in the medical information management system through a user name and a password or face recognition and the like;
A2) the identity authentication system determines the authenticity of the identity of the doctor end by verifying the login information of the doctor end;
A3) after the verification is successful, the doctor end user logs in the medical information management system to create, browse or modify the electronic health record;
A4) the doctor end encrypts the related information of the electronic health record by using a symmetric key authorized by the patient, attaches signature information of the doctor end and then sends the signature information to a hybrid uplink-downlink medical information database;
A5) after receiving an operation application of a doctor end, a block chain network in a hybrid uplink-downlink medical information database verifies the authenticity of the identity of the doctor end through an identity authentication system according to signature information attached by a doctor;
A6) after the doctor identity authentication is successful, the block chain network starts a Consensus mechanism (Consensus Protocol) according to the intelligent contract content corresponding to the doctor operation so as to obtain the agreement of the peer node on the doctor operation;
A7) after the doctor operation is agreed, according to an intelligent contract, the block chain link points with the authorization permission of the patient add doctor operation generated data into respective block chains;
A8) if the doctor operates to create or modify the electronic health file, uploading data of which the space occupation is larger than a set value in the electronic health file to a cloud medical database; if the operation of the doctor is to browse the file, the cloud medical database returns a one-time URL address to the created new block;
A9) after the operation application of the doctor is linked to each block chain node, the block chain network sends a doctor related operation notice to the patient end through the medical information management system;
A10) the block chain network returns a reply of an operation applied by a doctor to the doctor through the medical information management system so as to complete the closed loop of the electronic health file management at the doctor end; for example, if the doctor requests to operate to view the patient's electronic health profile, the doctor may review the patient profile on the medical information management system.
The operation flow of the patient end user in the system is similar to that of the doctor end, but the patient end does not need to go through a consensus mechanism in the blockchain network when executing the operation application.
The patient end performs the electronic health record related operation in the system, and the method comprises the following steps:
B1) a patient logs in a medical information management system in a user name and password or face recognition mode and the like;
B2) the identity authentication system determines the authenticity of the identity of the patient end by verifying the login information of the patient;
B3) after the verification is successful, the patient end user logs in the medical information management system to browse or authorize the electronic health record operation;
B4) the authorization or browsing operation application of the patient end is attached with patient-specific signature information and is sent to the blockchain network through the medical information management system;
B5) after receiving the operation application of the patient end, the block chain network verifies the authenticity of the identity of the patient end according to the signature information attached to the patient through the identity authentication system;
B6) after the patient end identity verification is passed, the blockchain network sends a data calling application to the cloud medical database to obtain the relevant information of all the patient electronic health files;
B7) the hybrid uplink-downlink medical information database feeds back the operation result to the medical information management system; if the operation of the patient is authorization, returning an authorization success prompt; if the operation of the patient is to browse the file, the electronic health file is directly browsed in the medical information management system.
The electronic health file distributed encryption and decryption module is used for encrypting and decrypting all contents stored in the hybrid uplink-downlink medical information database and providing identification for users in the system.
The core of the electronic health file distributed encryption and decryption technology is that in an electronic health file authorization sharing and management system based on a medical block chain, the safe sharing of the electronic health file is guaranteed through the mixed use of an asymmetric encryption algorithm and a symmetric encryption algorithm and the specific distribution of a secret key.
1. Encryption and decryption process during user side registration
The specific steps of generating the identity key in the medical information management system by the user side are as follows:
101) a user enters a medical information management system and registers an account number, such as an identity card number, face identification information and the like, by using a special identity of the user;
102) the system generates an identification key P according to the user identification informationAuWhile the system also generates an encryption key P for the user login informationpass(ii) a In addition, the system generates a pair of asymmetric public and private key pairs { P }pub,PpriH and a symmetric key PkThe system is used for sharing and encrypting the electronic health file;
103) system use PpubTo PkEncryption generation
Figure BDA0002778857610000081
Using PpassTo PpriPerform encryption generation
Figure BDA0002778857610000082
104) Generated secret key Ppub
Figure BDA0002778857610000083
And
Figure BDA0002778857610000084
the information is packaged into a user registration request and then uploaded to an identity verification system;
105) after the identity authentication system receives the registration request, the system generates a new object on the block chain; including personal information of a user and a generated key P in an objectpubAnd
Figure BDA0002778857610000085
106) after the object is successfully generated, the system generates an identification certificate C for the user through a certificate authority to serve as an identification of the user in the block chain; identification certificate C is shared by public key P of userpubEncryption generation
Figure BDA0002778857610000086
Figure BDA0002778857610000087
And
Figure BDA0002778857610000088
stored in the authentication system for the user's identification.
2. Encryption and decryption process during user terminal identity verification
The key interaction steps of the patient authentication process in the system are as follows:
201) a user logs in a medical information management system by using information such as account passwords or face recognition;
202) the system generates a secret key P according to the login information of the userAuAnd PpassComparing the generated key with a stored key in an identity verification system to verify the authenticity of the user identity;
203) If the identity authentication fails, rejecting the user login request; if the authentication succeeds, the authentication system sends the encrypted identification certificate of the patient
Figure BDA0002778857610000089
And personal private key
Figure BDA00027788576100000810
Entering a medical information management system;
204) system use PpubAnd PpassKey pair encrypted identification certificate
Figure BDA00027788576100000811
And personal private key
Figure BDA00027788576100000812
Decrypting to obtain the user identification certificate C and the private key Ppri
205) And the user acquires the identity recognition certificate C and obtains the permission of entering the block chain network.
3. Encryption and decryption process during authorization of electronic health file
The system comprises the following specific steps that a doctor end user obtains the authorization of the electronic health record of a patient:
301) the doctor end initiates an electronic health record authorization request through the medical information management system;
302) the authorization request of the doctor is regarded as a block chain transaction and sent to a block chain network;
303) after the authorization transaction passes through a consensus mechanism in the block chain network, sending an authorization request of a doctor to a patient end;
304) if the patient end does not agree with the authorization, the process is terminated, and the system returns a notice of application rejection to the doctor end; if the patient agrees to the authorization, the patient end sends the shared secret key P to the blockchain network through the medical information management systemkA transaction request;
305) after the request is successfully sent, the medical information management system obtains the public key D of the medical end from the blockchain networkpub
306) Secret key DpubAfter success, it is used to encrypt the patient key Pk(ii) a Generated encryption key
Figure BDA0002778857610000091
Is added to a shared key transaction generated in a blockchain network;
307) after the shared key transaction is sent to the blockchain network, according to the provision of the intelligent contract,
Figure BDA0002778857610000092
is added to the blockchain ledger; meanwhile, the doctor end user is added to the authorization list of the patient;
308) after the authorization is completed, the doctor end user receives an authorization success notice sent by the blockchain network through the medical information management system, and the doctor can obtain the permission of browsing the electronic health file of the patient.
4. Encryption and decryption process for browsing electronic health record
After obtaining the authorization of the electronic health record, a doctor initiates an application for browsing the patient record to the system, and the specific steps are as follows:
401) the medical end initiates an electronic health record browsing request through the medical information management system;
402) the medical information management system converts the doctor request into a block chain transaction and sends the block chain transaction to a block chain network;
403) after receiving a doctor request, an intelligent contract in the block chain network confirms whether the doctor is in an authorization list of a patient;
404) after the confirmation is passed, the blockchain network encrypts the electronic health record of the patient
Figure BDA0002778857610000093
And an encryption key
Figure BDA0002778857610000094
Returning to the medical information management system of the doctor end;
405) public key D of system use doctor endpubDecrypting returned encryption keys
Figure BDA0002778857610000095
Deriving a secret Pk
406) Key PkIs used for decrypting the electronic health record of the patient
Figure BDA0002778857610000096
Thereby finally obtaining the electronic health record R of the patient.
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (9)

1.一种基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,包括用户端、医疗信息管理系统、混合链上-链下医疗信息数据库和身份认证系统;1. An electronic health record authorization sharing and management system based on medical block chain, is characterized in that, comprises a user terminal, a medical information management system, a hybrid on-chain-off-chain medical information database and an identity authentication system; 所述用户端包括患者端和医疗服务提供方,即医生端,所述患者端和医生端为系统中两个主要事务发起方,患者端用于进行电子健康档案的浏览及授权操作,医生端用于进行电子健康档案的创建、浏览及修改操作;The user end includes a patient end and a medical service provider, that is, a doctor end. The patient end and the doctor end are two main transaction initiators in the system. The patient end is used for browsing and authorizing operations of electronic health files, and the doctor end For the creation, browsing and modification of electronic health records; 所述医疗信息管理系统是患者端和医生端进行电子健康档案相关操作的平台,用于将患者端和医生端的操作发送至混合链上-链下医疗信息数据库;所述医疗信息管理系统还是电子健康档案分布式加解密模块的实施平台,并与身份认证系统协作,用于加解密患者电子健康档案以及校验用户端身份真实性;The medical information management system is a platform for the patient and doctor to perform operations related to electronic health records, and is used to send the operations of the patient and doctor to the hybrid on-chain-off-chain medical information database; the medical information management system is also electronic. The implementation platform of the distributed encryption and decryption module of health records, and cooperates with the identity authentication system to encrypt and decrypt the electronic health records of patients and verify the authenticity of the client's identity; 所述混合链上-链下医疗信息数据库由区块链网络和云端医疗数据库组成;所述区块链网络用于完成包括执行智能合约、存储患者核心医疗数据、验证患者和医生发起的操作和添加新区块链块的任务;所述云端医疗数据库用于存储空间占用大于设定值的链下医疗数据,还用于生成一次性的URL地址,用于访问链下存储于云端节点中的患者医疗数据;The hybrid on-chain-off-chain medical information database is composed of a blockchain network and a cloud medical database; the blockchain network is used to complete operations including executing smart contracts, storing core medical data of patients, verifying operations initiated by patients and doctors, and The task of adding a new blockchain block; the cloud medical database is used to store off-chain medical data that occupies a larger space than a set value, and is also used to generate a one-time URL address for accessing patients stored in the cloud node off-chain medical data; 身份认证系统由身份验证中心和证书颁发中心组成;身份验证中心用于存储与用户相关的身份验证材料,并基于存储的身份验证材料验证接入用户的身份信息;所述证书颁发中心以公钥基础设施为基础,为区块链网络中的参与者提供有效身份凭证,从而使身份验证中心可识别其身份,保证用户身份真实性。The identity authentication system consists of an identity authentication center and a certificate issuing center; the identity authentication center is used to store the identity authentication materials related to the user, and verifies the identity information of the access user based on the stored identity authentication materials; the certificate issuing center uses the public key Based on the infrastructure, it provides valid identity credentials for participants in the blockchain network, so that the identity verification center can identify their identities and ensure the authenticity of user identities. 2.根据权利要求1所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,所述医生端在系统中进行电子健康档案相关操作包括如下步骤:2. The electronic health record authorization sharing and management system based on medical block chain according to claim 1, is characterized in that, described doctor terminal carries out electronic health record related operation in the system and comprises the following steps: A1)医生端登录医疗信息管理系统;A1) The doctor's terminal logs in to the medical information management system; A2)身份认证系统通过验证医生端登入信息,确定医生端身份的真实性;A2) The identity authentication system determines the authenticity of the doctor's identity by verifying the doctor's login information; A3)验证成功后,医生端用户登入医疗信息管理系统进行创建、浏览或修改电子健康档案操作;A3) After the verification is successful, the doctor user logs in to the medical information management system to create, browse or modify electronic health records; A4)医生端使用患者授权的对称密钥对电子健康档案相关信息进行加密,并附上医生端的签名信息后发送至混合链上-链下医疗信息数据库;A4) The doctor uses the symmetric key authorized by the patient to encrypt the relevant information of the electronic health record, and attaches the signature information of the doctor and sends it to the hybrid on-chain-off-chain medical information database; A5)混合链上-链下医疗信息数据库中的区块链网络收到医生端的操作申请后,通过身份认证系统,根据医生附上的签名信息,验证医生端身份的真实性;A5) After the blockchain network in the hybrid on-chain-off-chain medical information database receives the operation application from the doctor, it will verify the authenticity of the doctor's identity through the identity authentication system based on the signature information attached by the doctor; A6)医生身份验证成功后,区块链网络根据医生操作对应的智能合约内容启动共识机制,以获得对等节点对于医生操作的同意;A6) After the doctor's identity verification is successful, the blockchain network starts the consensus mechanism according to the content of the smart contract corresponding to the doctor's operation, so as to obtain the consent of the peer node for the doctor's operation; A7)医生操作获得同意后,根据智能合约,拥有患者授权许可的区块链节点将医生操作生成数据添加进各自的区块链中;A7) After the doctor's operation is approved, according to the smart contract, the blockchain nodes with the patient's authorization will add the data generated by the doctor's