CN114372294A - Double-mapping method for medical image on-chain representation and under-chain safe edge storage - Google Patents

Double-mapping method for medical image on-chain representation and under-chain safe edge storage Download PDF

Info

Publication number
CN114372294A
CN114372294A CN202111586514.6A CN202111586514A CN114372294A CN 114372294 A CN114372294 A CN 114372294A CN 202111586514 A CN202111586514 A CN 202111586514A CN 114372294 A CN114372294 A CN 114372294A
Authority
CN
China
Prior art keywords
matrix
chain
image
medical image
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111586514.6A
Other languages
Chinese (zh)
Inventor
陈自刚
颜逸
武豪
陈龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202111586514.6A priority Critical patent/CN114372294A/en
Publication of CN114372294A publication Critical patent/CN114372294A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Power Engineering (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

The invention provides a method for representing medical image on a chain and storing safety margin under the chain based on a block chain technology, a trusted computing technology and a compressed sensing encryption and decryption image technology. Generating a first hash chain and a second hash chain according to an initial key by using an image encryption method based on hash chain compressed sensing; and obtaining a measurement matrix and an encryption matrix according to the first hash chain and the second hash chain respectively, obtaining a measurement result matrix through the original image and the measurement matrix, and obtaining an encrypted image matrix through the measurement result matrix and the encryption matrix. And (4) hashing the measurement matrix again to obtain a hash value of the measurement matrix, and storing the medical image related information, the hash value of the measurement matrix and the node signature into the block chain. The encrypted image matrix is stored in the node local space. In the whole process, the existence certification of the medical image is realized, namely the medical image is represented on a chain, the image is safely stored in a node local space, namely the image is stored at a safety edge under the chain, and the two-way mapping is realized by the medical data information with the unique identifier and the Hash value of the image measurement matrix.

Description

Double-mapping method for medical image on-chain representation and under-chain safe edge storage
Technical Field
The invention relates to a medical image information encryption and safe storage and sharing technology, in particular to a method for on-chain representation and under-chain safe edge storage of medical images.
Background
Due to the influence of network, security and stability reasons, hospitals generally establish an image storage and transmission system to archive, store and communicate hospital image data. However, with the increasing precision of the digital diagnostic equipment and the increasing number of patients to be treated, the conventional image storage and transmission system obviously has many problems and disadvantages.
(1) The operating systems, databases and storage devices adopted by the manufacturers of the large image storage and transmission systems are different, so that the image storage and transmission systems are completely heterogeneous in software and hardware and lack of interoperability mutually.
(2) Medical image data accounts for a large proportion of medical data, and with the continuous progress of medical equipment, the image data is increased in PB-level explosion (slow sensitivity, construction and research of a cloud computing-based hospital information technology platform: Xiamen university, 2014). Therefore, most image storage and transmission systems of hospitals need 1 expansion process in several years, but the expansion work is not only large in investment, but also large in difficulty and lower in performance.
(3) Because the image storage and transmission system storage platform of each hospital is not uniform enough, and the storage interface is relatively disordered, the sharing of the image storage and transmission system information among hospitals is difficult to realize. If regional sharing of the image storage and transmission system is to be realized, data sharing must be performed from the medical digital imaging and communication interface, which results in a great deal of modification in the application of the image storage and transmission system.
Disclosure of Invention
The invention provides a double mapping method for on-chain representation and off-chain safe edge storage of medical images, which realizes safe sharing of the medical images, ensures the credibility, the non-falsification and the non-falsification of the medical image data, ensures the local safe storage of the medical image data, and reduces the storage capacity of the on-chain data.
In a first aspect, the present invention provides a method for representing a medical image chain, which is applied to a medical image production end and each accounting node of a block chain, and includes:
generating an identification random number, and generating a unique medical image identification according to the medical image information and the identification random number;
generating a medical image initial encryption key according to the node private key and the medical image unique identifier;
generating a first hash chain according to the initial key;
obtaining a measurement matrix according to the first hash chain;
compressing and measuring the sparse representation matrix of the plaintext image through the measurement matrix to obtain a measurement result matrix, then performing inverse hash chain operation on the measurement result matrix to obtain a hash value of the measurement result matrix, packaging the hash value of the measurement result matrix, the medical image information and the node signature into blocks, and performing whole-network broadcasting;
according to the block data, after the signature is verified, each node carries out local storage, and after the whole network consensus is achieved, the block data is written into a block chain.
In a second aspect, the present invention provides a method for storing a safety margin under a chain, which is applied to a medical image production end, and includes:
generating a second hash chain according to the initial key corresponding to the ciphertext image;
obtaining encryption matrixes according to the second hash chains respectively;
obtaining an encrypted image matrix according to the measurement result matrix and the encryption matrix, wherein the encrypted image matrix corresponds to a ciphertext image;
storing the encrypted image matrix, the image information and the identification random number into a local storage space to realize the safe storage of the lower edge of the medical image chain;
in a third aspect, the present invention provides a dual mapping method for on-chain representation and off-chain safe edge storage of medical images, including:
searching a corresponding identification random number according to the medical image information in the image request, and recovering an image unique identification through the image information and the identification random number;
restoring an image initial encryption key according to the node private key and the image unique identifier; after the request node recovers the measurement result matrix through the image initial encryption key, the hash value of the measurement result matrix is obtained through the operation of an inverse hash chain;
comparing the hash value of the measurement result matrix with block data in a block chain;
drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of a medical image sharing platform architecture according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a process of handling processing of uplink and local storage of medical images according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an operation of an inverse hash chain according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a medical image data representation uplink process according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a process of locally storing medical image data according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating a medical image data requesting process according to an embodiment of the present invention;
FIG. 7 is a drawing of the abstract;
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," and the like in the description and in the claims, and in the drawings described above, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
It should be understood that, in the various embodiments of the present application, the size of the serial number of each process does not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
It should be understood that, in this application, "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in this application, "B corresponding to A" means that B is associated with A, from which B can be determined. Determining B from a does not mean determining B from a alone, but may be determined from a and/or other information. And the matching of A and B means that the similarity of A and B is greater than or equal to a preset threshold value.
As used herein, "if" may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Medical image sharing platform system constitution
As shown in fig. 1, the whole system is divided into two parts: block chains and end-to-end applications. The two are connected through a service provider.
1) Block chain part
The alliance chain is adopted as a system prototype, and all system participants (namely all cooperative hospitals) provide service nodes locally to serve as accounting nodes and have functions of accounting request and query. There are three types of nodes in the whole blockchain system: the device comprises an identification distribution server, a consensus node and a storage node.
Identification distribution server (IDDC): the system can be a single server or a server cluster (single point failure prevention) and is used for auditing a chaining request, generating a random and unique identifier for a node (namely a cooperative hospital) newly added into the blockchain system and storing the random and unique identifier into the blockchain;
and (3) consensus nodes: the system is composed of service nodes provided by all participants, is responsible for maintaining the consistency of data, and realizes the non-falsification and the non-forgery of the data in a decentralized system through a consensus algorithm;
a storage node: in order to improve the consensus efficiency, all the participant nodes do not need to participate in consensus, and the accounting nodes which do not participate in consensus only take charge of the storage of the data after consensus.
2) End-to-end applications
Each cooperative hospital has its own on-end application system, including: the system comprises a service providing end, an application end, an encryption and decryption end, a mapping database and an image storage library.
The service providing end is used as a connecting bridge between the end application and the block chain, and the block chain data query and data write-in are realized by calling an interface provided by the block chain system;
the application end is used as an access port of a medical image management system and a medical image sharing platform of each hospital, and the medical image management system of each hospital realizes the request of the medical images and the sharing of the medical images through the application end;
the encryption and decryption end uses a system to disclose a uniform encryption and decryption algorithm, including public key encryption, symmetric encryption and various Hash algorithms, and is used for realizing signature, asymmetric encryption and decryption, symmetric encryption and decryption, Hash chain generation, inverse Hash chain operation execution and the like;
the mapping database is a local safety database and is used for storing the mapping relation among the medical image local storage address, the medical image identifier and the medical image label;
and the image storage library is a local safe storage space and is used for storing the encrypted medical image data.
3) System construction
Selecting a generator G of a large prime q, q order cyclic group G, G
One-way hash function H: {0,1}*→{0,1}*
Randomly selecting s ∈ Zq *As IDDC key
Calculating P ═ gsAs public key of IDDC
Open system parameters params ═ G, q, G, H, P }
New node joining
The hospital A as a new member, the encryption and decryption end E of the hospital AAMust be selected at random
Figure BDA0003422558000000051
Computing the public key as its own private key
Figure BDA0003422558000000052
Then the IP, the hospital related information and the public key P of the user are combinedAAnd the timestamp T1 is sent to the service provider S after being encrypted by the public key of the IDDSAAnd then sent to IDDS by the service provider
SA→IDDS:{IP,info,PA,T1}PIDDC,T1
② after IDDS receiving, using private key sIDDSDecryption, looking at T first1Whether the trust domain is fresh or not is checked, and after the application information is checked, the trust domain can be generated randomlyTo a unique IDAComputing Hash (ID)A) And with Hash (ID)A) For key, store Hash (ID) in block chainA),PATime, state, where time represents the time of addition of the trust domain and the current state (exit). Then IDDS uses ASAID (identity)AAnd a time stamp T2Encrypted and then sent to ASA
IDDS→SA:{IDA,T2}PA,T2
Thirdly, after receiving the message, the service providing end of the A hospital forwards the message to the encryption and decryption end, and the encryption and decryption end uses the private key to decrypt the data and check the T2Whether it is fresh or not, and then calculating Hash (ID)A) And then, inquiring in the block chain to verify whether the information is correct. After the successful joining, the encryption and decryption end randomly selects a secret key KAAnd kept secret.
(II) processing of medical image data before uplink and local storage
As shown in fig. 2, the processing of medical image data before it is uplinked and stored locally is described.
After a new piece of medical image data is shot by a medical image management system of a hospital, the medical image data is uploaded to a terminal of a medical image sharing platform through an application terminal to be applied, the application terminal obtains basic information and original image data of the medical image according to the submitted data, and then corresponding processing processes are carried out according to the basic information and the original image data of the medical image.
On one hand, according to the basic information of the medical image data, the image label info is extracted, and the format of the image label info is patient name-patient identification number-medical image type-image part-hospital (-number), if there is repeated information, the image label info needs to be distinguished by adding numbers. Then generating a random number r, performing data connection with the image tag, generating a hash value by using a uniform hash algorithm, searching the hash value in a mapping database, and if the hash value does not exist, successfully generating the image tag; and if so, re-selecting the random number, and repeating the process until a unique hash value id is generated to serve as the unique identifier of the medical image.
id=Hash(r||Info)
Performing data connection on the node private key and the unique identifier of the medical image, and then calculating the hash value of the node private key and the unique identifier of the medical image to obtain an initial encryption key of the image, namely
p=Hash(id||pnode)
According to the first iteration times, performing first hash processing on the initial key iteration through a preset first hash function to obtain a first hash chain, wherein the first hash processing is performed once every iteration to obtain a first type of hash sequence, and the first hash chain comprises all elements of the first type of hash sequence;
according to the plaintext image; determining an n × n original image matrix; determining the column number of a measurement matrix as n and the column number of an encryption matrix as 8n according to the column number n of an original image matrix; determining the number of rows of the measurement matrix and the number of rows of the encryption matrix to be m according to a preset compression ratio m/n and the number of rows n of the original image matrix; determining the first iteration times according to the number of rows m and the number of columns n of the measurement matrix and the number of elements of each first hash sequence, so that the number of elements of the first hash chain is greater than or equal to the number of elements m × n of the measurement matrix;
obtaining a measurement result matrix by XOR operation according to the obtained image matrix and the measurement matrix, and then performing inverse hash chain operation on the measurement result matrix (as shown in FIG. 3), from the last element, i.e., (m, n) -th element hm,nBeginning:
when 1 is<=i<=m、1<=j<When n, vi, j are represented by the pair vi,j+1And hi,j+1Obtaining a hash value of the data connection;
when 1 is<=i<When m, j, n, vi,jIs given by the pair vi+1,jAnd hi+1,jObtaining a hash value of the data connection;
when i is m and j is n, vi,jIs equal to hm,nA value of (d);
when i is 0 and j is 0, vi,jIs given by the pair v1,1And h1,1The hash value of the data connection of (1).
V is finally obtained through the operation of an inverse Hash chain0,0I.e. the hash value of the image that we need to solve.
Figure BDA0003422558000000081
Filling the elements in the second hash chain into a matrix according to the preset sequence to generate an mx 8n encryption matrix; wherein the preset sequence is: filling in sequence one by one according to rows or filling in sequence one by one according to columns;
determining the second iteration number according to the number of rows m and the number of columns 8n of the encryption matrix and the number of elements of each second hash sequence, so that the number of elements of the second hash chain is greater than or equal to the number of elements m × 8n of the encryption matrix;
and after the encryption matrix is obtained, obtaining the encryption result matrix through the encryption matrix and the measurement result matrix through XOR operation.
(II) medical image data cochain
As shown in fig. 4, the medical image data representation winding process is described. The data processing of the second step obtains an image hash value v0,0, and v is processed0,0Packing with medical image label info, node signature and time stamp to obtain (v)0,0Info, sig-node, timestamp) to broadcast the group of data to each node in the blockchain system, i.e., the node in the blockchain system
node1→node:(v0,0,Info,sig-node1,timestamp)
And then broadcasting to all nodes, and after receiving the broadcast and verifying the signature, the accounting node performs local storage. When the data amount reaches the block highest limit or the block waiting time is overtime, the data consensus is initiated. Each accounting node broadcasts the synchronization information for accounting the block data to all other accounting nodes, and when the accounting node receives more than 2/3 valid synchronization information, the accounting of the block data is completed and written into the block chain.
The data written into the block chain is only the hash value of the medical image, the data volume of the data is very low, but the hash value of the medical image is a unique identifier corresponding to the medical image due to the fact that a uniform hash calculation function is specified, the hash value can be used as a data representation of the medical image in the block chain, and meanwhile, the existence and the non-forgery-proof of the medical image are provided.
(IV) safe storage of lower edge of medical image information chain
As shown in fig. 5, after the data processing in the second step, an encrypted image is obtained, and the encryption/decryption end stores the obtained encrypted image in the image repository and records a specific storage address thereof. And then storing the storage address of the encrypted medical image data, the medical image label and the mapping relation of the medical image identification into a mapping database, wherein the main key and the index are all the medical image labels.
For one piece of medical image data, the mapping database only stores one piece of mapping data, so that the storage requirement is low, but the safety requirement is high; however, the image repository needs a completely stored encrypted image and a large storage space, but the security requirement is low because the image itself belongs to encrypted data and cannot be obtained even if the image is lost without a decryption key.
(V) medical image secure sharing (two-way mapping)
As shown in fig. 6, a process of medical image sharing is described.
For the medical image data requesting party, a sharing request is first initiated from the medical image management system of the hospital itself through the application end of the medical image sharing platform. The application end extracts the medical image label from the sharing request, then sends the medical image label to the service providing end, the service providing end initiates data query to the block chain system, and if the medical image label exists in the block chain and the data is valid, the application end returns the relevant information (including hospital name, IP address and the like) of the medical image uploading hospital to the service providing end; if the data does not exist, the application end returns error information to the medical image management system to prompt that the data does not exist.
After the relevant information of the medical image uploading hospital is obtained, the service providing terminal initiates a sharing request to the hospital, and sends the self information, the label of the requested medical image, the signature and the timestamp to the other side, namely, the medical image uploading hospital obtains the relevant information, and the service providing terminal sends the sharing request to the hospital, namely, the self information, the label of the requested medical image, the signature and the timestamp are sent to the other side
REQ→RES:{node-Info,image-Info,sig-node,timestamp}
After the requested party verifies the signature, the service providing end sends the medical image label to the encryption and decryption end, the encryption and decryption end inquires in the mapping database, and if the medical image label exists in the mapping database, the mapping data of the image storage address-image label is taken out; if not, an error message is returned.
After the encryption and decryption end obtains the image storage address-image label-image identification, the initial encryption key of the image is calculated through the image identification id and the private key, namely
p=Hash(id||pnode)
Then, the encrypted image data is fetched from the image storage library by the image storage address.
The encryption end uses the public key of the requester to encrypt the image initial encryption key and the encrypted image data, attaches the signature and the timestamp of the encryption end, sends the response data to the service provider, and then sends the response data to the requester by the service provider:
Figure BDA0003422558000000101
and after the service providing end of the requester receives the response, the service providing end forwards the response data to the encryption and decryption end, the encryption and decryption end firstly verifies the validity of the signature and the timestamp, after the verification is passed, the private key is used for decrypting to obtain an initial image encryption key and an encrypted image, the initial encryption key is used for obtaining a first hash chain and a second hash chain according to a preset hash algorithm, and then a measurement matrix and an encryption matrix are obtained. Recovering a measurement result matrix according to the encrypted image and the encrypted matrix, then performing inverse hash chain operation on the measurement result matrix, calculating an image hash value of the medical image, then sending the hash value to a service provider, inquiring in a block chain by the service provider, and returning error information if the data does not exist or is invalid or the image tags do not conform to each other, wherein the medical image data sharing fails; if the data exists and is valid and is consistent with the corresponding image label, the validity of the medical image is successfully verified. And then the encryption and decryption end recovers the medical image data according to the measurement matrix and the measurement result matrix, sends the medical image data to the application end, and forwards the medical image data to a medical image management system of the hospital by the application end, thereby completing the sharing of the medical image.
The invention is not the best known technology.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and the purpose thereof is to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the protection scope of the present invention. All equivalent changes and modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (8)

1. A bidirectional mapping method of medical image on-chain representation and under-chain safe edge storage based on a block chain technology and a compressed sensing image encryption technology comprises the following steps:
realizing the on-chain representation of the medical image according to the medical image information, the identification random number and the node private key; realizing the down-chain safe edge storage of the medical image according to the measurement result matrix, the encryption matrix, the identification random number and the medical image information;
and realizing bidirectional mapping of on-chain representation and off-chain storage of the medical image information according to the block chain unforgeability and non-falsification query, the measurement result matrix hash value and the medical image information.
2. The apparatus of claim 1, wherein:
generating a medical image unique identifier according to medical image information, generating an image initial encryption key according to a node private key and the medical image information, generating a first Hash chain according to the image initial encryption key, obtaining a measurement matrix, obtaining a measurement result matrix according to the measurement matrix and an original image matrix, performing inverse Hash chain operation on the measurement result matrix to obtain a measurement result matrix Hash value, packaging the measurement result matrix Hash value with medical image information and node signatures into blocks, and performing whole-network broadcasting to realize chain representation of the medical image.
3. The method according to claim 2, wherein generating the unique identifier of the medical image according to the medical image information, and generating the initial encryption key of the image according to the node private key and the unique identifier of the medical image comprises:
the whole medical image sharing platform specifies a uniform format of medical image information: patient name-patient identification number-medical image type-image location-hospital, and ensures that the information is unique throughout the network. Whether medical images are submitted or requested to be obtained, medical image information is provided.
Generating a random number by a node, performing data connection with medical image information, then generating a hash value, searching the hash value in a local identification-encrypted image mapping database, and if the hash value does not exist, successfully generating an image identification; if so, reselecting the random number, and repeating the process until a unique hash value is generated as a unique identifier of the medical image;
and performing data connection on the node private key and the unique medical image identifier, and then performing hash on the node private key to obtain an initial encryption key of the image.
4. The method of claim 2, further characterized in that generating a first hash chain according to the image initial encryption key to obtain a measurement matrix, generating a measurement result matrix according to the measurement matrix and medical image information, and performing an inverse hash chain operation on the measurement result matrix to obtain a measurement result matrix hash value comprises:
according to the first iteration times, performing first hash processing on the initial key iteration through a preset first hash function to obtain a first hash chain, wherein the first hash processing is performed once every iteration to obtain a first type of hash sequence, and the first hash chain comprises all elements of the first type of hash sequence;
according to the plaintext image; determining an n × n original image matrix; determining the column number of a measurement matrix as n and the column number of an encryption matrix as 8n according to the column number n of an original image matrix; determining the number of rows of the measurement matrix and the number of rows of the encryption matrix to be m according to a preset compression ratio m/n and the number of rows n of the original image matrix; determining the first iteration times according to the number of rows m and the number of columns n of the measurement matrix and the number of elements of each first hash sequence, so that the number of elements of the first hash chain is greater than or equal to the number of elements m × n of the measurement matrix;
and after a measurement result matrix of the image is obtained, performing inverse hash chain operation on the measurement result matrix, starting from the last element, namely the (m, n) -th element, performing data connection on the (m, n) -th element and the previous element (m, n-1), then performing hash on the data connection result, performing data connection on the obtained hash value and the (m, n-2) -th element, then performing hash again, and so on until the whole measurement result matrix is converted into a hash value.
5. The method of claim 2, wherein the step of packing the hash value, the medical image information, and the node signature into blocks according to the hash value of the measurement result matrix, broadcasting the blocks to all nodes, and writing the blocks into a block chain after the network-wide consensus is achieved comprises:
and packaging the hash value of the measurement result matrix, the medical image information and the node signature into blocks according to the block data format requirement, broadcasting to all nodes, and locally storing after the accounting node receives the broadcast and verifies the signature. When the data volume reaches the highest block limit or the block waiting time is overtime, data consensus is initiated, namely, the total-network accounting node consensus is achieved according to pbft (using Byzantine consensus protocol), and the block data is stored on each accounting node in a non-tampering mode.
6. The method of claim 1, wherein:
and generating a second hash chain according to the image initial encryption key to obtain an encryption matrix, obtaining an encrypted image matrix according to the encryption matrix and the measurement result matrix, and storing the encrypted image matrix, the image information and the identification random number into a local storage space to realize the safe storage of the lower edge of the medical image chain.
7. The method of claim 6, comprising:
filling the elements in the second hash chain into a matrix according to the preset sequence to generate an mx 8n encryption matrix; wherein the preset sequence is: filling in sequence one by one according to rows or filling in sequence one by one according to columns;
determining the second iteration number according to the number of rows m and the number of columns 8n of the encryption matrix and the number of elements of each second hash sequence, so that the number of elements of the second hash chain is greater than or equal to the number of elements m × 8n of the encryption matrix;
and after the encrypted image matrix is obtained, safely storing the encrypted image matrix-image unique identifier into a local storage space, and destroying the random number identifier and the image initial encryption key used in the encryption process.
8. The method of claim 1, wherein:
searching a corresponding identification random number according to medical image information in the image request, recovering an image unique identification through the image information and the identification random number, and recovering an image initial encryption key through a node private key and the image unique identification; after the request node recovers the measurement result matrix through the secret key, the hash value of the measurement result matrix is obtained through the operation of the inverse hash chain and is compared with the block data in the block chain; this process enables a bi-directional mapping of the on-chain representation to the off-chain storage.
CN202111586514.6A 2021-12-21 2021-12-21 Double-mapping method for medical image on-chain representation and under-chain safe edge storage Pending CN114372294A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111586514.6A CN114372294A (en) 2021-12-21 2021-12-21 Double-mapping method for medical image on-chain representation and under-chain safe edge storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111586514.6A CN114372294A (en) 2021-12-21 2021-12-21 Double-mapping method for medical image on-chain representation and under-chain safe edge storage

Publications (1)

Publication Number Publication Date
CN114372294A true CN114372294A (en) 2022-04-19

Family

ID=81139198

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111586514.6A Pending CN114372294A (en) 2021-12-21 2021-12-21 Double-mapping method for medical image on-chain representation and under-chain safe edge storage

Country Status (1)

Country Link
CN (1) CN114372294A (en)

Similar Documents

Publication Publication Date Title
CN111914027B (en) Block chain transaction keyword searchable encryption method and system
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
CN108123800B (en) Key management method, key management device, computer equipment and storage medium
CN112199649B (en) Anonymous identity verification method under moving edge calculation based on block chain
Guo et al. Outsourced dynamic provable data possession with batch update for secure cloud storage
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
CN111628868A (en) Digital signature generation method and device, computer equipment and storage medium
CN111859348A (en) Identity authentication method and device based on user identification module and block chain technology
Wang et al. A key-sharing based secure deduplication scheme in cloud storage
EP4191498A1 (en) Data communication method and apparatus, computer device, and storage medium
Guo et al. A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing
CN110601815B (en) Block chain data processing method and equipment
CN112163854B (en) Hierarchical public key searchable encryption method and system based on block chain
CN110750796A (en) Encrypted data duplication removing method supporting public audit
CN113094334B (en) Digital service method, device, equipment and storage medium based on distributed storage
CN113014379B (en) Three-party authentication and key agreement method, system and computer storage medium supporting cross-cloud domain data sharing
CN110597836A (en) Information query request response method and device based on block chain network
CN115021903A (en) Electronic medical record sharing method and system based on block chain
CN113347143A (en) Identity authentication method, device, equipment and storage medium
CN113836571B (en) Medical data possession terminal position matching method and system based on cloud and blockchain
WO2022068359A1 (en) Encryption method and apparatus for compressing ciphertext of information, and device and medium
CN111740965B (en) Internet of things equipment authentication method based on physical unclonable equation
CN110224989B (en) Information interaction method and device, computer equipment and readable storage medium
CN109462581B (en) Ciphertext deduplication method capable of resisting continuous attack of violent dictionary adversary
JP3314900B2 (en) Information delivery method and system using zero knowledge proof protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination