CN114710490A - Medical Internet of things data sharing method and system based on block chain - Google Patents
Medical Internet of things data sharing method and system based on block chain Download PDFInfo
- Publication number
- CN114710490A CN114710490A CN202210343031.1A CN202210343031A CN114710490A CN 114710490 A CN114710490 A CN 114710490A CN 202210343031 A CN202210343031 A CN 202210343031A CN 114710490 A CN114710490 A CN 114710490A
- Authority
- CN
- China
- Prior art keywords
- data
- data processing
- denotes
- internet
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000012545 processing Methods 0.000 claims abstract description 81
- 238000013475 authorization Methods 0.000 claims abstract description 32
- 238000004364 calculation method Methods 0.000 claims abstract description 6
- 230000008569 process Effects 0.000 claims description 19
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 7
- MWRWFPQBGSZWNV-UHFFFAOYSA-N Dinitrosopentamethylenetetramine Chemical compound C1N2CN(N=O)CN1CN(N=O)C2 MWRWFPQBGSZWNV-UHFFFAOYSA-N 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 5
- 238000001514 detection method Methods 0.000 claims description 3
- 230000007613 environmental effect Effects 0.000 claims description 3
- 230000021715 photosynthesis, light harvesting Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 11
- 230000007246 mechanism Effects 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention relates to the technical field of Internet of things, in particular to a medical Internet of things data sharing method and system based on a block chain, which comprises the following steps: performing identity authentication on the user applying for joining; after the identity authentication is passed, the authorization module judges that the private chain can be entered; after agreeing to enter the private chain, the plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for accessing the resource system to the authorization module, and the authorization module sends an access token after receiving the application; using the access token as a parameter for calling an application programming interface to access the source data; after obtaining the source data, selecting a result with the most identical results as a final result through calculation, and encrypting the final result by using a digital signature by the data processing node and sending the final result to a hospital end in a private chain; and receiving the demand result and the public key which are sent by the hospital side and encrypted by the private key. The invention ensures the security of data by using contract technology.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to a medical Internet of things data sharing method and system based on a block chain.
Background
With the rapid development of the internet of things and medical technology, the internet of things and the medical technology are gradually fused, medical institutions are accelerating the construction of medical internet of things platforms, the number of internet of things devices is gradually increased, the generated medical data are extremely large, the medical data serve as sensitive data of patients, the traditional medical internet of things is lack of a data protection mechanism, meanwhile, the concentration of rights leads to the fact that single-point faults are easy to generate, the safety of the medical data is guaranteed, meanwhile, the high efficiency of sharing is guaranteed, and the medical internet of things and the medical technology become the key points of current research.
In the prior art, an emerging blockchain technology is widely applied, and a blockchain is applied to data security research by the characteristics of openness, transparency, traceability, tamper resistance and the like, but in the prior art, patient source data are encrypted only by using a cryptography technology in the blockchain, the problem of leakage of the patient source data is ignored, and although the security of data sharing is ensured to a certain extent, if a user is dishonest, the user leaks or sells the source data without authorization, and the security of the source data is still not ensured.
Disclosure of Invention
In view of the above, the present invention provides a method and a system for sharing data of a medical internet of things based on a block chain, so as to solve the problem that the data of the patient source is not safe at present.
Based on the above purpose, the invention provides a medical internet of things data sharing method based on a block chain, which comprises the following steps:
carrying out identity authentication on the user applying for joining;
after the identity authentication is passed, the authorization module judges that the private chain can be entered;
after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for the authorization module to access the resource system, and the authorization module sends an access token after receiving the application;
a plurality of data processing nodes receive the access token, and access source data by using the access token as a parameter for calling an application programming interface;
after source data are obtained, a plurality of data processing nodes calculate to obtain a plurality of results, the results with the most identical results are selected as final results after result analysis, and the data processing nodes encrypt the final results by using digital signatures and send the final results to hospital ends in the private chain;
and receiving the demand result and the public key which are sent by the hospital side and encrypted by the private key.
Optionally, the method further includes: medical data are collected from a patient through the Internet of things equipment, and the collected data are sent to a resource system after being encrypted.
Optionally, the internet of things device at least includes one or more of a sensor, an intelligent medical detection device, a smart phone, a PC terminal, and an RFID device.
