CN113672957A - Method, device and equipment for processing buried point data and storage medium - Google Patents
Method, device and equipment for processing buried point data and storage medium Download PDFInfo
- Publication number
- CN113672957A CN113672957A CN202110969095.8A CN202110969095A CN113672957A CN 113672957 A CN113672957 A CN 113672957A CN 202110969095 A CN202110969095 A CN 202110969095A CN 113672957 A CN113672957 A CN 113672957A
- Authority
- CN
- China
- Prior art keywords
- data
- character string
- public key
- encrypted
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012545 processing Methods 0.000 title claims abstract description 36
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 54
- 230000005540 biological transmission Effects 0.000 claims abstract description 43
- 238000012544 monitoring process Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 16
- 238000013144 data compression Methods 0.000 claims description 15
- 238000003672 processing method Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 7
- 238000009933 burial Methods 0.000 claims 2
- 238000013473 artificial intelligence Methods 0.000 abstract description 7
- 206010020751 Hypersensitivity Diseases 0.000 description 10
- 208000026935 allergic disease Diseases 0.000 description 10
- 230000007815 allergy Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000003745 diagnosis Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 229940004975 interceptor Drugs 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 206010013700 Drug hypersensitivity Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 201000005311 drug allergy Diseases 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The application relates to the field of artificial intelligence, in particular to a method, a device, equipment and a storage medium for processing buried point data, wherein the method comprises the following steps: acquiring user data, and monitoring the user data through a preset embedded point code to obtain embedded point data; acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters, and encrypting the source character string to obtain a first character string; generating a public key generation instruction according to the first character string, sending the public key generation instruction to the server, and acquiring public key feedback information fed back by the server, wherein the public key feedback information comprises a public key and a second character string; if the first character string is consistent with the second character string, randomly generating a password based on a second encryption algorithm, and encrypting the buried point data through the password to obtain encrypted data; and encrypting the password through the public key to obtain an encrypted password, and sending the encrypted data and the encrypted password to the server. Therefore, the safety of the user information can be guaranteed, and the user experience is improved.
Description
Technical Field
The present application relates to the field of artificial intelligence, and in particular, to a method and an apparatus for processing embedded data, a computer device, and a storage medium.
Background
Information query becomes a channel for users to quickly acquire required information in many scenes. For example, in the medical field, in order to improve the efficiency of inquiry, a patient generally needs to fill information in a terminal device such as a mobile phone of the patient, so that a doctor can query medical record information and the like required by the corresponding patient from a large number of electronic medical records, and the method is helpful for providing medical record reference for the user and avoiding situations such as drug allergy.
The information generally comprises a large amount of personal information, physical condition information, past medical history information and other information, most of the information is privacy information of the patient, if the user sends the information to the server without encryption after filling the information in the mobile phone, the information is easily intercepted in the transmission process and the privacy information of the user is simply obtained, and even the information is used for bad purposes, so that bad experience is caused to the user.
Disclosure of Invention
The application provides a processing method of buried point data, a processing device of buried point data, computer equipment and a storage medium, and aims to solve the problem that privacy information is leaked due to the fact that existing data are easily intercepted in the transmission process.
In order to achieve the above object, the present application provides a method for processing buried point data, the method including:
acquiring user data, and monitoring the user data through a preset embedded point code to obtain embedded point data;
acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters, and encrypting the source character string to obtain a first character string;
generating a public key generation instruction according to the first character string, and sending the public key generation instruction to a server so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information;
public key feedback information fed back by the server side is obtained, and the public key feedback information comprises the public key and a second character string;
if the first character string is consistent with the second character string, a password is randomly generated based on a second encryption algorithm, and the buried point data is encrypted through the password to obtain encrypted data;
and encrypting the password through the public key to obtain an encrypted password, and sending the encrypted data and the encrypted password to the server so that the server decrypts based on the encrypted data and the encrypted password to obtain and store the data of the buried point.
In order to achieve the above object, the present application also provides an apparatus for processing buried point data, including:
the embedded point data acquisition module is used for acquiring user data and monitoring the user data through a preset embedded point code to obtain embedded point data;
the device comprises a character string generating module, a first character string generating module and a second character string generating module, wherein the character string generating module is used for acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters and encrypting the source character string to obtain a first character string;
the public key generating module is used for generating a public key generating instruction according to the first character string and sending the public key generating instruction to the server so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information;
the public key obtaining module is used for obtaining public key feedback information fed back by the server, and the public key feedback information comprises the public key and a second character string;
the data encryption module is used for randomly generating a password based on a second encryption algorithm if the first character string is consistent with the second character string, and encrypting the buried point data through the password to obtain encrypted data;
and the data transmission module is used for encrypting the password through the public key to obtain an encrypted password and sending the encrypted data and the encrypted password to the server so that the server decrypts the encrypted data and the encrypted password to obtain and store the buried point data.
