CN115712919A - Regional medical data encryption and application method - Google Patents
Regional medical data encryption and application method Download PDFInfo
- Publication number
- CN115712919A CN115712919A CN202211554890.1A CN202211554890A CN115712919A CN 115712919 A CN115712919 A CN 115712919A CN 202211554890 A CN202211554890 A CN 202211554890A CN 115712919 A CN115712919 A CN 115712919A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- secret key
- key
- regional medical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a regional medical data encryption and application method, which solves the problem that the data storage of the traditional regional medical health big data platform is not encrypted or encrypted by using a single secret key or encrypted by using database configuration, and has serious data security problem under the condition of database leakage and secret key leakage, the data in a data center realizes encryption storage and output, the data security is improved, the data security of the platform can be greatly enhanced, a data service middleware encrypts, stores and decrypts the data, all key core data in the data platform center are encrypted ciphertexts, all data output must be output through a middleware service interface, and data encryption algorithms stored by different data sources and different data structures are inconsistent, the storage security is enhanced, a unique output port is ensured, and the problem that confidential and sensitive data are leaked in the data leakage, data guy and data sharing process is solved.
Description
Technical Field
The invention relates to the field of regional medical and health big data platforms, in particular to a regional medical data encryption and application method.
Background
The data center of the regional medical and health big data platform comprises all clinical medical data records in a region, the data belong to confidential and sensitive data, the data center basically belongs to plaintext storage at present, and once database leakage occurs, the data are extremely bad, and the regional medical and health big data platform has the current situations of large data quantity, sensitive data, high sharing degree and the like. Therefore, the regional medical data encryption and application method is improved, a set of data encryption method is provided according to the actual construction and application conditions of the regional data center aiming at the problems, the bottom layer encryption storage and the unified output of the key data of the data center are realized, the data safety is maintained, and the platform construction is supported.
Disclosure of Invention
The invention aims to: in order to solve the problems of the prior art, the invention provides the following technical scheme: a regional medical data encryption and application method comprises the following steps: the regional medical data are encrypted, according to various main information of data acquisition, including unique source identification, a data structure table and field identification as a secret key source, a special secret key of the regional medical data is acquired, the middleware uses the secret key to encrypt the data in a national secret, the secret key needs to be subjected to confusion conversion in the process of using the secret key, the secret key used actually is ensured to be invisible, the encrypted data are stored by covering the original plaintext data after encryption, the data stored in a data center are ensured to be unidentifiable encrypted data, and the data stored in the data center with the same content are different under different data sources;
step two: the regional medical data is applied to data, if the regional medical data needs organization department data according to data sharing requirements, a private decryption secret key is obtained according to a secret key source of the needed data, the middleware uses the secret key to decrypt the data, the secret key needs to be subjected to confusion conversion in the process of using the secret key, the fact that the secret key used actually is invisible is guaranteed, and data output is carried out on the original plaintext data in a service or other form after decryption.
As a preferred technical scheme of the present invention, in the first step, data is encrypted by an encryption algorithm according to the key information during the data acquisition process, and the encrypted data is encrypted and stored.
As a preferable technical solution of the present invention, in the second step, a result of performing data decryption based on the key information is output based on the key associated with the output data information.
As a preferred technical scheme of the invention, the data encrypted and stored by the data encryption result in the step three is stored in the data center for data storage and is transmitted to the data application through the data center.
As a preferred technical scheme of the present invention, in the first step, a data key is established for each individual unit from which data is collected, and the medical institution data may use a medical institution code, a data table name, and a field name as a key source.
As a preferred technical scheme of the present invention, the key source generates a unique key and randomizes the key by using a random algorithm, and the data encryption algorithm uses a cryptographic algorithm SM4.
As the preferred technical scheme of the invention, the four steps are used for encrypting, storing, decrypting and outputting data through the data service middleware.
As a preferred technical solution of the present invention, in the fourth step, the data middleware encrypts data according to a key source or decrypts and outputs data according to an encryption source.
As a preferred technical scheme of the invention, all key core data in the data platform center in the step five are encrypted ciphertexts, and all data output must be output through a middleware service interface.
As the preferable technical scheme of the invention, the data encryption algorithms stored by different data sources and different data structures in the step five are all inconsistent, so that the storage safety is enhanced and a unique output port is ensured.
Compared with the prior art, the invention has the following beneficial effects:
in the scheme of the invention:
1. the data security of the platform is greatly enhanced by completely realizing encryption storage and output of data center data, improving the data security and greatly improving the data security;
2. data are encrypted, stored and decrypted and output through the data service middleware, the data service middleware can encrypt data according to the secret key source and decrypt and output the data according to the encryption source, and secret key leakage cannot be involved in data writing and output processes. After data processing is carried out by the method, all key core data in a data platform center are encrypted ciphertexts, all data output must be output through a middleware service interface, data encryption algorithms stored by different data sources and different data structures are inconsistent, a unique output port is ensured while storage safety is enhanced, and the problem of leakage of confidential and sensitive data in the processes of data leakage, data lasso and data sharing is solved.
Description of the drawings:
fig. 1 is a flow chart of data encryption and application provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings. It is clear that the described embodiment is a specific implementation of the invention and is not limited to all embodiments.
Thus, the following detailed description of the embodiments of the invention is not intended to limit the scope of the invention as claimed, but is merely representative of some embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features and aspects of the embodiments of the present invention may be combined with each other without conflict, and it should be noted that like reference numerals and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Example 1: referring to fig. 1, a method for encrypting and applying regional medical data includes the following steps: the regional medical data are encrypted, according to various main information of data acquisition, including unique source identification, a data structure table and field identification, as a secret key source, a special secret key of the regional medical data is obtained, the middleware uses the secret key to encrypt the data in a national secret manner, the secret key needs to be subjected to confusion conversion in the secret key using process, the secret key which is actually used is ensured not to be visible, the encrypted data is stored by covering the original plaintext data after encryption, the data stored in the data center is ensured to be unidentifiable encrypted data, and the data stored in the data center with the same content are different under different data sources;
step two: the regional medical data is applied to data, if the regional medical data needs organization department data according to data sharing requirements, a private decryption secret key is obtained according to a secret key source of the needed data, the middleware uses the secret key to decrypt the data, the secret key needs to be subjected to confusion conversion in the process of using the secret key, the fact that the secret key used actually is invisible is guaranteed, and data output is carried out on the original plaintext data in a service or other form after decryption.
And in the first step, data encryption is carried out according to the encryption algorithm in the process of acquiring the data according to the secret key information, and the data encryption result is encrypted and stored after encryption.
And in the second step, the data decryption result is output according to the key information when the output data information is associated with the key.
And step three, storing the data encrypted and stored by the data encryption result into a data center for data storage, and transmitting the data to data application through the data center.
In the first step, a data secret key is established for each individual unit of the data acquisition data source, and the medical institution data can use a medical institution code, a data table name and a field name as a secret key source. The secret key source generates a unique secret key and conducts random algorithm scrambling on the secret key, and the data encryption algorithm adopts a national secret key algorithm SM4.
And fourthly, encrypting, storing, decrypting and outputting the data through the data service middleware. And in the fourth step, the data middleware encrypts data according to the secret key source or decrypts and outputs the data according to the encryption source.
And fifthly, all key core data in the data platform center are encrypted ciphertexts, and all data output must be output through a middleware service interface. And in the fifth step, the data encryption algorithms stored by different data sources and different data structures are all inconsistent, so that the storage safety is enhanced and the only output port is ensured.
The working principle is as follows: in the using process of the system, a data secret key is established for each individual unit of a data source of a regional medical and health big data platform, for example, medical institution data available medical institution codes, data table names and field names are used as secret key sources, the secret key sources are used for generating unique secret keys and scrambling the secret keys by a random algorithm, and the data encryption algorithm can adopt a state secret algorithm SM4 and the like. On the basis, data are encrypted, stored and decrypted and output through the data service middleware, the data middleware can encrypt the data according to the secret key source and decrypt and output the data according to the encryption source, and secret key leakage cannot be involved in data writing and output processes. After data processing is carried out by the method, all key core data in a data platform center are encrypted ciphertexts, all data output must be output through a middleware service interface, and data encryption algorithms stored by different data sources and different data structures are inconsistent, so that the storage safety is enhanced, a unique output port is ensured, and the problem of leakage of confidential and sensitive data in the processes of data leakage, data lasso and data sharing is solved.
The above embodiments are only used for illustrating the invention and not for limiting the technical solutions described in the invention, and although the present invention has been described in detail in the present specification with reference to the above embodiments, the present invention is not limited to the above embodiments, and therefore, any modification or equivalent replacement of the present invention is made; all such modifications and variations are intended to be included herein within the scope of this disclosure and the appended claims.
Claims (10)
1. A regional medical data encryption and application method is characterized by comprising the following steps:
the method comprises the following steps: the regional medical data are encrypted, according to various main information of data acquisition, including unique source identification, a data structure table and field identification, as a secret key source, a special secret key of the regional medical data is obtained, the middleware uses the secret key to encrypt the data in a national secret manner, the secret key needs to be subjected to confusion conversion in the secret key using process, the secret key which is actually used is ensured not to be visible, the encrypted data is stored by covering the original plaintext data after encryption, the data stored in the data center is ensured to be unidentifiable encrypted data, and the data stored in the data center with the same content are different under different data sources;
step two: the regional medical data is applied to data, if the regional medical data needs organization department data according to data sharing requirements, a private decryption secret key is obtained according to a secret key source of the needed data, the middleware uses the secret key to decrypt the data, the secret key needs to be subjected to confusion conversion in the process of using the secret key, the fact that the secret key used actually is invisible is guaranteed, and data output is carried out on the original plaintext data in a service or other form after decryption.
