高级检索
    宋文鹏, 张亮, 马宇航. 基于分布式数字身份的可审计医疗数据共享[J]. 计算机研究与发展. DOI: 10.7544/issn1000-1239.202440351
    引用本文: 宋文鹏, 张亮, 马宇航. 基于分布式数字身份的可审计医疗数据共享[J]. 计算机研究与发展. DOI: 10.7544/issn1000-1239.202440351
    Song Wenpeng, Zhang Liang, Ma Yuhang. Auditable Healthcare Data Sharing Based on Decentralized Identity[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440351
    Citation: Song Wenpeng, Zhang Liang, Ma Yuhang. Auditable Healthcare Data Sharing Based on Decentralized Identity[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440351

    基于分布式数字身份的可审计医疗数据共享

    Auditable Healthcare Data Sharing Based on Decentralized Identity

    • 摘要: 互联网技术的不断快速发展,为数据共享带来日益便利之处,但数据安全和隐私问题也接踵而至. 以医疗保健为例,人们既希望能迅速就诊和及时报销,又不希望泄露个人的病历和费用信息. 为了适配此类数据共享场景,方案提出一种基于区块链和代理重加密(proxy re-encryption,PRE)的分布式数字身份(decentralized identity,DID)模型,进而实现智慧医疗的数据共享框架. 区块链技术能避免单节点故障问题,以确保数据的可用性和一致性. 代理重加密能够实现数据的生成、管理和使用权限分离,实现DID模式下的可验证身份发行和验证,并达到医疗场景中以病患为中心的目的. 运用BLS签名方案,对该DID模式下的身份可验证表达进行聚合签名及认证以提升效率. 针对提出的代理重加密方案,在区块链上验证了密文的正确性,实现数据在密态下的可验证性和审计性. 最后,方案对所提出的智慧医疗场景进行了安全分析,与相关工作对比分析,并在以太坊和星际文件系统(inter-planetary file system,IPFS)区块链平台上进行系统的实验验证,体现方案的可行性和高效性.

       

      Abstract: The continuous rapid development of Internet technology has brought increasing convenience for data sharing. However, data security and privacy issues have also emerged. Taking healthcare as an example, people hope to seek treatment quickly and claim reimbursement promptly, but do not want to disclose their medical records and expenses in hospitals. To adapt to the above data sharing scenarios, we propose a decentralized identity (DID) model based on blockchain and proxy re-encryption (PRE). Further, we achieve a data sharing framework for smart healthcare. Blockchain is leveraged to avoid the problem of single-node failure, ensuring data availability and data consistency. PRE is employed to achieve the separation of data generation, management and usage. This character is identical to that of the DID model, where verifiable credential (VC) issuance and verification are separated. Besides, PRE helps to achieve the goal of patient-centered healthcare. Furthermore, we obtain verifiable presentation (VP) by using the BLS aggregation signatures, which enable us to combine and authenticate multiple VCs. We incorporate blockchain as a decentralized trusted third party to check the correctness of cryptographic operations, achieving data verifiability and audibility in an encrypted mode. Also, we make a scrupulous security analysis of the proposed framework and compare it with related work. Finally, we conduct comprehensive experiments based on Ethereum and IPFS (inter-planetary file system), demonstrating the feasibility and efficiency of our solution.

       

    /

    返回文章
    返回