In addition, to achieve the above object, the present application also provides a computer device comprising a memory and a processor; the memory for storing a computer program; the processor is configured to execute the computer program and implement the processing method of the buried point data provided in any one of the embodiments of the present application when executing the computer program.
In addition, to achieve the above object, the present application further provides a computer-readable storage medium storing a computer program, which when executed by a processor, causes the processor to implement the method for processing buried point data according to any one of the embodiments of the present application.
According to the processing method of the data of the embedded points, the processing device of the data of the embedded points, the equipment and the storage medium, the useful patient information is obtained in the manner of embedding the points, the character strings are verified when the data are sent and received, and therefore the patient information can be collected and encrypted and uploaded to the server for storage, so that the safety of the user information can be guaranteed, and the inquiry experience of the user is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a scene schematic diagram of a method for processing buried point data according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a method for processing buried point data according to an embodiment of the present disclosure;
FIG. 3 is a schematic block diagram of a device for processing buried point data according to an embodiment of the present application;
fig. 4 is a schematic block diagram of a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation. In addition, although the division of the functional blocks is made in the device diagram, in some cases, it may be divided in blocks different from those in the device diagram.
The term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Information query becomes a channel for users to quickly acquire required information in many scenes. For example, in the medical field, in order to improve the efficiency of inquiry, a patient may fill his/her own related information in his/her own terminal device such as a mobile phone, so that a doctor can quickly inquire the related information of the patient during inquiry or prescription, thereby achieving the effect of assisting inquiry or prescription.
Since the information filled by the user is generally private information of the user, the security of information transmission is a problem that people need to pay close attention. The existing encryption mode is generally only simply encrypted by a symmetric encryption mode or an asymmetric encryption mode. The efficiency of encryption and decryption by using a symmetric encryption algorithm is high, which affects the quick report of patient information, but has the defect that the security of key exchange cannot be guaranteed in the management of keys and the communication in an insecure channel. The use of the asymmetric encryption algorithm can ensure the security of the key, but the encryption and decryption efficiency is low. Therefore, an encryption method combining a symmetric encryption algorithm and an asymmetric encryption algorithm is needed to encrypt the user information (the private information of the patient).
In order to solve the above problems, the present application provides a method for reporting user data, which is applied to a client, where the client may be a terminal device, and thus, patient information may be collected and encrypted and uploaded to a server for storage, so that the security of the user information may be ensured, and the inquiry experience of the user may be improved.
The terminal device may include a fixed terminal such as a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The servers may be, for example, individual servers or clusters of servers. However, for the sake of understanding, the following embodiments will be described in detail with respect to a processing method of buried point data applied to a server.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
As shown in fig. 1, the method for processing buried point data provided in the embodiment of the present application may be applied to the application environment shown in fig. 1. The application environment includes a terminal device 110 and a server 120, wherein the terminal device 110 can communicate with the server 120 through a network. Specifically, the terminal device 110 obtains the buried point data in a buried point manner, then obtains the public key generated by the server 120, encrypts the buried point data by using the public key, and finally sends the encrypted buried point data to the server 120, so that the server 120 obtains, stores and uses the buried point data. The server 120 may be an independent server, or may be a cloud server that provides basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, Content Delivery Network (CDN), big data and an artificial intelligence platform. The terminal device 110 may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.
Referring to fig. 2, fig. 2 is a schematic flowchart illustrating a method for processing buried point data according to an embodiment of the present disclosure. The processing method of the buried point data can be used in terminal equipment, so that the patient information can be collected and encrypted and uploaded to a server for storage, the safety of the user information can be guaranteed, and the inquiry experience of the user is improved.
As shown in fig. 2, the method for processing buried point data includes steps S101 to S106.
S101, obtaining user data, and monitoring the user data through a preset embedded point code to obtain embedded point data.
The user data may be data input by a user at a client, such as patient data, or physical examination data, image data, and the like in a hospital information system, and the preset buried point code is a code for performing a corresponding operation, such as a code corresponding to acquiring an allergy history of a patient, a code corresponding to acquiring an abnormal parameter in experience data, and the like. The buried point data is data obtained from the user data through the buried point, and may be considered as data useful for the current diagnosis, and may be obtained specifically through a Java reflection mechanism.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
In some embodiments, the log record annotation is intercepted by the AOP and is marked in the user data to obtain the buried point data, and the log record annotation is obtained by adding the log annotation to a preset buried point code in a self-defined annotation manner. The target element types of the self-defined annotation comprise a constructor, a method and a field, the action time period of the annotation is effective during operation, the AOP is a section-oriented programming and is used for monitoring user data and marking the annotation, and the log record annotation is the annotation for executing corresponding operation.
Because a doctor usually faces a large number of patients, each patient has a large amount of personal information, and the information useful for the diagnosis is usually limited, automatic point burying can be performed through custom annotation and the buried point data can be obtained through AOP, so that the patient information required for the diagnosis can be quickly obtained.
Specifically, a log record annotation is added to a preset buried point code in a Java self-defined annotation mode to perform traceless buried point on user data. For example, a patient allergy history needs to be acquired, a custom note @ Log (value) is added to a method for acquiring a patient allergy history by modifying Java code, and the method is subjected to traceless embedding without any interference on business logic codes.
And after the user data is subjected to traceless point burying, intercepting the annotation through AOP and marking in the user data to obtain the buried point data. The AOP is characterized by inheritance, polymorphism and encapsulation. That is, different classes are designed with different methods, so that codes can be conveniently dispersed into the classes, the complexity of the codes is reduced, and the classes can be reused. The method is also called an Interceptor framework Interceptor, and is used for monitoring parameters of some methods, the monitored parameters can be given to us like logs, a method is called during program running, the method is inserted before and after the methods, and the method is cut into the method like a section to be inserted into the method to realize monitoring. And intercepting the annotation and marking in the user data based on the principle of AOP to obtain buried point data. Therefore, the readability of the code can be improved, and the cost of operations such as adding, modifying, deleting and maintaining the code is reduced.
Exemplarily, in the medical field, when a doctor needs to acquire allergy history information of a user and acquire past medical history information, the preset code is specifically set to acquire the allergy history information of the user and acquire notes corresponding to the past medical history information, and the allergy history information and the past medical history information are intercepted and marked through the AOP. The obtained data of the buried point can comprise information such as identity information of a patient, allergy history of the patient, telephone number of the user, and time of visit and consultation.
In some embodiments, the log record annotation is written according to the requirement information, and a preset buried point code is generated based on an AspectJ compiling mode; defining an entry point matching rule according to the position of a buried point as required, and adding a log record annotation in the preset buried point code based on the entry point matching rule.
The method comprises the steps that the required information is information required to be acquired, for example, in an inquiry scene, the required information can be information required to be acquired, such as acquiring allergy history of a patient, acquiring abnormal indexes in experience data of the patient and the like, AspectJ is a language facing section programming based on a Java platform, various connection point sets are defined to realize the concept of AOP, the entry point matching rule is a code entry position corresponding to each annotation, and particularly, the annotation where a section of specific code is injected can be determined according to the entry point matching rule.
Specifically, the preset buried point code is generated by defining a task to execute AspectJ compilation or using a third party AspectJ integration plug-in, Gradle-android-AspectJ-plugin to execute AspectJ compilation in the Gradle construction script.
Illustratively, if abnormal indexes in the experience data of the patient need to be acquired, corresponding log record annotations are written,
generating a preset embedded point code based on an AspectJ compiling mode; the method comprises the steps of determining the position of a buried point to be buried according to a code segment corresponding to an abnormal index in acquired patient experience data, defining an entry point matching rule, and adding a log record annotation in a preset buried point code based on the entry point matching rule, so that traceless buried points can be realized, the buried points can be managed in a unified mode, codes do not need to be modified, and the workload and the maintenance cost are effectively reduced.
In some embodiments, a plurality of configuration files are newly built in a local cache of the client; wherein the configuration file comprises a script file for collecting data; associating each configuration file with a corresponding said log record annotation; and when the log record annotation is intercepted, calling a configuration file corresponding to the log record annotation to collect data to obtain buried point data. Wherein each log record annotation corresponds to a script file for collecting corresponding data.
Illustratively, after adding the log record annotations, a plurality of configuration files are newly built in a local cache of the client, each configuration file is paired with each log record annotation, and when a certain log record annotation, such as the annotation for acquiring the allergy history of the patient, is intercepted, the configuration file corresponding to the annotation for acquiring the allergy history of the patient is called for data collection to obtain the buried point data.
In some embodiments, network signal strength of a client is detected, and whether the network signal strength of the client is higher than a preset signal strength threshold value is determined; if the network signal intensity of the client is higher than a preset signal intensity threshold value, performing data compression processing on the buried point data to obtain a data compression packet corresponding to the buried point data; if the network signal intensity of the client is not higher than a preset signal intensity threshold value, caching the data of the buried point, unpacking the data after caching to obtain a plurality of data packets, and performing data compression processing on the plurality of data packets to obtain a plurality of data compression packets corresponding to the data of the buried point. Therefore, the uploading strategy of the buried point data can be determined through the detection network, when the network state is good (namely the network signal intensity of the client is higher than the preset signal intensity threshold), the whole buried point data is directly compressed and encrypted and uploaded to the server, because the data volume of the buried point data is possibly very large, when the network state is not good (namely the network signal intensity of the client is not higher than the preset signal intensity threshold), the buried point data is unpacked firstly and then is respectively compressed and uploaded to the server, and the data transmission failure caused by poor network is avoided.
The signal strength of the mobile phone is generally measured by dBm, the dBm represents the value of the absolute value of power, the larger the value is, the better the signal is, and the dBm is generally a negative value because the signal strength of the mobile phone is generally weaker. Therefore, the preset signal strength threshold is generally-90 dBm, but may be any value, and is not limited herein.
Specifically, gzip data compression processing is performed on the buried point data, so that the network bandwidth occupation ratio of the buried point data can be reduced, and the performance of the client app is prevented from being influenced. The caching processing of the data of the embedded point specifically comprises memory caching and hard disk caching, the acquired data is directly stored in an array through the memory caching and is reported to a certain degree in an accumulated mode, and therefore the use of the current client app can not be influenced, and the data can be reported when appropriate; the data can be stored in the local database through the hard disk cache under the condition that the user exits the app or does not have a network, and the data is collected and reported after the network condition becomes good.
S102, acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters, and encrypting the source character string to obtain a first character string.
The network transmission protocol parameters may include a timestamp, system global parameters and other TCP/IP parameters, and the first character string is a character string generated according to the network transmission protocol parameters and is placed in a message header transmitted from the client to the server. The network transmission protocol used specifically can be defined in advance between the client and the server, and the parameter corresponding to the network transmission protocol is obtained to generate the source character string, so that the source character string can be understood as the unique identifier for communication between the client and the server, and the source of the transmitted information can be determined by encrypting the identifier and adding the identifier into the information transmission for verification, so that the information transmission is safer.
Illustratively, the acquired network transmission protocol parameters may include parameters such as a timestamp and a system global parameter, and the network transmission protocol parameters are sequenced according to the acquisition sequence to obtain a source character string, and then the source character string is encrypted to generate a first character string.
In some embodiments, the source character string is subjected to flipping processing to obtain a flipped character string; based on a hash function, converting the turned character string to obtain a converted character string; and encrypting the converted character string based on an MD5 encryption algorithm to obtain a first character string. The hash function is a secure hash algorithm, and may specifically include an SHA-224 algorithm, an SHA-256 algorithm, an SHA-384 algorithm, and an SHA-512 algorithm. Therefore, the source character string can be subjected to preset processing and encryption, the source of the information can be verified in subsequent information interaction, and the safety of the received information and data can be determined.
Specifically, the reversed character string may be compressed into an abstract through a hash function, so that the data size is reduced, the format of the character string is fixed, and the character string is shuffled to obtain a converted character string. The transformed character string is encrypted by the MD5 encryption algorithm, the MD5 value of the received message or data can be detected subsequently, whether the MD5 values of the message or the data are the same or not in the sending and receiving processes can be judged, the source of the data can be determined, the data is prevented from being tampered, and the safety of the data is ensured.
S103, generating a public key generation instruction according to the first character string, and sending the public key generation instruction to a server, so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information.
The server may be a server of a hospital information system, and after obtaining the buried point data, the client sends a public key feedback message to the server, so that the server generates a public key and a corresponding private key, and the first encryption algorithm is an asymmetric encryption algorithm and may include an SM2 encryption algorithm, an RSA encryption algorithm, an ECC encryption algorithm, and the like. The public key feedback information is used for prompting the information that the public key of the user is generated and comprises the public key generated at the client.
It can be understood that the public key generation instruction includes a first character string generated by the client, and specifically, after the server receives the public key generation instruction, the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information.
For example, the server may generate a public key and a corresponding private key based on the SM2 encryption algorithm, and store the public key in the generated public key feedback information, so that the client encrypts the buried point data using the public key. And meanwhile, the storage private key is stored, so that the client decrypts the encrypted buried point data through the private key after receiving the encrypted buried point data, and the buried point data is obtained and stored.
And S104, public key feedback information fed back by the server is obtained, wherein the public key feedback information comprises the public key and a second character string.
The server responds to the public key generation request, and after a public key and a corresponding private key are generated, the client acquires a public key feedback message sent by the server, wherein the public key feedback message comprises the public key and a second character string. The second character string is placed in a message header transmitted from the client to the server and is used for being compared with the first character string, so that the source of the message is determined, and the safety of data is guaranteed. And a public key and a private key are generated through the interaction between the client and the server, so that the safety of information transmission is improved.
Specifically, whether the first character string is consistent with the second character string is detected; if the first character string is consistent with the second character string, a password is randomly generated; and if the first character string is inconsistent with the second character string, intercepting the public key feedback message, and displaying prompt information of data security check failure on the client. The prompt message of the data security verification failure is used for reminding the user that the information is possibly illegally tampered, and the information security is low. Therefore, the first character string and the second character string can be detected, illegal interception in the information transmission process is prevented, the server side is forged to generate a public key, and once a user uses the forged public key for encryption, the information of the user can be leaked.
Whether the first character string is consistent with the second character string or not can be detected specifically by detecting whether the sequence of the character strings is consistent, whether the characters in the character strings are consistent and whether the MD5 values of the character strings are consistent, and if the message is tampered privately, the sequence of the character strings, the characters in the character strings and the MD5 values of the character strings are changed, so that whether the message is tampered privately or not can be determined, man-in-the-middle attacks can be effectively prevented, and the safety of information transmission is guaranteed.
And S105, if the first character string is consistent with the second character string, encrypting the buried point data based on a second encryption algorithm to obtain encrypted data.
Specifically, if the first character string is consistent with the second character string, it indicates that the transmitted data security check is successful, and a password is randomly generated based on a second encryption algorithm. The second encryption algorithm is a symmetric encryption algorithm, and may specifically include an SM4 encryption algorithm, a DES encryption algorithm, an AES encryption algorithm, and the like.
It should be noted that, because of the influence of network signal strength and data transmission efficiency, the data of the buried point can be directly encrypted, so as to obtain encrypted data; or encrypting the data compression packet corresponding to the buried point data to obtain encrypted data; the data compression packets corresponding to the buried point data can be encrypted, so that a plurality of encrypted data can be obtained.
In some embodiments, if the first character string is consistent with the second character string, a password is randomly generated based on a second encryption algorithm, and the buried point data is encrypted through the password to obtain encrypted data. Since the buried point data may include a large amount of patient information, such as pictures, medical images, electrocardiograms, and the like, the data amount of the buried point data is generally large, and the encryption and decryption efficiency of the symmetric encryption algorithm is high, the buried point data can be encrypted through the symmetric encryption algorithm.
For example, if the first character string is consistent with the second character string, a password such as 85@23@ #4A3 may be randomly generated by a cryptographic SM2 encryption algorithm, and the buried point data is encrypted by the password, so that the buried point data is encrypted.
It should be noted that the buried point data may also be encrypted by a plurality of encryption algorithms, for example, the buried point data is encrypted by using the SM2 encryption algorithm, and then the encrypted data is re-encrypted by using the AES encryption algorithm to obtain the encrypted data.
S106, encrypting the password through the public key to obtain an encrypted password, and sending the encrypted data and the encrypted password to the server so that the server decrypts based on the encrypted data and the encrypted password to obtain and store the buried point data.
Because the transmitted data is successfully verified in security, the obtained public key can be determined to be sent from the corresponding server, so that the randomly generated password can be encrypted by using the public key to obtain an encrypted password, and the encrypted data and the encrypted password are sent to the server.
In some embodiments, the encrypted data and the encrypted password are sent to the server, so that the server decrypts the encrypted password through the private key to obtain the password, and decrypts the encrypted data through the password to obtain and store the buried point data. Therefore, the advantages of the symmetric encryption algorithm and the asymmetric algorithm are combined, and the safety of data transmission is enhanced. Even if the encrypted data and the encrypted password are intercepted illegally in the process of information transmission, an interceptor needs the private key to decipher the encrypted password, and the private key is generally only available to a server and is used for decrypting the public key. In addition, the decryption key cannot be reasonably calculated from the encryption key, and thus the security of the asymmetric algorithm can be secured.
Illustratively, after the server stores the data of the embedded points, a doctor can inquire the data of the embedded points corresponding to the patient, namely useful patient information, through the hospital information system, and can achieve the effects of assisting inquiry and prescription for the doctor, so that the inquiry efficiency is improved, and the intelligent auxiliary diagnosis and treatment is realized.
In some embodiments, before the encrypted data and the encrypted password are sent to the server, matching information is generated according to the encrypted data and the corresponding encrypted password, the matching information is encrypted, and the matching information is sent to the server. The encryption mode may be encryption by a password, a symmetric encryption algorithm, or an asymmetric encryption algorithm, and the matching information is used to match the encrypted data and the encrypted password at the server, which may specifically be a mapping relationship, such as encrypted data a1 → encrypted password a 2.
For example, generally, a large amount of patients upload their own user information in the same period of time, and therefore, when a plurality of encrypted data and a plurality of corresponding encrypted passwords exist, in order to increase the security of data transmission, the encrypted data and the corresponding encrypted passwords are transmitted through different transmission channels, and therefore matching information is generated according to the encrypted data and the corresponding encrypted passwords, so that a large amount of encrypted data and the encrypted passwords are matched at the server.
It should be noted that the encrypted data, the encrypted password and the matching information are transmitted through different transmission channels, and in case that an interceptor obtains a password, the interceptor cannot know which encrypted data corresponds to the password among thousands of data, and only the server can perform matching determination on the received data through the matching information of the message header, thereby realizing secure transmission of the data and preventing information leakage.
