ADVANCED COLLEGE OF ENGINEERING AND

MANAGEMENT
(Affiliated to Tribhuvan University)
Kupondole, Lalitpur

[Subject Code: CT654]

A MAJOR PROJECT PURPOSAL ON

MEDICAL REPORT SECURITY SYSTEM USING

BLOCKCHAIN TECHNOLOGY

Submitted by:
Pankaj Pandit [073/BCT/551]
Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]

A MAJOR PROJECT SUBMITTED IN PARTIAL

FULFILLMENT OF THE REQUIREMENT FOR THE DEGREE
OF BACHELOR IN COMPUTER ENGINEERING

Submitted to:
Department of Computer and Electronics Engineering

December, 2019
 ABSTRACT

The health care services industry is always showing signs of change and supporting
new advancements and technologies. One of the predominant requirements in today’s
health care systems is to protect the patient’s medical report against potential attackers
or Hackers. Hence, it is basic to have secure information that can just approve certain
people only can get access to the patient’s medical report. So, we have proposed Block
chain technology as a disbursed approach to grant security in accessing the medical
report of a patient. It’s composed of three phases:- a. Authentication, b. Encryption
and c. Data Retrieval using Block Chain technology. For authentication – We will be
using OTP (One Time Password) algorithm For Encryption – We will be using AES
(Advanced Encryption standard) algorithm and for Data Retrieval – SHA (Secure Hash
Algorithms) are used to resist the frequent attacks. This proposed system may likewise
ensure the protection of the patient’s records and moreover keeps up the security and
trustworthiness of the health care system and the health care services industry.

Keywords−OTP, SHA, AES, Block Chain.

i
 ACKNOWLEDGMENT

In performing our assignment, we had to take the help and guideline of some respected
persons, who deserve our greatest gratitude. The completion of this assignment so far
would have not been possible without all the member of the Electronics and Computer
department and their kind support and suggestions. We would like to show our gratitude
to Er. Ram Sapkota for giving us a good guideline for assignment throughout numerous
consultations. In addition, we would also like to acknowledge with much appreciation
the crucial role of our respected HOD, Er. Ajay Shrestha gave the permission to use all
required equipment and the necessary materials to develop our system. Furthermore,
we are highly indebted to Er. Pradip Khanal, Er.Abhishesh Dahal, Er. Narayan KC
and Er. Anku Jaiswal for their guidance and constant input as well as for providing
necessary information regarding the project & also for their support in the completion
of the project so far.

Pankaj Pandit [073/BCT/551]

Nikesh Thapa [073/BCT/563]
Sagar Kafle [073/BCT/564]

ii
 TABLE OF CONTENTS

Abstract i
Acknowledgment ii
1 Introduction 1
1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.5 Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.6 Project Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.7 Feasibility Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.7.1 Financial Feasibility . . . . . . . . . . . . . . . . . . . . . . . 3
1.7.2 Technical Feasibility . . . . . . . . . . . . . . . . . . . . . . . 4
1.7.3 Schedule Feasibility . . . . . . . . . . . . . . . . . . . . . . . 4
1.7.4 Operational Feasibility . . . . . . . . . . . . . . . . . . . . . . 4
1.8 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.8.1 Hardware Requirement . . . . . . . . . . . . . . . . . . . . . . 5
1.8.2 Software Requirement . . . . . . . . . . . . . . . . . . . . . . 5
2 LITERATURE REVIEW 8
2.1 Brave Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2 Metatask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Pundix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Terminology 11
3.1 Blockchain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.3 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.4 Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 METHODOLOGY 13
4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2 Algorithms AND PROCESS . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1 ETHEREUM . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

iii
 4.2.2 Ethereum Consensus . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.3 SMART CONTRACT . . . . . . . . . . . . . . . . . . . . . . 17
4.2.4 OTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2.5 SHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.2.6 AES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.3 Software Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.4 Use Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.5 Context level DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.6 DFD level 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.7 ER Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5 Result and Discussion 25
5.1 Expected Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.2 Time Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3 Total Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

iv
 LIST OF FIGURES

4.1 Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4.2 Authentication of doctor . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.3 Registration for new patient . . . . . . . . . . . . . . . . . . . . . . . . 15
4.4 Use case diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.5 Context level DFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.6 DFD level 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.7 ER diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.1 Gantt chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

v
CHAPTER 1
INTRODUCTION

1.1 Overview

In this report we discuss about the developement and use of MEDICAL REPORT SE-
CURITY SYSTEM USING BLOCKCHAIN TECHNOLOGY. Our system will help to
secure the medical reports which has been misused in different fields. Different crypto-
graphic algorithms has beed used during the project.

