Pericàs-Gornals Rosa, Mut-Puigserver Macià, Payeras-Capellà M Magdalena
Dpt. de Ciències Matemàtiques i Informàtica, Universitat de les Illes Balears, 07122 Palma, Spain.
Int J Inf Secur. 2022;21(5):1069-1090. doi: 10.1007/s10207-022-00598-3. Epub 2022 Jul 29.
As a result of the declaration of the COVID-19 pandemic, several proposals of blockchain-based solutions for digital COVID-19 certificates have been presented. Considering that health data have high privacy requirements, a health data management system must fulfil several strict privacy and security requirements. On the one hand, confidentiality of the medical data must be assured, being the data owner (the patient) the actor that maintain control over the privacy of their certificates. On the other hand, the entities involved in the generation and validation of certificates must be supervised by a regulatory authority. This set of requirements are generally not achieved together in previous proposals. Moreover, it is required that a digital COVID-19 certificate management protocol provides an easy verification process and also strongly avoid the risk of forgery. In this paper we present the design and implementation of a protocol to manage digital COVID-19 certificates where individual users decide how to share their private data in a hierarchical system. In order to achieve this, we put together two different technologies: the use of a proxy re-encryption (PRE) service in conjunction with a blockchain-based protocol. Additionally, our protocol introduces an authority to control and regulate the centers that can generate digital COVID-19 certificates and offers two kinds of validation of certificates for registered and non-registered verification entities. Therefore, the paper achieves all the requirements, that is, data sovereignty, high privacy, forgery avoidance, regulation of entities, security and easy verification.
由于新冠疫情的宣布,已经提出了几个基于区块链的数字新冠病毒证书解决方案的提案。考虑到健康数据有很高的隐私要求,一个健康数据管理系统必须满足几个严格的隐私和安全要求。一方面,必须确保医疗数据的保密性,数据所有者(患者)是对其证书隐私保持控制的行为主体。另一方面,参与证书生成和验证的实体必须由监管机构监督。在以前的提案中,这一系列要求通常无法同时实现。此外,要求数字新冠病毒证书管理协议提供一个简单的验证过程,并且还要有力地避免伪造风险。在本文中,我们展示了一个管理数字新冠病毒证书的协议的设计与实现,在这个协议中,个体用户可以在一个分层系统中决定如何共享他们的私人数据。为了实现这一点,我们整合了两种不同的技术:使用代理重加密(PRE)服务并结合基于区块链的协议。此外,我们的协议引入了一个机构来控制和管理能够生成数字新冠病毒证书的中心,并为注册和未注册的验证实体提供两种证书验证方式。因此,本文实现了所有要求,即数据主权、高隐私性、避免伪造、实体监管、安全性和易于验证。