Referring to fig. 3, fig. 3 is a schematic block diagram of a device for processing embedded data according to an embodiment of the present application, where the device for processing embedded data can be configured in a client for executing the method for processing embedded data.
As shown in fig. 3, the device 200 for processing buried point data includes: the system comprises a buried point data acquisition module 201, a character string generation module 202, a public key generation module 203, a public key acquisition module 204, a data encryption module 205 and a data transmission module 206.
The buried point data acquisition module 201 is configured to acquire user data and monitor the user data through a preset buried point code to obtain buried point data;
the character string generating module 202 is configured to obtain a network transmission protocol parameter, generate a source character string according to the network transmission protocol parameter, and encrypt the source character string to obtain a first character string;
the public key generating module 203 is configured to generate a public key generating instruction according to the first character string, and send the public key generating instruction to the server, so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information;
the public key obtaining module 204 is configured to obtain public key feedback information fed back by the server, where the public key feedback information includes the public key and a second character string;
the data encryption module 205 is configured to randomly generate a password based on a second encryption algorithm if the first character string is consistent with the second character string, and encrypt the buried point data through the password to obtain encrypted data;
the data transmission module 206 is configured to encrypt the password through the public key to obtain an encrypted password, and send the encrypted data and the encrypted password to the server, so that the server decrypts the encrypted data and the encrypted password to obtain and store the buried point data.
It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working processes of the apparatus, the modules and the units described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The methods, apparatus, and devices of the present application are operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
For example, the method and apparatus described above may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 4.
Referring to fig. 4, fig. 4 is a schematic diagram of a computer device according to an embodiment of the present disclosure. The computer device may be a server.
As shown in fig. 4, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a volatile storage medium, a non-volatile storage medium, and an internal memory.
The non-volatile storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause a processor to perform any of the methods for processing buried point data.
The processor is used for providing calculation and control capability and supporting the operation of the whole computer equipment.
The internal memory provides an environment for running a computer program in the nonvolatile storage medium, and the computer program, when executed by the processor, causes the processor to execute any processing method of the buried point data.
The network interface is used for network communication, such as sending assigned tasks and the like. Those skilled in the art will appreciate that the configuration of the computer apparatus is merely a block diagram of a portion of the configuration associated with aspects of the present application and is not intended to limit the computer apparatus to which aspects of the present application may be applied, and that a particular computer apparatus may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It should be understood that the Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein, in some embodiments, the processor is configured to execute a computer program stored in the memory to implement the steps of: acquiring user data, and monitoring the user data through a preset embedded point code to obtain embedded point data; acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters, and encrypting the source character string to obtain a first character string; generating a public key generation instruction according to the first character string, and sending the public key generation instruction to a server so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information; public key feedback information fed back by the server side is obtained, and the public key feedback information comprises the public key and a second character string; if the first character string is consistent with the second character string, a password is randomly generated based on a second encryption algorithm, and the buried point data is encrypted through the password to obtain encrypted data; and encrypting the password through the public key to obtain an encrypted password, and sending the encrypted data and the encrypted password to the server so that the server decrypts based on the encrypted data and the encrypted password to obtain and store the data of the buried point.
In some embodiments, the processor is further configured to: intercepting the log record annotation through AOP and marking the log record annotation in the user data to obtain buried point data, wherein the log record annotation is log annotation added to a preset buried point code in a user-defined annotation mode.
In some embodiments, the processor is further configured to: compiling the log record annotation according to the demand information, and generating a preset buried point code based on an AspectJ compiling mode; defining an entry point matching rule according to the position of a buried point as required, and adding a log record annotation in the preset buried point code based on the entry point matching rule.
In some embodiments, the processor is further configured to: detecting the network signal intensity of a client, and determining whether the network signal intensity of the client is higher than a preset signal intensity threshold value; if the network signal intensity of the client is higher than a preset signal intensity threshold value, performing data compression processing on the buried point data to obtain a data compression packet corresponding to the buried point data; if the network signal intensity of the client is not higher than a preset signal intensity threshold value, caching the data of the buried point, unpacking the data after caching to obtain a plurality of data packets, and performing data compression processing on the plurality of data packets to obtain a plurality of data compression packets corresponding to the data of the buried point.
In some embodiments, the processor is further configured to: turning over the source character string to obtain a turned-over character string; based on a hash function, converting the turned character string to obtain a converted character string; and encrypting the converted character string based on an MD5 encryption algorithm to obtain a first character string.
In some embodiments, the processor is further configured to: and if the first character string is inconsistent with the second character string, intercepting the public key feedback information, and displaying prompt information of data security check failure on the client.
In some embodiments, the processor is further configured to: generating matching information according to the encrypted data and the corresponding encrypted password; and encrypting the matching information to obtain the encrypted matching information, and sending the encrypted matching information to the server.
The embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, where the computer program includes program instructions, and the program instructions, when executed, implement any one of the methods for processing embedded data provided in the embodiments of the present application.
The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The invention relates to a novel application mode of computer technologies such as storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like of a block chain language model. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for processing buried point data is applied to a client, and comprises the following steps:
acquiring user data, and monitoring the user data through a preset embedded point code to obtain embedded point data;
acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters, and encrypting the source character string to obtain a first character string;
generating a public key generation instruction according to the first character string, and sending the public key generation instruction to a server so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information;
public key feedback information fed back by the server side is obtained, and the public key feedback information comprises the public key and a second character string;
if the first character string is consistent with the second character string, a password is randomly generated based on a second encryption algorithm, and the buried point data is encrypted through the password to obtain encrypted data;
and encrypting the password through the public key to obtain an encrypted password, and sending the encrypted data and the encrypted password to the server so that the server decrypts based on the encrypted data and the encrypted password to obtain and store the data of the buried point.
2. The method of claim 1, wherein the monitoring the user data through a preset burial point code to obtain the burial point data comprises:
intercepting the log record annotation through AOP and marking the log record annotation in the user data to obtain buried point data, wherein the log record annotation is log annotation added to a preset buried point code in a user-defined annotation mode.
3. The method of claim 2, wherein prior to obtaining user data, the method further comprises:
compiling the log record annotation according to the demand information, and generating a preset buried point code based on an AspectJ compiling mode;
defining an entry point matching rule according to the position of a buried point as required, and adding a log record annotation in the preset buried point code based on the entry point matching rule.
4. The method of claim 1, wherein after obtaining the buried point data, the method further comprises:
detecting the network signal intensity of a client, and determining whether the network signal intensity of the client is higher than a preset signal intensity threshold value;
if the network signal intensity of the client is higher than a preset signal intensity threshold value, performing data compression processing on the buried point data to obtain a data compression packet corresponding to the buried point data;
if the network signal intensity of the client is not higher than a preset signal intensity threshold value, caching the data of the embedded point, unpacking the data after caching to obtain a plurality of data packets, and performing data compression processing on the plurality of data packets to obtain a plurality of data compression packets corresponding to the data of the embedded point.
5. The method of claim 1, wherein encrypting the source string to obtain a first string comprises:
turning over the source character string to obtain a turned-over character string;
based on a hash function, converting the turned character string to obtain a converted character string;
and encrypting the converted character string based on an MD5 encryption algorithm to obtain a first character string.
6. The method of claim 1, wherein after obtaining the public key feedback information sent by the server, the method comprises:
and if the first character string is inconsistent with the second character string, intercepting the public key feedback information, and displaying prompt information of data security check failure on the client.
7. The method of claim 1, wherein before sending the encrypted data and the encrypted password to the server, the method further comprises:
generating matching information according to the encrypted data and the corresponding encrypted password;
and encrypting the matching information to obtain the encrypted matching information, and sending the encrypted matching information to the server.
8. An apparatus for processing buried point data, comprising:
the embedded point data acquisition module is used for acquiring user data and monitoring the user data through a preset embedded point code to obtain embedded point data;
the device comprises a character string generating module, a first character string generating module and a second character string generating module, wherein the character string generating module is used for acquiring network transmission protocol parameters, generating a source character string according to the network transmission protocol parameters and encrypting the source character string to obtain a first character string;
the public key generating module is used for generating a public key generating instruction according to the first character string and sending the public key generating instruction to the server so that the server generates a public key and a corresponding private key based on a first encryption algorithm and generates public key feedback information;
the public key obtaining module is used for obtaining public key feedback information fed back by the server, and the public key feedback information comprises the public key and a second character string;
the data encryption module is used for randomly generating a password based on a second encryption algorithm if the first character string is consistent with the second character string, and encrypting the buried point data through the password to obtain encrypted data;
and the data transmission module is used for encrypting the password through the public key to obtain an encrypted password and sending the encrypted data and the encrypted password to the server so that the server decrypts the encrypted data and the encrypted password to obtain and store the buried point data.
9. A computer device, wherein the computer device comprises a memory and a processor;
the memory for storing a computer program;
the processor is used for executing the computer program and realizing the following when the computer program is executed:
the buried point data processing method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, causes the processor to implement the processing method of buried point data according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110969095.8A CN113672957A (en) | 2021-08-23 | 2021-08-23 | Method, device and equipment for processing buried point data and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110969095.8A CN113672957A (en) | 2021-08-23 | 2021-08-23 | Method, device and equipment for processing buried point data and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113672957A true CN113672957A (en) | 2021-11-19 |
Family
ID=78545284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110969095.8A Pending CN113672957A (en) | 2021-08-23 | 2021-08-23 | Method, device and equipment for processing buried point data and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113672957A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114205292A (en) * | 2021-12-10 | 2022-03-18 | 百度在线网络技术(北京)有限公司 | Router dialing configuration method and device, router, management end and storage medium |
| CN117349550A (en) * | 2023-10-10 | 2024-01-05 | 上海数禾信息科技有限公司 | Buried data acquisition method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060264202A1 (en) * | 2003-07-11 | 2006-11-23 | Joachim Hagmeier | System and method for authenticating clients in a client-server environment |
| KR20180029331A (en) * | 2016-09-12 | 2018-03-21 | 주식회사 메디인사이드 | A method for generating an encryted data stream and an apparatus therefor |
| CN109474619A (en) * | 2018-12-17 | 2019-03-15 | 中国平安财产保险股份有限公司 | Data encryption report method and device, data decryption method and device |
| CN111565107A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
| CN112637069A (en) * | 2020-12-18 | 2021-04-09 | 支付宝(杭州)信息技术有限公司 | Data message transmission method and device |
-
2021
- 2021-08-23 CN CN202110969095.8A patent/CN113672957A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060264202A1 (en) * | 2003-07-11 | 2006-11-23 | Joachim Hagmeier | System and method for authenticating clients in a client-server environment |
| KR20180029331A (en) * | 2016-09-12 | 2018-03-21 | 주식회사 메디인사이드 | A method for generating an encryted data stream and an apparatus therefor |
| CN109474619A (en) * | 2018-12-17 | 2019-03-15 | 中国平安财产保险股份有限公司 | Data encryption report method and device, data decryption method and device |
| CN111565107A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Key processing method and device based on cloud service platform and computer equipment |
| CN112637069A (en) * | 2020-12-18 | 2021-04-09 | 支付宝(杭州)信息技术有限公司 | Data message transmission method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114205292A (en) * | 2021-12-10 | 2022-03-18 | 百度在线网络技术(北京)有限公司 | Router dialing configuration method and device, router, management end and storage medium |
| CN117349550A (en) * | 2023-10-10 | 2024-01-05 | 上海数禾信息科技有限公司 | Buried data acquisition method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11055419B2 (en) | Decentralized data authentication system for creation of integrated lifetime health records | |
| US11171790B2 (en) | Systems and methods for trusted path secure communication | |
| Fereidooni et al. | Fitness trackers: fit for health but unfit for security and privacy | |
| Kiah et al. | An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1 | |
| CN111881481B (en) | Medical data processing method, device, equipment and storage medium based on blockchain | |
| CN102624699A (en) | Method and system for protecting data | |
| CN110209894B (en) | Case query method and system based on block chain technology | |
| JPWO2018229867A1 (en) | Personal information protection system | |
| CN113672957A (en) | Method, device and equipment for processing buried point data and storage medium | |
| CN112202779B (en) | Block chain based information encryption method, device, equipment and medium | |
| CN112422587A (en) | Identity verification method and device, computer equipment and storage medium | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN113901520A (en) | Data processing method, device, equipment and medium based on block chain | |
| CN112927775A (en) | Diagnosis and treatment information processing method and device based on block chain | |
| CN115549906B (en) | Privacy calculation method, system, device and medium based on block chain | |
| CN111130751A (en) | Appointment information processing method, device and system based on block chain and electronic equipment | |
| CN114978649B (en) | Information security protection method, device, equipment and medium based on big data | |
| CN114189515A (en) | Server cluster log obtaining method and device based on SGX | |
| CN113130031A (en) | PKI-based intercourse electronic medical record interaction system, method, equipment and storage medium | |
| CN111343170A (en) | Electronic signing method and system | |
| Somasundaram et al. | Review on communication security issues in IoT medical devices | |
| CN116996331B (en) | Block chain-based data processing method, device, equipment and medium | |
| Seyler et al. | SEMAFORE: Secure Mobile Field Diagnostics for Cyber-Physical Systems | |
| Mishra et al. | PDV: Permissioned Blockchain based Personal Data Vault using Predictive Prefetching | |
| CN114978521B (en) | Trusted attendance checking method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220922 Address after: Room 2601 (Unit 07), Qianhai Free Trade Building, No. 3048, Xinghai Avenue, Nanshan Street, Qianhai Shenzhen-Hong Kong Cooperation Zone, Shenzhen, Guangdong 518000 Applicant after: Shenzhen Ping An Smart Healthcare Technology Co.,Ltd. Address before: 1-34 / F, Qianhai free trade building, 3048 Xinghai Avenue, Mawan, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong 518000 Applicant before: Ping An International Smart City Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right |