Optionally, the identity authentication is performed in a digital signature manner, and an identity ID is defined and expressed as ID (SK, PK), and the identity of the patient is ID (DH)sk,DHpk) The identity of the data processing node is ID (DP)sk,DPpk) The identity of the user is ID (U)sk,Upk) The ID of the processed result is represented as ID (PR)sk,PRpk) An identity function is also defined for key distribution, signing and authentication, denoted F (K, S, V). And generating a pair of key pairs through K, broadcasting the public key to the chain for later verification, performing digital signature through S, encrypting the private key, decrypting the public key, and performing identity verification on the party requesting the operation through a V method of encrypting the private key and decrypting the public key.
Optionally, the resource system is a network file system, and when the resource system is applied to a UNIX environment, file sharing between different types of systems through a network can be supported.
Optionally, the data processing node processes data for the data processing node protected by the instruction set extension, and the instruction set extension provides a safe and reliable code operating environment from a hardware level.
Optionally, the method further includes: data sharing is carried out between the Internet of things equipment and the users through a cluster type structure, and the specific calculation process of the cluster type structure is as follows:
in short distance, equation (1) is used to calculate the transmission energy according to the distance and the environmental characteristics, and b is 2 in short distance;
when D is present<DLWhen T is DS × Db (1)
For long distances, equation (2) (b ═ 4) is used;
when D is present>DLWhen T is equal to E × DS × Db (2)
Calculating the consumption energy of the data packet received by each internet of things device through equation (3);
R=E×DS (3)
calculating the current energy of each internet of things device through equation (4);
A=T×R (4)
the remaining energy is calculated by equation (5), where Ei is the primary energy per IoT node;
C=Pei-A (5)
wherein the relevant parameters in the formula are T transmission energy, DS packet size, b energy dissipation in the channel (b is 2 in short distance), D distance between two nodes, DLIs a threshold value of the distance, E is energy required for receiving the data packet, R is energy consumed for receiving the data, A is current energy of each internet of things, PeiFor the initial energy of each IoT node, C is the calculated remaining energy.
Optionally, the method further comprises monitoring, by the state machine, a change in the sharing process.
Optionally, the state machine includes:
a record tuple with a length of 7, denoted as rec (record) ═ (RecID, T, UserID, RSID, HosID, NodeID, CurSt), RecID denotes a record identification tuple, UserID denotes a user, RSID denotes a resource system, HosID denotes a hospital, NodeID denotes a data processing node, and CurSt denotes a current state of sharing;
a sub-state tuple with a length of 5 is denoted as st (status) ═ (x, y, p, r, tl), where x and y are participants of shared data, p is a premise for reaching the sub-state, r denotes a result generated when the condition p is satisfied, tl denotes a time limit, if the time limit is exceeded, the shared transaction is considered to be expired, the value range of the sub-state is { B, S, Ex, SH }, where B state is satisfied with the time limit, the condition p is also satisfied, and it is only necessary to wait for the result r. The S state indicates that all conditions are met and that this state has been reached. Ex does not satisfy the time constraint, satisfies condition p but has no result, indicating that the sharing transaction is invalid, and SH indicates that the entire data sharing is completed.
An operation tuple with a length of 3 is denoted as OP (operation) ═ OPEx, Object, Input, where OPEx denotes an operator of the operation, Object denotes an Object of the operation, Input denotes an Input required for the operation, a range of values of OP is { false, true }, false denotes an operation failure, and true denotes an operation success.
A length-4 intelligent contract tuple, denoted sc (smart contract) ═ STnΣ, FN) in which STn={ST1,ST2,ST3,........,STnIs a finite set of sub-states, sigma is a set of operations OP, whose operations change STnThe ST value is in the middle, so that the intelligent contract state is changed, the FN is in the final state, and the value range is { E, SH, E indicates that the sharing transaction is considered to be expired, and SH indicates that data sharing is completed.
The invention also provides a system for executing the block chain-based medical internet of things data sharing method, which is based on the same invention and creation and comprises the following steps:
an identity verification module: the identity authentication system is used for performing identity authentication on a user applying for joining;
an authorization module: after the identity authentication is passed, judging that the private chain can be entered;
the data processing node: after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for accessing a resource system to the authorization module, the authorization module sends an access token after receiving the application, the access token is used as parameter access source data for calling an application programming interface, after the source data is obtained, the data processing nodes calculate to obtain a plurality of results, the result with the most identical results is selected as a final result after result analysis, and the data processing nodes encrypt the final result by using a digital signature and send the final result to a hospital end in the private chain;
a user side: the system is used for receiving the demand result and the public key which are sent by the hospital side and encrypted by the private key.
The invention has the beneficial effects that: according to the method and the system, the medical data acquisition problem is converted into the medical data processing problem, the source data is not used as directly shared data, the contract technology is utilized, the user deploys the data processing contract, the desired result is obtained through processing, the source data is effectively prevented from being leaked out by a dishonest user without authorization, and therefore the data security is guaranteed.
Any illegal authorization is recorded in the distributed account book, so that the transparency of the data sharing process is ensured.
According to the invention, the identity authentication and access authorization technology is applied to the block chain, the Internet of things equipment is better managed by compiling an algorithm which accords with the regulation, and meanwhile, any activity and behavior in the Internet of things domain can be executed after block chain authorization, so that a malicious node is prevented from masquerading as the Internet of things equipment to initiate network attack.
The invention adopts a cluster structure to divide n Internet of things domains, the structure is favorable for better managing the Internet of things equipment and can also reduce the energy consumption of the Internet of things equipment to a certain extent, when a new domain is added, a public chain is used for authentication and consensus is generated, after the consensus is achieved, the new domain enters the cluster structure, and the operation is recorded in an account book.
The invention provides a sharing process evaluation mechanism and a processing node scoring mechanism by using an intelligent contract technology for reference of future users, meanwhile, the users can broadcast own requirements in advance, and a credible node and the users achieve consensus in advance, so that the high efficiency of the data sharing process is ensured, a state machine is introduced, whether the data sharing process is completed or not is tracked, if sharing has errors, an error source can be judged immediately, and the sharing errors are solved quickly and effectively.
Drawings
In order to more clearly illustrate the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of a sharing method according to an embodiment of the present invention;
FIG. 2 is a block diagram of a data sharing process according to an embodiment of the present invention;
FIG. 3 is a system architecture diagram according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to specific embodiments.
It is to be noted that technical terms or scientific terms used herein should have the ordinary meaning as understood by those having ordinary skill in the art to which the present invention belongs, unless otherwise defined. The use of "first," "second," and similar terms in the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The embodiment of the invention provides a medical Internet of things data sharing method and system based on a block chain.
As shown in fig. 1 to 3, a block chain-based medical internet of things data sharing method includes:
s101: carrying out identity authentication on the user applying for joining;
s102: after the identity authentication is passed, the authorization module judges that the private chain can be entered;
s103: after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for the authorization module to access the resource system, and the authorization module sends an access token after receiving the application;
s104: a plurality of data processing nodes accept the access token and access source data by using the access token as a parameter for calling an Application Programming Interface (API);
s105: after source data are obtained, a plurality of data processing nodes calculate to obtain a plurality of results, the results with the most identical results are selected as final results after result analysis, and the data processing nodes encrypt the final results by using digital signatures and send the final results to hospital ends in the private chain;
s106: and receiving the demand result and the public key which are sent by the hospital side and encrypted by the private key.
When the method is used, a user applies for the addition of medical data, firstly carries out identity authentication on the user, after the identity authentication is passed, the user can enter a private chain through judgment of an authorization module, after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for accessing a resource system to the authorization module, the authorization module sends an access token after receiving the application, the access token is used as a parameter for calling an Application Programming Interface (API) to access source data, after the source data is obtained, a plurality of data processing nodes carry out calculation to obtain a plurality of results, the result with the most same result is selected as a final result through result analysis, and the data processing nodes encrypt the final result by using a digital signature and send the final result to a hospital end in the private chain, and the user receives the encrypted demand result and the public key sent by the hospital end through the user end.
Therefore, the medical data acquisition problem is converted into the medical data processing problem, the source data is not used as directly shared data, the contract technology is utilized, the user deploys the data processing contract, the desired result is obtained through processing, the source data is effectively prevented from being leaked out by the dishonest user without authorization, and the data security is guaranteed.
