中圖分類號：TP309.7
文獻標識碼：A
DOI:10.19358/j.issn.2097-1788.2023.07.006
引用格式：祁嘉琪，莫欣岳，周永恒，等.基于國密算法SM2和CPABE的醫療訪問控制系統的設計與實現［J］.網絡安全與數據治理，2023，42（7）：37-42，48.

Design and implementation of medical data access control system based on SM2 and CP-ABE

Abstract： Aiming at the problems of high computing cost and authority control in existing medical data sharing schemes, a medical data access control system based on a revocation multiattribute agency authorization scheme and state secret algorithm SM2 is proposed. Compared with the traditional CPABE revocation algorithm, the improved CPABE algorithm in this paper does not need to reencrypt all the encrypted files or update the keys of all legitimate users, but only needs to update the ciphertext associated with the revoked attributes. Experimental results show that the designed system is about 10% faster than traditional schemes in the encryption and decryption performance. In addition, the multiattribute authority, flexible revocation mechanism, national secret algorithm SM2 and global trusted Certificate Authority (CA) are integrated into CPABE in this paper, which can ensure the security of communication of the forward, backward and multiattribute authority in the system and effectively resist forgery attacks and collusion attacks.

Key words : attribute encryption；state secret algorithm SM2；medical data sharing; multiattribute authorization