A Traceable Blockchain-Based Vaccination Record Storage and Sharing System

Blockchain technology is essentially a decentralized database maintained by relevant parties and has been widely used in various scenarios such as logistics and finance. In terms of applications in the medical field, it is becoming more and more important because the patient's symptoms may be related to a certain vaccine. Whether the patient has been vaccinated with this vaccine will lead to different diagnostic results by the doctor. However, in the current vaccination environment of many regions, the vaccination record (VR) can only be kept in the patient's vaccination booklet, which is easy to lose or destroy. Therefore, the doctor needs to retrieve the patient's VR through a centralized database maintained by the government, which is time-consuming and will increase the medical risk. This study proposes a traceable blockchain-based vaccination record storage and sharing system. In the proposed system, the patient gets the vaccination at any legal clinic and the VR can be saved accompanied by the signature into the blockchain center, which ensures traceability. When the patient visits the hospital for treatment, the doctor can obtain the detail of the VR from the blockchain center and then make a diagnosis. The security of the proposed system will be protected by the programmed smart contracts. Through mutual authentication, our system can also provide and guarantee data integrity and nonrepudiation. Moreover, the proposed system has resistance to replay and man-in-the-middle attacks, and the performance is good.


Introduction
e rapid evolution of information technology is giving more convenience to our daily lives. Electronic health records (EHRs), including medical payment records, medical treatment records, and medical history, are gathered and stored in the private servers of the hospitals [1][2][3][4][5] and now is drawing increasing attention as it contains personal privacy information. For multiple reasons including to improve the quality of services, the traditional paper-based systems have been replaced by the electronic health system for storing and processing EHRs based on a more flexible, more efficient, and more convenient platform.
It should be noticed that nowadays in many regions, vaccination recording is still in a traditional way that is not keeping up with developing technologies. e patient can only be vaccinated in a clinic nearby with a vaccine booklet that records the vaccination. e detail of the vaccination record (VR) is stored in the clinic and will be uploaded into a centralized database maintained by the government. Without the vaccine booklet, the patient cannot tell what vaccine he/she has gotten, not to mention the vaccination time and the detailed information of the vaccination phase. Unfortunately, the vaccine booklet has vulnerability to forgery, alteration, and loss. Furthermore, under the current vaccination system, the patient's VR is not directly shared between the clinic and the hospital. When the patient visits the hospital for treatment of a symptom without the vaccine booklet, and the symptom is related to a certain vaccine (for example, varicella-zoster virus), the hospital cannot directly gain the VR from the clinic but needs to retrieve it through the centralized database. e retrieving phase is very timeconsuming and will increase the medical risk [6][7][8][9][10]. erefore, allowing the patients and the doctors to track and retrieve the VR at any time is an important issue that needs to be resolved in the current stage of research.
Meanwhile, the vaccination records (VRs) need to be carefully protected as important privacy information. e centralized database provides a controlled and easy-access solution for maintaining the VRs. However, the security of VRs is bound to be threatened when the failure occurs in the centralized database. Besides, decentralized databases offer another solution for data protection. Compared with the centralized database, the data in the decentralized database are scattered and stored in different places. e collapse of one database will not lead to the failure of all the decentralized databases, so the decentralized databases have better security than the centralized database.
How to provide flexible data sharing is another concern in VRs. Centralized databases store the VRs in one place. Although this is convenient for data management, it virtually imposes a heavy burden on the server. As a result, it is not conducive to rapidly sharing the VRs via centralized databases. Decentralized databases can access its different separated databases through different channels, so they can provide efficient VR sharing.
Blockchain technology is essentially a decentralized database collectively maintained and has been widely employed in various fields [11][12][13][14][15]. As there is no need for third-party trust endorsements, blockchain can create a fully trusted environment between unfamiliar involved parties. Furthermore, it can ensure traceability, irreparable modification, nonrepudiation, and privacy protection through cryptography technology. erefore, blockchain technology has been seen as a powerful tool to address the above problems in current vaccination recording systems through its attractive features.
Based on the foregoing overview, a blockchain-based vaccination record storage and sharing system is proposed, to provide traceable VRs and support the data sharing of confidential VRs. In our proposed system, the detail of the VR with the signature will be permanently stored in the blockchain center after the vaccination, thereby ensuring the integrity of the data.
In detail, the contributions of our study are listed below.
(1) Each role in our blockchain-based vaccination record storage and sharing system is specifically defined. In our method, the traceability and the integrity of VR are guaranteed by blockchain technology. (2) BAN logic is used to identify the identity to provide communication security between two parties. (3) rough the characteristics of the blockchain, our system can resist a variety of attacks, i.e., replay attack and man-in-the-middle attack. Meanwhile, the performance of our system is elaborated by the computation cost, communication cost analysis, and functionality comparison. e rest of this study is organized as follows. Section 2 reviews related work. In Section 3, the preliminary and security requirements of the proposed system will be briefly introduced. e proposed vaccination record storage and sharing system is described in a detailed way in Section 4. Section 5 and Section 6 show the security and performance analysis of the proposed system, respectively. Section 7 presents our conclusions.

Related Works
e massive growth of medical data impels traditional medical data management schemes to expose the defects. To overcome the drawbacks and improve the medical services, some medical systems have been proposed [16][17][18][19][20][21][22][23][24]. e medical systems applying cloud computing have already shown good performance in storing and processing the EHRs between different medical institutions [16,17]. However, on the one hand, the current cloud-based systems have no superiority in privacy protection for the EHRs; on the other hand, these systems have not achieved a satisfactory data sharing mechanism. us, Xia et al. [18] proposed a blockchain-based system for the effective management and protection of medical records in 2017. e security of the storage data is guaranteed by authenticating user identities and using encryption mechanisms. However, the system had the risk of data leakage during the data sharing process, making the system unsuitable for real-world applications. Zheng et al. [19] designed a medical data sharing scheme that combines blockchain and cloud computing. eir scheme realized the sharing of medical data between participating parties. However, the data receiver does not know the correctness of the received data since the integrity of the received medical data cannot be verified. Xia et al. [20] introduced an electronic medical record sharing scheme based on blockchain. e tamper-resistant feature of the blockchain technology is used in their method to ensure the security of the medical records. However, the patient cannot track their EHRs in real time. Later, Yang et al. [21] suggested a blockchain-based EHR system. Although their system has good compatibility with some existing systems, their system is not efficient because the creation and verification of new blocks are all handled by a single party.
Although some secure medical systems based on electronic medical records (EMRs) have been proposed in the past, there is not much research on the medical system based on VRs [25][26][27][28]. In 2021, Hofstetter et al. [25] introduced a strategy to offer vaccinations in nonprimary care settings such as schools, hospitals, and pharmacies. However, their method can only be used to solve the restriction in the specific clinic. An electronic vaccination certificate (EVC) is developed to replace traditional vaccination record booklets. Yet, EVC is mainly used to record COVID-19 vaccination. Eisenstadt et al. [26] used the EVC as "Immunity Passport" for COVID-19.
ey designed a smartphone app that connects to a centralized database that can store patients' vaccination status. Based on that record, the app generates a token or QR ("quick response") code signifying the vaccination status, which can then be verified by authorized parties. e EVC faces two significant challenges: interoperability and privacy [28]. Since the EVC standards established in different places are not uniform, how to realize cross-regional EVC recognition is important for the broad and easy usability of digital vaccination certificates. Data privacy is important for user trust and legal compliance making it the de facto crucial challenge than interoperability. Based on the existing analysis of research scholars, it is foreseeable that the service quality of the medical systems can be further facilitated with the combination of blockchain technology. On the other side, it cannot be ignored that blockchain-based medical systems still have flaws in the privacy protection of data storage and sharing. Particularly, the electrification of VRs is still under development. How to allow patients to track and grasp their VRs meanwhile realizing the sharing of vaccine records between different institutions is an urgent problem to be solved. ese issues are exactly the concerns of this study. In our proposed traceable blockchain-based vaccination record storage and sharing system, every VR is stored in the blockchain through the smart contract and granted secure data sharing in the future. It is visible that our scheme shows the way to fill the gaps of existing research.

Preliminary and Security Requirements
In this section, the preliminary requirements, including the BAN logic, ECDSA, and the smart contract, are elaborated in subsection 3.1. Subsection 3.2 shows the security requirements of the proposed scheme.

BAN Logic.
e Burrows-Abadi-Needham (BAN) logic proof model [29] is widely applied in security-related scholars for proving whether the mutual authentication has been achieved of a protocol or scheme.

ECDSA.
To guarantee the security of the transmitted and exchanged message in the digital network, several encryption systems have been proposed by scholars. e elliptic curve digital signature algorithm (ECDSA), derived from the digital signature algorithm (DSA) [30], involves the concept of elliptic curve cryptography (ECC) [31]. While compared to DSA, the ECC reduces the key size in the algorithm and also provides a faster calculation speed.

Smart Contract.
e smart contract [32] is a computer protocol designed to spread, verify, and execute a contract in a digital form. e promised agreement between each contract participant can be executed on it. e collaboration and trust between each contract participant can be achieved in blockchain through smart contracts, which can expand the cooperation between each party.
With the development of medical technology, a large amount of information about patients' vaccination records, medical histories, and medical payment records needs to be reserved. ese records are not only stored in the local server but also permanently conserved in the blockchain by the smart contracts. When a patient visits different medical institutions, he/she can authorize medical staff to retrieve the history VR from the BC through the smart contract. us, the medical staff can provide better health services with the help of historical medical records.

Security Requirements.
e security requirements of our vaccination record storage and sharing system are listed as follows.
(1) Mutual authentication: in a proposed system, each party must confirm the legal identity of other parties in every phase. If any two parties can confirm one another's legal identity, then mutual authentication is achieved. (2) Data integrity: in an insecure network environment, the message delivered from the sender may be modified by a malicious attacker. us, the integrity of the transferred message must be maintained and should be ensured that it can defend against tampering during the transmission. (3) Nonrepudiation: in each information exchange phase, the sender cannot refuse to acknowledge that the message he has been sent. A secure system must achieve nonrepudiation requirements. (4) Resisting replay attacks: the communication between two parties may be intervened by malicious attackers. e malicious attackers will pretend to be a legitimate sender and send identical information to the intended receiver. is situation will lead to the leak of personal data security and, therefore, must be prevented. (5) Resisting man-in-the-middle attacks: the attacker may intercept the message communicated between the sender and the receiver, and then, he/she can obtain the content of the message in the middle. is situation must be prevented too.

Proposed Scheme
In this section, we introduce the construction and workflow of our system in detail. e system framework is shown first. en, the meaning of some notations is elaborated as follows.

System Framework.
is study proposes a blockchainbased vaccination record storage and sharing system. Figure 1 shows the main architecture of the proposed system, which is composed of four parties, including the blockchain center, the patient, the clinic, and the hospital. e detail of each party is described below.
(1) Blockchain center (BC) : e blockchain center is owned by the government. It manages all relevant data and operations on personal mobile devices and medical devices of the clinics and the hospitals. All mobile devices and medical devices need to be registered in the BC, and then, the three parties can mutually authenticate each other. (2) Patient: Each patient carries a personal mobile device with them. e device stores a verification message that can uniquely identify the patient. Moreover, the primary message of the VR will be reserved in the personal mobile device and will be provided to the hospital in the future to diagnose. (3) Clinic: e patient will be vaccinated at the clinic. e doctor of the clinic uses a medical device that can uniquely identify the clinic. When the patient goes to the clinic for vaccination, the doctor of the clinic can execute the vaccination for the patient and store the VR into the BC. Also, the patient will store the primary message of the VR on his/her mobile device. (4) Hospital: e patient will be diagnosed in the hospital. e doctor of the hospital uses a medical device that can uniquely identify the hospital's identification. When the patient goes to the hospital seeking treatment for a symptom, the doctor of the hospital can retrieve the VRs through the primary message of the VR stored in the patient mobile device and further provide the diagnosis for the patient.
e following is a description of our method. It should be noticed that all parties must register their corresponding devices in the BC and retrieve a unique ID and a private and public key pair from BC, respectively.
Step 1: e patient goes to the clinic with his/her mobile device for vaccination, and the clinic and the patient must authenticate one another's identity first. After mutual authentication, the doctor of the clinic will carry out the vaccination for the patient.
Step 2: e doctor of the clinic will save the VR in the local server of the clinic and store VR into the BC through the smart contract technology.
Step 3: e BC feedbacks the storage result to the clinic.
Step 4: e doctor of the clinic returns the primary message of the VR to the patient, and the patient saves the message on his/her mobile device.
Step 5: e patient visits the hospital with his/her mobile device for treatment of a symptom, and the hospital and the patient must also authenticate each other identity first. After mutual authentication, the patient provides the VR history in his mobile device to the doctor.
Step 6: e doctor of the hospital retrieves the VRs from the BC according to the information acquired from the patient.
Step 7: e BC feedbacks the details of VRs to the hospital.
Step 8: e doctor of the hospital provides the diagnostic results for the patient based on the VRs.

Notations.
e notations used in the study are listed in Table 1.

Initialization Phase.
e fundamental chaincode structure of the proposed scheme is elaborated in this section. Figure 2 shows the information structure of the access parties (APs) and the enumeration of the role type. Figure 3 shows the structure to store the vaccination record in the BC.

Registration Phase.
All parties need to register from the BC. e BC generates and sends the identity, public, and private key pair to the parties. e main process of the registration is presented as shown in Figure 4.
e access party (AP) provides the primary information (i.e., name and role) and sends a registration request to the BC.
e BC generates an ECDSA private key d X and calculates public key Q X by the following: (1) e information provided by the AP needs to be validated by the BC. If it is valid, the algorithm "Registration" will be executed, as shown in Algorithm 1. en, BC sends (ID X , d X , Q X ) to AP.
Step 3. AP stores (ID X , d X , Q X ) for signing the signature message.

Authentication Phase.
In this phase, we define the "Sign" and "Verify" functions that implement the ECDSA to achieve identity authentication between User A and User B. e definitions of these two functions are shown in Algorithm 2 and Algorithm 3. When User A and User B exchange messages, the sender generates a signature with a "Sign" function to the receiver. When the receiver receives the message, they execute a "Verify" function to verify. e flowchart of the authentication phase is shown in Figure 5.
Step 4. User A selects a random number R 1 and calculates M A by equation (2). en, User A calculates h A by equation (3).
e signatures are generated by executing the function "Sign" in Algorithm 2. In detail, User A calculates the parameters of ECDSA by equation (4) and generates the signatures by equations (5) and (6). en, User A encrypted M A with User B's public key by equation (7) and sends (ID A , ID B , C A , (r A , s A )) to User B.
Step 5. User B receives the message at T 2 and decrypts C A with its private key by the following: en, User B validates the timestamp by If it is valid, User B executes the function "Verify" in Algorithm 3 to validate the signature of User A. In detail, User B calculates the parameters by equations (10)-(13) and validates the signatures by equation (14).
If it is valid, User B selects a random number R 2 and calculates M B by equation (15). en, User B calculates h B by equation (16).
e signatures are generated by executing the function "Sign" in Algorithm 2. In detail, User B calculates the parameters of ECDSA by equation (17) and generates the signatures by equations (18) and (19). en, User B encrypted M B with User A's public key by equation (20) and sends (ID B , ID A , C B , (r B , s B )) to User A.
Step 6. User A receives the message at T 4 and decrypts C B with its private key by the following: en, User A validates the timestamp by the following: If it is valid, User A executes the function "Verify" in Algorithm 3 to validate the signature of User B. In detail, User A calculates the parameters by equations (23)-(26) and validates the signatures by equation (27).
x B ′ � ? r B mod n.  Journal of Healthcare Engineering of the vaccination and gets the vaccination. e vaccine record will be saved in the mobile device of the patient and the local server of the clinic. Meanwhile, the signature of the patient and the clinic, and the hash value of the record accompanied by the identities of the patient, clinic, and vaccine will be stored in BC. e patient vaccination phase consists of five steps, as shown in Figure 6. e detail of each step is described below.
e patient selects a random number R 3 and calculates M P with the name of the vaccination, V, by equation (28). en, the patient calculates h P by equation (29).  Journal of Healthcare Engineering e signatures (r P , s P ) are generated by executing the function "Sign" in Algorithm 2, as shown in the following: en, the patient encrypted M P with the public key of the clinic by equation (31) and sends (ID P , ID C , C P , (r P , s P )) to the clinic.
Step 8. e clinic receives the message at T 6 and decrypts C P with its private key by the following: en, the clinic validates the timestamp by the following: If it is valid, the clinic calculates h P ′ and executes the function "Verify" in Algorithm 3 to validate the signature of the patient by equations (34) and (35).
Verify h P ′ , r P , s P .
If the signature is valid, the clinic executes the vaccination for the patient and generates the vaccination record, VR, including ID P , ID V (the identity of the vaccination V), ID C , the time of the vaccination, and other detailed information. At the same time, the primary message of VR, denoted as K VR , is generated and delivered to the patient. function Verify (string h, string r, string s) public return string result{ u1 � h/s%n u2 � r/s%n (x, y) � u1 * G + u2 * Q if x ��r{ return "valid" }else{ return "invalid" } } ALGORITHM 3: e smart contract Verify Next, the clinic selects a random number R 4 and calculates M C with VR by equation (36). en, the clinic calculates h C by equation (37).
e signatures (r C , s C ) are generated by executing the function "Sign" in Algorithm 2, as shown in the following: (38) e algorithm "RIns" is triggered to create a record stored in BC, the algorithm of which is shown in Algorithm 4. e record includes the signature of the patient and the clinic.
Finally, the clinic encrypted M C by the public key of the patient by equation (39) and sends (ID C , ID P , C C , (r C , s C )) to the patient. (39) Step 9. e patient receives the message at T 8 and decrypts C C with its private key by the following: (40) en, the patient validates the timestamp by the following: If it is valid, the patient calculates and executes the function "Verify" in Algorithm 3 to validate the signature of the clinic by equations (42) and (43).
Verify h C ′ , r C , s C .
If the signature is valid, the patient stores the K VR on his/ her mobile device.

Patient Treatment Phase.
When the patient visits the hospital for treatment of a symptom related to vaccination history, mutual authentication should be first executed. After the authentication, the hospital will obtain the VR from BC by K VR , which is stored in a patient mobile device. After verifying the record with the hash value, the hospital performs a diagnosis and issues the diagnostic result about the patient. e patient treatment phase consists of five steps, as shown in Figure 7. e detail of each step is described below.
e patient selects a random number R 5 and calculates M P2 with the symptom, S, by equation (44). en, the patient calculates h P2 by equation (45).
e signatures (r P2 , s P2 ) are generated by executing the function "Sign" in Algorithm 2, as shown in the following: (46) en, the patient encrypted M P2 with the public key of the hospital by equation (47) and sends (ID P , ID H , C P2 , (r P2 , s P2 )) to the hospital.
Step 11. e hospital receives the message at T 10 and decrypts C P2 with its private key by the following: (48) en, the hospital validates the timestamp by the following: If it is valid, the hospital calculates and executes the function "Verify" in Algorithm 3 to validate the signature of the patient by equations (50) and (51).
If the signature is valid, the algorithm "RGet" is triggered to retrieve the VR. e definition of "RGet" is shown in Algorithm 5. Since the records contain the signatures of the patients and the clinics, it is convenient to track the validation of the record.
Next, the hospital selects a random number R 6 and calculates M H with the diagnostic result of the patient, D, by equation (52). en, the hospital calculates h H by equation (53).
e signatures (r H , s H ) are generated by executing the function "Sign" in Algorithm 2, as shown in the following: Finally, the hospital encrypted M H by the public key of the patient by equation (55) and sends (ID H , ID P , C H , (r H , s H )) to the patient.
Step 12. e patient receives the message at T 12 and decrypts C H with its private key by the following:

M H � D SK P C H .
(56) en, the patient validates the timestamp by the following: If it is valid, the patient calculates and executes the function "Verify" in Algorithm 3 to validate the signature of the hospital by equations (58) and (59).
Verify h H ′ , r H , s H .
If the signature is valid, the patient stores the D in his/her mobile device.

Security Analysis
We will analyze the security of our system in terms of the following aspects.

Mutual Authentication.
In this section, we use the BAN logic proof model to prove that mutual authentication in the authentication phase is guaranteed in our proposed system. e common notations used in the BAN logic are described in Table 2.
To achieve mutual authentication, the following goals should be satisfied, as shown in Table 3. e messages delivered between User A and User B are listed in Table 4.
To achieve the goals, the assumptions are made as shown in Table 5.
Based on the rules of BAN logic and these assumptions, the proof of the patient vaccination phase is as follows: (a) User B authenticates User A.
Statement S1 can be derived from M1 and the seeing rule. S1. B⊲(〈ID A , ID B , T 1 〉 PK B , r A , s A ) Statement S2 can be derived from A2 and the freshness rule. S2. B| ≡ #(〈ID A , ID B , T 1 〉 PK B , r A , s A ) Statement S3 can be derived from S1, A4, and the message meaning rule. S3. B| ≡ A| ∼ (〈ID A , ID B , T 1 〉 PK B , r A , s A ) Statement S4 can be derived from S2, S3, and the nonce verification rule. S4. B| ≡ A| ≡ (〈ID A , ID B , T 1 〉 PK B , r A , s A ) Statement S5 can be derived from S4 and the belief rule.
Statement S6 can be derived from S5, A6, and the jurisdiction rule.
Statement S7 can be derived from S3 and the belief rule.
can be derived from S7, A8, and the jurisdiction rule.
Statement S9 can be derived from M2 and the seeing rule. S9. A⊲(〈ID B , ID A , T 2 〉 PK A , r B , s B ) Statement S10 can be derived from A1 and the freshness rule. S10. A| ≡ #(〈ID B , ID A , T 2 〉 PK A , r B , s B ) Statement S11 can be derived from S9, A3, and the message meaning rule. S11. A| ≡ B| ∼ (〈ID B , ID A , T 2 〉 PK A , r B , s B ) Statement S12 can be derived from S10, S11, and the nonce verification rule. S12. A| ≡ B| ≡ (〈ID B , ID A , T 2 〉 PK A , r B , s B ) Statement S13 can be derived from S12 and the belief rule.
Statement S14 can be derived from S13, A5, and the jurisdiction rule.
Statement S15 can be derived from S12 and the belief rule. S15 (G6) A| ≡ B| ≡ ID B Statement S16 can be derived from S15, A7, and the jurisdiction rule. S16 (G5) A| ≡ ID B According to statements S6, S8, S14, and S16, these statements mutually authenticate the identities of User A and User B in the proposed scheme. Taking the patient vaccination phase into account, patient P and clinic C can authenticate each other through statements S17, S18, S19, and S20. S17 (G3) C| ≡ P ⟷ x P C S18 (G7) C| ≡ ID P S19 (G1) P| ≡ C ⟷ x C P S20 (G5) P| ≡ ID C

Nonrepudiation.
To ensure the nonrepudiation in our proposed scheme, the message sent by the sender must be signed with the secret key of the sender. e receiver can verify the received message with the public key of the sender; therefore, the sender cannot deny sending the message. Table 6 shows the verification equations that need to be verified by the receiver in every phase of the proposed scheme.

Data Integrity.
To ensure the integrity of the message transmitted in each phase, this study applies the ECDSA to generate the signature value with the hash value. As shown in Algorithm 2, the signature s is generated by hash value h. Table 7 lists the signatures in each phase. All the signatures need to be verified by the receiver, as shown in Table 6.
Journal of Healthcare Engineering

Resisting Replay Attack.
e messages transmitted from the sender have added a sending timestamp and verified whether the timespan is valid in the receiver. e timestamp is added in each phase to resist the replay attack. For example, in the authentication phase, User A adds a timestamp T 1 in the message M A , which will be encrypted by the public key of User B, as shown in equations (60) and (61). User B decrypts the cipher message and checks the validation of the timespan, as shown in equations (62) and (63). When a malicious attacker sends the same message to the receiver to achieve the replay attack, the receiver will decrypt the cipher message and compare the sending timestamp with the current time. If the timespan is larger than the threshold, the attack will fail. erefore, the replay attack cannot succeed in our proposed scheme.

Resisting
Man-in-the-Middle Attack. In our method, the message sent by the sender is encrypted by the public key of the receiver. e receiver can decrypt the cipher message with its private key. When a malicious attacker intercepts the cipher message, he/she cannot decrypt without the relevant private key. erefore, our proposed system can resist the man-in-the-middle attack.

Performance Analysis
We analyze the performance of our system in terms of the following aspects.

Computation Cost.
e computation cost is also an important aspect to evaluate the performance of a system. Table 8 elaborates the computation costs of our proposed scheme in each phase for BC, the hospital, the clinic, and the patient. It can be seen from Table 8 that each role has equal computation costs. For example, in the authentication phase, User A needs two symmetric encryption/decryption operations (T E ), two hash function operations (T H ), two additional operations (T A ), one subtraction operation (T S ), five multiplication operations (T M ), and three division operations (T D ).

Communication Cost.
Assumed that an ID message required 128 bits, a cipher message required at least 512 bits, a signature message required 1024 bits, and other messages, like timestamp, requires 64 bits. As shown in the patient treatment phase, the patient encrypts the message, which contains 2 IDs, 1 timestamp, and a symptom described by the patient. e length of the symptom is set as 3 other messages, so the length of the cipher message is 2 × 128 bits +1 × 64 bits +3 × 64 bits � 512 bits.
Taking the patient treatment phase into account, the patient and the hospital will exchange 2 messages, which require 2 IDs, 1 cipher message, and 1 signature operation message. us, it requires (1282 + 5121 + 10241) 2 � 1792 bits in total. e maximum transmission speed is 14 Mbps, 100 Mbps, and 20 Gbps in a 3.5 G, 4G, and 5 G environment.
us, the transmission time is only 0.015 ms, 0.002 ms, and 0.01 us, which reveals that our system can be utilized in various real-time applications. Table 9 lists the communication costs of the proposed scheme in each phase. Table 10 shows the functionality comparison of previous schemes and the proposed Table 2: Common notations are used in the BAN logic. P | ≡ X P believes X P ⊲ X P sees X P | ∼ X P said X P |⇒ X P controls X #(X) X is fresh P ⟷ K X P and X share the key K ⟶ K P K is the public key of P P ⟺ X Q P and Q share the secret X Table 3: e goals of the authentication analysis.

Functionality Comparison.
B| ≡ A|⟹ID A scheme. Our proposed scheme has the advantage of providing theoretical proof, solving the nonrepudiation issue, and providing the man-in-the-middle attack resistance.

Limitations.
ere are some limitations in our system. First, every party must register in the blockchain center (BC) before joining the system. During the registration process, each participant needs to obtain the public key and private key pair of the elliptic curve signature from the BC. Second, the proposed scheme relies on stable power and network for normal operations.
us, a backup power supply and a secure local network system can be established for the proposed system to prevent system failure.
Overall, the proposed scheme in this study is focused on applying blockchain technology to solve the storage and     sharing for VR. Some potential problems are not comprehensively considered, for example, the unpopularity or slow speed of the internet environment.

Conclusions
is study discusses the problems that occurred in the application of the vaccination record (VR) in reality and proposes a blockchain-based vaccination record storage and sharing system. e integrity of the VR and the privacy protection problems are solved by using blockchain technologies. e security of our system was analyzed such as mutual authentication, nonrepudiation, and data integrity. Moreover, our method can resist replay attacks and man-inthe-middle attacks. In particular, we use BAN logic to prove identity legality such that communication security is guaranteed between two parties. Not merely the computational and communication costs are quite low, the proposed method can save time and avoid medical risks than the current medical system.
In the next work, we hope to improve the proposed system using artificial intelligence (AI) and deep learning techniques, which will be used to store VR in different formats and enable efficient VR search.
Data Availability e data supporting this study are available within the article.

Conflicts of Interest
e authors declare no conflicts of interest.