In some embodiments, the method further comprises: medical data are collected from a patient through the Internet of things equipment, and the collected data are sent to a resource system after being encrypted. Optionally, the internet of things device at least includes one or more of a sensor, an intelligent medical detection device, a smart phone, a PC terminal, and an RFID device.
In some embodiments, the identity authentication is performed by using a digital signature method, and an identity ID is defined and expressed as ID (SK, PK), and the identity of the patient is ID (DH)sk,DHpk) The identity of the data processing node is ID (DP)sk,DPsk) The identity of the user is ID (U)sk,Usk) The ID of the processed result is represented as ID(PRsk,PRsk) An identity function is also defined for key distribution, signing and authentication, denoted F (K, S, V). And generating a pair of secret key pairs through K, broadcasting the public key to a private chain for later verification, performing digital signature through S, encrypting the private key, decrypting the public key, and performing identity verification on the party requesting the operation through a V method of encrypting the private key and decrypting the public key.
In some embodiments, the resource system is a network file system, and the resource system is applied in a UNIX environment and can support file sharing between different types of systems through a network. UNIX is a conventional computer operating system.
Resource systems allow a system to share directories and files with others over a network. By using the Network File System (NFS), users and programs can access files on remote systems as local files, enabling the nodes of each computer to conveniently use resources on the network as local resources. In other words, NFS can be used for remote access and sharing of network files in different types of computers, operating systems, network architectures, and transport protocol execution environments.
In some embodiments, the data processing module processes data for a data processing node protected by instruction set Extensions (SGX), which provides a secure and reliable code execution environment from the hardware level. After a user enters a private chain, a data processing node deploys a data processing contract in a block chain, the data processing node needs to obtain an access token after being authorized by the block chain, and source data needing to be processed are obtained from a resource system by calling an Application Programming Interface (API). And after the result is obtained through processing, the result is encrypted through the digital signature and then is transmitted to the hospital, and the hospital sends the encrypted result and the public key to the user. It can be seen that, the number of the data processing nodes is more than 1, and a user can select a plurality of data processing nodes to process data, and the final result with the most identical results is used as a correct result by comparing the results.
In some embodiments, the method further comprises: the data sharing is carried out between the Internet of things equipment and the users through a cluster type structure, and the specific calculation process of the cluster type structure is as follows:
in short distance, equation (1) is used to calculate the transmission energy according to the distance and the environmental characteristics, and b is 2 in short distance;
when D is<DLWhen T is DS × Db (1)
For long distances, equation (2) (b ═ 4) is used;
when D is present>DLWhen T is equal to E × DS × Db (2)
Calculating the consumption energy of the data packet received by each internet of things device through equation (3);
R=E×DS (3)
calculating the current energy of each internet of things device through equation (4);
A=T×R (4)
the remaining energy is calculated by equation (5), where Ei is the primary energy per IoT node;
C=Pei-A (5)
wherein the relevant parameters in the formula are T transmission energy, DS packet size, b energy dissipation in the channel (b is 2 in short distance), D distance between two nodes, DLIs a threshold value of the distance, E is energy required for receiving the data packet, R is energy consumed for receiving the data, A is current energy of each internet of things, PeiFor the initial energy of each IoT node, C is the calculated remaining energy.
In the invention, a cluster structure is adopted, intelligent contracts with various functions are compiled, the Internet of things equipment and users are coordinated to carry out effective data sharing, and calculation shows that the energy consumption of the Internet of things equipment can be effectively reduced.
In some embodiments, the method further comprises supervising the sharing process for changes by a state machine.
Optionally, the state machine includes:
a record tuple with a length of 7, denoted as rec (record) ═ (RecID, T, UserID, RSID, HosID, NodeID, CurSt), RecID denotes a record identification tuple, UserID denotes a user, RSID denotes a resource system, HosID denotes a hospital, NodeID denotes a data processing node, and CurSt denotes a current state of sharing;
a sub-state tuple with a length of 5 is denoted as st (status) ═ (x, y, p, r, tl), where x and y are participants of shared data, p is a premise for reaching the sub-state, r denotes a result generated when the condition p is satisfied, tl denotes a time limit, if the time limit is exceeded, the shared transaction is considered to be expired, the value range of the sub-state is { B, S, Ex, SH }, where B state is satisfied with the time limit, the condition p is also satisfied, and it is only necessary to wait for the result r. The S state indicates that all conditions are met and that state has been reached. Ex does not satisfy the time constraint, satisfies condition p but has no result, indicating that the sharing transaction is invalid, and SH indicates that the entire data sharing is completed.
An operation tuple with a length of 3 is denoted as OP (operation) ═ OPEx, Object, Input, where OPEx denotes an operator of the operation, Object denotes an Object of the operation, Input denotes an Input required for the operation, a range of values of OP is { false, true }, false denotes an operation failure, and true denotes an operation success.
A length-4 intelligent contract tuple, denoted sc (smart contract) ═ STnΣ, FN) in which STn={ST1,ST2,ST3,........,STnIs a finite set of sub-states, sigma is a set of operations OP, whose operations change STnAnd the value of ST in the system is changed, so that the state of the intelligent contract is changed, FN is in a final state, the value range is { E, SH }, E represents that the shared transaction is considered to be overdue, and SH represents that data sharing is completed.
The symbols associated with the state machine are listed in the following table:
further, the detailed process of the above state machine working when sharing data will be explained again.
(1) A user UserID initiates an identity authentication Request to a hospital HosID, and requests to join a private block chain, wherein a Request is a Request function, and Enter Info is related information of a chain entering person;
·ST1:(UserID,HosID,verifyID(HosID,UserID),Request)
·OP1=Request(HosId,UserID,EnterInfo)
·Rec:(RecID,T,UserID,HosID,CurSt:ST1_B)
ST1b denotes the State ST1The method is effective, and only needs to wait for the completion of the result r;
(2) if the identity verification of the UserID is valid, the UserID can apply for deploying an intelligent contract SmartContract to the block chain BC, and the contract is deployed on a data processing node NodeID which achieves consensus in advance, wherein the contract is a contract deployment function;
·ST2:(UserID,BC,Query,IdentityVerify(BC,UserID),Deploy)
·OP2=Deploy(UserID,Node,Smart Contract)
·Rec:(RecID,T,UserID,CurSt:ST1_S)
ST1s indicates that the shared transaction has reached state ST1;
(3) After the intelligent contract is successfully deployed, the data processing node needs to apply for authorization to access the resource system RSID to the block chain to obtain an access Token, and the Send _ Token is a Token sending function;
·ST3:(NodeID,BC,Deploy,GrandAccess(BC,Node),Send_Token)
·OP3=Send_Token(BC,Node,token)
·Rec:(RecID,T,UserID,NodeID,CurSt:ST2_S)
ST2s indicates that the shared transaction has reached state ST2;
(4) After obtaining the access token, the Data processing node accesses the RSID of the resource system through an Application Programming Interface (API) to obtain source Data to be processed, and Send _ Data is a transmission source Data function;
·ST4:(NodeID,RSID,Send_Token,Send_Data)
·OP4=Send_Data(RSID,NodeID,Data)
·Rec:(RecID,T,UserID,RSID,CurSt:ST3_S)
ST3s indicates that the shared transaction has reached state ST3;
(5) The data processing node starts to perform data processing work after obtaining source data, the Result obtained after processing needs to be sent to a data analysis contract for Result processing to obtain a final correct Result fresh, and the final correct Result fresh is sent to the hospital in an encrypted manner, wherein Send _ Result is a Result sending function, and Send _ FREST is a Result sending function;
·ST5:(NodeID,HosID,Send_Data,Send_Result,Send_FResult)
·OP5=Send_Result(NodeID,AnalysisSC,Result)&&Send_FResult(AnalysisSC,HosID,Signature(FResult))
·Rec:(RecID,T,NodeID,HosID,CurSt:ST4_S)
ST4s indicates that the shared transaction has reached state ST4;
(6) After receiving the encryption result, the hospital sends the encryption result SFResult and the public key PK together to the user, and Send _ SFResult is the final result of sending the encryption;
·ST6:(HosID,UserID,Send_Result&&Send_RResult,Send_SFResult)
·OP5=Send_SFResult(Hos,UserID,SFResult&&PK)
·Rec:(RecID,T,HosID,UserID,CurSt:ST5_S)
ST5s indicates that the shared transaction has reached state ST5;
(7) After the sharing is successfully finished, triggering an information storage contract and recording the shared information on the block chain;
Rec:(RecID,T,HosID,UserID,CurSt:ST6_S)
ST6s indicates that the shared transaction has reached state ST6;
When all STnAll reach the state STnS, the sharing transaction is successfully completed.
By introducing the state machine, whether the data sharing process is completed or not is tracked, if sharing is wrong, the error source can be immediately judged, and sharing errors are quickly and effectively solved.
In some embodiments, before the user takes the result, the sharing process needs to be evaluated, the user can take the final result through decryption, and can also judge which data processing node processes the data through the digest of the digital signature, and perform tracing.
In order to further implement the invention, the invention also provides a system of a medical internet of things data sharing method based on a block chain, which is characterized by comprising the following steps:
an identity verification module: the identity authentication system is used for performing identity authentication on a user applying for joining;
an authorization module: after the identity authentication is passed, judging that the private chain can be entered;
the data processing node: after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for accessing a resource system to the authorization module, the authorization module sends an access token after receiving the application, the access token is used as a parameter for calling an Application Programming Interface (API) to access source data, after the source data is obtained, the data processing nodes calculate to obtain a plurality of results, the result with the most identical results is selected as a final result after result analysis, and the data processing nodes encrypt the final result by using a digital signature and send the final result to a hospital end in the private chain;
a user side: and the system is used for receiving the encrypted requirement result and the public key sent by the hospital end. The user may be a private doctor or a research institution.
Therefore, the system can effectively avoid the source data from being leaked out by a dishonest user without authorization by converting the medical data acquisition problem into the medical data processing problem and using the contract technology, wherein the source data is not directly shared data, and the user deploys the data processing contract to obtain the desired result through processing, thereby ensuring the data security.
The system comprises a block chain, wherein the block chain comprises a private block chain (private chain) where the Internet of things equipment is located and a public block chain (public chain) which is interconnected with hospitals. Each Internet of things domain has a private block chain, the private block chain and the public block chain share a distributed account book, the distributed account book refers to that transaction accounting is completed by a plurality of nodes distributed in different places together, and each node records a complete account, so that the nodes can participate in monitoring transaction legality and can also make a certificate for the node together, and data transaction is more flexible.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to those examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
The present invention is intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A medical Internet of things data sharing method based on a block chain is characterized by comprising the following steps:
carrying out identity authentication on the user applying for joining;
after the identity authentication is passed, the authorization module judges that the private chain can be entered;
after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for the authorization module to access the resource system, and the authorization module sends an access token after receiving the application;
a plurality of data processing nodes receive the access token, and access source data by using the access token as a parameter for calling an application programming interface;
after source data are obtained, a plurality of data processing nodes calculate to obtain a plurality of results, the results with the most identical results are selected as final results after result analysis, and the data processing nodes encrypt the final results by using digital signatures and send the final results to hospital ends in the private chain;
and receiving the demand result and the public key which are sent by the hospital side and encrypted by the private key.
2. The blockchain-based medical internet of things data sharing method according to claim 1, wherein the method further comprises: medical data are collected from a patient through the Internet of things equipment, and the collected data are sent to a resource system after being encrypted.
3. The medical Internet of things data sharing method based on the blockchain as claimed in claim 2, wherein the Internet of things equipment at least comprises one or more of a sensor, intelligent medical detection equipment, a smart phone, a PC terminal and an RFID device.
4. The method as claimed in claim 1, wherein the identity authentication is performed by using a digital signature method, and an identity ID is defined and expressed as ID (SK, PK), and the identity of the patient is ID (DH)sk,DHpk) The identity of the data processing node is ID (DP)sk,DPpk) The identity of the user is ID (U)sk,Upk) The ID of the processed result is represented as ID (PR)sk,PRpk) Are fixed simultaneouslyAnd defining an identity function for key distribution, signature and identity verification, wherein the identity function is represented as F (K, S, V), generating a pair of key pairs through K, broadcasting a public key to a chain for later verification, and performing digital signature, private key encryption and public key decryption through S, and performing identity verification on a party requesting operation through a V method of private key encryption and public key decryption.
5. The method as claimed in claim 1, wherein the resource system is a network file system, and when applied to a UNIX environment, the resource system can support file sharing between different types of systems via a network.
6. The blockchain-based medical internet of things data sharing method according to claim 1, wherein the data processing nodes process data for the data processing nodes protected by an instruction set extension, and the instruction set extension provides a safe and reliable code running environment from a hardware level.
7. The blockchain-based medical internet of things data sharing method according to claim 2, wherein the method further comprises: data sharing is carried out between the Internet of things equipment and the users through a cluster type structure, and the specific calculation process of the cluster type structure is as follows:
in short distance, equation (1) is used to calculate the transmission energy according to the distance and the environmental characteristics, and b is 2 in short distance;
when D is present<DLWhen T is DS × Db (1)
For long distances, equation (2) (b ═ 4) is used;
when D is present>DLWhen T is equal to E × DS × Db (2)
Calculating the consumption energy of the data packet received by each Internet of things device through equation (3);
R=E×DS (3)
calculating the current energy of each internet of things device through equation (4);
A=T×R (4)
the remaining energy is calculated by equation (5), where Ei is the primary energy per IoT node;
C=Pei-A (5)
wherein the relevant parameters in the formula are T transmission energy, DS packet size, b energy dissipation in the channel (b is 2 in short distance), D distance between two nodes, DLIs a threshold value of the distance, E is energy required for receiving the data packet, R is energy consumed for receiving the data, A is current energy of each internet of things, PeiFor the initial energy of each IoT node, C is the calculated remaining energy.
8. The blockchain-based medical internet of things data sharing method according to claim 1, further comprising supervising the change of the sharing process through a state machine.
9. The blockchain-based medical internet of things data sharing method according to claim 8, wherein the state machine comprises:
a record tuple with a length of 7, denoted as rec (record) ═ (RecID, T, UserID, RSID, HosID, NodeID, CurSt), RecID denotes a record identification tuple, UserID denotes a user, RSID denotes a resource system, HosID denotes a hospital, NodeID denotes a data processing node, and CurSt denotes a current state of sharing;
a length-5 sub-state tuple, which is denoted as st (status) ═ (x, y, p, r, tl), where x and y are participants of shared data, p is a premise for reaching the sub-state, r denotes a result generated when a condition p is satisfied, tl denotes a time limit, if the time limit is exceeded, the shared transaction is considered to be expired, a value range of the sub-state is { B, S, Ex, SH }, where B state is satisfied with the time limit, the condition p is also satisfied, it is only necessary to wait for the result r, S state denotes that all conditions are satisfied, the state is reached, Ex does not satisfy the time limit, the condition p is satisfied without the result, denotes that the shared transaction is invalid, and SH denotes that the whole data sharing is completed;
an operation tuple with a length of 3 is denoted as OP (operation) ═ OPEx, Object, Input, where OPEx denotes an operator of the operation, Object denotes an operation Object, Input denotes an Input required by the operation, a value range of OP is { false, true }, false denotes operation failure, and true denotes operation success;
a length-4 intelligent contract tuple, denoted sc (smart contract) ═ STnΣ, FN) in which STn={ST1,ST2,ST3,........,STnIs a finite set of sub-states, and sigma is a set of operations OP, whose operations change STnAnd the value of ST in the system is changed, so that the state of the intelligent contract is changed, FN is in a final state, the value range is { E, SH }, E represents that the shared transaction is considered to be overdue, and SH represents that data sharing is completed.
10. A system for performing the blockchain-based medical internet of things data sharing method of claim 1, comprising:
an identity verification module: the identity authentication system is used for performing identity authentication on a user applying for joining;
an authorization module: after the identity authentication is passed, judging that the private chain can be entered;
the data processing node: after the user agrees to enter the private chain, a plurality of data processing nodes receive own data processing contracts sent by the user, the data processing nodes apply for accessing a resource system to the authorization module, the authorization module sends an access token after receiving the application, the access token is used as parameter access source data for calling an application programming interface, after the source data is obtained, the data processing nodes calculate to obtain a plurality of results, the result with the most identical results is selected as a final result after result analysis, and the data processing nodes encrypt the final result by using a digital signature and send the final result to a hospital end in the private chain;
a user side: the system is used for receiving the demand result and the public key which are sent by the hospital end and encrypted by the private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210343031.1A CN114710490A (en) | 2022-03-31 | 2022-03-31 | Medical Internet of things data sharing method and system based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210343031.1A CN114710490A (en) | 2022-03-31 | 2022-03-31 | Medical Internet of things data sharing method and system based on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114710490A true CN114710490A (en) | 2022-07-05 |
Family
ID=82173048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210343031.1A Pending CN114710490A (en) | 2022-03-31 | 2022-03-31 | Medical Internet of things data sharing method and system based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114710490A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116910826A (en) * | 2023-09-13 | 2023-10-20 | 电能易购(北京)科技有限公司 | Purchasing data storage and sharing system for electric power equipment bidding |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200034453A1 (en) * | 2018-07-29 | 2020-01-30 | International Business Machines Corporation | Smart contract input mapping |
CN112417510A (en) * | 2020-12-09 | 2021-02-26 | 南威软件股份有限公司 | Credible sharing method for protecting government affair private data based on block chain |
CN113297625A (en) * | 2021-07-23 | 2021-08-24 | 北京笔新互联网科技有限公司 | Data sharing system and method based on block chain and electronic equipment |
-
2022
- 2022-03-31 CN CN202210343031.1A patent/CN114710490A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200034453A1 (en) * | 2018-07-29 | 2020-01-30 | International Business Machines Corporation | Smart contract input mapping |
CN112417510A (en) * | 2020-12-09 | 2021-02-26 | 南威软件股份有限公司 | Credible sharing method for protecting government affair private data based on block chain |
CN113297625A (en) * | 2021-07-23 | 2021-08-24 | 北京笔新互联网科技有限公司 | Data sharing system and method based on block chain and electronic equipment |
Non-Patent Citations (3)
Title |
---|
杨凡;: "基于移动性和异构感知的网络数据聚合研究", 荆楚理工学院学报, no. 06 * |
郝玉蓉: "基于区块链的隐私保护政务数据共享研究", 中国优秀硕士学位论文全文数据库 (社会科学Ⅰ辑), pages 31 - 32 * |
黄瑞玲等: "异构WSN 中能耗偏差协调的分簇算法", 计算机应用研究, vol. 29, no. 12, pages 7 - 24 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116910826A (en) * | 2023-09-13 | 2023-10-20 | 电能易购(北京)科技有限公司 | Purchasing data storage and sharing system for electric power equipment bidding |
CN116910826B (en) * | 2023-09-13 | 2023-12-15 | 电能易购(北京)科技有限公司 | Purchasing data storage and sharing system for electric power equipment bidding |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109361668B (en) | Trusted data transmission method | |
KR102424055B1 (en) | Apparatus and Method for Providing API Authentication using Two API Tokens | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
JP2016158270A (en) | Validation of inclusion of platform within data center | |
CN101043335A (en) | Information security control system | |
RU2003118755A (en) | WAYS OF CREATION, SYSTEM AND ARCHITECTURE OF PROTECTED MEDIA CHANNELS | |
US11947681B2 (en) | Cryptographic secret generation and provisioning | |
CN102223420A (en) | Digital content distribution method for multimedia social network | |
TW201926943A (en) | Data transmission method and system | |
US20050027979A1 (en) | Secure transmission of data within a distributed computer system | |
TWI776404B (en) | Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium | |
CN114039753B (en) | Access control method and device, storage medium and electronic equipment | |
CN113643134B (en) | Internet of things blockchain transaction method and system based on multi-key homomorphic encryption | |
Gao et al. | A privacy-preserving identity authentication scheme based on the blockchain | |
Jamal et al. | Reliable access control for mobile cloud computing (MCC) with cache-aware scheduling | |
CN114710490A (en) | Medical Internet of things data sharing method and system based on block chain | |
CN112153038B (en) | Method and device for secure login, authentication terminal and readable storage medium | |
CN108959908A (en) | A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated | |
Ji et al. | BIDAC: Blockchain-enabled Identity-Based Data Access Control in IoT | |
CN115811412A (en) | Communication method and device, SIM card, electronic equipment and terminal equipment | |
CN113810178B (en) | Key management method, device, system and storage medium | |
CN104717235B (en) | A kind of resources of virtual machine detection method | |
Idrissi et al. | Agent-based blockchain model for robust authentication and authorization in IoT-based healthcare systems | |
Lyu et al. | JRS: A joint regulating scheme for secretly shared content based on blockchain | |
KR20170111809A (en) | Bidirectional authentication method using security token based on symmetric key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |