PPDM and Data Confidentiality Concepts

3. Abstract
 Electronic healthcare (eHealth) systems have replaced paper-based
medical systems due to the attractive features such as universal
accessibility, high accuracy, and low cost.
 As a major component of eHealth systems, mobile healthcare (mHealth)
applies mobile devices, such as smartphones and tablets, to enable patient-
to-physician and patient-to-patient communications for better healthcare
and quality of life (QoL).
 Unfortunately, patients’ concerns on potential leakage of personal health
records (PHRs) is the biggest stumbling block. In current eHealth/mHealth
networks, patients’ medical records are usually associated with a set of
attributes like existing symptoms and undergoing treatments based on the
information collected from portable devices.

4.  To guarantee the authenticity of those attributes, PHRs should be
verifiable.
 However, due to the link ability between identities and PHRs, existing
mHealth systems fail to preserve patient identity privacy while
providing medical services.
 To solve this problem, we propose a decentralized system that leverages
users’ verifiable attributes to authenticate each other while preserving
attribute and identity privacy.

5. ABOUT THE SYSTEM
 Here, we endeavor to study the patientcentric, secure sharing of PHRs
stored on semi-trusted servers, and focus on addressing the
complicated and challenging key management issues.
 In order to protect the personal health data stored on a semi-trusted
server, we adopt attribute-based encryption (ABE) as the main
encryption primitive.
 Using ABE, access policies are expressed based on the attributes of
users or data, which enables a patient to selectively share her PHR
among a set of users by encrypting the file under a set of attributes,
without the need to know a complete list of users.

6.  The complexities per encryption, key generation and decryption are
only linear with the number of attributes involved.
 However, to integrate ABE into a large-scale PHR system, important
issues such as key management scalability, dynamic policy updates,
and efficient on-demand revocation are non-trivial to solve, and
remain largely open up-to-date.

7. There are several main additional contributions:
 (1) We clarify and extend our usage of MA-ABE in the public domain,
and formally show how and which types of user-defined file access
policies are realized.
 (2) We clarify the proposed revocable MA-ABE scheme, and provide a
formal security proof for it.
 (3) We carry out both real-world experiments and simulations to
evaluate the performance of the proposed solution in this paper.

8. SYSTEM ARCHITECTURE

9.  WIDELY deployed electronic healthcare (eHealth) systems have improved
people’s daily life compared with traditional paper-based systems for its
extraordinary advantages, such as higher efficiency, better accuracy, and
broader availability.
 For most mHealth systems, patients use sensors, implantable medical devices
(IMDs), and mobile phones to collect personal health records (PHRs), then
send medical data to the designated healthcare infrastructure to obtain
physicians’ diagnosis via wireless interfaces.
 Possible solution leads us to consider the possibility of separating multiple
attributes from a single identity, and allows users to mutually authenticate each
other using their attributes

10. SYSTEM DESIGN
A.DATA FLOW DIAGRAM

11. B.USE CASE DIAGRAM

12. CONCLUSION
 we have proposed a novel framework of secure sharing of personal
health records in cloud computing.
 Considering partially trustworthy cloud servers, we argue that to fully
realize the patient-centric concept, patients shall have complete
control of their own privacy through encrypting their PHR files to allow
fine-grained access.
 The framework addresses the unique challenges brought by multiple
PHR owners and users, in that we greatly reduce the complexity of key
management while enhance the privacy guarantees compared with
previous works.
 Furthermore, we enhance an existing MA-ABE scheme to handle
efficient and on-demand user revocation, and prove its security.
Through implementation and simulation, we show that our solution is
both scalable and efficient.

13. THANK YOU