Research on The Application of Blockchain-Based Data Security in Healthcare

Meiwen Guo^1,2,3*, Cheng Ling Tan^1,4

1 Graduate School of Business, Universiti Sains Malaysia, Minden, Penang, Malaysia

2 School of Management, Guangzhou Xinhua University, 510520, Guangzhou, China

3 Entrepreneurship Centre, Sun Yat-sen University,510275, Guangzhou, China

4 Department of Information Technology & Management, Daffodil, International University, Dhaka 1207, Bangladesh

*Corresponding Author: meiwenguo@student.usm.my Accepted: 10 January 2023 | Published: 31 March 2023

DOI:https://doi.org/10.55057/ijaref.2023.5.1.22

_________________________________________________________________________________________

Abstract: This study focuses on the use of blockchain data security technology and its application in pharmaceutical companies, providing a theoretical foundation for achieving digitalization, efficient traceability, and ensuring the quality and safety of drugs in the rapidly advancing technological landscape. The research is based on a thorough review of the literature, supplemented by case studies, and provides insights into the data security scheme required for pharmaceutical companies' traceability processes. It also highlights the various steps involved in the traceability procedures, which have the potential to produce data and involve multiple participants. Effective technical security measures should be employed to manage and use the data to ensure its security and provide tools for maintaining drug quality.

Also, the study highlights the technical foundation required to implement data security management, including blockchain and data security technology in the various data states analyzed, provides valuable management insights for medical enterprises or institutions, and explores the realization principles of various data security technologies in conjunction with blockchain technology. The research provides a comprehensive application of literature and cases and serves as a guide for enterprises' actual data security management, providing resources for pharma companies undergoing digital transformation to make strategic decisions about information management. Overall, the study offers valuable insights for learning lessons and generating new ideas in pharmaceutical traceability.

Keywords: blockchain, medical service, privacy protection, drug traceability, privacy computing, ring signature

___________________________________________________________________________

1. Introduction

In the era of big data, the role of data in driving the development and progress of various industries cannot be overstated. However, the emphasis on data capitalization has also brought about a growing concern for data privacy and security, making it a hot topic in academic circles.

Various approaches have been attempted to address data privacy protection, including data privacy computing. This approach utilizes encryption technology to integrate data files, enabling multiple parties to use the data while keeping it "available and invisible" (Report, 2020; Xu et al., 2021).

The emergence and advancement of blockchain technology in recent years have further facilitated the protection of data privacy. With the integration of cryptography, smart contracts, consensus mechanisms, and peer-to-peer (P2P) technology, private data can now be made immutable, traceable, and decentralized. This has enabled secure storage and trusted transmission of private data while also addressing the challenge of uploading sensitive data to the chain (Yuan et al., 2021).

The storage, processing, and transmission of medical data rely heavily on electronic files that can support their veracity in digital forms such as texts, images, and voices (Zeng et al., 2021).

However, traditional archival evidence has limitations such as centralized and unilateral storage, making data prone to misplacement and alteration and making it challenging to confirm its veracity, legality, and utility. Blockchain technology has the potential to address these limitations by providing decentralized, tamper-resistant, and distributed trust features (Cao et al., 2020). These features ensure the security of data transmission and access, making it an attractive solution for digital file preservation. In addition, blockchain technology's unique characteristics can effectively break through the boundaries of traditional internet governance, enabling product data to become more open and transparent and enabling product source inquiries, location tracing, and accountability measures.

Drug quality and safety are significant concerns for people's health and well-being. Inefficient traditional monitoring methods make it difficult to ensure the safety and reliability of the drug supply chain. Establishing an effective drug traceability system is critical for protecting people's physical and mental health and safety. Blockchain technology can provide a solution by making product data more transparent and accountable. This study aims to discuss the application of blockchain encryption technology to information security and privacy protection for electronic drug files of the ZH pharmaceutical company. By providing a theoretical and practical research foundation in this field, the study seeks to offer valuable insights into drug traceability and data security in the healthcare industry.

2. Literature review

2.1 Authentication and Security of Electronic Archives

The use of blockchain digital signature technology has been extensively studied in electronic file certification to achieve data security certification and non-repudiation. Ensuring the authenticity and traceability of electronic files requires the authentication of relevant personnel involved in evidence collection.

Academics have extensively explored this research area. For instance, Chen et al. (2020) have conducted thorough studies on the use of digital signatures and blockchain in remote video forensics for criminal prosecution cases. In addition, Fujisaki (2007) proposed a ring signature scheme that allows the signer to independently select a public key set, create a legitimate signature using the public key set's name, and publish it, providing adequate privacy protection for collectors' identities. Rivest et al.'s (2001) invention of the ring signature has opened up new avenues for research into electronic archives. Subsequently, specialists and academics have made numerous advancements to the ring signature scheme. Sun et al. (2005) have used ring signature technology to authenticate anonymous Monero transactions.

In the realm of electronic archives, confidentiality is of utmost importance, followed by the security certification of archive data. To ensure the unity of authentication and confidentiality when storing electronic files, the common practice is to first sign and then encrypt. Huang et

al. (2005) pioneered the idea of signature encryption, which incorporated the concept of a ring signature into the signature encryption scheme. This approach guarantees confidentiality and anonymous authentication, reducing computation and boosting certificate storage efficiency.

Building on Huang's work, Du (2009) provided security proof and developed an identity-based signature scheme, which served as the foundation for proposing an identity-based ring- signature encryption scheme. This scheme allows senders to send messages completely anonymously while ensuring confidentiality and authentication. Li et al. (2008) proposed a ring signature scheme without a trusted center that utilizes distributed key generation technology, and Cheng et al. (2009) created an identity-based ring signature encryption framework without a trusted center to address the key escrow issue in the identity cryptosystem. Finally, Selvi et al. (2009) noted that the signature encryption scheme permits the use of the same random number for both encryption and authentication, which enhances the efficiency of the scheme's operation without compromising its security.

2.2 Privacy computing

Privacy computing is a technique that enables data to be accessible and invisible to all parties, ensuring that no one's private information is disclosed. According to Gartner's classification, privacy computing technologies have three types: multi-party secure computing, federated machine learning, and trusted execution environments (Gartner, 2021). Multi-party secure computing was introduced by Yao (1982), an academician of the Chinese Academy of Sciences, who proposed the "millionaire problem." Goldreich et al. (1987) further extended multi-party secure computing to scenarios with multiple participants, leading to the emergence of several technical branches of multi-party secure computing technology, such as homomorphic encryption, secret sharing, inadvertent transmission, and obfuscated circuits.

Rivest et al. (1978) proposed homomorphic encryption technology, while Li Lang et al. (2015) proposed partial, some, and fully homomorphic encryption.

To protect privacy in message transmission, Shamir (1979) and Blakely et al. (1979) proposed secret sharing, and Rabin (2005) proposed inadvertent transmission technology. Obfuscated circuit technology was born in 1986, with Professor Yao Qizhi using Boolean circuits to build a secure function calculation solution for the millionaire problem. Goldreich et al. (1987) increased the number of participants and applied Yao's (1982) theoretical research findings.

Lindell and Pinkas (2009) further improved Yao's obfuscation circuit scheme. Bellare et al.

(2012) defined the concept of an obfuscated circuit in detail, adding to the theoretical foundation of an obfuscated circuit.

In 2016, Google proposed federated learning, a privacy-preserving distributed machine learning framework that enables multi-participant joint training while maintaining the dispersion of training data. Federated learning enables the analysis and learning of data from multiple owners without exposing the data, ensuring data availability and invisibility. The three types of federated learning are horizontal federated learning, vertical federated learning, and federated transfer learning. Differential privacy and encryption algorithms are primarily used to protect data privacy in the federated learning process (Shi et al., 2021).

Trusted Execution Environments (TEEs) construct secure operating environments that enable secure data execution. The concept is derived from the open mobile terminal platform OMTP, which protects sensitive information on mobile devices, enhancing the security and integrity of sensitive data (OMTP, 2009). UCloud combines blockchain and SGX technology to run smart contracts in a trusted environment, ensuring confidentiality (Ant, 2021). Security

technologies based on Trust Zone include Huawei's fingerprint recognition, Apple's Secure Enclave, and Samsung's Knox system (Fan & Dong, 2016).

Blockchain comprises six layers, including data, network, consensus, incentive, contract, and application layers. The blockchain structure includes hash pointers, with each block's block header linking to the block's hash value. Since blockchain is a peer-to-peer network, each node is equal and linked to others, providing functions for data storage, such as trusted accounting, data non-tampering, and data traceability. The integration of private data computing and data value in institutional medical service collaboration promotes trustworthy private data management (Yan, 2021). The compatibility of blockchain's decentralization and traceability with privacy computing's security and privacy requirements effectively addresses traditional privacy computing drawbacks, such as data flow inefficiency in sharing networks. Blockchain and privacy computing integration yield fruitful application results in various industries, including blockchain, medical care, and data analysis.

Multi-party secure computing combined with blockchain can improve privacy, verifiability, and transparency in computing. Wang et al. (2021) proposed a new energy storage-sharing method that combines blockchain and multi-party secure computing technology, enabling multiple users to share common storage costs while maintaining privacy and security. Zhu et al. (2019) designed a new smart contract framework to enhance the privacy security of multi- party secure computing and demonstrated the scheme structure and smart contract operation process in the privacy computing process. Wang et al. (2019) proposed a medical data sharing and multi-party secure computing scheme that combines public key encryption with on-chain and off-chain storage, guaranteeing data privacy and security and improving diagnosis and treatment efficiency. Zhou et al. (2021) developed a publicly verifiable and secure multi-party security protocol that maintains data privacy while improving transparency by researching off- chain data encryption and on-chain computing. Wang et al. (2021) created an auction scheme by integrating blockchain and multi-party security, making the auction process more secure and reliable without third-party guarantees.

Federated learning combined with blockchain is an exciting area of research, providing a secure data exchange environment for federated learning and incentivizing it through blockchain mechanisms. Kim et al. (2019) proposed a mining system scheme based on blockchain technology, improving mining rewards and addressing the server's single point of failure.

Similarly, Qi et al. (2021) proposed a framework for traffic flow prediction combining blockchain and federated learning, greatly improving accuracy and efficiency while protecting privacy. Polap et al. (2021) proposed an agent model for secure medical data exchange, and Korkmaz et al. proposed a decentralized federated learning scheme using Ethereum smart contracts. Zhang et al. (2020) proposed a fault detection architecture for the Industrial Internet of Things, enabling secure verification of customer data and motivating users to participate in federated learning via smart contracts.

Combining a trusted execution environment with blockchain can effectively improve the security and efficiency of blockchain. Ayoade et al. (2018) proposed a new IoT data management architecture that combines blockchain and smart contracts, addressing traditional IoT data management problems. Siris et al. (2019) used hash lock and time lock to encrypt data and design a trusted resource access payment framework, while Wang et al. integrated blockchain technology with the trusted execution environment and secure communication protocol, building a shared transaction data framework. Zhang et al. (2020) proposed an election voting system based on blockchain's blind signature and homomorphic encryption

technology, ensuring fairer and more just voting. Maddali et al. (2020) proposed the privacy computing framework VeriBlock, combining verifiable computing and trusted execution environment technologies. Wang et al. (2020) used blockchain decentralization technology to conduct privacy computing and built a car crowdsourcing network framework, making privacy computing more secure and efficient. Enkhtaivan et al. (2019) created an anonymous auction scheme, employing a trusted execution environment and tracking key counters to ensure fair bidding. Su et al. (2020) created a trusted data transaction framework by combining decentralized technology with a trusted execution environment, resulting in a dependable and trusted platform for fair data transactions between buyers and sellers.

2.3 Secret sharing fusion technology

Secret sharing is a crucial cryptography technique encompassing three aspects of information security: data confidentiality, integrity, and availability. In the application, the secret sharing technology has the characteristics of Byzantine fault tolerance, distribution, and fault tolerance.

Blockchain technology and secret sharing technology are highly correlated and complementary. The organic combination of the two improves the blockchain's stability and efficiency and expands its functions. Blockchain can be combined with secret sharing technology in consensus, data storage, and smart contracts, making it possible to easily realize many cryptography-based data availability and data privacy application issues. In electronic voting, cryptography has been widely used in many fields, such as management and data recovery (Li et al., 2019; Hanke et al., 2018; Naz et al., 2019). Verifiable secret sharing technology is one of the essential data security technologies. The verifiability of secret sharing technology ensures that the secret data is not tampered with, guarantees the data's integrity, and realizes non-center multi-party cooperation and computation through reasonable design and application.

Secret sharing protocols necessitate the distributor's honesty and trustworthiness. The verifiable secret sharing protocol augments the share distribution algorithm with a commitment value, allowing the shareholder to assess the distributor's honesty based on the share and the commitment value. Verifiable secret sharing, as opposed to secret sharing protocols, allows shareholders to determine whether secret distributors have sent them fake share values. Secret sharing and secret sharing protocols require using secure channels to transmit shares in verifiable secret sharing protocols. Shares are encrypted and secured using the shareholder’s public key in a publicly verifiable secret sharing protocol. According to Attasena et al. (2017), functional characteristics such as data privacy, confidentiality, data integrity, and data availability are critical foundations for secret sharing technology to become a secure multi- party computing protocol.

The fault-tolerant characteristics of distributed systems are referred to as Byzantine fault tolerance. It arose from a well-known distributed system problem: the Byzantine Generals’

problem. The difficulty in developing a Byzantine fault-tolerant system is that forming a correct consensus in the presence of malicious participants is difficult, and it must satisfy both security and liveness requirements. Security implies that all honest participants always achieve a consistent consensus outcome in all decisions. Because it is alive, consensus can always be reached eventually without being disrupted by malicious actors.

Zhang et al. (2019) proposed a five-layer model for the blockchain system, which includes the storage, network, consensus, smart contract, and application layers. The storage layer is responsible for storing and managing transactions, and it uses a suitable data structure or database to do so efficiently. The network layer facilitates communication between nodes using

a point-to-point network communication protocol, while also dealing with malicious behavior from Byzantine nodes. The consensus layer uses a distributed consensus algorithm and incentive mechanism to achieve Byzantine fault tolerance and solve distributed consistency problems. The smart contract layer provides user-programmable interfaces for implementing smart contract code easily and autonomously. Finally, the application layer allows users to interact with the blockchain system through various applications.

According to Yao (1982), multi-party secure computation is the problem of safely using different participants' values as input to calculate a function value in the absence of a trusted first-weight party. Blockchain, for example, is frequently regarded as a secure multi-party computation protocol or system, and secret sharing is frequently regarded as a cryptographic primitive for secure multi-party computation. Secret sharing protocols are essentially a collection of cryptographic primitive algorithms. The secret holders in the secret sharing protocol distribute shares across the network, and finally, the shareholders agree on whether the shares were successfully distributed via network negotiation. A blockchain is an evolving system that follows a specific protocol has storage, computing, and programmability. Peer nodes in the blockchain system construct and broadcast messages before reaching a consensus on historical data across the entire network.

2.4 Secret sharing and blockchain consensus technology

The consensus algorithm plays a crucial role in ensuring the stability and security of the blockchain system. The PoW consensus algorithm used in Bitcoin Printing addresses several critical issues, including miner rewards, "double spending," and node control. Recent research by Abraham et al. (2017) and Gramoli (2020) has shown that combining the non- controversiality and security of the PoW algorithm with a Byzantine fault-tolerant protocol algorithm model results in a blockchain system with Byzantine fault tolerance. Expanding the research scheme for Byzantine fault-tolerant consensus algorithms, Berger et al. (2018) highlighted the importance of parallel transaction processing, trusted hardware, proxy committees, cryptographic primitives, and network topology optimization. Cachin and Zanolini (2021) proposed an asymmetric Byzantine fault-tolerant consensus algorithm that addresses asymmetric trust in distributed systems. Du et al.'s (2020) research provides a solution to the fairness issue in Byzantine fault-tolerant consensus algorithms, ensures the availability of random numbers, and constructs a trusted random source using secret sharing technology. These advancements demonstrate the importance of continued research and development of consensus algorithms to improve the efficiency, security, and reliability of the blockchain system.

Byzantine fault-tolerant protocol often utilizes the secret sharing protocol as a sub-step or sub- link. Many Byzantine fault-tolerant protocols, including the distributed key generation protocol and the verifiable random number beacon protocol, are implemented by letting each participant secretly share the protocol once per round (Bhat et al., 2021; Syta et al., 2017). However, agreeing on plaintext upfront in these protocols is insufficient for protecting data privacy. To address this, Basu et al. (2019) combined the VSSR protocol with the Byzantine fault-tolerant protocol to create eight private PBFT protocols for key-value pairs. Active secret sharing, an extension of secret sharing used to increase the security of the secret sharer's secret, was proposed by Herzberg et al. (1995). According to Zhang et al. (2022), the APSS protocol is more resilient to DoS attacks and dynamic adversary attacks than the active secret sharing protocol in the synchronization case.

The contribution of secret sharing to the PoS consensus and this type of consensus in PoW have been criticized for their significant electricity use. To address this issue, the proof-of-stake (PoS) algorithm was developed. According to Schindler et al. (2020), the verifiable random number beacon protocol and the blockchain's PoS consensus algorithm are two Li Sheng problems that can be addressed with secret sharing (Schindler et al., 2020). However, one major challenge for PoS consensus algorithms, according to Kiayias et al. (2017), is developing fair and random procedures for selecting leader nodes in a distributed system. To implement the proof-of-stake consensus algorithm, various PVSS protocols and network communication models, such as Ouroboros, HydrandM, SCRAPE, and RandShare, can be used (Casudo &

David, 2017; Syta et al., 2017). These protocols utilize secret sharing as an underlying cryptographic primitive technology.

2.5 Secret sharing and blockchain smart contract technology

Smart contracts have revolutionized how services such as publicly verified computing, trusted storage, and incentive mechanisms are provided, without the need for a trusted intermediary, thereby ensuring the confidentiality and effectiveness of secret sharing. By leveraging open and transparent storage and computing capabilities, smart contracts can provide services for any secret sharing protocol that allows for public verification. Zhang et al. (2021) proposed a centerless hierarchical secret sharing framework based on the Ethereum test network and found that only one round devoid of a trusted third party is necessary to achieve verifiable, equitable, and multi-level secret management in communication.

Secret sharing has been successfully employed in several use cases, such as electronic voting systems and secure data sharing during group collaborations. Tso et al. (2019) and Hsiao et al.

(2017) used secret sharing, homomorphic encryption, and blockchain smart contracts to create an electronic voting system that addresses issues with traditional voting systems, such as single node failure, information leakage, and vote bribery, thereby increasing the voting process's fairness. Zhu et al. (2018) developed a smart contract framework that integrates secure multi- party computing technology and secret sharing technology to effectively protect information privacy during group collaboration. Cyran et al. (2018) created a medical data sharing solution to protect medical privacy data using blockchain storage and smart contract verification computing technology. Maram et al. (2019) proposed CHURP, a new smart contract authentication protocol with an asymmetric binary polynomial and an efficient polynomial commitment protocol that allows for active secret sharing.

The integration and development of blockchain technology and privacy computing technology have effectively broken-down data barriers between different industries and institutions, increasing data value and availability, and promoting rapid development. However, this development also brings new challenges. The application of blockchain and multi-party secure computing increases the complexity of communication and calculation in the encryption and decryption process, requiring a large amount of computing and communication resources.

While ensuring the security and accuracy of private data, maintaining computing efficiency is a new challenge. Adding noise to differential privacy, the quality and size of participants' data affect the accuracy of the model in federated learning. Establishing a reasonable incentive mechanism to ensure fairness and improve the effectiveness of training is necessary for privacy protection. Urgent issues such as the flawed TEE scheme system and numerous network attacks must also be addressed in future development.

3. Materials and Methods

3.1. Materials

The study starts with a comprehensive review of the literature on the application of blockchain- based data security in healthcare. The literature sources are from academic databases such as Scopus and Web of Science, as well as relevant conference proceedings, journals, and books.

The search was conducted using appropriate keywords related to blockchain-based data security and healthcare. The review included qualitative and quantitative studies investigating the use of blockchain technology for healthcare data security. The subsequent phase is to conduct a case study to explore the application of blockchain-based data security in healthcare.

The case study involved selecting a healthcare organization that has implemented in the process of implementing blockchain technology for data security. ZH Pharmaceutical Company (pseudo name) was selected based on its willingness to participate in the study and its experience with blockchain technology.

3.2. Methods

The study employs both literature research and case study for several reasons. Firstly, the literature research enables the systematic analysis of previous research related to blockchain technology, medical services, and drug traceability. This provides a comprehensive understanding of the problems and solutions that have been previously addressed, thus aiding in the advancement of this research. Secondly, despite the ongoing research in data security technology, blockchain technology is still in its early stages. While blockchain and data security technology use in drug traceability research is not yet widespread, this study examines the research and development space in recent years through a literature review to identify new and innovative ideas. Thirdly, this study is a complex multidisciplinary investigation that involves interdisciplinary research in data security, blockchain technology, drug traceability, and related fields. The case study enhanced the study's methodology and provided a practical foundation for businesses dealing with data security issues, lending a quantitative approach to the research.

4. Case and Analysis

4.1 Cases

The ZH Pharmaceutical Company is a well-established pharmaceutical firm that has undergone 15 years of development. The company's primary focus is pharmaceutical research, boasting a range of highly efficient automated production and inspection equipment. Drug quality and safety management are of paramount importance to the company. However, the current drug traceability system is outdated, using a traditional centralized accounting method that suffers from poor management efficiency, limited sharing and utilization, and a lack of transparency in data supervision. Such a system poses a significant risk of data leakage and tampering, which could compromise the quality and safety of medicines. To address these issues, the company aims to integrate information technology to enhance the product traceability information chain, providing consumers with a more efficient and convenient traceability system. To ensure the effective and secure operation of the traceability system, adequate data security measures need to be put in place. The ZH Pharmaceutical Company is considering utilizing blockchain encryption technology to enhance the security of the new drug traceability system.

4.2 Discussion

The traditional drug traceability system of HZ Enterprises usually achieves traceability through the QR code (Quick Response) on the drug package. However, QR code traceability has

different degrees of defects in terms of function, supervision, data traceability, operational efficiency, and information transparency. And this undoubtedly increases the risk of information security.

Figure1: Local traceability through QR code

In terms of pharmaceutical information traceability function, the production and storage departments of traditional Chinese medicine products of pharmaceutical enterprises can only establish local traceability with external pharmacies. Currently, no comprehensive drug traceability system is fully interconnected in the complex environment of cross-medical institutions, cross-research institutes, and cross-factories. Moreover, various departments or business types are separated, leading to the phenomenon of information silos, which is a significant cause of inadequate supervision by regulatory authorities. One of the main consequences of this situation is the issue of data tampering, which makes it impossible to ensure the authenticity of data. In terms of storage and interaction, the problem of information islands also easily leads to problems such as imperfect data storage and acquisition, and the interaction difficulties caused by information independence will also reduce the operation's efficiency. In addition, the pharmaceutical supply chain is characterized by openness, and security and privacy protection are also big problems, which make it easy to have inconsistent information. Therefore, the traditional traceability system cannot support full traceability requirements in all aspects through the QR code on the drug package (Figure 1).

Figure 2: Fully link of pharmaceutical information Data source: www.Baidu.com

The figure above illustrates that the pharmaceutical traceability system that utilizes blockchain technology is distinct from the traditional local pharmaceutical chain. This system integrates all business processes, from drug production to the final feedback stage, and creates a comprehensive information link that records critical information, such as drug information, logistics information, receiving agency, responsible person, receiving time, warehousing time, drug quantity, and other relevant data in blocks. Distributed blocks recorded each business process and generated document, and the recorded information is immutable and tamper-proof.

Its tamper-proof and distributed storage features enable information to maintain certain authenticity in blocks. In addition, due to the special information characteristics of the pharmaceutical field, its business subject information needs to be recorded in detail and data input, which conflicts with the anonymity of business subject information in the blockchain.

However, the security and controllability of privacy in blockchain technology can better protect the information of the subject identity and data transmission content that generates business relations.

The pharmaceutical traceability system built by using blockchain technology can enable business entities to dynamically enter the traceability link through fair competition, changing the inherent mode of the traditional pharmaceutical traceability link, and the way of entering the link through fair competition can effectively improve the optimization of activities in business processing. Therefore, data generated by fully interconnected business entities and processes based on blockchain technology can be shared under the best strategy.

The fully interconnected medical system of ZH Enterprise has solved the problems of data islands, interaction barriers, information privacy prevention, and other issues in the local interconnected system to a certain extent, providing a reference for cross-industry medical data sharing and privacy protection. However, the system also has certain defects.

First, cost is an important issue. Due to the complete data of the comprehensive interconnected drug supply chain, the input data is well protected due to its tamper-proof nature, which increases the data integrity and real name. This also means that the data capacity will be very large, resulting in excessive waste of hardware equipment resources, and the data volume in the link will be expanded in the form of a power level in a short time. As a result, the medical traceability system and its operation and construction costs, realized through blockchain and hard disk storage technology such as servers, are very expensive. Each block node needs to purchase hardware equipment and pay corresponding maintenance costs, which means that the pharmaceutical enterprise will face large cost consumption during system start-up, system operation, and maintenance, which requires active use of corresponding technologies to alleviate this reality. In terms of the reconstruction of operational requirements, matching schemes are also involved.

Secondly, the problem of data overload. Although ZH enterprises have solved the problems of traditional QR code traceability by sharing efficiency and reducing security risks by using blockchain technology in the construction of the pharmaceutical platform traceability system, they have neglected the management of excessive data in the implementation. From this perspective, it is unwise to record all medical information on the chain in full and for a long time. The amount of information shared in the link is huge and has the characteristics of being multi-sourced. It is unrealistic to rely solely on the data generated by the operation of the blockchain to support business decision-making and evaluation. Especially when faced with complex environments such as inter-agency or cross-domain, the problem of data volume and its processing will become an obstacle to the continuous use and development of the system,

and this problem will also be one of the key problems that perplex ZH enterprises. Therefore, this problem still exists. It is necessary to balance the interests of all parties and increase investment in technological innovation, research, and development. For example, some scholars explored the use of "cloud technology" and tried to find solutions to the problem.

Finally, the timeliness of demand response and the universality of sharing. Blockchain technology can help all parties in the chain meet their information needs, and blockchain can also help enterprises in the chain maximize the sharing of resources in the chain. However, the timeliness of response and the universality of sharing after requirements are put forward are also limited. For example, the transaction proposal of the link broadcast raw material demand of the ZH enterprise in the block environment can be seen by the suppliers in the link, but there is a certain time difference between the discovery of the proposal and the response of multiple suppliers, which may lead to the loss of users of registered enterprises. In the case of an artificial delay and many participants, communication efficiency may be affected. The system delay will affect the data and information of suppliers about assets, liabilities, scale, drug quality, drug value, drug distribution capacity, and other aspects that pharmaceutical companies hope to share.

Through an analysis of the ZH medical traceability system, it was found that, in addition to being able to track things, the operation process should also be able to share information in a timely and thorough way and handle links in an intelligent way. In the aspect of cost control, we can also take the route of local reconstruction of the system and make targeted improvements to save costs. In addition, the combination of technology and application can also bring new improvements to the system, such as the joint application of blockchain technology and cloud computing technology.

5. Management Implications

Through the ZH Pharmaceutical Company case study, it is found that when building a distributed drug traceability system supported by blockchain technology. Firstly, the business processes of participating nodes in the drug traceability system must first be sorted out, such as pharmaceutical companies, suppliers, logistics providers, drug regulatory authorities, drug distributors, consumers, etc.

Secondly, utilize the technical frameworks such as basic modules, core modules, and switching modules to analyze and optimize related business reorganization designs. Analyze and optimize related business reorganization designs using the basic module, core module, switching module, and other technical frameworks. Among these are the data layer, the acquisition layer, and the operation layer in the basic module, the contract layer, the consensus layer, and the network layer in the core module, and the application layer in the exchange module.

Finally, sub-modules such as medicinal material planting, medicinal material production and processing, product quality management, warehousing and logistics management, sales and circulation, regulatory authorities, and customer service are established in turn based on the characteristics of blockchain technology to ensure that the drug traceability system is efficient and reasonable.

The study uses typical information management concerns in medical companies as an example.

The research, backed by blockchain information security technology, offers solutions to the

problem of information leakage in the digital decision-making of pharmaceutical enterprises.

It analyzes and summarizes the technical functions and benefits and elucidates the critical factors that need consideration in the digital process, from the pharmaceutical enterprise information management reform viewpoint. This research lays a solid foundation for proposing practical and effective solutions.

6. Conclusion and Findings

The traditional drug traceability system currently has issues such as a lack of credibility and a lack of sharing of traceability information. The lack of credibility is caused by the centralization of the system structure and the ease with which data can be tampered with. The main reason for the lack of sharing traceable information is traceability. The system's centralized structure To address the issues with the current drug traceability system, we can optimize and improve the system's structural centralization by constructing a weakly centralized traceability system using blockchain technology as the underlying technology and multi-participation to prevent data from being easily tampered with by humans.

Blockchain technology is a distributed ledger in which each participating node shares data.

Data collection will inevitably involve corporate confidentiality and privacy for participating node companies. Blockchain technology is still being explored and tested in the pharmaceutical industry's product traceability system, and a mature application model has not yet been formed.

Furthermore, while blockchain data is difficult to tamper with once it is placed on the chain, determining the authenticity of the source data remains difficult. The next step is to deepen research on related technologies, use blockchain and Internet of Things technology to realize the interconnection and interoperability of medical information system participants, further optimize and improve the traceability system, unify drug codes, and build a unified standard traceability system (Liu, 2020). To increase the credibility of traceability and information sharing in order to make the drug traceability process safer, more efficient, and more accurate, as well as to achieve traceability of drug sources, inquiries about whereabouts, and accountability. The development of modern communication, artificial intelligence, and other technologies is expected to make data standardization more mature in the future, and the process of drug traceability systems more intelligent and standardized (Chitra & Tazim, 2020).

The study takes the defects of traditional information management in medical companies as a case, with the support of information security technology in the blockchain, and provides solutions to problems such as information leakage for the digital decision-making of pharmaceutical companies through the review and analysis of technical functions and utility.

The research interprets the aspects that should be considered in the digitalization process of pharmaceutical enterprises from the perspective of the information management reform of pharmaceutical enterprises, and lays a foundation for proposing reasonable thinking and action paths.

References

Ant Group. (2022). Confidential computing cloud service. Retrieved February 25, 2022 from https://www. ibm. com/cloud/learn/ confidential-computing.

Attasena, V, Darmont, J, & Harbi, N. Secret sharing fbr cloud data security: a survey. (2017).

The VLDB Journal, (26), 657-681.

Ayoade, G., Karande, V., Khan, L., et al. (2018). Decentralized IoT data management using blockchain and trusted execution environment [Paper presentation]. 2018 IEEE International Conference on Information Reuse and Integration (IRI), Piscataway.

Bai, X., Wang, Q., & Chen, Y. (2020). Application Research of Electronic Evidence Platform Based on Blockchain Technology. Cyberspace Security, 10(11), 104- 109.

Basu, S., Tomescu, A., Abraham, I., Malkhi, D., Reiter, M. K., & Sirer, E. G. (2019). Efficient Verifiable Secret Sharing with Share Recovery in BFT Protocols [Paper presentation].

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom.

Bellare, M., Hoang, V. T., & Rogaway, P. (2012). Foundations of garbled circuits [Paper presentation]. Proceedings of the 2012 ACM conference on Computer and communications security, Raleigh, North Carolina, USA.

Berger, C., & Reiser, H. P. (2018). Scaling byzantine consensus: A broad analysis [Paper presentation]. Proceedings of the 2nd Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers, Rennes, France.

Bhat, A., Shrestha, N., Luo, Z., Kate, A., & Nayak K. (2021). Randpipep-reconfiguration- friendly random beacons with quadratic communication, CCS.

Blakley, G. R. (1979). Safeguarding cryptographic keys [Paper presentation]. International Workshop on Managing Requirements Knowledge, MARK.

Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing [Paper presentation]. Advances in Cryptology-CRYPTO, Berlin, Germany.

Cachin, C., & Zanolini, L. (2020). From symmetric to asymmetric asynchronous byzantine consensus. Cornell University.

Cao. H., Lin, L., Li, Y., et al. (2020). Review of Blockchain Research. Journal of Chongqing University of Posts and Telecommunications, 32(1), 1-14.

Cascudo, I., & David, B. (2017). SCRAPE: Scalable Randomness Attested by Public Entities [Paper presentation]. International Conference on Applied Cryptography and Network Security, Cham.

Cheng, W., Wang, C., Qiao, X., et al. (2009). Identity-based ring signcryption scheme without trusted center. Computer Engineering and Applications, 45(27), 119-122.

Chen, X., & Lin, G. (2020, March). An Analysis of Electronic Signatures Expanding Non- Contact Remote Video Forensics—The Theory and Practice of Cybercrime Governance for Better Criminal Prosecutions [Paper presentation]. 16th National Senior Prosecutors Forum, Beijing, China.

Chen, X., & Lin, G. (2020). An Analysis of Electronic Signatures Expanding Non-contact Remote Video Forensics—The Theory and Practice of Cybercrime Governance for Better Criminal Prosecutions [Paper presentation]. Proceedings of the 16th National Senior Prosecutors Forum, Beijing, China.

Chitra, L. K., & Tazim, A. (2020). Modeling performance indicators of resilient pharmaceutical supply chain. Modem Supply Chain Research and Applications, (3), 4 8-52.

Cyran, M. A. (2018). Blockchain as a Foundation for Sharing Healthcare Data. Blockchain in Healthcare Today, 2018.

Du, M., Chen, Q., & Ma, X. (2021). MBFT: a new consensus algorithm fbr consortium blockchain. IEEE Access, (8), 87665-87675.

Enkhtaivan, B., Takenouchi, T., & Sako, K. (2019). A fair anonymous auction scheme utilizing trusted hardware and blockchain [Paper presentation]. 17th International Conference on Privacy, Security and Trust, Piscataway.

Fan, G., Dong, P. (2016). Research on Trust Zone-based Trust Zone Construction Technology.

Information Network Security, (3), 21-27.

Fujisaki, E., Suzuki, K. (2007). Traceable ring signature [Paper presentation]. International Workshop on Public Key Cryptography, Berlin, Heidelberg, Germany.

Gartner. (2021). Gartner releases key strategic technology trends for 2021. Retrieved May 10, 2022 from https： //www. gartner. com/cn/new sroom/press-releases/2021 - top- strategictechnologies-cn.

Goldreich, O., Micali, S., & Wigderson, A. (1987, January). How to play ANY mental game [Paper presentation]. Proceedings of the nineteenth annual ACM symposium on Theory of computing, New York, New York, USA.

Gramoli, V. (2020). From blockchain consensus back to Byzantine consensus. Future Generation Computer Systems,107, 760-769.

Hanke, T., Movahedi, M., & Williams, D. (2018). DFINITY Technology Overview Series, Consensus System. arXiv:1805.04548.

He, B., & Wang, G. (2018). Analysis of medical management information application based on blockchain technolog. Journal of Sichuan University, 55(6), 1219-1224.

Herzberg, A., Jarecki, S., Krawczyk, H., & Yung, M. (1995). Proactive Secret Sharing Or:

How to Cope With Perpetual Leakage. Advances in Cryptology-crypto [Paper presentation]. International Cryptology Conference, Santa Barbara, California, USA.

Hsiao, J. H., Tso, R., Chen, C. M., et al. (2017). Decentralized E-Vbting Systems Based on the Blockchain Technology. Lecture Notes in Electrical Engineering, (474), 305-309.

Huang, D. (2021). Electronic evidence authentication encryption scheme combining blockchain and ring signcryption. Journal of Chongqing University of Posts and Telecommunications: Natural Science Edition, 34(1), 8.

Huang, X., Susilo, W., & Mu, Y. (2021). Identity-based ring signcryption schemes [Paper presentation]. Proceedings of the AINA 2005, Berlin, Germany.

Hu, Y., Zhang, L., & Zhang, J. (2010). Research on the Drug Supervision Mode in the Internet of Things Era. China Pharmaceutical Affairs, 24(10), 944-945.

Kiayias, A., Russell, A., David, B. et al. (2017). Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol [Paper presentation].International Cryptology Conference, Cham.

Kim, H., Park, J., Bennis, M., et al. (2019). Block chained on-device federated learning. IEEE Communications Letters, 24(6), 1279-1283.

Korkmaz, C., Kocas, H. E., Uysal A., et al. (2020). Chain FL: decentralized federated machine learning via blockchain [Paper presentation]. 2020 Second international conference on blockchain computing and applications (BCCA), IEEE.

Li, J., He, X., & Luo, D. (2008). Identity-Based Untrusted Center Threshold Ring Signature Scheme. Computer Engineering, 34(20), 164-169.

Li, J., & Liu, Y. (2021). Drug Safety Traceability System Based on QR Code. Science and Technology Innovation, (21), 95-98.

Li, J., Wang, X., Huang, Z., Wang, L.C., & Xiang, Y. (2019). Multi-level multi-secret sharing scheme fbr decentralized e-voting in cloud computing. Journal of Parallel and Distributed Computing, (130), 91-97.

Li, L., Yu, X., & Yang, Y. (2015). A review of the research progress of homomorphic encryption. Computer Application Research, 32(11), 3209-3214.

Lindell, Y., & Pinkas B. (2009). A Proof of Security of Yao's Protocol for Two-Party Computation. Journal of Cryptology, 22(2), 161-188.

Li, N., & Su, S. (2012). Design of a drug anti-counterfeiting traceability system based on lightweight digital signature. Journal of Wuhan University, 58(6), 503-507.

Liu, G. (2020). Make the drug traceability system effective. Pharmaceutical Economics News, 2020-09-10.

Liu, W., Li, Y., & Tian Z. (2020). IDDS: A blockchain model for data sharing of infectious diseases with a double-chain structure. Computer Application Research, (1), 1-6.

Maddali, L., Thakur, M. S. D., Vigneswaran, R., et al. (2020). VeriBlock: A Novel Blockchain Framework based on Verifiable Computing and Trusted Execution Environment [Paper presentation]. 2020 International Conference on Communication Systems

&NETworks, IEEE.

Maram, S. K. D., Zhang, F., Wang, L., Low, A., Zhang, Y., Juels, A., & Song, D. (2019).

CHURP: Dynamic-Committee Proactive Secret Sharing [Paper presentation].

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom.

Naz, M, Al-zahrani, F.A., Khalid, R., Javaid N., Qamar A.M., Afzal M.K., & Shafiq M. (2019).

A secure data sharing platform using blockchain and interplanetary file system.

Sustainability, (11), 7054.

OMTP. (2021). OMTP advanced trusted environment OMTP TRlvl. Retrieved April 25, 2022 from http://www.omtp.org/OMTP_Advanced_Trusted_Environment.

Park, M., Kim, J., Kim, Y., et al. (2019). An SGX-based key management framework for data centric networking [Paper presentation]. International Workshop on Information Security Applications, Cham.

People's Daily. (2015). Opinions of the General Office of the State Council on Accelerating the Construction of Important Product Traceability System, People's Daily, 2015-01- 12.

Polap, D., Srivastava, G., & Yu, K. (2021). Agent architecture of an intelligent medical system based on federated learning and blockchain technology. Journal of Information Security and Applications, 58, 102748.

Qi, Y., Hossain, M. S., Nis, J., et al. (2021). Privacy-preserving blockchain-based federated learning for traffic flow prediction. Future Generation Computer Systems, 117, 328- 337.

Rabin M. O. (2005). How to exchange secrets with oblivious transfer. Cryptology ePrint Archive.

Rivest, R. L., Adleman, L., & Dertouzos, M. L. (1978). On data banks and privacy homomorphisms. Foundations of Secure Computation, 4(11), 169-180.

Rivest, R. L., Shamir, A., & Tauman, Y. (2001). How to leak a secret [Paper presentation].

International Conference on the Theory and Application of Cryptology and Information Security, Berlin, Germany.

Schindler, P., Judmayer, A., Stifter, N. et al. (2020). Hydrand: Efficient continuous distributed randomness [Paper presentation]. IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.

Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612-613.

Selvi, S. S. D., Vivek, S. S., Srinivasan, R., et al. (2009). An efficient identity-based signcryption scheme for multiple receivers [Paper presentation]. International Workshop on Security: Advances in Information & Computer Security, Berlin, Germany.

Shi, C., Gao, X., & Huang, X. (2021). A summary of the release of the federated learning privacy model. Journal of Nanjing University of Information Technology, 15,1-14.

Siris, V. A., Dimopoulos, D., Fotiou, N., et al. (2019). IoT Resource Access utilizing Blockchains and Trusted Execution Environments [Paper presentation]. 2019 Global loT Summit, Piscataway.

Syta, E., Jovanovic, P., Kokoris-Kogias, E. et al. (2017). Scalable Bias-Resistant Distributed Randomness [Paper presentation]. IEEE Symposium on Security and Privacy, San Jose, CA, USA.

Su, G. X., Yang, W. Y., Luo, Z. D., et al. (2020). BDTF： A block- chain-based data trading framework with trusted execution environment [Paper presentation]. 16th International Conference on Mobility, Sensing and Networking, Piscataway.

Sun, S. F., Au, M. H., Liu, J. K., & Yuen, T. H. (2017). RingCT 2.0： a compact accumulator- based (linkable ring signature) protocol for blockchain cryptocurrency Monero [Paper presentation]. European Symposium on Research in Computer Security, Cham.

Sun, T., & Xie, M. (2013). Research on the causes and countermeasures of electronic drug supervision problem. Modern Instruments and Medicine, 19(6), 33-35.

Tan, H. (2011). Pharmaceutical Supply Chain Management System Based on RFID Technology. Mechanical Design and Manufacturing Engineering, 40(21), 17-20.

The State Council of the People's Republic of China. (2020). Opinions of the Central Committee of the Communist Party of China and the State Council on Building a More Complete System and Mechanism of Market-based Allocation of Factors.

Retrieved April 14, 2022, from http:// www.gov. cn/zhengce/2020- 04/09/content_5500622.htm.

Tso, R., Liu Z. Y., & Hsiao, J. H. (2019). Distributed E-Voting and E-Bidding Systems Based on Smart Contract. Electronics, (8), 1-22.

Wang, B. (2021). In order to implement the traditional Chinese medicine law, "prescribe the pulse". People's Daily, 2021-01-06 (6).

Wang, D. W., Chen, X., Wu, H. Q., et al. (2020). A Blockchain- Based Vehicle-Trust Management Framework Under a Crowdsourcing Environment [Paper presentation].

19th International Conference on Trust, Security and Privacy in Computing and Communications, Piscataway.

Wang, J., Shen, Y. & Wang B. (2021). Sealed-Bid auction scheme based on Blockchain and Secure Multi-Party Computation [Paper presentation]. 5th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Piscataway.

Wang, N., Chau, S., & Zhou, Y. (2021). Privacy-preserving energy storage sharing with blockchain and secure multi-party computation. ACM SIGENERGY Energy Informatics Review, 1(1), 32-50.

Wang, T., Ma, W., & Luo, W. (2019). Information sharing and multi-party secure computing model based on blockchain. Computer Science, 46(9), 162-168.

Wang, Y., Li, J., Zhao, S., & Yu, F. (2020). Hybridchain: a novel architecture for confidentiality-preserving and performant permissioned blockchain using trusted execution environment. IEEE Access, 8, 190652-190662.

Xinyi, H., Susilo, W., Yi, M., & Futai, Z. (2005 March). Identity-based ring signcryption schemes: cryptographic primitives for preserving privacy and authenticity in the ubiquitous world [Paper presentation]. 19th International Conference on Advanced Information Networking and Applications (AINA'05), Taipei, Taiwan.

Xu, H., & Wen, G. (2012). Research on Drug Supply Chain Management Based on RFID Technology. Modern Electronic Technology, 35(3), 68-70.

Xu, J., Guan, X., Liu, X., etc. (2021). Joint credit application based on blockchain and multi- party secure computing technology. The Banker, (7), 116-118.

Xu, J., Guo, S., & Xie, D. (2020). Blockchain: a new safeguard for agri-foods. Artificial Intelligence in Agriculture, (4),153-161.

Yan, Q. (2021). Blockchain + Privacy Computing: Technology-Driven Data Security System Construction. Financial Electronics, (7), 43-45.

Yao A. C. (1982, December). Protocols for secure computations [Paper presentation]. The 23rd Annual Symposium on Foundations of Computer Science, Chicago, IL, USA.

Yao, C. C. (1982). Protocols for secure computations [Paper presentation]. 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA.

Yuan, Y., & Wang, F. (2016). Current Situation and Prospects of Blockchain Technology Development. Journal of Automation, 42(4), 481-494.

Zeng, C., Du, X., Zheng, C., et al. (2021). Public Procuratorate Law Based on Blockchain and Big Data to Build Evidence Chain. Information Security and Communication Confidentiality, (1), 42-47.

Zhang, E., Li, M., Yiu, S. M., et al. (2021). Fair hierarchical secret sharing scheme based on smart contract. Information Science, (546), 166-176.

Zhang, L., Liu, B.X., Zhang R., etc. (2019). Overview of Blockchain Technology. Computer Engineering, 45, 1-12.

Zhang, L., Qiu, F., Hao, F., & Kan, H. (2022). 1-Round Distributed Key Generation with Efficient Reconstruction Using Decentralized CP-ABE. IEEE Transactions on Information Forensics and Security, (17), 894-907.

Zhang, W., L,u Q., Yu, Q., et al. (2020). Blockchain-based federated learning for device failure detection in industrial IoT. IEEE Internet of Things Journal, 8(7), 5926-5937.

Zhang Y. X., L. Y., FANG L, et al. (2019). Privacy-protected Electronic Voting System Based on Blockchain and Trusted Execution Environment [Paper presentation]. 2019 IEEE 5th International Conference on Computer and Communications, Piscataway.

Zhao, Y., Tang, G., Li, L., et al. (2018). Routing Algorithm for Wireless Mesh Access Network Based on Balanced Tree in Smart Grid. Journal of Chongqing University of Posts and Telecommunications, 30(2), 178- 183.

Zhou, J. P., Feng, Y. X., Wang, Z. Y., et al. (2021). Using secure multi-party computation to protect privacy on a permissioned blockchain. Sensors, 21(4) , 1540.

Zhu, X., Badr, Y. (2018). A survey on blockchain-based identity management systems for the Internet of Things [Paper presentation]. 2018 IEEE International Conference on Internet of Things, IEEE.

Zhu, Y. Song, X., Yang, S., et al. (2018). Secure Smart Contract System Built on SMPC Over Blockchain [Paper presentation]. Proceedings of the 2018 IEEE International Conference on Internet of Things, Halifax, NS, Canada.