CN113923036A - Block chain information management method and device of continuous immune safety system - Google Patents
Block chain information management method and device of continuous immune safety system Download PDFInfo
- Publication number
- CN113923036A CN113923036A CN202111212806.3A CN202111212806A CN113923036A CN 113923036 A CN113923036 A CN 113923036A CN 202111212806 A CN202111212806 A CN 202111212806A CN 113923036 A CN113923036 A CN 113923036A
- Authority
- CN
- China
- Prior art keywords
- node
- data
- sub
- user
- branch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 73
- 238000012544 monitoring process Methods 0.000 claims abstract description 72
- 230000002159 abnormal effect Effects 0.000 claims abstract description 45
- 230000007246 mechanism Effects 0.000 claims abstract description 39
- 238000004891 communication Methods 0.000 claims abstract description 5
- 238000000034 method Methods 0.000 claims description 56
- 238000004458 analytical method Methods 0.000 claims description 36
- 230000008569 process Effects 0.000 claims description 30
- 238000013475 authorization Methods 0.000 claims description 16
- 230000008520 organization Effects 0.000 claims description 16
- 230000004044 response Effects 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 4
- 230000036039 immunity Effects 0.000 claims description 3
- 230000003542 behavioural effect Effects 0.000 claims 3
- 230000002045 lasting effect Effects 0.000 claims 1
- 238000002360 preparation method Methods 0.000 claims 1
- 206010000117 Abnormal behaviour Diseases 0.000 abstract description 37
- 230000006399 behavior Effects 0.000 description 88
- 238000001514 detection method Methods 0.000 description 41
- 230000036541 health Effects 0.000 description 37
- 238000004140 cleaning Methods 0.000 description 13
- 238000012545 processing Methods 0.000 description 13
- 230000003321 amplification Effects 0.000 description 9
- 238000003860 storage Methods 0.000 description 9
- 239000012634 fragment Substances 0.000 description 8
- 238000003199 nucleic acid amplification method Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 7
- 230000005856 abnormality Effects 0.000 description 6
- 108020004707 nucleic acids Proteins 0.000 description 6
- 150000007523 nucleic acids Chemical class 0.000 description 6
- 102000039446 nucleic acids Human genes 0.000 description 6
- 238000012797 qualification Methods 0.000 description 6
- 108020004414 DNA Proteins 0.000 description 5
- 241000700605 Viruses Species 0.000 description 5
- 238000003745 diagnosis Methods 0.000 description 5
- 238000000137 annealing Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012952 Resampling Methods 0.000 description 3
- 230000004888 barrier function Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000005764 inhibitory process Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 238000010801 machine learning Methods 0.000 description 3
- 230000026676 system process Effects 0.000 description 3
- 206010020751 Hypersensitivity Diseases 0.000 description 2
- 238000012408 PCR amplification Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 208000026935 allergic disease Diseases 0.000 description 2
- 230000007815 allergy Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000013439 planning Methods 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000000246 remedial effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 206010010071 Coma Diseases 0.000 description 1
- 241000282414 Homo sapiens Species 0.000 description 1
- 206010035664 Pneumonia Diseases 0.000 description 1
- 108020005202 Viral DNA Proteins 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000010438 heat treatment Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000011541 reaction mixture Substances 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 230000035939 shock Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000005406 washing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention relates to a block chain information management method and device of a continuous immune safety system. The plurality of main nodes and the plurality of sub-nodes form an information management block chain. And the sub-nodes are authorized by the main node to enter the information management block chain. And storing the user information ciphertext on the information management block chain according to a time sequence. This block chain information management device includes: the branch node is used for detecting the behavior of a branch mechanism corresponding to the branch node, the branch node comprises an early warning unit, the early warning unit is used for continuously detecting the behavior data of the branch mechanism, when the behavior data of the branch mechanism is detected to be abnormal, the branch node sends a main monitoring application to the main node, and when the main node responds to the main monitoring application, the branch node and the main node are in data communication so as to confirm that the main node monitors the corresponding abnormal behavior data.
Description
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a method and an apparatus for managing blockchain information of a continuous immune security system.
Background
In recent years, with the rapid development of technologies such as internet +', big data and the like, the efficiency of a patient in hospitalizing in medical institutions is greatly improved, and each medical institution also establishes an internal data system to store information such as health information, diagnosis and treatment records and the like of the patient so as to conveniently provide follow-up services for the patient. However, information barriers exist among the medical institutions, data systems among the medical institutions are closed, the medical institutions are still in an information isolated island, and electronic medical records, health files, diagnosis and treatment records and the like of patients cannot be interconnected and communicated. This seriously hinders the patient from seeking medical advice, transferring a doctor, etc. between different medical institutions, and when the patient transfers from one medical institution to another medical institution, the patient often needs to rebuild the health record and repeat some examinations. In addition, in an emergency, such as a patient coma or shock, it is difficult for a doctor in a new medical institution to quickly and comprehensively acquire important information such as a patient's past physical condition, medical history, and medical allergy history, and to quickly and accurately rescue the patient. Meanwhile, health information, diagnosis and treatment records and the like of patients stored in each medical institution belong to part of individual privacy of the patients, and if the health information, the diagnosis and treatment records and the like are carelessly revealed or illegally traded, certain influence and trouble are caused on the patients. In addition, in order to store the data and prevent the data from being damaged or lost, one or more information storage systems, backup systems or disaster recovery systems need to be provided for each medical institution, which undoubtedly increases the operation cost of each medical institution. Therefore, a new information management method and apparatus based on the blockchain technique are needed.
For example, chinese patent publication No. CN111681723A discloses a health information management method, apparatus, and medium based on a block chain. The method comprises the steps that a medical institution node obtains user side authorization, obtains a user private key according to the user side authorization, obtains a user health information ciphertext from a health information management block chain, and decrypts the user health information ciphertext by using the user private key; the medical institution node acquires the first data, encrypts the first data by using a user private key according to user authorization to form a continuous user health information ciphertext, and respectively uploads the continuous user health information ciphertext to a user cipher library and a health information management block chain of the health management node for sequentially connecting the user health information ciphertext according to time. A user health information time chain system is established by setting a health management node, a medical institution node and the like, authenticity and traceability of user health information are ensured, information barriers among medical institutions are broken, and the user health information is acquired completely, quickly and accurately. However, the invention still has the following technical defects: when the health management node in the invention can not carry out fine monitoring, management and early warning on the medical institution node, for example, once the health management node monitors and discovers that the medical institution node has illegal behaviors, only a rough management mode such as recovering the authorization of the medical institution node is provided, and the rough information management mode can cause the whole information management efficiency to be underground or can not completely enable each medical institution node to exert the due efficiency thereof under certain special conditions, for example, when the new crown epidemic situation is particularly serious, if only one part or a few persons of a certain medical institution node carry out abnormal operation, the whole sub-node is directly closed, on one hand, medical resources are seriously wasted, on the other hand, the real cause of abnormal persons or abnormal activities in the sub-node is not easily checked, so that the information supervisor is not easily replied to the flow of the whole abnormal operation to find out real supervision loopholes and the like, to further enact remedial or remedial action to avoid a similar event from occurring again at a later time. Therefore, improvement is necessary to overcome the disadvantages of the prior art.
