CN110197084A - Medical data combination learning system and method based on trust computing and secret protection - Google Patents
Medical data combination learning system and method based on trust computing and secret protection Download PDFInfo
- Publication number
- CN110197084A CN110197084A CN201910506663.3A CN201910506663A CN110197084A CN 110197084 A CN110197084 A CN 110197084A CN 201910506663 A CN201910506663 A CN 201910506663A CN 110197084 A CN110197084 A CN 110197084A
- Authority
- CN
- China
- Prior art keywords
- data
- combination learning
- back end
- server
- miner
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H50/00—ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics
- G16H50/70—ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for mining of medical data, e.g. analysing previous cases of other patients
Abstract
The present invention relates to a kind of medical data combination learning system and method based on trust computing and secret protection.Combination learning center control layer receives contribution data, and person is put on record by the non-sensitive metamessage that contribution data person's management level of place back end upload, and initial data is being locally registered, stores and is being isolated calculating;Combination learning center control layer handles data miner and is requested by the combination learning that data miner's alternation of bed is initiated, each back end is locally isolated by the non-sensitive intermediate result being calculated is summarized based on initial data progress in safe zoning, and by final combination learning result returned data digger's alternation of bed.The present invention provides a whole set of, trust computing, depth excavation, purview certification shared safely based on medical big data; the service system of multi-platform combination learning solves the problems, such as scattered to medical data secret protection and data mining at this stage, single, incomplete.
Description
Technical field
It is shared that the present invention relates to the safety of medical big data, credible excavation and personal secrets protection.Specifically refer to one kind
Medical big data combination learning system and method based on trust computing and secret protection.
Background technique
Existing medical treatment big data search, shared, data mining service are still in the immature stage, lack the depth to data
Credible excavation, purview certification are not yet formed with the standard and safeguard measure of system.Stringent law, the protection system of missing and
Standard causes a large amount of hospitals, and the medical datas owner such as medical research mechanism is reluctant or dare not share its data resource possessed,
To seriously affect the rapid advances of medical subject and development under internet big data trend, for example, for the synthesis of disease
Diagnosis and analysis, big data statistical analysis of genetic disease gene etc..
The difference method for secret protection of Chinese patent medical data publication, application number 201510690500.7, for medical treatment
The personal secrets problem that data are directly announced adds the methods of noise to protect phase under the premise of guaranteeing availability of data by difference
Pair data-privacy.This method still default data digger is to the direct contact of data (although data are by secret protection
Reason), and it is not related to the Authority Verification of data miner, the authentic authentication of Calculation and Analysis Platform, multi-platform combination learning etc..
The cloud medical data monitor system and monitoring method of a kind of efficient secret protection of Chinese patent, application number
201610859330.5, a kind of encryption upload for the protection of cloud server medical data, inquiry are devised, reading is
System.The invention cannot achieve to medical data further excavation and analysis in encryption, and the person that is not related to data query
Authority Verification, the authentic authentication of data platform, multi-platform combination learning etc..
A kind of secret protection data digging system and method based on medical big data of Chinese patent, application number
201811118948.1, invent a kind of three-level medical data storage based on non-interactive zero-knowledge proof, inquiry and management
System.Ensure that local sample will not leak to server end, while avoiding false sample matches etc..The system is not related to
Further credible excavation for medical big data, the purview certification of data miner, the authentic authentication of data platform are multi-platform
Combination learning etc..
Summary of the invention
The present invention relates to a kind of medical data combination learning system and method based on trust computing and secret protection, provides
A whole set of is based on that medical big data is shared safely, and trust computing, depth is excavated, purview certification, the clothes of multi-platform combination learning
Business system solves the problems, such as scattered to medical data secret protection and data mining at this stage, single, incomplete.
In order to achieve the above object, a technical solution of the invention is to provide a kind of based on trust computing and secret protection
Medical data combination learning method:
Combination learning center control layer, receiving contribution data, person passes through in contribution data person's management level of place back end
The non-sensitive metamessage passed is stored;The metamessage, the initial data based on contribution data person and do not include original number
According to sensitive information;
Combination learning center control layer receives the joint that data miner is initiated by data miner's alternation of bed
Request is practised to be handled;At combination learning center, the safe zoning of control layer, passes through to initial data each back end
Progress is locally isolated the intermediate result being calculated and is summarized and analyzed, and combination learning result returned data digger is handed over
Alternating layers.
Optionally, combination learning center control layer is provided with central node server and safe calculation server, with each number
It is interacted according to the respectively arranged back end server of contribution data person's management level of node;
The medical data combination learning method includes following procedure:
The first step, all initial data of contribution data person are registered within local firewall, are stored;Data
Contributor accesses data node server by the first interactive system, carries out data acquisition system registration, specifies the access of data acquisition system
Permission and effective time;All initial data are stored in local private data library, within firewall;Back end server
Central node server is sent by metamessage to put on record;
Second step, data miner access central node server by the second interactive system, complete user's registration and test
After card, available data acquisition system is searched for based on own right, creates combination learning example;
Third step, data miner initiate combination learning request to central node server;
4th step, is based on the selected data acquisition system of data miner, and central node server is asked to current Joint study
All back end being related to are asked to issue local computing request;
5th step receives the back end of local computing request, by respective back end server, firewall it
It is interior that local isolation calculating is carried out based on initial data, and carry out intermediate result with safe calculation server and interact;The intermediate knot
Fruit does not include initial data;
6th step, the intermediate result that the local isolation of all back end is calculated in safe calculation server are converged
It is total to update, it generates and exports combination learning as a result, returning to central node server;
7th step, central node server generate combination learning report, support data miner to joint learning outcome
It obtains and uses.
Optionally, the contribution data person passes through contribution data person's management level of place back end, carries out data register
During access the setting of permission;
The access authority, to allowing using among the time of data, place, data miner, combination learning task
It is one or more to be specified.
Optionally, the data miner selects the data of public data permission and/or contribution data person to be assigned to the number
Combination learning is carried out according to the data of digger;
The data miner sets privately owned or openly for the combination learning example of oneself, allows other data miners
Disclosed combination learning example is inquired and studied.
Optionally, the metamessage of each back end, intermediate result upload in the combination learning with encrypted state
Heart control layer.
Optionally, before metamessage is uploaded to central node server, back end can be to center node server
Initiate the long-range enclave certification based on Intel's software protecting expansion service;
The safe calculation server uses Intel's software protecting expansion service, the intermediate knot uploaded to each back end
Fruit is summarized and is analyzed.
Optionally, the metamessage, internet protocol address and port comprising back end server, the text of initial data
Part title, description and the research method of support;The intermediate result is not related to the sensitive information of initial data;The intermediate knot
Fruit includes middle trained model, statistics parameter.
Another technical solution of the invention is a kind of medical data combination learning based on trust computing and secret protection
System can be adapted for medical data combination learning method of any one of the above based on trust computing and secret protection.
The medical data combination learning system includes:
Contribution data person's management level of each back end are arranged in several back end servers;
Central node server and safe calculation server are arranged in combination learning center control layer, with each back end
Server interaction;
Wherein, the back end server registration local data set, specified access authority, upload metamessage to center
Node server is put on record, and receive central node server local computing request, to the initial data being locally stored into
The local isolation of row calculates, and intermediate result is sent to safe calculation server and is summarized;
The central node server receives the combination learning request of data miner's initiation, by data miner's creation
The safe calculation server of combination learning instance notification, and local computing is sent to the back end that current Joint study request is related to
Request waits and receives the combination learning that safe calculation server is collected and summarized from corresponding data node and combines as a result, generating
Study is reported and returns to data miner.
Optionally, the back end server realizes management framework using Spring+Vue, and realizes this by C++
Ground isolation calculates;
The central node server is realized control framework using Spring boot+Vue, is disposed using Docker technology
In the hardware platform for being equipped with Docker-Compose;
The safe calculation server uses C++/Rust combination Intel software security expansion service.
Optionally, the back end server of the contribution data person management level configuration, local private data library, the first net
Page end interactive system, within the local firewall of place back end;
Based on the first page end interactive system, contribution data person accesses data node server by browser;
Data miner's alternation of bed is configured with the second page end interactive system, and data miner is accessed by browser
Central node server.
Compared with prior art, the medical data combination learning system of the present invention based on trust computing and secret protection
And method, the advantage is that:
The solution of the present invention is based on combination learning, passes through the central node server of combination learning center control layer, safety
Calculation server (trust computing region) and multiple back end servers of contribution data person's management level are implemented.It is all
It is related to the storage of original medical data, calculates in back end locally isolation progress, avoid privacy leakage from the root.This
Invention realizes stringent to data set and flexible authorization identifying, including being not limited to task based access control, user, when and where
Authorization.The non-sensitive metamessage of central node storing data collection is realized using a series of combination learning algorithms to medical data
Depth excavate.Meanwhile central node combination learning kernel program uses Intel SGX software protecting expansion service, it is ensured that
Calculate the safety of data and result under untrusted environment.
Detailed description of the invention
Fig. 1 is overall system structure figure of the present invention;
Fig. 2 is the combination learning request data format exemplary diagram that data miner is submitted by browser;
Fig. 3 is that center node server notifies safe calculation server combination learning instance parameter exemplary diagram;
Fig. 4 is the local computing request data format exemplary diagram that center node server is sent to back end;
Fig. 5, which calculates server for safety reasons and summarizes and be sent to the combination learning result data format of central node server, to be shown
Example diagram;
Fig. 6 is the combination learning report exemplary diagram that center node server generated and be returned to data miner;
Fig. 7 is the data acquisition system essential information exemplary diagram of back end server storage;
Fig. 8 is the raw data sample figure of back end server storage;
Fig. 9 is data acquisition system metamessage exemplary diagram of the back end server registration to central node server.
Specific embodiment
The principle of the present invention, feature, system flow are described below in conjunction with attached drawing, example is served only for explaining this
Invention, is not intended to limit the scope of the present invention.
As shown in Figure 1, the medical data combination learning scheme based on trust computing and secret protection, includes three parts:
First, contribution data person's management level;
Local management layer realizes contribution data, and person (such as hospital, the medical treatment big data owner such as medical research mechanism) is right
In the localization registration of all original medical data, storage and calculate.Specifically, all initial data of contribution data person are complete
Registration and storage are completed at local (within firewall) entirely.Meanwhile the calculating of related to initial data is also only limited in local
Isolation carries out.This design avoid from the root private data to outward leakage.
Local management layer to the central node server of combination learning center control layer, can only upload the member letter of initial data
Breath, such as internet protocol address (IP address) and the port of local server, the file name of initial data, description and support
Research method.Meanwhile in locally isolation calculating process, only intermediate result (such as middle trained model, statistics ginseng
Number) can be passed to combination learning center control layer safe zoning carry out safety summarize.
Intermediate data is not related to the privacy information of any data.For example, in variance analysis (ANOVA) test, it is local to take
Business device only returns to the average value and data volume of local data concentration, and what central node server was calculated whole according to these values is averaged
Value and data volume simultaneously return to local server.Local server according to these values, calculates local value and ensemble average value difference
Square, it returns again to and gives central node server, central node server obtains correlation, and operation obtains F statistical value again later, i.e.,
The p-value of test can be obtained in F distribution.
It emphasizes herein, the intermediate result of calculating is transmitted in an encrypted state, storage and trust computing.Even if center
Node server is held as a hostage, and the state and data of calculating will not be revealed.
During data register, the present invention devises stringent and flexible access privilege control mechanism.Such as based on connection
The authorization for closing learning tasks, based on the authorization of data set effective time, based on the authorization of specified data miner, based on geographical position
Set/the authorization, etc. of research institution.Specifically, whom contribution data person can specify, at what time, on what ground
Point is studied using the combination learning that the data set oneself provided carries out designation method.
Before uploading metamessage to central node server, local server can initiate to be based on to center node server
The long-range enclave of Intel's SGX trust calculation unit authenticates, and whether to carry out the trust calculation unit of authentication center node server
Through carrying out credible registration in Intel's authentication server.To guarantee metamessage and results of intermediate calculations transmission, storage and
Personal secrets in calculating process.
Second, combination learning center control layer
The data register of central node server is responsible for contribution data person, metamessage storage (are not related to any original number
According to), and the processing to the request of data miner's combination learning.Safe calculation server uses Intel's software protecting extension clothes
Business (SGX) is summarized and is analyzed to the intermediate result of local computing beyond the clouds, finally by result returned data digger interaction
Layer generates the report of combination learning result in browser end.
The encrypted intermediate result that each medical data node uploads can be loaded into the core journey of central node server
It carries out encrypting to summarize in sequence obtaining final learning outcome.Core of the invention program is serviced using the SGX that Intel provides, and is owned
Operation is carried out in the zoning encryption being trusted, and the safety of significant increase program operation realizes code and data
Privacy, integrality and availability.Specifically, kernel program only trusts the CPU of oneself and Intel, effectively prevents
Attack to oneself after bottom OS (operating system) is seized on both sides by the arms.The supplier for trusting cloud service can not be had in management simultaneously.
Third, data miner's alternation of bed;
Data miner's alternation of bed is configured with page end interactive system, and data miner can access this hair by browser
Bright combination learning interactive system completes user's registration, after verifying, can choose the data or some data of public data permission
The data that contributor is assigned to oneself carry out the combination learning of algorithms of different.Such as Chi-square Test, proportion risk regression, variance point
Analyse algorithm and Kolmogorov-Smirnove test etc..Meanwhile data miner also can choose the connection of oneself
It closes study example and is set as open or privately owned.Disclosed combination learning example can also be inquired and be ground by other data miners
Study carefully.
The present invention uses " combination learning " (Federated Learning) model realization shared to the safety of medical data
It is excavated with depth.As shown in Figure 1, combination learning model carries out local fortune using the server of each medical data contributor oneself
It calculates, encrypted intermediate result (statistical information, middle trained model etc.) is only uploaded into central node server and is pacified
Summarize entirely, all training datas (initial data) remain in original respective equipment.
That is, contribution data person possesses data ownership, initial data is retained in local, can for the object searched for or analyzed
To be all encrypted data.Data miner can execute encryption retrieval, guarantee the privacy of search target;Contribution data person can
To select rental data, and price is adjusted according to the market demand;If search result matches, data miner can choose lease
Corresponding data carry out combination learning analysis, and encrypted analysis parameter and combination learning operation result can only be by data miners
It extracts and checks.Contribution data person can choose nullifies registered data at any time.Once nullifying, encryption key is by pin
It ruins, data miner cannot be used continuously the data.
Illustratively, the present invention is each configured with local data management interactive system at contribution data person, is included in it
The back end server being arranged within ground firewall, and interact local private data library, page end interactive system.It is logical
Back end server is crossed further to hand over the central node server of combination learning center control layer and safe calculation server
Mutually.
The back end server realizes management level (framework is preferential) using Spring+Vue, and C++ realizes local isolation
It calculates (speed-priority).In contribution data person's management level, contribution data person uploads local data set (Fig. 7, Fig. 8), specifies and visits
It asks permission (such as limitation based on time, place, personnel, task), log-on data metamessage (Fig. 9) arrives central node server.
To realize that local isolation calculates, back end server receives central node server local isolation computation requests (Fig. 4), carries out
Locally isolation calculates the combination learning of corresponding method, and intermediate result is sent to safe calculation server and is summarized.
By taking proportional hazards regression models as an example, DF first derivative matrix and DDF second dervative is calculated in local isolation
Hessian matrix is sent to safe calculation server, and safe calculation server returns to not converged coefficient matrix, and both sides repeat this operation
Until the condition of convergence meets.
Skill is authenticated based on Intel enclave note that will do it before back end server and the communication of safe calculation server
The remote validation of art.
Exemplary central node server realizes combination learning center control layer using Spring boot+Vue framework,
It can be with rapid deployment in any hardware platform for being equipped with Docker-Compose using Docker technology.Central node server
It is responsible for receiving the combination learning request (Fig. 2) of data miner, notifies safe calculation server combination learning example (Fig. 3), to
Back end collection pocket transmission locally isolation computation requests (Fig. 4) that this time combination learning is related to waits and receives safety calculating clothes
The combination learning result (Fig. 5) that business device is collected (from back end cluster) and summarized generates combination learning result and reports and return
Give data miner (Fig. 6).
Exemplary safe calculation server (trust computing region) is extended using C++/Rust combination Intel's software security
It services (SGX), receives central node server consolidation study request (Fig. 3), summarize local isolation from back end cluster and calculate
As a result (by taking proportional hazards regression models as an example, intermediate result includes not converged coefficient matrix, DF first derivative matrix and DDF
Second dervative Hessian matrix), it calculates final result and is sent to central node server (Fig. 5).
The following are specific service process of the present invention citings:
The first step, contribution data person carry out data acquisition system (Fig. 7, Fig. 8) registration by local back end server, refer to
Determine the access authority of data acquisition system, effective time etc..All initial data are stored in local private data library, in firewall it
It is interior.Meanwhile back end server initiates to authenticate the enclave of center node server, confirms safe computations environment
Afterwards, central node server is sent by the metamessage of encryption (Fig. 9) to put on record.
Second step, data miner completes user's registration by interactive system, available based on own right search after verifying
Data acquisition system creates combination learning example.
Third step, data miner initiate combination learning request (Fig. 2) to central node server.
4th step, central node server (are based on data miner to all back end for being related to this combination learning
The data acquisition system of selection) issue local computing request (Fig. 4).
5th step, each back end carry out local isolation and calculate, carry out intermediate result with safe calculation server and (do not relate to
And initial data) interaction.
For example, (1) locally isolation calculating is calculated according to initial data in the combination learning of proportion risk regression testing model
DF first derivative matrix and DDF second dervative Hessian matrix out, are then sent to safe calculation server;(2) safety
Calculation server calculates not converged coefficient matrix, returns to back end server.(1) (2) operation is repeated until meeting convergence
Coefficient condition.The data transmission of this process pertains only to the Jacobian matrix and not converged parameter matrix of initial data, does not include and appoints
What primary data information (pdi).
Meanwhile all intermediate results (matrix reciprocal, not converged parameter matrix etc.) are transmitted in an encrypted state,
Trust computing region is decrypted and calculates.Even if the Cloud Server of deployment secure calculation server is kidnapped by attacker, also not
Intermediate result can be leaked.
6th step, safe calculation server summarize the local isolation calculated result for updating all back end, generate and defeated
Final combination learning result (Fig. 5) out, returns to central node server.
7th step, central node server generate combination learning report (Fig. 6), and data miner's inquiry or printing joint are learned
Practise result.
Fig. 2~Fig. 9 is by taking the combination learning of proportional hazards regression models as an example:
Fig. 2 is the example for the combination learning request data format that data miner is submitted by browser.Data miner
Combination learning request, such as provide the data attribute information of combination learning method: the property parameters list of selection is (containing attribute
Whether title can classify, attribute value etc.);Back end information: back end unique identifier (data set containing back end
Close unique identifier, data acquisition system literal name etc.), back end verbal description;Combination learning example information: title, whether
Disclosure, initial time, expected concluding time, remarks description, the combination learning owning user unique identifier etc..
Fig. 3 is that center node server notifies safe calculation server combination learning instance parameter example, is learned comprising joint
Practise unique identifier, the corresponding combination learning task attribute of each method, the back end list (unique identification containing back end
Symbol, network address and port, combination learning current state etc.).
Fig. 4 is the local computing request data format example that center node server is sent to back end, comprising local
Data acquisition system filename, it is local to be isolated whether computation attribute list (containing the corresponding attribute value of each attribute, Property Name and divide
The information of class), data acquisition system locally unique identifier.
Fig. 5, which calculates server for safety reasons and summarizes and be sent to the combination learning result data format of central node server, to be shown
Example includes combination learning data acquisition system attribute list, related coefficient, Z test value, P probability value etc..
Fig. 6 is the combination learning report example that center node server generated and be returned to data miner, is learned comprising joint
Practise abstract (title containing combination learning, founder, specific descriptions, open permission, creation time, deadline etc.);Combination learning
Parameter (containing Property Name, the back end for participating in this combination learning etc.);Combination learning result (is joined containing attribute-name, correlation
Number, P probability value, Z test value etc.).
Fig. 7 is the data acquisition system essential information example of back end server storage, (contains data acquisition system comprising data acquisition system
Local data base unique identifier, data combination title, data acquisition system description etc.), data acquisition system supports method (such as specific branch
Hold method, open permission, data acquisition system file name, authorized user, authorized organization, authorization start/end time etc.), data
Set abstract (containing attribute list, data volume, attributive classification quantity, classification value etc.).
Whether Fig. 8 is the raw data sample of back end server storage, comprising attribute list, can classify, attribute value
Deng.Fig. 9 is data acquisition system metamessage example of the back end server registration to central node server, includes data acquisition system member
Information list: the metamessage containing each data acquisition system is (such as whether can classify, attribute list, data acquisition system file name, local number
Described according to library unique identifier, the combination learning method of support, data acquisition system title, the classification number that can classify, data acquisition system,
Classification belonging to attribute, effective Start Date etc.);Back end title;Back end description;Back end token passing;Number
According to node network address and port;Back end user's name etc..
It should be understood that the above-mentioned description for preferred embodiment is more detailed, can not therefore be considered to this
The limitation of invention patent protection range, those skilled in the art under the inspiration of the present invention, are not departing from power of the present invention
Benefit requires to make replacement or deformation under protected ambit, fall within the scope of protection of the present invention, this hair
It is bright range is claimed to be determined by the appended claims.
Claims (10)
1. a kind of medical data combination learning method based on trust computing and secret protection, which is characterized in that
Combination learning center control layer, the person that receives contribution data are uploaded by contribution data person's management level of place back end
Non-sensitive metamessage is stored;The metamessage, corresponding to contribution data person initial data and do not include initial data
Sensitive information;
Combination learning center control layer receives data miner and is asked by the combination learning that data miner's alternation of bed is initiated
It asks and is handled;The safe zoning of control layer at combination learning center is based on initial data to each back end and carries out this
The isolation non-sensitive intermediate result that is calculated in ground is summarized and is analyzed, and by combination learning result returned data digger
Alternation of bed.
2. medical data combination learning method as described in claim 1, which is characterized in that
Combination learning center control layer is provided with central node server and safe calculation server, the data with each back end
The respectively arranged back end server of contributor's management level interacts;
The medical data combination learning method includes following procedure:
The first step, all initial data of contribution data person are registered within local firewall, are stored;Contribution data
Person accesses data node server by the first interactive system, carries out data acquisition system registration, specifies the access authority of data acquisition system
And effective time;All initial data are stored in local private data library, within firewall;Back end server will be first
Information is sent to central node server and puts on record;
Second step, data miner access central node server by the second interactive system, after completing user's registration and verifying,
Available data acquisition system is searched for based on own right, creates combination learning example;
Third step, data miner initiate combination learning request to central node server;
4th step, is based on the selected data acquisition system of data miner, and central node server is related to current Joint study request
And all back end issue local computing request;
5th step receives the back end of local computing request, by respective back end server, the base within firewall
Local isolation is carried out in initial data to calculate, and is carried out intermediate result with safe calculation server and interacted;The intermediate result is not
Include initial data;
6th step, the intermediate result that the local isolation of all back end is calculated in safe calculation server are summarized more
Newly, it generates and exports combination learning as a result, returning to central node server;
7th step, central node server generate combination learning report, support acquisition of the data miner to joint learning outcome
It uses.
3. medical data combination learning method as claimed in claim 1 or 2, which is characterized in that
The contribution data person passes through contribution data person's management level of place back end, carry out during data register
The setting of access authority;
The access authority, to allowing using one among the time of data, place, data miner, combination learning task
Or it multinomial is specified.
4. medical data combination learning method as claimed in claim 1 or 2, which is characterized in that
The data miner selects the data of public data permission and/or contribution data person to be assigned to the data miner's
Data carry out combination learning;
The data miner sets privately owned or openly for the combination learning example of oneself, allows other data miners to public affairs
The combination learning example opened is inquired and is studied.
5. medical data combination learning method as claimed in claim 1 or 2, which is characterized in that
The metamessage of each back end, intermediate result upload to combination learning center control layer with encrypted state.
6. medical data combination learning method as claimed in claim 2, which is characterized in that
Before metamessage is uploaded to central node server, back end can initiate center node server special based on English
The long-range enclave certification of your software protecting expansion service;
The safe calculation server use Intel's software protecting expansion service, to each back end upload intermediate result into
Row summarizes and analyzes.
7. medical data combination learning method as claimed in claim 1 or 2, which is characterized in that
The metamessage, internet protocol address and port comprising back end server, the file name of initial data, description
And the research method supported;The intermediate result includes middle trained model, statistics parameter.
8. a kind of medical data combination learning system based on trust computing and secret protection is appointed suitable for claim 1-7
Medical data combination learning method based on trust computing and secret protection described in meaning one,
It is characterized in that, the medical data combination learning system includes:
Contribution data person's management level of each back end are arranged in several back end servers;
Central node server and safe calculation server are arranged in combination learning center control layer, with each back end service
Device interaction;
Wherein, the back end server registration local data set, specified access authority, upload metamessage to central node
Server is put on record, and receives the local computing request of central node server, carries out this to the initial data being locally stored
Ground isolation calculates, and intermediate result is sent to safe calculation server and is summarized;
The central node server receives the combination learning request of data miner's initiation, the joint that data miner is created
Learn the safe calculation server of instance notification, and sends local computing to the back end that current Joint study request is related to and ask
It asks, waits and receive the combination learning that safe calculation server is collected and summarized from corresponding data node and learned as a result, generating joint
It practises and reports and return to data miner.
9. medical data combination learning system as claimed in claim 8, which is characterized in that
The back end server realizes management framework using Spring+Vue, and realizes that local isolation calculates by C++;
The central node server realizes control framework using Spring boot+Vue, is deployed in peace using Docker technology
Hardware platform equipped with Docker-Compose;
The safe calculation server uses C++/Rust combination Intel software security expansion service.
10. medical data combination learning system as claimed in claim 9, which is characterized in that
The back end server of the contribution data person management level configuration, local private data library, the first page end interaction system
System, within the local firewall of place back end;
Based on the first page end interactive system, contribution data person accesses data node server by browser;
Data miner's alternation of bed is configured with the second page end interactive system, and data miner accesses center by browser
Node server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910506663.3A CN110197084B (en) | 2019-06-12 | 2019-06-12 | Medical data joint learning system and method based on trusted computing and privacy protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910506663.3A CN110197084B (en) | 2019-06-12 | 2019-06-12 | Medical data joint learning system and method based on trusted computing and privacy protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110197084A true CN110197084A (en) | 2019-09-03 |
| CN110197084B CN110197084B (en) | 2021-07-30 |
Family
ID=67754466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910506663.3A Active CN110197084B (en) | 2019-06-12 | 2019-06-12 | Medical data joint learning system and method based on trusted computing and privacy protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110197084B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851786A (en) * | 2019-11-14 | 2020-02-28 | 深圳前海微众银行股份有限公司 | Longitudinal federated learning optimization method, device, equipment and storage medium |
| CN111079182A (en) * | 2019-12-18 | 2020-04-28 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and storage medium |
| CN111245903A (en) * | 2019-12-31 | 2020-06-05 | 烽火通信科技股份有限公司 | Joint learning method and system based on edge calculation |
| CN111400374A (en) * | 2020-03-18 | 2020-07-10 | 中国雄安集团数字城市科技有限公司 | Containerized data exploration isolation region oriented to data mining and using method thereof |
| CN112632567A (en) * | 2019-10-08 | 2021-04-09 | 杭州锘崴信息科技有限公司 | Multi-data-source full-flow encrypted big data analysis method and system |
| CN113159332A (en) * | 2020-01-23 | 2021-07-23 | 华为技术有限公司 | Method and device for realizing model updating |
| CN113312582A (en) * | 2021-08-02 | 2021-08-27 | 北京明略软件系统有限公司 | Media data delivery method |
| CN113517027A (en) * | 2020-04-09 | 2021-10-19 | 杭州锘崴信息科技有限公司 | Alliance learning system and method based on privacy protection and capable of realizing whole genome association analysis |
| CN115242409A (en) * | 2022-09-21 | 2022-10-25 | 环球数科集团有限公司 | Privacy calculation method and system based on zero-knowledge proof |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140136239A1 (en) * | 2007-12-19 | 2014-05-15 | Sam Stanley Miller | System for Electronically Recording and Sharing Medical Information |
| CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
| CN107358035A (en) * | 2017-06-28 | 2017-11-17 | 广东技术师范学院 | A kind of portable medical data digging system |
| CN108304380A (en) * | 2018-01-24 | 2018-07-20 | 华南理工大学 | A method of scholar's name disambiguation of fusion academic |
| CN108717861A (en) * | 2018-04-16 | 2018-10-30 | 上海交通大学 | A kind of medical data sharing method based on block chain |
| US20180316502A1 (en) * | 2017-04-27 | 2018-11-01 | Factom | Data Reproducibility Using Blockchains |
| CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
| CN109360611A (en) * | 2018-09-25 | 2019-02-19 | 湖北工业大学 | A kind of secret protection data digging system and method based on medical big data |
| CN109542856A (en) * | 2018-11-26 | 2019-03-29 | 上海基诺联生物科技有限公司 | A kind of Distributed data share system and method based on block chain |
| CN109800411A (en) * | 2018-12-03 | 2019-05-24 | 哈尔滨工业大学(深圳) | Clinical treatment entity and its attribute extraction method |
-
2019
- 2019-06-12 CN CN201910506663.3A patent/CN110197084B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140136239A1 (en) * | 2007-12-19 | 2014-05-15 | Sam Stanley Miller | System for Electronically Recording and Sharing Medical Information |
| CN106682530A (en) * | 2017-01-10 | 2017-05-17 | 杭州电子科技大学 | Method and device for medical information sharing privacy protection based on blockchain technology |
| US20180316502A1 (en) * | 2017-04-27 | 2018-11-01 | Factom | Data Reproducibility Using Blockchains |
| CN107358035A (en) * | 2017-06-28 | 2017-11-17 | 广东技术师范学院 | A kind of portable medical data digging system |
| CN108304380A (en) * | 2018-01-24 | 2018-07-20 | 华南理工大学 | A method of scholar's name disambiguation of fusion academic |
| CN108717861A (en) * | 2018-04-16 | 2018-10-30 | 上海交通大学 | A kind of medical data sharing method based on block chain |
| CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
| CN109360611A (en) * | 2018-09-25 | 2019-02-19 | 湖北工业大学 | A kind of secret protection data digging system and method based on medical big data |
| CN109542856A (en) * | 2018-11-26 | 2019-03-29 | 上海基诺联生物科技有限公司 | A kind of Distributed data share system and method based on block chain |
| CN109800411A (en) * | 2018-12-03 | 2019-05-24 | 哈尔滨工业大学(深圳) | Clinical treatment entity and its attribute extraction method |
Non-Patent Citations (1)
| Title |
|---|
| 雷婉: "权限分离的医疗数据安全共享机制研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632567A (en) * | 2019-10-08 | 2021-04-09 | 杭州锘崴信息科技有限公司 | Multi-data-source full-flow encrypted big data analysis method and system |
| CN110851786A (en) * | 2019-11-14 | 2020-02-28 | 深圳前海微众银行股份有限公司 | Longitudinal federated learning optimization method, device, equipment and storage medium |
| WO2021092980A1 (en) * | 2019-11-14 | 2021-05-20 | 深圳前海微众银行股份有限公司 | Longitudinal federated learning optimization method, apparatus and device, and storage medium |
| CN111079182A (en) * | 2019-12-18 | 2020-04-28 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and storage medium |
| CN111245903B (en) * | 2019-12-31 | 2022-07-01 | 烽火通信科技股份有限公司 | Joint learning method and system based on edge calculation |
| CN111245903A (en) * | 2019-12-31 | 2020-06-05 | 烽火通信科技股份有限公司 | Joint learning method and system based on edge calculation |
| CN113159332A (en) * | 2020-01-23 | 2021-07-23 | 华为技术有限公司 | Method and device for realizing model updating |
| WO2021147373A1 (en) * | 2020-01-23 | 2021-07-29 | 华为技术有限公司 | Method and device for implementing model update |
| CN113159332B (en) * | 2020-01-23 | 2024-01-30 | 华为技术有限公司 | Method and equipment for realizing model update |
| CN111400374A (en) * | 2020-03-18 | 2020-07-10 | 中国雄安集团数字城市科技有限公司 | Containerized data exploration isolation region oriented to data mining and using method thereof |
| CN111400374B (en) * | 2020-03-18 | 2023-05-23 | 中国雄安集团数字城市科技有限公司 | Data mining-oriented containerized data exploration isolation region and use method thereof |
| CN113517027A (en) * | 2020-04-09 | 2021-10-19 | 杭州锘崴信息科技有限公司 | Alliance learning system and method based on privacy protection and capable of realizing whole genome association analysis |
| CN113312582B (en) * | 2021-08-02 | 2021-11-23 | 北京明略软件系统有限公司 | Media data delivery method |
| CN113312582A (en) * | 2021-08-02 | 2021-08-27 | 北京明略软件系统有限公司 | Media data delivery method |
| CN115242409A (en) * | 2022-09-21 | 2022-10-25 | 环球数科集团有限公司 | Privacy calculation method and system based on zero-knowledge proof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110197084B (en) | 2021-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110197084A (en) | Medical data combination learning system and method based on trust computing and secret protection | |
| CN109413087A (en) | Data sharing method, device, digital gateway and computer readable storage medium | |
| CN104813328B (en) | trusted container | |
| US7571472B2 (en) | Methods and apparatus for credential validation | |
| CN107682331A (en) | Internet of Things identity identifying method based on block chain | |
| CN107172049A (en) | A kind of intelligent identity identification system | |
| CN107209701A (en) | Roll security platform | |
| CN104780177B (en) | The information security guarantee method of Internet of Things awareness apparatus high in the clouds analogue system | |
| US20210141940A1 (en) | Method and system for enhancing the integrity of computing with shared data and algorithms | |
| CN106161462A (en) | A kind of network security certification method | |
| CN102012989A (en) | Threshold and key-based authorization method in software as a service (SaaS) | |
| CN107911282A (en) | A kind of network system that third-party application implantation is realized towards social networks | |
| Xu et al. | A secure mutual authentication scheme of blockchain-based in WBANs | |
| CN101674324B (en) | Multiple-mobile-agent credible interaction method for information acquisition system in open network | |
| Singh et al. | Chaotic and Paillier secure image data sharing based on blockchain and cloud security | |
| CN114938382A (en) | Electronic medical record safety controllable sharing method based on alliance block chain | |
| Abubakar et al. | Blockchain-based platform for secure sharing and validation of vaccination certificates | |
| CN113889208B (en) | Block chain-based on-and-off-chain medical data sharing method, device and equipment | |
| Rajadevi et al. | Proof of Activity Protocol for IoMT Data Security. | |
| Mohammed et al. | Blockchain-enabled bioacoustics signal authentication for cloud-based electronic medical records | |
| CN102821163A (en) | 3D (three-dimensional) cloud service system for patients with infantile autism | |
| Mahamud et al. | A framework for covid-19 vaccine management system using blockchain technology | |
| Alhassan et al. | Threat modeling of electronic health systems and mitigating countermeasures | |
| Edwards et al. | FFDA: A novel four-factor distributed authentication mechanism | |
| Makka et al. | IoT based health monitoring and record management using distributed ledger |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Room 19207, Floor 2, Building 8, No. 498, Guoshoujing Road, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai, March 2012 Patentee after: Shanghai Nowei Information Technology Co.,Ltd. Address before: 200135 building C, No.888, Huanhu West 2nd Road, Nanhui new town, Pudong New Area, Shanghai Patentee before: Shanghai Lianyi Biotechnology Co.,Ltd. |