阅读说明：本技术 一种信息查询方法、装置、设备及存储介质 (Information query method, device, equipment and storage medium ) 是由 栗鸿宇 申作军 陈志良 于 2020-09-15 设计创作，主要内容包括：本发明实施例公开了一种信息查询方法、装置、设备及存储介质,所述方法应用于区块链节点,包括：获取健康信息查询请求；调用查询控制智能合约执行所述健康信息查询请求,确定所述健康信息查询请求的健康信息查询地址；将所述健康信息查询地址反馈至信息查询方,以使所述信息查询方根据所述健康信息查询地址获取所述健康信息查询请求对应的目标健康信息。本发明实施例提供的方法通过根据预先设置的查询控制智能合约进行健康信息查询请求的响应,实现了对电子健康记录的访问的有效控制。(The embodiment of the invention discloses an information query method, an information query device, information query equipment and a storage medium, wherein the method is applied to a block chain node and comprises the following steps: acquiring a health information query request; calling a query control intelligent contract to execute the health information query request and determining a health information query address of the health information query request; and feeding back the health information inquiry address to an information inquiry party so that the information inquiry party acquires target health information corresponding to the health information inquiry request according to the health information inquiry address. The method provided by the embodiment of the invention realizes effective control on access of the electronic health record by responding the health information query request according to the preset query control intelligent contract.)

1. An information query method, applied to a blockchain node, includes:

acquiring a health information query request;

calling a query control intelligent contract to execute the health information query request and determining a health information query address of the health information query request;

and feeding back the health information inquiry address to an information inquiry party so that the information inquiry party acquires target health information corresponding to the health information inquiry request according to the health information inquiry address.

2. The method of claim 1, wherein the invoking an inquiry control intelligent contract to execute the health information inquiry request and determine a health information inquiry address corresponding to the health information inquiry request comprises:

generating an authority query request in an authorized abbreviated language form according to the health information query request;

and determining whether the information inquirer has the inquiry authority or not according to the authority inquiry request, and determining the health information inquiry address based on a target information storage path associated with a target information identifier of the health information inquiry request when the information inquirer has the inquiry authority.

3. The method as claimed in claim 2, wherein said determining whether the information inquirer has the inquiry authority according to the authority inquiry request comprises:

and determining an inquiry initiator and an inquiry target party according to the permission inquiry request, and calling an access control list corresponding to the inquiry target party to judge whether the inquiry initiator has inquiry permission.

4. The method of claim 3, further comprising:

and responding to the detected access control list setting request, determining a setting user identifier and a setting access control list associated with the access control list setting request, and uplink-storing the setting user identifier and the setting access control list.

5. The method of claim 2, wherein the target information storage path comprises at least one target one-time self-destruction address, and wherein determining the health information query address based on the target information identification associated with the health information query request comprises:

and acquiring a target one-time self-destruction address in the target information storage path as the health information query address.

6. The method of claim 5, further comprising:

in response to a detected health information storage request, storing a stored health information uplink associated with the health information storage request, and generating at least one stored disposable self-destruction address based on an original storage address of the stored health information;

and taking the at least one storage disposable self-destruction address as a storage information storage path for storing the health information, and storing the storage information storage path and the storage information identifier for storing the health information into a block chain network in an associated manner.

7. The method of claim 1, further comprising:

acquiring an information access request, wherein the information access request is generated by the information inquiry party according to the health information inquiry address;

and acquiring target health information corresponding to the information access request, and feeding back the target health information to the information inquiring party.

8. The method of claim 6, further comprising, before feeding the target health information back to the information querying party:

acquiring a hash abstract associated with the target health information;

correspondingly, the feeding back the target health information to the information inquiring party includes:

and feeding back the target health information and the hash abstract to the information inquiring party so that the information inquiring party judges whether the target health information is tampered or not according to the hash abstract.

9. An information query apparatus configured at a blockchain node, comprising:

the query request acquisition module is used for acquiring a health information query request;

the query address acquisition module is used for calling a query control intelligent contract to execute the health information query request and determining a health information query address of the health information query request;

and the address information feedback module is used for feeding back the information inquiry place to an information inquiry party so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address.

10. A computer device, the device comprising:

one or more processors;

storage means for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement the information query method of any one of claims 1-8.

