Preparation. Each hospital () runs the CSA.Key algorithm to get a public key pair |
and a secret key . Each researcher runs the GHV.Key algorithm to |
get a public key and a secret key . |
Data Publication. For all () and (), each hospital () runs the |
CSA.Enc algorithm to get a ciphertext pair , where is the th cell of the th numeric |
clinical data attribute of the th hospital . Then each hospital () makes its data anonymous using |
anonymity techniques for de-identification. Finally, each hospital () outsources its data in the cloud |
servers. |
Query. The th researcher sends a request for an aggregated data to the aggregator . We assume that is |
interested in the th attribute and hospitals, (), have the data in which is interested. Each hospital |
() has tuples that meet the request, respectively. |
Aggregation.āā retrieves all ciphertext pairs satisfying 's request. For each , runs the |
GHV.Add and GHV.Add algorithm to get . Then runs the |
CSA.Agg algorithm to get and . |
Consent.āā determines the order in which hospitals consented to 's request, then sends to the first hospital |
and to each hospital (). Each hospital () in turn performs the dec-Aggregation phase in |
our CSA protocol. If any hospital () does not want to have the aggregated clinical data, it can deny the |
request by simply not performing the dec-Aggregation phase. |
Acquisition. After the consent procedure, the last hospital sends to . runs the GHV.Add |
to get that is an aggregated clinical data. |