1.2 Background

The Block chain is the fastest growing technology through various applications in a se-
cure manner. The various implementations make use of block chain technology among
stakeholders. Banking, healthcare services, and supply chain management utilize this
technology for its immense potential and secure data sharing management. Mainly,
block chain technology plays a major role in the medical and healthcare system. Be-
cause of the decentralized and distributed technology, Block chain provides security
services in healthcare. Block chain innovation deals with the human service admin-
istrations to give secure information sharing among different partners, information in-
teroperability, adaptable and speedy charging. In Today’s world, the technology has a
rapid growth in its upcoming future with a widespread digital transformation by mak-
ing a better replacement every day. Internet of things, detecting advancements, and
5G are the quickest developing innovation gives a mark able commitment to human
service administrations. The centralized design in current health care services is not
so secure among the various medical services, which provides a delay in accessing the
data and it has a major risk in leakage of information. In such a case, the medical re-
ports can be archived without the knowledge of the patient. Accessing the data in a
secure manner within the network is the major issue in current health care maintaining
system. For accessing the data, Block chain is the efficient way and a promised technol-
ogy. Electronic, Health/Medical Record (EHR/EMR) is the current online healthcare
services which play a key role in maintaining and storing the data, which has a major

1
issue in leakage of patient’s information. In block chain technology, the information
is stored as a ledger feature which can monitor the patients in accessing the medical
records. This becomes the major reason for the development of Block chain technol-
ogy. In Block chain technology, not only provides security and easy accessibility, but
also gives other production elements in the administrations and furthermore pursues
privacy, respectability, and verification. Thus the main aim of this project is to provide
secure management in accessing the medical records using block chain technology by
unique identification of the data security.

1.3 Problem Statement

The cutting edge online human services administrations, for example, Electronic Health/
Medical Record (EHR/EMR) plays out a critical job for putting away, sharing and hold-
ing individual restorative reports of the patients. Be that as it may, there are number of
chances which prompts hacking the individual restorative records of the patient. For
instance, current human services frameworks will turn into an errand for the patients
to keep up track of their realities on which substance is unquestionably approaching
the medicinal records and for what reason. Blockchain innovation can play out a note-
worthy job in such cases since it offers records record based components which are
disseminated to all elements inside the system/framework. A patient can screen who is
truly getting to the information and can give the consent to just the approved substances
to get to the information. Consequently, the inspiration at the back of this is to uti-
lize blockchain for giving security to restorative reports of the patient and to satisfy the
issues of present day human services frameworks. Thinking about the present neces-
sities for insurance of the human services frameworks, there is an unmistakable need
of the protected and productive blockchain based social insurance gadget that cannot
just offers security to get to the information by the patient anyway moreover other key
elements, for example, a specialist can likewise recover and including the restorative
records with the assistance of patient’s consent. What’s more, in the meantime, the
framework ought to watch the key security perspectives like trustworthiness, privacy,
and confirmation. Consequently, the reason for this paper is to prescribe the execution
of blockchain innovation based human services framework in which including or recov-

2
ering the medicinal record of a patient can be done by the approved specialist and with
the consent of the specific patient safely. In addition, the blockchain can likewise give
the versatility trademark which is the real necessity in the cutting edge human services
framework.

1.4 Objectives
To secure the medical report of the patient using blockchain technology.

1.5 Application

Our System is a Secured system which can be used in differnent Hospitals and it later
can be expanded in different organizations. It provides security since all the parties
involved must give permissions to add or edit datas.

