CN113205871A - Medical data access control model based on fuzzy trust prediction and regression analysis - Google Patents
Medical data access control model based on fuzzy trust prediction and regression analysis Download PDFInfo
- Publication number
- CN113205871A CN113205871A CN202110183336.6A CN202110183336A CN113205871A CN 113205871 A CN113205871 A CN 113205871A CN 202110183336 A CN202110183336 A CN 202110183336A CN 113205871 A CN113205871 A CN 113205871A
- Authority
- CN
- China
- Prior art keywords
- trust
- user
- access
- medical
- atdc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H40/00—ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
- G16H40/20—ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the management or administration of healthcare resources or facilities, e.g. managing hospital staff or surgery rooms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/18—Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Mathematical Optimization (AREA)
- Public Health (AREA)
- Primary Health Care (AREA)
- Pure & Applied Mathematics (AREA)
- Epidemiology (AREA)
- Mathematical Physics (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Business, Economics & Management (AREA)
- Mathematical Analysis (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Biomedical Technology (AREA)
- Algebra (AREA)
- Probability & Statistics with Applications (AREA)
- Operations Research (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The invention discloses a medical data access control model based on fuzzy trust prediction and regression analysis, which consists of the following parts: the system comprises a medical information system database HIS-DB, an identity authentication and request processing module IAM, a behavior early warning module BWM, a trusted digital certificate database ATDC-DB, an access policy module AP, and a Trust Management Center Trust Management Center, TMC; the identity authentication and request processing module IAM comprises an execution point REP and an identity verification checkpoint ICP; the trusted digital certificate database ATDC-DB is used for storing the access trusted digital certificate ATDC; an access policy module AP comprising an access policy module database AP-DB; a medical information system database HIS-DB for storing medical records MR; the trust management center TMC comprises three functional modules of trust quantification, trust evaluation and trust correction. The model effectively evaluates the credibility of medical big data visitors, and reduces privacy leakage and malicious access.
Description
Technical Field
The invention relates to an access control method based on request user credibility, in particular to a medical data access control model based on fuzzy trust prediction and regression analysis.
Background
The big data brings new opportunity for finding new value in the medical industry, and the medical informatization enters a high-speed development period and accumulates massive structured and unstructured medical data, plays a great role in improving the modernized management level and diagnosis and treatment efficiency of medical institutions, and becomes an indispensable technical means in medical activities. Medical big data is one of big data, and has basic data characteristics of big data: the application and development of mass, diversity, rapidity and high-value data are beneficial to saving medical cost and improving the medical service level, and can greatly influence the aspects of economy, society, people's life and the like, especially the aspects of clinical auxiliary diagnosis and treatment, health management, accurate medical treatment and infectious disease monitoring.
However, the collection, administration and analysis of these medical big data and the exploitation and utilization of their potential value also inevitably bring about many privacy disclosure problems.
The most important users of medical big data are medical staff in hospitals, and the medical staff mainly comprises doctors, nurses, medical professionals, pharmacists and the like. With the rapid development of medical big data and medical informatization, the trust evaluation of medical users in the big data background becomes more complicated. Meanwhile, the professionalism and complexity of medical data and the expense of acquiring medical knowledge cause the doctor and the patient to have natural unequal relations. Medical staff with professional knowledge and skills are in a natural strong position, patients as information sources and owners are in a weak position, and doctors can only hope to provide services under the principle of minimum privilege, however, with the development of big data, the inequality relationship is more serious.
Currently, two ways exist to evaluate the reputation of medical big data visitors so as to reduce privacy leakage and malicious access:
firstly, dynamic trust evaluation:
the credibility of the user can be updated in time, and the method has high timeliness, but the method for striking and deterring the malicious visitors by reducing the credibility of the user is 'punishment after the fact', namely, the consequences caused by the malicious visitors of the user can be reflected only after the dynamic evaluation of the next period. "post-punishment" has little effect on the user of the ongoing malicious activity, and the effect is not obvious when the malicious activity is attacked.
Second, access control model
Generally, a single-value average quantification (trust value and risk value) is combined with a preset access control strategy to achieve the purpose of access control, but the single average trust value may not well reflect the real trust condition. For example, if doctor A and doctor B have the following trust values: TA-TB-0.7 (in the range of [0,1 ]), then means that a and B have the same trust level? This is clearly incorrect if the trust value of a is getting worse and accumulates to 0.7 and the trust value of B is getting better and also accumulates to 0.7. Thus, B is significantly better than a in predicting the upcoming confidence level, and single-valued average quantification of confidence, typically using historical behavior, cannot reflect the true confidence level.
Disclosure of Invention
In view of the defects in the prior art, the invention aims to provide a medical data access control model based on fuzzy trust prediction and regression analysis. The invention utilizes regression analysis to integrate the historical behavior trend of a doctor into a trust evaluation model, and adds an early warning system in an access control model, provides an access control model (FTPACM) based on fuzzy trust prediction, greatly relieves the defects caused by single-value trust quantification, and improves the performance of the model from multiple aspects.
In order to achieve the above purpose, the medical data access control model based on fuzzy trust prediction and regression analysis according to the present invention is composed of the following parts:
the system comprises a medical information system database HIS-DB, an identity authentication and request processing module IAM, a behavior early warning module BWM, a trusted digital certificate database ATDC-DB, an access policy module AP, and a Trust Management Center Trust Management Center, TMC;
the identity authentication and request processing module IAM comprises an execution point REP and an identity verification checkpoint ICP;
the trusted digital certificate database ATDC-DB is used for storing the access trusted digital certificate ATDC;
the access policy module AP comprises an access policy module database AP-DB;
the medical information system database HIS-DB is used for storing medical records MR;
the trust management center TMC comprises three functional modules of trust quantification, trust evaluation and trust correction;
the working steps are as follows:
step-1 the request enforcement point REP accepts the user's request and sends it to the authentication check ICP.
Step-2, the identity verification checkpoint ICP first checks whether the user identity credentials are correct, the identity credentials including: and logging in time and IP, and then sending an access request to the behavior early warning module BWM.
And Step-3, the behavior early warning module BWM sends a request to the trust management center TMC to acquire the behavior trust.
And Step-4, after obtaining the required information from the trust management center TMC, classifying the trust level of the user behavior by the behavior early warning module BWM and feeding back corresponding prompt or warning information.
And Step-5, after receiving the information of the behavior early warning module BWM, the user automatically selects whether to continue accessing and feeds back the information to the behavior early warning module BWM. If the access is terminated, the process is exited, otherwise, Step-6 is continuously executed.
And Step 6, the behavior early warning module BWM sends a continuous access request to the trust management center TMC, and the trust management center TMC calls the user information collected by the behavior early warning module BWM and the access trusted digital certificate database ATDC-DB to further perform trust evaluation on the user.
And Step-7, finally, the access policy module database AP-DB interacts with the behavior early warning module BWM to obtain the final trust value of the user, and the final judgment is carried out according to the access rule.
Step-8, if the user is allowed, the most trusted resource is selected from all available resources and sent to the user, and the corresponding medical record MR and access trust digital certificate ATDC are generated and stored in the medical information system database HIS-DB and the trusted digital certificate database ATDC-DB.
Step-9. if the user is not allowed to use, the user will not have access to the corresponding resources, and then the corresponding medical record MR and access trust digital certificate ATDC are generated and stored in the medical information system database HIS-DB and the trusted digital certificate database ATDC-DB.
Step-10. finally, the user can access his services and perform his work or process.
Further, the identity authentication and request processing module IAM is responsible for checking the identity validity of the requesting user and registering the new user.
Furthermore, the behavior early warning module BWM is responsible for identifying and analyzing the access behavior of the user, and establishing a fuzzy distribution function according to the behavior characteristics to fuzzify and output the node trust value, and feed back the node trust value to the user.
Further, the access policy module AP divides the access scene of the user into three types of normal access, emergency access and undefined access; and the access policy module AP formulates an access control rule to judge the validity of the access request.
Further, the trust quantification is to digitize the medical record stored in the HIS in the form of text and the current node access behavior of the user; the trust evaluation means that after the quantized data are analyzed, the trust level of the user is evaluated by using a trust management center TMC; the trust correction is to establish a regression model according to the historical trust trend of the user and correct the trust value.
Further, the trust evaluation parameters of the trust evaluation are divided into: the node trusts node trust, NT, historical trust History trust, HT, historical interactive trust PIR and user comprehensive trust value CT; the user comprehensive trust value CT is calculated according to the NT, HT and PIR parameters of the user.
Further, the confidence correction is based on a positive linear regression equation.
Further, the data bodies in the medical information system database HIS-DB are stored in the HIS-DB in a time linear relationship to form a tree-shaped hierarchical structure.
Furthermore, after the user interacts with the system every time, the medical information system database HIS-DB generates a new ATDC for recording the trust state of the current user, and the new ATDC is stored in the trusted digital certificate database ATDC-DB, and meanwhile, the medical record is generated in the medical information system database HIS-DB when each diagnosis and treatment life cycle of the user is completed.
Compared with the prior art, the invention has the following beneficial effects:
1. the early warning mechanism is added into the medical big data access control model, the posterior defect of the traditional trust quantification access control strategy is reduced (the trust value reduction result caused by the malicious access can be reflected only in the next access), and the effect of the innocent malicious access type doctor is obvious.
2. The regression analysis is utilized to quantify the trust trend, so that the problem that the traditional trust or risk single-value-based quantification algorithm cannot describe the timeliness and the trend of the quantified value is solved, and the scientificity and the sensitivity of the whole model are greatly improved.
3. When regression analysis prediction is carried out, a local greedy algorithm with reverse order preference is provided, and the precision and the efficiency of a regression model are improved.
Description of the drawings:
FIG. 1 is a diagram: the invention is a work flow chart;
FIG. 2 is a diagram of: hierarchical structure of medical data in HIS
FIG. 3 is a diagram of: a doctor seeing a doctor behavior pattern diagram;
FIG. 4 is a diagram of: BWM membership function graph;
FIG. 5 is a diagram: a time decay function map;
FIG. 6 is a diagram of: a reverse optimization algorithm graph;
Detailed Description
The present invention will be described in further detail with reference to specific embodiments.
The user confirms the identity through an identity authentication and request processing module (IAM), the IAM is responsible for checking the identity validity of the requesting user and registering a new user, and the module stores the registered user identification and identity verification information in a memory bank of the module;
the judgment standard of identity validity is as follows: the login IP is judged to be legal when being in local login, and is judged to be illegal when being in different places, and the access time is divided into four time periods: duty time, emergency duty time, off duty time, and vacation time; and if the access is not in the legal time, the access is regarded as illegal.
The Medical records are stored in the HIS in a time linear relationship as a data main body in the HIS, and a tree-shaped hierarchical structure is formed according to the characteristics of the life cycle of the Medical records, as shown in FIG. 2, a large number of Medical records 1-n are stored in the HIS in a time linear manner, each Medical record is essentially a mapping of a doctor workflow, and misdiagnosis can be caused by the subjective judgment deviation of a doctor and unclear description of the patient on the symptoms of the patient during the interaction process of the patient, so each Medical record may contain one or more clinical targets of patients of clinical targets of patients of clinical targets of patients of the clinical targets of the patients of the targets of the clinical targets of the patients of the clinical targets of the Medical records of the clinical targets of the patients of the clinical targets of the patients of the clinical targets of the patients of the targets of the clinical targets of the patients.
An Access Trust Digital Certificate (ATDC) is a trust credential established by the FTPACM based on the historical behavior of the doctor and the current node trust level. In FTPACM, the doctor as the main interactive user needs to register himself with the system, and after each interaction with the system, a new ATDC is generated to record the trust status of the current user. The completion (termination) of each clinical life cycle by the doctor generates medical records at HIS, and also generates corresponding ATDC in the access control model FTOACM. The trust level field is an important basis for the model to carry out comprehensive trust evaluation and trust quantification. The contents of ATDC and its explanation are shown in Table 1.
TABLE 1 certificate content and description
And the behavior early warning module (BWM) is responsible for identifying and analyzing the access behavior of the user and feeding back corresponding information according to behavior characteristics. Behavior early warning module (BWM) based on actual trust level and userAccessing the behavior characteristics, establishing a corresponding fuzzy distribution function to fuzzify and output the node trust value, and outputting different feedback types P according to different output values1,P2,P3Feedback to the user, P1,P2,P3Corresponding fuzzification membership function mu1,μ2,μ3The following parameters a, b, c and d are constants, and the values are determined by adopting an assignment method; x is the initial behavioral trust value of the entity in the model.
The fuzzification membership function mu can be known from (7), (8) and (9)1,μ2,μ3∈[0,1]. The parameters a, b, c, d are preferably: a is 0.3, b is 0.5, c is 0.7, and d is 0.9. Finally, the early warning membership function is shown in fig. 4:
the feedback information is sent to the user automatically by the feedback mechanism according to the feedback rules stored in the model, and the specific feedback mechanism rules are shown in table 2. P1,P2,P3Is of the feedback type, M1,M2,M3The prompt information is set as follows:
M1: does the access operation not meet the criteria, will result in a decreased reputation, will the current operation continue?
M2: is there a risk of the access operation, possibly resulting in a decline in reputation, is the current operation continued?
M3: is the access operation meet the criteria, is the current operation continued?
TABLE 2 BWM rules for feedback mechanism
As a simple example, assume a physician Henry's behavioral confidence of 0.75, μ1(0.75)=0,μ2(0.75)=0.75,μ3(0.75) ═ 0.6, thenAs can be seen from Table 2, the access behavior of Henry in this application satisfies P2Trigger condition of BWM, to which BWM automatically sends a prompt message M2And Henry decides whether to proceed the next operation.
An access policy module (AP) divides an access scene of a user into three types of normal access, emergency access and undefined access.
Access_Normal(σn) The scenario is a normal access environment, and in order to access resources in the HIS, a user needs to have a legal access identity and sufficient trust level.
Access_Emergency(σe) In this access scenario, the security administrator defines access control rules that are more tolerable than normal. When a user accesses the HIS, there may be manyThe case is in an emergency situation and the patient's life is at risk. In this case, the system will default to giving the user a higher access tolerance as long as the user is determined to be legitimate, e.g. the requester belongs to a particular group, such as a medical staff (nurse) or a doctor of a doctor.
Access_Undefined(σu) This context means that the system does not cover or recognize the access context of the user, which means that the system cannot make access decisions regarding access requests. For example, the FTPACM system rule definition is incomplete (the access condition is not defined in the system), or the system has an abnormal condition when the access request occurs, and the environment cannot be identified.
The formalization of the FTPACM access rule set is described as equation (10).
<HUI,HO,ACtime,ACsituation,trange{Tmin,Tmax}>→<Hsign,Havl>#(10)
The HUI is the user identity applying for accessing the HIS resources.
HO is HIS resources (objects) that the user applies for access to.
ACtimeIs the time node for the user to apply for access.
ACsituationThe environmental conditions of the user access behaviors are divided into three types (normal, emergency, undefined).
trange{Tmin,TmaxIs the trust threshold for the interaction between HUI and HO, where TminIs a minimum trust value, TmaxIs the maximum trust value.
HsignType of authorisation (positive authorisation 'delta') marked for access behaviour+'and negative grant' delta-"), access behavior triggers P for BWM1、P2The designation of class Command pointer is delta+Trigger P3The marking of the instruction is delta-。
HavlIs the level of access to the view. We divide the access view into three levels, full view (fv), partial view (pv), and invisible view (nv).
HrecordThe ATDC generation state of the current visit life cycle is recorded: "Generated" has been Generated, and "null" has been Generated without success of access or without detailed visitor information.
The following are specific access control rules for FTPACM:
Rule1 user.id={true}∧ACtim={legal}∧ACsituation={normal}∧trange{Tmin,Tmax}={true}→Hsign={δ+}∪Havl={fullview}∪Hrecord={Generated}
Rule2 user.id={true}∧ACtim={illegal}∧ACsituation={normal}∧trange{Tmin,Tmax}={true}→Hsign={δ-}∪Havl={noview}∪Hrecord={null}
Rule3 user.id={false}∧ACtim={legal}∧ACsituation={normal}∧trange{Tmin,Tmax}={true}→Hsign={δ-}∪Havl={noview}∪Hrecord={null}
Rule4 user.id={true}∧ACtim={legal}∧ACsituation={normal}∧trange{Tmin,Tmax}={false}→Hsign={δ-}∪Havl={noview}∪Hrecord={Generated}
Rule5 user.id={true}^ACtim={legal}∧ACsituation={emergency}∧trange{Tmin,Tmax}={true}→Hsign={δ+}∪Havl={fullview}∪Hrecord={Generated}
Rule6 user.id={true}∧ACtim={illegal}∧ACsituation={emergency}∧trange{Tmin,Tmax}={true}→Hsign={δ+}∪Havl={fullview}∪Hrecord={null}
Rule7 user.id={false}∧ACtim={legal}∧ACsituation={emergency}∧trange{Tmin,Tmax}={true}→Hsign={δ-}∪Havl={noview}∪Hrecord={null}
Rule8 user.id={true}∧ACtim={}∧ACsituation={emergency}∧trange{Tmin,Tmax}={false}→Hsign={δ-}∪Havl={partview}∪Hrecord={Generated}
Rule9 user.id={true}∧ACtim={legal}∧ACsituation={undefined}∧trange{Tmin,Tmax}={true}→Hsign={δ-}∪Havl={noview}∪Hrecord={null}
the trust management center TMC is the core part of the model of the invention, from which data needed for abstract quantification of medical records and access behavior, operation of BWM and decision of AP-DB are all needed.
The Trust Management Center (TMC) mainly comprises three parts of trust quantification, trust evaluation and trust correction.
The trust quantification mainly comprises the steps of digitizing medical records stored in a text form in the HIS and current node access behaviors of a user; the trust evaluation means that after the quantized data are analyzed, the trust level of the user is evaluated by utilizing an algorithm in TMC; the trust correction is to establish a regression model according to the historical trust trend of the user and correct the trust value.
The process of trust quantification is as follows:
in the FTPACM model, the patient set P ═ { P > is seen0,p1,p2.......pn}
Diagnosis and treatment target set G ═ G0,G1,G2......Gn}
Medical record set MGset={M0 Gset,M1 Gset,M2 Gset......Mn Gset}(Gset∈G)。
The visit behavior of the doctor can be divided into 2 phases. As shown in FIG. 3, first, a doctor initially communicates with a patient to be treated, and determines a preliminary target G for the patient based on the patient's associated symptoms in combination with his or her own experience0I.e. the doctor suspects or confirms the cause of the disease, after which the doctor selects the set of medical records M associated with the targetG0={M0 G0,M1 G0,M2 G0......Mn G0To confirm the correctness of the target, where Mi G0Is a target G0Patient specific information item m for a next doctor to visiti. If G is0If not, the doctor can determine the next target G1And access the relevant information.
If the Mason suspects that the Liam of the patient is suspected to be the alveolar proteinosis (PAP), the Mason accesses the related information of the Liam by taking the PAP as a diagnosis and treatment target so as to verify the correctness of the expected guess, and if the PAP is correct, the task is completed; if the diagnosis is wrong, the process is circulated from a new cycle until the disease is confirmed or Liam leaves by self, and the process is recorded in the HIS as a complete diagnosis and treatment life cycle to form a medical record. The target state change of the life cycle is formally expressed as follows.
Definition 1: let pi be a change state sequence S of a doctor working target G in a diagnosis and treatment life cycle0→S1→S2→....Sn,SiIs a target GiThe specific formula of the boolean judgment function sove (G) is shown in formula 1,
if it is not<Si|ture>Then the state sequence pi derivation is over, then the target GiCalled the final target, state SiCalled the final state; if it is not<Si|false>Then proceed to Si+1Up to<Sn|ture>Establish or patient leave, and default to the last target G before patient leavelastIs the final target, andthe entire sequence of state changes pi is recorded in the HIS.
Fuzzy statistics employed by FTPACM mainly include the following elements:
x: the domain X is an information set for accessing patients by all doctors;
x: discourse X is the set of patient information that a doctor visits, and X;
x0: one fixed element in X is a specific information item of the patient;
g: a randomly varying set of patient information with the same clinical context (target) for one of X, where X0E G orSo that x0The relationship to G is uncertain;
C(x0,G*): x in n samples under X universe of discourse0E.g. the number of times G;
definition 2: degree of membership mu of access informationG(x0)。μG(x0) Refers to the patient information x accessed by a doctor under a specific diagnosis and treatment target G0The degree of correlation with the target G. Mu.s ofG(x0) The higher the access necessity.
Assuming that n times of fuzzy statistics are performed, x can be calculated0Membership frequency P (x) to G0,G*) Such as formula (13).
When n is continuously increased, the membership frequency P tends to be stable, and the stable value mu of the frequencyG(x0) Is referred to as x0Degree of membership to G, i.e. patient information x under the object G0Degree of membership.
In the same wayFrom the two formulas (13) and (14), P under the discourse domain X can be obtained*(x0,G*) Andwherein the size of gamma can be set according to the requirement of model precision.
Definition 3: the fuzzy set of medical records. The medical record fuzzy set is a fuzzy set formed by the membership mu of the information accessed by the doctor in the medical record. When X is a finite set, let X be { X ═ X1,x2,…,xiThe fuzzy set G on X is formally expressed as
Where "Σ" and "+" are not meant to be summed, are symbols summarizing each element in a set,representing patient information xiThe membership degree of the diagnosis target G is muG(xi)。
Meanwhile, the ambiguity of information transmission (such as unclear dictation disorder) during the communication between doctors and patients can cause misdiagnosis, i.e. there exists R ← G0,G1,…GiResulting in a medical record R that may have an ambiguous set of multiple targets. I.e. the presence of G ═ G1,G2,…,GmMaking the medical record fuzzy set S include different subordinated backgrounds GiS is finally composed of a plurality of sub-sets, as shown in formula (16).
Definition 4: the behavior quantization matrix M. One medical record represents a complete access behavior, and is expressed in a matrix form to finally obtain a behavior quantization matrix M based on the medical record, as shown in formula (17), wherein
Definition 5: the closeness N. Let M, M be the two fuzzy quantization matrices, M, M is the approximation N, which can be expressed as equation (18).
Finally, the medical record fuzzy quantization is carried out to different medical record fuzzy sets M, so that the evaluation and the monitoring are convenient for us.
Definition 6: node behavior matrix NMbool。NMboolIs a quantitative matrix describing the access behavior of the current application of doctors and is a quantitative matrix about the access behavior of individual doctors.
We automatically label it with the pool decision function, and label it as μ if this information x is accessedij1, otherwise mu ij0. At the same time, due to NMnodeIs composed of the patient information actually applied for access by the current node of the doctor, so muijAll take the value of 1. If the number of elements in each row is different, the maximum number of elements is taken as a standard, and the rest is complemented by 0.
Definition 7: matrix of expected nodes EMbool。EMboolAs NMboolThe comparison matrix of (1) is the minimum information matrix that the doctor who expects the patient to complete the treatment task under the 'least privilege principle' accesses, and is a quantification matrix about the access behavior of the whole doctor. It contains information entries and NMsboolThe same holds for equation (20).
EMboolThe matrix is formed by carrying out the borolation according to the behavior matrix M. The specific cool judgment function is shown as (21).
WhereinIs the upper limit of membership degree, the value of which can be automatically adjusted according to the model precision, and the hypothesisTo be at a target GjLower patient information xiProbability of being visited, thenSame as aboveThat is, if more than 75% of the physicians have accessed the information under the objective task, the information is assigned a value of 1 for essential information, and is assigned a value of 0 for non-essential information below 75%.
The trust evaluation process is as follows:
the trust evaluation parameters are divided into: node Trust (NT), History Trust (HT), History interaction trust (PIR), user composite trust value (CT).
The node trust NT refers to the trust of the current node access behavior of the user, namely instant trust, and the trust parameter is irrelevant to the historical background of the user and only represents the property of the current behavior of the user. In fact, when a user wants to access the HIS and obtain resources, the system will calculate the trustworthiness of HIS request based on the type and amount of resources the user applies for access to. Since the type and amount of resources requested by a user are known, its behavior is calculatedThe time taken for the trust level (node trust level) will be very short. Meanwhile, the node trust NT is also a key parameter for the BWM in the system to perform recognition early warning and information feedback operation on the user behavior. Therefore, it is also necessary that user node trust be valuable as a factor in the overall trust assessment for the user. Trust value T of current node access behavior of usernodeThe concrete formula is shown as formula (22).
Meanwhile, NT generated by each interaction of the user can be recorded in the corresponding ATDC, so that the FTPACM can conveniently perform query calling.
Historical Trust (HT). The user historical trust is also called basic trust, is the accumulated reputation of long-term interaction between a user and a system, is related to the access behavior of the user historical node, and is not related to the access behavior of the user current node. Different from the node trust which can only judge the current access behavior credibility of the user in one side, HT can represent the overall credibility of the user to the maximum extent. HT is obtained by carrying out weighted average according to the historical node trust NT, and the historical trust value NT of the user can be directly obtained by inquiring the ATDC-DB, wherein the specific formula is shown as a formula (23).
Where ξ is the number of interactions with the system by the user and ω is the time-based decay weight. When the user is accessed for the first time, namely ξ ═ 1, no history record is available, so the user history trust HT defaults to the node trust NT which is equal to the current node access behavior, namely Thistory=Tnode(ξ ═ 1). When ξ > 1, all medical records are divided into n time segments according to the timeline of the medical records on the HIS, each time segment may contain one to multiple medical records, and the same time segment weight ω is the same, wherein ω is the sameiIs the weight of the ith time period, ωiIs defined as follows.
Where S (i) is a time decay function that provides sufficient flexibility for most desired effects, as shown in equation (25)
As shown in fig. 5, when k is 0, the function is linear decay; when k is less than 0, the expression mode of the result is more flexible; when k is less than 0, the bias effect of the function is more rigid. The selection of the specific k value can be flexibly changed according to requirements. In order to make the whole evaluation system pay more attention to the recent visit behavior dynamics and trends of doctors, and medical records which are too long in time only serve as certain references, k >0 is selected so that the medical records show the characteristic of accelerated decay with the passage of time.
Historical interaction trust (PIR) is computed based on user interactions with the system, which adds a label to each interaction to indicate the nature of that interaction. The record can be directly obtained by querying the ATDC-DB and the calculation of the PIR is performed. The PIR is the ratio of the number of forward authorizations to the total number of authorizations in the physician's historical access behavior, as follows.
WhereinIn order to forward-authorize the number of times,for the negative authorization times, when the user interacts with the system for the first time, namely ξ ═ 1, we default that the historical interaction trust of the user is assigned to 1, namely PIR ═ 1.
User Integrated Trust value (CT), user's ToverallThe method is calculated according to NT, HT and PIR parameters of a user, and based on the trust parameters, the comprehensive trust CT of the user can be calculated, and the specific formula is (27).
Toverall=αNT*NT+αHT*HT+αPIR*PIR#(27)
=αNT*Tnode+αHT*Tpred+αPIR*Tbr
Wherein alpha isNT,αHT,αPIRThe values of the preset weights of the three trust parameters are determined by adopting an expert consultation method, each expert gives a corresponding weight score according to experience, and the scoring requirements are as follows: alpha is alphaNT+αHT+α PIR1, andthen, the scores of the experts are subjected to arithmetic mean, and the formula is as follows:(where n is the number of experts involved in the scoring, ωiScoring for the ith expert) to finally obtain the specific values of the three weights.
Every time the user interacts with the system, TMC performs dynamic trust evaluation on the user once to generate a corresponding user comprehensive trust CT, and the user comprehensive trust CT is stored in ATDC. It should be noted that the CT does not participate in the invocation of the access control policy as the final trust output, and the CT can participate in the assignment of the final access control policy only after the CT is subjected to the trust value corrected by the regression analysis.
Linear regression based trust correction:
according to the invention, a trust regression model is established according to the relation between the comprehensive trust value of the user and the time, and the historical behavior trend is integrated into the trust assessment. The method is based on a unitary linear regression equation, and overcomes the defects caused by a single-value quantization method.
The regression analysis method is an analysis method which uses a data statistics principle to perform mathematical processing on a large amount of statistical data, determines the correlation between a dependent variable and some independent variables, and establishes a regression equation (function expression) with good correlation for predicting the change of the dependent variable in the future. In order to overcome the defects caused by a single-value quantification method, a unary linear regression equation is adopted for carrying out regression analysis on the medical history record when the medical history record is comprehensively evaluated, and the specific regression equation is shown as a formula 1.
yi=β0+β1xi+∈i(i=1,2,…,n)#(1)
Wherein xiAnd yiThe ith observed value is the independent variable x and the dependent variable y respectively, belongs toiAs an observed value yiRandom error of (2). Let e beiObeying mean 0 and variance σ2Is normally distributed, and each e isiIndependent of each other, the mathematical expectation and variance of the random variables are:
due to error eiAnd xiRegardless, therefore, the error term is not considered herein, and the simplified regression function is
yi=β0+β1xi(i=1,2,…,n)#(3)
To better fit the regression function to the observed data, the estimated points on the sample regression line are compared to the true observed points yiShould be as small as possible, we adjust the parameters of the regression function using the ols (ordering least squares) standard to minimize the sum of squared residuals Q of the observations.
I.e. changing the parameters continuously according to a given sample observationAndq is minimized. According to the principle of calculus, the problem is converted into Q pairPartial derivatives of
When the first partial derivative is 0, Q is minimized, and thus, the solution can be obtained
Because trust has strong dependency on time, and the comprehensive trust of a user has small change amplitude and is in a linear change trend as a whole, a unitary linear regression is adopted to describe the internal relation between time and trust. Although the integrated confidence value CT is also stored in linear time, the doctor' S working mode causes the time interval between adjacent time stamps to be non-uniform, so we visualize the time factor T with the system storage sequence number (S ═ 1, 2, …, n):
t → S ═ 1, 2, …, n. The confidence regression equation is shown as (28).
y=a+σx#(28)
Wherein y is the comprehensive trust value ToverallX is ToverallThe system of (1) stores the sequence number. The parameters can then be determined according to equations (4) to (6)Andand deriving a user's belief regression equation (29)
Trust remediation value: one parameter for reducing the error of single value quantification, e.g. doctor Paul and doctor David having the same confidence value Toverall(Paul)=Toverall(David) ═ 0.7, but Paul's confidence is continually dropping to 0.7 and David's confidence is continually rising to 0.7, thus David is significantly better than Paul in predicting the upcoming confidence level, and the confidence correction value ξ is what is used to correct and reduce this error, as expressed in equation (30).
WhereinCalculated by formula (29), reflects the property (delta) of the user's historical behavior+,δ-),ωCorrectedIs a constant weight coefficient which determines the degree of correction, and ωCorrected∝ξ。
Correct Comprehensive Trust (CCT): the CCT is the user trust after correction, and the trust is the final judgment basis for the access control of the access control policy library.
TCorrected=Toverall+ξ#(31)
Since the user is in each period TiMay be reversed, e.g.
This is likely to result inThe fit of the final model is not high, thereby affecting the parametersAnd ultimately affects the accuracy of the confidence correction parameter ξ. Therefore, the linear fitting screening is performed by adopting a reverse-order preference method, and SEE is used as a standard for measuring the quality of a fitting model. SEE is the sum of the squares of the errors of the corresponding points of the fitted data and the raw data, and the calculation formula is as (32).
The closer the SEE is to 0, the better the model selection and fitting.
Reverse order optimization (Reverse order optimization algorithm): the reverse order preference is a local optimal greedy algorithm, which takes the current latest time node as a starting point, advances by a fixed step number, calculates the SEE of a point corresponding to a fitting equation in the current step length, and sequentially carries out iterative calculation to obtain the optimal SEE and the range of iterative times (step number)Can be set according to the requirements of users.
As shown in FIG. 6, 3iFor the starting point of iteration, step is 0.25i, step number { n |1 ≦ n ≦ 5}, and the SSE of the fitting function generated for each iteration has the following relationship:
due to SEE4Contains a data amount greater than SEE1,SEE2,SEE3Thus the best fit model should be SEE4The corresponding model.
In conclusion, the medical data access control model based on fuzzy trust prediction and regression analysis can actually perform trust evaluation on doctors from two aspects of user history records and current access behaviors in HIS, and dynamically adjust the access authority of the doctors, so that leakage of patient information caused by malicious access of the doctors is avoided. Experiments show that after the early warning module is introduced into the model, the overall behavior level of the user is obviously improved, the prediction performance is compared with that of the prior art under a complex trend, and the prediction trust precision average value and the prediction trust trend average value are respectively as follows: 72.62 percent of the model and 66.50 percent of the model; prior art models 64.71%, 42.83%. Therefore, the trust prediction and trend prediction performance of the method used by the model under the complex trend prediction is better.
The above description is only a part of the embodiments of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention.
Claims (9)
1. The medical data access control model based on fuzzy trust prediction and regression analysis consists of the following parts:
the system comprises a medical information system database HIS-DB, an identity authentication and request processing module IAM, a behavior early warning module BWM, a trusted digital certificate database ATDC-DB, an access policy module AP, and a Trust Management Center Trust Management Center, TMC;
the identity authentication and request processing module IAM comprises an execution point REP and an identity verification checkpoint ICP;
the trusted digital certificate database ATDC-DB is used for storing the access trusted digital certificate ATDC;
the access policy module AP comprises an access policy module database AP-DB;
the medical information system database HIS-DB is used for storing medical records MR;
the trust management center TMC comprises three functional modules of trust quantification, trust evaluation and trust correction;
the working steps are as follows:
Step-1the request execution point REP accepts the request of the user and sends it to the authentication check ICP;
Step-2the identity verification checkpoint ICP first checks the user identity credentialsWhether the card is correct or not, the identity certificate comprises: logging in time and IP, and then sending an access request to a behavior early warning module BWM;
Step-3the behavior early warning module BWM sends a request to a trust management center TMC to acquire behavior trust;
Step-4after obtaining the required information from the trust management center TMC, the behavior early warning module BWM classifies the trust level of the user behavior and feeds back corresponding prompt or warning information;
Step-5after receiving the information of the behavior early warning module BWM, the user selects whether to continue accessing and feeds back the information to the behavior early warning module BWM; if the access is terminated, the process is exited, otherwise Step-6 is continuously executed;
Step-6the behavior early warning module BWM sends a continuous access request to the trust management center TMC, and the trust management center TMC calls the user information collected by the behavior early warning module BWM and the access trusted digital certificate database ATDC-DB to further carry out trust evaluation on the user;
Step-7finally, the access strategy module database AP-DB interacts with the behavior early warning module BWM to obtain the final trust value of the user and carry out final judgment according to the access rule;
Step-8if the user is allowed, selecting the most trusted resource from all available resources and sending it to the user, and then generating and storing the corresponding medical record MR and access trust digital certificate ATDC in the medical information system database HIS-DB and the trusted digital certificate database ATDC-DB;
Step-9if the user is not allowed to use, the user cannot access the corresponding resources, and then the corresponding medical record MR and the access trust digital certificate ATDC are generated and stored in the medical information system database HIS-DB and the trusted digital certificate database ATDC-DB;
Step-10eventually, the user can access their services and perform their work or processes.
2. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 1, wherein: the identity authentication and request processing module IAM is responsible for checking the identity validity of the requesting user and the registration of the new user.
3. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 1, wherein: the behavior early warning module BWM is responsible for identifying and analyzing the access behavior of the user, establishing a fuzzy distribution function according to behavior characteristics, fuzzifying and outputting the node trust value, and feeding the node trust value back to the user.
4. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 1, wherein: the access strategy module AP divides the access scene of the user into three types of normal access, emergency access and undefined access; and the access policy module AP formulates an access control rule to judge the validity of the access request.
5. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 1, wherein: the trust quantification is to digitize medical records stored in the HIS in a text form and the current node access behavior of the user; the trust evaluation means that after the quantized data are analyzed, the trust level of the user is evaluated by using a trust management center TMC; the trust correction is to establish a regression model according to the historical trust trend of the user and correct the trust value.
6. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 5, wherein: the trust evaluation parameters of the trust evaluation are divided into: the node trusts node trust, NT, historical trust History trust, HT, historical interactive trust PIR and user comprehensive trust value CT; the user comprehensive trust value CT is calculated according to the NT, HT and PIR parameters of the user.
7. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 5, wherein: the trust correction is based on a one-element linear regression equation.
8. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 1, wherein: and the data bodies in the medical information system database HIS-DB are stored in the HIS-DB in a time linear relationship to form a tree-shaped hierarchical structure.
9. The fuzzy trust prediction and regression analysis based medical data access control model as claimed in claim 1, wherein: and the medical information system database HIS-DB is used for generating a new ATDC for recording the trust state of the current user after the user interacts with the system every time and storing the new ATDC in the trusted digital certificate database ATDC-DB, and meanwhile, the medical record is generated in the medical information system database HIS-DB when each diagnosis and treatment life cycle of the user is completed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110183336.6A CN113205871B (en) | 2021-02-10 | 2021-02-10 | Medical data access control system based on fuzzy trust prediction and regression analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110183336.6A CN113205871B (en) | 2021-02-10 | 2021-02-10 | Medical data access control system based on fuzzy trust prediction and regression analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113205871A true CN113205871A (en) | 2021-08-03 |
CN113205871B CN113205871B (en) | 2022-01-28 |
Family
ID=77025352
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110183336.6A Active CN113205871B (en) | 2021-02-10 | 2021-02-10 | Medical data access control system based on fuzzy trust prediction and regression analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113205871B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114936384A (en) * | 2022-06-21 | 2022-08-23 | 云南财经大学 | Electronic medical record access control method based on intuition fuzzy trust |
CN117632905A (en) * | 2023-11-28 | 2024-03-01 | 广州视声智能科技有限公司 | Database management method and system based on cloud use records |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101257386A (en) * | 2008-03-11 | 2008-09-03 | 南京邮电大学 | Dynamic accesses control method based on trust model |
CN102790761A (en) * | 2012-06-13 | 2012-11-21 | 浙江浙大中控信息技术有限公司 | Regional medical treatment information system and access authority control method |
CN103795688A (en) * | 2012-10-31 | 2014-05-14 | 中国航天科工集团第二研究院七○六所 | Attribute-based fuzzy access control calculation method |
CN106960125A (en) * | 2017-03-23 | 2017-07-18 | 华南师范大学 | A kind of medical self diagnosis Service Design method based on credible combined evaluation under big data |
CN110378146A (en) * | 2019-07-08 | 2019-10-25 | 云南财经大学 | Medical big data method for secret protection under cloud service environment based on fuzzy theory |
CN112259210A (en) * | 2020-11-18 | 2021-01-22 | 云南财经大学 | Medical big data access control method and device and computer readable storage medium |
-
2021
- 2021-02-10 CN CN202110183336.6A patent/CN113205871B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101257386A (en) * | 2008-03-11 | 2008-09-03 | 南京邮电大学 | Dynamic accesses control method based on trust model |
CN102790761A (en) * | 2012-06-13 | 2012-11-21 | 浙江浙大中控信息技术有限公司 | Regional medical treatment information system and access authority control method |
CN103795688A (en) * | 2012-10-31 | 2014-05-14 | 中国航天科工集团第二研究院七○六所 | Attribute-based fuzzy access control calculation method |
CN106960125A (en) * | 2017-03-23 | 2017-07-18 | 华南师范大学 | A kind of medical self diagnosis Service Design method based on credible combined evaluation under big data |
CN110378146A (en) * | 2019-07-08 | 2019-10-25 | 云南财经大学 | Medical big data method for secret protection under cloud service environment based on fuzzy theory |
CN112259210A (en) * | 2020-11-18 | 2021-01-22 | 云南财经大学 | Medical big data access control method and device and computer readable storage medium |
Non-Patent Citations (3)
Title |
---|
YANG XIN ET.AL: "Trust Evaluation Strategy Based on Grey System Theory for Medical Big Data", 《2019 IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND EDUCATIONAL INFORMATIZATION(CSEI)》 * |
惠榛: "面向医疗大数据的风险自适应的访问控制模型", 《通信学报》 * |
胡潇涵: "面向医疗大数据的基于信任的动态访问控制模型研究", 《中国优秀博硕士学位论文全文数据库(硕士)医药卫生科技辑》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114936384A (en) * | 2022-06-21 | 2022-08-23 | 云南财经大学 | Electronic medical record access control method based on intuition fuzzy trust |
CN117632905A (en) * | 2023-11-28 | 2024-03-01 | 广州视声智能科技有限公司 | Database management method and system based on cloud use records |
CN117632905B (en) * | 2023-11-28 | 2024-05-17 | 广州视声智能科技有限公司 | Database management method and system based on cloud use records |
Also Published As
Publication number | Publication date |
---|---|
CN113205871B (en) | 2022-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Barabas et al. | Interventions over predictions: Reframing the ethical debate for actuarial risk assessment | |
CN107395430B (en) | Cloud platform dynamic risk access control method | |
Li et al. | A study of project selection and feature weighting for analogy based software cost estimation | |
Wu et al. | Blockchain-enabled privacy-preserving access control for data publishing and sharing in the internet of medical things | |
CN113205871B (en) | Medical data access control system based on fuzzy trust prediction and regression analysis | |
Jiang et al. | A medical big data access control model based on fuzzy trust prediction and regression analysis | |
Taxman et al. | Risk-need-responsivity (RNR) classification models: Still evolving | |
Atlam et al. | An efficient security risk estimation technique for Risk-based access control model for IoT | |
WO2021159761A1 (en) | Pathological data analysis method and apparatus, and computer device and storage medium | |
CN109074436A (en) | The circulation of authorization rule in the memory of authoring system | |
US9009675B2 (en) | Verification of complex workflows through internal assessment or community based assessment | |
Kaushik et al. | Integrating firefly algorithm in artificial neural network models for accurate software cost predictions | |
CN114861224B (en) | Medical data system based on risk and UCON access control model | |
Vrieze et al. | Predicting sex offender recidivism. I. Correcting for item overselection and accuracy overestimation in scale development. II. Sampling error-induced attenuation of predictive validity over base rate information. | |
CN112530587A (en) | Construction method of two-dimensional dynamic trust evaluation model for medical big data access control | |
Stranieri et al. | Argumentation structures that integrate dialectical and non-dialectical reasoning | |
Rahnama | Science and Ethics of Algorithms in the Courtroom | |
CN113889262A (en) | Model-based data prediction method and device, computer equipment and storage medium | |
CN116681220A (en) | Smart city civil management method and system based on Internet of things | |
Wang et al. | A Dynamic multi-sensor data fusion approach based on evidence theory and WOWA operator | |
US9063897B2 (en) | Policy-based secure information disclosure | |
Jiang et al. | Risk and UCON-based access control model for healthcare big data | |
Cubitt | The value of criminal history and police intelligence in vetting and selection of police | |
Ross | AI and the expert; a blueprint for the ethical use of opaque AI | |
KR102360384B1 (en) | System for providing bigdata based reservation price probability distribution validation service for procurement auction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |