Multi-authority Access Control with Anonymous Authentication for Personal Health Record

A personal health record (PHR) system is a smart health system that serves patients and doctors. However, there is still a possibility of the exposure of personal health information to semi-trusted parties and unauthorized users. To protect the privacy of patients and ensure that patients can control their PHRs, a patient-centric PHR sharing framework is proposed in this application. In this framework, all PHRs are protected with multi-authority attribute-based encryption before outsourcing, which solves the key hosting problem and achieves fine-grained access control to PHRs. Furthermore, an anonymous authentication between the cloud and the user is proposed to ensure data integrity on the cloud while not exposing the user’s identity during authentication. It can make the encrypted PHRs resist collusion attacks and not be forged during the period of sharing, which enhances patients’ control to their PHRs.