CN114996754A - Remote monitoring medical data management method and system based on block chain - Google Patents

Remote monitoring medical data management method and system based on block chain Download PDF

Info

Publication number
CN114996754A
CN114996754A CN202210595980.9A CN202210595980A CN114996754A CN 114996754 A CN114996754 A CN 114996754A CN 202210595980 A CN202210595980 A CN 202210595980A CN 114996754 A CN114996754 A CN 114996754A
Authority
CN
China
Prior art keywords
key
data
block chain
hidden
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210595980.9A
Other languages
Chinese (zh)
Inventor
刘向军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongke Weiying Zhejiang Medical Technology Co Ltd
Original Assignee
Zhongke Weiying Zhejiang Medical Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongke Weiying Zhejiang Medical Technology Co Ltd filed Critical Zhongke Weiying Zhejiang Medical Technology Co Ltd
Priority to CN202210595980.9A priority Critical patent/CN114996754A/en
Publication of CN114996754A publication Critical patent/CN114996754A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/67ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/60Healthcare; Welfare
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things
    • G16Y20/40Information sensed or collected by the things relating to personal data, e.g. biometric data, records or preferences
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/10Detection; Monitoring
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Primary Health Care (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Epidemiology (AREA)
  • Biomedical Technology (AREA)
  • Public Health (AREA)
  • Databases & Information Systems (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Automation & Control Theory (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of remote monitoring, and provides a remote monitoring medical data management method and system based on a block chain, wherein the method comprises the following steps: building a block chain network for remotely monitoring medical data by taking medical institutions and home users as nodes, building an encryption management mechanism for the block chain network, and creating and managing an open data key and a secret data key; and establishing interaction on the block chain network, and establishing an intelligent contract to form an access control rule. According to the invention, by improving the encryption management method of the design blockchain technology and controlling the access rule of the encryption key through the intelligent contract, the secure fine-grained access control of the blockchain key is realized, the privacy information and the medical data of the patient are ensured not to be leaked, the security of the remote monitoring medical data is ensured, the monitoring medical information can be shared among all medical units, and the acquired medical monitoring data of the monitored person can be managed in an all-round and high-efficiency manner.

Description

Remote monitoring medical data management method and system based on block chain
Technical Field
The invention relates to the technical field of remote monitoring, in particular to a block chain-based remote monitoring medical data management method and system.
Background
Remote medical monitoring taking a family user as a medical individual is becoming an important medical mode in the future, and meanwhile, a security protection technology for remote monitoring data is becoming an important issue more and more. Despite the strict compliance policies and regulations in the healthcare industry to ensure data security and privacy, the increasing network security risks also present new challenges for implementing emerging digital work flows. Today, health systems, patients, medical product and equipment manufacturers all require a safe and reliable health information technology ecosystem to manage medical data, thereby promoting the value and quality of care services. In addition, the mass monitoring data generated by the medical equipment in the remote monitoring process also has special sensitivity and importance, and comprises a lot of privacy contents such as identity information, physical parameters, medical data and the like of the monitored person.
The current popular block chain technology has encryption management performance, and the application of the block chain in remote medical monitoring has better prospect as a new emerging topic. However, most of the existing encryption management systems of the blockchain system adopt an access control policy based on the RBAC, the access control policy based on the RBAC has the characteristics of weak autonomy and strong mandatory property, the access control policy is generally formulated and distributed by an administrator, a user of each node is inconvenient to flexibly use a key, and the access control policy based on the RBAC can only authorize roles (the administrator and common users), and the user cannot easily switch the role of the user, so that the user cannot be directly authorized.
However, in some cases, when the encryption management system needs to grant a special right to a certain user, the RBAC cannot flexibly control. If a certain role owned by a user is granted, all users owning the role will own the authority or the user granted the role will own all the authority of the role, obviously fine-grained access control at the key encryption level cannot be realized. When a special role is created for a particular key alone, the complexity of the RBAC-based access control policy is increased, resulting in reduced system operability.
The existing encryption management system of the block chain cannot effectively realize dynamic update of the access control authority of a key, once the key is generated, the access authority is correspondingly determined, and the effective real-time access control capability is lacked; meanwhile, in the existing encryption management mechanism, only the root key is safely stored in hardware, and the rest key operations still have the risk of leakage.
Disclosure of Invention
In view of the above, the present invention aims to solve the problem of coarse access control of encryption management of the existing blockchain system by improving an encryption management method, and to design and develop a remote monitoring medical data management method for realizing remote monitoring medical information sharing among medical units based on blockchains, which can ensure that patient information is not leaked, and to manage the acquired medical monitoring data of a monitored person in an all-around and high-efficiency manner.
A Blockchain (Blockchain) is a distributed shared book and database, and the Blockchain technology is built on a transmission network, and network nodes in the transmission network verify and store data by using a chained data structure and generate and update data by using a distributed node consensus algorithm. The method has the characteristics of decentralization, anonymity, no tampering, trace remaining in the whole process, traceability, consensus mechanism, collective maintenance, public transparency and the like. The characteristics ensure the integrity and transparency of the block chain, ensure the benefits of data owners and lay the foundation for creating trust for the block chain. The block chain based collaborative trust and consistent action among multiple subjects can solve the information asymmetry problem. The decentralized mode refers to that the blockchain technology does not depend on an additional third-party management mechanism or hardware facilities, and has no central control, except for the self-integrated blockchain, each node realizes self-verification, transmission and management of information through distributed accounting and storage. Meanwhile, the block chain technology is open source, except that private information of a guardian is encrypted, data of the block chain is open to all people, and anyone can inquire the data of the block chain and develop related applications through a public interface, so that the information of the whole system is highly transparent. In the aspect of independence, various mathematical algorithms such as a Hash algorithm and the like are adopted based on the specification and the protocol which are in accordance with each other, the whole block chain system does not depend on other third parties, all nodes can automatically and safely verify and exchange data in the system, and any manual intervention is not needed. In the aspect of safety, as long as more than 50% of all data nodes cannot be mastered, network data cannot be arbitrarily manipulated and modified, so that a block chain becomes relatively safe, and subjective and artificial data change is avoided. In terms of anonymity, except for the requirements of legal specifications, the identity information of each block node does not need to be disclosed or verified from the technical aspect, and information transfer can be performed anonymously.
The scheme of the invention constructs the identity information and real-time monitoring and monitoring parameters of medical monitoring individuals, namely patients or old people users, into block data, encrypts the block data by an improved encryption management method and then releases the encrypted data into a block chain, shares medical data through a distributed network to obtain wide medical attention and instant rescue in time, and obtains point-to-point medical service through an intelligent and unified trust mechanism.
The invention provides a remote monitoring medical data management method based on a block chain, which comprises the following steps:
s1, building a block chain network for remotely monitoring medical data by taking medical institutions and home users as nodes, and building an encryption management mechanism for the block chain network;
the construction method of the encryption management mechanism comprises the following steps:
s11, generating an open data asymmetric key corresponding to a public key owner in a database of a block chain, calculating a Hash value of a storage index of the open data asymmetric key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of the block chain; encrypting the open data asymmetric key by using a data key corresponding to a medical data owner; storing the encrypted asymmetric key and metadata corresponding to the asymmetric key in a database; calculating a Hash value of a key management log of the open data, encrypting the Hash value through an audit public key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of a block chain;
s12, creating a confidential data key corresponding to the medical data owner, the confidential data key including: the secret data asymmetric key and the secret data symmetric key are respectively encrypted by utilizing the data key; respectively calculating Hash values of storage indexes of the hidden data asymmetric key and the hidden data symmetric key;
different from the existing method of singly using an asymmetric key or a symmetric key, the method only has the asymmetric key for open data, and creates the asymmetric key and the symmetric key for concealed data; based on the actual requirements of medical diagnosis and judgment, the symmetric key is not completely abandoned, the use of the symmetric key is reserved for the hidden data, the hidden data can be conveniently and rapidly extracted from emergency and critical cases in remote monitoring, the decryption processing process is accelerated, and the diagnosis and judgment can be rapidly made.
Uploading the Hash values of the storage indexes of the hidden data asymmetric key and the hidden data symmetric key to a block chain network by using a public key of the open data asymmetric key and recording the Hash values through a consensus mechanism of the block chain; encrypting the Hash values of the logs of the hidden data asymmetric key and the hidden data symmetric key by using the audit public key, uploading the Hash values to a block chain network by using the public key of the open data asymmetric key, and recording the Hash values through a consensus mechanism of the block chain;
s2, establishing interaction among nodes on the block chain network, and establishing an intelligent contract to form an access control rule for the secret data key;
the method for establishing the intelligent contract to form the access control rule comprises the following steps:
s21, establishing interaction on the block chain by using the open data asymmetric key, establishing an intelligent contract for hiding the data key, adding metadata of users allowed to access and corresponding authorities to form an access control rule of the hidden data key, encrypting and hiding the hidden intelligent contract by adopting a zero knowledge proof (ZKPs: a method for proving that one party has knowledge about one piece of information to the other party in an encryption mode but does not reveal actual basic information) technology, and encrypting and storing the hidden intelligent contract on the block chain; establishing a mapping relation between the secret data key and the access control rule, and storing a mapping relation index and a Hash value thereof on a block chain through a zero knowledge proof technology;
s22, when the secret data key is used by the public key owner (manager), the access control rule is encrypted and hidden by the zero knowledge proof technology to form the access control rule of the hidden secret data key, and the hidden intelligent contract is called; the hidden intelligent contract calls an access control rule of a hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied; encrypting the Hash value of the management log of the secret data key by using the audit public key, and storing the Hash value on the block chain to form interaction in the block chain network;
the access control authority of the secret data key is X, NTRU homomorphic encryption is adopted to encrypt the X to obtain the access control authority X of the secret data key, and a signature sign with the access control authority of the secret data key is obtained, wherein the expression of homomorphic encryption is as follows:
X=p·r·h+χ(mod q) (1)
in the formula (1), r is randomly selected noise, h is a public key of the asymmetric key of the open data, and p and q are parameters;
performing zero knowledge proof:
π=Prove(h,X,sign) (2)
in formula (2), the meaning of pro is the process of proof, and pi is the result of proof;
calling a corresponding access control rule of the hidden data secret key according to the mapping relation index through the hidden intelligent contract, and verifying the result of the zero knowledge proof, wherein the expression is as follows:
Verify(h,X,sign,S,π) (3)
in the formula (3), S is an intelligent contract, and Verify means a verification process;
when the secret data key is used by a key user (an accessor which accords with the access control rule and uses the secret data key), calling a hidden intelligent contract; the hidden intelligent contract calls an access control rule of the hidden data secret key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied.
Further, when the visitor does not have the right to access the confidential data in the step S22, the visitor may request authorization from the public key owner; the public key owner adopts a zero-knowledge proof technology to form the hidden access control authority of the visitor; the public key owner updates the hidden intelligent contract, adds corresponding access control rules in the access control contract of the hidden data key, and allows the visitor to access the hidden data key; meanwhile, the public key owner deletes the corresponding access control rule in the access control contract, and the visitor is allowed to access the secret data key to become a key user.
The intelligent contract of the present invention can thus be dynamically updated: when the visitor is denied access to the covert data, the visitor may request authorization from the public key owner; the public key owner adopts a zero-knowledge proof technology to form the hidden access control authority of the visitor; the public key owner updates the hidden intelligent contract and adds corresponding access control rules in the access control contract of the hidden data key.
Further, the method of zero knowledge proof of the step S22 includes:
constructing a QAP secondary distribution problem, carrying out combined optimization on medical data according to types to obtain a proof result pi, and enabling a secondary calculation equation to meet the following requirements:
π·A*π·B-π·C=0 (4)
in the formula (4), A, B and C are parameters of a quadratic equation.
Further, the method for constructing the QAP secondary distribution problem comprises the following steps:
setting a set 0 containing n objects { O1, O2.. On } and a set L containing n data { L1, L2.. Ln }, constructing three n × n matrices: matrix of data volumes
Figure BDA0003668015050000062
Wherein each element f ij Represents the amount of data between objects i and j; interactive traffic matrix
Figure BDA0003668015050000063
Wherein each element d ij Representing the interactive flow between objects i and j, a knowledge matrix
Figure BDA0003668015050000064
Wherein each element c ij Representing the degree of awareness between objects i and j; it is desirable to minimize the total knowledge of data between objects:
Figure BDA0003668015050000061
Π in equation (5) is the set of all allocation schemes, and p (i) and p (j) represent the positions where object i and object j are allocated in the matrix, respectively.
Different from two matrixes generally adopted by the traditional QAP secondary distribution, the QAP secondary distribution is set to be three matrixes, the QAP problem of zero knowledge proof adopts three matrixes of data volume, interactive flow and knowledge degree, and the zero knowledge proof of data encryption in the remote medical monitoring system is adopted for the first time.
Further, the method of the consensus mechanism of the step S11 includes:
giving equal status to the home users of all the blockchain nodes, wherein all the nodes in the blockchain network in the initial state are in follower states;
adopting an RAFT algorithm (the main characteristic is that the data consistency and high availability of a distributed system are realized through a simpler algorithm, the Raft algorithm realizes consistency by electing a leader and then giving all responsibility for managing and copying logs to the leader), initiating election by a follower through sound production timeout, and when more than half of nodes in a block chain network receive votes, switching candidate into the node state of the leader;
the leader will synchronize the log to the follower's nodes at regular times and send a heartbeat until the log is the same for all nodes.
The method changes 2 roles of traditional 'administrator and common user' into 3 roles of 'leader, candidate and follower', uses the RAFT algorithm in remote monitoring data sharing for the first time, is convenient for users to switch roles, and can directly authorize the users.
The invention also provides a remote monitoring medical data management system based on the block chain, which executes the remote monitoring medical data management method based on the block chain, and comprises the following steps:
constructing an encryption management mechanism module: the method comprises the steps that a blockchain network for remotely monitoring medical data with medical institutions and home users as nodes is built, and an encryption management mechanism for the blockchain network is built;
form the access control rule module: the method is used for establishing interaction among nodes on the block chain network and establishing an intelligent contract to form an access control rule for the secret data key.
Further, the building encryption management mechanism module comprises:
the open data key management submodule comprises: the system comprises a block chain network, a block chain public key storage mechanism and a block chain public key storage mechanism, wherein the block chain public key storage mechanism is used for storing an open data asymmetric key corresponding to a public key owner in a database of the block chain; encrypting the open data asymmetric key by using a data key corresponding to a medical data owner; storing the encrypted asymmetric key and metadata corresponding to the asymmetric key in a database; calculating a Hash value of a key management log of the open data, encrypting the Hash value through an audit public key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of a block chain;
the secret data key management submodule comprises: for creating a corresponding secure data key for an owner of medical data, the secure data key comprising: the secret data asymmetric key and the secret data symmetric key are respectively encrypted by utilizing the data key; respectively calculating Hash values of storage indexes of the hidden data asymmetric key and the hidden data symmetric key; uploading the Hash values of the storage indexes of the hidden data asymmetric key and the hidden data symmetric key to a block chain network by using a public key of the open data asymmetric key and recording the Hash values through a consensus mechanism of the block chain; and encrypting the Hash values of the logs of the asymmetric secret key of the hidden data and the symmetric secret key of the hidden data by using the audit public key, uploading the Hash values to a block chain network by using the public key of the asymmetric secret key of the open data, and recording the Hash values through a consensus mechanism of the block chain.
Further, the form access control rule module includes:
an intelligent contract submodule: establishing interaction on a block chain by utilizing an open data asymmetric key, establishing an intelligent contract for hiding a data key, adding an access-allowed user and metadata with corresponding authority to form an access control rule of the hidden data key, encrypting and hiding by adopting a zero-knowledge proof technology to form a hidden intelligent contract, and encrypting and storing the hidden intelligent contract on the block chain; establishing a mapping relation between the secret data key and the access control rule, and storing a mapping relation index and a Hash value thereof on a block chain through a zero knowledge proof technology;
an access control submodule: when the secret data key is used by a public key owner, the access control rule is encrypted and hidden by using a zero knowledge proof technology to form the access control rule of the secret data key, and a hidden intelligent contract is called; the hidden intelligent contract calls an access control rule of the hidden data secret key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied; encrypting the Hash value of the management log of the secret data key by using the audit public key, and storing the Hash value on the block chain to form interaction in the block chain network; when the secret data key is used by a key user, calling a hidden intelligent contract; the hidden intelligent contract calls an access control rule of the hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied.
The present invention also provides a computer readable storage medium having stored thereon a computer program which, when being executed by a processor, implements the method for remote monitoring medical data management based on a blockchain as described above and the system for remote monitoring medical data management based on a blockchain as described above.
The present invention also provides a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the method for remote monitoring medical data management based on blockchain as described above and the system for remote monitoring medical data management based on blockchain as described above.
Compared with the prior art, the invention has the beneficial effects that:
according to the invention, by improving the encryption management method of the design blockchain technology and controlling the access rule of the encryption key through the intelligent contract, the secure fine-grained access control of the blockchain key is realized, the privacy information and the medical data of the patient can be ensured not to be leaked, the security of the remote monitoring medical data is ensured, the monitoring medical information can be shared among all medical units, and the acquired medical monitoring data of the monitored person can be managed in an all-round and high-efficiency manner.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention.
In the drawings:
FIG. 1 is a flow chart of a block chain-based method for managing telemonitoring medical data according to the present invention;
FIG. 2 is a schematic diagram of a computer device according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method for constructing an encryption management mechanism according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for establishing an intelligent contract to form an access control rule according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below do not represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and products consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The embodiments of the present invention will be described in further detail with reference to the accompanying drawings.
The embodiment of the invention provides a remote monitoring medical data management method based on a block chain, which is shown in figure 1 and comprises the following steps:
s1, building a block chain network for remotely monitoring medical data by taking medical institutions and home users as nodes, and building an encryption management mechanism for the block chain network;
the method for constructing the encryption management mechanism, as shown in fig. 3, includes the following steps:
s11, generating an open data asymmetric key corresponding to a public key owner in a database of a block chain, calculating a Hash value of a storage index of the open data asymmetric key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of the block chain; encrypting the open data asymmetric key by using a data key corresponding to a medical data owner; storing the encrypted asymmetric key and metadata corresponding to the asymmetric key in a database; calculating a Hash value of a key management log of the open data, encrypting the Hash value through an audit public key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of a block chain;
s12, creating a confidential data key corresponding to the medical data owner, the confidential data key including: the secret data asymmetric key and the secret data symmetric key are respectively encrypted by utilizing the data key; respectively calculating Hash values of storage indexes of the hidden data asymmetric key and the hidden data symmetric key;
specifically, although the asymmetric key has the advantage of strong confidentiality, the symmetric key is not completely abandoned based on the actual requirements of medical diagnosis, the use of the symmetric key is reserved for the hidden data, the hidden data can be conveniently and rapidly extracted from some emergencies and critical patients in remote monitoring, the decryption processing process is accelerated, and diagnosis judgment is rapidly made;
uploading the Hash values of the storage indexes of the hidden data asymmetric key and the hidden data symmetric key to a block chain network by using a public key of the open data asymmetric key and recording the Hash values through a consensus mechanism of the block chain; encrypting the Hash values of the logs of the hidden data asymmetric key and the hidden data symmetric key by using the audit public key, uploading the Hash values to a block chain network by using the public key of the open data asymmetric key, and recording the Hash values through a consensus mechanism of the block chain;
s2, establishing interaction among nodes on the block chain network, and establishing an intelligent contract to form an access control rule for the secret data key;
the method for establishing the intelligent contract to form the access control rule is shown in fig. 4 and comprises the following steps:
s21, establishing interaction on the block chain by using the open data asymmetric key, establishing an intelligent contract for hiding the data key, adding metadata of users allowed to access and corresponding authorities to form an access control rule of the hidden data key, encrypting and hiding the hidden intelligent contract by adopting a zero knowledge proof (ZKPs: a method for proving that one party has knowledge about one piece of information to the other party in an encryption mode but does not reveal actual basic information) technology, and encrypting and storing the hidden intelligent contract on the block chain; establishing a mapping relation between the secret data key and the access control rule, and storing a mapping relation index and a Hash value thereof on a block chain through a zero knowledge proof technology;
s22, when the secret data key is used by the public key owner (manager), the access control rule is encrypted and hidden by using the zero knowledge proof technology to form the access control rule of the hidden secret data key, and the hidden intelligent contract is called; the hidden intelligent contract calls an access control rule of a hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied; encrypting the Hash value of the management log of the secret data key by using the audit public key, and storing the Hash value on the block chain to form interaction in the block chain network;
the access control authority of the secret data key is X, NTRU homomorphic encryption is adopted to encrypt the X to obtain the access control authority X of the secret data key, and a signature sign with the access control authority of the secret data key is obtained, wherein the expression of homomorphic encryption is as follows:
X=p·r·h+χ(mod q) (1)
in the formula (1), r is randomly selected noise, h is a public key of an asymmetric key of open data, and p and q are parameters;
performing zero knowledge proof:
π=Prove(h,X,sign) (2)
in formula (2), the meaning of pro is the process of proof, and pi is the result of proof;
and calling a corresponding access control rule of the hidden secret data key according to the mapping relation index through the hidden intelligent contract, and verifying the result of the zero knowledge proof, wherein the expression is as follows:
Verify(h,X,sign,S,π) (3)
in the formula (3), S is an intelligent contract, and Verify means a verification process;
when the secret data key is used by a key user (an accessor which accords with the access control rule and uses the secret data key), calling a hidden intelligent contract; the hidden intelligent contract calls an access control rule of the hidden data secret key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied.
The method of zero knowledge proof of step S22 includes:
constructing a QAP secondary distribution problem, carrying out combined optimization on medical data according to types to obtain a proof result pi, and enabling a secondary calculation equation to meet the following requirements:
π·A*π·B-π·C=0 (4)
in the formula (4), A, B and C are parameters of a quadratic equation.
The method for constructing the QAP secondary distribution problem comprises the following steps:
setting a set of n objects0 ═ O1, O2.. On } and a set L ═ L1, L2.. Ln } containing n pieces of data, three n × n matrices are constructed: matrix of data volumes
Figure BDA0003668015050000121
Wherein each element f ij Represents the amount of data between objects i and j; interactive traffic matrix
Figure BDA0003668015050000132
Wherein each element d ij Representing the interactive flow between objects i and j, a knowledge matrix
Figure BDA0003668015050000133
Wherein each element c ij Representing the degree of awareness between objects i and j; it is desirable to minimize the total knowledge of data between objects:
Figure BDA0003668015050000131
equation (5) Π is the set of all allocation schemes, and p (i) and p (j) represent the positions where object i and object j are allocated in the matrix, respectively.
The method of the consensus mechanism of the step S11 includes:
giving peer status to the home users of all the blockchain nodes, wherein all the nodes in the blockchain network in the initial state are in follower state;
adopting an RAFT algorithm (the main characteristic is that the data consistency and high availability of a distributed system are realized through a simpler algorithm, the Raft algorithm realizes consistency by electing a leader and then giving all responsibility for managing and copying logs to the leader), initiating election by a follower through sound production timeout, and when more than half of nodes in a block chain network receive votes, switching candidate into the node state of the leader;
the leader will synchronize the log to the follower's nodes at regular times and send a heartbeat until the log is the same for all nodes.
The embodiment of the present invention further provides a remote monitoring medical data management system based on a block chain, which executes the remote monitoring medical data management method based on a block chain, and includes:
constructing an encryption management mechanism module: the method comprises the steps that a blockchain network for remotely monitoring medical data with medical institutions and home users as nodes is built, and an encryption management mechanism for the blockchain network is built;
form the access control rule module: the method is used for establishing interaction among nodes on the block chain network and establishing an intelligent contract to form an access control rule for the secret data key.
The encryption management mechanism building module comprises:
the open data key management submodule comprises: the system comprises a block chain network, a block chain public key storage mechanism and a block chain public key storage mechanism, wherein the block chain public key storage mechanism is used for storing an open data asymmetric key corresponding to a public key owner in a database of the block chain; encrypting the open data asymmetric key by using a data key corresponding to a medical data owner; storing the encrypted asymmetric key and metadata corresponding to the asymmetric key in a database; calculating a Hash value of a key management log of the open data, encrypting the Hash value through an audit public key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of a block chain;
the secret data key management submodule comprises: for creating a secret data key corresponding to a medical data owner, the secret data key comprising: the secret data asymmetric key and the secret data symmetric key are respectively encrypted by utilizing the data key; respectively calculating Hash values of storage indexes of the hidden data asymmetric key and the hidden data symmetric key; uploading the Hash values of the storage indexes of the hidden data asymmetric key and the hidden data symmetric key to a block chain network by using a public key of the open data asymmetric key and recording the Hash values through a consensus mechanism of the block chain; and encrypting the Hash values of the logs of the hidden data asymmetric key and the hidden data symmetric key by using the audit public key, uploading the Hash values to a block chain network by using the public key of the open data asymmetric key, and recording the Hash values by using a consensus mechanism of the block chain.
The form access control rule module comprises:
an intelligent contract submodule: establishing interaction on a block chain by utilizing an open data asymmetric key, establishing an intelligent contract of a secret data key, adding a user allowed to access and metadata of corresponding authority to form an access control rule of the secret data key, encrypting and hiding by adopting a zero knowledge certification technology to form a hidden intelligent contract, and encrypting and storing the hidden intelligent contract on the block chain; establishing a mapping relation between the secret data key and the access control rule, and storing a mapping relation index and a Hash value thereof on a block chain through a zero knowledge proof technology;
an access control submodule: when the secret data key is used by a public key owner, the access control rule is encrypted and hidden by using a zero knowledge proof technology to form the access control rule of the secret data key, and a hidden intelligent contract is called; the hidden intelligent contract calls an access control rule of a hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is refused; encrypting the Hash value of the management log of the secret data key by using the audit public key, and storing the Hash value on the block chain to form interaction in the block chain network; when the secret data key is used by a key user, calling a hidden intelligent contract; the hidden intelligent contract calls an access control rule of the hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied.
According to the embodiment of the invention, the encryption management algorithm of the block chain technology is improved and designed, the access rule of the encryption key is controlled through the intelligent contract, so that the safe fine-grained access control of the block chain key is realized, the privacy information and the medical data of a patient can be ensured not to be leaked, the safety of the remote monitoring medical data is ensured, the monitoring medical information can be shared among all medical units, and the acquired medical monitoring data of the monitored person can be managed comprehensively and efficiently.
An embodiment of the present invention further provides a computer device, and fig. 2 is a schematic structural diagram of a computer device provided in an embodiment of the present invention; referring to fig. 2 of the drawings, the computer apparatus comprises: an input device 23, an output device 24, a memory 22 and a processor 21; the memory 22 for storing one or more programs; when the one or more programs are executed by the one or more processors 21, the one or more processors 21 are enabled to implement the block chain based telemonitoring medical data management method as provided in the above embodiments; wherein the input device 23, the output device 24, the memory 22 and the processor 21 may be connected by a bus or other means, as exemplified by the bus connection in fig. 2.
The memory 22 is a computer readable and writable storage medium, and can be used for storing a software program, a computer executable program, and program instructions corresponding to the remote monitoring medical data management method based on the block chain according to the embodiment of the present invention; the memory 22 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the device, and the like; further, the memory 22 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device; in some examples, the memory 22 may further include memory located remotely from the processor 21, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 23 may be used to receive input numeric or character information and to generate key signal inputs relating to user settings and function controls of the apparatus; the output device 24 may include a display device such as a display screen.
The processor 21 executes various functional applications and data processing of the device by executing software programs, instructions and modules stored in the memory 22, namely, the above-mentioned remote monitoring medical data management method based on the block chain.
The computer device provided above can be used to execute the block chain-based remote monitoring medical data management method provided above, and has corresponding functions and advantages.
Embodiments of the present invention also provide a storage medium containing computer executable instructions, which when executed by a computer processor, are used to perform the method for remote monitoring medical data management based on a blockchain as provided in the above embodiments, the storage medium being any of various types of memory devices or storage devices, the storage medium comprising: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc.; the storage medium may also include other types of memory or combinations thereof; in addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet); the second computer system may provide program instructions to the first computer for execution. A storage medium includes two or more storage media that may reside in different locations, such as in different computer systems connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the method for managing remote monitored medical data based on a block chain as described in the above embodiments, and may also perform related operations in the method for managing remote monitored medical data based on a block chain as provided by any embodiment of the present invention.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention; various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A remote monitoring medical data management method based on a block chain is characterized by comprising the following steps:
s1, building a block chain network for remotely monitoring medical data by taking medical institutions and home users as nodes, and building an encryption management mechanism for the block chain network;
the construction method of the encryption management mechanism comprises the following steps:
s11, generating an open data asymmetric key corresponding to a public key owner in a database of a block chain, calculating a Hash value of a storage index of the open data asymmetric key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of the block chain; encrypting the open data asymmetric key by using a data key corresponding to a medical data owner; storing the encrypted asymmetric key and metadata corresponding to the asymmetric key in a database; calculating a Hash value of a key management log of the open data, encrypting the Hash value through an audit public key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of a block chain;
s12, creating a confidential data key corresponding to the medical data owner, the confidential data key including: the secret data asymmetric key and the secret data symmetric key are respectively encrypted by utilizing the data key; respectively calculating Hash values of storage indexes of the hidden data asymmetric key and the hidden data symmetric key;
uploading the Hash values of the storage indexes of the hidden data asymmetric key and the hidden data symmetric key to a block chain network by using a public key of the open data asymmetric key and recording the Hash values through a consensus mechanism of the block chain; encrypting the Hash values of the logs of the hidden data asymmetric key and the hidden data symmetric key by using the audit public key, uploading the Hash values to a block chain network by using the public key of the open data asymmetric key, and recording the Hash values through a consensus mechanism of the block chain;
s2, establishing interaction among nodes on the block chain network, and establishing an intelligent contract to form an access control rule for the secret data key;
the method for establishing the intelligent contract to form the access control rule comprises the following steps:
s21, establishing interaction on the block chain by using the open data asymmetric key, establishing an intelligent contract for hiding the data key, adding the user allowed to access and the metadata of the corresponding authority to form an access control rule of the hidden data key, encrypting and hiding by adopting a zero knowledge certification technology to form the hidden intelligent contract, and encrypting and storing the hidden intelligent contract on the block chain; establishing a mapping relation between the secret data key and the access control rule, and storing a mapping relation index and a Hash value thereof on a block chain through a zero knowledge proof technology;
s22, when the secret data key is used by the public key owner, the access control rule is encrypted and hidden by using a zero knowledge proof technology to form the access control rule of the hidden secret data key, and a hidden intelligent contract is called; the hidden intelligent contract calls an access control rule of a hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied; encrypting the Hash value of the management log of the hidden data key by using the audit public key, and storing the Hash value on the block chain to form interaction in a block chain network;
the access control authority of the secret data key is X, NTRU homomorphic encryption is adopted to encrypt the X to obtain the access control authority X of the secret data key, and a signature sign with the access control authority of the secret data key is obtained, wherein the expression of homomorphic encryption is as follows:
X=p·r·h+χ(modq) (1)
in the formula (1), r is randomly selected noise, h is a public key of the asymmetric key of the open data, and p and q are parameters;
performing zero knowledge proof:
π=Prove(h,X,sign) (2)
in formula (2), the meaning of pro is the process of proof, and pi is the result of proof;
and calling a corresponding access control rule of the hidden secret data key according to the mapping relation index through the hidden intelligent contract, and verifying the result of the zero knowledge proof, wherein the expression is as follows:
Verify(h,X,sign,S,π) (3)
in the formula (3), S is an intelligent contract, and Verify means a verification process;
when the secret data key is used by a key user, calling a hidden intelligent contract; the hidden intelligent contract calls an access control rule of the hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied.
2. The block chain-based telemonitoring medical data management method according to claim 1, wherein the step S22 is performed when the visitor does not have the right to access the concealed data, the visitor requests the authority from the public key owner; the public key owner adopts a zero-knowledge proof technology to form the hidden access control authority of the visitor; the public key owner updates the hidden intelligent contract, adds corresponding access control rules in the access control contract of the hidden data key, and allows the visitor to access the hidden data key; meanwhile, the public key owner deletes the corresponding access control rule in the access control contract, and the visitor is allowed to access the secret data key to become a key user.
3. The method for remote monitoring medical data management based on block chain as claimed in claim 1, wherein the zero knowledge proof method of the step S22 includes:
constructing a QAP secondary distribution problem, carrying out combined optimization on medical data according to types to obtain a proof result pi, and enabling a secondary calculation equation to meet the following requirements:
π·A*π·B-π·C=0 (4)
in the formula (4), A, B and C are parameters of a quadratic equation.
4. The method according to claim 3, wherein the method for constructing QAP secondary distribution problem comprises:
setting a set 0 containing n objects { O1, O2,. On } and a set L containing n data { L1, L2,. Ln }, constructing three n × n matrices: matrix of data volumes
Figure FDA0003668015040000032
Wherein each element f ij Representing the amount of data between objects i and j; interactive traffic matrix
Figure FDA0003668015040000033
Wherein each element d ij Representing the interactive flow between objects i and j, a knowledge matrix
Figure FDA0003668015040000034
Wherein each element c ij Representing the degree of awareness between objects i and j; it is desirable to minimize the total knowledge of data between objects:
Figure FDA0003668015040000031
Π in equation (5) is the set of all allocation schemes, and p (i) and p (j) represent the positions where object i and object j are allocated in the matrix, respectively.
5. The block chain-based telemonitoring medical data management method according to claim 1, wherein the consensus mechanism of the step S11 comprises:
giving peer status to the home users of all the blockchain nodes, wherein all the nodes in the blockchain network in the initial state are in follower state;
adopting an RAFT algorithm, initiating election by a follower through sound production timeout, and when more than half of nodes in a block chain network receive votes, switching candidate into the node state of leader;
the leader will synchronize the log to the follower's node at regular time and send a heartbeat header until the log is the same for all nodes.
6. A remote monitoring medical data management system based on a block chain, which executes the remote monitoring medical data management method based on a block chain according to any one of claims 1 to 5, comprising:
constructing an encryption management mechanism module: the system comprises a block chain network, a block chain management system and a data processing system, wherein the block chain network is used for building a remote monitoring medical data block network with medical institutions and home users as nodes, and an encryption management mechanism for the block chain network is built;
form the access control rule module: the method is used for establishing interaction among nodes on the block chain network and establishing an intelligent contract to form an access control rule for the secret data key.
7. The system according to claim 6, wherein the module for constructing the encryption management mechanism comprises:
the open data key management submodule comprises: the system comprises a block chain network, a block chain public key storage mechanism and a block chain public key storage mechanism, wherein the block chain public key storage mechanism is used for storing an open data asymmetric key corresponding to a public key owner in a database of the block chain; encrypting the open data asymmetric key by using a data key corresponding to a medical data owner; storing the encrypted asymmetric key and metadata corresponding to the asymmetric key in a database; calculating a Hash value of a key management log of the open data, encrypting the Hash value through an audit public key, uploading the Hash value to a block chain network, and recording the Hash value through a consensus mechanism of a block chain;
the secret data key management submodule comprises: for creating a secret data key corresponding to a medical data owner, the secret data key comprising: the secret data asymmetric key and the secret data symmetric key are respectively encrypted by utilizing the data key; respectively calculating Hash values of storage indexes of the hidden data asymmetric key and the hidden data symmetric key; uploading the Hash values of the storage indexes of the hidden data asymmetric key and the hidden data symmetric key to a block chain network by using a public key of the open data asymmetric key and recording the Hash values through a consensus mechanism of the block chain; and encrypting the Hash values of the logs of the hidden data asymmetric key and the hidden data symmetric key by using the audit public key, uploading the Hash values to a block chain network by using the public key of the open data asymmetric key, and recording the Hash values by using a consensus mechanism of the block chain.
8. The system according to claim 6, wherein the form access control rules module comprises:
an intelligent contract submodule: establishing interaction on a block chain by utilizing an open data asymmetric key, establishing an intelligent contract for hiding a data key, adding an access-allowed user and metadata with corresponding authority to form an access control rule of the hidden data key, encrypting and hiding by adopting a zero-knowledge proof technology to form a hidden intelligent contract, and encrypting and storing the hidden intelligent contract on the block chain; establishing a mapping relation between the secret data key and the access control rule, and storing a mapping relation index and a Hash value thereof on a block chain through a zero knowledge proof technology;
an access control submodule: when the secret data key is used by a public key owner, the access control rule is encrypted and hidden by using a zero knowledge proof technology to form the access control rule of the secret data key, and a hidden intelligent contract is called; the hidden intelligent contract calls an access control rule of a hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied; encrypting the Hash value of the management log of the secret data key by using the audit public key, and storing the Hash value on the block chain to form interaction in the block chain network; when the secret data key is used by a key user, calling a hidden intelligent contract; the hidden intelligent contract calls an access control rule of the hidden data key according to the mapping relation index so as to judge whether an accessor accords with the access control rule; if so, the secret data key can be used; if not, access is denied.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the blockchain-based telemonitoring medical data management method according to any one of claims 1 to 5 and the blockchain-based telemonitoring medical data management system according to any one of claims 6 to 8.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the method for remote monitoring medical data management based on blockchain according to any one of claims 1 to 5 and the system for remote monitoring medical data management based on blockchain according to any one of claims 6 to 8.
CN202210595980.9A 2022-05-30 2022-05-30 Remote monitoring medical data management method and system based on block chain Withdrawn CN114996754A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210595980.9A CN114996754A (en) 2022-05-30 2022-05-30 Remote monitoring medical data management method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210595980.9A CN114996754A (en) 2022-05-30 2022-05-30 Remote monitoring medical data management method and system based on block chain

