EMERGING PATIENT HEALTH INFORMATION EXCHANGE SYSTEM ON CLOUD Abstract

Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthori ed parties. !o assure the patients" control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. #et, issues such as ris$s of privacy exposure, scalability in $ey management, flexible access and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. %n this paper, we propose a novel patient-centric framewor$ and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. !o achieve fine-grained and scalable data access control for PHRs, we leverage attribute based encryption (&'() techni)ues to encrypt each patient"s PHR file. *ifferent from previous wor$s in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the $ey management complexity for owners and users. & high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority &'(. +ur scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user,attribute revocation and brea$-glass access under emergency scenarios. (xtensive analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme.

Existing System
In Existing system a PHR system model, there are multiple owners who may encrypt according to their own ways, possibly using different sets of cryptographic keys !etting each user obtain keys from e"ery owner who#s PHR she wants to read would limit the accessibility since patients are not always online An alternati"e is to employ a central authority $%A& to do the key management on behalf of all PHR owners, but this re'uires too much trust on a single authority $i e , cause the key escrow problem&

Key escrow $also known as a fair cryptosystem& is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authori(ed third party may gain access to those keys )hese third parties may include businesses, who may want access to employees* pri"ate communications, or go"ernments, who may wish to be able to "iew the contents of encrypted communications

Proposed System
+e endea"or to study the patient centric, secure sharing of PHRs stored on semi,trusted ser"ers, and focus on addressing the complicated and challenging key management issues In order to protect the personal health data stored on a semi, trusted ser"er, we adopt attribute,based encryption $A-E& as the main encryption primiti"e .sing A-E, access policies are expressed based on the attributes of users or data, which enables a patient to selecti"ely share her PHR among a set of users by encrypting the file under a set of attributes, without the need to know a complete list of users )he complexities per encryption, key generation and decryption are only linear with the number of attributes in"ol"ed

/odules

0 1 2 5 7

Registration .pload files A-E for 3ine,grained 4ata Access %ontrol Setup and 6ey 4istribution -reak,glass

/odules 4escription

Registration

In this module normal registration for the multiple users

)here are multiple

owners, multiple AAs, and multiple users )he attribute hierarchy of files 8 leaf nodes is atomic file categories while internal nodes are compound categories 4ark boxes are the categories that a PS4#s data reader ha"e access to )wo A-E systems are in"ol"ed9 for each PS4 the re"ocable 6P,A-E scheme is adopted for each P.4, our proposed re"ocable /A,A-E scheme P.4 , public domains PS4 , personal domains AA , attribute authority /A,ABE - multi-authority ABE 6P,ABE - key policy ABE

.pload files

In this module, users upload their files with secure key probabilities certain fine grained model A-E for 3ine,grained 4ata Access %ontrol

)he owners

upload A-E,encrypted PHR files to the ser"er Each owner#s PHR file encrypted both under a

In this module A-E to reali(e fine,grained access control for outsourced data especially, there has been an increasing interest in applying A-E to secure electronic healthcare records $EHRs& An attribute,based infrastructure for EHR systems, where each patient#s EHR files are encrypted using a broadcast "ariant of %P,A-E that allows direct re"ocation Howe"er, the cipher text length grows linearly with the number of un re"oked users In a "ariant of A-E that allows delegation of access rights is proposed for encrypted EHRs applied cipher text policy A-E $%P,A-E& to manage the sharing of PHRs, and introduced the concept of social:professional domains in"estigated using A-E to generate self,protecting E/Rs, which can either be stored on cloud ser"ers or cell phones so that E/R could be accessed when the health pro"ider is offline Setup and 6ey 4istribution

In this module the system first defines a common universe of data attributes shared by every PSD, such as basic profile , medical history , aller!ies , and prescriptions " An emer!ency attribute is also defined for break-!lass access"

Each P#$ o%ner&s client application !enerates its correspondin! public'master keys" (he public keys can be published via user&s profile in an online healthcare social-net%ork )#S*+ (here are t%o %ays for distributin! secret keys" ,irst, %hen first usin! the P#$ service, a P#$ o%ner can specify the access privile!e of a data reader in her PSD, and let her application !enerate and distribute correspondin! key to the latter, in a %ay resemblin! invitations in -oo!leDoc" Second, a reader in PSD could obtain the secret key by sendin! a re.uest )indicatin! %hich types of files she %ants to access+ to the P#$ o%ner via #S*, and the o%ner %ill !rant her a subset of re.uested data types" Based on that, the policy en!ine of the application automatically derives an access structure, and runs key!en of /P-ABE to !enerate the user secret key that embeds her access structure"

-reak,glass module

In this module when an emergency happens, the regular access policies may no longer be applicable )o handle this situation, break,glass access is needed to access the "ictim#s PHR In our framework, each owner#s PHR#s access right is also delegated to an emergency department E4 to pre"ent from abuse of break,glass option, the emergency staff needs to contact the E4 to "erify her identity and the emergency situation, and obtain temporary read keys After the emergency is o"er, the patient can re"oke the emergent access "ia the E4"

System Requirements: Hardware Requirements:

System Hard Disk : Pentium IV 2.4 GHz. : 40 GB.

Floppy Dri e : !.44 "#. "onitor "ouse +am : !$ VG% &olour. : 'o(ite)*. : $!2 "#.

Software Requirements:

,peratin( system &odin( 'an(ua(e Data Base

: - .indo/s 0P. : %SP.1et /it* &2. : S3' Ser er 2005