KR101022213B1 - Method and apparatus for sharing and secondary use of medical data based on multi-proxy re-encryption - Google Patents

Abstract

PURPOSE: A method and an apparatus for sharing multi proxy re-encryption based medical data are provided to smoothly use medical information by using commitment function instead of the agreement of a patient. CONSTITUTION: A terminal(10) for a patient permits the commitment of medical data inputted to and outputted from a medical institution. A proxy re-encryption server(20) is managed by a policy manager terminal(30). The proxy re-encryption server firstly provides the medical information of the patient with a proxy based re-encryption method. A proxy terminal(40) entrusts an agent with a data decoding authority management function. A user terminal(50) receives a cryptogram which is re-encrypted and decodes the cryptogram through its own secret key.

Description

Method and Apparatus for Sharing Medical Data based on Multi-Proxy Re-Encryption {Method and Apparatus for Sharing and Secondary Use of Medical Data based on Multi-proxy Re-encryption}

The present invention relates to a method and apparatus for sharing medical data based on multi-proxy re-encryption. In particular, it is possible to maintain confidentiality by providing a re-encryption method of a cipher text by a re-encryption key and a multi-distribution method by a multi-proxy when sharing information of medical data. The present invention relates to a multi-proxy re-encryption based medical data sharing method and apparatus.

Recently, the trend of information communication technology (IT) is developing digital convergence technology for advancement of information communication such as wired / wireless integration and communication broadcasting convergence. In the future, advanced technologies such as biotechnology (BT) and nanotechnology (NT) are being combined to improve the quality of human life or maximize human ability based on such advanced digital convergence technology. Ubiquitous healthcare (u-healthcare) services including IT-BT are attracting attention in this convergence field.

u-Healthcare means a technology that allows patients to receive preventive, diagnostic treatment and follow-up services anytime, anywhere without visiting a hospital. In addition, more efficient health care services are possible through the introduction of overall life care technology that manages daily life habits such as eating habits and exercise habits that are closely related to medical activities such as disease prevention, diagnosis and treatment.

In order to enable the u-healthcare service, medical information must be digitized and information sharing is essential. However, there are various vulnerabilities and threats in terms of security and privacy in that medical information deals with extremely personal information and there may be various stakeholders related to medical information rights.

In addition, the sharing and secondary utilization of medical data has the inherent property that an unspecified number of people who are not pre-established in relation to each other participate. In the future, many heterogeneous medical data services will be provided, as well as more invasive privacy of patients and sensitive data owners.

Therefore, if personalized medical information is digitized and shared and used by hospitals or medical institutions, patients can omit unnecessary tests, and doctors or nurses in charge of the same patients can share the medical information of the patients (Primary Care). Will be. In addition, the doctor can transmit the diagnosis information of the patient including medical image information to a large medical institution to listen to the opinion. Furthermore, the digitization of medical information also facilitates data collection or analysis (Secondary Use) for academic research for statistical or clinical trials and epidemiological studies for the treatment of other patients.

However, the digitization of medical information has various advantages, but there is a problem of privacy invasion of patients. That is, intentional leakage may occur or the risk of trading, fraudulent viewing and duplication of medical information may be encountered. In particular, some kinds of medical information can create a great disadvantage of mental suffering from employment discrimination and social discrimination. For example, employment discrimination due to HIV virus infection or mental illness. In the future, this breach of privacy may lead to employment discrimination based on genetic factors or having genetic disorder genes.

In addition, among the threats to the privacy of medical information is the unauthorized trading and leakage of medical information stored and managed in a private medical data repository. Among these cases, information such as the medical history, name, address, telephone number, and age of the patient is being sold to pharmacies and health specialists nationwide. For example, personal medical information lists of patients with a history of uterine cancer, schizophrenia, atopic dermatitis and diabetes are being traded to pharmacies and health food sales companies nationwide.

As such, unauthorized persons or organizations to maintain the confidentiality of medical information should not be able to know the content of the information so that only those authorized by the information owner can access it, and unauthorized persons should not. Therefore, it is necessary to receive personal information or medical information from the patient in order to perform care such as a nurse or a doctor, but information obtained from the patient should not be illegally shared / transacted with others.

Third parties other than doctors and patients, such as insurer organizations, administrators, and medical researchers, can access medical information. At present, medical practice is not performed by a single doctor. For example, in hospitals, medical practitioners in various occupations, including nurses and pharmacists, perform medical treatments on patients under the direction of doctors. In addition, clerical and foster workers who do not have professional qualifications are involved in medical services.

In addition, the exchange of patient information between facilities is becoming a problem as the mutual cooperation of medical facilities becomes active to improve efficiency. Furthermore, the emphasis on the integrated provision of health, medical care and welfare in accordance with an aging society is increasing the problem of personal information. That is, when a patient uses welfare services after medical services, the medical information of the patients may be transmitted to those who are engaged in health or welfare.

Therefore, many occupations other than doctors are involved in providing medical services to patients, which increases the number of people who know the personal information of patients, which inevitably increases the risk that medical information is infringed as personal information. In particular, involvement in non-medical occupations that do not impose confidentiality obligations under the law, etc. has caused significant problems.

In the case of storing sensitive personal medical information in a database in a medical institution, it is necessary to maintain confidentiality from insiders and outsiders, and also to protect the privacy of the medical service and the user of the service and maintain authority management.

Therefore, sharing and secondary utilization of medical data services will be generalized in u-healthcare domain regardless of user's will. In addition, when medical information is digitized and centrally managed and stored in an EHR (Electronic Health Record) and used inappropriately by medical staff or researchers, personal information may be infringed. Therefore, in order to activate u-healthcare service, privacy protection method is needed for sharing and secondary utilization of shared medical data.

In summary, there is an increasing number of cases (especially EHR-related services, etc.) in which medical-related data are shared, managed and distributed on Internet portal sites. In addition, since such data is largely stored in a database and contains personal privacy information, it should be safely shared and utilized in consideration of security risks.

However, if an unspecified number on the Internet (including hospital staff) shares data in a medical database or utilizes patient-related data for clinical or research purposes, if the consent of the patient is required, the system operation load will increase. And inefficiency problems arise in practical terms such as emergencies.

Accordingly, the present invention has been proposed to solve the above-described problem, and the present invention is an encryption method and management model for encrypting and storing data. It is to provide a method using a technique.

To this end, in the present invention, by using an ID-based multi-proxy re-encryption technique, a portion of the ciphertext encrypted with the delegator's ID is divided into shares using the ID of the multi proxy, and the value is restored to a value restored by a certain number of shares. It provides a method of generating a portion of the ciphertext U 'and re-encrypting it to be decryptable with the secret key of the delegate through the re-encryption key.

Multi-proxy re-encryption based medical data sharing method according to an embodiment of the present invention, proxy re-encryption server, delegating the authority to decrypt the medical data of the patient to the at least one proxy terminal; Generating, by the proxy re-encryption server, encryption data by encrypting the medical data, and querying whether the ciphertext is shared or not from the at least one proxy terminal; And generating, by the proxy re-encryption server, a re-encryption statement by re-encrypting the cipher text in the proxy according to a result of the sharing agreement query.

On the other hand, the multi-proxy re-encryption-based medical data sharing server according to an embodiment of the present invention, proxy re-encryption-based medical data sharing server, means for delegating the decoding authority of the medical data of the patient to at least one proxy terminal; Means for encrypting the medical data to generate a cipher text, and querying whether to share the cipher text with the at least one proxy terminal; And means for re-encrypting the cipher text according to the sharing agreement query result to generate and provide a re-encryption text.

According to the present invention, by applying this technique, it is possible to exclude security vulnerabilities against collusion attacks between the proxy and the delegate, and re-encryption by multi-proxy is possible.

In addition, the present invention has the effect of facilitating the second utilization of sharing and medical information through the delegation function instead of the consent of the patient.

In addition, in the present invention, part of the re-encryption text is divided by a secret distribution technique, thereby preventing the collusion attack between the proxy and the receiver. Also, when the proxy performs the re-encryption process in which the ciphertext is converted in the configuration of the ID-based re-encryption scheme, the proxy cannot know the secret key of the delegate and the delegate. In addition, the threshold adjustment (k-1 adjustment of the polynomial) can be made to determine the minimum number of participants that can agree / agree.

Through this, the present invention encrypts important information in the hospital and transmits it to the outside, and when consent / consensus of the medical staff is essential, when delegation of authority, the evaluators agree whether the delegation of the delegation and the delegation of the delegation are valid. ‹By consensus, it is possible when correct delegation is possible.

1 is a diagram illustrating a system to which a multi-proxy re-encryption based medical data sharing method according to an embodiment of the present invention is applied;
2 is a diagram illustrating a multi-proxy re-encryption based medical data sharing scheme according to an embodiment of the present invention;
3 is a diagram illustrating a multi-proxy re-encryption based medical data sharing order according to an embodiment of the present invention.

The foregoing and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: There will be. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The terms used in the present invention are defined as follows. The required technology in addition to the defined terms shall follow a known manner.

Proxy Re-encryption  technique-

Various methods for delegating decryption authority through proxy re-encryption have been proposed. Proxy re-encryption (PRE) is a technique for re-encrypting a ciphertext encrypted by the proxy of a delegator with a re-encryption key so that it can be decrypted using the delegate's secret key. The proxy can eliminate the possibility of exposing the delegator's private key by encrypting the delegator's ciphertext without decrypting it.

Bilinear Maps

에 대해 쌍선형사상

(

는 쌍선형사상의 출력공간)는 다음의 성질을 갖는다.2 Cyclic Groups

About bilinear

(

Is the bilinear output space)

및 모든

에 대해

가 성립된다.ㅇ Bilinear: all

And all

About

Is established.

의 생성원

에 대해

이다.ㅇ Nondegenerate:

Source of

About

to be.

에 대해서

를 계산하는 효율적인 알고리즘이 존재한다.ㅇ Computable: All

about

There is an efficient algorithm to calculate.

-ID based cryptography-

The ID-based encryption method encrypts using the receiver's ID during encryption. The ciphertext receiver decodes the secret key from the PKG. ID-based cryptography was first proposed by A Shamir in 1984.

Type and identity-based proxy re-encryption scheme

: 보안 파라메터

를 입력받고 쌍선형함수에 대한 순환군(위수

인 그룹

)을 생성한다.

상의 임의의 생성원

선택한 후 해쉬함수

,

를 선택한다. 임의의 난수로 마스터키

를 생성한다. 그리고 프록시

계산하고 공개 파라메터

를 출력한다.(One)

Security parameters

Is input to the cycle group for the bilinear function.

Phosphorus group

).

Generation on Pinterest

Hash function after selection

,

Select. Master key with random random numbers

. And proxy

Calculate and reveal parameters

.

-

: Master key

, 공개 파라메터

와

를 입력받아 프록시

를 계산한 후 비밀키

를 생성한다.
(2)

: Master key

, Public parameters

Wow

Proxy input

Calculate the secret key

.

: 임의의 난수

를 생성한 후

를 출력한다.

(3)

Random random number

After creating

.

: 위임자에 의해 수행되어지며 위임자의

인

와 피위임자의

인

, type 정보

, 위임자의 비밀키

, 을 입력하여 재암호화키

를 출력한다.(4)

Is performed by a delegator

sign

And the delegate

sign

, type information

Delegate's private key

Re-encryption key by typing,

.

: 프록시에 의해 수행되어지며 암호문

와 re-encryption키

를 입력받아 재암호화문

를 출력한다.(5)

Is performed by the proxy and is encrypted

With re-encryption key

Re-encryption text after inputting

.

: 암호문

을 입력받아

을 출력한다.

를 입력받아

을 계산한다.(6)

Ciphertext

Take input

Outputs

Take input

.

In the scheme proposed in this patent, a re-encryption key is calculated as follows.

The difference from this method is re-encryption by using proxy of delegate and delegate.

Dynamic threshold ciphers

와 생성자

와 함께 사용하기로 동의한다. 비밀키

를 선택 후 프록시

를 계산한다.
The participants

And constructor

I agree to use it with Secret key

Select Proxy

Calculate

은 다음과 같이 암호화하여 전달하고 임의의

를 선택 후

,

를 계산한다.
Message to recipient

Is encrypted and passed as follows:

After selecting

,

Calculate

인 임의의 다항식을 선택한다.

Choose any polynomial that is

로

를 계산한다.Unique value for each participant

in

Calculate

를 출력한다.
Sender is

.

은 복호를 위해 각 참가자들이

값을 계산하여 수신자에게 전송한다.Authorized subset of participants above threshold

For the purpose of decryption

Calculate the value and send it to the receiver.

를 계산 후, 역수를 구함으로써 본래 메시지

을 구할 수 있다.
The receiver is

Then calculate the reciprocal and return the original message

Can be obtained.

로 분할하며 각 프록시는

를 계산 후 임계치 k이상의 프록시가 모여

(

)값을 복원한다.
Here, the proposed scheme calculates an arbitrary polynomial based on the ID of the proxy.

And each proxy is

Calculate the proxy after the threshold k

(

Restore the value.

Hereinafter, a system to which a multi-proxy re-encryption based medical data sharing method according to an embodiment of the present invention is applied will be described with reference to the accompanying drawings.

1 is a diagram illustrating a system to which a multi-proxy re-encryption based medical data sharing method according to an embodiment of the present invention is applied.

Referring to FIG. 1, a system to which a multi-proxy re-encryption based medical data sharing method according to an embodiment of the present invention is applied includes a patient terminal 10, a proxy re-encryption server 20, a policy manager terminal 30, and a proxy terminal. 40 (or a proxy server) and the user terminal 50 is configured.

The network of the multi-proxy re-encryption-based medical data sharing system according to the embodiment of the present invention employs a wired or wireless Internet, a local network, or the like. Each of the components connected to the network of the system (eg, the patient terminal 10, the policy manager terminal 30, the proxy terminal 40, the user terminal 50, etc.) is basically user information (eg, It is assumed that access is made through user authentication using an ID or the like).

The patient terminal 10 is a terminal used by a patient using a medical institution such as a hospital or a pharmacy. The patient terminal 10 is medical data (eg, a medical history and a name, an address, a phone number, and an age of a patient) input and output to a medical institution. Role of authorizing delegation). The method of allowing such delegation is performed through Q & A or proxy authentication, which is well known and thus detailed description thereof will be omitted. For example, a delegator (patient) may grant his / her medical data decryption authority to a delegate (such as a clinical investigator, hospital doctor, or epidemiologist) under the agreement (agreement) of agents (multi-proxies).

Here, there are various vulnerabilities and threats in terms of security and privacy in that medical data handles extremely personal information and there may be various stakeholders related to medical information rights. For example, the medical data may include personal information, medical record information, treatment record information, test record information, prescription record information, and the like of each patient.

Thus, the proxy re-encryption server 20 is managed by the policy manager terminal 30, the proxy re-encryption server 20 primarily provides the medical information of the patient in a proxy-based re-encryption scheme. In the proxy encryption scheme, only designated users (eg, doctors or pharmacists, etc.) designated by the patient terminal 10 may decrypt and use medical data through secure transmission of medical data. However, if only the proxy encryption method is used, the consent of the patient is always required to decrypt the medical data.

Here, the proxy re-encryption server 20 is delegated to the proxy terminal 40 in place of the consent of the patient terminal 10, as described above to facilitate sharing and secondary utilization, by multiple proxies of medical data A distributed method (ie, multi distributed method) is performed. That is, the proxy re-encryption server 20 secondarily uses a proxy re-encryption (PRE) scheme. Proxy re-encryption method encrypts the ciphertext encrypted by the proxy of the delegate with the re-encryption key so that it can be decrypted using the delegate's secret key. In the existing PRE method, there are limitations due to the lack of consensus on delegation and the possibility of collusion of delegates and proxies. Therefore, a multi-proxy method is used to control the decryption authority delegated to the delegate. By applying this technique, security vulnerabilities against collusion attacks between delegators and delegates can be eliminated and re-encrypted by multi-proxy. Detailed description of the proxy re-encryption method will be described through the following examples.

The proxy terminal 40 is a terminal for providing a delegate (for example, a doctor or related medical staff) to delegate a data decryption authority management function for sharing or utilizing patient data for a purpose. In the present invention, the proxy terminal 40 is assumed to include at least one or more. The delegation authority of the proxy re-encryption technique is used in the form of delegation of access authority, which enables not only the use of simple distribution data but also various applications in the medical field, that is, data sharing and secondary use.

를 계산하고

과

을 사용하여 암호문을 생성한다. 프록시 재암호화 서버(20)는 생성된 암호문을 정책관리자 단말(30)에게 전송하고, 프록시 단말(40)의 ID를 이용한

에 관한 일정 개수의 share값을 각각의 프록시 단말(40)에게 전송한다. 이어, 프록시 단말(40)은 전송된 동의 여부를 결정하게 된다.The proxy re-encryption server 20 may delegate proxy authority 40 (eg, an institution, an individual (a delegate, an institutional review committee and a privacy committee), etc.) according to the medical data delegation from the patient terminal 10. , random

Calculate

and

Create a passphrase using. The proxy re-encryption server 20 transmits the generated cipher text to the policy manager terminal 30 and uses the ID of the proxy terminal 40.

It transmits a certain number of share values for each proxy terminal (40). Subsequently, the proxy terminal 40 determines whether or not the transmitted agreement.

)을 정책관리자 단말(30)에게 전송한다. 그리고 프록시 재암호화 서버(20)는 정책관리자 단말(30)의 정책에 따른 최종 결정이 이뤄지면

를 이용한 재암호화된 암호문을 생성하여 2차이용을 하는 사용자 단말(50; 예를 들어, 연구자 등)에게 전송한다. The proxy re-encryption server 20 receives the agreement decision from the proxy terminal 40, and when an agreement of more than a threshold is made, a value generated (

) Is transmitted to the policy manager terminal 30. And if the proxy re-encryption server 20 is made a final decision according to the policy of the policy manager terminal 30

Generate a re-encrypted cipher text using the second transmission to the user terminal 50 (for example, researchers, etc.) for secondary use.

The user terminal 50 receives the re-encrypted ciphertext provided in the manner described above, decrypts it via its secret key, and uses the medical data.

Meanwhile, the server exemplified in claims 7 to 10 of the present invention means a proxy re-encryption server, and each means for constituting the server is not shown, but any configuration may correspond to the method corresponding to each step performed in the server. If possible, the description thereof will be omitted.

2 is a diagram illustrating a multi-proxy re-encryption-based medical data sharing scheme according to an embodiment of the present invention.

Referring to Figure 2, in more detail, the multi-proxy re-encryption based medical data sharing scheme according to an embodiment of the present invention is as follows. The illustrated sharing scheme basically follows a proxy encryption and a multi-distribution scheme, and a detailed description thereof will be omitted.

: 보안 파라메터

를 입력하고 쌍선형함수에 대한 순환군 (위수

인 그룹

,

)를 생성하고,

상의 임의의 생성원

를 선택한다. 해쉬함수

를 선택한다.(One)

Security parameters

Enter the cycle group for the bilinear function

Phosphorus group

,

),

Any source on Pinterest

Select. Hash function

Select.

을 생성한다. 프록시

를 계산하고 공개 파라메터

를 공개한다.Master key with random random numbers

. Proxy

Calculate and public parameters

To the public.

: 마스터키 s, 공개파라메터

,

를 입력받아 프록시

계산 후, 비밀키

을 생성한다.
(2)

: Master key s, open parameter

,

Proxy input

After calculation, secret key

.

: 위임자에 의해 수행되며, 임의의

을 생성하고

을 계산한다.

(3)

Is performed by a delegator and is random

Create

.

차의 임의의 다항식을 생성하고,

Generate a random polynomial of the car,

here,

를 이용하여

를 계산한다.

를 계산한 후

와

를 각 프록시들에게 전송한다.Of proxies to share

Using

Calculate

After calculating

Wow

Send to each proxy.

를 계산한 후, Proxies above threshold k

After calculating

Calculate

: 위임자에 의해 수행되며, 공개 파라메터

, 평문

, 위임자의 프록시

, 비밀키

,

을 입력받아 암호문

를 계산한다.(4)

Is performed by the delegate and is a public parameter

, Plain text

Delegate proxy

, Secret key

,

Input password

Calculate

: 위임자에 의해 수행되며, 공개 파라메터

,

,

,

를 입력받아

를 계산한다.(5)

Is performed by the delegate and is a public parameter

,

,

,

Take input

Calculate

: 프록시 서버에 의해 수행되어지며, 조건을 만족하는 k개 이상의 프록시 집합의

값을 계산하여

를 복원한다.(6)

Is a set of k or more proxies performed by a proxy server that

By calculating the value

Restore it.

: 프록시 서버에 의해 수행되어지며, 공개 파라메터

, 암호문

, 재암호화키

, 복원된 share값

를 입력받아

를 계산한다.(7)

This is done by the proxy server and is a public parameter.

, Ciphertext

, Re-encryption key

, Share value restored

Take input

Calculate

: 공개 파라메터

, 암호문

,

를 입력받아,

를 계산후

을 복호한다.(8)

: Open parameters

, Ciphertext

,

Take the input,

After calculating

Decrypt

As described above, when performing the re-encryption process of converting the cipher text in the proxy terminal 40 in the ID-based re-encryption scheme according to the present invention, the proxy terminal 40 should not know the secret key of the delegate, and delegate However, it should not be possible to know plaintext information about ciphertext by itself. In addition, collusion between agents and delegates or agents and delegates must not reveal security vulnerabilities in the system.

. 이때,

은 데이터를 암호화할 때 랜덤값이고

는 피위임자에게 전송되는 재암호화시 필요로 하는 랜덤값이다. In addition, the proposed scheme generates a re-encryption key by randomizing the parameter r combined with Alice's private key and Bob's proxy generated using Alice ID and Bob's ID. here,

. At this time,

Is a random value when encrypting data

Is a random value required for re-encryption transmitted to the delegate.

이다. 이 값으로부터 계산될 수 있는 것은 재암호화문의 일부인

로써

이 유도된다. 따라서 완전한 재암호화문을 계산하기 위해서는

가 필요한데, 이때

를 구하기 위해

가 필요하게 된다.

를 계산하기 위해서 위임자의 비밀키

과

값이 필요하게 되는데, 이러한 두 가지 값은 프록시 그룹이나 제3자(해커 등)에 의해 계산될 수 없다. In addition, in the present invention, the value restored through the threshold scheme is merely

to be. What can be calculated from this value is that part of the re-encryption statement

As

This is induced. Therefore, to calculate a complete re-encryption statement

Is required,

To save

Will be needed.

Delegator's private key to compute

and

Values are required, and these two values cannot be calculated by proxy groups or third parties (such as hackers).

Therefore, even if the value restored by the threshold scheme is exposed, safety is not compromised when re-encryption is performed. In addition, the re-encryption key generation feature of this method excludes security vulnerabilities against collusion attacks between agents and delegates by randomizing the proxy generated from Bob's ID.

3 is a diagram illustrating a procedure of sharing medical data based on multi-proxy re-encryption according to an embodiment of the present invention.

Referring to Figure 3 to illustrate the sharing order of the multi-proxy re-encryption-based medical data sharing method according to an embodiment of the present invention.

First, the patient terminal 10 permits delegation of medical data (for example, information on a patient's medical history and name, address, telephone number, age, etc.) inputted to a medical institution or the like. For example, a delegator (patient) delegates his medical data decryption authority to agents (multi proxy).

를 계산하고

과

을 사용하여 암호문을 생성한다. 그에 따라 프록시 재암호화 서버(20)는 정책 관리자 단말(30)의 공유 정책에 따라 환자용 단말(10)로부터의 의료 데이터 위임에 따라 해당 위임 권한을 프록시 단말(40; 예컨대, 기관, 개인(피위임자; 기관심의위원회와 프라이버시 위원회) 등)에 위임한다.Next, the proxy re-encryption server 20 first generates a cipher text by encrypting the medical information of the patient (S10). At this time, the proxy re-encryption server 20 is a random

Calculate

and

Create a passphrase using. Accordingly, the proxy re-encryption server 20 transmits the delegation authority to the proxy terminal 40 according to the delegation of medical data from the patient terminal 10 according to the sharing policy of the policy manager terminal 30 (eg, an institution, an individual (the delegate). The institutional review committee and the privacy committee).

에 관한 share값을 각각의 프록시 단말(40)에게 전송한다(S30). 이어, 프록시 단말(40)은 전송된 동의 여부를 결정하게 된다.Subsequently, the proxy re-encryption server 20 transmits the generated cipher text to the policy manager terminal 30 (S20) and uses the ID of the proxy terminal 40.

The share value relating to the proxy is transmitted to each proxy terminal 40 (S30). Subsequently, the proxy terminal 40 determines whether or not the transmitted agreement.

)을 정책관리자 단말(30)에게 전송한다. 그리고 프록시 재암호화 서버(20)는 정책관리자 단말(30)의 정책에 따른 최종 결정이 이뤄지면

를 이용한 재암호화된 암호문을 생성하여(S50) 2차이용을 하는 사용자 단말(50; 예를 들어, 연구자 등)에게 전송한다. Subsequently, the proxy re-encryption server 20 receives the agreement decision from the proxy terminal 40 and determines whether the agreement is greater than or equal to the threshold (S40). Thus, if the proxy encryption server 20 agrees with a threshold or higher (S40; Yes), the proxy encryption server 20 generates a value (

) Is transmitted to the policy manager terminal 30. And if the proxy re-encryption server 20 is made a final decision according to the policy of the policy manager terminal 30

Generate a re-encrypted cipher text using (S50) and transmits to the user terminal 50 (for example, a researcher, etc.) for secondary use.

The user terminal 50 receives the re-encrypted ciphertext provided in the manner described above, decrypts it via its secret key, and then uses the medical data (S60).

As described above with reference to the drawings illustrated for the preferred embodiment of the present invention, the present invention is not limited by the embodiments and drawings disclosed herein, it can be applied within the scope of the technical spirit is protected.

10: patient terminal 20: proxy re-encryption server
30: Policy Manager Terminal 40: Proxy Terminal
50: user terminal

Claims (11)

Proxy re-encryption based medical data sharing method,
Delegating, by the proxy re-encryption server, the decoding authority of the medical data of the patient to at least one or more proxy terminals;
Generating, by the proxy re-encryption server, encryption data by encrypting the medical data, and querying whether the ciphertext is shared or not from the at least one proxy terminal; And
And re-encrypting the cipher text with a proxy to generate and re-encrypt the cipher text according to a result of the sharing agreement query, by the proxy re-encryption server. The method according to claim 1,
Inquiring whether the consent is,
Calculating, by the proxy re-encryption server, a sharing value using IDs of the at least one or more proxy terminals;
Encrypting the medical data based on the shared value; And
And transmitting the shared value to the at least one proxy terminal to query whether or not to agree. The method according to claim 2,
Generating and providing the re-encryption statement,
Receiving, by the proxy re-encryption server, a sharing consent query result from the at least one proxy terminal;
Determining whether the sharing agreement result is greater than or equal to a preset threshold based on the received sharing consent query result; And
And re-encrypting the cipher text in the proxy according to the determination result, thereby generating and providing a re-encryption text. The method according to claim 3,
Delegating to the at least one proxy terminal,
Receiving, by the proxy re-encryption server, a request for delegation of the medical data from a patient terminal; And
And delegating the delegation authority to at least one or more proxy terminals that will delegate the delegation. The method according to claim 4,
Creating and providing a re-encryption statement,
The proxy re-encryption server notifies the policy manager server according to the delegation request, provides a result of the sharing agreement query from the proxy terminal, and performs re-encryption upon receiving the final approval. Proxy re-encryption based medical data sharing method. The method according to claim 5,
Receiving, by the proxy re-encryption server, a data request from a user terminal to use the medical data,
After generating and providing the re-encryption statement, the user terminal, the multi-proxy re-encryption based medical data comprising the step of using the decryption of the re-encryption statement using the secret key of the user terminal itself How to share. Proxy re-encryption based medical data sharing server,
Means for delegating decryption authority of a patient's medical data to at least one or more proxy terminals;
Means for encrypting the medical data to generate a cipher text, and querying whether to share the cipher text with the at least one proxy terminal; And
And means for re-encrypting the cipher text in the proxy according to the sharing agreement query result to generate and provide a re-encryption text. The method according to claim 7,
Means for querying the consent,
Computing a shared value using the ID of the at least one proxy terminal, encrypting the medical data based on the shared value, and sending the shared value to the at least one proxy terminal to query whether or not to agree A multi-proxy re-encryption based medical data sharing server. The method according to claim 8,
Means for generating and providing the re-encryption statement,
Receiving a sharing agreement query result from the at least one proxy terminal, determining whether the sharing agreement result is greater than or equal to a preset threshold based on the received sharing agreement query result, and re-encrypting the cipher text in the proxy according to the determination result. Multi-proxy re-encryption based medical data sharing server, characterized in that for generating and providing a re-encryption statement. The method according to claim 9,
Means for delegating to the at least one proxy terminal,
Receiving a request for delegation of the medical data from a patient terminal, and delegates the delegation authority to at least one proxy terminal to represent the delegation, multi-proxy re-encryption based medical data sharing server. The method according to claim 10,
Means for generating and providing the re-encryption statement,
Multi-proxy re-encryption-based medical data sharing characterized in that the re-encryption is performed according to the delegation request by informing the policy manager server in response to the delegation request, providing a result of the sharing agreement query from the proxy terminal receiving the final approval. server.

Images