11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the information query method according to any one of claims 1 to 8.

Technical Field

The embodiment of the invention relates to the technical field of computers, in particular to an information query method, an information query device, information query equipment and a storage medium.

Background

With the popularity of digital devices, Electronic Health Record (EHR) data of patients can be collected from more sources, such as wearable devices, smart sensors, medical imaging devices, and the like. It has been reported that EHR data volume will continue to increase at 48% per year, reaching 2314ZB in 2020. In the process of implementing the invention, the inventor finds that at least the following technical problems exist in the prior art: since exposure events of medical records occur due to illegal data manipulation, protecting the safety of EHR data has become a significant problem in the field of electronic medical care. Although encryption techniques address some of the basic security and privacy concerns of EHRs, management of data, particularly access control, is difficult to perform efficiently due to the highly distributed and fragmented EHR data and the complex relationship between the data owner and the data consumer. Therefore, how to realize effective control of EHR data access is a technical problem to be solved urgently.

Disclosure of Invention

The embodiment of the invention provides an information query method, an information query device, information query equipment and a storage medium, which are used for realizing effective control on access of electronic health records.

In a first aspect, an embodiment of the present invention provides an information query method, applied to a blockchain node, including:

acquiring a health information query request;

calling a query control intelligent contract to execute a health information query request and determining a health information query address of the health information query request;

and feeding back the health information inquiry address to the information inquiry party so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address.

In a second aspect, an embodiment of the present invention further provides an information query apparatus, configured at a blockchain node, including:

the query request acquisition module is used for acquiring a health information query request;

the query address acquisition module is used for calling a query control intelligent contract to execute the health information query request and determining a health information query address of the health information query request;

and the address information feedback module is used for feeding back the health information inquiry address to the information inquiry party so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address.

In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:

one or more processors;

storage means for storing one or more programs;

when the one or more programs are executed by the one or more processors, the one or more processors implement the information query method as provided by any embodiment of the invention.

In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the information query method provided in any embodiment of the present invention.

The embodiment of the invention obtains the health information query request through the block chain node; calling a query control intelligent contract to execute a health information query request and determining a health information query address of the health information query request; the health information inquiry address is fed back to the information inquiry party, so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address, and the health information inquiry request is responded through the block link point according to a preset inquiry control intelligent contract, so that the access of the electronic health record is effectively controlled.

Drawings

Fig. 1 is a flowchart of an information query method according to an embodiment of the present invention;

fig. 2 is a flowchart of an information query method according to a second embodiment of the present invention;

fig. 3a is an architecture diagram of an information query system according to a third embodiment of the present invention;

FIG. 3b is a diagram of a reference architecture and a processing model of an access control policy according to a third embodiment of the present invention;

fig. 3c is a schematic view of an access control workflow of an information query system according to a third embodiment of the present invention;

fig. 3d is a schematic diagram of a blockchain-based infrastructure according to a third embodiment of the present invention;

fig. 4 is a schematic structural diagram of an information query apparatus according to a fourth embodiment of the present invention;

fig. 5 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.

Example one

In order to clearly introduce the technical solutions of the embodiments of the present invention, a system for executing information query will be described first. In this embodiment, the information query system may include a data owner and an information query party of the blockchain system. The data owner is configured to issue a storage or query transaction request (such as an information storage request, an information acquisition request, and the like) to the blockchain network, so that the information is stored in the blockchain maintained by the blockchain system, or the information is acquired from the blockchain maintained by the blockchain system; or setting access rights of information thereof; the information inquiring party is used for issuing an inquiry transaction request (such as an information acquisition request and the like) to the blockchain network so as to acquire information from the blockchain maintained by the blockchain system. The device used by the data owner or the information inquiry party is an electronic device provided with a client accessing the blockchain system, and can be a mobile terminal such as a smart phone and a notebook, and can also be a fixed terminal such as a desktop and a personal computer. The blockchain System may be a blockchain platform such as an ethernet or EOS (Enterprise Operation System). Alternatively, a HyperLegger Fabric blockchain platform may be employed.

Fig. 1 is a flowchart of an information query method according to an embodiment of the present invention. The embodiment can be applied to the condition of inquiring the privacy information in the block chain, in particular to the condition of inquiring the electronic health record. The method may be performed by an information query apparatus, which may be implemented in software and/or hardware, for example, the information query apparatus may be configured in a computer device. As shown in fig. 1, the method includes:

and S110, acquiring a health information inquiry request.

In this embodiment, the health information query request may be a request initiated by a data owner or an information inquirer for a user to query the target health information. Illustratively, a patient or medical staff initiates an information query operation through a blockchain system client, the blockchain system client generates a corresponding health information query request and sends the health information query request to blockchain nodes after receiving the information query operation of the patient or medical staff, and the blockchain nodes receive the health information query request and call corresponding intelligent contracts to respond to the health information query request.

Alternatively, the target health information may be an Electronic Medical Record (EMR), health measurement information, or the like of the query object. EMR is understood to mean medical data created, stored and used by a medical institution in an electronic manner, which focuses on clinic diagnosis and treatment of outpatients and inpatients (or health care subjects) and guides intervention information, and is complete and detailed clinical information generated and recorded by resident individuals in the course of each visit of the medical institution. The health measurement information may be physiological information measured by an intelligent wearable sensor, such as blood pressure information measured by a blood pressure sensor, respiratory information measured by an airflow sensor, electrocardiogram information measured by an electrocardiogram sensor, electromyogram information measured by an electromyogram sensor, sound information measured by a snore sensor, body position information measured by a body position sensor, skin information measured by a skin reaction sensor, and the like.

And S120, calling the query control intelligent contract to execute the health information query request and determining a health information query address of the health information query request.

In this embodiment, access to the electronic health records is controlled by querying the control intelligence contract. Optionally, the query control intelligence contract may be access controlled based on the attributes. In one embodiment, the query Control contract may be written using an attribute-based Access Control policy Language, which is in principle Extensible Access Control Markup Language (XACML), which may evaluate the Access request according to rules defined in the Access policy. However, the design mode of XACML is complicated, the syntax is complex, and the difficulty of compiling and reading XACML scripts by developers is high. To simplify the development difficulty, query control contracts may be written in an authorized Language For Authorization, Abbreviated Language (ALFA), which may specify access control policies and map directly into the XACML structure. The ALFA contains the same elements as defined by XACML and inherits the overall structure and concept of XACML. Thus, the ALFA may be used to enforce attribute-based access control policies in a query control contract.

On the basis of the scheme, the method for determining the health information inquiry address of the health information inquiry request by calling the inquiry control intelligent contract to execute the health information inquiry request comprises the following steps: generating an authority inquiry request in an authorized abbreviated language form according to the health information inquiry request; and determining whether the information inquirer has the inquiry authority according to the authority inquiry request, and determining a health information inquiry address based on a target information storage path associated with the target information identifier of the health information inquiry request when the information inquirer has the inquiry authority. Preferably, the attribute-based access control policy in the query control contract is implemented using an authorized abbreviated language to simplify the difficulty of development. Specifically, the health information query request is converted into an ALFA authority query request, whether an information inquirer corresponding to the authority query request has query authority or not is judged according to preset access authority judgment logic, when the information inquirer has the query authority, a target information storage path associated with a target information identifier of the health information query request is obtained, and a health information query address is determined based on the obtained target information storage path. Optionally, the health information query address may be a uniform resource locator of the target health information.

In one embodiment, the determining whether the information inquirer has the inquiry authority according to the authority inquiry request includes: and determining an inquiry initiator and an inquiry target party according to the permission inquiry request, and calling an access control list corresponding to the inquiry target party to judge whether the inquiry initiator has inquiry permission. Optionally, for each data owner, the data owner may set an access list that enables access to its electronic health record. When judging whether the information inquiring party has the inquiring authority, the target user identification of the inquiring target party corresponding to the authority inquiring request can be obtained, the access control list corresponding to the target user identification is obtained, and when the inquiring initiator meets the access condition of the access control list, the information inquiring party is judged to have the inquiring authority; otherwise, the information inquirer is judged not to have inquiry authority. Wherein the access condition of the access control list may be a user identification or a user attribute that can access the electronic health record.

On the basis of the scheme, the method further comprises the following steps: and in response to the detected access control list setting request, determining a set user identifier and a set access control list associated with the access control list setting request, and performing uplink storage on the set user identifier and the set access control list. Optionally, to ensure privacy of the electronic health record of the data owner, the data owner may set an access control list accessible to the electronic health record of the data owner, and uplink-store the access control list, so as to call the stored access control list to determine whether a task initiator of the health information query request has access right when receiving the health information query request.

In one embodiment, the target information storage path includes at least one target one-time self-destruction address, and determining the health information query address based on the target information storage path associated with the target information identifier of the health information query request includes: and acquiring a target one-time self-destruction address in the target information storage path as a health information query address. Optionally, in order to avoid that a malicious user acquires the electronic health record through the health information query address, the target disposable self-destruction address can be used as the health information query address, so that after the task initiator acquires the target health information according to the received target disposable self-destruction address, the address cannot be reused, and the safety of the electronic health record is ensured. Optionally, the target one-time self-destruction address may be a target one-time self-destruction uniform resource locator.

On the basis of the scheme, the method further comprises the following steps: in response to the detected health information storage request, storing the stored health information linked with the health information storage request in an uplink mode, and generating at least one stored disposable self-destruction address based on an original storage address for storing the health information; and taking at least one storage disposable self-destruction address as a storage information storage path for storing the health information, and storing the storage information storage path and the storage information identifier for storing the health information into the block chain network in an associated manner. Optionally, after the health information is stored, a storage one-time self-destruction address is generated based on the storage address of the health information, and the generated storage one-time self-destruction address is stored in the block chain network as a storage information storage path in association with the information identifier. And when an information query request is received, taking the storage disposable self-destruction address in the storage information storage path as a health information query address. Preferably, in order to increase the number of times information can be queried, a plurality of store one-time self-destruct addresses can be generated as the information storage path.

S130, the health information inquiry address is fed back to the information inquiry party, so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address.

In this embodiment, after the health information query address is obtained, the health information query address is fed back to the information query party corresponding to the health information query request as response information corresponding to the health information query request, so that the information query party obtains the target health information from the blockchain network again according to the health information query address.

The embodiment of the invention obtains the health information query request through the block chain node; calling a query control intelligent contract to execute a health information query request, and determining a health information query address corresponding to the health information query request; the health information inquiry address is fed back to the information inquiry party, so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address, the health information inquiry request is responded through the block link points according to the preset inquiry control intelligent contract, and the access of the electronic health record is effectively controlled.

Example two

Fig. 2 is a flowchart of an information query method according to a second embodiment of the present invention. The embodiment is further optimized on the basis of the scheme. As shown in fig. 2, the method includes:

s210, acquiring a health information query request.

S220, calling the query control intelligent contract to execute the health information query request and determining a health information query address of the health information query request.

And S230, feeding back the health information inquiry address to the information inquiry party.

S240, obtaining an information access request, wherein the information access request is generated by an information inquiry party according to the target inquiry information.

After the information inquiry party receives the health information inquiry address, an information access request is generated according to the health information inquiry address and is sent to the block chain network, and the block chain nodes acquire target health information according to the received information access request.

And S250, acquiring target health information corresponding to the information access request, and feeding the target health information back to the information inquiring party.

In this embodiment, the block link point acquires the target health information according to the address included in the information access request, and feeds the target health information as response information corresponding to the information access request back to the information inquiring party corresponding to the information access request, thereby completing the inquiry of the electronic health record information.

It should be noted that the block link point for feeding back the health information query address to the information query party and the block link point for feeding back the target health information to the information query party may be the same block link point or different block link nodes. It can be understood that both the block chain link point for feeding back the health information inquiry address to the information inquiry party and the block chain link point for feeding back the target health information to the information inquiry party can call the inquiry control intelligent contract, but the block chain link point for feeding back the health information inquiry address to the information inquiry party may not store the health information, and the block chain link point for feeding back the target health information to the information inquiry party stores the health information.

