CN107579980A - Lightweight Dual Access Control System in Medical IoT - Google Patents

Abstract

The invention relates to a lightweight dual access control system in the Internet of Medical Things. Patients obtain medical services through the medical infrastructure provider, and the medical Internet of Things is responsible for collecting the patient's physiological data and medical images to form a medical document, and the patient specifies an access policy to encrypt the medical document and then sends it to the cloud platform through the Internet; the patient also Generate a password-based emergency access key through the key generation center, and specify the emergency contact to know the password; the user registers through the key generation center, obtains the attribute key, and generates the corresponding authorization key according to the matching with the access policy , the authorization key has the corresponding partial decryption authority to the encrypted medical documents on the cloud platform; the emergency contact can recover the emergency access key by interacting with the cloud platform and the medical infrastructure provider through the password, so that the encrypted medical documents can be decrypted. The invention solves the problems of inability to support emergency access, high storage and calculation costs and the like in the existing solutions.

Description

Lightweight Dual Access Control System in Medical IoT

technical field

The invention relates to a lightweight dual access control system in the Internet of Medical Things.

Background technique

The Internet of Things (IoT) connects disparate physical devices via the Internet to collect and exchange data. The medical Internet of Things consisting of wearable medical devices and smart sensors on medical devices can remotely monitor the health of patients. However, wearable or implanted sensors have very limited power. Frequent charging of sensors and mobile medical devices can consume a lot of time for patients and nurses, greatly reducing the user experience. Additionally, when a wireless medical device loses power, it can be life-threatening to the patient. Therefore, the calculations in the medical Internet of Things must be lightweight in order to reduce power consumption.

Medical devices in the medical Internet of Things can monitor the vital signs of patients and collect the monitored medical data into medical documents. The storage capacity of the medical Internet of Things is limited, and a third-party platform is needed to store massive medical documents. Cloud computing can provide users with computing and storage resources, and support on-demand data access anytime and anywhere. The cloud platform can be used to store medical documents to save local storage overhead and enjoy convenient data access services. Since medical documents contain sensitive physiological data, it is necessary to implement access control on the data to prevent unauthorized persons from accessing the data.

Commonly used access control mechanisms are not suitable for the emergencies that are common in healthcare systems. In an emergency situation (such as a patient having a heart attack or suddenly fainting), the patient cannot authorize access to first responders after losing consciousness, which could delay treatment or even lead to the death of the patient. In order to save patients' lives in time, it is necessary to implement an emergency access access mechanism in emergency situations.

Emergency access access mechanisms bypass conventional access policies to gain emergency access to a patient's medical files. Since the emergency access authorization bypasses the access policy and can easily access the patient's medical data, some malicious users hope to obtain the emergency access authorization in order to break through the restrictions of the access policy. Therefore, emergency access powers must be controlled and not abused.

In 2007, Ostrovsky et al. proposed an ABE scheme with a non-monotonic access structure, which was constructed based on the deterministic bilinear Diffie-Hellman assumption. In order to reduce the computational overhead of decryption, Lai et al. proposed to outsource part of the encryption operation to the public cloud, and proposed an ABE scheme with verifiable outsourced decryption. If a malicious user tries to sell the decryption key for profit, it is necessary to trace the traitor's identity and deprive him of decryption authority. Zhou et al. proposed a multi-authorization ABE scheme with white-box traceability for e-health systems. Rouselakis et al proposed a dynamic multi-authorization ABE scheme to reduce system parameters. Yang et al. proposed a lightweight ABE scheme for medical IoT in a distributed environment. Deng et al. propose a hierarchical ABE scheme with short ciphertexts. Luo et al. proposed a hierarchical ABE scheme with multiple authorization centers for mobile social networks.

In 2009, Brucker et al. proposed an emergency access access control model based on different emergency levels, which divides emergency situations into different levels for distinction. Afterwards, they applied the concept of emergency access to ABE and proposed a hierarchy of emergency attributes. Marinovic et al. propose a novel emergency access model called Rampole, which requires policy makers to limit time and access patterns in the decision-making process. Maw et al. propose an emergency access access model for wireless sensor medical networks, which is based on a role model and can detect user violations. However, these studies only give the basic framework without specific solutions. In 2016, Zhang et al. proposed a password-based emergency access access scheme, which utilizes identity-based encryption constructs, and cannot perform fine-grained access control on shared ciphertexts in non-emergency situations.

Aiming at problems such as inability to support emergency access, high storage and computing overhead in existing solutions, the present invention designs a lightweight dual access control system in the medical Internet of Things.

Contents of the invention

The purpose of the present invention is to provide a lightweight dual access control system in the medical Internet of Things, which solves the problems of inability to support emergency access, high storage and computing costs, and the like in existing solutions.

