Abstract: The development of information technology and big data has promoted the informatization of medical records. As one of the representatives, the Electronic Medical Record（EMR） system has changed the mode of traditional medical data management, but there remains some problems such as identity authentication and privacy protection. To solve these problems, this paper proposes an identity based authenticated key agreement protocol. The key agreement server follows this protocol and fetches a session key, which will be used to encrypt the data. Secure and efficient signature algorithm is also used to guarantee the authenticity of data. Finally, the secure data management can be achieved. It is proved that this scheme has perfect forward security and is able to resist the unknown key sharing attack and key-compromise impersonation under the e-CK model. In addition, the core key agreement protocol in this scheme is designed to support sharing key confirmation property with an implicit authentication algorithm.

Key words: electronic medical record, key agreement, encrypted search, e-CK model

摘要： 信息技术和大数据的发展推动了医疗记录的信息化。在这样的背景下，电子病历（EMR）系统作为其中的代表，改变了医疗数据的管理模式，但也带来了诸如身份认证和隐私保护等问题。针对这些问题，提出了一个基于身份的可认证密钥协商协议，通过密钥协商服务器执行此核心协议得到的会话密钥将用来对数据进行加密处理，并由安全高效的签名算法保证数据的真实性，最终实现医疗数据的安全管理。在e-CK模型下，利用可证明安全理论证明了该方案具有完美的前向安全性，能够抵御未知密钥共享攻击和密钥泄露模仿攻击等。此外，通过隐式的认证算法，EMR方案中的核心密钥协商协议能够支持共享密钥的属性认证。

关键词: 电子病历, 密钥协商, 密文检索, e-CK模型