operation into their respective blockchains; A8)若医生的操作为创建或修改电子健康档案,则电子健康档案中空间占用大于设定值的数据被上传至云端医疗数据库;若医生的操作为浏览档案,则云端医疗数据库返回一次性的URL地址到创建的新块中;A8) If the doctor's operation is to create or modify electronic health records, the data that occupies more space in the electronic health records than the set value will be uploaded to the cloud medical database; if the doctor's operation is to browse files, the cloud medical database will return a one-time URL address to the new block created; A9)当医生的操作申请上链至各区块链节点后,区块链网络通过医疗信息管理系统向患者端发送医生相关操作通知;A9) After the doctor's operation application is uploaded to each blockchain node, the blockchain network sends a doctor-related operation notification to the patient through the medical information management system; A10)区块链网络通过医疗信息管理系统向医生返回医生所申请操作的回复,以完成医生端的电子健康档案管理闭环。A10) The blockchain network returns the doctor's response to the operation requested by the doctor through the medical information management system to complete the closed-loop management of electronic health records on the doctor's side. 3.根据权利要求1所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,所述患者端在系统中进行电子健康档案相关操作包括如下步骤:3. The electronic health record authorization sharing and management system based on medical block chain according to claim 1, is characterized in that, described patient terminal carries out electronic health record related operation in the system and comprises the following steps: B1)患者登录医疗信息管理系统;B1) The patient logs into the medical information management system; B2)身份认证系统通过验证患者登入信息,确定患者端身份的真实性;B2) The identity authentication system determines the authenticity of the patient's identity by verifying the patient's login information; B3)验证成功后,患者端用户登入医疗信息管理系统进行浏览或授权电子健康档案操作;B3) After the verification is successful, the patient end user logs into the medical information management system to browse or authorize electronic health file operations; B4)患者端的授权或浏览操作申请被附上患者的签名信息,通过医疗信息管理系统发送至区块链网络;B4) The patient's application for authorization or browsing operation is attached with the patient's signature information and sent to the blockchain network through the medical information management system; B5)区块链网络收到患者端的操作申请后,通过身份认证系统,根据患者附上的签名信息,验证患者端身份的真实性;B5) After the blockchain network receives the operation application from the patient, it will verify the authenticity of the patient's identity through the identity authentication system and according to the signature information attached by the patient; B6)患者端身份验证通过后,区块链网络向云端医疗数据库发送数据调用申请,以取得所有患者电子健康档案相关信息;B6) After the patient-side identity verification is passed, the blockchain network sends a data call application to the cloud medical database to obtain all information related to the patient's electronic health records; B7)混合链上-链下医疗信息数据库将操作结果反馈到医疗信息管理系统中;若患者的操作为授权,则返回授权成功提醒;若患者的操作为浏览档案,则直接在医疗信息管理系统中浏览电子健康档案。B7) The hybrid on-chain-off-chain medical information database feeds back the operation results to the medical information management system; if the patient's operation is authorization, it will return an authorization success reminder; if the patient's operation is to browse files, it will be directly in the medical information management system Browse Electronic Health Records in . 4.根据权利要求1所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,所述电子健康档案分布式加解密模块用于加解密所有储存于混合链上-链下医疗信息数据库中的内容,并为系统内用户提供身份标识;所述电子健康档案分布式加解密模块在系统中通过非对称加密算法与对称加密算法的混合使用及密钥的分配,保障电子健康档案的安全共享。4. The electronic health record authorization sharing and management system based on medical block chain according to claim 1, is characterized in that, described electronic health record distributed encryption and decryption module is used for encrypting and decrypting all stored in the mixed chain-chain download the content in the medical information database, and provide identification for users in the system; the distributed encryption and decryption module of electronic health records in the system ensures the electronic Secure sharing of health records. 5.根据权利要求4所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,用户端在医疗信息管理系统中生成身份密钥的具体步骤如下:5. The electronic health record authorization sharing and management system based on medical block chain according to claim 4, is characterized in that, the concrete steps that the user terminal generates the identity key in the medical information management system are as follows: 101)用户进入医疗信息管理系统使用自身身份标识注册账号;101) The user enters the medical information management system to register an account with his own identity; 102)系统根据用户身份识别信息生成身份识别密钥PAu,同时系统也生成用于用户登录信息加密密钥Ppass;此外,系统还生成一对非对称公私密钥对{Ppub,Ppri}和一个对称密钥Pk用于电子健康档案共享与加密;102) The system generates an identification key P Au according to the user identification information, and at the same time the system also generates an encryption key P pass for user login information; in addition, the system also generates a pair of asymmetric public and private keys {P pub , P pri } and a symmetric key P k for electronic health record sharing and encryption; 103)系统使用Ppub对Pk加密生成
Figure FDA0002778857600000031
使用Ppass对Ppri进行加密生成
Figure FDA0002778857600000032
103) The system uses P pub to encrypt and generate P k
Figure FDA0002778857600000031
Use P pass to encrypt and generate P pri
Figure FDA0002778857600000032
 104)生成的密钥Ppub
Figure FDA0002778857600000033
Figure FDA0002778857600000034
被打包为用户注册请求后上传至身份验证系统;104) Generated key P pub ,
Figure FDA0002778857600000033
and
Figure FDA0002778857600000034
It is packaged as a user registration request and uploaded to the authentication system; 105)身份验证系统收到注册请求后,系统在区块链上生成一个新的对象;对象中包括用户的个人信息和生成的密钥Ppub
Figure FDA0002778857600000035
105) After the identity verification system receives the registration request, the system generates a new object on the blockchain; the object includes the user's personal information and the generated key P pub and
Figure FDA0002778857600000035
 106)对象生成成功后,系统通过证书颁发中心为用户生成一个身份识别证书C,以作为用户在区块链中的身份标识;身份识别证书C被用户的公有密钥Ppub加密生成
Figure FDA0002778857600000036
Figure FDA0002778857600000037
储存在身份验证系统中,用于用户的身份识别。106) After the object is successfully generated, the system generates an identity certificate C for the user through the certificate issuing center as the user's identity in the blockchain; the identity certificate C is encrypted and generated by the user's public key P pub
Figure FDA0002778857600000036
and
Figure FDA0002778857600000037
Stored in the authentication system for user identification. 6.根据权利要求4所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,系统中患者身份验证过程的密钥交互步骤如下:6. The electronic health record authorization sharing and management system based on medical block chain according to claim 4, is characterized in that, the key interaction step of patient identity verification process in the system is as follows: 201)用户登录医疗信息管理系统;201) The user logs in to the medical information management system; 202)系统根据用户的登录信息生成密钥PAu和Ppass,并将生成密钥与身份验证系统中储存密钥进行比对,以验证用户身份真实性;202) the system generates keys P Au and P pass according to the user's login information, and compares the generated key with the stored key in the identity verification system to verify the authenticity of the user's identity; 203)若身份验证失败,则拒绝用户登录请求;若身份验证成功,则身份验证系统发送患者的加密身份识别证书
Figure FDA0002778857600000038
和个人私有密钥
Figure FDA0002778857600000039
到医疗信息管理系统中;203) If the authentication fails, the user login request is rejected; if the authentication is successful, the authentication system sends the encrypted identification certificate of the patient
Figure FDA0002778857600000038
and personal private key
Figure FDA0002778857600000039
into the medical information management system; 204)系统使用Ppub和Ppass密钥对加密身份识别证书
Figure FDA00027788576000000310
和个人私有密钥
Figure FDA00027788576000000311
进行解密,以得到用户身份识别证书C和私有密钥Ppri204) The system uses the P pub and P pass keys to encrypt the identity certificate
Figure FDA00027788576000000310
and personal private key
Figure FDA00027788576000000311
Decrypt to obtain the user identity certificate C and the private key Ppri ; 205)用户取得身份识别证书C,获得进入区块链网络的许可。205) The user obtains the identity certificate C and obtains the permission to enter the blockchain network. 7.根据权利要求4所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,系统中医生端用户获取患者电子健康档案授权的具体步骤如下:7. The electronic health record authorization sharing and management system based on medical block chain according to claim 4, is characterized in that, in the system, the concrete steps that the doctor end user obtains the patient electronic health record authorization are as follows: 301)医生端通过医疗信息管理系统发起电子健康档案授权请求;301) The doctor initiates an electronic health record authorization request through the medical information management system; 302)医生的授权请求被视为区块链事务发送至区块链网络中;302) The doctor's authorization request is regarded as a blockchain transaction and sent to the blockchain network; 303)授权事务通过区块链网络中的共识机制后,将医生的授权请求发送至患者端;303) After the authorization transaction passes the consensus mechanism in the blockchain network, the doctor's authorization request is sent to the patient; 304)若患者端不同意授权,则流程终止,系统返回申请拒绝的通知至医生端;若患者同意授权,则患者端通过医疗信息管理系统向区块链网络发送共享密钥Pk事务请求;304) If the patient does not agree to the authorization, the process is terminated, and the system returns a notification of rejection of the application to the doctor; if the patient agrees to the authorization, the patient sends a transaction request for the shared key Pk to the blockchain network through the medical information management system; 305)请求发送成功后,医疗信息管理系统从区块链网络中取得医生端的公有密钥Dpub305) After the request is sent successfully, the medical information management system obtains the public key Dpub of the doctor from the blockchain network; 306)密钥Dpub取得成功后,被用于加密患者密钥Pk;生成的加密密钥
Figure FDA0002778857600000041
被添加至区块链网络中生成的共享密钥事务中;306) After the key D pub is successful, it is used to encrypt the patient key P k ; the generated encryption key
Figure FDA0002778857600000041
is added to the shared key transaction generated in the blockchain network; 307)共享密钥事务发送至区块链网络中后,根据智能合约的规定,
Figure FDA0002778857600000042
被添加至区块链账本中;同时,医生端用户被添加至患者的授权名单中;307) After the shared key transaction is sent to the blockchain network, according to the regulations of the smart contract,
Figure FDA0002778857600000042
be added to the blockchain ledger; at the same time, the doctor's end user is added to the patient's authorization list; 308)授权完成后,医生端用户通过医疗信息管理系统收到区块链网络发送的授权成功通知,医生即可获得浏览患者电子健康档案的权限。308) After the authorization is completed, the doctor-end user receives the authorization success notification sent by the blockchain network through the medical information management system, and the doctor can obtain the permission to browse the patient's electronic health file. 8.根据权利要求4所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,医生取得电子健康档案授权后,向系统发起浏览患者档案申请的具体步骤如下:8. The electronic health record authorization sharing and management system based on medical block chain according to claim 4 is characterized in that, after the doctor obtains the authorization of the electronic health record, the specific steps of initiating the application for browsing the patient file to the system are as follows: 401)医生端通过医疗信息管理系统发起电子健康档案浏览请求;401) The doctor initiates an electronic health file browsing request through the medical information management system; 402)医疗信息管理系统将医生请求转化为区块链事务发送至区块链网络中;402) The medical information management system converts the doctor's request into a blockchain transaction and sends it to the blockchain network; 403)区块链网络中的智能合约收到医生请求后,确认医生是否在患者的授权列表当中;403) After receiving the doctor's request, the smart contract in the blockchain network confirms whether the doctor is in the patient's authorized list; 404)确认通过后,区块链网络将加密的患者电子健康档案
Figure FDA0002778857600000045
和加密密钥
Figure FDA0002778857600000043
返回至医生端医疗信息管理系统;404) After the confirmation is passed, the blockchain network will encrypt the patient electronic health record
Figure FDA0002778857600000045
and encryption key
Figure FDA0002778857600000043
Return to the doctor-side medical information management system; 405)系统使用医生端的公有密钥Dpub解密返回的加密密钥
Figure FDA0002778857600000044
得到密钥Pk405) The system decrypts the returned encryption key using the public key D pub of the doctor
Figure FDA0002778857600000044
get the key P k ; 406)密钥Pk被用于解密患者电子健康档案
Figure FDA0002778857600000046
从而最终得到患者的电子健康档案R。406) The key P k is used to decrypt the patient electronic health record
Figure FDA0002778857600000046
Thus, the patient's electronic health record R is finally obtained. 9.根据权利要求1所述的基于医疗区块链的电子健康档案授权共享与管理系统,其特征在于,所述区块链网络的区块链节点布置于各个医院或社区卫生服务中心,各节点之间相互连接,形成区块链网络。9. The electronic health record authorization sharing and management system based on medical blockchain according to claim 1, wherein the blockchain nodes of the blockchain network are arranged in each hospital or community health service center, each Nodes are connected to each other to form a blockchain network.
CN202011275393.9A 2020-09-29 2020-11-16 Electronic health record authorization sharing and management system based on medical block chain Pending CN112349368A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011050383 2020-09-29
CN2020110503835 2020-09-29

Publications (1)

Publication Number Publication Date
CN112349368A true CN112349368A (en) 2021-02-09

Family

ID=74363889

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011275393.9A Pending CN112349368A (en) 2020-09-29 2020-11-16 Electronic health record authorization sharing and management system based on medical block chain

Country Status (1)

Country Link
CN (1) CN112349368A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112837776A (en) * 2021-03-05 2021-05-25 成都库珀区块链科技有限公司 Block chain data privacy security protection method based on prescription transfer platform
CN113113096A (en) * 2021-03-24 2021-07-13 武汉卓尔信息科技有限公司 Intelligent medical management system and method based on big data
CN113192586A (en) * 2021-04-22 2021-07-30 阚中强 Intelligent medical file sharing method based on block chain and medical big data system
CN113674826A (en) * 2021-08-18 2021-11-19 苏州优炫智能科技有限公司 A distributed storage and sharing platform and case sharing method for medical institution cases
CN113672655A (en) * 2021-08-25 2021-11-19 山大地纬软件股份有限公司 File collaborative checking method and device based on block chain
CN113851203A (en) * 2021-12-01 2021-12-28 南京可信区块链与算法经济研究院有限公司 New POS mechanism-based collaborative learning method and system for neonatal fundus screening
CN113990482A (en) * 2021-09-30 2022-01-28 北京国电通网络技术有限公司 Health data processing system and method
CN114091091A (en) * 2021-09-29 2022-02-25 天津大学 A method for remote authorized access to case data based on blockchain
CN114694315A (en) * 2020-12-31 2022-07-01 医渡云(北京)技术有限公司 Retrieval method and device for resident health record, electronic equipment and medium
CN115019920A (en) * 2022-06-15 2022-09-06 拉萨卓友峰科技有限公司 Medical archive management system based on intelligent identification technology
CN115102703A (en) * 2022-06-15 2022-09-23 中国电信股份有限公司 Application sharing method, device, equipment and medium based on block chain
CN115547441A (en) * 2022-09-14 2022-12-30 广东聚健康信息科技有限公司 Safety acquisition method and system based on personal health medical data
CN115801843A (en) * 2023-01-30 2023-03-14 湖南一特医疗股份有限公司 Medical service platform and method based on cloud technology
CN114615299B (en) * 2022-03-09 2023-07-21 华中师范大学 A remote medical monitoring method, system, medium, equipment and terminal
CN117313062A (en) * 2023-11-22 2023-12-29 广州市挖米科技有限责任公司 Medical electronic health record authorization sharing and management system
TWI841857B (en) * 2021-07-09 2024-05-11 郭芯妤 Method for applying medical blockchain and medical blockchain system

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050027995A1 (en) * 2002-08-16 2005-02-03 Menschik Elliot D. Methods and systems for managing patient authorizations relating to digital medical data
CN107547514A (en) * 2017-07-17 2018-01-05 招商银行股份有限公司 Identity identifying method, system and computer-readable recording medium
CN108881160A (en) * 2018-05-07 2018-11-23 北京信任度科技有限公司 Medical treatment & health data managing method and system based on block chain intelligence contract
WO2019002671A1 (en) * 2017-06-29 2019-01-03 Nokia Technologies Oy Electronic health data access control
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Model and method of electronic medical record storage and sharing based on blockchain
CN109684802A (en) * 2018-11-23 2019-04-26 昆明理工大学 A kind of method and system providing a user artificial intelligence platform
CN109947723A (en) * 2018-11-30 2019-06-28 上海点融信息科技有限责任公司 For the block data sharing method of block chain network, storage medium, calculate equipment
CN109948367A (en) * 2019-03-27 2019-06-28 南京星链高科技发展有限公司 A kind of medical data authorization method based on block chain technology
CN110442638A (en) * 2019-07-23 2019-11-12 万达信息股份有限公司 A kind of the visual information generation method and system of medical data
CN110457881A (en) * 2019-07-15 2019-11-15 深圳中兴网信科技有限公司 Management method, managing device, terminal and storage medium
CN110910977A (en) * 2019-11-12 2020-03-24 南京工业大学 A secure storage method of medical data incorporating blockchain technology
CN111131140A (en) * 2019-09-30 2020-05-08 武汉信安珞珈科技有限公司 Method and system for enhancing login security of Windows operating system based on message pushing
CN111444492A (en) * 2019-01-16 2020-07-24 延安医链区块链科技有限公司 Digital identity verification method based on medical block chain

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050027995A1 (en) * 2002-08-16 2005-02-03 Menschik Elliot D. Methods and systems for managing patient authorizations relating to digital medical data
WO2019002671A1 (en) * 2017-06-29 2019-01-03 Nokia Technologies Oy Electronic health data access control
CN107547514A (en) * 2017-07-17 2018-01-05 招商银行股份有限公司 Identity identifying method, system and computer-readable recording medium
CN108881160A (en) * 2018-05-07 2018-11-23 北京信任度科技有限公司 Medical treatment & health data managing method and system based on block chain intelligence contract
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Model and method of electronic medical record storage and sharing based on blockchain
CN109684802A (en) * 2018-11-23 2019-04-26 昆明理工大学 A kind of method and system providing a user artificial intelligence platform
CN109947723A (en) * 2018-11-30 2019-06-28 上海点融信息科技有限责任公司 For the block data sharing method of block chain network, storage medium, calculate equipment
CN111444492A (en) * 2019-01-16 2020-07-24 延安医链区块链科技有限公司 Digital identity verification method based on medical block chain
CN109948367A (en) * 2019-03-27 2019-06-28 南京星链高科技发展有限公司 A kind of medical data authorization method based on block chain technology
CN110457881A (en) * 2019-07-15 2019-11-15 深圳中兴网信科技有限公司 Management method, managing device, terminal and storage medium
CN110442638A (en) * 2019-07-23 2019-11-12 万达信息股份有限公司 A kind of the visual information generation method and system of medical data
CN111131140A (en) * 2019-09-30 2020-05-08 武汉信安珞珈科技有限公司 Method and system for enhancing login security of Windows operating system based on message pushing
CN110910977A (en) * 2019-11-12 2020-03-24 南京工业大学 A secure storage method of medical data incorporating blockchain technology

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
徐健;陈志德;龚平;王可可;: "基于区块链网络的医疗记录安全储存访问方案", 计算机应用, no. 05 *
查佳凌;张渊;: "区块链技术在医院患者诊疗信息系统设计的应用研究", 现代信息科技, no. 08 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114694315A (en) * 2020-12-31 2022-07-01 医渡云(北京)技术有限公司 Retrieval method and device for resident health record, electronic equipment and medium
CN112837776A (en) * 2021-03-05 2021-05-25 成都库珀区块链科技有限公司 Block chain data privacy security protection method based on prescription transfer platform
CN113113096A (en) * 2021-03-24 2021-07-13 武汉卓尔信息科技有限公司 Intelligent medical management system and method based on big data
CN113192586A (en) * 2021-04-22 2021-07-30 阚中强 Intelligent medical file sharing method based on block chain and medical big data system
CN113192586B (en) * 2021-04-22 2022-01-07 江苏南工科技集团有限公司 Intelligent medical file sharing method based on block chain and medical big data system
TWI841857B (en) * 2021-07-09 2024-05-11 郭芯妤 Method for applying medical blockchain and medical blockchain system
CN113674826A (en) * 2021-08-18 2021-11-19 苏州优炫智能科技有限公司 A distributed storage and sharing platform and case sharing method for medical institution cases
CN113672655A (en) * 2021-08-25 2021-11-19 山大地纬软件股份有限公司 File collaborative checking method and device based on block chain
CN114091091A (en) * 2021-09-29 2022-02-25 天津大学 A method for remote authorized access to case data based on blockchain
CN113990482A (en) * 2021-09-30 2022-01-28 北京国电通网络技术有限公司 Health data processing system and method
CN113851203A (en) * 2021-12-01 2021-12-28 南京可信区块链与算法经济研究院有限公司 New POS mechanism-based collaborative learning method and system for neonatal fundus screening
CN113851203B (en) * 2021-12-01 2022-02-15 南京可信区块链与算法经济研究院有限公司 Collaborative learning method and system for neonatal fundus screening based on POS mechanism
CN114615299B (en) * 2022-03-09 2023-07-21 华中师范大学 A remote medical monitoring method, system, medium, equipment and terminal
CN115019920A (en) * 2022-06-15 2022-09-06 拉萨卓友峰科技有限公司 Medical archive management system based on intelligent identification technology
CN115102703A (en) * 2022-06-15 2022-09-23 中国电信股份有限公司 Application sharing method, device, equipment and medium based on block chain
CN115102703B (en) * 2022-06-15 2023-10-03 中国电信股份有限公司 Application sharing method, device, equipment and medium based on block chain
CN115547441A (en) * 2022-09-14 2022-12-30 广东聚健康信息科技有限公司 Safety acquisition method and system based on personal health medical data
CN115547441B (en) * 2022-09-14 2023-10-20 广东聚健康信息科技有限公司 Safety acquisition method and system based on personal health medical data
CN115801843A (en) * 2023-01-30 2023-03-14 湖南一特医疗股份有限公司 Medical service platform and method based on cloud technology
CN117313062A (en) * 2023-11-22 2023-12-29 广州市挖米科技有限责任公司 Medical electronic health record authorization sharing and management system
CN117313062B (en) * 2023-11-22 2024-02-27 广州市挖米科技有限责任公司 Medical electronic health record authorization sharing and management system

Similar Documents

Publication Publication Date Title
CN112349368A (en) Electronic health record authorization sharing and management system based on medical block chain
JP3230238U (en) A system for securely storing electronic data
US7409543B1 (en) Method and apparatus for using a third party authentication server
US20200026834A1 (en) Blockchain identity safe and authentication system
CN111261250B (en) Medical data sharing method and device based on block chain technology, electronic equipment and storage medium
US8474025B2 (en) Methods and apparatus for credential validation
CN112580102A (en) Multi-dimensional digital identity authentication system based on block chain
US20220405765A1 (en) Know your customer (kyc) and anti-money laundering (aml) verification in a multi-decentralized private blockchains network
US8499147B2 (en) Account management system, root-account management apparatus, derived-account management apparatus, and program
CN101945114B (en) Identity authentication method based on fuzzy vault and digital certificate
US20180288031A1 (en) Collection point anchored multi-property identity based application specific token origination
US20010027527A1 (en) Secure transaction system
KR101611872B1 (en) An authentication method using FIDO(Fast IDentity Online) and certificates
JP2005532736A (en) Biometric private key infrastructure
JP2009541817A (en) Single sign-on between systems
US20220005039A1 (en) Delegation method and delegation request managing method
WO2016202207A1 (en) Method and device for obtaining electronic document
CN109960916A (en) A kind of identity authentication method and system
Abubakar et al. Blockchain-based platform for secure sharing and validation of vaccination certificates
CN119005980A (en) Block chain account generation method and system
Abed The Techniques of authentication in the Context of Cloud Computing
KR20210135397A (en) System for providing medical counseling service
CN115460228B (en) Medical data access control method and system
Yee et al. Ensuring privacy for e-health services
KR100739324B1 (en) Electronic prescription delivery system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210209

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载