In one embodiment of the present invention, before feeding the target health information back to the information inquiring party, the method further includes: acquiring a hash abstract associated with the target health information; correspondingly, the target health information is fed back to the information inquiry party, and the method comprises the following steps: and feeding back the target health information and the hash abstract to the information inquiring party so that the information inquiring party judges whether the target health information is tampered according to the hash abstract. Optionally, in order to ensure accuracy of the queried target health information, when the electronic health record is uplink-stored by the data owner, a hash digest may be generated according to the information stored in the uplink, and after the information access request is received, the hash digest corresponding to the target health information and the target health information are fed back to the information querying party. The information inquiring party can judge whether the target health information is tampered according to whether the current hash digest of the received target health information is consistent with the received hash digest. It is understood that when the current hash digest of the target health information is consistent with the received hash digest, it may be determined that the target health information has not been tampered; when the current hash digest of the target health information and the received hash digest are not identical, it may be determined that the target health information is tampered.

According to the embodiment of the invention, the target health information corresponding to the information access request is obtained by obtaining the information access request, and the target health information is fed back to the information inquiry party corresponding to the information access request as the response information corresponding to the information access request, so that the inquiry operation of the target health information is completed, and the effective control of the access of the electronic health record is realized.

EXAMPLE III

The present embodiment provides a preferred embodiment based on the above-described embodiments.

The information query method provided by the embodiment of the invention can be executed by an information query system. Fig. 3a is an architecture diagram of an information query system according to a third embodiment of the present invention. As shown in fig. 3a, the information query system utilizes blockchains and edge nodes to enforce attribute-based access control on EHR data. Wherein the edge node is a computing and storage device that stores EHR data and applies an attribute-based access control policy.

Overall, the superhedger Fabric block chain is used to execute an intelligent contract programmed by using an Access Control List (ACL), so as to implement identity-based Access Control on EHR data, and record all Access events into the block chain, so as to implement traceability of responsibility. In the cooperation process, the edge node stores EHR data and further performs attribute-based data access control, the policy of which is specified in Abbreviated Language For Authorization (ALFA). Further, the hash digest is used to protect the integrity of EHR data stored in the edge node, thereby detecting any change in the EHR. In addition, one-time self-destruction URLs are used in smart contracts, which contain EHR data addresses on the edge nodes, which are returned to the healthcare provider upon successful execution of the ACL access policy, and which the healthcare provider can then use to access the EHR data on the edge nodes. Thus, only qualified users with attribute-based access control on the edge node can access the EHR data.

Optionally, the information query system includes the following entities: the patients: the patient is the entity that owns the EHR data to be accessed. The patient may specify an access policy for EHR data that the patient owns; medical sensor/imaging device: the medical sensor is a medical device that collects EHR data of the patient and sends it to the edge node. The imaging devices may include X-ray, CT, MRI, ultrasound, etc. devices that generate EHR data from a patient; the medical staff: healthcare workers (e.g., doctors and nurses) are entities that need access to EHR data owned by patients. The healthcare worker may actively seek access authorization from the patient. EHR data: EHR data is information owned by the patient that can be accessed by authorized medical personnel; edge nodes: edge nodes are computing and storage devices that store EHR data and apply attribute-based access control policies. Block chains: the block chain is used as a controller of the architecture, manages an access control strategy and records an anti-tampering access log.

The edge node uses an attribute-based Access Control policy Language (xcml), which is based on the principle of an Extensible Access Control Markup Language (XACML), and the XACML can evaluate an Access request according to a rule defined in an Access policy. Fig. 3b is a schematic diagram of a reference architecture and a processing model of an access control policy according to a third embodiment of the present invention. In fig. 3b, a Policy Enforcement Point (PEP) checks a user's access request, translates the request into an XACML authorization request, and forwards it to a Policy Decision Point (PDP) to obtain an access Decision (e.g., permission or denial), and takes action based on the received Decision. A Policy Administration Point (PAP) is responsible for managing access control policies. The PDP evaluates incoming requests according to its configured policy and returns access decisions. The PDP may also use Policy Information Point (PIP) to retrieve the attribute values. The PIP connects the PDP to retrieve the external attribute value source (e.g. resource, body, context).

However, the design mode of XACML is complicated, the syntax is complex, and the development difficulty is large. Thus, an authorized Language For Authorization abstraction (ALFA) may be used, which may specify access control policies and map directly into the XACML structure. The ALFA contains the same elements as defined by XACML and inherits the overall structure and concept of XACML. The main components of ALFA are: attributes, goals, conditions, rules, policies, and responsibilities. The ALFA may be used to enforce attribute-based access control policies for EHR data stored at the edge nodes. By utilizing the above components of the ALFA, various access control strategies can be enforced on the EHR data according to the specifications of the data owner, and a comprehensive decision process is provided.

The medical sensor in fig. 3a may be a smart wearable sensor. Advances in smart wearable sensor technology have enabled EHR systems to collect biometric data of patients. The sensors widely used at present comprise a blood pressure sensor, an airflow sensor, an electrocardiogram sensor, an electromyogram sensor, a snore sensor, a body position sensor, a skin reaction sensor and the like, the sensors can directly upload EHR data to the edge node by using WiFi through a data collection platform, or transmit the EHR data to a smart phone of a patient through Bluetooth, and the smart phone uploads the EHR data to the edge node.

Fig. 3c is a schematic view of an access control workflow of an information query system according to a third embodiment of the present invention. As shown in fig. 3c, the smart sensor and imaging device acquire EHR data from the patient and upload to the edge node. And then, the edge node enforces the access right of the EHR data by applying an access control strategy based on the attribute, and returns a one-time self-destruction website containing the EHR address on the edge node to the patient. Thirdly, the patient registers on the HyperLegger Fabric blockchain, defines an Access Control List (ACL) policy and declares the Access right of the medical staff. Next, the doctor/nurse may send an access request via the smart contract, and the doctor/nurse may check the identity information according to the access control list policy. If the conditions are met, the intelligent contract finds the edge nodes which separately store the EHR data and returns the corresponding URL addresses. Finally, a doctor or nurse may obtain access rights to the EHR data as long as the requirements for performing the attribute-based access control policy on the EHR data are met. It should be noted that "block chain (HER access log)" in fig. 3c is a block chain node that can invoke a smart contract, and "edge node" is a block chain node that stores health information and can invoke a smart contract. Thus, the "block chain (HER access log)" and the "edge node" in fig. 3c may be the same node or different nodes.

The access control to the electronic health record in the above process is mainly based on an intelligent contract of the access control list. The implementation of the intelligent contract is explained first. In this embodiment, HyperLegger Fabric is used to implement a blockchain-based infrastructure. Fig. 3d is a schematic diagram of an infrastructure based on a block chain according to a third embodiment of the present invention. As shown in fig. 3d, the infrastructure comprises four programmable parts. The first part is to define the network functions in a model file (. cto), including participants, URL addresses, transaction and access control logs. The second part is to write intelligent contracts in script files (.js) that contain transaction processing functions. The third part is to define ACL rules for different participants in the access control file (. ACL). Finally, the database Query is defined in a Query File (. qry).

It will be appreciated that in this embodiment, the participants represent patients and doctors. The EHR address of the patient is maintained as a personal asset in the blockchain network. It is to be understood that the patient and EHR asset have a one-to-one pairing relationship, both identified by patient identification. Authorized by the ACL, the doctor can retrieve the EHR address of the patient, while the patient is only allowed to retrieve his EHR address. The retrieval function is defined as a transaction process in the smart contract, invoked by the participant who submitted the request. Finally, all historical retrieval events are saved as unalterable, traceable EHR access control logs on the blockchain network.

After the edge node collects EHR data from the patient, the patient may enforce an ACL policy on their EHR data. By defining the ACL policy, it can be determined which users are allowed to read, write, and update which data. When an ACL policy is available in the blockchain network, a data user, such as a doctor or nurse, may send an access request to the patient, obtain access permission, and receive the URL address of the actual EHR data stored in the edge node.

Optionally, the definition of an ACL policy includes components such as subject, operation, target, condition, action, and the like. Wherein, the theme is: the persons or entities involved in the ACL process are defined. The operation is as follows: indicating the operation governed by the rule. In the present embodiment, three operations are supported: READ, WRITE, and UPDATE. The target is as follows: the object to which the ACL rules apply is defined, which may be a single EHR data document or a complex EHR data complex. Conditions are as follows: is an AND gate policy expression covering a plurality of variables and simultaneously comprises an if (say) condition expression for the complex condition of the ACL rule. The actions are as follows: the final operation, which represents the ACL rule, must be ALLOW or DENY. Optionally, two types of ACL rules may be defined: unconditional rules and conditional rules. Unconditional rules are used to control access policies to a particular group of participants. In contrast, a conditional ACL rule may implement an access control policy using various and gate expressions and return a boolean result on the action result.

On the basis of the scheme, whether the electronic health record is tampered or not can be detected through the hash digest. When the edge node sends the URL result to the patient, a hash digest result of the EHR data may be included. The hash digest result contains a string created by a one-way hash formula, which can protect the integrity of EHR data and detect changes in any part of the data. By comparing the results of the hash digests, the patient or medical personnel can determine if there has been any change to the electronic health recorder data. If the EHR data is modified, the result of the hashing algorithm is different from the original data. The hash digest is also stored synchronously in the blockchain. When a malicious user attempts to tamper with the EHR data, the newly generated hash digest is different from the original hash digest stored in the blockchain, and the EHR data can be immediately discovered to be attacked.

In addition, the leakage of the electronic health record can be ensured through a Uniform Resource Locator (URL) of a disposable self-destruction. Illustratively, after a healthcare worker sends an access request to the blockchain network, the information provided by the doctor is examined by the enforced ACL policy. If the identity information satisfies the ACL policy, the intelligent dating performed between the patient and the doctor saves the access record in the blockchain network and returns a one-time self-destruct URL pointing to the EHR data address. Optionally, https://1 ty.me/may be used to contain the EHR data address stored in the edge node. HTTPS://1 ty.me/uses HTTPS protocol to encrypt EHR data address information, the key of the decryption address being part of the data contained in the URL. This generated URL is not stored in its server, so only a valid, one-time URL link can display and decrypt the address information. Once the address information is viewed, the encrypted information is deleted from the system, and the URL link disappears and cannot be accessed again.

It can be understood that the patient or the medical staff needs to obtain the unique identifier by registering on the blockchain to perform operations such as information storage, query and the like in the information query system. Without the healthcare worker's complete registration information, a malicious user cannot impersonate the healthcare worker's identity to request EHR data. If the user attempts to obtain information through a malicious attack, the system may blacklist the account and all access requests and operations are permanently logged on the blockchain as evidence. When the user's account is found to be hacked, the system can trace back the behavior of the attacker and identify the altered data.

Embodiments of the present invention provide a hybrid architecture, which implements attribute-based access control on EHR data by using a block chain and an edge node. The architecture utilizes blockchains: (1) executing the intelligent contract, thereby enforcing the ACL policy; (2) all access events are recorded into the blockchain. In addition, EHR data is stored on the edge node and an attribute-based access control policy specified in the abbreviated authorization language is enforced at the edge node. Meanwhile, the safety of the electronic health record data is guaranteed by combining the disposable self-destruction URL and the EHR hash abstract, and the effective control of the access of the electronic health record is realized.

Example four

Fig. 4 is a schematic structural diagram of an information query apparatus according to a fourth embodiment of the present invention. The information inquiry apparatus can be implemented in software and/or hardware, for example, the information inquiry apparatus can be configured in a computer device. As shown in fig. 4, the apparatus includes a query request obtaining module 410410, a query address obtaining module 420, and an address information feedback module 430, where:

a query request obtaining module 410, configured to obtain a health information query request;

the query address acquisition module 420 is configured to invoke a query control intelligent contract to execute a health information query request, and determine a health information query address of the health information query request;

the address information feedback module 430 is configured to feed back the health information query address to the information querying party, so that the information querying party obtains the target health information corresponding to the health information query request according to the health information query address.

The embodiment of the invention obtains the health information query request through a query request obtaining module in the block chain node; the query address acquisition module calls a query control intelligent contract to execute the health information query request and determines a health information query address of the health information query request; the address information feedback module feeds the health information inquiry address back to the information inquiry party, so that the information inquiry party obtains target health information corresponding to the health information inquiry request according to the health information inquiry address, and the health information inquiry request is responded through the block link points according to a prearranged inquiry control intelligent contract, and the effective control of the access to the electronic health record is realized.

Optionally, on the basis of the foregoing scheme, the query address obtaining module 420 includes:

the request conversion unit is used for generating an authority query request in an authorization abbreviation language form according to the health information query request;

and the inquiry address determining unit is used for determining whether the information inquirer has inquiry authority or not according to the authority inquiry request, and determining the health information inquiry address based on the target information storage path associated with the target information identifier of the health information inquiry request when the information inquirer has the inquiry authority.

Optionally, on the basis of the above scheme, the query address determining unit is specifically configured to:

and determining an inquiry initiator and an inquiry target party according to the permission inquiry request, and calling an access control list corresponding to the inquiry target party to judge whether the inquiry initiator has inquiry permission.

Optionally, on the basis of the above scheme, the apparatus further includes an access right setting module, configured to:

and in response to the detected access control list setting request, determining a set user identifier and a set access control list associated with the access control list setting request, and performing uplink storage on the set user identifier and the set access control list.

Optionally, on the basis of the above scheme, the target information storage path includes at least one target disposable self-destruction address, and the query address determining unit is specifically configured to:

and acquiring a target one-time self-destruction address in the target information storage path as a health information query address.

Optionally, on the basis of the above scheme, the apparatus further includes a health information storage module, configured to:

in response to the detected health information storage request, storing the stored health information linked with the health information storage request in an uplink mode, and generating at least one stored disposable self-destruction address based on an original storage address for storing the health information;

and taking at least one storage disposable self-destruction address as a storage information storage path for storing the health information, and storing the storage information storage path and the storage information identifier for storing the health information into the block chain network in an associated manner.

Optionally, on the basis of the above scheme, the apparatus further includes a health information access module, including:

the access request acquisition unit is used for acquiring an information access request, and the information access request is generated by an information inquiry party according to the health information inquiry address;

and the target information feedback unit is used for acquiring the target health information corresponding to the information access request and feeding the target health information back to the information inquiry party.

Optionally, on the basis of the foregoing scheme, the target information feedback unit is further configured to:

acquiring a hash abstract associated with the target health information;

and feeding back the target health information and the hash abstract to the information inquiring party so that the information inquiring party judges whether the target health information is tampered according to the hash abstract.

The information inquiry device provided by the embodiment of the invention can execute the information inquiry method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.

EXAMPLE five

Fig. 5 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention. FIG. 5 illustrates a block diagram of an exemplary computer device 512 suitable for use in implementing embodiments of the present invention. The computer device 512 shown in FIG. 5 is only an example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention.

As shown in FIG. 5, computer device 512 is in the form of a general purpose computing device. Components of computer device 512 may include, but are not limited to: one or more processors 516, a system memory 528, and a bus 518 that couples the various system components including the system memory 528 and the processors 516.

Bus 518 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and processor 516, or a local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.

Computer device 512 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 512 and includes both volatile and nonvolatile media, removable and non-removable media.

The system memory 528 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)530 and/or cache memory 532. The computer device 512 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage 534 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, and commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 518 through one or more data media interfaces. Memory 528 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.

A program/utility 540 having a set (at least one) of program modules 542, including but not limited to an operating system, one or more application programs, other program modules, and program data, may be stored in, for example, the memory 528, each of which examples or some combination may include an implementation of a network environment. The program modules 542 generally perform the functions and/or methods of the described embodiments of the invention.

The computer device 512 may also communicate with one or more external devices 514 (e.g., keyboard, pointing device, display 524, etc.), with one or more devices that enable a user to interact with the computer device 512, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 512 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 522. Also, computer device 512 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via network adapter 520. As shown, the network adapter 520 communicates with the other modules of the computer device 512 via the bus 518. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the computer device 512, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

The processor 516 executes various functional applications and data processing by running programs stored in the system memory 528, for example, implementing an information query method provided by an embodiment of the present invention, the method includes:

acquiring a health information query request;

calling a query control intelligent contract to execute a health information query request and determining a health information query address of the health information query request;

and feeding back the health information inquiry address to the information inquiry party so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address.

Of course, those skilled in the art can understand that the processor can also implement the technical solution of the information query method provided by any embodiment of the present invention.

EXAMPLE six

The sixth embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the information query method provided in the sixth embodiment of the present invention, and the method includes:

acquiring a health information query request;

calling a query control intelligent contract to execute a health information query request and determining a health information query address of the health information query request;

and feeding back the health information inquiry address to the information inquiry party so that the information inquiry party can obtain the target health information corresponding to the health information inquiry request according to the health information inquiry address.

Of course, the computer program stored on the computer-readable storage medium provided by the embodiments of the present invention is not limited to the method operations described above, and may also perform related operations of the information query method provided by any embodiments of the present invention.

Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.