ACCESS CONTROL BY SECURE MULTI-PARTY EPR DECRYPTION IN THE MEDICAL SCENARIO

摘要

Due to that medical patient data may be highly confidential, it is essential that electronic patient records (EPR) are properly protected. Accordingly, only legitimate medical personnel should be allowed access to relevant patient data. In this regard, it is reasonable that patients should be able to exert control over their own medical data. In this paper, we propose a security scheme that allows electronic patient records or specific EPR modules to be stored encrypted at the EPR server where each EPR is encrypted with a unique and secret key. In order to obtain access to the protected medical data, medical teams collaborate with the concerning patient in order to blindly reconstruct EPR cryptokeys for decryption at the EPR server. The scheme prohibits the secret EPR cryptokeys from being disclosed to any party, and it is privacy-preserving in the sense that the collaborating parties are able to perform the computations without revealing their private inputs to each other.