Furthermore, on the one hand, due to the differences in understanding to the person skilled in the art; on the other hand, since the inventor has studied a lot of documents and patents when making the present invention, but the space is not limited to the details and contents listed in the above, however, the present invention is by no means free of the features of the prior art, but the present invention has been provided with all the features of the prior art, and the applicant reserves the right to increase the related prior art in the background.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a block chain information management device of a continuous immune safety system, wherein a plurality of main nodes and a plurality of subnodes form an information management block chain, the subnodes are authorized by the main nodes to enter the information management block chain, and user information ciphertexts on the information management block chain are stored according to the time sequence. This block chain information management device includes: the system comprises a main node and a sub-node which are in data connection with each other, wherein the sub-node is used for detecting the behavior of a branch mechanism corresponding to the sub-node, and the sub-node comprises an early warning unit.
The early warning unit is used for continuously detecting the behavior data of the branch mechanism, when the behavior data of the branch mechanism is detected to be abnormal, the branch node sends a main monitoring application to the main node, and when the main node responds to the main monitoring application, the branch node and the main node carry out data communication so as to confirm that the main node monitors the corresponding abnormal behavior data. By the configuration mode, when abnormal conditions occur in the behavior data or the program of the branch node, for example, when the temperature of the deformation-extension-annealing stage in the program exceeds the preset range of the system; or when the final preservation temperature of the program is set to be 4 ℃, the subnodes send main monitoring requests to a main node, namely the health committee, and the main node is requested to perform key monitoring on the behaviors, so that the health committee can quickly acquire the abnormal behavior conditions, classify, stop and record the abnormal behaviors, and perform a series of refined management modes which are formulated according to the severity of different situations, and timely supervise and urge the subnodes to perform resampling and program correction, and cancel the detection qualification of the subnodes if necessary, so that real-time dynamic comprehensive monitoring is performed on each detection mechanism, the standardization of the detection process and the accuracy of the detection result are ensured, and the detection structure is prevented from being maliciously tampered or programmed errors.
According to a preferred embodiment, the main node can monitor the behavior of the branch organization and analyze the acquired monitoring data, and perform threat grading early warning according to the monitoring data, and send the grading early warning to the branch node sending the main monitoring application, and the branch node performs different degrees and modes of inhibition or intervention on the behavior of the branch organization in response to the received grading early warning.
According to a preferred embodiment, the subnodes further comprise data cleaning units, different types of data cleaning units are arranged on different subnodes, and the data cleaning units can give different weight values to different data characteristics of the monitoring data distributed to the data cleaning units according to a preset data cleaning model, and clean low-value data characteristics with low weight so as to remove garbage data.
According to a preferred embodiment, when the master node receives a first master monitoring application sent by a first branch node and a second master monitoring application sent by a second branch node at the same time, the master node calls processor occupation data of the first branch node and processor occupation data of the second branch node respectively, and responds to the master monitoring application of the branch node with large processor occupation.
According to a preferred embodiment, further comprising:
the trusted protection module is configured to automatically generate a white list which accords with an operation specification at least by combining with the operation and maintenance strategy of the sub-node so as to establish a legal access strategy and an operation behavior strategy for the sub-node;
the block chain anti-tampering module is configured to at least obtain the white list so as to prevent the white list from being tampered illegally;
the active countermeasure module can be at least used for monitoring and analyzing the processes or programs in the white list, wherein under the condition that the active countermeasure module can acquire the security situation of the sub-node, the trusted protection module can continuously update the white list based on the security situation monitored by the active countermeasure module;
the active countermeasure module can rapidly adjust the logical topology structure of the sub-nodes based on the monitored security situation and process the monitored abnormal activities to realize self-organizing countermeasure to unknown threats, thereby generating continuous immunity to the unknown threats.
According to a preferred embodiment, the trusted guard module comprises at least a user entity behavior analysis unit. The user entity behavior analysis unit is configured to at least monitor and analyze the processes or programs running on the white list by the sub-nodes, so as to monitor whether the processes or programs running on the white list by the sub-nodes are abnormal or not, and send the monitored security situation of the sub-nodes to the active countermeasure module.
According to a preferred embodiment, a plurality of main nodes and a plurality of sub-nodes form an information management block chain, the sub-nodes are authorized by the main nodes to enter the information management block chain, and user information ciphertexts on the information management block chain are stored in a time sequence, the method comprises the following steps:
the sub-node acquires user side authorization, acquires the user information ciphertext from the information management block chain according to the user side authorization, and decrypts the user information ciphertext;
and the sub-node acquires first data, encrypts the first data according to the user side authorization to form a continuous user information ciphertext, and uploads the continuous user information ciphertext to a user ciphertext library of the main node and the information management block chain respectively so as to be used for continuously connecting the user information ciphertext according to a time sequence.
According to a preferred embodiment, the method further comprises:
acquiring user registration information, and creating a user secret library by the main node according to the user registration information;
and acquiring second data, encrypting the second data by the master node to form an initial user information ciphertext, storing the initial user information ciphertext into the user information library and uploading the initial user information ciphertext to the information management block chain, and starting the user information ciphertext according to a time sequence.
According to a preferred embodiment, the method further comprises:
the sub-node discloses the continuous user information cipher text on the information management block chain;
at least a portion of the master node records the continuation user information ciphertext,
if the number of the main nodes recording the continuing user information ciphertext is larger than a preset threshold value, the continuing user information ciphertext is effective information;
and the at least part of the main nodes respectively store the continuous user information ciphertext into the user ciphertext library thereof.
According to a preferred embodiment, the method further comprises:
the sub-node splits the continuous user information ciphertext and respectively discloses each split part on the information management block chain;
at least one part of the main node records one part and/or a plurality of parts of the continuous user information ciphertext;
if the number of the main nodes recording one part and/or a plurality of parts of the continuous user information ciphertext is larger than a preset threshold value, one part and/or a plurality of parts of the continuous user information ciphertext are/is effective information;
and the at least part of the master node respectively stores one part and/or a plurality of parts of the subsequent user information ciphertext into a user ciphertext library thereof.
According to a preferred embodiment, the method further comprises:
and the sub-node collects one part and/or a plurality of parts of the subsequent user health information ciphertext stored in the main node user secret library according to the user side authorization to recover the subsequent user health information ciphertext.
Drawings
FIG. 1 is a simplified schematic diagram of a preferred embodiment of the present invention;
FIG. 2 is a simplified schematic diagram of a preferred embodiment of a sub-node of the present invention;
fig. 3 is a simplified schematic diagram of a preferred embodiment of the active countermeasure module of the present invention.
List of reference numerals
1: a master node; 2: dividing nodes; 3: a trusted protection module;
4: a block chain tamper-resistant module; 5: an active countermeasure module; 201: an early warning unit;
202: a data cleaning unit; 301: and a user entity behavior analysis unit.
Detailed Description
The following detailed description is made with reference to the accompanying drawings.
During the new coronary epidemic situation, PCR amplification is carried out on the collected sample to judge whether the sample contains virus DNA or not, and then whether the patient is infected with the new coronary pneumonia virus or not is judged. The PCR amplification mainly uses a PCR instrument which amplifies a constructed amplification system through a standard temperature raising and reducing program preset in the PCR instrument. Wherein, the internal preset standard temperature rise and fall process is set according to the standard amplification program of DNA. For example, the standard procedure is as follows: firstly, heating to 94-96 ℃, and preheating for tens of seconds to minutes to fully denature template DNA; then enters the amplification cycle. In each cycle, the template is denatured by holding at 94 ℃ for 30 seconds, and then the temperature is lowered to the annealing temperature (generally between 50 ℃ and 60 ℃ and calculated based on the Tm value of the primer) for 30 seconds to sufficiently anneal the primer to the template; the reaction mixture was kept at 72 ℃ for 1 minute (1 kb fragment amplified), and the primers were extended on the template to synthesize DNA, completing one cycle. This cycle is repeated 25 to 35 times to accumulate a large amount of amplified DNA fragments. Finally, keeping the temperature at 72 ℃ for 3-7min to ensure that the product is completely extended and stored at 4 ℃. When the fragments to be amplified and the primers are determined, the amplification procedure can be deterministic, within a certain range, and when the procedure is out of this range, errors may occur in the amplification process, causing the amplification of bands of a different size than the target fragment. For example, shortening the annealing time may result in incomplete amplification of the fragment, which shortens the length of the amplified target fragment, and further results in no detection of a fragment having the same length as the viral DNA fragment, which may cause erroneous determination, and may cause a problem of determining a positive sample as negative. Therefore, in the actual amplification process, the amplification process of the PCR and some abnormal behaviors in the detection need to be monitored in real time at any time to ensure the accuracy of the detection result, and prevent the behaviors such as malicious program tampering, epidemic prevention and the like from causing huge social hazards.
The invention provides a block chain information management device of a continuous immune safety system, a plurality of main nodes 1 and a plurality of sub-nodes 2 form an information management block chain,
the sub-node 2 is authorized by the main node 1 to enter the information management block chain, user information ciphertexts on the information management block chain are stored according to the time sequence,
the method comprises the following steps: a main node 1 and several sub-nodes 2. A plurality of sub-nodes 2 are in data connection with the main node 1. Preferably, the master node 1 has access to a higher security level data network. The sub-node 2 may preferably have access to a private data network different from the main node 1. Preferably, the two data networks are located behind different firewalls from each other, having network architectures that are different from each other.
The subnode 2 is used for monitoring the behavior of the branch office corresponding to the subnode 2. The monitoring content of the invention can at least comprise behavior time of a branch, a monitored system, a monitored module, a monitored page, a service tag and the like. The prior art monitoring is generally limited to the status of the equipment or the affiliate itself, and there is no monitoring management of the traffic tag. The sub-node 2 includes an early warning unit 201. The early warning unit 201 is configured to continuously detect the behavior data of the branch office, and when it is detected that the behavior data of the branch office is threatened (especially under the condition that some special service tags are involved), the branch node 2 automatically confirms to send the main monitoring application to the main node 1 in a manner that the branch office is not required to be prompted.
Preferably, one host node 1 may be in data connection with one or more different host nodes 1. Preferably, a master node 1 is in data connection with at least one slave node 2. Preferably, one master node 1 corresponds to one authority one to one. For example, the regulatory agency may be a health care committee, or the like. Preferably, the authority is able to manage and monitor the sub-node 2 via the master node 1. Preferably, one division node 2 corresponds to one branch office one to one. Preferably, the branch office may be a detection institution having nucleic acid detection qualification, a regional monitoring system of the detection institution, or the like. Preferably, one of the sub-nodes 2 is capable of monitoring the branch office corresponding thereto. Preferably, the branch office is able to transmit data information about the branch office itself to the child node 2. Preferably, the sub-node 2 is able to automatically collect information about the branch office. Preferably, the user information may be user health information or the like.
Preferably, the method for the early warning unit 201 of the sub-node 2 to determine whether the behavior has a threat abnormality may be, for example, inputting the obtained behavior feature data of the branch organization into a pre-trained and learned model thereof for calculation. The master node 1 determines whether to respond to the master monitoring application according to the self condition and the received master monitoring application condition. When the main node 1 responds to the main monitoring application, the sub-node 2 and the main node 1 carry out data communication, the sub-node 2 transmits the detected data to the main node 1, and the main node 1 continues to monitor corresponding abnormal behaviors.
Firstly, the subnode 2 monitors the behavior of the branches of different partitioned areas, and normal data are stored in the local database of the subnode 2. When the branch node 2 detects abnormal data, the abnormal data can be sent to the main node 1 for key monitoring, so that the branch node 2 can transmit important data information to the main node 1, and the main node 1 can monitor and process the branch node 2 corresponding to or connected with the main node 1 and the behavior information of the branch mechanism corresponding to the branch node 2 under the condition of low configuration through overall planning and management of the branch node 2, thereby being convenient for centralized management. For example, the master node 1 may be implemented as a system of the health commission or other monitoring authority having monitoring authority and qualification. The subnodes 2 may be regional monitoring systems or the like each having a detection mechanism that qualifies for nucleic acid detection. The subnode 2 and the main node 1 are in signal connection in a wired or wireless manner, and the subnode 2 detects various parameters of a local PCR detection process, where the parameters may be, for example: PCR program, temperature raising and lowering performance of the PCR instrument, service life of the PCR instrument and the like. Each system with a detection mechanism for detecting nucleic acid qualification can monitor each PCR instrument of the subnode 2 and store normal monitoring data into the memory of the subnode 2. The monitoring method can be, for example, that the system can call the running program of the PCR instrument in real time, and can be a program that is obtained by means of image monitoring or learning that the program of the PCR instrument is running by means of network data calling. When an abnormal condition occurs in the program, for example, when the temperature of the deformation-extension-annealing stage in the program exceeds the preset range of the system; or when the final preservation temperature of the program is set to be 4 ℃, sending a main monitoring request to the main node 1, namely the Weijian committee, and requesting the main node 1 to perform key monitoring on the behavior. Therefore, the health committee can quickly acquire the abnormal behavior condition, classify, stop and record the abnormal behavior, supervise and urge the sub-node 2 to resample and program correct in time, and cancel the detection qualification of the sub-node 2 if necessary, so as to implement real-time dynamic comprehensive monitoring on each detection mechanism, ensure the standard of the detection process and the accuracy of the detection result, and avoid the detection structure from being maliciously tampered or programmed errors.