Publications (1)

Publication Number Publication Date
CN114996754A true CN114996754A (en) 2022-09-02

Family

ID=83028271

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210595980.9A Withdrawn CN114996754A (en) 2022-05-30 2022-05-30 Remote monitoring medical data management method and system based on block chain

Country Status (1)

Country Link
CN (1) CN114996754A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220318431A1 (en) * 2021-03-31 2022-10-06 Seagate Technology Llc Code-based signatures for secure programs
CN117010004A (en) * 2023-10-08 2023-11-07 做实事科技服务(北京)有限公司 Block chain-based intelligent processing method and device for customer investment data interaction

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220318431A1 (en) * 2021-03-31 2022-10-06 Seagate Technology Llc Code-based signatures for secure programs
US12008146B2 (en) * 2021-03-31 2024-06-11 Seagate Technology Llc Code-based signatures for secure programs
CN117010004A (en) * 2023-10-08 2023-11-07 做实事科技服务(北京)有限公司 Block chain-based intelligent processing method and device for customer investment data interaction
CN117010004B (en) * 2023-10-08 2023-12-15 做实事科技服务(北京)有限公司 Block chain-based intelligent processing method and device for customer investment data interaction

Similar Documents

Publication Publication Date Title
Yüksel et al. Research issues for privacy and security of electronic health services
CN114513533B (en) Classified and graded body-building health big data sharing system and method
CN111986755B (en) Data sharing system based on blockchain and attribute-based encryption
Fabian et al. Collaborative and secure sharing of healthcare data in multi-clouds
Majumder et al. Taxonomy and classification of access control models for cloud environments
CN114996754A (en) Remote monitoring medical data management method and system based on block chain
CN111901302A (en) Medical information attribute encryption access control method based on block chain
Zaghloul et al. P-MOD: Secure privilege-based multilevel organizational data-sharing in cloud computing
Maurer The role of cryptography in database security
T. de Oliveira et al. A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud
CN115495768A (en) Secret-related information processing method and system based on block chain and multi-party security calculation
Zhao et al. Attribute-based access control scheme for data sharing on hyperledger fabric
Yialelis et al. Role-based security for distributed object systems
Salehi et al. DACP: Enforcing a dynamic access control policy in cross-domain environments
Zhang et al. Redactable blockchain-enabled hierarchical access control framework for data sharing in electronic medical records
Vignesh et al. Secured Data Access and Control Abilities Management over Cloud Environment using Novel Cryptographic Principles
KR102044396B1 (en) System and method for managing national disaster safety based on a blockchain
Liu et al. Research on Progress of Blockchain Access Control
CN114124392A (en) Data controlled circulation method, system, device and medium supporting access control
Reddy et al. Merkle Tree-based Access Structure for Sensitive Attributes in Patient-Centric Data
Chen et al. Design of safety and integrated disaster prevention system based on big data technology
Alsulaiman et al. Threshold-based collaborative access control (t-cac)
Moghaddam Multi-layered policy generation and management in clouds
Athena et al. TBAC: tree-based access control approach for secure access of PHR in cloud
Agarwal A Safe and Resilient Cryptographic System for Dynamic Cloud Groups with Secure Data Sharing and Efficient User Revocation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220902