1.6 Project Features

1. Block chain technology to store data

2. Encryption and decryption
3. User Interactive Interface

1.7 Feasibility Analysis

For any application and project to be applicable in the real-world environment, it needs
to feasible in various aspects. And with the view to make this project feasible to apply
in the real environment we have been handling the project with great dedication and
determination. Some aspects of feasibility are:

1.7.1 Financial Feasibility

The financial feasibility of our project proves to be feasible. And in order to make our
project feasible in the financial boundary, we have analyzed the cost evaluation. And as
the result, we have proposed our system to be financially feasible.

3
1.7.2 Technical Feasibility

For a project to be technically feasible, it needs to run with the adjustable technical
environment and technical manpower. Although our project requires a large number of
tools in order to develop the application, the resulting product is a small application that
can be run in the browser window and can be run by non-technical personnel. Hence,
the project is technically feasible.

1.7.3 Schedule Feasibility

The schedule feasibility analysis is done to analyze the time required for the completion
of the project. The estimated amount of time required to complete our project falls
within the feasible schedule. Given our project complexity, the project is very much
feasible in terms schedule.

1.7.4 Operational Feasibility

Operational feasibility analyzes how well a system performs. Since the modeling of the
system can be done by the analyst and in our case the user of the system, the resulting
product is highly interactive and meets the requirement of the system. However, if in
any case there occurs a malfunction of the application it can be modified as per the
changed requirement in the future. Hence, the project is operationally feasible.

1.8 System Requirements

For our project to work the system required will be any computer or Mobile with a
working internet connection.

4
1.8.1 Hardware Requirement

Only a Desktop or Laptop computer with good processing speed is required since we
are dealing with software based tasks.

1.8.2 Software Requirement

1. Python
Python is an interpreted high-level programming language for general-purpose
programming. Created by Guido van Rossum and first released in 1991, Python
has a design philosophy that emphasizes code readability, notably using signif-
icant whitespace. It provides constructs that enable clear programming on both
small and large scales. Python features a dynamic type system and automatic
memory management. It supports multiple programming paradigms, including
object-oriented, imperative, functional and procedural, and has a large and com-
prehensive standard library.

2. CSS
Cascading Style Sheets (CSS) is a style sheet language used for describing the
presentation of a document written in a markup language like HTML. CSS is a
cornerstone technology of the World Wide Web, alongside HTML and JavaScript.
CSS is designed to enable the separation of presentation and content, including
layout, colors, and fonts. This separation can improve content accessibility, pro-
vide more flexibility and control in the specification of presentation character-
istics, enable multiple web pages to share formatting by specifying the relevant
CSS in a separate .css file, and reduce complexity and repetition in the structural
content. Separation of formatting and content also makes it feasible to present
the same markup page in different styles for different rendering methods, such
as on-screen, in print, by voice (via speech-based browser or screen reader), and
on Braille-based tactile devices. CSS also has rules for alternate formatting if
the content is accessed on a mobile device. The name cascading comes from the
specified priority scheme to determine which style rule applies if more than one

5
 rule matches a particular element. This cascading priority scheme is predictable.

3. HTML
Hypertext Markup Language (HTML) is the standard markup language for doc-
uments designed to be displayed in a web browser. It can be assisted by tech-
nologies such as Cascading Style Sheets (CSS) and scripting languages such as
JavaScript. Web browsers receive HTML documents from a web server or from
local storage and render the documents into multimedia web pages. HTML de-
scribes the structure of a web page semantically and originally included cues
for the appearance of the document. HTML elements are the building blocks of
HTML pages. With HTML constructs, images and other objects such as interac-
tive forms may be embedded into the rendered page. HTML provides a means
to create structured documents by denoting structural semantics for text such as
headings, paragraphs, lists, links, quotes and other items. HTML elements are
delineated by tags, written using angle brackets. Tags such as ¡img /¿ and ¡in-
put /¿ directly introduce content into the page. Other tags such as ¡p¿ surround
and provide information about document text and may include other tags as sub-
elements. Browsers do not display the HTML tags, but use them to interpret the
content of the page.

