CN113626793A - Health authentication method, system, device, equipment and readable storage medium - Google Patents
Health authentication method, system, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN113626793A CN113626793A CN202110799119.XA CN202110799119A CN113626793A CN 113626793 A CN113626793 A CN 113626793A CN 202110799119 A CN202110799119 A CN 202110799119A CN 113626793 A CN113626793 A CN 113626793A
- Authority
- CN
- China
- Prior art keywords
- detection
- health
- user
- detection result
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000036541 health Effects 0.000 title claims abstract description 217
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000003860 storage Methods 0.000 title claims description 24
- 238000001514 detection method Methods 0.000 claims abstract description 472
- 230000007246 mechanism Effects 0.000 claims abstract description 253
- 238000012797 qualification Methods 0.000 claims abstract description 36
- 230000002159 abnormal effect Effects 0.000 claims description 19
- 238000013475 authorization Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008901 benefit Effects 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 16
- 230000008569 process Effects 0.000 description 11
- 238000012360 testing method Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 208000025721 COVID-19 Diseases 0.000 description 6
- 230000003993 interaction Effects 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000007405 data analysis Methods 0.000 description 4
- 230000009545 invasion Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 230000011664 signaling Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 201000010099 disease Diseases 0.000 description 2
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 150000007523 nucleic acids Chemical group 0.000 description 2
- 102000039446 nucleic acids Human genes 0.000 description 2
- 108020004707 nucleic acids Proteins 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000011330 nucleic acid test Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000003892 spreading Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The present application relates to blockchain technology, and more particularly to a health certification system, the system comprising: the system comprises a certification mechanism end, a detection mechanism end, a user end, an enterprise end and a block chain; the authentication mechanism end is used for authenticating the detection qualification of the detection mechanism end and uploading the mechanism information of the detection mechanism end with the detection qualification to the block chain; the user side is used for carrying out health detection at the detection mechanism end according to the mechanism information acquired from the block chain; the detection mechanism end is used for uploading an obtained detection result to the block chain after health detection is carried out on the user at the user end; and the enterprise terminal is used for granting corresponding authority to the user terminal according to the detection result obtained from the block chain. The method and the device have the advantages that the detection mechanism end identified by the certification mechanism end is used for carrying out health detection on the user, and the accuracy of the detection result is guaranteed. Meanwhile, the detection result is stored by utilizing the characteristic of block chain decentralization, so that the data loss and the risk of tampering existing in data centralization are effectively avoided, and the safety of the detection result is ensured.
Description
Technical Field
The present application relates to block chain technology, and more particularly, to a method, system, apparatus, device, and readable storage medium for health authentication.
Background
Health certification is used to characterize the health of a user. In general, in a health authentication system, a user automatically reports information related to health authentication, including health information of the user himself/herself, whether or not the user has touched a person with abnormal physical condition, information of a patient who has been diagnosed by direct contact, and a travel route of the user. Further, health certification is provided to the user based on the information. One expression form of the health certification may be a two-dimensional code, and different health conditions correspond to two-dimensional codes of different colors, for example, a red two-dimensional code represents that a user is a virus carrier, a yellow two-dimensional code represents that a user is a potential patient who has contact with a virus patient, and a green two-dimensional code represents that a user is healthy. And under the scene that the health condition of the user needs to be verified, the user can pass according to the health authentication.
However, in the prior art, the detection qualification of the detection mechanism for issuing the health certification cannot be guaranteed, so that the accuracy of the health certification is low, and meanwhile, the safety of the health certification cannot be guaranteed due to the adoption of centralized management.
Disclosure of Invention
The embodiment of the application provides a health authentication method, a system, a device, equipment and a readable storage medium for solving the problems of low accuracy and safety of health authentication.
According to a first aspect of the embodiments of the present application, there is provided a health certification system, which includes a certification authority end, a detection authority end, a user end, an enterprise end, and a block chain;
the authentication mechanism end is used for authenticating the detection qualification of the detection mechanism end and uploading the mechanism information of the detection mechanism end with the detection qualification to the block chain;
the user side is used for performing health detection at the detection mechanism end according to the mechanism information acquired from the block chain;
the detection mechanism end is used for uploading an obtained detection result to the block chain after health detection is carried out on the user at the user end;
and the enterprise terminal is used for granting corresponding authority to the user terminal according to the detection result obtained from the block chain.
Preferably, the detection mechanism end is further configured to sign the detection result by using a detection mechanism private key generated based on the block chain, and send the signed detection result to the user end;
the user side is further used for encrypting the detection result by using an enterprise side public key generated based on the block chain and sending the encrypted detection result to the enterprise side;
and the enterprise terminal is also used for verifying whether the detection result belongs to the detection mechanism after decrypting the detection result, and granting corresponding authority to the user terminal if the detection result belongs to the detection mechanism.
Preferably, the certification authority end is further configured to upload a general health certification template to the blockchain;
and the detection mechanism end is also used for carrying out health detection on the user of the user end according to the universal health authentication template acquired from the block chain.
Preferably, the detection mechanism end is further configured to, when the detection result indicates that the health condition of the user is abnormal, acquire the trace track of the user or the data fingerprint of the trace track from the user end, sign the trace track or the data fingerprint by using a detection mechanism private key generated based on the block chain, and upload the signed trace track or data fingerprint to the block chain.
Preferably, the system further comprises a location service end;
the location server is used for determining a health risk area and/or a health risk group through back tracking according to risk information acquired from the block chain, and sending an alarm to the health risk area and/or the health risk group, wherein the risk information is information related to users with abnormal health conditions.
Preferably, the enterprise terminal is further configured to send a health certification access request to the user terminal;
the user side is further used for verifying the identity of the enterprise side based on the health authentication access request;
after the verification is passed, the enterprise terminal is further configured to obtain a detection result corresponding to the user terminal from the block chain, verify whether the detection result belongs to the detection mechanism, and grant a corresponding right to the user terminal if the detection result belongs to the detection mechanism.
Preferably, the user side is further configured to obtain the detection result from the blockchain, and send the detection result to the enterprise side;
the enterprise terminal is also used for verifying whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, corresponding authority is granted to the user terminal.
Preferably, the certification authority end is further configured to cancel, according to the erroneous detection result, the detection qualification of the detection authority end corresponding to the erroneous detection result through the block chain, and/or warn the detection authority end corresponding to the erroneous detection result.
Preferably, when the block chain includes a plurality of sub-block chains corresponding to different countries, data between the plurality of sub-block chains are translated and exchanged with each other.
Preferably, the data structures of the certification authority end, the detection authority end, the user end and the enterprise end include the following fields: id. created, Publickey, service, proof, and proof.signed value;
the id represents identity, the created represents creation time, the public key represents a public key, the service represents a service site, the proof represents a statement, and the proof represents signature of the statement.
Preferably, the user side stores credential information and/or user identity information of the detection result;
when the credential information is stored in the user side:
the user side is also used for displaying the credential information in a corresponding display mode based on the selection operation of the user;
the user side is also used for converting the credential information according to mutual approval conditions between different regions;
the user side is further used for obtaining identity information of an authorization target and opening the authority for accessing the credential information to the authorization target according to the identity information.
According to a second aspect of the embodiments of the present application, there is provided a health certification method applied to a health certification system, where the health certification system includes a certification authority end, a detection authority end, a user end, an enterprise end, and a blockchain, the method includes:
the certification mechanism side certifies the detection qualification of the detection mechanism side and uploads mechanism information of the detection mechanism side with the detection qualification to the block chain;
the user side acquires the mechanism information from the block chain and performs health detection at the detection mechanism end according to the mechanism information;
the detection mechanism end carries out health detection on the user of the user end to obtain a detection result, and uploads the detection result to the block chain;
and the enterprise terminal acquires the detection result from the block chain and grants corresponding authority to the user terminal according to the detection result.
Preferably, the method further comprises:
the detection mechanism terminal signs the detection result by using a detection mechanism private key generated based on the block chain and sends the signed detection result to the user terminal;
the user side encrypts the detection result by using an enterprise side public key generated based on the block chain, and sends the encrypted detection result to the enterprise side;
and after decrypting the detection result, the enterprise side verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, the enterprise side grants corresponding authority to the user side.
Preferably, the method further comprises:
and when the detection result shows that the health condition of the user is abnormal, the detection mechanism end acquires the track of the user or the data fingerprint of the track from the user end, signs the track or the data fingerprint by using a detection mechanism private key generated based on the block chain, and uploads the signed track or the signed data fingerprint to the block chain.
Preferably, when the health certification system further includes a location service end, the method further includes:
and the position server determines a health risk area and/or a health risk group through back tracking according to risk information acquired from the block chain, and sends an alarm to the health risk area and/or the health risk group, wherein the risk information is information related to users with abnormal health conditions.
Preferably, the step of the enterprise terminal obtaining the detection result from the block chain and granting the corresponding right to the user terminal according to the detection result includes:
the enterprise terminal sends a health authentication access request to the user terminal;
the user side verifies the identity of the enterprise side based on the health authentication access request;
and after the verification is passed, the enterprise terminal acquires a detection result corresponding to the user terminal from the block chain, verifies whether the detection result belongs to the detection mechanism or not, and grants a corresponding permission to the user terminal if the detection result belongs to the detection mechanism.
Preferably, the method further comprises:
the user side acquires the detection result from the block chain and sends the detection result to the enterprise side;
and the enterprise terminal verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, corresponding authority is granted to the user terminal.
According to a third aspect of the embodiments of the present application, there is provided a health authentication method applied to an authentication mechanism side in a health authentication system, where the health authentication system further includes a detection mechanism side, a blockchain, and a user side, and the method includes:
receiving an authentication application sent by the detection mechanism end, wherein the authentication application comprises mechanism information of the detection mechanism end;
authenticating the detection qualification of the detection mechanism end based on the authentication application;
after authentication, uploading the mechanism information to the block chain, so that the user side performs health detection at the detection mechanism according to the mechanism information acquired from the block chain.
Preferably, the method further comprises:
and according to the wrong detection result, canceling the detection qualification of the detection mechanism end corresponding to the wrong detection result through the block chain, and/or warning the detection mechanism end corresponding to the wrong detection result.
According to a fourth aspect of embodiments of the present application, there is provided a health authentication apparatus including:
the system comprises a receiving module, a verification module and a verification module, wherein the receiving module is used for receiving an authentication application sent by a detection mechanism end, and the authentication application comprises mechanism information of the detection mechanism end;
the authentication module is used for authenticating the detection qualification of the detection mechanism end based on the authentication application;
and the uploading module is used for uploading the mechanism information to the block chain after authentication so that the user end performs health detection at the detection mechanism end according to the mechanism information acquired from the block chain.
According to a fifth aspect of embodiments of the present application, there is provided a readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of the third aspect.
According to a sixth aspect of embodiments of the present application, there is provided a health authentication apparatus including:
one or more processors;
a memory;
one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of the third aspect.
The health certification system provided by the embodiment of the application comprises a certification mechanism end, a detection mechanism end, a user end, an enterprise end and a block chain; the authentication mechanism end is used for authenticating the detection qualification of the detection mechanism end and uploading the mechanism information of the detection mechanism end with the detection qualification to the block chain; the user side is used for carrying out health detection at the detection mechanism end according to the mechanism information acquired from the block chain; the detection mechanism end is used for uploading an obtained detection result to the block chain after health detection is carried out on the user at the user end; and the enterprise terminal is used for granting corresponding authority to the user terminal according to the detection result obtained from the block chain. The method and the device have the advantages that the detection mechanism end identified by the certification mechanism end is used for carrying out health detection on the user, and the accuracy of the detection result is guaranteed. Meanwhile, the detection result is stored by utilizing the characteristic of decentralized block chain, and because the block chain adopts a distributed storage mode, a centralized database does not need to be created, the risks of data loss and data tampering caused by invasion or damage of the centralized database are effectively avoided, and the safety of the detection result is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is an architecture diagram of a health certification system provided in an embodiment of the present application;
fig. 2 is a signaling diagram corresponding to the system architecture of fig. 1 according to an embodiment of the present application;
fig. 3 is an architecture diagram of a health certification system including a location server according to an embodiment of the present application;
fig. 4 is a schematic diagram of a display interface of a user side according to an embodiment of the present application;
fig. 5 is a signaling diagram corresponding to the system architecture of fig. 3 according to an embodiment of the present application;
fig. 6 is a flowchart of a health authentication method applied to a health authentication system according to an embodiment of the present application;
fig. 7 is a flowchart of a health authentication method applied to a certification authority according to an embodiment of the present application;
fig. 8 is a block diagram of a health authentication apparatus according to an embodiment of the present application;
fig. 9 is a structural diagram of a health authentication device according to an embodiment of the present application.
Detailed Description
In the process of implementing the present application, the inventor finds that the existing health authentication system has the problems of low accuracy and safety of health authentication.
In view of the above problems, an embodiment of the present application provides a health certification system, which includes a certification authority end, a detection authority end, a user end, an enterprise end, and a block chain; the authentication mechanism end is used for authenticating the detection qualification of the detection mechanism end and uploading the mechanism information of the detection mechanism end with the detection qualification to the block chain; the user side is used for carrying out health detection at the detection mechanism end according to the mechanism information acquired from the block chain; the detection mechanism end is used for uploading an obtained detection result to the block chain after health detection is carried out on the user at the user end; and the enterprise terminal is used for granting corresponding authority to the user terminal according to the detection result obtained from the block chain. The method and the device have the advantages that the detection mechanism end identified by the certification mechanism end is used for carrying out health detection on the user, and the accuracy of the detection result is guaranteed. Meanwhile, the detection result is stored by utilizing the characteristic of decentralized block chain, and because the block chain adopts a distributed storage mode, a centralized database does not need to be created, the risks of data loss and data tampering caused by invasion or damage of the centralized database are effectively avoided, and the safety of the detection result is ensured.
In order to make the technical solutions and advantages of the embodiments of the present application more apparent, the following further detailed description of the exemplary embodiments of the present application with reference to the accompanying drawings makes it clear that the described embodiments are only a part of the embodiments of the present application, and are not exhaustive of all embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
A first embodiment of the present application provides a health certification system, as shown in fig. 1, which includes a certification authority end, a detection authority end, a user end, an enterprise end, and a block chain. Fig. 2 shows a signaling diagram of each device in the system, specifically: the authentication mechanism end is used for authenticating the detection qualification of the detection mechanism end and uploading the mechanism information of the detection mechanism end with the detection qualification to the block chain. And the user side is used for performing health detection at the detection mechanism side according to the mechanism information acquired from the block chain. And the detection mechanism end is used for uploading the obtained detection result to the block chain after the health detection is carried out on the user at the user end. And the enterprise terminal is used for granting corresponding authority to the user terminal according to the detection result obtained from the block chain.
In the embodiment of the present application, the detection mechanism end may be a hospital or other mechanism with health detection capability. The health test may be a health test for COVID-19 or a test for other diseases. For the scenario of COVID-19, the detection mechanism side needs to have the capability of detecting COVID-19. The certification authority side is an authority having a certification authority for the detection authority side, such as governments of all levels or countries, and may be a world health organization in order to implement global generalization of health certification.
Further, the authentication process of the certification authority terminal to the detection authority terminal includes: the detection mechanism end sends an authentication application to the authentication mechanism end, wherein the authentication application at least comprises mechanism information of the detection mechanism end, and the mechanism information can comprise a mechanism address and mechanism detection capability. In addition, the certification application may include other information for qualification certification besides the organization information, which is not limited in the present application. And the authentication mechanism end receives the authentication application sent by the detection mechanism end and authenticates the detection qualification of the detection mechanism end based on the authentication application. For the authentication process, in a specific embodiment, for a detection mechanism with complete mechanism information and corresponding health detection capability, the authentication is passed; and for the detection mechanism with incomplete mechanism information or no corresponding health detection capability, the authentication is not passed. Of course, other determination conditions may be set for whether the authentication is passed or not, and the present application is not limited thereto. If the authentication is passed, the authentication mechanism end is proved to have the detection qualification. And the authentication mechanism end uploads the mechanism information of the detection mechanism end with the detection qualification to the block chain so that other equipment ends interacting with the block chain can acquire the mechanism information.
For blockchains, distributed data storage, point-to-point transmission, consensus mechanisms and encryption algorithms are employed. It is essentially a decentralized database, a string of blocks associated cryptographically, each containing a batch of information, used to verify the validity of the information and generate the next block. The block chain comprises a user management module, a basic service module and an intelligent contract. The user management module is responsible for identity information management of all blockchain participants, and comprises maintenance of public and private key generation, key management and maintenance of corresponding relation between user real identity and blockchain address. The basic service module is deployed on all block chain node equipment and used for verifying the validity of the service request, recording the valid request after consensus is completed on storage, performing adaptive analysis and authentication processing on an interface for a new service request by the basic service, encrypting service information through a consensus algorithm, transmitting the encrypted service information to a shared account book completely and consistently, and recording and storing the encrypted service information. The intelligent contract module is responsible for registering and issuing contracts, contract triggering and contract execution, developers can define contract logic through a certain programming language, issue the contract logic to a block chain, call keys or other event triggering execution according to the logic of contract terms to complete the contract logic, and simultaneously provide the function of upgrading and canceling the contracts.
Besides the mechanism information, the certification mechanism side uploads a general health certification template to the block chain, and the general health certification template is used for being filled in after health detection is carried out on the detection mechanism side and generating a detection result. One expression form of the detection result is health authentication, the realization form of the health authentication can be a health two-dimensional code or a health bar code, and the realization form of the detection result is not limited in the application. In order to realize global generalization of health certification, the universal health certification template is a global universal health certification template. After the certification mechanism terminal uploads the general health certification template to the block chain, the detection mechanism terminal carries out health detection on the user of the user terminal according to the general health certification template obtained from the block chain, and a detection result is generated.
In the embodiment of the application, the user side can query and acquire mechanism information from the block chain through the service information interface of the certification mechanism side, and go to the location of the detection mechanism side for health detection according to the mechanism address in the mechanism information, or send information related to the health detection to the detection mechanism side.
As shown in fig. 3, the health certification system of the present application further includes a location server. Because the detection mechanism end, the user end, the enterprise end and the location service end need to perform information interaction through the blockchain, the detection mechanism end, the user end, the enterprise end and the location service end need to be registered on the blockchain in advance to obtain the digital identity. The digital identity is used for identity verification in a subsequent information interaction process. The process of registering the digital identity at the equipment end is the same, and specifically comprises the following steps: and downloading the blockchain wallet from the blockchain to generate a secret key, wherein the secret key comprises a public key and a private key, the public key and the identity information are uploaded to the blockchain, and the private key is stored to the local device side. The identity information includes an identity ID, a service information URL, and a self-asserted signature. Taking the user side as an example, the user side downloads the blockchain wallet from the blockchain, generates the public key and the private key of the user side, uploads the public key of the user side and the identity information of the user side to the blockchain, and stores the private key of the user side to the local part of the user side.
In the embodiment of the application, the detection results include two types, the first type of detection result indicates that the health condition of the user is abnormal, and the second type of detection result indicates that the health condition of the user is normal. In one embodiment, both measurements can be uploaded to the blockchain. In a preferred embodiment, in order to reduce the storage pressure of the blockchain, only the first detection result may be uploaded to the blockchain, and the second detection result may be stored under the chain, wherein the second detection result may be stored to the user terminal and the detection mechanism terminal.
In the embodiment of the present application, in order to avoid exposing the user privacy information, all the detection results may also be stored under the chain. In a preferred embodiment: the detection mechanism end is also used for signing the detection result by using a detection mechanism private key generated based on the block chain and sending the signed detection result to the user end. When the enterprise terminal needs to access the detection result, the user terminal is further used for encrypting the detection result by using the enterprise terminal public key generated based on the block chain, and sending the encrypted detection result to the enterprise terminal. And the enterprise terminal is also used for verifying whether the detection result belongs to the detection mechanism after decrypting the detection result, and granting corresponding authority to the user terminal if the detection result belongs to the detection mechanism. The process of decrypting the enterprise terminal comprises the step of decrypting the detection result by using a private key of the enterprise terminal, and the process of verifying the detection result by the enterprise terminal comprises the step of verifying the detection result by using a public key of a detection mechanism. The detection result is stored under the chain, and the detection result is encrypted by using the private key of the detection mechanism end and the public key of the enterprise end, so that the exposure of the privacy of a user can be avoided, and the safety of the detection result can be improved.
Compared with the detection result of normal health condition, the detection result of abnormal health condition is more sensitive, and the safety of information is improved. When the detection result shows that the health condition of the user is abnormal, the detection mechanism end acquires the track of the user from the user side, signs the track by using a private key of the detection mechanism, and uploads the signed track to the block chain, so that other equipment ends can acquire the track from the block chain and perform data analysis based on the track. According to the method and the device, the travel track of the user is shared through the block chain to be used for big data analysis, the private key of the detection mechanism is used for signing the travel track, the authenticity of the travel track can be proved under the condition that the privacy of the user is not exposed, the safety of the travel track is improved, and the accuracy of the big data analysis is further improved. Of course, the detection result that represents the health condition of the user is normal may also be encrypted in the same manner, and will not be described herein again.
Further, as the trace track data is numerous and complicated, in order to save the storage space of the block chain, a mode of simultaneously storing on the chain and on the chain can be adopted, that is, when the detection result indicates that the health condition of the user is abnormal, the detection mechanism end acquires the data fingerprint of the trace track of the user from the user end, signs the data fingerprint by using the private key of the detection mechanism, uploads the signed data fingerprint to the block chain, and stores the trace track to the chain. And other equipment terminals acquire the data fingerprints from the block chain, acquire corresponding track tracks from the chain according to the data fingerprints, and perform data analysis based on the track tracks. The data under the chain can be ensured not to be tampered by the fingerprint verification on the chain.
In summary, when the detection result shows that the health condition of the user is abnormal, the detection mechanism end acquires the track or the data fingerprint of the track of the user from the user end, signs the track or the data fingerprint by using a private key of the detection mechanism generated based on the block chain, and uploads the signed track or data fingerprint to the block chain.
In the embodiment of the present application, when the enterprise end needs to confirm the health condition of the user end, there are two implementation manners:
in a first implementation, the enterprise actively obtains the detection result from the blockchain. The enterprise terminal sends a health authentication access request to the user terminal, the user terminal verifies the identity of the enterprise terminal based on the health authentication access request, after the verification is passed, the enterprise terminal obtains a detection result corresponding to the user terminal from the block chain and verifies whether the detection result belongs to a detection mechanism, and if the detection result belongs to the detection mechanism, corresponding permission is granted to the user terminal. In the verification process, a key of each device end needs to be utilized, specifically: and after receiving the health authentication access request sent by the enterprise terminal, the user terminal verifies the identity of the enterprise terminal through a public key corresponding to the enterprise terminal in the access block chain. And if the verification is passed, allowing the enterprise terminal to access the detection result, inquiring the public key of the detection mechanism terminal by the block chain after the enterprise terminal obtains the detection result, and verifying the detection result by using the public key of the detection mechanism terminal. And if the authentication is passed, the enterprise terminal grants corresponding authority to the user terminal. For example, the user at the user end is allowed to take planes, high-speed rails and the like, and automatic release in a mode of automatically opening a gate and the like can be realized.
In a second implementation manner, the user side obtains the detection result from the blockchain, and sends the detection result to the enterprise side. And the user side acquires the detection result from the block chain and sends the detection result to the enterprise side, the enterprise side verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, the user side is granted the corresponding authority. Specifically, after the user side sends the detection result to the enterprise side, the enterprise side queries the public key of the detection mechanism side from the block chain, and verifies the detection result by using the public key of the detection mechanism side. And if the authentication is passed, the enterprise terminal grants corresponding authority to the user terminal.
Further, for the user terminal, an implementation manner of the display interface is shown in fig. 4. The user side stores the certificate information and/or the user identity information of the detection result. The user identity information may be a user ID when the user registers, and the identity of the user may be obtained according to the user identity information. The credential information is a credential of the detection result, for example, when the detection mode is nucleic acid detection, the credential information is a nucleic acid detection credential. The user side can establish a certificate center, and all certificate information is stored through the certificate center, for example, the certificate center is used for storing the Chinese test certificate and the American test certificate.
Further, when the credential information is stored in the user side, the user side is further configured to display the credential information in a corresponding display manner based on a selection operation of the user. Specifically, the presentation manner of the credential information provided by the user terminal to the user includes, but is not limited to: two-dimensional codes, bar codes, text or symbols. The user can select operation on the user side according to needs, and the user side displays the credential information in a corresponding display mode according to the received selection operation. For example, if the presentation mode corresponding to the selection operation of the user is a two-dimensional code, the user side presents the credential information in the form of the two-dimensional code.
Further, the user side also has a credential conversion function, that is, the user side is also used for converting credential information according to mutual approval conditions between different regions. Specifically, the mutual approval condition may be a mutual approval region, so that the user converts the credential information according to the current region by detecting the current region. For example, if the voucher information of Chongqing is "Yukang code", the voucher information of Beijing is "Jiankangbao", and the voucher information of Jiansu is "Sukangbao", when mutually approved areas include Chongqing, Beijing and Jiansu, the voucher information of the three areas can be mutually converted, and if the user goes from Chongqing to Beijing, the user side detects that the area where the user is located is switched from Chongqing to Beijing, the voucher information is switched from "Yukangbao" to "healthgbao".
Further, the user side also has a credential authorization function, that is, the user side is further configured to obtain the identity information of the authorization target, and open the authority for accessing the credential information to the authorization target according to the identity information of the authorization target. Specifically, a user can configure an authorization target in a user side, wherein the authorization target is an object which wants to authorize and allow access to credential information of the user side, the user side receives identity information of the authorization target input by the user, signs the identity information to obtain an authorization record, chains the authorization record, encrypts the credential information by using a public key of the authorization target and then sends the encrypted credential information to the authorization target, and therefore the authorization target can obtain a detection result in the credential information after decrypting the credential information by using a private key.
In the embodiment of the present application, the location server is a service provider that provides geographic location records and has an analysis capability, and is capable of acquiring the geographic location of the user terminal. As shown in fig. 5, the location service end determines a health risk area and/or a health risk group through back tracking according to the risk information acquired from the blockchain, and sends an alarm to the health risk area and/or the health risk group. The alarm object can be a user end or an enterprise end. The risk information is information related to users with abnormal health conditions, and the risk information can be at least one of detection results, a track trajectory and a data fingerprint of the track trajectory. Here, the back tracking refers to tracking back the past information based on the current information, and for example, if the current user is abnormal in health status, the user's past track and the people who have been in contact with the track are tracked back. After the position server determines the health risk area and/or the health risk crowd, the health risk area and/or the health risk crowd can be uploaded to the block chain, and pushing is carried out by using the block chain. In the process of alarming, the user whose first detection result shows that the health condition is normal and whose second detection result shows that the health condition is abnormal can be sent out an alarm in a targeted manner, for example, the user who detects the abnormality after the user returns to the country normally is detected abroad.
In the embodiment of the present application, the detection result may be incorrect, for example, the detection result obtained by the detection mechanism is negative, and the true detection result is positive. For the above-mentioned erroneous detection result, the user terminal or the enterprise terminal, and other detection mechanism terminals except the detection mechanism terminal corresponding to the detection result, may send the erroneous detection result to the certification mechanism terminal. And the authentication mechanism end cancels the detection qualification of the detection mechanism end corresponding to the wrong detection result through the block chain according to the wrong detection result, and/or warns the detection mechanism end corresponding to the wrong detection result.
In the embodiment of the present application, in order to implement the generalization of the detection result on a global scale, the blockchain may include a plurality of blockchains corresponding to different countries, and data between the plurality of blockchains is translated and then exchanged with each other. Specifically, since the blockchain uses a distributed information recording manner, when the blockchain includes a plurality of subblockchains in different countries, the programming language used by the blockchain protocol used by each subblockchain may be different, and the literal language used by the field content in the blockchain protocol may also be different, for example, the two field contents of "positive" and "positive" correspond to the same meaning. In the application, the block chain translator can be used for translating the programming language of the block chain protocol, the word language translator is used for translating the word language of the block chain protocol, and information interaction among different sub-block chains can be realized according to the translated block chain protocol.
Taking the information interaction between the first sub-block chain and the second sub-block chain as an example, when the first sub-block chain actively initiates information interaction to the second sub-block chain, after a user completes the definition of the stream of the operable block, condition, trigger and event of the first sub-block chain, the block chain translator is used to translate the programming language of the information into the target programming language adopted by the second sub-block chain, and meanwhile, the text language translator is used to translate the field content in the information into the target text language adopted by the second sub-block chain, so as to obtain the target block chain protocol, and then, the block chain service interface is used to write the translated target block chain protocol into the second sub-block chain, so as to perform information interaction.
In the embodiment of the present application, since the user side can store not only the detection result but also the trace track, in order to avoid that the data stored in the user side occupies too much storage space, a proxy storage mode may be used, that is, the detection result and the trace track of the user side are stored in the proxy server.
In the embodiment of the present application, the data structures of the certification authority side, the detection authority side, the user side, and the enterprise side all include the following fields: id. created, Publickey, service, proof, and proof. Wherein id represents identity, created represents creation time, public key represents public key, service represents service site, proof represents statement, proof.
Further, the coding mode of the block chain in the embodiment of the present application is DID, and the document in the block chain is a DID document. Namely, the identification coding scheme of the application adopts Decentralized identities established by the international world wide web consortium W3C, and the coding rule is did: bid: specification. Wherein, did is the identification prefix specified by international world wide web alliance w3c, bid is the block chain registration method, and specification is the self-defined identification coding scheme of bid. In this application, the custom portion is the first 12 bits of the hash value of the public key. The client, the enterprise and the location service need KYC verification before registering to become corresponding roles, so as to ensure the authenticity of information.
The DID document metadata template format of the certification authority side is as follows:
″id″:″did:bid:6cc796b8d6e2fbebc9b3cf9e″,
″type″:″Secp256k1″,
″publicKeyHex″:
″4b4042665b3235a12fb49730ff620fef1c96e9efa5c90119abd2e8acfe856053″
″service″:
{
″id″:″did:bid:6cc796b8d6e2fbebc9b3cf9e#resolver″,
″type″:″DIDResolve″,
"serviceEndpoint": https:// who, covid-19 "// authorized detection mechanism end and universal health certification template inquiry interface
}
″proof″:
{
″type″:″Secp256k1″,
″creator″:″did:did:bid:6cc796b8d6e2fbebc9b3cf9e#keys-1″,
″signatureValue″:″QNB13Y7Q9...1tzjn4w==″
}
Wherein,
the DID document of the health certification template is as follows:
″id″:″did:bid:hash(covid-19passport data)″
″covid-19passport″:
{
"id": did: bid:6cc796b8d6e2fbebc9b3cf9e "# indicates the owner of the test result
″passport NO″:″12345678″
"covid-19 test resource": health "# nucleic acid test Normal
″test date″:″20200620″
″expiry·date″:″7days″
″inspection institution″:″Peking Union Medical College″
}
"Signature" QNB13Y7Q9.. 1tzjn4w "# is signed by the detection agency, and the detection result is proved to be true and effective.
The position information data template is as follows:
the ID, did, bid, hash data and # mark are used for carrying out hash operation on the trace track by the private key of the detection mechanism end
"id": bid 6cc796b8d6e2fbebc9b3cf9e "# creator
″version″:″1″
″created″:″2019-10-23T09:14:17.961Z″
″updated″:″2019-10-23T09:14:17.961Z″
″COVID-19 track data″:
[
{
″location″:″beijing″,
″date″:″20200708 8:00-9:00″,
}
{
″location″:″beijing″,
″date″:″20200708 8:00-9:00″,
}
{
″location″:″beijing″,
″date″:″20200708 8:00-9:00″,
}
{
″location″:″beijing″,
″date″:″20200708 8:00-9:00″,
}
...
{
″location″:″beijing″,
″date″:″20200708 8:00-9:00″,
}
]
"Signature" QNB13Y7Q9.. 1tzjn4w "# is signed by the detection agency, proving that the trace track is true and valid.
The health authentication system can be divided into three layers from the viewpoint of software and hardware architecture, namely a block chain layer, an information service layer and a physical layer. The block chain layer is the basis of the whole system, each node stores a DID document, and the DID document contains the corresponding relation between the DID and the public key and is used for digital identity verification. The information service layer establishes a safety identity authentication and data exchange mechanism for each participated equipment terminal and consists of an information service interface, a DID digital identity, a data authority management and certificate storage module. The physical layer is formed by each equipment end and defines role positioning and data templates of each participating equipment end.
The embodiment of the application provides a health certification system, and the detection mechanism end identified by the certification mechanism end is used for carrying out health detection on the user, so that the accuracy of the detection result is ensured. The detection result is stored by utilizing the decentralized characteristic of the block chain, and because the block chain adopts a distributed storage mode, a centralized database does not need to be created, the risks of data loss and data tampering caused by invasion or damage of the centralized database are effectively avoided, and the safety of the detection result is ensured. The track and/or the data fingerprint of the track are/is encrypted by using a private key of the detection mechanism, so that the information security is improved, and the storage space of the block chain is saved. The world health organization is used as an authentication mechanism, a global universal health authentication template is adopted, the universal detection result in the global range is realized, the passing convenience of users is improved, the missing detection and the false detection of unhealthy people are avoided, and the disease spreading risk is reduced.
Based on the same inventive concept, the second embodiment of the present application further provides a health authentication method, which is applied to a health authentication system, where the health authentication system includes an authentication mechanism end, a detection mechanism end, a user end, an enterprise end, and a block chain, that is, the execution subject of the second embodiment is the health authentication system. As shown in fig. 6, the method includes:
step 601: the certification mechanism end is used for certifying the detection qualification of the detection mechanism end, and the mechanism information of the detection mechanism end with the detection qualification is uploaded to the block chain;
step 602: acquiring the mechanism information from the block chain by using the user side, and performing health detection at the detection mechanism end according to the mechanism information;
step 603: utilizing the detection mechanism end to perform health detection on the user at the user end to obtain a detection result, and uploading the detection result to the block chain;
step 604: and utilizing the enterprise terminal to obtain the detection result from the block chain and granting corresponding authority to the user terminal according to the detection result.
In an embodiment of the present application, the method further includes:
the detection mechanism terminal signs the detection result by using a detection mechanism private key generated based on the block chain and sends the signed detection result to the user terminal;
the user side encrypts the detection result by using an enterprise side public key generated based on the block chain, and sends the encrypted detection result to the enterprise side;
and after decrypting the detection result, the enterprise side verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, the enterprise side grants corresponding authority to the user side.
In an embodiment of the present application, the method further includes:
and when the detection result shows that the health condition of the user is abnormal, the detection mechanism end acquires the track or the data fingerprint of the track of the user from the user end, signs the track or the data fingerprint by using a detection mechanism private key generated based on the block chain, and uploads the signed track or data fingerprint to the block chain.
In this embodiment, when the health authentication system further includes a location server, the method further includes:
and the position server determines a health risk area and/or health risk crowd through back tracking according to the risk information acquired from the block chain, and sends an alarm to the health risk area and/or the health risk crowd, wherein the risk information is information related to users with abnormal health conditions.
In this embodiment of the present application, the detecting result obtained from the blockchain by the enterprise terminal, and granting the corresponding right to the user terminal according to the detecting result includes:
the enterprise end sends a health authentication access request to the user end;
the user side verifies the identity of the enterprise side based on the health authentication access request;
after the verification is passed, the enterprise terminal acquires a detection result corresponding to the user terminal from the block chain, verifies whether the detection result belongs to the detection mechanism or not, and grants a corresponding authority to the user terminal if the detection result belongs to the detection mechanism.
In an embodiment of the present application, the method further includes:
the user side acquires a detection result from the block chain and sends the detection result to the enterprise side;
and the enterprise terminal verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, the enterprise terminal grants corresponding authority to the user terminal.
The health authentication method of the embodiment of the present application is a method corresponding to the health authentication system in the first embodiment. In this embodiment, the method steps executed by each device end are the same as the functions of each device end described in the first embodiment, and are not described herein again.
Based on the same inventive concept, the third embodiment of the present application further provides a health authentication method, which is applied to an authentication mechanism side in a health authentication system, where the health authentication system further includes a detection mechanism side, a block chain, and a user side, that is, an execution subject of the third embodiment is the authentication mechanism side. As shown in fig. 7, the method includes:
step 701: and receiving an authentication application sent by the detection mechanism end, wherein the authentication application comprises mechanism information of the detection mechanism end.
Step 702: and authenticating the detection qualification of the detection mechanism terminal based on the authentication application.
Step 703: after authentication, the institution information is uploaded to the blockchain, so that the user terminal performs health detection at the detection institution terminal according to the institution information acquired from the blockchain.
In an embodiment of the present application, the method further includes:
and according to the wrong detection result, canceling the detection qualification of the detection mechanism end corresponding to the wrong detection result through the block chain, and/or warning the detection mechanism end corresponding to the wrong detection result.
The certificate authority end in the embodiment of the present application has the same function as the certificate authority end in the first embodiment, and therefore, all the method steps executed in this embodiment are not described again.
Based on the same inventive concept, a fourth embodiment of the present application further provides a health certification apparatus, as shown in fig. 8, including:
the receiving module 801 is configured to receive an authentication application sent by a detection mechanism, where the authentication application includes mechanism information of the detection mechanism.
And the authentication module 802 is configured to authenticate the detection qualification of the detection mechanism based on the authentication application.
And an uploading module 803, configured to upload the institution information to the blockchain after authentication, so that the user end performs health detection at the detection institution end according to the institution information acquired from the blockchain.
In an embodiment of the present application, the apparatus further includes:
and the error correction module is used for canceling the detection qualification of the detection mechanism end corresponding to the wrong detection result through the block chain according to the wrong detection result and/or warning the detection mechanism end corresponding to the wrong detection result.
The health authentication device in the embodiment of the present application has the same functions as the authentication mechanism in the first embodiment and the second embodiment, and therefore, the functions of the health authentication device in the embodiment are not described again.
Based on the same inventive concept, the fifth embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the method steps described in the third embodiment.
Based on the same inventive concept, a health certification device is further provided in the sixth embodiment of the present application, as shown in fig. 9, for convenience of description, only the parts related to the embodiment of the present invention are shown, and details of the specific technology are not disclosed, please refer to the method part of the embodiment of the present invention. The health authentication device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, and the like, taking the health authentication device as the mobile phone as an example:
fig. 9 is a block diagram showing a partial structure related to the health authentication device provided by the embodiment of the present invention. Referring to fig. 9, the health authentication apparatus includes: a memory 901 and a processor 902. Those skilled in the art will appreciate that the health certification device structure shown in fig. 9 does not constitute a limitation of the health certification device, and may include more or less components than those shown, or combine certain components, or a different arrangement of components.
The following specifically describes the respective constituent components of the health authentication apparatus with reference to fig. 9:
the memory 901 may be used to store software programs and modules, and the processor 902 executes various functional applications and data processing by operating the software programs and modules stored in the memory 901. The memory 901 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.), and the like. Further, the memory 901 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 902 is a control center of the health authentication apparatus, and executes various functions and processes data by running or executing software programs and/or modules stored in the memory 901 and calling data stored in the memory 901. Alternatively, processor 902 may include one or more processing units; preferably, the processor 902 may integrate an application processor, which handles primarily the operating system, user interface, applications, etc., and a modem processor, which handles primarily wireless communications.
In this embodiment of the present invention, the processor 902 included in the health authentication device may have the functions corresponding to any method steps in the third embodiment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may employ computer-usable storage media (including, but not limited to, magnetic disk storage) having computer-usable program code embodied therein
Memory, CD-ROM, optical storage, etc.).
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description of the present application, it is to be understood that the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (22)
1. A health certification system is characterized by comprising a certification authority end, a detection authority end, a user end, an enterprise end and a block chain;
the authentication mechanism end is used for authenticating the detection qualification of the detection mechanism end and uploading the mechanism information of the detection mechanism end with the detection qualification to the block chain;
the user side is used for performing health detection at the detection mechanism end according to the mechanism information acquired from the block chain;
the detection mechanism end is used for uploading an obtained detection result to the block chain after health detection is carried out on the user at the user end;
and the enterprise terminal is used for granting corresponding authority to the user terminal according to the detection result obtained from the block chain.
2. The health certification system of claim 1, wherein the detection mechanism side is further configured to sign the detection result using a detection mechanism private key generated based on the blockchain, and send the signed detection result to the user side;
the user side is further used for encrypting the detection result by using an enterprise side public key generated based on the block chain and sending the encrypted detection result to the enterprise side;
and the enterprise terminal is also used for verifying whether the detection result belongs to the detection mechanism after decrypting the detection result, and granting corresponding authority to the user terminal if the detection result belongs to the detection mechanism.
3. The health certification system of claim 1, wherein the certification authority is further configured to upload a generic health certification template to the blockchain;
and the detection mechanism end is also used for carrying out health detection on the user of the user end according to the universal health authentication template acquired from the block chain.
4. The health certification system of claim 1, wherein the detection mechanism terminal is further configured to, when the detection result indicates that the health condition of the user is abnormal, obtain a trace track of the user or a data fingerprint of the trace track from the user terminal, sign the trace track or the data fingerprint by using a detection mechanism private key generated based on the block chain, and upload the signed trace track or the data fingerprint to the block chain.
5. The health certification system of claim 1, wherein the system further comprises a location service;
the location server is used for determining a health risk area and/or a health risk group through back tracking according to risk information acquired from the block chain, and sending an alarm to the health risk area and/or the health risk group, wherein the risk information is information related to users with abnormal health conditions.
6. The health certification system of claim 1, wherein the enterprise side is further configured to send a health certification access request to the user side;
the user side is further used for verifying the identity of the enterprise side based on the health authentication access request;
after the verification is passed, the enterprise terminal is further configured to obtain a detection result corresponding to the user terminal from the block chain, verify whether the detection result belongs to the detection mechanism, and grant a corresponding right to the user terminal if the detection result belongs to the detection mechanism.
7. The health certification system of claim 1, wherein the user side is further configured to obtain the detection result from the blockchain and send the detection result to the enterprise side;
the enterprise terminal is also used for verifying whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, corresponding authority is granted to the user terminal.
8. The health certification system according to claim 1, wherein the certification authority terminal is further configured to cancel, through the blockchain, the detection qualification of the detection authority terminal corresponding to the erroneous detection result and/or to warn the detection authority terminal corresponding to the erroneous detection result according to the erroneous detection result.
9. The health certification system of claim 1, wherein when the blockchain includes a plurality of blockchains corresponding to different countries, data between the plurality of blockchains is translated for interchange.
10. The health certification system of claim 1, wherein the data structures of the certification authority side, the detection authority side, the user side, and the enterprise side each include the following fields: id. created, Publickey, service, proof, and proof.signed value;
the id represents identity, the created represents creation time, the public key represents a public key, the service represents a service site, the proof represents a statement, and the proof represents signature of the statement.
11. The health certification system according to claim 1, wherein the user side stores therein credential information and/or user identity information of the detection result;
when the credential information is stored in the user side:
the user side is also used for displaying the credential information in a corresponding display mode based on the selection operation of the user;
the user side is also used for converting the credential information according to mutual approval conditions between different regions;
the user side is further used for obtaining identity information of an authorization target and opening the authority for accessing the credential information to the authorization target according to the identity information.
12. A health certification method is applied to a health certification system, wherein the health certification system comprises a certification authority end, a detection authority end, a user end, an enterprise end and a block chain, and the method comprises the following steps:
the certification mechanism side certifies the detection qualification of the detection mechanism side and uploads mechanism information of the detection mechanism side with the detection qualification to the block chain;
the user side acquires the mechanism information from the block chain and performs health detection at the detection mechanism end according to the mechanism information;
the detection mechanism end carries out health detection on the user of the user end to obtain a detection result, and uploads the detection result to the block chain;
and the enterprise terminal acquires the detection result from the block chain and grants corresponding authority to the user terminal according to the detection result.
13. The health certification method of claim 12, wherein the method further comprises:
the detection mechanism terminal signs the detection result by using a detection mechanism private key generated based on the block chain and sends the signed detection result to the user terminal;
the user side encrypts the detection result by using an enterprise side public key generated based on the block chain, and sends the encrypted detection result to the enterprise side;
and after decrypting the detection result, the enterprise side verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, the enterprise side grants corresponding authority to the user side.
14. The health certification method of claim 12, wherein the method further comprises:
and when the detection result shows that the health condition of the user is abnormal, the detection mechanism end acquires the track of the user or the data fingerprint of the track from the user end, signs the track or the data fingerprint by using a detection mechanism private key generated based on the block chain, and uploads the signed track or the signed data fingerprint to the block chain.
15. The health certification method of claim 12, wherein when the health certification system further includes a location service, the method further comprises:
and the position server determines a health risk area and/or a health risk group through back tracking according to risk information acquired from the block chain, and sends an alarm to the health risk area and/or the health risk group, wherein the risk information is information related to users with abnormal health conditions.
16. The health certification method of claim 12, wherein the acquiring, by the enterprise terminal, the detection result from the blockchain and granting the corresponding right to the user terminal according to the detection result comprises:
the enterprise terminal sends a health authentication access request to the user terminal;
the user side verifies the identity of the enterprise side based on the health authentication access request;
and after the verification is passed, the enterprise terminal acquires a detection result corresponding to the user terminal from the block chain, verifies whether the detection result belongs to the detection mechanism or not, and grants a corresponding permission to the user terminal if the detection result belongs to the detection mechanism.
17. The health certification method of claim 12, wherein the method further comprises:
the user side acquires the detection result from the block chain and sends the detection result to the enterprise side;
and the enterprise terminal verifies whether the detection result belongs to the detection mechanism, and if the detection result belongs to the detection mechanism, corresponding authority is granted to the user terminal.
18. A health certification method is applied to a certification authority end in a health certification system, wherein the health certification system further comprises a detection authority end, a block chain and a user end, and the method comprises the following steps:
receiving an authentication application sent by the detection mechanism end, wherein the authentication application comprises mechanism information of the detection mechanism end;
authenticating the detection qualification of the detection mechanism end based on the authentication application;
after authentication, uploading the mechanism information to the block chain, so that the user side performs health detection at the detection mechanism according to the mechanism information acquired from the block chain.
19. The health certification method of claim 18, wherein the method further comprises:
and according to the wrong detection result, canceling the detection qualification of the detection mechanism end corresponding to the wrong detection result through the block chain, and/or warning the detection mechanism end corresponding to the wrong detection result.
20. A health certification apparatus, comprising:
the system comprises a receiving module, a verification module and a verification module, wherein the receiving module is used for receiving an authentication application sent by a detection mechanism end, and the authentication application comprises mechanism information of the detection mechanism end;
the authentication module is used for authenticating the detection qualification of the detection mechanism end based on the authentication application;
and the uploading module is used for uploading the mechanism information to the block chain after authentication so that the user end performs health detection at the detection mechanism end according to the mechanism information acquired from the block chain.
21. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to claim 18 or 19.
22. A health certification device, comprising:
one or more processors;
a memory;
one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of claim 18 or 19.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110799119.XA CN113626793A (en) | 2021-07-15 | 2021-07-15 | Health authentication method, system, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110799119.XA CN113626793A (en) | 2021-07-15 | 2021-07-15 | Health authentication method, system, device, equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113626793A true CN113626793A (en) | 2021-11-09 |
Family
ID=78379776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110799119.XA Pending CN113626793A (en) | 2021-07-15 | 2021-07-15 | Health authentication method, system, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113626793A (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107425969A (en) * | 2017-09-08 | 2017-12-01 | 华中科技大学 | A kind of employee's physical examination information authentication method based on block chain technology |
| CN109753817A (en) * | 2018-12-28 | 2019-05-14 | 全链通有限公司 | Medical information secure storage scheme based on block chain |
| CN110084071A (en) * | 2019-04-24 | 2019-08-02 | 苏州国利岳康软件科技有限公司 | Physical examination secure storage method of data based on block chain |
| CN110535656A (en) * | 2019-07-31 | 2019-12-03 | 阿里巴巴集团控股有限公司 | Medical data processing method, device, equipment and server |
| CN110889120A (en) * | 2019-10-10 | 2020-03-17 | 深圳创链数据科技有限公司 | System and method for big health data based on block chain technology |
| CN110931093A (en) * | 2020-02-18 | 2020-03-27 | 支付宝(杭州)信息技术有限公司 | Medical information sharing system and method |
| US20200184757A1 (en) * | 2018-10-25 | 2020-06-11 | Myomega Systems Gmbh | Establishing control based on location of a mobile device |
| WO2020136289A1 (en) * | 2018-12-28 | 2020-07-02 | Conectate Soluciones Y Aplicaciones Sl | Unified identification protocol for training and health |
| WO2020143470A1 (en) * | 2019-01-09 | 2020-07-16 | 腾讯科技(深圳)有限公司 | Method for issuing digital certificate, digital certificate issuing center, and medium |
| WO2020151308A1 (en) * | 2019-01-24 | 2020-07-30 | 平安科技(深圳)有限公司 | Medical record permission management method and apparatus, readable storage medium, and server |
| CN111652776A (en) * | 2020-05-14 | 2020-09-11 | 山东浪潮质量链科技有限公司 | Method, device and medium for managing electronic health code based on block chain |
| US20200293515A1 (en) * | 2019-06-03 | 2020-09-17 | Alibaba Group Holding Limited | Service processing system and method based on blockchain |
| CN111768824A (en) * | 2020-06-23 | 2020-10-13 | 中国工商银行股份有限公司 | Health information auxiliary medical treatment method, node and system based on block chain |
| CN111931199A (en) * | 2020-06-24 | 2020-11-13 | 山东浪潮质量链科技有限公司 | Health authentication method, equipment and medium based on block chain and dynamic code |
| CN112687363A (en) * | 2020-12-20 | 2021-04-20 | 统一二维码标识注册管理中心有限公司 | Health code public service method and platform |
| CN112967775A (en) * | 2021-03-26 | 2021-06-15 | 清华大学 | Medical health data credible sharing method and system based on block chain |
| CN113297560A (en) * | 2021-05-06 | 2021-08-24 | 北京奇虎科技有限公司 | Identity authentication method, device and equipment based on block chain and readable storage medium |
-
2021
- 2021-07-15 CN CN202110799119.XA patent/CN113626793A/en active Pending
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107425969A (en) * | 2017-09-08 | 2017-12-01 | 华中科技大学 | A kind of employee's physical examination information authentication method based on block chain technology |
| US20200184757A1 (en) * | 2018-10-25 | 2020-06-11 | Myomega Systems Gmbh | Establishing control based on location of a mobile device |
| CN109753817A (en) * | 2018-12-28 | 2019-05-14 | 全链通有限公司 | Medical information secure storage scheme based on block chain |
| WO2020136289A1 (en) * | 2018-12-28 | 2020-07-02 | Conectate Soluciones Y Aplicaciones Sl | Unified identification protocol for training and health |
| WO2020143470A1 (en) * | 2019-01-09 | 2020-07-16 | 腾讯科技(深圳)有限公司 | Method for issuing digital certificate, digital certificate issuing center, and medium |
| WO2020151308A1 (en) * | 2019-01-24 | 2020-07-30 | 平安科技(深圳)有限公司 | Medical record permission management method and apparatus, readable storage medium, and server |
| CN110084071A (en) * | 2019-04-24 | 2019-08-02 | 苏州国利岳康软件科技有限公司 | Physical examination secure storage method of data based on block chain |
| US20200293515A1 (en) * | 2019-06-03 | 2020-09-17 | Alibaba Group Holding Limited | Service processing system and method based on blockchain |
| CN110535656A (en) * | 2019-07-31 | 2019-12-03 | 阿里巴巴集团控股有限公司 | Medical data processing method, device, equipment and server |
| CN110889120A (en) * | 2019-10-10 | 2020-03-17 | 深圳创链数据科技有限公司 | System and method for big health data based on block chain technology |
| CN110931093A (en) * | 2020-02-18 | 2020-03-27 | 支付宝(杭州)信息技术有限公司 | Medical information sharing system and method |
| CN111652776A (en) * | 2020-05-14 | 2020-09-11 | 山东浪潮质量链科技有限公司 | Method, device and medium for managing electronic health code based on block chain |
| CN111768824A (en) * | 2020-06-23 | 2020-10-13 | 中国工商银行股份有限公司 | Health information auxiliary medical treatment method, node and system based on block chain |
| CN111931199A (en) * | 2020-06-24 | 2020-11-13 | 山东浪潮质量链科技有限公司 | Health authentication method, equipment and medium based on block chain and dynamic code |
| CN112687363A (en) * | 2020-12-20 | 2021-04-20 | 统一二维码标识注册管理中心有限公司 | Health code public service method and platform |
| CN112967775A (en) * | 2021-03-26 | 2021-06-15 | 清华大学 | Medical health data credible sharing method and system based on block chain |
| CN113297560A (en) * | 2021-05-06 | 2021-08-24 | 北京奇虎科技有限公司 | Identity authentication method, device and equipment based on block chain and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 沈红江: "区块链在检验检测机构证书报告管理中的应用", 《质量与认证》, no. 01, 31 January 2021 (2021-01-31), pages 66 - 68 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11139978B2 (en) | Portable biometric identity on a distributed data storage layer | |
| US11887705B2 (en) | Apparatus, system and method for patient-authorized secure and time-limited access to patient medical records utilizing key encryption | |
| US20190333031A1 (en) | System, method, and computer program product for validating blockchain or distributed ledger transactions in a service requiring payment | |
| US20180336554A1 (en) | Secure electronic transaction authentication | |
| AU2017397325B2 (en) | Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity | |
| US10348699B2 (en) | Identity binding systems and methods in a personal data store in an online trust system | |
| JP4736744B2 (en) | Processing device, auxiliary information generation device, terminal device, authentication device, and biometric authentication system | |
| CN105659559B (en) | Verifying security of a remote server | |
| JP2020528695A (en) | Blockchain authentication via hard / soft token verification | |
| CN108881253B (en) | Block chain real name participation method and system | |
| US11669605B1 (en) | Dynamic enrollment using biometric tokenization | |
| US11588804B2 (en) | Providing verified claims of user identity | |
| CN109327457A (en) | A kind of internet of things equipment identity identifying method and system based on block chain | |
| CN110010213A (en) | Electronic health record storage method, system, device, equipment and readable storage medium storing program for executing | |
| CN111460509B (en) | Electronic signature application method based on blockchain | |
| KR101858653B1 (en) | Method for certifying a user by using mobile id through blockchain database and merkle tree structure related thereto, and terminal and server using the same | |
| CN109768983A (en) | Dynamic and Multi dimensional personal identification method, apparatus and system based on block chain | |
| CN109861996B (en) | Block chain-based relationship proving method, device, equipment and storage medium | |
| CN112398920A (en) | Medical privacy data protection method based on block chain technology | |
| CN112927775B (en) | Diagnosis and treatment information processing method and device based on block chain | |
| Benarous et al. | Blockchain‐based forgery resilient vehicle registration system | |
| CN111431918B (en) | Method and system for determining state label of target user based on block chain | |
| CN117012324A (en) | Block chain-based health data wallet management method and system | |
| CN113626793A (en) | Health authentication method, system, device, equipment and readable storage medium | |
| CN111783070B (en) | File information acquisition method, device, equipment and storage medium based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |