Personal health record (PHR) enables patients to manage their own electronic medical records (EMR) in a centralized way, and it is oRen outsourced to be stored in a third-party server. In this paper we propose a n...Personal health record (PHR) enables patients to manage their own electronic medical records (EMR) in a centralized way, and it is oRen outsourced to be stored in a third-party server. In this paper we propose a novel secure and scalable system for sharing PHRs. We focus on the multiple data owner scenario, and divide the users in the system into multiple security domains that greatly reduce the key management complexity for owners and users. A high degree of patient privacy is guaranteed by exploiting hierarchical and multi- authority attribute-sets based encryption (HM- ASBE). Our system not only supports compound attributes due to flexible attribute sets combinations, but also achieves fine-grained access control. Our scheme supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios.展开更多
基金the National Natural Science Foundation of China under contract NO 61271235 and No.60973146,and the Fundamental Research Funds for the Central Universities under Grant No.BUPT2013RC0308
文摘Personal health record (PHR) enables patients to manage their own electronic medical records (EMR) in a centralized way, and it is oRen outsourced to be stored in a third-party server. In this paper we propose a novel secure and scalable system for sharing PHRs. We focus on the multiple data owner scenario, and divide the users in the system into multiple security domains that greatly reduce the key management complexity for owners and users. A high degree of patient privacy is guaranteed by exploiting hierarchical and multi- authority attribute-sets based encryption (HM- ASBE). Our system not only supports compound attributes due to flexible attribute sets combinations, but also achieves fine-grained access control. Our scheme supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios.
