基于CES的电子病历签名系统研究与实现

283CES(212013)(CES)C#XMLResearchandImplementationofElectronicHealthRecordSignatureSystemBasedonCESWANGChang-da,YANGWen-bin,JUShi-guang(SchoolofComputerScienceandTelecommunicationEngineering,JiangsuUniversity,Zhenjiang212013)AbstractAimingattheproblemthatitisraretoconcernpatients’privacyprotectionintraditionaldigitalsignatureschemesofElectronicHealthRecord(EHR),adigitalsignatureschemeforEHRispresented.ItfulfillsakindofnewsecurityrequirementbasedontheContentExtractionSignature(CES)algorithm,i.e.verifiesthepartofthecontentwithinEHRwithouttodisclosethewholedocument.Theschemehasthemeritofaveragedigitalsignatureandcanprotecttheprivacyofpatientaccordingtotheirwills.AnexperimentalsystemisdevelopedbasedonC#.KeywordsElectronicHealthRecord(EHR);ContentExtractionSignature(CES);XMLdigitalsignature;privacyprotection;convertalgorithmComputerEngineering3616Vol.36No.1620108August2010··10003428(2010)16028303ATP309.21[1]XML[1-3](ContentExtractionSignature,CES)[4-5]2CES2.1MnMM=m1,m2,,mnmi=M[I]Mi()length(M)M[n]1,2,,nM'MM'XX{1,2,,nMM'NXM'MCES4(1)KeyGenk/(SK,PK)(2)SignSKM=(m1,m2,,mn)CEASfull(3)ExtractMfullXPKext(4)VerifyM’PKd{Accept,Reject}CEAS(ContentExtractionAccessStructure)(60773049)(BK2007086)(07KJB520016)(07JDG053)(sbc20080655)(1971)2010-01-20E-mailsxndywb@126.com284210CESExtractfullM’extM’2.2(1)Sign(M,CS,SK)1)MM=m1,m2,,mni(1,2,,n)Ri=Hi(mi,CEASi,ri)miMiCEASiMiriHi(d)dSHA12)RiR=Conci=1nRiConci=1nRiRi1n3)RCEASs=S(R,CEAS;SK)CEASSKS(R,CEAS;SK)SK(R,CEAS)RSAs4)CEASsfull=(CEAS,s,Conci=1nri)(2)Extract(M,full,X)XM1)Ri=Hi(mi,CEASi,ri)2)CEASfullSHA1ext=(CEAS,full,Conci=1mri,Conci=1wRi)mXwnw=n-m(3)Verify(PK,M’,ext)M’PK1)Ri=Hi(CEASi,mi,ri)riConci=1mri2)RiRiR3)d=V(CEAS,ext;PK)PKV(CEAS,ext;PK)PK(CEAS,ext)d=R3XMLXMLCESCESTransformObjectReferenceTransformObjectFragmentSaltDigestFragmentURICEASSaltDigestSaltSaltDigestFragmentDigestCEASSaltURISalt3.1(1)Signature(2)SignedInfoReferenceTransformReferenceIDObject(XMLReferenceObjectID)TransformCESTransform(3)ObjectIDReferenceReferenceObjectFragmentURICEASSalt(4)TransformSHA1DigestValueCESTransformFragmentURISalt(5)DigestValueSignatureValue(6)XMLCES3.2(1)ReferenceIDObjectFragmentURI(2)CEASTransformSHA1DigestDigestSalt3.3(1)ReferenceIDObjectFragmentSaltURITransformSHA1DigestCEASDigest(2)DigestValue(3)SignatureValueDigestValue(4)4CESMicrosoftStudioC#2854.1XMLm()4.2()CEAS4.35XMLCESC[1],.XML[J].,2005,14(2):14-17.[2]BartelM,BoyerJ,FoxB,etal.XMLSignatureSyntaxandProcessing[EB/OL].(2008-06-10).[3].XML[M].,.:,2003.[4]SteinfeldR,BullL.ContentExtractionSignatures[C]//Proc.ofthe4thInternationalConferenceonInformationSecurityandCryptology.Berlin,Germany:Springer-Verlag,2002:285-304.[5]BullL,StanskiP,McgSD.ContentExtractionSignaturesUsingXMLDigitalSignaturesandCustomTransformsOn-demand[C]//Proc.ofthe12thInternationalWorldWideWebConference.NewYork,USA:ACMPress,2003:170-177.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(282)ARCHARCH:=mipsCROSS_COMPILECROSS_COMPILE:=mipsel-linux-(4)nandFlashsoc-nand.cpartition_infopartition_info[]={[0]={name=“kernel”,.offset=0,.size=4×1024×1024},[1]={name=“rootfs”,.offset=4×1024×1024,.size=6×1024×1024},[2]={name=“yaffs2”,.offset=10×1024×1024,.size=6×1024×1024}}nandFlash34MB6MB6MB(5)makeelfvmlinux4.3mplayermplayermplayerlive555Mplayer(1)live555(2)mplayer./configure--cc=mipsel-linux-cc--target=mipsel-linux---enable-static--enable-live–with-livedir=live555--ccc--target--with-livedirlive555(3)mplayermake5SoCLinuxLinuxSoCSoCmplayer[1].HS3210_UserManual-V1.3.1.pdf[Z].2008-12.[2]NoergaardT.[M].,,.:,2008.[3],.Linux[M].:,2006.[4]LoveR.Linux[M].,.:,2006.