| 摘要 |
<p>The invention uses the concept of identity-based encryption in the context of data-centric protection of electronic health records, where each data item is encrypted by using its own identifier as a public key. The corresponding decryption keys are managed by special trusted entities, which distribute the keys to authorized parties and provide logging facilities. This approach has the particular advantage that emergency access mechanisms can 5 be implemented in a secure and extremely efficient way. In contrast to previous approaches, itrequires no large-scale distribution of secret decryption keys. Furthermore, the scheme allows limiting the impact of a compromised decryption key, as one keycan onlybe used to decrypt one single document.</p> |
