Electronic health (e-health) information systems rely on cloud computing technologies to provide massive medical data storage services. Particularly, to ensure the confidentiality of diagnostic results, sensitive diagnostic data need to be encrypted before being uploaded to a cloud server. Hence, enabling encrypted diagnostic data sharing efficiently is a demanding issue. To this end, we propose an identity-based authorized searchable encryption scheme (IBASE), without incurring substantial certificate management costs. IBASE enables a doctor to authorize an assistant to handle the tricky encrypted diagnostic data sharing with patients in cloud-assisted e-health information systems, by using identity-based encryption with keyword search, which dramatically alleviates the work intensity of the doctor. As a consequence, any patient could retrieve his/her diagnostic reports in a confidential way, by submitting a trapdoor of the corresponding keyword. We formally prove the security of IBASE, and IBASE resists inside keyword guessing attacks (IKGA), any shared encrypted diagnostic data cannot be leaked to the cloud server. The performance comparison demonstrates that IBASE is practical for mobile cloud-assisted e-health information systems.

电子健康（e-health）信息系统依靠云计算技术来提供大量的医疗数据存储服务。特别地，为了确保诊断结果的机密性，需要在将敏感的诊断数据上传到云服务器之前对其进行加密。因此，有效地实现加密的诊断数据共享是一个亟待解决的问题。为此，我们提出了一种基于身份的授权可搜索加密方案（IBASE），而不会产生大量的证书管理成本。IBASE通过使用基于身份的加密和关键字搜索功能，使医生可以授权助手在云辅助的电子医疗信息系统中处理与患者共享的棘手的加密诊断数据，从而极大地减轻了医生的工作强度。作为结果，任何患者都可以通过提交相应关键字的活页门以机密方式检索其诊断报告。我们正式证明了IBASE的安全性，并且IBASE可以抵御内部关键字猜测攻击（IKGA），任何共享的加密诊断数据都不会泄漏到云服务器。性能对比表明，IBASE适用于移动云辅助的电子医疗信息系统。