ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (10): 2233-2243.doi: 10.7544/issn1000-1239.2018.20180438

所属专题: 2018分布式安全与区块链技术研究专题

• 信息安全 • 上一篇    下一篇



  1. 1(山东师范大学信息科学与工程学院 济南 250358) 2(山东省分布式计算机软件新技术重点实验室 济南 250014) (山东省软件工程重点实验室 济南 250101) (
  • 出版日期: 2018-10-01
  • 基金资助: 

Privacy-Preserving Scheme of Electronic Health Records Based on Blockchain and Homomorphic Encryption

Xu Wenyu1,2, Wu Lei1,2,3, Yan Yunxue1,2   

  1. 1(School of Information Science and Engineering,Shandong Normal University, Jinan 250358);2(Shandong Provincial Key Laboratory for Novel Distributed Computer Software Technology, Jinan 250014);3(Shandong Provincial Key Laboratory for Software Engineering, Jinan 250101)
  • Online: 2018-10-01

摘要: 电子健康记录(electronic health records, EHR)的隐私保护成为现代人越来越关注的问题.区块链是随着比特币等数字加密货币普及而兴起的技术,具有“去中心化”和“不可篡改”等特点.现有的电子健康记录管理系统往往注重保护用户隐私数据而忽略了患者与其他角色交互时存在的安全问题,尤其是并未针对理赔过程中保险公司可查看患者敏感数据侵犯患者隐私这一问题提出明确的解决方案.故提出了一个基于区块链的可同时解决以上3个问题的方案,并将同态加密和以太坊的智能合约技术相结合,实现了保险公司在无法获取用户EHR明文和理赔对象ID的情况下仍能判断是否理赔的功能,交互过程中不向非授权用户泄露患者的任何敏感数据,加强了对用户数据的隐私保护.分析了在保护患者隐私的前提下不同角色在不同应用需求下的交互过程,并对该方案进行安全性分析和性能评估.

关键词: 区块链, 电子健康记录, 隐私保护, 智能合约, 自动理赔, 同态加密

Abstract: The privacy protection of electronic health records (EHR) has become an issue which attracts more and more attention in public. Blockchain is a technology that has emerged with the spread of digital cryptocurrency such as Bitcoin and has features of “decentralization” and “unmodifiable”. Existing electronic health record management systems ignore the security problems of patients’ interaction with other roles while focusing on protecting the user’s privacy data, especially there is no such an appropriate solution to problem nowadays that insurance can view patients’ sensitive data and invade privacy. This paper proposes a scheme based on blockchain for solving the above three problems. In combination with homomorphic encryption and smart contract technology based on Ethereum, we implement the feature that the insurance company can judge whether to handle the claim requests, although it has no way to obtain the plaintext of EHR and the ID. So there is no sensitive data of the patient which will be leaked to unauthorized users during interaction, thus the privacy protection of users’ data is strengthened. This thesis focuses on analyzing the interaction process of different roles under different application requirements based on the premise of patients’ privacy and carries out security analysis and performance evaluation.

Key words: blockchain, electronic health records (EHR), privacy protection, smart contract, automatic claim, homomorphic encryption