摘要
针对在当前医疗系统中医疗记录授权流程繁琐、记录分享效率低下和身份验证困难问题,提出一种结合区块链技术与密码学的非对称加密技术的方法,将非对称加密技术的安全性高、多方协作简单等特性应用到区块链技术构成的点对点网络中,实现医疗记录跨域分享的可追踪、数据的不可篡改和身份验证的简化。首先,基于区块链技术的不可篡改性结合非对称加密技术,设计了文件同步合约和授权合约,其分布式储存优势保证了用户医疗信息隐私。其次,跨域获取合约的设计能够有效验证数据分享双方身份以及提高身份验证效率,不需要第三方公证机构便可安全过滤非合法用户。仿真实验结果显示,所提出的方案相比传统使用云计算方法解决医疗记录分享问题的方案,在数据防盗窃、多方身份验证和节约系统开销方面有明显优势。该方案对利用区块链的去中心化、可审计等优点解决数据分享过程中的安全问题提供了参考,为解决数据跨域分享、跨域身份验证问题提供了借鉴思路。
To solve the problems of the cumbersome process in medical record authorization, the low efficiency in record sharing and the difficulty in identity authentication in current medical systems, a method of asymmetric encryption technology combining with blockchain technology was proposed to make medical records cross-domain sharing traceable, data tamper-resistant and identity authentication simplified by applying charatistics of asymmetric encryption technology like high safety and simple cooperation to the peer-to-peer network constructed by blockchain technology. Firstly, based on the anti-tampering of blockchain technology and with asymmetric encryption technology combined, file synchronization contract and authorization contract were designed, in which the distributed storage advantages secure the privacy of user’s medical information. Secondly, cross-domain acquisition contracts were designed to validate the identity of both parties and improve authentication efficiency, so that non-legitimate users can be securely filtered without third-party notary agency. The experimental and analysis results show that the proposed scheme has obvious advantages in data guard against theft, multi-party authentication and data access control compared with the traditional scheme of using cloud computing method to solve medical record sharing problem. The proposed method provides a good application demonstration for solving the security problems in the data sharing process across medical institutions and a reference for cross-domain identity verification in the process of sharing data by using decentralization and auditability of blockchain technology.
作者
徐健
陈志德
龚平
王可可
XU Jian;CHEN Zhide;GONG Ping;WANG Keke(College of Mathematics and Informatics, Fujian Normal University, Fuzhou Fujian 350007, China;Fujian Provincial Key Laboratory of Network Security and Cryptology ( Fujian Normal University ) , Fuzhou Fujian 350007, China;Electronic Information and Control of Fujian University Engineering Research Center, Minjiang University, Fuzhou Fujian 350007, China)
出处
《计算机应用》
CSCD
北大核心
2019年第5期1500-1506,共7页
journal of Computer Applications
基金
国家自然科学基金资助项目(61841701)
福建省自然科学基金资助项目(2016J01287
2018J01781)
电子信息与控制福建省高校工程研究中心开放基金资助项目(EIC1703)~~
关键词
区块链
医疗记录
去中心化
隐私保护
智能合约
Blockchain
electronic medical records
decentralization
privacy protection
smart contracts
