基于云存储的电子病历访问控制策略研究

发布时间：2019-03-06 20:53

【摘要】：人类已步入信息时代,现代医疗发展趋势正逐步偏向电子化,电子病历(EMR,Electronic Medical Record),作为医疗活动信息的主要载体,在现代医疗中占据举足轻重的位置。关于患者就诊的各方面综合信息,医院一般用EMR来记录。目前于局域网基础上建立的EMR系统在我国大部分医院信息系统中被广泛应用,这种系统不能支持EMR广泛信息的共享,对医疗服务和病理研究也没有太多的贡献,因而不能满足医疗发展的需要。而且EMR中包含众多患者隐私信息,在实现信息共享过程中极有可能面临诸多安全问题,所以EMR在我国还未普遍应用。针对上述存在的问题,如果构建一种基于云存储的EMR系统,从系统的安全性和适用性方面对现有系统进行改善,使得EMR系统能够为医院和患者提供方便安全的服务,将会在我国信息化医疗方面做出巨大贡献。我们构建的EMR系统主要由EMR存储云和可信属性机构组成。我们采用云存储技术对数据进行存储和管理,具有易于维护和扩展的特点。基于云存储的EMR系统有四个层面,分别为资源存储层、基础管理层、访问控制层和EMR服务层。访问控制层用来实现属性认证功能,只有当用户的属性满足一定的条件才能获取真实明文信息。EMR服务层主要对医院和患者提供统一的EMR。可信属性机构存储不同医师的属性特征,为访问控制奠定基础。本文根据EMR在现实中的安全需求,在现有研究成果的基础上,应用基于密文策略的属性加密(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)方法详细设计了对云存储中数据的访问和控制模型,只有那些具有与加密策略相匹配的用户才能把密文翻译成明文,这样就可以强有力地保证云空间中EMR数据的安全。而且为了方便地进行用户权限撤销操作,为每个属性随机选择了一个属性版本号。引进转移密钥,转移密钥可以使用户把自己的大量计算转移给云服务器,极大地减轻了用户计算量。
[Abstract]:Human has entered the information age, the development trend of modern medical care is gradually inclined to electronic, electronic medical records (EMR,Electronic Medical Record),) as the main carrier of medical activities, occupies an important position in modern medical care. Hospitals generally use EMR to record comprehensive information on all aspects of a patient's visit. At present, the EMR system based on LAN is widely used in most hospital information systems in our country. This kind of system can not support the sharing of extensive information of EMR, and has little contribution to medical service and pathology research. Therefore, it can not meet the needs of medical development. Moreover, EMR contains many patients' privacy information, so it is possible to face many security problems in the process of information sharing. Therefore, EMR has not been widely used in China. In order to solve the above problems, if we build a EMR system based on cloud storage, improve the existing system from the security and applicability of the system, so that the EMR system can provide convenient and secure services for hospitals and patients. It will make a great contribution in the field of information-based medical treatment in our country. The EMR system we build mainly consists of EMR storage cloud and trusted attribute organization. We use cloud storage technology to store and manage data, which is easy to maintain and expand. The EMR system based on cloud storage has four layers: resource storage layer, basic management layer, access control layer and EMR service layer. The access control layer is used to realize the attribute authentication function, and only when the user's attributes satisfy certain conditions can the real plaintext information be obtained. EMR service layer mainly provides a unified EMR. for hospitals and patients. Trusted attribute mechanism stores the attribute characteristics of different physicians and lays the foundation for access control. According to the security requirement of EMR in reality, this paper designs the data access and control model of cloud storage in detail by using attribute encryption (Ciphertext-Policy Attribute-Based Encryption,CP-ABE) method based on ciphertext policy, based on the existing research results. Only those users who have matching encryption policies can translate ciphertext into plain text, which can guarantee the security of EMR data in cloud space. And for the convenience of user rights revocation, a random attribute version number is selected for each attribute. The introduction of transfer key enables users to transfer a large number of their calculations to the cloud server, which greatly reduces the user's calculation.
【学位授予单位】：北方工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：R197.3;TP333

【参考文献】