CN111884795B - Medical information data desensitization secrecy and restoration method and system - Google Patents

Medical information data desensitization secrecy and restoration method and system Download PDF

Info

Publication number
CN111884795B
CN111884795B CN202010706541.1A CN202010706541A CN111884795B CN 111884795 B CN111884795 B CN 111884795B CN 202010706541 A CN202010706541 A CN 202010706541A CN 111884795 B CN111884795 B CN 111884795B
Authority
CN
China
Prior art keywords
data
desensitization
key
codebook
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010706541.1A
Other languages
Chinese (zh)
Other versions
CN111884795A (en
Inventor
文建全
邹驰华
王先知
吴翊
唐起华
黄刊迪
甘慧兵
茅青
梁绪冬
张君玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Trasen Technology Co ltd
Original Assignee
Hunan Trasen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Trasen Technology Co ltd filed Critical Hunan Trasen Technology Co ltd
Priority to CN202010706541.1A priority Critical patent/CN111884795B/en
Publication of CN111884795A publication Critical patent/CN111884795A/en
Application granted granted Critical
Publication of CN111884795B publication Critical patent/CN111884795B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/101Collaborative creation, e.g. joint development of products or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Abstract

The invention discloses a medical information data desensitization secrecy and restoration method, which comprises the following steps: step one, generating a key k; step two, carrying out irreversible desensitization on the key k and the source data p to obtain desensitization data p 2; performing reversible desensitization on the key k and the source data p to obtain encrypted data c; step four, establishing a cipher book D; the key of the codebook D is p2, and the value is c; the key k and the codebook D are respectively kept by two departments, and desensitization data p2 are positioned on a data query platform; and step five, when the source data is queried, querying the encrypted data c corresponding to the p2 in the codebook D by taking the p2 as a query basis, and decrypting the encrypted data c by using the key k to obtain the source data p. The invention can restore desensitization data to source data only by double verification when inquiring the source data, thereby greatly improving the security of the data.

Description

Medical information data desensitization secrecy and restoration method and system
The technical field is as follows:
the invention belongs to the field of information security, and particularly relates to a medical information data desensitization secrecy and restoration method and system.
Background art:
in the cooperative process of hospitals and other platforms, a system can transmit a large amount of data, and in the data transmission process, the problems of serious personal information leakage and the like are always caused by external and internal data stealing and direct copying of sensitive data. In order to prevent third-party personnel from maliciously restoring desensitization data and using personal user information to carry out malicious behaviors such as medical fraud and the like, a dual-verification desensitization restoration system is provided, single-factor decryption is converted into multi-factor decryption, the restoring difficulty is increased, and the risk that reversible desensitization data are maliciously restored can be effectively weakened by physically isolating and respectively keeping a codebook and a secret key. Even if one of the cipher book or the secret key is obtained, the sensitive data cannot be restored by unauthorized personnel, the confidentiality of core data is ensured, the protection capability of the sensitive data and the personal user data of the unified medical data platform is improved, the overall safety level of the unified medical information sharing exchange platform is improved, and the requirement of compliance is met.
The noun interpretation:
AES: a symmetric block encryption technique uses 128-bit blocks to encrypt data.
HMAC: an abbreviation of Hash-based Message Authentication Code (Hash-based Message Authentication Code) for key correlation is proposed by h.krawezyk, m.bellare, r.canetti in 1996 as a method for performing Message Authentication based on a Hash function and a key.
The invention content is as follows:
the invention aims to provide a method and a system for desensitizing, keeping secret and restoring medical information data. The invention desensitizes a source database generated by a hospital, generates 3 parts including desensitized data, a key and a cipher text, stores the key and the cipher text in two departments, and sends the desensitized data to other data platforms. When other platforms need source data, two times of verification are needed to restore desensitization data to source data, and data security is greatly improved.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a medical information data desensitization secrecy and recovery method comprises the following steps:
step one, generating a key k;
step two, carrying out irreversible desensitization on the key k and the source data p to obtain desensitization data p 2;
step three, reversible desensitization is carried out on the secret key k and the source data p, and encrypted data c are obtained;
step four, establishing a cipher book D; the key of codebook D is p2 with value c; the key k and the codebook D are respectively kept by at least two authorized terminals, and desensitization data p2 are located on a data query platform; and step five, when the source data is queried, querying the encrypted data c corresponding to the p2 in the codebook D by taking the p2 as a query basis, and decrypting the encrypted data c by using the key k to obtain the source data p.
In a further improvement, in the second step, the method for irreversible desensitization is an HMAC method.
In a further improvement, the reversible desensitization method is a symmetric encryption method.
In a further improvement, the symmetric encryption method is an AES method.
In a further improvement, the authorization terminal is different departments in the hospital, such as a principal and a special manager of a hospital information center, applies for data decryption and decryption during decryption, sends decryption applications to the principal and the special manager of the hospital information center in an email or OA flow mode through the data query platform, and performs data decryption and decryption in the background after the authorization terminal respectively authorizes and agrees.
A medical information data desensitization secrecy and recovery system comprises a source data module for storing source data p, a key module for generating a key k, a desensitization processing module, a codebook module for storing a codebook D, and a desensitization data module for storing desensitization data p 2; the desensitization processing module comprises a desensitization module for performing irreversible desensitization processing on source data p and a key k, a reversible desensitization module for performing reversible desensitization on the source data p and the key k to generate encrypted data c, and a cipher book generation module for generating a cipher book D by corresponding the encrypted data c and the desensitization data p2 one by one according to the source data p; codebook D has a key of p2 and a value of c
The system also comprises an input query module for inputting desensitization data p2 for data query; and a desensitization recovery module for decryption according to desensitization data p2, codebook D and key k
The invention has the advantages that:
the invention desensitizes a source database generated by a hospital, generates 3 parts including desensitized data, a key and a cipher text, stores the key and the cipher text in two departments, and sends the desensitized data to other data platforms. When other platforms need source data, two times of verification are needed to restore desensitization data to source data, and data security is greatly improved.
Description of the drawings:
FIG. 1 is a schematic overall flow diagram of the present invention;
FIG. 2 is a data processing diagram of a desensitization processing module of the present invention;
FIG. 3 is a data processing diagram of the desensitization reduction module of the present invention.
The specific implementation mode is as follows:
in order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below. Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
Example 1
The steps of the invention are shown in figure 1:
1. a key k is generated.
2. Irreversible desensitization is performed on the source data p, and hmac (p2, k) is calculated to obtain desensitization data p 2.
3. Calculating AES (p, k) results in c being stored in "codebook" (another database) D, with a key of p2 and a value of c.
4. When the source data needs to be queried, the corresponding reversible data c (query result) is queried in the query D by taking p2 as a query basis, and then the reversible data c is decrypted into the source data p by using the key k.
The invention realizes the separation of desensitization data, the cipher book and the secret key by utilizing the irreversibility of hmac and the reversibility of AES.
1. When the outside person only grasps: desensitize the data + key, he cannot restore the data.
2. When the outside personnel grasp: desensitized data + codebook, he still cannot restore data.
3. When the outside personnel grasp: codebook + key, which can recover the value of the codebook, but due to the irreversibility of the key, it cannot map the source data to desensitized data.
The invention desensitizes a source database generated by a hospital, generates 3 parts including desensitized data, a key and a cipher text, stores the key and the cipher text in two departments, and sends the desensitized data to other data platforms. When other platforms need the source data, two verifications are needed to restore the desensitized data to the source data.
The above-mentioned embodiment is only a specific embodiment of the present invention, and is not meant to be a limitation of the present invention, and any simple modification and replacement thereof are within the scope of the present invention.

Claims (6)

1. A medical information data desensitization secrecy and recovery method is characterized by comprising the following steps:
step one, generating a secret key k;
step two, carrying out irreversible desensitization on the key k and the source data p to obtain desensitization data p 2;
performing reversible desensitization on the key k and the source data p to obtain encrypted data c;
step four, establishing a codebook D; the key of the codebook D is p2, and the value is c; the key k and the cipher book D are respectively sent to at least two authorized terminals for storage, and desensitization data p2 are located on a data query platform;
and step five, when the source data is queried, querying the encrypted data c corresponding to the p2 in the codebook D by taking the p2 as a query basis, and decrypting the encrypted data c by using the key k to obtain the source data p.
2. The method for desensitizing privacy and recovery of medical information data according to claim 1, wherein in the second step, the irreversible desensitization method is an HMAC method.
3. The method for desensitizing privacy and recovery of medical information data according to claim 1, wherein said reversible desensitization method is a symmetric encryption method.
4. The method for desensitizing privacy and recovery of medical information data according to claim 3, wherein said symmetric encryption method is AES method.
5. The method for desensitizing confidentiality and recovery of medical information data according to claim 3, wherein the authorized terminals are respectively different departments within a hospital.
6. A medical information data desensitization secrecy and recovery system is characterized by comprising a source data module for storing source data p, a key module for generating a key k, a desensitization processing module, a codebook module for storing a codebook D and a desensitization data module for storing desensitization data p 2;
the desensitization processing module comprises a desensitization module for performing irreversible desensitization processing on source data p and a key k to obtain desensitization data p2, a reversible desensitization module for performing reversible desensitization on the source data p and the key k to generate encrypted data c, and a cipher book generating module for generating a cipher book D by one-to-one correspondence between the encrypted data c and the desensitization data p2 according to the source data p; the key of the codebook D is p2, and the value is c;
the system further comprises an input query module used for inputting desensitization data p2 to perform data query and a desensitization restoration module used for decrypting according to desensitization data p2, the codebook D and the secret key k, when source data are queried, the p2 serves as a query basis, encrypted data c corresponding to the p2 are queried in the codebook D, the encrypted data c are decrypted by the secret key k to obtain the source data p, and the secret key k and the codebook D are respectively sent to at least two authorized terminals to be stored.
CN202010706541.1A 2020-07-21 2020-07-21 Medical information data desensitization secrecy and restoration method and system Active CN111884795B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010706541.1A CN111884795B (en) 2020-07-21 2020-07-21 Medical information data desensitization secrecy and restoration method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010706541.1A CN111884795B (en) 2020-07-21 2020-07-21 Medical information data desensitization secrecy and restoration method and system

Publications (2)

Publication Number Publication Date
CN111884795A CN111884795A (en) 2020-11-03
CN111884795B true CN111884795B (en) 2022-09-13

Family

ID=73155109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010706541.1A Active CN111884795B (en) 2020-07-21 2020-07-21 Medical information data desensitization secrecy and restoration method and system

Country Status (1)

Country Link
CN (1) CN111884795B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001211148A (en) * 2000-01-25 2001-08-03 Sony Corp Device, system, and method for data processing and program providing medium
CN108021822A (en) * 2017-11-30 2018-05-11 广州天鹏计算机科技有限公司 The desensitization method and system of data
CN109698839A (en) * 2019-02-21 2019-04-30 湖南智远数通科技股份有限公司 A kind of desensitization data comparison method and device based on asymmetric arithmetic
CN110391906A (en) * 2019-07-25 2019-10-29 深圳壹账通智能科技有限公司 Data processing method, electronic device and readable storage medium storing program for executing based on block chain
CN110430203A (en) * 2019-08-12 2019-11-08 徐州恒佳电子科技有限公司 A kind of improved safety JSON transmission method towards sensitive data
CN110502908A (en) * 2019-07-30 2019-11-26 广东分利宝金服科技有限公司 The method of local data encryption based on mobile terminal
CN111079162A (en) * 2019-12-13 2020-04-28 山东众阳健康科技集团有限公司 Data encryption method, data decryption method and data encryption system based on block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10348693B2 (en) * 2009-12-15 2019-07-09 Microsoft Technology Licensing, Llc Trustworthy extensible markup language for trustworthy computing and data services

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001211148A (en) * 2000-01-25 2001-08-03 Sony Corp Device, system, and method for data processing and program providing medium
CN108021822A (en) * 2017-11-30 2018-05-11 广州天鹏计算机科技有限公司 The desensitization method and system of data
CN109698839A (en) * 2019-02-21 2019-04-30 湖南智远数通科技股份有限公司 A kind of desensitization data comparison method and device based on asymmetric arithmetic
CN110391906A (en) * 2019-07-25 2019-10-29 深圳壹账通智能科技有限公司 Data processing method, electronic device and readable storage medium storing program for executing based on block chain
CN110502908A (en) * 2019-07-30 2019-11-26 广东分利宝金服科技有限公司 The method of local data encryption based on mobile terminal
CN110430203A (en) * 2019-08-12 2019-11-08 徐州恒佳电子科技有限公司 A kind of improved safety JSON transmission method towards sensitive data
CN111079162A (en) * 2019-12-13 2020-04-28 山东众阳健康科技集团有限公司 Data encryption method, data decryption method and data encryption system based on block chain

Also Published As

Publication number Publication date
CN111884795A (en) 2020-11-03

Similar Documents

Publication Publication Date Title
CN100499452C (en) Device and method for securely transmitting authorization data
JP4253543B2 (en) Hardware protection key and reissuing method
US5966448A (en) Cryptographic communication system
CN102904712A (en) Information encrypting method
CN101800738A (en) Realization system and method for safely visiting and storing intranet data by mobile equipment
CA2613289A1 (en) Generating a secret key from an asymmetric private key
CN101730886B (en) Secure storage system and method of use
CN103607273B (en) A kind of data file encipher-decipher method controlled based on time limit
JPH0227389A (en) Enciphering method and enciphering device/decoding device using enciphering method concerned
JPH10171717A (en) Ic card and cipher communication system using the same
JPH0244389A (en) Ic card apparatus
CN112865965A (en) Train service data processing method and system based on quantum key
CA2186699C (en) Encryption system for mixed-trust environments
CN111884795B (en) Medical information data desensitization secrecy and restoration method and system
CN100561913C (en) A kind of method of access code equipment
CN102270182B (en) Encrypted mobile storage equipment based on synchronous user and host machine authentication
JPH04247737A (en) Enciphering device
CN1131992A (en) Security system for software
CN1607511B (en) Data protection method and system
JPH0231290A (en) Ic card device
Erondu et al. An encryption and decryption model for data security using vigenere with advanced encryption standard
Mao et al. Development of authentication protocols: Some misconceptions and a new approach
KR20230050464A (en) Secure communication between known users
CN102647428A (en) Encrypting and decrypting system and method adopting trusteeship control based on communication network
KR20020071274A (en) Universal Serial Bus(USB) security secondary storage device using Crypto Chip and Flash memory based on PC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant