CN106326666A

CN106326666A - Health record information management service system

Info

Publication number: CN106326666A
Application number: CN201610789121.8A
Authority: CN
Inventors: 不公告发明人
Original assignee: Individual
Current assignee: Individual
Priority date: 2016-08-30
Filing date: 2016-08-30
Publication date: 2017-01-11

Abstract

The invention provides a health record information management service system which comprises a cloud service center, a user mobile terminal, a service providing terminal and a data safety management system. The cloud service center comprises an information file storage module, a health analysis module and a health service application module, wherein the information file storage module is used for storing health file information and generating or updating a health file under a user account according to the stored health file information, the health analysis module is used for conducting data analysis on the health file information to obtain a health analysis result and determining a matched service item from the service items provided by the service providing terminal according to the health analysis result, the health service application module is used for pushing the matched service item to the corresponding user mobile terminal according to a service request sent by the user mobile terminal, and the data safety management system is used for guaranteeing storage and transmission safety of the health file information. The health record information management service system is practical, quick, convenient and high in safety.

Description

A kind of health account information management service system

Technical field

The present invention relates to field of information management, be specifically related to a kind of health account information management service system.

Background technology

In correlation technique, belt-type apparatus is worn in health monitoring, the high speed development of domestic custodial care facility is personal health archives letters Breath acquisition provides new way, but does not has unified information management service platform support, and these news files are still that fragmentation State.

Another difficult problem be exactly electronization case history and health account scheme store information security and secret protection, hinder strong The development of health Archives Information Service industry, individual cannot enjoy cloud service architecture and the Internet and bring healthy pipe to user Reason convenience and preferably experience service.

Summary of the invention

For solving the problems referred to above, it is desirable to provide a kind of health account information management service system.

The purpose of the present invention realizes by the following technical solutions:

Provide a kind of health account information management service system, carry including cloud service center, customer mobile terminal, service For terminal and data safety management system, described cloud service center includes news file memory module, health analysis module, health Being served by module, described news file memory module is used for storing health account information, according to the health account information of storage Generating or update the health account under user account, described health analysis module is for carrying out data analysis to health account information Process obtains health analysis result, and determines from the service item that service providing terminal provides according to health analysis result The service item joined；Described health service application module, for the service request sent according to customer mobile terminal, pushes described The service item of coupling is to corresponding customer mobile terminal, and realizes the merit that service item selected by customer mobile terminal is corresponding Can service；Described data safety management system is for ensureing storage and the transmission safety of health account information.

The invention have the benefit that and provide the user in addition to health account information storage services, simultaneously by health point Analysis module feedback individual subscriber health status, remind and match this user health demand and service accordingly, data are set simultaneously Safety management system, ensures storage and the transmission safety of health account information, and safety is high, thus solves above-mentioned technology and ask Topic.

Accompanying drawing explanation

The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings Other accompanying drawing.

Fig. 1 is present configuration connection diagram.

Fig. 2 is the structural representation of data safety management system of the present invention.

Reference:

Cloud service center 1, customer mobile terminal 2, service providing terminal 3, data safety management system 4, news file are deposited Storage module 10, health analysis module 11, health service application module 12, data service system 40, data pretreatment 41, cloud Storage encrypting and deciphering system 42, control system 43, security management center 44.

Detailed description of the invention

The invention will be further described with the following Examples.

Application scenarios 1

See Fig. 1, Fig. 2, an embodiment of this application scene provide a kind of health account information management service system System, including cloud service center 1, customer mobile terminal 2, service providing terminal 3 and data safety management system 4, described cloud service Center 1 includes news file memory module 10, health analysis module 11, health service application module 12, and described news file is deposited Storage module 10 is used for storing health account information, generates according to the health account information of storage or updates the health under user account Archives, described health analysis module 11 obtains health analysis result for health account information is carried out Data Analysis Services, with And from the service item that service providing terminal 3 provides, the service item of coupling is determined according to health analysis result；Described health It is served by module 12 to ask for the service sent according to customer mobile terminal 2, pushes the service item of described coupling to phase The customer mobile terminal 2 answered, and realize the function services that service item selected by customer mobile terminal 2 is corresponding；Described data Safety management system 4 is for ensureing storage and the transmission safety of health account information.

Preferably, described health service application module 12 is additionally operable to according to customer mobile terminal 2 or service providing terminal 3 Operation, the health account under inquiry user account and health analysis result.

The above embodiment of the present invention provides the user in addition to health account information storage services, simultaneously by health analysis mould Block 11 feedback user personal health state, remind and match this user health demand and service accordingly, data peace is set simultaneously Full management system 4, ensures storage and the transmission safety of health account information, and safety is high, thus solves above-mentioned technology and ask Topic.

Preferably, described customer mobile terminal 2 includes that customer relationship authorization module, described cloud service center 1 include user Authority checking system, described user's authority checking system includes authorizing Authority Verification module；Described customer relationship authorization module For sending authorization requests to cloud service center 1, described authorization requests includes user account or the service account being authorized to；Described Authorize Authority Verification module for when receiving authorization requests, described authorized user account or service account are authorized To health account and the operating right of health analysis result under the user account of transmission authorization requests.

This preferred embodiment further increases the security performance of health account message reference.

Preferably, described data safety management system 4 includes data service system 40, data pretreatment 41, Yun Cun Storage encrypting and deciphering system 42, control system 43 and security management center 44；Described data service system 40 is used for being responsible for health account The storage of information data manages, backs up and inquire about；Described data pretreatment 41 is for the health account information that need to maintain secrecy Data carry out pretreatment；Described cloud storage encrypting and deciphering system 42 for according to the access control safety strategy that optimizes to maintaining secrecy Health account information data is encrypted or deciphers；Described control system 43 is used for health account information data storing to accordingly Storage device；Described security management center 44 is for carrying out unified monitoring management to each security of system.

This preferred embodiment constructs the system structure of data safety management system 4.

Preferably, the storage of described responsible health account information manages, backs up and inquire about, including:

(1) the data form of health account information is changed, set up and be applicable to what non-relational database carried out storing Form；

(2) health account information data is divided into basic data and expert data, uses centralized and distributed combination Data are stored by strategy, and during storage, all data all back up；The strategy of described centralized and distributed combination includes: Centralised storage is used for the basic data higher than predeterminated frequency, for using distributed less than the expert data of predeterminated frequency Storage；

(3) setting up corresponding data retrievad algorithm, data carry out quick-searching, described data retrievad algorithm uses catalogue The mode that retrieval and search engine combine is carried out, and specifically includes: set up data directory, tentatively examines data according to catalogue Rope；Input key word at search engine, data are carried out precise search；Search engine finds the number of coupling according to certain mode According to, and be ranked up feeding back to user according to the matching degree of data Yu key word.

This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately Data.

Preferably, described each security of system is carried out unified monitoring management, including:

(1) for data service system 40, data pretreatment 41, cloud storage encrypting and deciphering system 42, control system 43 Different security protections requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, forms complete peace Full protection system；

(2) set up effective Data Security, the safety in data storage, transmission, access process is comprehensively examined Consider, not only health account information data is encrypted, the host-host protocol of health account information data is encrypted simultaneously；

(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take The abnormal data detected, for 6-10 days, will be analyzed, and send early warning by value.

This preferred embodiment achieves the management of the unified monitoring to each security of system.

Preferably, described data pretreatment 41 includes data partitioning unit, data pick-up unit and accesses control peace Full policy optimization unit, described data partitioning unit is for being divided into multiple mutual exclusion to the health account information data that need to maintain secrecy Data acquisition system；Described data pick-up unit is for arranging according to self-defining ordering rule the data acquisition system of described mutual exclusion Sequence, sequentially extracts first data cell in each data acquisition system, preserves as little together with described ordering rule Blocks of data, wherein said mutual exclusion represents and there is not any association between the data cell two-by-two in data acquisition system；Described access is controlled Security strategy processed optimizes unit and generates system for access control safety policy optimization method based on fine granularity division of resources Access control safety strategy, including:

(1) based on the data acquisition system by the mutual exclusion after data pick-up cell processing, hierarchical data table structure is built, described Hierarchical data tree construction is three layer data tree constructions, and it includes that service layer, logical layer and physical layer, described service layer are and number According to the root vertex that dispatch service is relevant, described logical layer is the data of association, described physical layer in access control safety strategy Including the data cell in the data acquisition system of all mutual exclusions；

(2) based on accessing the access control safety controlling markup language XACML formulation for the data of different safety class Strategy, projects to the data cell in the data acquisition system of described mutual exclusion by rule with data association in access control safety strategy On, thus the rule in access control safety strategy is refine to data dimension；

(3) the data cell enterprising line discipline optimization in the data acquisition system of each described mutual exclusion, to delete distribution often The conflict of the rule in individual data cell and redundancy；

(4) merge the rule after optimizing, generate the access control safety strategy optimized.

Preferably, described data are stored to corresponding storage device, including:

(1) small block data is stored to local storage, and use user-defined encryption technology that small block data is carried out Encryption；

(2) after being encrypted by cloud storage encrypting and deciphering system 42 by remaining data, storage is to the cloud storage of cloud service center 1 In；Wherein, after cloud storage receives data, cloud is saved in memory node after these data are carried out completeness check.

Above-mentioned two preferred embodiment arranges data pretreatment 41, first the data that need to maintain secrecy are carried out data segmentation and Data pick-up processes, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce the physical store of data storage is empty Between, reduce the expense of storage, and eliminate the conflict in access control safety strategy and redundancy, improve access control decision efficiency； Processing extracting part divided data by data pick-up and store in local storage, remainder data arranges corresponding access control safety Store after strategy to cloud storage, solve traditional cloud storage data-privacy security mechanism based on simple encryption technology and exist The bigger overhead that brings in actual process operation data and loaded down with trivial details, can effectively prevent malicious user or cloud storage Manager illegally steals, distorts the private data of user, improves the security performance of the data storage that need to maintain secrecy.

Preferably, described cloud storage encrypting and deciphering system 42 is main by data owner, attribute mechanism, cloud, credible tripartite, use Five, family entity is constituted, and the described health account information data to maintaining secrecy is encrypted or deciphers, including:

(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism AID, including:

A, initializing, credible tripartite's initialization system parameter isWherein α is random integers；

B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:

C e r t i f i c a t e (U A I D) = \hat{E} {(H (U A I D), g)}^{C_{U A I D}}

Meanwhile, the authentication parameter of validated user is announcedWherein, C_UAID∈Z_P；

C, generate identity key pair for data owner and validated user；

(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said The encryption and decryption key of identity-based includes identity public key GK_UAIDWith identity private key CK_UAID, described attribute encryption and decryption key includes belonging to Property PKI GK_AIDWith attribute private key CK_AID:

{GK}_{U A I D} = \hat{E} {(g, g)}^{{&Proportional;}_{A I D}}

{GK}_{A I D} = {&ForAll; x &Element; {AS}_{A I D} : {GK}_{x} = H {(x)}^{B_{x} β_{A I D}}}

CK_UAID=(∝_AID,β_AID)

{CK}_{A I D} = (K_{0} = g^{{&Proportional;}_{A I D}} g^{α γ}, K_{1} = g^{α γ}, &ForAll; x &Element; {AS}_{U A I D, A I D} : K_{x} = H {(x)}^{B_{x} β_{A I D} γ})

Wherein, AS_AIDThe community set that can distribute for single attribute mechanism, GK₁For the PKI of attribute x, B_xFor attribute x's Version number, ∝_AIDFor the private key parameter of attribute mechanism, β_AIDFor attribute undated parameter, AS_UAID,AIDFor the identity according to attribute mechanism The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝_AID,β_AID∈Z_P；

(3) cloud storage encrypting and deciphering system 42 utilizes data key that the data that need to store cloud storage are carried out data to add Close, obtain ciphertext CT, be then utilized respectively identity public key and attribute PKI and data key is encrypted, generate identity key ciphertext CT_UWith attribute key ciphertext CT_A, including:

A, character string IK of two regular lengths of stochastic generation, AK, merge and generate data key DK:

DK=IK | | AK

B, utilize data key DK that the data that need to store cloud storage are carried out data encryption, after obtaining ciphertext CT, profit With attribute PKI, AK is encrypted, generate attribute key ciphertext CT_A, utilize identity public key that IK is encrypted, generate identity key ciphertext CT_U；

(4) carrying out acting on behalf of re-encryption, when receiving the request of data of user, re-encrypted private key is acted on behalf of in cloud utilization, and identity is close Key ciphertext CT_UBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is used self by data owner Private key and identity public key calculate and generate；

(5), when carrying out data deciphering, after user receives data, it is utilized respectively identity private key CK_UAIDWith attribute private key CK_AID Decryption identity key ciphertext CT_UWith attribute key ciphertext CT_A, then reconstruct data key, decrypting ciphertext CT；

(6) renewal of attribute and identity key is carried out.

This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize the fine granularity to eurypalynous data Access and control and secret protection, resist user and the collusion of attribute mechanism simultaneously；To the data that need to maintain secrecy, construct identity-based respectively Encryption and decryption key, attribute encryption and decryption key, merge and constitute data encryption key these data are encrypted, thus only simultaneously The user meeting identity and attribute double condition can decipher, and greatly improves the security performance of data safety management system 4.

In this application scenarios, update cycle T takes 6, and the safety of system improves 12% relatively.

Application scenarios 2

C e r t i f i c a t e (U A I D) = \hat{E} {(H (U A I D), g)}^{C_{U A I D}}

C, generate identity key pair for data owner and validated user；

{GK}_{U A I D} = \hat{E} {(g, g)}^{{&Proportional;}_{A I D}}

{GK}_{A I D} = {&ForAll; x &Element; {AS}_{A I D} : {GK}_{x} = H {(x)}^{B_{x} β_{A I D}}}

CK_UAID=(∝_AID,β_AID)

{CK}_{A I D} = (K_{0} = g^{{&Proportional;}_{A I D}} g^{α γ}, K_{1} = g^{α γ}, &ForAll; x &Element; {AS}_{U A I D, A I D} : K_{x} = H {(x)}^{B_{x} β_{A I D} γ})

Wherein, AS_AIDThe community set that can distribute for single attribute mechanism, GK_xFor the PKI of attribute x, B_xFor attribute x's Version number, ∝_AIDFor the private key parameter of attribute mechanism, β_AIDFor attribute undated parameter, AS_UAID,AIDFor the identity according to attribute mechanism The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝_AID,β_AID∈Z_P；

DK=IK | | AK

(6) renewal of attribute and identity key is carried out.

In this application scenarios, update cycle T takes 7, and the safety of system improves 11% relatively.

Application scenarios 3

C e r t i f i c a t e (U A I D) = \hat{E} {(H (U A I D), g)}^{C_{U A I D}}

C, generate identity key pair for data owner and validated user；

{GK}_{U A I D} = \hat{E} {(g, g)}^{{&Proportional;}_{A I D}}

{GK}_{A I D} = {&ForAll; x &Element; {AS}_{A I D} : {GK}_{x} = H {(x)}^{B_{x} β_{A I D}}}

CK_UAID=(∝_AID,β_AID)

{CK}_{A I D} = (K_{0} = g^{{&Proportional;}_{A I D}} g^{α γ}, K_{1} = g^{α γ}, &ForAll; x &Element; {AS}_{U A I D, A I D} : K_{x} = H {(x)}^{B_{x} β_{A I D} γ})

DK=IK | | AK

(6) renewal of attribute and identity key is carried out.

In this application scenarios, update cycle T takes 8, and the safety of system improves 10% relatively.

Application scenarios 4

C e r t i f i c a t e (U A I D) = \hat{E} {(H (U A I D), g)}^{C_{U A I D}}

C, generate identity key pair for data owner and validated user；

{GK}_{U A I D} = \hat{E} {(g, g)}^{{&Proportional;}_{A I D}}

{GK}_{A I D} = {&ForAll; x &Element; {AS}_{A I D} : {GK}_{x} = H {(x)}^{B_{x} β_{A I D}}}

CK_UAID=(∝_AID,β_AID)

{CK}_{A I D} = (K_{0} = g^{{&Proportional;}_{A I D}} g^{α γ}, K_{1} = g^{α γ}, &ForAll; x &Element; {AS}_{U A I D, A I D} : K_{x} = H {(x)}^{B_{x} β_{A I D} γ})

DK=IK | | AK

(6) renewal of attribute and identity key is carried out.

In this application scenarios, update cycle T takes 9, and the safety of system improves 9% relatively.

Application scenarios 5

C e r t i f i c a t e (U A I D) = \hat{E} {(H (U A I D), g)}^{C_{U A I D}}

C, generate identity key pair for data owner and validated user；

{GK}_{U A I D} = \hat{E} {(g, g)}^{{&Proportional;}_{A I D}}

{GK}_{A I D} = {&ForAll; x &Element; {AS}_{A I D} : {GK}_{x} = H {(x)}^{B_{x} β_{A I D}}}

CK_UAID=(∝_AID,β_AID)

{CK}_{A I D} = (K_{0} = g^{{&Proportional;}_{A I D}} g^{α γ}, K_{1} = g^{α γ}, &ForAll; x &Element; {AS}_{U A I D, A I D} : K_{x} = H {(x)}^{B_{x} β_{A I D} γ})

DK=IK | | AK

(6) renewal of attribute and identity key is carried out.

In this application scenarios, update cycle T takes 10, and the safety of system improves 8% relatively.

Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention Matter and scope.

Claims

1. a health account information management service system, it is characterised in that include cloud service center, customer mobile terminal, clothes Business provides terminal and data safety management system, described cloud service center include news file memory module, health analysis module, Health service application module, described news file memory module is used for storing health account information, according to the health account of storage Information generates or updates the health account under user account, and described health analysis module is for carrying out data to health account information Analyzing and processing obtains health analysis result, and according to health analysis result from the service item that service providing terminal provides true The service item of fixed coupling；Described health service application module, for the service request sent according to customer mobile terminal, pushes The service item of described coupling is to corresponding customer mobile terminal, and it is corresponding to realize service item selected by customer mobile terminal Function services；Described data safety management system is for ensureing storage and the transmission safety of health account information.

A kind of health account information management service system the most according to claim 1, it is characterised in that described health service Application module is additionally operable to the operation according to customer mobile terminal or service providing terminal, health account under inquiry user account and Health analysis result.

A kind of health account information management service system the most according to claim 2, it is characterised in that described user moves Terminal includes that customer relationship authorization module, described cloud service center include user's authority checking system, described user's authority checking System includes authorizing Authority Verification module；Described customer relationship authorization module is used for sending authorization requests to cloud service center, Described authorization requests includes user account or the service account being authorized to；The described Authority Verification module that authorizes is for when receiving During authorization requests, described authorized user account or service account are authorized under the user account to transmission authorization requests healthy Archives and the operating right of health analysis result.