基於無伺服器區塊鏈之低成本、隱私保護聯合檢後醫生搜尋媒合平台設計

Abstract

根據統計，台灣每年至少有740萬人進行健檢，而人們在檢查後常需要依結果進行後續診療。目前，檢後診療醫生搜尋與媒合方法有二:健檢單位指定與網路搜尋。這兩種方法仍無法同時滿足病人的三種需求:(PD1)選擇多樣性，醫生選擇不侷限於單一醫院系統，(PD2)一站式搜尋服務，一次性的搜索多家醫院的醫生，與(PD3)隱私性，搜尋過程中保護病人醫療需求的隱私。對此，我們希望提出一個平台，由多個醫療機構(Medical Institution, MI)來合作提供醫生檔案以滿足上述病人的需求。為了能夠吸引更多MI加入，設計上希望平台有以下四個技術目標: (MD1)保有自主權，MI的自主權包括是否加入聯盟和對所提供資訊的接取控管、(MD2)中立性，平台在執行搜尋的過程不偏袒任何一方、(MD3)低成本，低費用即可參與平台運作，以及(MD4)低技術門檻，不需要過高的技術門檻即可參與平台運作。 為了解決上述的問題，本研究提出一項低成本、隱私保護聯合醫生搜尋與媒合平台(Low-cost, Privacy-preserving, Federated Doctor Search and Match Platform, LPF-DSMP)設計。LPF-DSMP包含了一種新的醫生媒合機制—聯合搜索-分享媒合機制(Federated Search-share Matching Mechanism, FSMM)，與兩個支持技術—區塊鏈平台(blockchain-based platform, BCP)與多使用者對稱可搜索加密技術(Multi-client Searchable Symmetric Encryption, Mc-SSE)。首先，在FSMM之中，現存的MI形成一個鬆耦合(loosely-couple)聯盟並相互授權。每個MI可以自由的提供醫生檔案或者病人的醫生搜尋需求，並透過平台媒合兩者。這樣的機制能夠滿足病人選擇多樣性與一站式搜尋服務的需求並同時保有醫療機構的自主權。在技術方面，LPF-DSMP利用智能合約進行多個MI間病人醫生搜尋需求與醫生檔案的媒合計算，促成平台的中立性。另外，Mc-SSE可以在搜尋資料的過程中保護病人的隱私，利用分享方的資料及索引加密、與搜尋方製作的詢問陷門，來供給BCP進行索引與詢問陷門匹配而無涉內容。 基於上述基礎，本研究在LPF-DSMP平台設計上著重於如何結合FSMM、BCP與Mc-SSE來滿足病人需求，並以降低平台技術門檻與成本為目標，評估各種不同區塊鏈架構以及設計新的彈性Mc-SSE方案。主要研究問題(P)、挑戰(C)和解決方案(M)為: P1.滿足病人需求與平台技術目標的醫生搜尋問題:醫生搜尋平台如何同時滿足上述病人的需求PD1~3與平台技術目標MD1~2? C1.病人需求與平台技術目標之間存在些許衝突關係: 衝突一，PD1選擇多樣性與PD2一站式搜尋服務vs. MD1自主權:現行將不同醫療機構的醫生檔案聚集，並於某一方或第三方機構運作和管理供患者搜尋，是滿足病人選擇多樣性與一站式搜尋服務最直接的模式。然而，這樣的作法可能潛在地損害醫療機構的自主權。衝突二，PD3隱私性vs.MD2中立性:區塊鏈技術可以促成平台中立性。然而，在我們的醫生搜索和匹配平台中直接採用這些技術都會導致潛在的隱私洩露。採用合適的技術與方法解決上述衝突是個挑戰。 M1.我們設計出新的聯合搜索-分享媒合機制(Federated Search-share Matching Mechanism, FSMM)並採用多使用者對稱可搜索加密技術(Mc-SSE)搭配區塊鏈。前者為衝突一的解決方案，成員MI可以自由地加入聯盟與上傳其醫生檔案並控制其訪問權限。當一個聯盟成員醫療機構的病人完成體檢時，他們能夠在其他醫療機構的授權與幫助之下，一站式的搜尋來自其他醫療機構的醫生。後者則針對衝突二，我們採用多使用者對稱可搜索加密技術(Mc-SSE)搭配區塊鏈以同時滿足中立性與隱私性，並透過製作加密文件與索引，以供匹配而無涉內容。 P2.低成本與低技術門檻的區塊鏈聯合醫生搜尋與媒合平台問題:如何建造低成本與技術門檻的區塊鏈聯合醫生搜尋與媒合平台? C2.現有區塊鏈服務繁多，特性也各不相同。公鏈的節點參與者開放性並不適合FSMM；而聯盟鏈限制節點參與者的架構較相容FSMM，但技術門檻較高，建置與維護成本對小型醫療單位來說是筆負擔。選擇適合的區塊鏈服務架構來來滿足低技術門檻與成本並相容於FSMM是個挑戰。 M2.新設計以參與平台的MI為節點、由病人驅動的平台架構，並選擇新興的無伺服器區塊鏈服務(Serverless Blockchain, SB)作為平台技術載體(carrier)。SB的網路架構上較接近於聯盟鏈，能夠限制只有參與聯盟的醫療機構成員能夠成為節點，而醫療機構作為節點也對其保有自主權帶來益處。另外，SB能給予即用的(off the shelf)區塊鏈服務，提供了平台易用性，省去了醫療機構部署設施的資本成本；營運成本部分則由醫療機構依使用量付費。 P3.在無伺服器區塊鏈聯合醫生搜尋與媒合平台上使用Mc-SSE來支持病人俱隱私保護的醫生搜尋問題: Mc-SSE方案的彈性指資料搜尋方得以使用單個詢問陷門匹配不同資料分享方的加密索引。不彈性的方案意味著資料搜尋方需針對不同的加密索引生成多個詢問陷門，這將導致詢問陷門數量和資料量的提升，進一步增加無伺服器區塊鏈上的搜尋成本。如何設計一個彈性的Mc-SSE方案以支持低成本的隱私保護的醫生搜尋？ C3.現行的方案為了達成彈性需求，由鑰匙管理者分發鑰匙給搜尋、分享雙方，搜尋、分享雙方再使用這些鑰匙來製作其詢問陷門與加密索引。然而，在我們的FSMM媒合機制中並無可信第三方擔任鑰匙管理者，如何在無鑰匙管理者的條件之下，設計一個彈性的Mc-SSE是一個挑戰。 M3.基於次線性搜索時間的單用戶多關鍵字Oblivious Cross Tags（OXT）協議，我們新提出了Multi-client Interchangeable Query Trapdoor Oblivious Cross Tags (Mc-IQT-OXT)方案來解決上述問題。核心想法是藉由授權令牌在免除鑰匙管理者的同時，保有方案的彈性。為了實現這一點，我們設計了基於組織ID和密鑰的組織授權令牌（Organization-oriented Authorization Tokens, OOAT），並調整了原始OXT的加密索引和詢問陷門，使它們與OOAT相容。 P4.低成本、隱私保護聯合醫生搜尋平台(LPF-DSMP)簡易雛型設計與實作問題: 如何設計一個原型來評估我們提出的LPF-DSMP的性能並驗證它是否能夠支持患者在健檢後找尋醫生？ C4.為了構建LPF-DSMP的雛型，需要研究開發套件，並實作各種程序和模塊以實現我們的Mc-IQT-OXT方案。將上述工作使用GraphQL API整合於無伺服器區塊鏈平台，並設計一個使用者友善界面以幫助患者搜索醫生是個挑戰。 M4.創新設計無伺服器區塊鏈醫生搜尋平台(Serverless Blockchain Doctor Search and Match Platform, SB-DSMP)。搜尋平台包含四個模組: (一)初始設置模組:負責模擬平台的參數與密鑰設置工作。(二)資料分享方模組:負責醫生檔案的加密，加密索引與授權令牌的製作，並上傳至無伺服器區塊鏈以供搜尋使用。(三)資料搜尋方模組:接收病人的需求並轉換為詢問陷門後上傳至無伺服器區塊鏈，以及處理並呈獻搜尋結果以供病人挑選醫生；(四)無伺服器區塊鏈，負責儲存與接收搜尋所需資料，並在收到搜尋請求時，呼叫智能合約執行詢問陷門與加密索引的配對，並將搜尋結果紀錄至區塊鏈中，以供資料搜尋方查詢。 本論文的研究創新與貢獻包含 : (1)設計一個新的醫生搜尋與媒合機制FSMM，以滿足患者對選擇多樣性、一站式搜尋服務的需求。另外，我們採用Mc-SSE搭配區塊鏈以同時滿足中立性與隱私性。 (2)找出了適合FSMM機制且已有商業服務運轉的無伺服器區塊鏈作為搜尋平台的技術載體，對醫療機構的技術門檻低，並以免部署特性省去了資本成本。營運成本由醫療機構依使用量付費。 (3)創新設計了一種彈性的Mc-SSE方案:Mc-IQT-OXT。本方案最大的亮點為透過不同的授權令牌，在移除鑰匙管理者的同時仍舊保有彈性。與其他Mc-SSE相比，Mc-IQT-OXT的無鑰匙管理者特性符合我們FSMM媒合機制的需求，而彈性特性則降低了在無服務器區塊鏈中的搜索成本。 (4)設計並實現SB-DSMP。在SB-DSMP上，一個醫院節點每個月的固定成本約為5~8美元，而每次搜尋的成本在 11家醫院，每家醫院有250份醫生檔案的情境之下為2.742×10^(-3) 美元。另外，3個關鍵字的QT生成時間、其與300個檔案的媒合時間分別為200ms與264ms。其成本與性能展現具實際應用的潛力。

According to statistics, at least 7.4 million people in Taiwan undergo health check-up every year. Currently, there are two common approaches for doctor search and match after check-up: being referred by the check-up institution to a doctor or searching online by oneself. These two doctor search methods cannot simultaneously meet the three needs of patients: (PD1) diversity of doctor choices, doctors are not limited to a single hospital; (PD2) one-stop search service, patients are able to search for doctors from multiple hospitals at once; (PD3) privacy, protecting the privacy of patients' medical needs during the search process. Therefore, we would like to propose a platform where multiple medical institutions (MI) collaborate to provide physician documents to meet the needs of patients. To attract more MIs to join in, we expect that the platform has following four technical targets in terms of design: (MD1) autonomy, the autonomy of medical institutions includes the decision to join the federation and the access control to the information they provide. (MD2) neutrality, platform does not favor any party during the search process, (MD3) low cost, low cost required to participate in the platform's operation. (MD4) low technical threshold, low technical threshold required to participate in the platform's operation. In order to solve above problems, we further propose a low-cost, privacy-preserving, federated doctor search and match platform (LPF-DSMP) design. LPF-DSMP involves a new doctor search and match mechanism—Federated Search-share Matching Mechanism (FSMM), and two supported techniques—blockchain-based platform (BCP) and Multi-client Searchable Symmetric Encryption (Mc-SSE). First, existing MIs form a loosely coupled federation and authorize mutually in FSMM. Each MI is free to provide doctor documents or patients' doctor search requests, and then match them through the platform. This doctor search and match mechanism can meet the needs of patients for diversity of doctor choices and one-stop search services while maintaining the autonomy of medical institutions. Technically, the LPF-DSMP platform belongs to a blockchain-based platform (BCP) that utilizes blockchain as its underlying technology. BCP provides smart contract that can perform computation in a trustless environment, providing a foundation for neutrality. We utilize smart contracts to execute the matching calculation of doctor search requests and doctor documents among multiple MIs. Additionally, Mc-SSE can protect the privacy of patients during the search process. It uses encryption of shared documents and indexes from the doctor sharer, along with query trapdoor generated by the data searcher, to enable the BCP to perform matching between indexes and query trapdoor without accessing the actual content. Based on the aforementioned foundation, this study focuses on the design of the LPF-DSMP platform, emphasizing the integration of FSMM, blockchain, and Mc-SSE to meet the needs of patients. Aiming at reducing platform technical threshold and cost, our study evaluates various types of blockchain architectures and designs new flexible Mc-SSE schemes. The main research problems (P), corresponding challenges (C), and the newly designed solutions (M) are as follows: P1. Doctor search satisfying patients’ needs and expected technical targets of platform: How does doctor search and match platform satisfy patients’ needs (PD1~PD3) and expected technical targets of platform (MD1~2) simultaneously? C1. There are some conflicts between patients’ needs and expected technical target of platform: Conflict 1: PD1 diversity of choices and PD2 one-stop search service vs. MD1 autonomy: A straightforward idea to meet patients’ needs of diversity of choices and one-stop search service is to gather doctor document scattered in different MIs in one place for patients to search for. However, if the works of document gathering and search service providing are managed and operated by a third party authority, it may potentially harm MI's autonomy. Conflict 2: PD3 privacy vs. MD2 neutrality Blockchain technology can facilitate neutrality of platform. However, blockchain lead to potential privacy leakage if we directly adopt it in our doctor search and matching platform. Employ appropriate techniques and methods to resolve the aforementioned conflicts is a challenge. M1. We have designed a new Federated Search-share Matching Mechanism (FSMM) and adopted Multi-client Searchable Symmetric Encryption (Mc-SSE) with blockchain. The former serves as a solution to Conflict 1, member MIs can freely join the federation, upload their doctor documents, and maintain access control to what they upload. When a patient from one member MI completes a check-up, they can search for doctors from other MIs in the federation in a one-stop manner, with the authorization the assistance of those MIs. The latter addresses Conflict 2, where we employ Mc-SSE technology with blockchain to simultaneously achieve neutrality and privacy. By creating encrypted documents and indexes, we enable matching without accessing the actual content. P2. Low cost and technical threshold federated doctor search and match platform design with blockchain: How to build a federated doctor search and match platform that is low cost and low technical threshold with blockchain as federated technical carrier? C2. There are quite a few existing blockchain services with different features. Public chain's open participation of nodes is not suitable for FSMM. Consortium chain's architecture that restricts node participants is more compatible with FSMM, but with higher technical threshold and cost for construction and maintenance for small MIs. The selection of a blockchain architecture that is low technical threshold and cost, and compatible with FSMM is a significant challenge. M2. The new design adopts a patient-driven federated doctor search platform architecture with participating MIs as nodes. SB's network architecture is closer to consortium blockchain, enabling the restriction that only member MIs participating in the federation can become nodes. Taking MIs as blockchain nodes also brings benefit of maintaining their autonomy. Additionally, SB provides off-the-shelf blockchain services, reducing the technical threshold of platform and eliminating the capital costs of deploying infrastructure for MIs； Operational costs are paid by MIs based on their usage. As a result, our design utilizes the emerging technology of Serverless Blockchain as the underlying technical carrier of platform. P3. Privacy-preserving doctor search with Mc-SSE on a federated doctor search and match platform with serverless blockchain: The flexibility of the Mc-SSE solution refers that data searcher is able to use a single query trapdoor to match encrypted indexes from different data sharer. An inflexible scheme would require the data searcher to generate multiple query trapdoors for different encrypted indexes, which leads to an increase in the data volume and number of query trapdoor, thus further escalating the search costs on the serverless blockchain. How can we design a flexible Mc-SSE solution to support low-cost privacy-preserving doctor search? C3. Current Mc-SSE solution achieves flexibility by having a key manager distribute keys to both the data searcher and sharer. Data searcher and sharer then use these keys to generate their query trapdoor and encrypted indexes. However, in our FSMM match mechanism, there is no trusted third party acting as a key manager. Designing a flexible Mc-SSE solution under the condition of no key manager is a challenge. M3. Based on single-user multi-keyword Oblivious Cross Tags (OXT) scheme with sublinear search time, we propose the Mc-IQT-OXT (Multi-client Interchangeable Query Trapdoor Oblivious Cross Tags) scheme to solve the problem mentioned above. The key idea is to maintain flexibility by using authorization tokens while eliminating the need for a key manager. To achieve this, we design Organization-oriented Authorization Tokens (OOAT) based on organizational IDs and keys, and adjust the encrypted indexes and query trapdoor of the original OXT to make them compatible with OOAT. P4. Prototype design and implementation for LPF-DSMP: How to design a prototype to evaluate the performance of our proposed LPF-DSMP and verify that it can support patients to find doctors after check-up and meet all the demands including PD and MD at the same time? C4. In order to build the prototype for LPF-DSMP, it is necessary to study the open source development kit and implement various programs and modules to realize our Mc-IQT-OXT scheme. Then, the above work has to be integrated with the serverless blockchain platform using GraphQL API. Moreover, a user-friendly interface also needs to be designed to help the patient search for doctor. M4. Innovatively design a serverless blockchain doctor search and match platform (SB-DSMP). The searching platform consists of four modules: (1) Initial Setup Module: simulating the platform's parameter and key setup work. (2) Data Sharer Module: encrypting doctor files, generating encrypted indexes and authorization tokens, and uploading all the above data to the serverless blockchain for search. (3) Data Searcher Module: receiving patients' demands and uploading them to the serverless blockchain after converting them to query trapdoors, as well as processing and presenting search results for patients to select doctors. (4) Serverless Blockchain: storing and receiving the required element for search, calling smart contracts to execute the matching of query trapdoors and encrypted indexes upon receiving search requests, and recording search results on the blockchain for data searcher module queries. The contributions of this research are as follows: (1)Design a new doctor search and match mechanism, FSMM, to meet patients' needs for diversity of doctor choices, and one-stop search services. U Additionally, we adopt Mc-SSE with blockchain to ensure both neutrality and privacy. (2)We have identified a suitable serverless blockchain service that aligns with the FSMM and is already in operation as a commercial service. Serving as the technical underlying carrier for our search platform, SB provides low technical thresholds for medical institutions and the elimination for deployment reduces capital costs. Operational costs are paid by MIs based on their usage. (3)We have innovatively designed a flexible and key manager removed Mc-SSE scheme called Mc-IQT-OXT. The main highlight of the scheme is the ability to maintain flexibility without Key Manager through different authorization tokens. Compared to other Mc-SSE schemes, the key-manager-removed feature of Mc-IQT-OXT aligns with our FSMM requirements, and its flexibility reduces the search costs in the serverless blockchain. (4)We have designed and implemented SB-DSMP. On SB-DSMP, the fixed monthly cost for a hospital node is approximately $5 to $8 USD and the cost per search is about $2.742×10^(-3)USD per search under the context of 11 MIs, each with 250 doctor documents for searching and matching. Additionally, the generation time for query trapdoors with three keywords and the matching time with 300 files are 200ms and 264ms, respectively. These costs and performance demonstrate the potential for practical applications.