Specific embodiment
The feature and exemplary embodiment of the various aspects of this specification is described more fully below, in order to make this specification
Objects, technical solutions and advantages are more clearly understood, and below in conjunction with drawings and the specific embodiments, carry out to this specification further
Detailed description.
In order to solve prior art problem, this specification embodiment provides a kind of medical data processing method, device, sets
Standby and server.
In order to which this specification embodiment is better described, it is illustrated by system architecture of the Fig. 1 to this specification.Such as figure
Shown in 1, in the present specification, medical data is sent to server by network by Medical Devices, server to medical data into
Row decryption and verifying.If server is to medical data successful decryption and is verified, medical data is deposited on block chain
Card.
Fig. 2 shows the flow diagrams for the medical data processing method that this specification one embodiment provides.The medical treatment
Data processing method is applied to Medical Devices, and Medical Devices include security module, are stored with key pair in security module.
The private key of cipher key pair can be used by security module, and the public key of cipher key pair can export, and server can obtain
Public key is got, but is obtained less than private key.
In this specification one or more embodiment, security module includes safety chip.Safety chip can be one
The device of key generation, encryption and decryption can be independently carried out, inside possesses independent processor and storage unit, can store key and spy
Data are levied, encryption and Security Authentication Service are provided.It is encrypted with safety chip, key is stored in hardware, stolen number
According to that can not decrypt, to protect business privacy and data safety.
As shown in Fig. 2, the medical data processing method includes:
S102 obtains medical data, and medical data includes the inspection number that Medical Devices check target object
According to.
Wherein, Medical Devices check may include various inspections to target object, for example, to target object organ
Inspection, the cause of disease inspection of infectious disease, the symptom checking of infectious disease, the cause of disease inspection of hereditary disease, hereditary disease symptom checking.Quilt
The target object of inspection may include human body, and examined target object can also include other living bodies certainly, for example be raised
Feeding animals and plants.
The inspection data that Medical Devices check target object may include the sensor output of Medical Devices
Inspection result.For example, the inspection result that the sensor of Medical Devices exports includes: blood pressure, palmic rate, heart rate, blood glucose etc.
Parameter.
Medical Devices are to the objective measurement of inspected object by certain measuring principle as a result, can refer to independent or group
Instrument, equipment, utensil, material or other articles for being used in inspected object are closed, also include required software.Medical treatment is set
Standby may include professional medical equipment, also may include domestic medical device.For example, Medical Devices include being based on electronic component
With the digital equipment of sensor.
In this specification one or more embodiment, medical data further includes following one or a variety of combinations: medical treatment
The configuration information of equipment, the health information of Medical Devices, the identification information of Medical Devices, the information of target object.
Wherein, the configuration information of Medical Devices may include configuration parameter when Medical Devices are checked, Medical Devices
Model;The health information of Medical Devices includes: whether Medical Devices equipment when checking exception occurs;Medical Devices
Identification information may include identity (Identification, the ID) code of Medical Devices or the sequence of Medical Devices
Number;The information of target object may include: the name, identification card number, social security number of target object.In addition to this, medical data is also
It may include the review time.
For example, medical data includes: inspected object Zhang San, 12:00 in 1 day January 2019 review time, passes through sphygmomanometer
Inspection result, low pressure 100unit, high pressure 200unit.
S104 encrypts medical data and is signed according to the private key of cipher key pair.
In this specification one or more embodiment, medical data is encrypted according to the private key of cipher key pair, root
It signs according to the medical data of the private key pair encryption of cipher key pair.
S106 will be sent to server by the medical data for encrypting and signing, so that server carries out medical data
It decrypts and signature is verified, to judge whether medical data depositing card on block chain.
By storing key pair in the security module of Medical Devices, according to the private key in the secret key pair to medical data into
Row encryption and signature will be sent to server by the medical data of encryption and signature.If server is to medical data success
It decrypts and signature verification is passed through, illustrate that medical data is not tampered with after issuing from Medical Devices, medical data is can
Medical data is deposited card by the data leaned on block chain.Block chain have can not tamper, once medical data is stored in area
On block chain, medical data can not be distorted, so that the medical data being stored on block chain is true and reliable.