4. JavaScript
JavaScript often abbreviated as JS, is a high-level, just-in-time compiled, multi-
paradigm programming language that conforms to the ECMAScript specifica-
tion.[10] JavaScript has curly-bracket syntax, dynamic typing, prototype-based
object-orientation, and first-class functions. Alongside HTML and CSS, JavaScript
is one of the core technologies of the World Wide Web. JavaScript enables inter-
active web pages and is an essential part of web applications. The vast majority
of websites use it, and major web browsers have a dedicated JavaScript engine
to execute it. As a multi-paradigm language, JavaScript supports event-driven,
functional, and imperative (including object-oriented and prototype-based) pro-
gramming styles. It has APIs for working with text, arrays, dates, regular ex-
pressions, and the DOM, but the language itself does not include any I/O, such

6
as networking, storage, or graphics facilities. It relies upon the host environment
in which it is embedded to provide these features. Initially only implemented
client-side in web browsers, JavaScript engines are now embedded in many other
types of host software, including server-side in web servers and databases, and
in non-web programs such as word processors and PDF software, and in run-
time environments that make JavaScript available for writing mobile and desktop
applications, including desktop widgets.

7
CHAPTER 2
LITERATURE REVIEW

The medical report of any type of patient is viewed as relatively sensitive and wants a
secure and safer ability to guard the data of the report. In this manner, the putting away,
sharing and overseeing restorative reports can be executed in secure ways. These prob-
lems are already proposed by using a number of mechanism. For example, numerous
authentication schemes, which leads to fulfilling the need of efficient and secure access
of medical reports, manageability, and other safety requirements. These options had
been useful in providing a variety of protection necessities under preferred healthcare
scenarios. But these strategies in current healthcare technology are no longer enough
due to the fact the patient has been exploited by means of various entities through dis-
tinct means except their consent. In this research, is to discover a variety of security
solutions based on block chain based health care approaches. There have been a variety
of research studies framework in which including or recovering the medicinal record
of a patient can be done by the approved specialist and with the consent of the specific
patient safely. In addition, the blockchain can likewise give the versatility trademark
which is the real necessity in the human services framework. Various efforts have been
made to adapt the block chain technology in different areas, so that all the industries
and use cases can benefit from the interesting features of blockchain technology. Con-
sequently, blockchain is now considered as a general purpose technology that has found
applications in different industries and use cases, such as identity management, dispute
resolution, state government fund allocation, contract management, supply chain man-
agement, insurance and healthcare etc. With the growing fascination for blockchain and
its adoption in different organizations and industries, healthcare has come to represent
a significant area where a number of use cases have been identified for the applica-
tion of blockchain. However, blockchain being a relatively new technology and with
a lot of hype in the media publications as well as in research publications in the form
of opinion pieces, commentaries, blog posts, interviews, etc., there is a lot of inaccu-
rate information, speculations and uncertainties about the potential utility of blockchain
in the healthcare industry. Members of the research community and practitioners has
beed understanding the specific areas of application or use cases of blockchain in the

8
healthcare industry and of these identified use cases, what blockchain-based health-
care applications have to bed developed? What are the challenges and limitations of
the blockchain-based healthcare applications and how these challenges currently being
addressed and what are the areas for improvement in this sector. Some past similar
projects using block chain technology are:- There is still a long way to go before we are
all using blockchain in our daily lives, but there are some already existing applications
that bring us closer to this goal. Below are three up and coming blockchain projects that
already provide real-world value and have a substantial user-base.

2.1 Brave Browser

[1] Brave is a blockchain-powered web browser. In September 2018, Brave exceeded

10 million downloads from the Google Play Store. Currently, four million people use
Brave each month and it has 26,000 content publishers. Brave is appealing because
it protects the data privacy of users. It prevents the unauthorized collection of per-
sonal information and stops unwanted ads from using up data and processing power.
The company estimates the average mobile user pays as much as $23 a month in data
charges to download ads and trackers. Brave blocks ads and trackers, so users don’t pay
for them. Brave is also faster than other web browsers because it blocks these resource
consuming intrusions. Brave has it’s a native cryptocurrency, the Basic Attention To-
ken (BAT). This means readers of Brave content can also reward publishers while they
are browsing with BAT tokens, thus monetizing content for creators, not advertisers.
Soon users will be able to opt-in to view adverts in return for rewards paid in the BAT
cryptocurrency.

2.2 Metatask

[2] At this stage, to take advantage of blockchain technology you need to use decen-
tralized applications (dApps). Dapps bridge blockchain and conventional technology
allowing them to interact. Most dApps are built on the Ethereum blockchain. Though
other blockchains like EOS and TRON are also seeing increasing dApp development.
Given the uneven development of blockchain technology, its likely that dApps will

9
grow in popularity in the short-term. MetaMask is a browser add-on that lets users ac-
cess Ethereum-based dApps. It has an integrated wallet too, so dApp token transactions
can be done seamlessly. The wallet can track balances across multiple applications and
platforms, integrate with hardware (“cold”) wallets, and help secure token transfers. A
mobile version of MetaMask is planned for release in 2019.

2.3 Pundix

[3] PundiX is a blockchain startup that aims to use cryptocurrency to create a global
cashless payment system. Its blockchain-enabled Point-of-Sale (XPoS) devices let
shops, cafes and convenience stores sell cryptocurrency and accept cryptocurrency pay-
ments for goods and services. All a merchant has to do it have an XPoS in their store.
The device works with a simple mobile wallet (XWallet) that customers use to make
payments in physical stores. It has a simple interface for buying and selling BTC, ETH,
XEM, and QTUM. It also has a check-out menu to execute purchases with cryptocur-
rencies. With every transaction, the XPoS prints a receipt for the customer and tracks
orders and inventory for the store owner. PundiX delivered its first 500 units in late June
2018 to participating businesses located in Hong Kong. In June, it was also announced
that UTRUST, one of the world’s digital payment platforms, had signed a deal for 1000
Pundi XPoS units. The deal with UTRUST takes the number of units of Pundi X tech-
nology that have been ordered for use by clients in global retail to over 25,000, which
is 25% of the company’s three-year sales target of 100,000 XPoS devices delivered to
at least 12 different countries.
The PundiX devices interact with two blockchains i.e. Ethereum and NEM (XEM).
Nem was chosen because it is popular with Asian financial institutions, and its technol-
ogy enables nearly instantaneous payments. The PundiX project builds on the success
of Pundi-Pundi, which is already a popular (non-blockchain-based) cashless payment
app in Indonesia that uses smartphones to make instant payments in retail and restaurant
outlets.

10
CHAPTER 3
TERMINOLOGY

3.1 Blockchain

A blockchain, originally block chain, is a growing list of records, called blocks, that are
linked using cryptography. Each block contains a cryptographic hash of the previous
block,a timestamp, and transaction data (generally represented as a Merkle tree).By
design, a blockchain is resistant to modification of the data.

3.2 Cryptography

Cryptography is the practice and study of techniques for secure communication in the
presence of third parties called adversaries. More generally, cryptography is about con-
structing and analyzing protocols that prevent third parties or the public from reading
private messages; various aspects in information security such as data confidentiality,
data integrity, authentication, and non-repudiation are central to modern cryptography.

3.3 Encryption

Encryption is the process of encoding a message or information in such a way that only
authorized parties can access it and those who are not authorized cannot. Encryption
does not itself prevent interference but denies the intelligible content to a would-be
interceptor. In an encryption scheme, the intended information or message, referred to
as plaintext, is encrypted using an encryption algorithm–a cipher–generating ciphertext
that can be read-only if decrypted. For technical reasons, an encryption scheme usually
uses a pseudo-random encryption key generated by an algorithm.

3.4 Decryption

Decryption is the process of taking encoded or encrypted text or other data and con-
verting it back into text that you or the computer can read and understand. This term

11
could be used to describe a method of unencrypting the data manually or unencrypting
the data using the proper codes or keys.

12
CHAPTER 4
METHODOLOGY

4.1 Overview

Medical report security system is a systemetic system designed using Block chain tech-
nology.It has three phases in securing the medical report. In the first phase, the user
log in using his/her user ID. Here, OTP is used for authentication. And, then the data
is secured by encryption and stored in block chain. For data retrival Hash algorithm is
used. The whole process is presented below in a block diagram:

Figure 4.1: Block diagram

.
.

13
Figure 4.2: Authentication of doctor

14
Figure 4.3: Registration for new patient

15
4.2 Algorithms AND PROCESS

4.2.1 ETHEREUM

Ethereum is an open source, public, Blockchain-based distributed computing platform

and operating system featuring smart contract functionality. Using Ethereum, the app
doesn’t require one entity to store and control its data. To accomplish this, Ethereum
borrows heavily from bitcoin’s protocol and its Blockchain design but tweaks it to sup-
port applications beyond money. The structure of the Ethereum Blockchain is very
similar to bitcoin’s, in that it is a shared record of the entire transaction history. Every
node on the network stores a copy of this history

4.2.2 Ethereum Consensus

A consensus is a fault-tolerant mechanism that is used in computer and Blockchain

systems to achieve the necessary agreement on a single data value or a single state of
the network among distributed processes or multi-agent systems. Currently, Ethereum
utilizes Proof of Work consensus mechanism. PoW awards individuals with native
tokens (Ether or Bitcoin) for mining activities. Mining is the practice of solving block
equations to verify various transactions. The process involves an immense amount of
computing power. Individuals who participate in mining activities are rewarded with
cryptocurrency on each occasion that they verify a new block. The quickest individual
to solve each block (most likely the one with the highest level of computing power)
is granted the reward. To verify a new block, each node in the network most store all
previous blocks in the chain. The PoW mechanism is incredibly inefficient and time
consuming. The Ethereum Blockchain currently processes about 15–30 transactions
per second. The PoW mechanism also presents a scaling dilemma. Since each node
must store the entire Blockchain to verify transactions, there will be a point in time
when the chain becomes too large for smaller nodes to store all blocks, thus the system
risks becoming controlled by a few large nodes. But in our case we have used Proof
of Authority (PoA) which minimizes cost of miners and some approved individuals are
involved in verification of new blocks to be added in Blockchain.

16
4.2.3 SMART CONTRACT

In software engineering, a class diagram is a type of static structure diagram that de-
scribe the structure of a system by showing the system classes, their attributes,operations(or
methods), and the realtionships among objects. The classes in a class diagram repre-
sent both the main elements, interactions in the application, and the classes to bepro-
grammed.fireA Smart Contract is a computer program that directly and automatically
controls the transfer of digital assets between the parties under certain conditions. A
smart contract works in the same way as a traditional contract while also automatically
enforcing the contract. Smart contracts are programs that execute exactly as they are
set up (coded, programmed) by their creators. Just like a traditional contract is enforce-
able by law, smart contracts are enforceable by code. A smart contract is just a digital
contract with the security coding of the Blockchain. A smart contract has details and
permissions written in code that require an exact sequence of events to take place to
trigger the agreement of the terms mentioned in the smart contract. It can also include
the time constraints that can introduce deadlines in the contract. This contract is embed-
ded in the Blockchain making it transparent, immutable, inexpensive and decentralized.
Every smart contract has its address in the Blockchain. The contract can be interAES
Featuresacted with by using its address presuming the contract has been broadcasted in
the network. The idea behind smart contracts is pretty simple. They are executed on a
basis of simple logic, IF-THEN for example: IF you send me the object A, THEN the
sum (of money, in cryptocurrency) will be transferred to you IF you transfer a certain
amount of digital assets (cryptocurrency, for example, ether, bitcoin), THEN the A ob-
ject will be transferred to you IF I finish the work, THEN the digital assets mentioned
in the contract will be transferred to me.

4.2.4 OTP

The OTP is a numeric code that is randomly and uniquely generated during each au-
thentication event. This adds an additional layer of security, as the password generated
is fresh set of digits each time an authentication is attempted and it offers the quality of
being unpredictable for the next created session. The most common way for the gen-

17
eration of OTP defined by The Initiative For Open Authentication (OATH) is the Time
Based One Time Passwords (TOTP), which is a Time Synchronized OTP. In these OTP
systems, time is the cardinal factor to generate the unique password. The password gen-
erated is created using the current time and it also factors in a secret key. An example
of this OTP generation is the Time Based OTP Algorithm (TOTP) described as follows:
1. Backend server generates the secret key
2. The server shares secret key with the service generating the OTP
3. A hash-based message authentication code (HMAC) is generated using the obtained
secret key and time. This is done using the cryptographic SHA-1 algorithm. Since
both the server and the device requesting the OTP, have access to time, which is obvi-
ously dynamic, it is taken as a parameter in the algorithm. Here, the Unix timestamp
is considered which is independent of time zone i.e. time is calculated in seconds start-
ing Let us consider “0215a7d8c15b492e21116482b6d34fc4e1a9f6b” as the generated
string from the HMSAC-SHA1 algorithm.
4. The code generated is 20 bytes long and is thus truncated to the desired length suit-
able for the user to enter. Here dynamic truncation is used.

For the 20-byte code “0215a7d8c15b492e21116482b6d34fc4e1a9f6ba”, each character

occupies 4 bits. The entire string is taken as 20 individuals one-byte sting.
We look at the last character, here a. The decimal value of which is taken to determine
the offset from which to begin truncation. Starting from the offset value, 10 the next 31
bits are read to obtain the string “6482b6d3”. The last thing left to do, is to take our
hexadecimal numerical value, and convert it to decimal, which gives 1686288083. All
we need now are the last desired length of OTP digits of the obtained decimal string,
zero-padded if necessary. This is easily accomplished by taking the decimal string,
modulo 10 n̂umber of digits required in OTP. We end up with “288083” as our TOTP
code.
5. A counter is used to keep track of the time elapsed and generate a new code after a
set interval of time

18
6. OTP generated is delivered to user by the methods described above. Apart from the
time-based method described above, there also exist certain mathematical algorithms
for OTP generation for example a one-way function that creates a subsequent OTP
from the previously created OTP. The two-factor authentication system is an effective
strategy that exploits the authentication principles of “something that you know” and
“something that you have”. The dynamic nature of the latter principle implemented by
the One Time Password Algorithm is crucial to security and offers an effective layer of
protection against malicious attackers.

4.2.5 SHA

The Sha-256 algorithm is based on the Merkle-Damgard construction method, accord-

ing to which the initial index is divided into blocks immediately after the change is
made, and those, in turn, into 16 words. SHA-256 or other hash algorithms have two
different attacks that we should be concerned about collision and pre-attack. The colli-
sion is situation where different entries are chopped in the same synthesis value. Find-
ing a collision for a SHA-256 via a raw force attack is possible because it has a limited
amount of different hash values that it can produce. There are a total of 2256 results for
hashing, so collisions are very unlikely to occur and we are not concerned with such a
possibility. Due to SHA1’s smaller bit size, it has become more susceptible to attacks
which therefore led to its deprecation from SSL certificate issuers in January 2016. An
example of the difference in size between SHA1 Vs SHA256 can be seen in the follow-
ing example hashes:
• SHA1- da33ee5e6b4b0d3255bfef95601890afd80709
• SHA256- e3b0c44298fc1c149af4c8996fb92427ae41e4649b934ca495991b7852b855
One iteration in a SHA-2 family compression function. SHA – 256 algorithms is used
in Blockchain to get a constant hash of 256 bits every time. This algorithm is also a part
of encryption technology.

19
4.2.6 AES

The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the
U.S. government to protect classified information and is implemented in software and
hardware throughout the world to encrypt sensitive data. The National Institute of Stan-
dards and Technology (NIST) started development of AES in 1997 when it announced
the need for a successor algorithm for the Data Encryption Standard (DES), which was
starting to become vulnerable to brute-force attacks.
This new, advanced encryption algorithm would be unclassified and had to be ”capable
of protecting sensitive government information well into the next century,” according
to the NIST announcement of the process for development of an advanced encryption
standard algorithm. It was intended to be easy to implement in hardware and software,
as well as in restricted environments (for example, in a smart card) and offer good de-
fenses against various attack techniques.
AES Features
Security: Competing algorithms were to be judged on their ability to resist attack, as
compared to other submitted ciphers, though security strength was to be considered the
most important factor in the competition.
Cost: Intended to be released under a global, nonexclusive and royalty-free basis, the
candidate algorithms were to be evaluated on computational and memory efficiency.
Implementation: Algorithm and implementation characteristics to be evaluated included
the flexibility of the algorithm; suitability of the algorithm to be implemented in hard-
ware or software; and overall, relative simplicity of implementation.

4.3 Software Model

We will be using incremental model of software modeling for implementing our sys-
tem.As in-cremental model involves development of the system where the system is put
into pro-duction when the first increment is delivered.some of the advantage of using
this model are discussed as:

1. Errors are easy to be identified.

20
 2. System development is broken down into many mini development projects.
3. The software is generated quickly during the software life cycle.The software
isgenerated quickly during the software life cycle.

4.4 Use Case Diagram

A use case diagram at its simplest is a representation of a user’s interaction with the
system that shows the relationship between the user and the different use cases in which
the user is involved. A use case diagram can identify the different types of users of a
system and the different use cases and will often be accompanied by other types of
diagrams as well. The use cases are represented by either circles or ellipses. The Use
case diagram is presented below:

Figure 4.4: Use case diagram

21
4.5 Context level DFD

A context data flow diagram (DFD), also known as a level 0 DFD, gives a broad
overview of an information system and the way it interacts with external entities. The
DFD level 1 diagram is presented below:

Figure 4.5: Context level DFD

4.6 DFD level 1

A level 1 data flow diagram (DFD) is more detailed than a level 0 DFD but not as de-
tailed as a level 2 DFD. It breaks down the main processes into subprocesses that can
then be analyzed and improved on a more intimate level.

22
Figure 4.6: DFD level 1

23
4.7 ER Diagram

An entity-relationship diagram (ERD) is a data modeling technique that graphically-

illustrates an information system’s entities and the relationships between those enti-
ties.An ERD is a conceptual and representational model of data used to represent the
entityframework infrastructure.The ERD of our system is presented below:

Figure 4.7: ER diagram

24
CHAPTER 5
RESULT AND DISCUSSION

5.1 Expected Output

This system will update and view the medical report in consent of doctor and patient
only, hence providing the security of information of the patients. Since we are using
blockchain to store the patient information, patient information will be immutable and
cannot be changed by only the doctor. So, our system will be secure and only one
cannot change the report, that’s why our system will be secure for both hospital, patients
and doctors. The overall process can be easily done with the Graphical User Interface
[GUI].

5.2 Time Schedule

The estimated months of working is shown in the gantt chart below:

Figure 5.1: Gantt chart

25
5.3 Total Cost

We haven’t used any special devices and hardware except a Computer for designing this
system. Our project is designed only on software basic. Hence, no extra expenses was
added while designing this system. The cost of programmer is only our cost for this
project.

26
 BIBLIOGRAPHY

[1] Christo, M.S. and Meenakshi, S., “Enhancing Rumor Riding protocol in P2P net-
work with Cryptographic puzzle through challenge question method,” Computers
& Electrical Engineering, 2017.

[2] K. Abouelmehdi, A. Beni-Hssane, H. Khaloufi, and M. Saadi,“Big data security

and privacy in healthcare: A review,,” Procedia Computer Science, vol. 113, pp. 73
– 80, 2017, the 8th International Conference on Emerging Ubiquitous Systems and
Pervasive Networks (EUSPN 2017) / The 7th International Conference on Current
and Future Trends of Information and Communication Technologies in Healthcare
(ICTH-2017) / Affiliated Workshops., 2007.

[3] M. Puppala, T. He, X. Yu, S. Chen, R. Ogunti, and S. T. C. Wong, “Data security
and privacy management in healthcare applications and clinical data warehouse
environment,,” in2016 IEEE-EMBS International Conference on Biomedical and
Health Informatics (BHI), 2016.

27