Research On Access Control Method Of Medical Data Based On Smart Contract

In recent years,the development of medical informatization has accelerated,and the emergence of various data sharing platforms has broken the phenomenon of "Data Islands".The high value of medical data has been brought into full play in the era of big data sharing.But at the same time,the strong privacy of medical data has put forward higher and more comprehensive security requirements for the sharing process.Attribute-based access control method can implement fine-grained,dynamic and flexible authorization access to protect data security,but it faces problems such as centralized management,low access efficiency and lack of encryption mechanism.This thesis proposes a decentralized,secure and efficient medical data access control method.The specific research contents are as follows:(1)In order to optimize the attribute information,this thesis proposes a classified and hierarchical attribute algorithm based on smart contract.This algorithm uses the attribute classified design to get the attribute classified structure and variable assignment range,and uses the attribute hierarchical design to assign security levels to the subject attribute values and resource attribute values.After completion,we configure appropriate attributes for the access control policy based on the privacy level of the resource.Attribute assignment contract and priority decision contract implement decentralized access control operate,improve access efficiency and enhance data security.(2)In order to solve the problem of low efficiency of policy matching,this thesis proposes a policy tree matching by post-order traversal algorithm based on smart contract.This algorithm generates the structure of policy tree and request tree according to the XACML’s policy tag.Then,we design the post-order traversal matching process and useless policy subtree pruning rules of policy tree and request tree.Finally,we use the policy matching contract to realize decentralized policy matching work,enhance the credibility of matching results and improve matching efficiency.(3)We design a Medical Data Access Control Method Based on Smart Contract(MDACSC).In this method,we apply the classified and hierarchical attribute algorithm and the policy tree matching by post-order traversal algorithm to access control mechanism,combine smart contract technology to realize automatic and flexible access control process.The design gets rid of the dependence of the third party trust organization and realizes the new management mechanism of decentralization.At the same time,we use the Attribute Based Proxy Re-encryption Scheme(ABPRE)service for patient medical data to ensure data access security,and prove the security of the scheme through bilinear difficulty problem.Simulation experiments verify the effectiveness of attribute optimization and the feasibility of policy matching.Compared with other access control methods,MDACSC effectively improves the efficiency of access control.