In order to achieve the above object, the technical solution of the present invention is: a lightweight dual access control system in the Internet of Medical Things, including a key generation center, a cloud platform, and a medical infrastructure provider;

The key generation center is used to generate a master public key/private key pair, and generate attribute keys for patients and users;

The cloud platform provides users with outsourced storage and computing services;

The medical infrastructure provider provides patients with medical Internet of Things infrastructure, and connects the medical Internet of Things infrastructure through the Internet to form the Medical Internet of Things;

Patients obtain medical services through the medical infrastructure provider, and the medical Internet of Things is responsible for collecting the patient's physiological data and medical images to form a medical document, and the patient specifies an access policy to encrypt the medical document and then sends it to the cloud platform through the Internet; the patient also Generate a password-based emergency access key through the key generation center, and designate the emergency contact to know the password;

The user registers through the key generation center and obtains the attribute key. According to the matching with the access policy, the user generates the corresponding authorization key. The authorization key has the decryption authority to the corresponding part of the encrypted medical document on the cloud platform, so that the corresponding part can be obtained. plain text of medical documents;

The emergency contact can restore the emergency access key by interacting with the cloud platform and the medical infrastructure provider through the password, so that the encrypted medical document can be decrypted.

In an embodiment of the present invention, the key generation center uses the security parameter 1 ^κ as input, and uses the Setup algorithm to generate the master public key/private key pair, as follows:

Setup( ¹ κ)→(MPK,MSK): The key generation center selects the hash function Secure symmetric encryption/decryption algorithm SEnc/SDec and symmetric key space Then the key generation center selects the random number Calculate g ₂ =g ₁ ^β , Y=e(g ₁ ,g ₁ ) ^α ; finally obtain the master public key as MPK=(g ₁ ,g ₂ ,Y), and master private key as MSK=(α,β); in, with is the cyclic group, g ₁ is generator of .

In an embodiment of the present invention, the specific way for the user to generate the authorization key DK through the attribute key SK is as follows:

KeyGen.Del(SK)→DK: calculation as well as The authorization key is DK=(dk ₁ ,{dk _2,i } _i∈[k] ,dk ₃ ,dk ₄ ).

In an embodiment of the present invention, the patient generates a password-based emergency access key through the key generation center as follows:

The patient selects the password pw to generate the emergency access key BK, and at the same time generates the auxiliary information (bk ₁ , bk ₂ ) of the emergency access key, and the key BK can be recovered by using the password pw and the auxiliary information (bk ₁ , bk ₂ ); The patient designates the emergency contact ECP, and informs the ECP of the password pw; the specific implementation is as follows,

KeyGen.BK(pw)→(BK,bk ₁ ,bk ₂ ): calculate ζ=H ₁ (ID _PA ,pw), select a random number Such that ζ = ζ ₁ + ζ ₂ ; choose randomly And let the emergency access key BK=K; wherein, ID _PA is the patient identity;

Cloud platform CP random selection calculate And send the P _CP to the patient; the medical infrastructure provider HIP randomly selects calculate And send _PHIP to the patient; after the patient receives (P _CP , _PHIP ), select Calculation: K ₂ =K·(K ₁ ) ^-1 ·(P _CP ,P _HIP ) ^τ , The auxiliary information of the emergency access key is bk ₁ =(K ₁ ,Λ ₁ ) and bk ₂ =(K ₂ ,Λ ₂ ); the patient sends the auxiliary information bk ₁ and bk ₂ to the CP and HIP respectively; the CP is responsible for storing (bk ₁ ,P _CP ,θ ₁ ), HIP is responsible for storing (bk ₂ ,P _HIP ,θ ₂ ).

In an embodiment of the present invention, the way for the emergency contact to generate the emergency access key through the password is as follows: ECP uses the password pw as input to generate an encapsulated password, and sends it to the CP and HIP respectively; input the emergency access key Key auxiliary information bk ₁ /bk ₂ and encapsulated password, CP/HIP calculates and sends auxiliary recovery information ψ ₁ /ψ ₂ to ECP; ECP receives ψ ₁ and ψ ₂ from CP and HIP respectively and recovers to get emergency Access key BK; the specific implementation is as follows,

Extract.BK(pw,bk ₁ ,bk ₂ )→BK: After receiving the emergency access key extraction request, CP and _HIP send P _CP and PHIP to ECP respectively; ECP selects Calculate ζ = H ₁ (ID _PA ,pw), And send (Γ ₁ ,Γ ₂ ) to CP and HIP respectively; CP calculates and send it to ECP; HIP calculation and send it to the ECP; the ECP obtains the emergency access key BK by calculating BK=(ψ ₁ ·ψ ₂ )·(P _CP ·P _HIP ) ^-s .

In an embodiment of the present invention, the patient specifies an access policy to encrypt medical documents in the following way: the patient uses the access policy and the emergency access key BK encrypts the medical document M, where, ρ will be the matrix The row vector of is mapped to the attribute; the specific implementation is as follows,

patient selection Let v=(z,λ ₂ ,...λ _n ) ^Τ ; for i∈[l], compute Calculate the ciphertext CT: Y=H ₂ (BK,ID _PA ,FID), C ₀ =Y·Y ^z , C _2,i = ρ(i) z _i /r ₁ , C _3,i = z _i /r ₂ , in Indicates that M is followed by 0; the generated ciphertext is CT=(C _M ,C ₀ ,C ₁ ,{C _2,i ,C _3,i } _i∈[l] ); the patient will Send it to the cloud platform CP for storage.