2. The regional medical data encryption and application method according to claim 1, wherein in the first step, data encryption is performed according to an encryption algorithm based on key information during data acquisition, and after encryption, data encryption results are encrypted and stored.
3. The regional medical data encryption and application method according to claim 2, wherein in the second step, the data decryption result is output according to the key information when the key associated with the output data information is used for data decryption.
4. The regional medical data encryption and application method according to claim 3, wherein the data encrypted and stored as a result of the data encryption in the third step is stored in a data center for data storage and transmitted to a data application through the data center.
5. The regional medical data encryption and application method according to claim 4, wherein in the first step, a data key is established for each individual unit of the data acquisition data source, and medical institution data can use a medical institution code, a data table name and a field name as key sources.
6. The regional medical data encryption and application method according to claim 5, wherein the key source generates a unique key and randomizes the key, and the data encryption algorithm adopts the SM4 cryptographic algorithm.
7. The regional medical data encryption and application method according to claim 6, wherein step four is to encrypt, store and decrypt data through data service middleware.
8. The regional medical data encryption and application method according to claim 7, wherein the data middleware in the fourth step encrypts data according to a key source or decrypts data according to an encryption source and outputs the encrypted data.
9. The method for encrypting and applying regional medical data according to claim 8, wherein all key core data in the data platform center in the step five is encrypted ciphertext, and all data output must be output through a middleware service interface.
10. The regional medical data encryption and application method according to claim 9, wherein in the fifth step, data encryption algorithms stored by different data sources and different data structures are all inconsistent, so that storage security is enhanced and a unique output port is ensured.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211554890.1A CN115712919A (en) | 2022-12-06 | 2022-12-06 | Regional medical data encryption and application method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211554890.1A CN115712919A (en) | 2022-12-06 | 2022-12-06 | Regional medical data encryption and application method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115712919A true CN115712919A (en) | 2023-02-24 |
Family
ID=85235682
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211554890.1A Pending CN115712919A (en) | 2022-12-06 | 2022-12-06 | Regional medical data encryption and application method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115712919A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117278986A (en) * | 2023-11-23 | 2023-12-22 | 浙江小遛信息科技有限公司 | Data processing method and data processing equipment for sharing travel |
-
2022
- 2022-12-06 CN CN202211554890.1A patent/CN115712919A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117278986A (en) * | 2023-11-23 | 2023-12-22 | 浙江小遛信息科技有限公司 | Data processing method and data processing equipment for sharing travel |
CN117278986B (en) * | 2023-11-23 | 2024-03-15 | 浙江小遛信息科技有限公司 | Data processing method and data processing equipment for sharing travel |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11818262B2 (en) | Method and system for one-to-many symmetric cryptography and a network employing the same | |
US7596222B2 (en) | Encrypting data for access by multiple users | |
CN102624522B (en) | A kind of key encryption method based on file attribute | |
CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
US11308241B2 (en) | Security data generation based upon software unreadable registers | |
US6640303B1 (en) | System and method for encryption using transparent keys | |
CN104410493A (en) | Secure data storage method and secure data read method based on distributed system infrastructure | |
WO2018152618A1 (en) | Symmetric cryptographic method and system and applications thereof | |
CN111262852B (en) | Business card signing and issuing method and system based on block chain | |
CN114205090B (en) | Safe file sharing method and system based on cryptographic algorithm | |
CN115712919A (en) | Regional medical data encryption and application method | |
US20210320795A1 (en) | A method and system for securing data | |
WO2017126571A1 (en) | Ciphertext management method, ciphertext management device, and program | |
Veeraragavan et al. | Enhanced encryption algorithm (EEA) for protecting users' credentials in public cloud | |
CN110493259A (en) | A kind of encrypting and deciphering system and method ensureing cloud electronic data security | |
CN104320248A (en) | Method and system for inter-system secret key synchronization | |
CN111010386B (en) | Privacy protection and data supervision control method based on shared account book | |
CN114095161A (en) | Identity base pierceable encryption method supporting equality test | |
CN103746793A (en) | Number form text encryption and decryption methods | |
CN110351084B (en) | Secret processing method for urban basic mapping data | |
CN114567436B (en) | Biological characteristic data security access control method | |
CN113282913A (en) | Password replacement method and device | |
Manikandan et al. | A Tree Structure Based Key Generation Technique for Data Security Enhancement | |
CN117061091A (en) | Confidentiality method for SM 4-based important data transmission in distributed cloud scene | |
CN115225400A (en) | Data encryption method convenient for retail system client |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |