A multi-authorisation blockchain-based access control for cloud healthcare system

Cloud services became less efficient to health organisations since they deal with sensitive medical data. The digital format leakage of a patient's health information with or without knowledge of the cloud provider may cause serious problems that require special consideration. This raises the question of whether we should trust the provider in the first place or if any other third party may be involved. In this paper, we extend the CP-ABE scheme with a (t, n) secret splitting method alongside with cloud and blockchain technology. To ensure a fine-grained access control, we propose a multi-authorisation scheme where the data user can retrieve the access from the data owner or from a group of certified users when he cannot give access himself. The data user reconstructs the decryption key from only t of n delivered authorisations, and preserves that only target users can read data, which even the members of the multi-authorisation group cannot.