In one embodiment of the present invention, the way for the user to decrypt part of the encrypted medical document through the authorization key to obtain the plaintext of the corresponding part of the medical document is as follows: After receiving the data access request sent by the user, the cloud platform CP verifies whether the user's attribute set is Satisfy the access policy of the encrypted medical document, if satisfied, the CP uses the user's authorization key DK to partially decrypt the encrypted medical document, and then the user restores the plaintext and verifies its correctness through the attribute key and decryption algorithm Dec ₁ , the specific implementation is as follows ,

The CP uses the user's authorization key DK to partially decrypt the encrypted medical document:

PDec(CT,DK)→CT': CP is calculated using the linear secret sharing scheme LSSS make CP calculation:

and send CT'=(C _M ,C ₀ ,Ω) to the user;

The user restores the plaintext and verifies its correctness through the attribute key and the decryption algorithm Dec ₁ :

Dec ₁ (CT',SK)→M/⊥: user calculation M'＝SDec(H ₃ (Υ),C _M ); if Indicates that the partially decrypted ciphertext CT' of CP is correct, and the recovered medical document is correct M; otherwise, output ⊥.

In an embodiment of the present invention, the ECP decrypts the encrypted medical document through the emergency access key BK and the decryption algorithm Dec ₂ , the specific method is as follows,

Dec ₂ (CT,BK)→M/⊥: ECP calculation Υ=H ₂ (BK,ID _PA ,FID) and M'=SDec(H ₃ (Y),C _M ); if Indicates that the emergency contact has correctly extracted BK, and the recovered medical document is correct M; otherwise output ⊥.

Compared with the prior art, the present invention has the following beneficial effects:

(1) Patient-controlled encryption mechanism: In the present invention, patients are responsible for encrypting their medical data; in order to safely share data among medical staff, friends and family members, patients formulate access policies;

(2) Attribute-based access: The present invention uses an attribute-based encryption method for fine-grained access control in the Internet of Medical Things; the system assigns users (such as family members, clinicians, researchers, and insurance personnel) attribute sets keys, so they have different data access rights;

(3) Emergency access: the present invention realizes password-based emergency access. The patient pre-sets a password and shares it with the emergency contact; in an emergency, the emergency contact uses the password to extract the emergency access key and decrypts the medical document; only the emergency contact who knows the password can extract the emergency access key, This method effectively avoids the abuse of emergency access authorization;

(4) Lightweight: in the present invention, encryption, decryption, and emergency access key generation and extraction all adopt lightweight algorithms; Partial decryption allows the user to recover the plaintext only by performing a single exponential operation, which greatly reduces the burden of decryption on the user.

Description of drawings

Fig. 1 is the system frame of the present invention.

Fig. 2 shows the emergency access key generation process of the present invention.

Fig. 3 is the emergency access key extraction process of the present invention.

Fig. 4 shows two access control mechanisms adopted in the present invention.

detailed description

The technical solution of the present invention will be specifically described below in conjunction with the accompanying drawings.

A lightweight dual access control system in the medical Internet of Things of the present invention, including a key generation center, a cloud platform, and a medical infrastructure provider;

The key generation center is used to generate a master public key/private key pair, and generate attribute keys for patients and users;

The cloud platform provides users with outsourced storage and computing services;

The medical infrastructure provider provides patients with medical Internet of Things infrastructure, and connects the medical Internet of Things infrastructure through the Internet to form the Medical Internet of Things;

Patients obtain medical services through the medical infrastructure provider, and the medical Internet of Things is responsible for collecting the patient's physiological data and medical images to form a medical document, and the patient specifies an access policy to encrypt the medical document and then sends it to the cloud platform through the Internet; the patient also Generate a password-based emergency access key through the key generation center, and designate the emergency contact to know the password;

The user registers through the key generation center and obtains the attribute key. According to the matching with the access policy, the user generates the corresponding authorization key. The authorization key has the decryption authority to the corresponding part of the encrypted medical document on the cloud platform, so that the corresponding part can be obtained. plain text of medical documents;

The emergency contact can restore the emergency access key by interacting with the cloud platform and the medical infrastructure provider through the password, so that the encrypted medical document can be decrypted.

In the present invention, the key generation center takes the security parameter 1 ^κ as input, and adopts the Setup algorithm to generate the master public key/private key pair, specifically as follows:

Setup(1 ^κ )→(MPK,MSK): The key generation center selects the hash function Secure symmetric encryption/decryption algorithm SEnc/SDec and symmetric key space Then the key generation center selects the random number Calculate g ₂ =g ₁ β,Y=e(g ₁ ,g ₁ ) ^α ; finally obtain the master public key as MPK=(g ₁ ,g ₂ ,Y), and the master private key as MSK=(α,β); in, with is the cyclic group, g ₁ is generator of .

In the present invention, the specific way for the user to generate the authorization key DK through the attribute key SK is as follows:

KeyGen.Del(SK)→DK: calculation as well as The authorization key is DK=(dk ₁ ,{dk _2,i } _i∈ [ _k ],dk ₃ ,dk ₄ ).

In the present invention, the way for the patient to generate a password-based emergency access key through the key generation center is:

The patient selects the password pw to generate the emergency access key BK, and at the same time generates the auxiliary information (bk ₁ , bk ₂ ) of the emergency access key, and the key BK can be recovered by using the password pw and the auxiliary information (bk ₁ , bk ₂ ); The patient designates the emergency contact ECP, and informs the ECP of the password pw; the specific implementation is as follows,

KeyGen.BK(pw)→(BK,bk ₁ ,bk ₂ ): calculate ζ=H ₁ (ID _PA ,pw), select a random number Such that ζ = ζ ₁ + ζ ₂ ; choose randomly And let the emergency access key BK=K; wherein, ID _PA is the patient identity;

Cloud platform CP random selection calculate And send the P _CP to the patient; the medical infrastructure provider HIP randomly selects calculate And send _PHIP to the patient; after the patient receives (P _CP , _PHIP ), select Calculation: K ₂ =K·(K ₁ ) ^-1 ·(P _CP ,P _HIP ) ^τ , The auxiliary information of the emergency access key is bk ₁ =(K ₁ ,Λ ₁ ) and bk ₂ =(K ₂ ,Λ ₂ ); the patient sends the auxiliary information bk ₁ and bk ₂ to the CP and HIP respectively; the CP is responsible for storing (bk ₁ ,P _CP ,θ ₁ ), HIP is responsible for storing (bk ₂ ,P _HIP ,θ ₂ ).

In the present invention, the way for the emergency contact to generate the emergency access key through the password is: ECP uses the password pw as input to generate the encapsulated password, and sends it to the CP and HIP respectively; Information bk ₁ /bk ₂ and encapsulated password, CP/HIP calculates and sends auxiliary recovery information ψ ₁ /ψ ₂ to ECP; ECP receives ψ ₁ and ψ ₂ from CP and HIP respectively and recovers to obtain emergency access password key BK; the specific implementation is as follows,

Extract.BK(pw,bk ₁ ,bk ₂ )→BK: After receiving the emergency access key extraction request, CP and _HIP send P _CP and PHIP to ECP respectively; ECP selects Calculate ζ = H ₁ (ID _PA ,pw), And send (Γ ₁ ,Γ ₂ ) to CP and HIP respectively; CP calculates and send it to ECP; HIP calculation and send it to the ECP; the ECP obtains the emergency access key BK by calculating BK=(ψ ₁ ·ψ ₂ )·(P _CP ·P _HIP ) ^-s .

In the present invention, the patient specifies an access policy to encrypt medical documents in the following way: the patient utilizes the access policy and the emergency access key BK encrypts the medical document M, where, ρ will be the matrix The row vector of is mapped to the attribute; the specific implementation is as follows,

patient selection Let v=(z,λ ₂ ,...λ _n ) ^Τ ; for i∈[l], compute Calculate the ciphertext CT: Y=H ₂ (BK,ID _PA ,FID), C ₀ =Y·Y ^z , C _2,i = ρ(i) z _i /r ₁ , C _3,i = z _i /r ₂ , in Indicates that M is followed by 0; the generated ciphertext is CT=(C _M ,C ₀ ,C _1, {C _2,i ,C _3,i } _i∈[l] ); the patient will Send it to the cloud platform CP for storage.

In the present invention, the user decrypts part of the encrypted medical document through the authorization key, and obtains the plaintext of the corresponding part of the medical document in the following way: After receiving the data access request sent by the user, the cloud platform CP verifies whether the user's attribute set meets the requirements of the encrypted medical document. If the access policy of the document is satisfied, the CP uses the user's authorization key DK to partially decrypt the encrypted medical document, and then the user restores the plaintext and verifies its correctness through the attribute key and the decryption algorithm Dec _1. The specific implementation is as follows,

The CP uses the user's authorization key DK to partially decrypt the encrypted medical document:

PDec(CT,DK)→CT': CP is calculated using the linear secret sharing scheme LSSS make CP calculation:

and send CT'=(C _M ,C ₀ ,Ω) to the user;

The user restores the plaintext and verifies its correctness through the attribute key and the decryption algorithm Dec ₁ :

Dec ₁ (CT',SK)→M/⊥: user calculation M'＝SDec(H ₃ (Υ),C _M ); if Indicates that the partially decrypted ciphertext CT' of CP is correct, and the recovered medical document is correct M; otherwise, output ⊥.

In the present invention, the ECP decrypts the encrypted medical document through the emergency access key BK and the decryption algorithm Dec ₂ , the specific method is as follows,

Dec ₂ (CT,BK)→M/⊥: ECP calculation Υ=H ₂ (BK,ID _PA ,FID) and M'=SDec(H ₃ (Y),C _M ); if Indicates that the emergency contact has correctly extracted BK, and the recovered medical document is correct M; otherwise output ⊥.

The following is the specific implementation process of the present invention.

Fig. 1 is the system frame of the present invention. The system includes the following types of entities. The characteristics and functions of each entity are described below:

Key Generation Center (KGC): KGC generates master public/private key pairs for the system, and property keys for patients and users.

Cloud Platform (CP): CP has powerful storage and computing capabilities and provides users with outsourced storage and computing services.

Healthcare Infrastructure Provider (HIP): A HIP is a hospital or other medical institution that provides medical IoT infrastructure for patients. Medical devices in HIP (such as electrocardiographs, B-ultrasound instruments, electronic blood pressure monitors, and CT scanners) are connected through the Internet to form a medical Internet of Things (IOT).

Patient (PA): PA receives medical services from HIP. Medical IoT is responsible for collecting physiological data and medical images of patients. To protect sensitive medical data and achieve fine-grained access control, patients can specify access policies to encrypt medical documents and send them to CP via the Internet. Considering the emergency situation, the patient generates a password-based emergency access key that can restore all of the patient's encrypted files. The patient nominates a list of emergency contacts and communicates the password confidentially to the emergency contacts.

Users: Users can be doctors, nurses and other medical personnel of HIP, or friends and relatives of patients. Users need to register with KGC and obtain property keys. If the user's attributes satisfy the access policy, the patient's data can be accessed. After receiving the encrypted medical document sent by the CP, the user decrypts it with the attribute key to obtain the plaintext of the medical document.

Emergency Contacts (ECPs): ECPs are assigned by the patient and know the patient's password. In case of emergency, they interact with CP, HIP to recover the emergency access key. ECPs query the patient's encrypted files in the CP and use the emergency access key to recover the patient's medical records.

1. System establishment

Taking the security parameter 1 ^κ as input, the Setup algorithm is used to generate the master public key/private key pair, as follows:

Setup(1 ^κ )→(MPK,MSK): The key generation center selects the hash function Secure symmetric encryption/decryption algorithm SEnc/SDec and symmetric key space Then the key generation center selects the random number Calculate g ₂ =g ₁ ^β , Y=e(g ₁ ,g ₁ ) ^α ; finally obtain the master public key as MPK=(g ₁ ,g ₂ ,Y), and master private key as MSK=(α,β); MPK is the default input in the following algorithms.

2. User key generation

The user uses the attribute key SK to generate the authorization key DK and sends it to the CP.

KeyGen.Del(SK)→DK: calculation as well as The authorization key is DK=(dk ₁ ,{dk _2,i } _i∈[k] ,dk ₃ ,dk ₄ ).

3. Password-based emergency access key generation

Figure 2 shows the emergency access key generation process. The patient (identity ID _PA ) selects the password pw to generate the emergency access key BK, and at the same time generates the auxiliary information (bk ₁ , bk ₂ ) of the emergency access key, which can be recovered by using the password pw and the auxiliary information (bk ₁ , bk ₂ ) Get the key BK. Auxiliary information (bk ₁ , bk ₂ ) is stored in CP and HIP respectively. The patient specifies a list of ECPs and secretly informs the ECPs of the password pw. HIP is responsible for storing the list of ECPs.

KeyGen.BK(pw)→(BK,bk ₁ ,bk ₂ ): calculate ζ=H ₁ (ID _PA ,pw), select a random number Such that ζ = ζ ₁ + ζ ₂ ; choose randomly And make the emergency access key BK=K;

CP randomly selected calculate And send the P _CP to the patient; the medical infrastructure provider HIP randomly selects calculate And send _PHIP to the patient; after the patient receives (P _CP , _PHIP ), select Calculation: K ₂ =K·(K ₁ ) ^-1 ·(P _CP ,P _HIP ) ^τ , The auxiliary information of the emergency access key is bk ₁ =(K ₁ ,Λ ₁ ) and bk ₂ =(K ₂ ,Λ ₂ ); the patient sends the auxiliary information bk ₁ and bk ₂ to the CP and HIP respectively; the CP is responsible for storing (bk ₁ ,P _CP ,θ ₁ ), HIP is responsible for storing (bk ₂ ,P _HIP ,θ ₂ ).

4. Password-based emergency access key extraction

Figure 3 shows the emergency access key extraction process. In order to protect the password pw, ECP takes the password pw as input to generate encapsulated passwords and sends them to CP and HIP respectively. CP and HIP cannot infer the export password pw from the encapsulated password. Input the auxiliary information bk ₁ /bk ₂ of the emergency access key and the encapsulated password, CP/HIP calculates and sends the auxiliary recovery information ψ ₁ /ψ ₂ to ECP; ECP receives ψ ₁ and ψ from CP and HIP respectively After ₂ recovery, get the emergency access key BK, and use BK to decrypt all encrypted medical documents of the patient.

Extract.BK(pw,bk ₁ ,bk ₂ )→BK: After receiving the emergency access key extraction request, CP and _HIP send P _CP and PHIP to ECP respectively; ECP selects Calculate ζ = H ₁ (ID _PA ,pw), And send (Γ ₁ ,Γ ₂ ) to CP and HIP respectively; CP calculates and send it to ECP; HIP calculation and send it to the ECP; the ECP obtains the emergency access key BK by calculating BK=(ψ ₁ ·ψ ₂ )·(P _CP ·P _HIP ) ^-s .

5. Encryption

Patient Utilization Access Policy and the emergency access key BK encrypts the medical document M (the document number is FID), wherein, ρ will be the matrix A row vector of maps to the attribute

patient selection Let v=(z,λ ₂ ,...λ _n ) ^Τ ; for i∈[l], compute Calculate the ciphertext CT: Y=H ₂ (BK,ID _PA ,FID), C ₀ =Y·Y ^z , C _2,i = ρ(i) z _i /r ₁ , C _3,i = z _i /r ₂ , in Indicates that M is followed by 0; the generated ciphertext is CT=(C _M ,C ₀ ,C ₁ ,{C _2,i ,C _3,i } _i∈[l] ); the patient will Send it to the cloud platform CP for storage.

6. Partial decryption

After receiving the data access request sent by the user, the CP verifies whether the attribute set of the user satisfies the access policy of the ciphertext. If not satisfied, the CP will reject the request. Otherwise, the CP uses the user's authorization key DK to partially decrypt the ciphertext, thereby reducing the amount of calculation for the user's decryption.

PDec(CT,DK)→CT': CP is calculated using the linear secret sharing scheme LSSS make CP calculation:

and send CT'=(C _M ,C ₀ ,Ω) to the user;

7. Decrypt and verify with attribute key

Under normal circumstances, the user uses its attribute key SK and decryption algorithm Dec ₁ to recover the plaintext and verify its correctness.

Dec ₁ (CT',SK)→M/⊥: user calculation M'＝SDec(H ₃ (Υ),C _M ); if Indicates that the partially decrypted ciphertext CT' of CP is correct, and the recovered medical document is correct M; otherwise, output ⊥.

8. Decrypt and authenticate with emergency access key

In an emergency, the ECP decrypts the ciphertext through the emergency access key BK and the decryption algorithm Dec ₂ .

Dec ₂ (CT,BK)→M/⊥: ECP calculation Υ=H ₂ (BK,ID _PA ,FID) and M'=SDec(H ₃ (Y),C _M ); if Indicates that the emergency contact has correctly extracted BK, and the recovered medical document is correct M; otherwise output ⊥.

9. Bilinear pairing

with is the cyclic group, g ₁ is generator of . bilinear map Has the following characteristics:

(1) Bilinearity: and have

(2) Non-degenerate: e(g ₁ , g ₁ )≠1.

(3) Computability: e(h ₁ , h ₂ ) can be obtained through efficient calculation.

10. Difficult assumptions

Deterministic bilinear Diffie-Hellman assumption. make T is a random number g ₁ is the group generator of . given tuple There is no probabilistic polynomial-time algorithm e(g ₁ , g ₁ ) ^abc and T can be distinguished. The advantage ε is defined as:

11. Linear secret sharing scheme

Definition 1: (Linear Secret Sharing Scheme (LSSS)). gather The secret sharing scheme Π on is called linear ( above) if and only if: 1. The shares of all parties are formed vector on . 2. There is an l×n matrix The generator matrix is called the share of Π. For all i=1,...,l, the i-th row of M is labeled by ρ(i) (ρ is {1,...,l} to a function of ). Let the vector v=(z,λ ₂ ,...λ _n ), where z is the secret to be shared choose randomly According to Π, is the share vector of the secret z ( belongs to ρ(i)).

By definition, every LSSS has a linear reconstruction property. Suppose Π is the LSSS of the access structure Φ, let S∈Φ be any authorization set, define I={i:ρ(i)∈S}, where According to Π, if there is a constant Such that {z _i } _i∈I is a valid share of any secret z, then there are ∑ _i∈I ω _i z _i = z and For non-authorized collections, no such constant exists.

12. Two access control mechanisms

Figure 4 shows two access control mechanisms: attribute-based access mechanism and emergency access access mechanism, including the following algorithms: authorization key generation algorithm KeyGen.Del, partial decryption algorithm PDec, emergency access key extraction algorithm Extract. BK, type-1 decryption algorithm Dec ₁ , type-2 decryption algorithm Dec ₂ .

For attribute-based access, ECP uses the attribute key SK to decrypt the ciphertext. The invention utilizes the outsourcing decryption technology to reduce the decryption burden of the user. The user executes the authorization key generation algorithm KeyGen.Del, generates the authorization key DK with the attribute key SK as input, and sends it to the CP. During data access, CP partially decrypts encrypted medical documents. The CP executes the partial decryption algorithm PDec, and uses the authorization key DK to convert the ciphertext CT into CT'. The user executes the type-1 decryption algorithm Dec ₁ , and uses the attribute key SK to recover the plaintext of the medical document. In the type-1 decryption algorithm Dec ₁ , the user only needs to perform one exponent calculation to recover the plaintext from CT'.

For emergency access access, ECP uses the password pw to execute the emergency access key extraction algorithm Extract.BK to recover the emergency access key BK. The ECP executes the Type-2 decryption algorithm Dec ₂ to obtain the plaintext of the medical document.

After executing the decryption algorithm, the present invention provides a verification algorithm to verify whether the recovered medical document is correct, thereby detecting the malicious behavior of CP or HIP, for example, CP sends wrong partial decrypted ciphertext CT' to the user, or CP (or HIP ) sends wrong auxiliary recovery information to the ECP.

Advantages of the present invention:

(1) Patient-controlled encryption mechanism: In the present invention, patients are responsible for encrypting their medical data. To securely share data among medical staff, friends and family, it is up to the patient to define access policies.

(2) Attribute-based access: the present invention utilizes an attribute-based encryption method for fine-grained access control in the Internet of Medical Things. The system assigns keys to users (such as family members, clinicians, researchers, and insurance personnel) according to their attribute sets, so they have different data access rights.

(3) Emergency access: the present invention realizes password-based emergency access. Patients pre-program a password and share it with emergency contacts. In an emergency, the emergency contact uses the passphrase to extract the emergency access key and decrypt the medical document. Only emergency contacts who know the password can extract the emergency access key, which effectively avoids the abuse of emergency access authorization.

(4) Lightweight: in the present invention, encryption, decryption, emergency access key generation and extraction all adopt lightweight algorithms. In the attribute-based access mechanism, the cloud platform uses the authorization key to partially decrypt the ciphertext, so that the user only needs to perform a single exponential operation to recover the plaintext, which greatly reduces the burden of decryption on the user.

Uses of the present invention: Medical Internet of Things (IOT) is an effective means for medical institutions to improve medical quality and efficiency. Medical devices in the medical Internet of Things will monitor the vital signs of patients, collect these data into medical documents, and send the documents to cloud servers for storage, and medical staff can access related documents. To protect patient privacy, encryption can be used to control access to documents by authorized persons while preventing access by unauthorized persons. In addition, there is a need to be able to access patients' medical documents in a timely manner in case of emergency. The present invention proposes a lightweight dual access control system in the medical Internet of Things, which provides two methods of accessing encrypted medical documents: attribute-based access and emergency access access. Under normal circumstances, medical staff can only decrypt and access the data if they have the attribute key. In an emergency, the emergency access access mechanism can bypass the access policy of medical documents, allowing medical staff to access the data in time to save the lives of patients.

Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented

The instructions executed on other programmable devices provide steps for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

The above are the preferred embodiments of the present invention, and all changes made according to the technical solution of the present invention, when the functional effect produced does not exceed the scope of the technical solution of the present invention, all belong to the protection scope of the present invention.

Claims (8)

1. A kind of 1. lightweight double call control system in medical Internet of Things, it is characterised in that：Including key generation centre, cloud Platform, medical infrastructure provider；

   The key generation centre, it is that patient and user generate attribute key for generating main public/private keys pair；

   The cloud platform, provide the user outsourcing storage and calculate service；

   The medical infrastructure provider, medical Internet of Things infrastructure is provided for patient, and medical Internet of Things basis is set Apply by Internet connection, form medical Internet of Things；

   Patient obtains medical services by the medical infrastructure provider, and medical Internet of Things is responsible for collecting the physiology number of patient Medical document is formed according to medical imaging, and specifies access strategy encryption medical document to be then sent to by internet by patient The cloud platform；Patient also generates the urgent access key based on password by key generation centre, and specifies programmed emergency Know password；

   User is registered by key generation centre, obtains attribute key, and it is according to corresponding with access strategy match condition, generation Authorization key, the authorization key has the appropriate section decrypted rights that medical document is encrypted to cloud platform, so as to obtain phase Answer the medical document of part in plain text；

   By password, being interacted with cloud platform, medical infrastructure provider can recover promptly to access key programmed emergency, from And encryption medical document can be decrypted.
2. 2. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that：It is described Key generation centre is with security parameter 1^κFor input, main public/private keys pair are generated using Setup algorithms, it is specific as follows：

   Setup(1^κ)→(MPK,MSK)：Key generation centre selects hash function Symmetric cryptography/decipherment algorithm SEnc/SDec of safety and symmetric key spaceIn then key generation The heart selects random numberCalculate g₂=g₁ ^β, Y=e (g₁,g₁)^α；It is MPK=finally to obtain Your Majesty's key (g₁,g₂, Y), main private key is MSK=(α, β)；Wherein,WithIt is cyclic group, g₁It isGeneration member.
3. 3. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that：User The concrete mode that authorization key DK is generated by attribute key SK is as follows：

   KeyGen.Del(SK)→DK：CalculateAndAward Power key is DK=(dk₁,{dk_2,i}_i∈[k],dk₃,dk₄)。
4. 4. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that：Patient It is by way of key generation centre generates the urgent access key based on password：

   Patient selects the urgent access key BK of password pw generations, while generates the auxiliary information (bk of urgent access key₁,bk₂), Utilize password pw, auxiliary information (bk₁,bk₂) can recover to obtain key BK；Patient specifies programmed emergency ECP, and by password Pw informs ECP；It is implemented as follows,

   KeyGen.BK(pw)→(BK,bk₁,bk₂)：Calculate ζ=H₁(ID_PA, pw), select random numberSo that ζ=ζ₁ +ζ₂；Random selectionAnd make urgent access key BK=K；Wherein, ID_PAThat is patient identity；

   Cloud platform CP is randomly choosedCalculateAnd P_CPIt is sent to patient；Medical infrastructure provider HIP with Machine selectsCalculateAnd P_HIPIt is sent to patient；Patient receives (P_CP,P_HIP) after, selectionMeter Calculate：K₂=K (K₁)^-1·(P_CP,P_HIP)^τ,The auxiliary information of urgent access key For bk₁=(K₁,Λ₁) and bk₂=(K₂,Λ₂)；Patient is by auxiliary information bk₁And bk₂It is sent respectively to CP and HIP；CP is responsible for depositing Store up (bk₁,P_CP,θ₁), HIP is responsible for storing (bk₂,P_HIP,θ₂)。
5. 5. the lightweight double call control system in medical Internet of Things according to claim 4, it is characterised in that：Promptly By password, the mode for generating urgent access key is contact person：Passwords of the ECP using password pw as input generation encapsulation, and It is sent respectively to CP and HIP；The auxiliary information bk of the urgent access key of input₁/bk₂With the password of encapsulation, CP/HIP is calculated And auxiliary is recovered into information ψ₁/ψ₂It is sent to ECP；ECP receives ψ at CP and HIP respectively₁And ψ₂Recover promptly to be connect afterwards Enter key BK；It is implemented as follows,

   Extract.BK(pw,bk₁,bk₂)→BK：After CP and HIP receives urgent access cipher key-extraction request, respectively by P_CPWith P_HIPIt is sent to ECP；ECP choosesCalculate ζ=H₁(ID_PA, pw),And respectively (Γ₁,Γ₂) it is sent to CP and HIP；CP is calculatedAnd send it to ECP；HIP is calculated And send it to ECP；ECP is by calculating BK=(ψ₁·ψ₂)·(P_CP·P_HIP)^-sObtain promptly accessing key BK.
6. 6. the lightweight double call control system in medical Internet of Things according to claim 1, it is characterised in that：Patient Specify access strategy encryption medical document mode be：Patient utilizes access strategyWith urgent access key BK encryption medical treatment Document M, wherein,ρ is by matrixRow vector be mapped to attribute；It is implemented as follows,

   Patient choosesMake v=(z, λ₂,...λ_n)^Τ；For i ∈ [l], CalculateCalculate ciphertext CT：Υ=H₂(BK,ID_PA, FID), C₀=Υ Y^z,C_2,i=ρ (i) z_i/r₁, C_3,i= z_i/r₂,WhereinHave after representing MIndividual 0；The ciphertext of generation is CT=(C_M,C₀,C₁, {C_2,i,C_3,i}_i∈[l])；Patient willCloud platform CP is sent to be stored.
7. 7. the lightweight double call control system in medical Internet of Things according to claim 3, it is characterised in that：User The part for encrypting medical document is decrypted by authorization key, the mode for obtaining the medical document plaintext of appropriate section is：Yun Ping After platform CP receives the data access request that user sends, verify whether the attribute set of user meets the access for encrypting medical document Strategy, if satisfied, then CP carries out part decryption using the authorization key DK of user to encryption medical document, then user passes through category Property key and decipherment algorithm Dec₁Recover in plain text and verify its correctness, be implemented as follows,

   CP carries out part decrypting process using the authorization key DK of user to encryption medical document：

   PDec(CT,DK)→CT'：CP is calculated using linear cipher secret sharing LSSSSo thatCP is calculated：

   <mrow> <mi>&amp;Omega;</mi> <mo>=</mo> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>dk</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>dk</mi> <mn>3</mn> </msub> <mo>,</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>&amp;Element;</mo> <mi>I</mi> </mrow> </munder> <msubsup> <mi>dk</mi> <mrow> <mn>2</mn> <mo>,</mo> <mi>i</mi> </mrow> <mrow> <msub> <mi>C</mi> <mrow> <mn>2</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;CenterDot;</mo> <msub> <mi>&amp;omega;</mi> <mi>i</mi> </msub> </mrow> </msubsup> <mo>)</mo> </mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>dk</mi> <mn>4</mn> </msub> <mo>,</mo> <munder> <mo>&amp;Pi;</mo> <mrow> <mi>i</mi> <mo>&amp;Element;</mo> <mi>I</mi> </mrow> </munder> <msubsup> <mi>dk</mi> <mrow> <mn>2</mn> <mo>,</mo> <mi>i</mi> </mrow> <mrow> <msub> <mi>C</mi> <mrow> <mn>3</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> <mo>&amp;CenterDot;</mo> <msub> <mi>&amp;omega;</mi> <mi>i</mi> </msub> </mrow> </msubsup> <mo>)</mo> </mrow> <mo>=</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>g</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>g</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mrow> <mi>&amp;alpha;</mi> <mo>&amp;CenterDot;</mo> <mi>z</mi> <mo>&amp;CenterDot;</mo> <mi>&amp;tau;</mi> </mrow> </msup> </mrow>

   And by CT'=(C_M,C₀, Ω) and it is sent to user；

   User passes through attribute key and decipherment algorithm Dec₁Recover in plain text and verify its correctness process：

   Dec₁(CT',SK)→M/⊥：User calculatesM'=SDec (H₃(Υ),C_M)；IfRepresent CP The ciphertext CT' of part decryption is correct, and the medical document recovered is correct M；Otherwise ⊥ is exported.
8. 8. the lightweight double call control system in medical Internet of Things according to claim 5, it is characterised in that：ECP By promptly accessing key BK and decipherment algorithm Dec₂Decryption encryption medical document, concrete mode is as follows,

   Dec₂(CT,BK)→M/⊥：ECP calculates Υ=H₂(BK,ID_PA, FID) and M'=SD_ec(H₃(Υ),C_M)；IfRepresent that programmed emergency correctly extracts BK, and the medical document recovered is correct M；Otherwise export ⊥。