Preferably, the master node 1 collects information such as the behavior type, the behavior time and the behavior frequency of the branch mechanism with the abnormal behavior, and the monitored page, and performs binding marking to obtain tagged behavior data. Preferably, the sub-node 2 stores the number of times of the abnormal behavior of the branch office and the tag in the local database, and transmits the type of the abnormal behavior of the branch office and the data of the number of times of the abnormal behavior of the branch office to the main node 1 together in case that the branch office generates the abnormal behavior again. The main node 1 establishes a type label for the branch mechanism according to the data of the abnormal behavior of the branch mechanism, and establishes a frequency label according to the behavior frequency of the branch mechanism. The mode of establishing the type label by the main node 1 can increase the participation degree of the main node 1, avoid the situation that some sub-nodes 2 bypass the main node 1 or the main node 1 neglects the abnormal situation accidentally, and ensure that the main node 1 masters each abnormal situation; and the same standard can be used for the sub-nodes 2 in the whole system, so that different division standards among the sub-nodes 2 are avoided, and the fairness of the monitoring system is ensured. The method for establishing the type tag may be, for example: writing one or more data or information associated with the label into the label to establish a label system, which also comprises a service label system; for example, the data that the PCR amplification program is changed or the abnormal data that the time of keeping 4 ℃ after the PCR amplification program is finished is infinite can be written into the program abnormal label; writing the actual temperature of the over-limit or temperature rise and reduction of the PCR instrument into an abnormal label of the PCR instrument when the actual temperature is not matched with the program; and writing the data which is not read by the PCR monitoring data or losing the data network connection of the PCR instrument into the label with abnormal data transmission. Classifying various abnormal conditions and establishing a perfect label system, and performing structured analysis on data by using the identification data characteristics of the label system so as to standardize the processing rules, so that the data cleaning unit 202 of the subsequent node 2 can perform data cleaning in a classified manner. And comparing the data characteristics of the label system according to the data information to confirm the existing data type label. And packaging and sending the abnormal behavior data of the branch organization to the branch node 2 for storing the label data. Preferably, the master node 1 sends the tag of the abnormal behavior data of the branch office this time to the sub-node 2 which detects the abnormal behavior data for storage. The abnormal information of the branch mechanism is uniformly stored through the label, so that data can be conveniently packaged and classified, and the next calling is facilitated. According to a preferred embodiment, the master node 1 performs tagging analysis on the current abnormal behavior data of the branch organization, and calls the historical abnormal behavior data of the branch organization in the corresponding repository according to the historical abnormal behavior tag of the branch organization corresponding to the branch node 2, which is sent by the branch node 2. And carrying out threat grading early warning on the abnormal behavior data of the branch organization by combining the current abnormal behavior data and the historical abnormal behavior data. The early warning classification may be, for example, low risk, medium risk, high risk, etc. The grading early warning method can be, for example, establishing a grading early warning identification table. The contents of the grading early warning identification table comprise abnormal behavior type labels and frequency labels, different types of labels correspond to different scores, and the different frequency labels are increased according to the frequency and are respectively increased according to the percentage of the scores of the type labels. For example, the value of the instrument exception tag may be forty-ten, and the number of times the instrument exception tag is marked may be 30% of the score of the instrument exception tag, with the number of times added to the tag value. When the instrument abnormality occurs once in a branch mechanism, the score of the grading early warning is fifty-two, and when the instrument abnormality occurs twice in the branch mechanism, the score of the grading early warning is sixty-four. For another example, the numerical value of the program exception may be sixty minutes, the number of program exceptions label may be 40% of the score of the program exception label, the score of the hierarchical warning may be eighty-four minutes when the branch program is one exception, and the score of the hierarchical warning may be one hundred and eight minutes when the branch program is two exceptions. And the main node 1 performs grading judgment on the corresponding abnormal behavior data according to the score corresponding to the grading early warning. For example, the risk may be low below sixty minutes, medium risk greater than or equal to sixty minutes and less than eighty minutes, and high risk greater than or equal to eighty minutes. Preferably, the added score of the grading pre-warning can also comprise the number of caused results or detections, the error duration and the like. For example, giving different scores to the program for a final hold at 4 ℃ for 15min and to the behavior at 4 ℃ for 1h makes it possible to finally aggravate the penalty for the behavior with longer hold times. Through the setting mode, different score calculations can be carried out on the same abnormal behaviors of different branches in combination with the refined abnormal degree, so that the branches carrying out abnormal behaviors are punished hierarchically, and the system is more accurate and humanized.
According to a preferred embodiment, the main node 1 simply records and stores the abnormal behavior and the grading early warning condition of the sub-node 2 in its own storage device and cannot communicate such data with the sub-node 2. Such an arrangement enables the quality of detection of a plurality of sub-nodes 2 to be preserved and evaluated, providing a data reference for the next similar task assignment, so as to encourage an improvement in the quality of detection of the sub-nodes 2.
According to a preferred embodiment, the master node 1 feeds back the hierarchical warning to the sub-node 2 that sent the master monitoring application, and the sub-node 2 performs different degrees and ways of deterrence or intervention on the behavior of the branch in response to the received hierarchical warning. For example, when the abnormal behavior of the branch office is judged to be low risk, the branch office is subjected to behavior limitation, such as limiting the number of detections and forced correction. When the abnormal behavior of the branch mechanism is judged to be in danger, the behavior of the branch mechanism is controlled by active termination detection or forced correction. And when the abnormal behavior of the branch organization is judged to be high risk, punishment such as cancellation of detection qualification and the like is carried out on the branch organization. Preferably, the subnode 2 performs different degrees of inhibition or interference on the current behavior of the branch organization in the same early warning level according to the abnormal behavior tag and the time information of the branch organization stored in the database of the subnode 2. For example, when the behavior of the branch is judged to be low risk and appears for the first time in the database, the branch is forcibly corrected, and the detection is stopped when the forcible correction affects the result; limiting the number of tests performed on a branch when its behavior is judged to be low risk and multiple occurrences in the database. Through such mode of setting up, can play reasonable degree's warning and punishment effect to the branch mechanism of different unusual behaviors to standardize the action of branch mechanism step by step.
According to a preferred embodiment, the master node 1 comprises a high risk list. When the main node 1 detects abnormal data, the sample information which is being amplified is called and added into the sub-node 2 label and stored in the high risk list. The master node 1 supervises resampling of samples that are present in the high risk list. Prompting to another sub-node 2 for resampling in a way of short message or mailbox, for example; or prompting to re-sample by means of short message or mailbox and the like and redistributing the collected sample to another sub-node 2 for detection; or performing other detection and confirmation methods on the sample. The main node 1 establishes a frequency label for the sample information in the high risk list, and carries out risk early warning for the samples appearing in the high risk list for many times. The method has the advantages that offline control is adopted for personnel with high risk early warning scores, travel is limited, household isolation is carried out, penalty such as self-fee nucleic acid detection is carried out every three days, so that the behavior and personnel intending to modify the nucleic acid detection result through a modification program are ensured to be monitored and punished, the accuracy of the nucleic acid detection result is ensured, and the condition that the virus is accidentally diffused due to false misjudgment caused by programmed errors is avoided.
According to a preferred embodiment, the subnode 2 recognizes the behavior data of the same detection laboratory, the same detection institution and the detection institution of the same area as the behavior of the same branch institution. When the sub-node 2 detects the behavior of the abnormal branch mechanism and transmits the communication to the main node 1, the sub-node 2 searches other abnormal behavior information of the same branch mechanism in a database thereof according to the same detection laboratory, the same detection mechanism and the detection mechanism in the same area, and sends the information to the main node 1 for the main node 1 to analyze. Through the arrangement mode, mutual monitoring and urging of the sub-nodes 2 in the same area can be enhanced.
Preferably, the sub-node 2 further comprises a data cleansing unit 202. Each different sub-node 2 is used to store data for different types of branches. Preferably, each different sub-node 2 is provided with a different type of data cleansing unit 202. The data cleaning unit 202 can determine the weight of different data information according to different labels of the data, clean abnormal behavior data distributed to the data cleaning unit according to a preset data cleaning model, screen out data with the weight lower than a threshold value, and pack and store the remaining data to remove garbage data and reduce data memory occupation. Preferably, the data cleansing unit 202 performs data preprocessing and data cleansing on the data. The data preprocessing comprises the steps of carrying out duplicate removal, denoising, abnormal value processing and missing value processing on the data text. Preferably, the data cleaning includes extracting data characteristic values, such as behavior types, behavior durations and early warning grading situations, from the preprocessed data, and giving different weights to different data characteristic values. Different data cleaning models are endowed with different weights for the same data characteristic value, and a plurality of low-value data characteristics with the lowest weight are respectively deleted, for example, 1-3 data characteristics with the lowest weight can be used. For example, a lower weighted data feature in the tag data for a bug may be instrument age, while a higher weighted data feature is program data. And the program data in the abnormal label data of the instrument is the data characteristic with low weight. Through categorised washing, can the record store important data, the length of time is long in the storage of extension important data, improves storage space's effective utilization.