Fig. 3 shows the flow diagram of the medical data processing method of another embodiment of this specification offer.Such as Fig. 3
It is shown, medical data is encrypted, encrypted data chunk is obtained, wherein the medical data includes Medical Devices to target object
The inspection data and facility information checked, facility information include: the fortune of the configuration information of Medical Devices, Medical Devices
The identification information of row condition information and Medical Devices.It is signed, is obtained using the private key pair encryption data block of cipher key pair
To the signature of encrypted data chunk.Encrypted data chunk, the signature of encrypted data chunk and other data are sent to service by Medical Devices
Device.Other data may include the timestamp of encryption.
Wherein, medical data is sent to server by network channel by Medical Devices, and network channel may include safety
Channel, for example, exit passageway includes Virtual Private Network (Virtual Private Network, VPN), based on safe socket
The channel of layer (Secure Sockets Layer, SSL) is based on secure transport layer protocol (Transport Layer
Security, TLS) channel.
In this specification one or more embodiment, step S102 and S104, which can be by security module, to be executed.
In this specification one or more embodiment, device certificate is also stored in security module.The device certificate can
It is whether reliable to characterize Medical Devices.It may include the information of the mechanism of authentication of medical equipment, equipment card in the device certificate
It can also include the information of Medical Devices manufacturer in book.For example, including: the trade name and medical treatment of Medical Devices in device certificate
Equipment is authenticated by reputable organizations.Medical Devices when production preset key to and device certificate.
Medical data processing method further include:
According to the private key of cipher key pair, device certificate is encrypted and is signed;It will be by the equipment of encryption and signature card
Book is sent to server, so that server is decrypted device certificate and verifies to signature, to judge whether to cure
It treats data and deposits card on block chain.
Wherein, device certificate is encrypted according to the private key of cipher key pair, according to the private key pair encryption of cipher key pair
Device certificate is signed;The signature of device certificate and device certificate by encryption is sent to server;If server
Pass through to medical data successful decryption, to the signature verification of medical data, to device certificate successful decryption and to device certificate
Signature verification pass through, then illustrate medical data be it is reliable, medical data can be deposited on block chain card, further said
Whether bright medical data is issued to the process received on the server from Medical Devices safe.
In this specification one or more embodiment, medical data processing method further include:
Server is received to medical data successful decryption and medical number that pass through to signature verification in the case where sends
According to;The medical data that display server is sent.
If server to medical data successful decryption and passes through signature verification, illustrate medical data be it is reliable,
It is not tampered with, medical data that is this is reliable, being not tampered with is sent to Medical Devices, is shown by Medical Devices, is cured in this way
Treating the medical data that equipment is shown is also reliably, is not tampered with.
Fig. 4 shows the flow diagram of the medical data processing method of another embodiment of this specification offer.The doctor
It treats data processing method and is used for server, server may include physical server or Cloud Server.
As shown in figure 4, medical data processing method includes:
S202 receives the medical data by encryption and signature that Medical Devices are sent.
S204 obtains the public key stored in the security module of Medical Devices.
S206 is decrypted medical data and verifies to the signature of medical data according to public key.
S208, if passing through to medical data successful decryption, and to the signature verification of medical data, then by medical data in area
Card is deposited on block chain.
If passed through to medical data successful decryption, and to the signature verification of medical data, illustrate that medical data is being taken up a job as a doctor
During treating equipment to server, medical data is not tampered with, i.e., the medical data is reliable, medical data can be existed
Card is deposited on block chain.Since block chain has the characteristic that can not be distorted, medical data is stored on block chain, avoids curing
Data are treated to be tampered.Whether the medical data that the medical data on block chain can be used for verifying user's offer is reliable.
For example, user A, in physical examination, the medical data checked user A is sent to server by Medical Devices, by servicing
The medical data of user A is stored on block chain by device.User A provides a physical examination report, insurance company to insurance company
In order to verify the authenticity of this part of physical examination report, medical data when user A physical examination is obtained from block chain, it will be from block chain
The medical data of acquisition is compared with the content of the user A physical examination report provided to insurance company.If the two is consistent, explanation
The content for the physical examination report that user A is provided is true and reliable, is not tampered with, and can enter process of insuring.
In this specification one or more embodiment, it includes: by medical data that medical data is deposited to card on block chain
It is stored on block chain.
In this specification one or more embodiment, it includes: by medical data that medical data is deposited to card on block chain
Digital digest be stored on block chain.
For example, medical data is packaged into the report of medical examination result, medical examination result report cochain is fixed, or
The digital digest cochain that medical examination result is reported is fixed.
Block chain can be based in many ways for a kind of network system of knowledge, have data be stored on chain cannot be tampered,
The characteristics of deletion.
In this specification one or more embodiment, block chain includes alliance's chain.For example, medical data can will be saved
Alliance's chain be named as " medical examination report chain ".
The node of alliance's chain includes following one or a variety of combinations: the node of medical institutions, medical data user
Node, the node of notarization medical data, regulatory agency node.
Fig. 5 shows the structural schematic diagram of alliance's chain of this specification one embodiment offer.The node of alliance's chain includes
The node of medical institutions, the node of medical data user, the node of notarization medical data and regulatory agency node.
Wherein, the node of medical institutions may include the node of hospital;The node of medical data user may include having
The node of the data user of stake, for example, the node of insurance company;The node of notarization medical data may include being used for
The reliable node of notarization medical data;The node of regulatory agency may include the node of government monitoring agencies.The node of alliance's chain
It is more, illustrate that the mechanism for supervising the medical data on alliance's chain is more, the medical data on alliance's chain is more reliable.
The quantity of the node of the same type can be one or more, for example, there are three notarization medical treatment in alliance's chain
The node of data, two medical data users node.
In this specification one or more embodiment, medical data processing method further include:
Receive the device certificate by encryption and signature that Medical Devices are sent;It is deposited according in the security module of Medical Devices
The public key of storage is decrypted device certificate and verifies to the signature of device certificate, with to medical data successful decryption,
The signature verification of medical data is passed through, passes through and authenticates to device certificate successful decryption, to the signature verification of device certificate
In the case that the mechanism of Medical Devices is in legal entity's list, medical data is deposited into card on block chain.
It include certification in the plaintext of device certificate if obtaining the plaintext of device certificate to device certificate successful decryption
The information of the mechanism of Medical Devices, judge the mechanism of authentication of medical equipment whether in scheduled legal entity's list, if so,
Then illustrating Medical Devices is reliably that it is reliable for further relating to the inspection data that Medical Devices check target object
's.In this case, medical data is deposited on block chain card, further ensure that the medical number for depositing card on block chain
According to being true, reliable.
In this specification one or more embodiment, medical data processing method further include:
If passing through to medical data successful decryption, and to the signature verification of medical data, then medical data is sent to doctor
Equipment is treated, so that Medical Devices are shown.
In this specification one or more embodiment, medical data processing method further include:
Pass through to medical data successful decryption, to the signature verification of medical data, to device certificate successful decryption, to setting
In the case that the signature verification of standby certificate passes through and the mechanism of authentication of medical equipment is in legal entity's list, by medical data
Medical Devices are sent to, so that Medical Devices are shown.
In this specification one or more embodiment, medical data processing method further include:
If passing through to medical data successful decryption, and to the signature verification of medical data, then medical data is stored in number
According in library.
In this specification one or more embodiment, medical data processing method further include:
If pass through to medical data successful decryption, to the signature verification of medical data, to device certificate successful decryption, to setting
The signature verification of standby certificate passes through and the mechanism of authentication of medical equipment is in legal entity's list, then is stored in medical data
In database.
The step S102 in above-described embodiment can be executed before saving medical data in the database.It is executing
It, will if server passes through to medical data successful decryption and to signature verification after step S106 in above-described embodiment
Medical data saves in the database.
The medical data processing method in this specification one or more embodiment is carried out further below by Fig. 6
Explanation.
As shown in fig. 6, Medical Devices include sensor and safety chip, sensor checks target object and is examined
Look into data.Be stored with key pair and device certificate in safety chip, safety chip obtain the inspection data that sensor checks,
The identification information of the configuration information of Medical Devices, the health information of Medical Devices, Medical Devices, these information conducts
Medical data to be encrypted;Safety chip encrypts medical data according to the private key of cipher key pair of its storage, and to adding
Close medical data is signed, and will be sent to server by network by the medical data for encrypting and signing.
In addition, safety chip encrypts device certificate according to the private key of the cipher key pair of its storage, and to encryption
Device certificate is signed, and will be sent to server by the device certificate for encrypting and signing.
It should be noted that the sequencing for sending medical data and device certificate is not limited herein, it can will be medical
Data and device certificate are sent to server together, can also first send medical data and retransmit device certificate, can also first send out
Device certificate is sent to retransmit medical data.
The public key stored in the safety chip of server acquisition Medical Devices, is decrypted medical data according to the public key
And the signature of medical data is verified.And according to the public key stored in safety chip, to the device certificate of encryption into
Row is decrypted and is verified to the signature of device certificate, and obtains the mechanism of authentication of medical equipment in the plaintext of device certificate.
If server passes through to medical data successful decryption, to the signature verification of medical data, successfully solves to device certificate
It is close, the signature verification of device certificate is passed through, the mechanism of authentication of medical equipment is in legal entity's list, then server will decrypt
Medical data afterwards deposits card on block chain, and also saves the medical data after decryption in the database.Wherein, equipment is demonstrate,proved
It include the organization information of Medical Devices in the plaintext of book.The quantity of above-mentioned Medical Devices can be one or more, in Fig. 6,
The quantity at least two of Medical Devices.
Actually medical data it is true, be reliably very important.Such as insurance company can be according to intention the insured
Certain audit report be made whether receive insure, formulate which kind of compensation standard decision.Because being related to interest relations,
The insured, which exists, to forge medical data, distorts to reach the motivation of the purpose of insurance fraud, the concealment state of an illness.If the insured is pseudo-
It makes, distort medical data and insurance fraud, then certain loss can be brought to insurance company.
Drugmaker publicizes the clinical effectiveness of its drug by medical data, to realize the marketing of drug.If system
Medicine company distorts medical data and expands clinical drug effect, then people eat the drug can bring damage to people's health.
Employing unit can be made whether the decision of admission according to the physical examination report of intention job hunter.If job hunter's forgery,
Physical examination report is distorted, the health of actually job hunter does not meet the requirement of employing unit, certain damage can be brought to employing unit
It loses.
The manufacturer of Medical Devices in order to obtain medical certification, the manufacturer of Medical Devices be likely to forge clinical detection report with
Achieve the purpose that juggle regulatory agency.
It conflicts between doctors and patients, hospital is accused of distorting inspection result to shirk Responsibility in Medical Negligence.
It can be seen that medical data it is true, be reliably very important, and in this specification one or more embodiment
Medical data processing method avoid distorting doctor from the source of medical data by encrypting medical data and being signed
Data are treated, enables medical data objectively to reflect actual conditions, guarantees the true, reliable of medical data.
This specification embodiment provides a kind of Medical Devices, comprising: security module is stored with key pair in security module.
Security module, according to the private key of cipher key pair, encrypts medical data and is signed for obtaining medical data;
It will be sent to server by the medical data of encryption and signature, so that server is decrypted medical data and to signature
It is verified, to judge whether medical data depositing card on block chain.Wherein, medical data includes Medical Devices to target pair
As the inspection data checked.
In one or more embodiments of this specification, security module is also used to store device certificate, according to key pair
In private key, device certificate is encrypted and is signed;It will be sent to server by the device certificate of encryption and signature, so that
Server is decrypted device certificate and verifies to signature, to judge whether to deposit medical data on block chain
Card.
Fig. 7 shows the structural schematic diagram of the medical data processing unit of this specification one embodiment offer.Such as Fig. 7 institute
Show, it further includes communication module 304 and display module 306 that Medical Devices 300, which include not only security module 302,.
Communication module 304 is for receiving server to medical data successful decryption and the case where pass through to signature verification
The medical data of lower transmission.
Display module 306 is used for the medical data that display server is sent.
Fig. 8 shows the structural schematic diagram of the Medical Devices of another embodiment of this specification offer.As shown in figure 8, should
Medical Devices 400 include: that sensor 402, display module 404, memory 406, processor 408, safety chip 410 and communication connect
Mouth 412.
Sensor 402 obtains checking data for checking the health status of target object.
Display module 404 is used to show inspection data.
Memory 406 is for storing computer program instructions.
Processor 408 realizes the inspection data for obtaining sensor 402, Medical Devices when being used to execute computer program instructions
The identification information of 400 configuration information, the health information of Medical Devices 400, Medical Devices 400, and it is sent to peace
Full chip 410.
Safety chip 410 is used for the inspection data of sensor 402, the configuration information of Medical Devices 400, Medical Devices
400 health information, the identification information of Medical Devices 400 are encrypted and are signed.
Communication interface 412 is used to that server will to be sent to by the data of encryption and signature.
Fig. 9 shows the structural schematic diagram of the medical data processing unit of this specification one embodiment offer.The medical treatment
Data processing equipment 500 is applied to server, which includes: the first data reception module 502, public affairs
Key obtains module 504, the first decryption verification module 506 and cochain module 508.
First data reception module 502 is used to receive the medical data by encryption and signature of Medical Devices transmission.
Public key acquisition module 504 is used to obtain the public key stored in the security module of Medical Devices.
First decryption verification module 506 is used to medical data be decrypted and according to public key to the signature of medical data
It is verified.
Cochain module 508 is used for medical data successful decryption, and the case where pass through to the signature verification of medical data
Under, medical data is deposited into card on block chain.
In this specification one or more embodiment, medical data processing unit 500 further includes data transmission blocks.
Data transmission blocks are used for medical data successful decryption, and the case where pass through to the signature verification of medical data
Under, medical data is sent to Medical Devices, so that Medical Devices are shown.
In this specification one or more embodiment, medical data processing unit 500 further includes data storage module.
Data storage module is used for medical data successful decryption, and the case where pass through to the signature verification of medical data
Under, medical data is saved in the database.
In this specification one or more embodiment, medical data processing unit 500 further include: the second data reception
Block and the second decryption verification module.
Second data reception module is used to receive the device certificate by encryption and signature of Medical Devices transmission.
Second decryption verification module is used to that device certificate to be decrypted according to public key and carries out to the signature of device certificate
Verifying.
Cochain module 508 is used to pass through to medical data successful decryption, to the signature verification of medical data, demonstrate,prove equipment
Book successful decryption passes through the signature verification of device certificate and feelings of the mechanism of authentication of medical equipment in legal entity's list
Under condition, medical data is deposited into card on block chain.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
Figure 10 shows the structural schematic diagram of the server of this specification one embodiment offer.As shown in Figure 10, the clothes
Business device may include processor 601 and the memory 602 for being stored with computer program instructions.
Specifically, above-mentioned processor 601 may include central processing unit (CPU) or specific integrated circuit
(Application Specific Integrated Circuit, ASIC), or may be configured to implement this specification reality
Apply one or more integrated circuits of example.
Memory 602 may include the mass storage for data or instruction.For example it rather than limits, memory
602 may include hard disk drive (Hard Disk Drive, HDD), floppy disk drive, flash memory, CD, magneto-optic disk, tape or logical
With the combination of universal serial bus (Universal Serial Bus, USB) driver or two or more the above.It is closing
In the case where suitable, memory 602 may include the medium of removable or non-removable (or fixed).In a suitable case, it stores
Device 602 can be inside or outside synthesized gateway disaster tolerance equipment.In a particular embodiment, memory 602 is nonvolatile solid state
Memory.In a particular embodiment, memory 602 includes read-only memory (ROM).In a suitable case, which can be
ROM, programming ROM (PROM), erasable PROM (EPROM), the electric erasable PROM (EEPROM), electrically rewritable of masked edit program
The combination of ROM (EAROM) or flash memory or two or more the above.
Processor 601 is by reading and executing the computer program instructions stored in memory 602, to realize above-mentioned implementation
Any one medical data processing method in example.
In one example, server may also include communication interface 603 and bus 610.Wherein, as shown in Figure 10, it handles
Device 601, memory 602, communication interface 603 connect by bus 610 and complete mutual communication.
Communication interface 603 is mainly used for realizing in this specification embodiment between each module, device, unit and/or equipment
Communication.
Bus 610 includes hardware, software or both, and the component of server is coupled to each other together.For example rather than
Limitation, bus may include accelerated graphics port (AGP) or other graphics bus, enhance Industry Standard Architecture (EISA) bus, is preceding
Hold bus (FSB), super transmission (HT) interconnection, the interconnection of Industry Standard Architecture (ISA) bus, infinite bandwidth, low pin count (LPC) total
Line, memory bus, micro- channel architecture (MCA) bus, peripheral component interconnection (PCI) bus, PCI-Express (PCI-X) are total
Line, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association part (VLB) bus or other suitable buses or
The combination of two or more the above of person.In a suitable case, bus 610 may include one or more buses.Although
Specific bus has been described and illustrated in this specification embodiment, but this specification considers any suitable bus or interconnection.
The server can execute the medical data processing method in this specification embodiment, thus realize in conjunction with Fig. 4 and
The medical data treating method and apparatus of Fig. 9 description.
In addition, in conjunction with the medical data processing method in above-described embodiment, this specification embodiment can provide a kind of calculating
Machine storage medium is realized.Computer program instructions are stored in the computer storage medium;The computer program instructions are located
Reason device realizes any one medical data processing method in above-described embodiment when executing.
It should be clear that this specification is not limited to specific configuration described above and shown in figure and place
Reason.For brevity, it is omitted here the detailed description to known method.In the above-described embodiments, if having been described and illustrated
Specific step is done as example.But the method process of this specification is not limited to described and illustrated specific steps, this
The technical staff in field can be variously modified, modification and addition, or change the step after understanding the spirit of this specification
Between sequence.
Functional block shown in structures described above block diagram can be implemented as hardware, software, firmware or their group
It closes.When realizing in hardware, it may, for example, be electronic circuit, specific integrated circuit (ASIC), firmware appropriate, insert
Part, function card etc..When being realized with software mode, the element of this specification be used to execute the program of required task or
Code segment.Perhaps code segment can store in machine readable media program or the data-signal by carrying in carrier wave exists
Transmission medium or communication links are sent." machine readable media " may include any Jie for capableing of storage or transmission information
Matter.The example of machine readable media include electronic circuit, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM),
Floppy disk, CD-ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can be via such as internet, interior
The computer network of networking etc. is downloaded.
It should also be noted that, the exemplary embodiment referred in this specification, is based on a series of step or device
Certain methods or system are described.But this specification is not limited to the sequence of above-mentioned steps, that is to say, that can be according to implementation
The sequence referred in example executes step, may also be distinct from that the sequence in embodiment or several steps are performed simultaneously.
The above, the only specific embodiment of this specification, those skilled in the art can be understood that
It arrives, for convenience of description and succinctly, system, the specific work process of module and unit of foregoing description can refer to aforementioned
Corresponding process in embodiment of the method, details are not described herein.It should be understood that the protection scope of this specification is not limited thereto, appoint
What those familiar with the art can readily occur in various equivalent modifications in the technical scope that this specification discloses
Or replacement, these modifications or substitutions should all cover within the protection scope of this specification.
Herein, relational terms such as first and second and the like be used merely to by an entity or operation with it is another
One entity or operation distinguish, and without necessarily requiring or implying between these entities or operation, there are any this reality
Relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to the packet of nonexcludability
Contain, so that the process, method, article or equipment for including a series of elements not only includes those elements, but also including
Other elements that are not explicitly listed, or further include for elements inherent to such a process, method, article, or device.
In the absence of more restrictions, the element limited by sentence " including ... ", it is not excluded that in the mistake including the element
There is also other identical elements in journey, method, article or equipment.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.