Preferably, the sub-node 2 comprises an online database and an offline temporary buffer store. The online databases include a first online database and a second online database. And a data monitoring element is arranged on the database on the first line. The main node 1 sends the tagged packed data to the sub-node 2, and the sub-node 2 receives and stores the tagged packed data in the first online database. When the data monitoring module monitors that the data packet is stored in the first online database, the data monitoring element activates the downloading module to download the online data packet to the offline temporary buffer for data processing. Through the setting mode, the data can be processed off line, network resources do not need to be occupied in the processing process, and data processing errors cannot occur under some special conditions such as unstable network connection. And the sub-node 2 sends the processed data to a second on-line database for storage.
According to a preferred embodiment, when the master node 1 receives a first master monitoring application sent by the first subordinate node 2 and a second master monitoring application sent by the second subordinate node 2 at the same time, the master node 1 calls processor occupation data of the first subordinate node 2 and processor occupation data of the second subordinate node 2 respectively, and responds to the master monitoring application of the subordinate node 2 with large processor occupation. Through the processing mode, the main node 1 can firstly share the pressure of the processor occupying the large sub-node 2 when the tasks conflict, so as to firstly respond to the main monitoring application of the sub-node 2, firstly collect and analyze the abnormal behavior data information of the sub-node, and then correspondingly carry out the subsequent main monitoring application according to the time sequence after the label and the classification are finished.
According to a preferred embodiment, the sub-node 2 which is not responded within a certain time packs the collected abnormal data information, performs useless data screening, compares the abnormal data information with the own database, preliminarily confirms the data label when the data type matching with the own database is successful, and temporarily stores the data label in the own database. When the collected abnormal data information cannot be successfully matched with the data types in the own database, the subnode 2 sends the data information to the databases of the other subnodes 2 for comparison, and so on, and the current data label is preliminarily determined. When the main node 1 responds to the main monitoring application of the sub-node 2, the sub-node 2 sends the predicted data tags and the collected data to the main node 1, and the main node 1 confirms data information according to the existing data tags and carries out threat classification according to the data information. Through the setting mode, the sub-node 2 can share the work load for the main node 1 through other modes when the main node 1 has control conflict, so that the work efficiency of the main node 1 and the use flexibility of the system are improved.
Preferably, the master node 1 further comprises a load balancing module. And the load balancing module distributes the abnormal data information to the sub-nodes 2 of the non-corresponding labels for processing according to the mode of balanced distribution of each processor. Preferably, the load balancing module invokes a processor occupation situation of the idle sub-node 2 when receiving the abnormal data information, and transmits the data to the sub-node 2 with the lowest processor occupation in the idle sub-node 2 for data processing after the master node 1 judges the data tag. The sub-node 2 copies the preset call function to the sub-node 2 of the corresponding label according to the data label and writes the preset call function into the program of the sub-node 2, and the corresponding data packet is processed according to the program and then is sent to the second on-line database of the sub-node 2 of the corresponding data label for storage. Through the arrangement mode, under the condition that the processor of a certain subnode 2 occupies too high, tasks are shared to other idle or low-occupied processors for processing, so that the load of the system is balanced, and the data processing capacity and the pressure resistance of the system are enhanced.
According to a preferred embodiment, the master node 1 is arranged to perform random polling on the normal data of the split node 2 over a period of time. The main node 1 randomly extracts a specific branch node 2 according to a random function for round inspection, and the branch node 2 randomly extracts and stores normal behavior data of the branch mechanism according to the random function and sends the data to the main node 1. And the main node 1 gives a label and a grading early warning to the normal behavior data of the branch organization which is judged to be normal by the branch node 2. When the master node 1 cannot give a label to the data, the slave node 2 is judged to be correct. And writing the judgment result into a quality check table of the sub-node 2, performing key spot inspection on the sub-node 2 with more judgment error times according to the data of the quality check table, and eliminating the sub-node 2 with more judgment error times when the data needs to be distributed to the sub-node 2 with a non-corresponding label for processing. And copies the corresponding monitoring and judging programs from the rest of the subnodes 2 and writes the monitoring and judging programs into the current subnode 2 to replace the programs of the existing subnode 2. The setting mode can ensure the detection quality of the sub-node 2, supervise and randomly check the normal detection behavior of the sub-node 2, and avoid the sub-node 2 from missing check. Preferably, the programs of the subnodes 2 are distributed from the main node 1, and the main node 1 checks the programs of the subnodes 2 within a period of time to determine whether the monitoring programs and the data classification programs of the subnodes 2 are abnormal, so as to avoid malicious tampering of the monitoring programs by people. Therefore, the detection quality of the branch node 2 is ensured, and the main node 1 can accurately monitor and process the behavior of the branch mechanism in the region.
When the sub-node 2 detects abnormal user behavior data, the sub-node 2 sends a main monitoring application to the main node 1. The main node 1 responds to the main monitoring application of the sub-node 2 according to the self condition and the main monitoring application condition. The sub-node 2 sends the abnormal user behavior data to the main node 1. And the main node 1 gives a label to the user behavior data and carries out grading early warning. The main node 1 feeds the grading early warning information back to the sub-node 2, and the sub-node 2 performs intervention and inhibition of different degrees on corresponding user behaviors according to the grading early warning information. The main node 1 sends the user behavior data with the labels to the sub-nodes 2 storing the specific labels for centralized storage.
Preferably, when the master node 1 receives a first master monitoring application sent by the first subordinate node 2 and a second master monitoring application sent by the second subordinate node 2 at the same time, the master node 1 retrieves memory occupation information of the first subordinate node 2 and the second subordinate node 2, and preferentially responds to the master monitoring application of the subordinate node 2 with large memory occupation.
As shown in fig. 3, according to a preferred embodiment, the block chain information management apparatus further includes:
and the trusted protection module 3 is configured to automatically generate a white list in accordance with an operation specification at least in combination with the operation and maintenance policy of the sub-node 2, so as to establish a legal access policy and an operation behavior policy for the sub-node 2.
And the block chain anti-tampering module 4 is configured to at least obtain the white list so as to prevent the white list from being tampered illegally.
And the active countermeasure module 5 is at least used for monitoring and analyzing the processes or programs in the white list. In the case that the active countermeasure module 5 can acquire the security posture of the child node 2, the trusted defense module 3 can continuously update the white list based on the security posture monitored by the active countermeasure module 5.
The active countermeasure module 5 can rapidly adjust the logical topology of the sub-node 2 based on the monitored security situation and process the monitored abnormal activities to achieve self-organizing countermeasure against unknown threats, thereby generating continuous immunity against unknown threats.
Preferably, the proactive countermeasure module 5 is capable of monitoring the behavior or activity of the user to combat ROOT rights hackers. Preferably, the white list may include: a system process white list and a user behavior white list.
The active countermeasure module 5 automatically formulates an active countermeasure strategy for the perceived, prejudged threat. With container technology, first time response handling is achieved in the scanning and initialization phase before the intruder takes further measures of attack. According to the specific scene of the invasion, threat information is intelligently generated by using a big data analysis means, and support is provided for safety operation and maintenance personnel to make a timely decision and implement manual treatment. Since it is prior art that the security posture monitored by the proactive countermeasure module 5 generates a countermeasure matching the security requirement of the user, and the technology is easily available to those skilled in the art, the details of the technology will not be described here.
According to a preferred embodiment, the trusted guard module 3 comprises at least a user entity behavior analysis unit 301. The user entity behavior analysis unit 301 is configured to at least monitor and analyze a process or a program running on a white list by the child node 2, so as to monitor whether the process or the program running on the white list by the child node 2 is abnormal, and send the monitored security posture of the child node 2 to the active countermeasure module 5.
Since the white list can only specify which programs or processes can be run, there is no way for the programs to run in what way, at what time, by whom, etc., and there is no way for the programs to run, this problem can be solved well by setting the user entity behavior analysis unit 301. That is, the user entity behavior analysis unit 301 may monitor the programs or processes on the white list to obtain the running time, the operated person, and the like of the processes or users on the white list in real time.
The user entity behavior analysis unit 301 can send the abnormal behavior to the active countermeasure module 5 in a very short time after finding the problem, and the active countermeasure module 5 can automatically perform defense without the need for an administrator to catch up to the line or even go to a machine room for processing. Through the configuration mode, the user entity behavior analysis unit 301 can accurately know which programs can only be run by a certain machine or how to run the programs. Since the white list can only specify which programs or processes can be run, there is no way for the programs to run in what way, at what time, by whom, etc., and there is no way for the programs to run, this problem can be solved well by setting the user entity behavior analysis unit 301. That is, the user entity behavior analysis unit 301 may monitor the programs or processes on the white list to obtain the running time, the operated person, and the like of the processes or users on the white list in real time. In turn, since the trusted computing itself already helps the white-listing to reduce a lot of noise, the amount of samples or the pressure of analysis that the user entity behavior analysis unit 301 needs to analyze is reduced to a low level. Thus, it is possible to produce a very fast and very accurate analysis engine. As another example, if there is no white list, once a hacker gets the highest administrative rights, its follow-up actions are not known. Hackers can install various programs and also erase past behavior.
Preferably, the user entity behavior analysis unit 301 is capable of sending the monitored abnormal activity to the proactive countermeasure module 5. Preferably, the active countermeasure module 5 can autonomously perform countermeasures according to the abnormal activities sent by the user entity behavior analysis unit 301. For example, the user entity behavior analysis unit 301 can discover that a certain virus or program is automatically isolated because it is not on the white list. Meanwhile, when the user entity behavior analysis unit 301 detects abnormal scanning of a large number 445 of ports, the user entity behavior analysis unit 301 can send the detected abnormality to the active countermeasure module 5. The active countermeasure module 5 can automatically adjust the firewall rules to block the passage of further virus propagation.
The trusted guard module 3 may further comprise a white list generation unit. Preferably, the white list generating unit can automatically white list the credible and reliable programs and instantly discover and prevent the operation of unknown programs by means of a hardware credible chip.
Preferably, the blockchain tamper resistant module 4 is capable of placing the whitelist on the blockchain such that the whitelist cannot be tampered with by security threats. And if the security threat wants to tamper the white list, all the blockchain nodes are simultaneously broken to change, and the consensus speed of the blockchain is also passed. With this arrangement, the blockchain tamper-resistant module 4 stores audit information, white list information, and the like using a high-speed blockchain technique to prevent the behavior record from being tampered with.
Preferably, the user entity behavior analysis unit 301 can perform continuous analysis on the servers of the branch offices corresponding to the branch points in combination with machine learning technology. Preferably, the user entity behavior analysis unit 301 is capable of collecting sufficient data and appropriate analysis to discover abnormal behaviors such as lateral movement, data transmission, persistent reconnection, etc.
Preferably, the system process white list is a system process which can be trusted by the security protection system.
Preferably, the user behavior white list may be a behavior that the branch office corresponding to the branch point is allowed to run.
Preferably, the user entity behavior analysis unit 301 may introduce a full spatiotemporal context, and in combination with the historical baseline and the group comparison, present the alarm in the full spatiotemporal context without spending time for manual association, thereby reducing the time for verification, investigation and response. Preferably, when an attack event occurs, the user entity behavior analysis unit 301 may connect events, entities, exceptions, etc. to grasp the overall view of the entire attack event for quick verification and incident response. Preferably, the user entity behavior analysis unit 301 may automatically construct the behavior baseline through unsupervised, semi-supervised machine learning. By this configuration, the user entity behavior analysis unit 301 can capture the imperceptible and unrecognizable details of human beings from the behavior data, find the abnormal parts hidden under the appearance, that is, the malicious users who find the abnormality from the branches corresponding to the normal branch points belonging to the white list range, and find the abnormal malicious behavior from the normal behaviors of the branches corresponding to the branch points; meanwhile, the machine learning-driven behavior analysis can avoid the difficulty and the ineffectiveness of manually setting the threshold value.
Preferably, the user entity behavior analysis unit 301 can construct a network graph using entities extracted from events, alarms, exceptions, accesses, and relationships between entities.
Preferably, the data source accessed by the user entity behavior analysis unit 301 mainly includes a host, a terminal, a network device, a security device, a service system, an application system, a physical security system, and the like.
Preferably, the data source format of the access mainly comprises two major types of logs, network traffic and various context data in the organization.
Preferably, the user entity behavior analysis unit 301 combines with the enterprise business system settings, uses UEBA technology to make AI images of the branch mechanism and the system corresponding to the branch point, determines whether the branch mechanism and the information system corresponding to the branch point have abnormal operation and abnormal process according to the branch mechanism image corresponding to the formed branch point, and further monitors and warns risks of the abnormality.
Preferably, the representation may include, but is not limited to: the user name ID and the application name which are frequently used by the branch office corresponding to the branch point, the most occupied system resources and the like. Through portrayal description, behaviors of branch mechanisms corresponding to the branch points are contrasted and identified, abnormal operation of the branch mechanisms corresponding to the branch points is quickly determined, intrusion paths are pre-judged by means of behavior analysis, accurate threat perception is obtained, and classified alarm notification is sent in advance before threats occur.
A block chain information management method of a continuous immune safety system comprises a plurality of main nodes 1 and a plurality of sub-nodes 2, wherein the main nodes 1 authorize the sub-nodes to enter an information management block chain, and user information ciphertext on the information management block chain is stored in a time sequence; the sub-node 2 acquires the first data, encrypts the first data according to the user side authorization to form a continuous user information ciphertext, and uploads the continuous user information ciphertext to a user ciphertext library and an information management block chain of the main node 1 respectively to be used for continuing the user information ciphertext according to a time sequence. The authorization method of the user side may include, for example, a digital password, a physical magnetic card, a user biological password, and the like. Preferably, the first data may be a user medical record. Preferably, the first data may be other data information of the user. By setting the main node 1 and the sub-node 2 and constructing an information management block chain, the user information is stored on the chain according to the time sequence, a complete life time chain system of the user is constructed, and the accuracy, the integrity and the privacy of the user information on the time chain are ensured. The information barrier between medical institutions is broken through, when a user carries out activities such as health care or hospitalization and the like in a new medical institution, the new medical institution can acquire all previous health information and decrypt the information by authorizing the medical institution, and the user can be assisted with a doctor to quickly and accurately know the condition of the user without repeatedly carrying out inspection and examination. In an emergency, the doctor can quickly acquire the physical condition, the past medical history, the allergy history and other information of the user according to the decrypted user information, and the doctor is assisted to quickly and correctly cure the patient.
In one embodiment, the health information management method based on the blockchain further includes acquiring user registration information, and the master node 1 creates a user secret library according to the user registration information; and acquiring second data, encrypting the second data by the main node 1 to form an initial user information ciphertext, storing the initial user information ciphertext into a user ciphertext library and uploading the initial user information ciphertext to an information management block chain to start the user information ciphertext according to a time sequence. Preferably, the second data may be user physical examination information. Preferably, the second data may be other data information of the user. The user registration information and the second data can be uploaded by the user terminal or collected by the medical institution. The user can register at any time point, and after the user registers and completes the physical examination process, the initial part of the user information ciphertext can be created, so that the authenticity of the user registration information and the initial user information ciphertext can be ensured.
In one embodiment, the health information management method based on the block chain further comprises that the subnode 2 exposes the subsequent user information ciphertext on the information management block chain; at least a part of the main nodes 1 record the continuous user information ciphertext, and if the number of the main nodes 1 recording the continuous user information ciphertext is larger than a preset threshold value, the continuous user information ciphertext is effective information; at least a part of the main nodes 1 respectively store the continuous user information ciphertext into the user ciphertext library. And sharing the encrypted information by adopting a competition record mode for each main node 1 of the newly added user information ciphertext, and only after the records of a certain number of main nodes 1 are completed, determining that the related newly added information is successfully created and performing subsequent activities. Meanwhile, when a certain main node 1 is damaged, the operation of the whole information network is not influenced, and users and the sub-nodes 2 can acquire user information ciphertexts from other main nodes 1 at any time.
In one embodiment, the health information management method based on the block chain further comprises the steps that the sub-node 2 splits a continuous user information ciphertext, and respectively discloses each split part on the information management block chain; at least one part of the main node 1 records one part and/or a plurality of parts of the continuous user information ciphertext; if the number of the main nodes 1 recording one part and/or a plurality of parts of the continuous user information ciphertext is larger than a preset threshold value, one part and/or a plurality of parts of the continuous user information ciphertext are/is effective information; at least a part of the master nodes 1 respectively store one part and/or a plurality of parts of the subsequent user information ciphertext to the user ciphertext library thereof. The sub-node 2 splits the user information ciphertext, and then different main nodes 1 store the user information ciphertext, so that the security of the user information ciphertext can be further protected.
In an embodiment, the health information management method based on the blockchain further includes that the sub-node 2 collects one part and/or a plurality of parts of the subsequent user information ciphertext stored in the user secret library of the main node 1 according to the user side authorization to recover the subsequent user information ciphertext. The problem of each medical institution of current need be equipped with one or more information backup system or disaster recovery system and just can restore information when the information damages or loses, and rely on backup or AB machine to restore, can influence on-line business is solved. The pressure of information storage of the sub-node 2 is reduced, and the operation cost is reduced.
In one embodiment, the health information management method based on the block chain further comprises the steps that the subnode 2 stores first data generated by the subnode; the sub-node 2 acquires user side authorization, encrypts and exports the first data according to the user side authorization; and uploading the export record with the additional timestamp and the digital signature of the subnode 2 to the information management block chain.
The sub-node 2 locally stores the first data generated by the node, and the information can be used for internal construction optimization by the sub-node 2, such as medical institution planning, resource allocation, medical personnel assessment and the like. And all information is backed up in the main node 1, and can be verified according to the ciphertext timestamp. However, the user diagnosis and treatment information stored locally in the subnode 2 is not allowed to be exported without permission, and the export records all have the digital signature of the subnode 2, and once the export records are exported, the tracing can be carried out.
According to a preferred embodiment, the method further comprises:
and the sub-node 2 collects one part and/or a plurality of parts of the subsequent user health information ciphertext stored in the master node 1 user secret library according to the user side authorization to recover the subsequent user health information ciphertext.
It should be noted that the above-mentioned embodiments are exemplary, and that those skilled in the art, having benefit of the present disclosure, may devise various arrangements that are within the scope of the present disclosure and that fall within the scope of the invention. It should be understood by those skilled in the art that the present specification and figures are illustrative only and are not limiting upon the claims. The scope of the invention is defined by the claims and their equivalents.
The present specification encompasses multiple inventive concepts and the applicant reserves the right to submit divisional applications according to each inventive concept. The present description contains several inventive concepts, such as "preferably", "according to a preferred embodiment" or "optionally", each indicating that the respective paragraph discloses a separate concept, the applicant reserves the right to submit divisional applications according to each inventive concept. Throughout this document, the features referred to as "preferably" are only an optional feature and should not be understood as necessarily requiring that such applicant reserves the right to disclaim or delete the associated preferred feature at any time.
Claims (10)
1. A block chain information management device of a continuous immune safety system comprises a plurality of main nodes (1) and a plurality of sub-nodes (2) which form an information management block chain, the sub-nodes (2) are authorized by the main nodes (1) to enter the information management block chain, user information ciphertexts on the information management block chain are stored according to the time sequence,
it is characterized in that the preparation method is characterized in that,
the method comprises the following steps: a main node (1) and a sub-node (2) which are in data connection with each other, wherein the sub-node (2) is used for detecting the behavior of a branch mechanism corresponding to the sub-node (2), the sub-node (2) comprises an early warning unit (201),
early warning unit (201) are used for lasting the behavioral data to the branch mechanism and detect, when the behavioral data that detects the branch mechanism exists unusually, divide node (2) to main node (1) sends the main monitoring application, works as main node (1) response when the main monitoring application, divide node (2) with main node (1) carry out data communication, in order to confirm by main node (1) monitors corresponding unusual behavioral data.
2. The blockchain information management device according to claim 1, wherein the master node (1) is capable of monitoring the behavior of the branch organization and analyzing the obtained monitoring data, and performing a threat level early warning according to the monitoring data, and sending the level early warning to the sub-node (2) sending the master monitoring application, and the sub-node (2) performs different degrees and ways of stopping or intervening on the behavior of the branch organization in response to the received level early warning.
3. The blockchain information management device according to claim 2, wherein the subnodes (2) further include data cleansing units (202), different types of data cleansing units (202) are provided for different subnodes (2), and the data cleansing units (202) can give different weight values to different data features of the monitoring data allocated to the subnodes according to a preset data cleansing model, and cleanse low-value data features with low weights to remove garbage data.
4. The blockchain information management device according to claim 3, wherein when the master node (1) receives a first master monitoring application sent by the first sub-node (2) and a second master monitoring application sent by the second sub-node (2) at the same time, the master node (1) invokes processor occupancy data of the first sub-node (2) and the second sub-node (2), respectively, and responds to the master monitoring application of the sub-node (2) with a large processor occupancy.
5. The blockchain information management device according to claim 4, further comprising:
the trusted protection module (3) is configured to be capable of automatically generating a white list which meets an operation specification at least by combining with an operation and maintenance policy of a branch mechanism corresponding to the sub-node (2) so as to establish a legal access policy and an operation behavior policy for the branch mechanism corresponding to the sub-node (2);
a blockchain tamper-proof module (4) configured to be able to obtain at least the white list to prevent the white list from being illegally tampered;
an active countermeasure module (5) at least capable of monitoring and analyzing processes or programs within the white list,
wherein, under the condition that the active countermeasure module (5) can acquire the security situation of the branch corresponding to the branch node (2), the trusted protection module (3) can continuously update the white list based on the security situation monitored by the active countermeasure module (5);
the active countermeasure module (5) can rapidly adjust the logic topology structure of the branch mechanism corresponding to the sub-node (2) based on the monitored security situation, and process the monitored abnormal activity to realize self-organizing countermeasure to the unknown threat, thereby generating continuous immunity to the unknown threat.
6. The blockchain information management apparatus according to claim 5, wherein the trusted protection module (3) includes at least a user entity behavior analysis unit (301), wherein the user entity behavior analysis unit (301) is configured to monitor and analyze at least a process or a program on a white list run by a branch office corresponding to the branch node (2), monitor whether the process or the program on the white list run by the branch office corresponding to the branch node (2) is abnormal, and send the monitored security situation of the branch office corresponding to the branch node (2) to the active countermeasure module (5).
7. A block chain information management method of a continuous immune safety system is characterized in that,
the method comprises the following steps that a plurality of main nodes (1) and a plurality of sub-nodes (2) form an information management block chain, the sub-nodes (2) are authorized by the main nodes (1) to enter the information management block chain, user information ciphertexts on the information management block chain are stored according to a time sequence, and the method comprises the following steps:
the sub-node (2) acquires user side authorization to acquire the user information ciphertext from the information management block chain and decrypt the user information ciphertext;
the sub-node (2) acquires first data, encrypts the first data according to the user side authorization to form a continuous user information ciphertext, and uploads the continuous user information ciphertext to a user cipher library of the main node (1) and the information management block chain respectively so as to be used for continuous user information ciphertext according to a time sequence.
8. The method of managing blockchain information according to claim 7, further comprising:
acquiring user registration information, wherein the main node (1) can at least create a user secret library according to the user registration information;
and acquiring second data, encrypting the second data by the main node (1) to form an initial user information ciphertext, storing the initial user information ciphertext into the user information ciphertext library and uploading the initial user information ciphertext to the information management block chain so as to start the user information ciphertext according to a time sequence.
9. The method of managing blockchain information according to claim 8, further comprising:
the subnode (2) discloses the information cipher text of the continuous user on the information management block chain;
at least a part of the master node (1) records the continuation user information cryptogram,
if the number of the main nodes (1) recording the continuing user information ciphertext is larger than a preset threshold value, the continuing user information ciphertext is effective information;
and the at least one part of the main node (1) respectively stores the continuous user information ciphertext into a user ciphertext library thereof.
10. The method of managing blockchain information according to claim 9, further comprising:
the sub-node (2) splits the continuous user information ciphertext and respectively discloses each split part on the information management block chain;
at least one part of the main node (1) records one part and/or a plurality of parts of the subsequent user information ciphertext;
if the number of the main nodes (1) recording one part and/or a plurality of parts of the continuous user information ciphertext is larger than a preset threshold value, one part and/or a plurality of parts of the continuous user information ciphertext are/is effective information;
and the at least one part of the main node (1) respectively stores one part and/or a plurality of parts of the subsequent user information ciphertext into a user ciphertext library thereof.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111212806.3A CN113923036A (en) | 2021-10-18 | 2021-10-18 | Block chain information management method and device of continuous immune safety system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111212806.3A CN113923036A (en) | 2021-10-18 | 2021-10-18 | Block chain information management method and device of continuous immune safety system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113923036A true CN113923036A (en) | 2022-01-11 |
Family
ID=79241380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111212806.3A Pending CN113923036A (en) | 2021-10-18 | 2021-10-18 | Block chain information management method and device of continuous immune safety system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923036A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116781762A (en) * | 2023-08-24 | 2023-09-19 | 四川科瑞软件有限责任公司 | Cloud computing data storage method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107465575A (en) * | 2017-08-17 | 2017-12-12 | 郑州云海信息技术有限公司 | The monitoring method and system of a kind of cluster |
| CN109039733A (en) * | 2018-07-26 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of alarm method, system and electronic equipment and storage medium |
| US20190165968A1 (en) * | 2017-11-27 | 2019-05-30 | Mitsubishi Electric Corporation | Serial communication system |
| CN111327685A (en) * | 2020-01-21 | 2020-06-23 | 苏州浪潮智能科技有限公司 | Data processing method, device and equipment of distributed storage system and storage medium |
| CN111681723A (en) * | 2020-04-27 | 2020-09-18 | 山东浪潮通软信息科技有限公司 | Health information management method, equipment and medium based on block chain |
| CN111884878A (en) * | 2020-07-24 | 2020-11-03 | 樊馨 | Data monitoring method based on block chain |
| CN112039858A (en) * | 2020-08-14 | 2020-12-04 | 深圳市迈科龙电子有限公司 | Block chain service security reinforcement system and method |
-
2021
- 2021-10-18 CN CN202111212806.3A patent/CN113923036A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107465575A (en) * | 2017-08-17 | 2017-12-12 | 郑州云海信息技术有限公司 | The monitoring method and system of a kind of cluster |
| US20190165968A1 (en) * | 2017-11-27 | 2019-05-30 | Mitsubishi Electric Corporation | Serial communication system |
| CN109039733A (en) * | 2018-07-26 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of alarm method, system and electronic equipment and storage medium |
| CN111327685A (en) * | 2020-01-21 | 2020-06-23 | 苏州浪潮智能科技有限公司 | Data processing method, device and equipment of distributed storage system and storage medium |
| CN111681723A (en) * | 2020-04-27 | 2020-09-18 | 山东浪潮通软信息科技有限公司 | Health information management method, equipment and medium based on block chain |
| CN111884878A (en) * | 2020-07-24 | 2020-11-03 | 樊馨 | Data monitoring method based on block chain |
| CN112039858A (en) * | 2020-08-14 | 2020-12-04 | 深圳市迈科龙电子有限公司 | Block chain service security reinforcement system and method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116781762A (en) * | 2023-08-24 | 2023-09-19 | 四川科瑞软件有限责任公司 | Cloud computing data storage method and system |
| CN116781762B (en) * | 2023-08-24 | 2023-10-27 | 四川科瑞软件有限责任公司 | Cloud computing data storage method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10848514B2 (en) | Data surveillance for privileged assets on a computer network | |
| JP6736657B2 (en) | A computerized system that securely delivers and exchanges cyber threat information in a standardized format | |
| CN106790008B (en) | Machine learning system for detecting abnormal host in enterprise network | |
| CN104509034B (en) | Pattern merges to identify malicious act | |
| EP2040435B1 (en) | Intrusion detection method and system | |
| Norouzian et al. | Classifying attacks in a network intrusion detection system based on artificial neural networks | |
| Saxena et al. | General study of intrusion detection system and survey of agent based intrusion detection system | |
| US20180069896A1 (en) | System and method providing data-driven user authentication misuse detection | |
| Guezzaz et al. | A Global Intrusion Detection System using PcapSockS Sniffer and Multilayer Perceptron Classifier. | |
| JP2021039754A (en) | Endpoint agent expansion of machine learning cyber defense system for electronic mail | |
| JPH11143738A (en) | Supervisory method of computer system | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| US11882147B2 (en) | Method and apparatus for determining a threat using distributed trust across a network | |
| US20150358292A1 (en) | Network security management | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN113923036A (en) | Block chain information management method and device of continuous immune safety system | |
| CN116895375B (en) | Medical instrument management traceability method and system based on data sharing | |
| JP4843546B2 (en) | Information leakage monitoring system and information leakage monitoring method | |
| CN113821794B (en) | Distributed trusted computing system and method | |
| Hajder et al. | Data Security Platform Model in networked medical IT systems based on statistical classifiers and ann | |
| CN207612279U (en) | A kind of food processing factory's network security management system | |
| CN115277083B (en) | Data transmission control method, device, system and computer equipment | |
| Narang et al. | A study on Cyber-attack detection in IoMT using Machine Learning Techniques | |
| US20240121107A1 (en) | Identification Of A Suspect Computer Application Instance Based On Rolling Baseline |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |