CN116403671A - Data risk identification method applied to medical scene - Google Patents

Data risk identification method applied to medical scene Download PDF

Info

Publication number
CN116403671A
CN116403671A CN202310673161.6A CN202310673161A CN116403671A CN 116403671 A CN116403671 A CN 116403671A CN 202310673161 A CN202310673161 A CN 202310673161A CN 116403671 A CN116403671 A CN 116403671A
Authority
CN
China
Prior art keywords
node
data
nodes
medical treatment
storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310673161.6A
Other languages
Chinese (zh)
Other versions
CN116403671B (en
Inventor
陈红
程丽薇
陈园
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renmin Hospital of Wuhan University
Original Assignee
Renmin Hospital of Wuhan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renmin Hospital of Wuhan University filed Critical Renmin Hospital of Wuhan University
Priority to CN202310673161.6A priority Critical patent/CN116403671B/en
Publication of CN116403671A publication Critical patent/CN116403671A/en
Application granted granted Critical
Publication of CN116403671B publication Critical patent/CN116403671B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A90/00Technologies having an indirect contribution to adaptation to climate change
    • Y02A90/10Information and communication technologies [ICT] supporting adaptation to climate change, e.g. for weather forecasting or climate simulation

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Medical Informatics (AREA)
  • Human Computer Interaction (AREA)
  • Bioethics (AREA)
  • Primary Health Care (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Public Health (AREA)
  • Epidemiology (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

The invention relates to a data risk identification method applied to a medical scene, which comprises the following steps: determining the number of nodes for storing medical treatment data according to a request instruction, when the number of nodes is 1, locking the node for storing the medical treatment data as a single node, judging whether the medical treatment data can be sent to a requester according to the safety coefficient value of the single node and the characteristic identification of the requester for initiating the request instruction, when the number of nodes is greater than 1, determining all nodes comprising the medical treatment data to obtain a node set, ordering each node in the node set according to the priority of the node to obtain a node stream, and selecting a response server for extracting the medical treatment data of the node stream, wherein the safety level of the response server is highest, and extracting the medical treatment data from the node stream by utilizing the response server.

Description

Data risk identification method applied to medical scene
Technical Field
The invention relates to the technical field of safety protection of medical data, in particular to a data risk identification method applied to medical scenes.
Background
The medical treatment data is put into use as early as the end of 20 th century, is stored in a computer, records the processes of occurrence, development and treatment prognosis of personal or social diseases, and has high medical value. As such, medical visit data has been a major goal of information theft. Along with the rapid development of the Internet, the medical treatment data of the internal network of the hospital gradually goes to the public network, however, the information security protection of the medical industry starts later, and the accident of the leakage of the medical treatment data is endless.
In order to improve the safety of medical treatment data, a method commonly used at present is to construct a blockchain based on the medical treatment data by using a blockchain technology, namely a plurality of nodes cooperatively control the medical treatment data.
The blockchain-based medical treatment data management can effectively improve the safety and identify the operation with the safety threat, but does not consider whether a requester requesting to acquire the medical data has the request qualification, so that the phenomenon of stealing requester information to acquire the medical data frequently occurs.
Disclosure of Invention
The invention provides a data risk identification method applied to medical scenes, which mainly aims to improve the safety of acquiring medical treatment data.
In order to achieve the above object, the present invention provides a data risk identification method applied in a medical scene, including:
receiving a request instruction of medical treatment data, wherein the medical treatment data is pre-stored in one or more nodes of a blockchain;
determining the number of nodes for storing the medical treatment data according to the request instruction, and locking the node for storing the medical treatment data as a single node when the number of nodes is 1;
according to the history storage record of the single node, calculating to obtain the safety coefficient value of the single node, and rejecting the request instruction when the safety coefficient value of the single node is smaller than or equal to a preset safety threshold value;
when the safety coefficient value of the single node is larger than the safety threshold value, calculating to obtain the characteristic identification of the requester initiating the request instruction;
verifying the validity of the requester based on the feature identifier, rejecting the request instruction when the requester is illegal, and extracting medical treatment data from a single node and sending the medical treatment data to the requester when the requester is legal;
when the node number is greater than 1, determining all nodes comprising medical treatment data to obtain a node set;
sequencing each node in the node set according to the node priority to obtain a node stream;
and selecting a response server for extracting the medical treatment data of the node flow, wherein the security level of the response server is highest, and extracting the medical treatment data from the node flow by using the response server.
Optionally, the calculating, according to the history of the single node, a security coefficient value of the single node includes:
receiving a calculation expiration date for calculating the security coefficient value of the single node, and acquiring a storage record of each historically stored data of the single node according to the calculation expiration date, wherein the storage result of each storage record comprises a successful storage data and a failed storage data, and when each storage result of the successful storage data or the failed storage data is recorded, whether other nodes of the block chain agree to execute the storage operation of the single node or not is recorded, wherein the opinion comprises agreement to execute the storage operation and disagreement to execute the storage operation;
counting the number of nodes which are agreed to execute the storage operation by other nodes of the blockchain when the storage data is successful, obtaining the number of nodes success, and counting the number of nodes which are not agreed to execute the storage operation by other nodes of the blockchain when the storage data is failed, obtaining the number of nodes failure;
and calculating the security coefficient value of the single node according to the node success number and the node failure number.
Optionally, the calculating, according to the node success number and the node failure number, a security coefficient value of a single node includes:
the security coefficient value of the single node is calculated according to the following formula:
Figure SMS_1
wherein ,
Figure SMS_3
security coefficient value representing a single node,>
Figure SMS_5
representing the storage result as the number of successful storage data, < >>
Figure SMS_7
Representing the storage result as the number of storage data failures, < >>
Figure SMS_4
Indicate->
Figure SMS_6
Node success number when stripe storage data is successful, +.>
Figure SMS_8
Indicate->
Figure SMS_10
The number of node failures when the stripe fails to store data, +.>
Figure SMS_2
Indicate->
Figure SMS_9
Total number of nodes involved when bar storage data is successful, < >>
Figure SMS_11
Indicate->
Figure SMS_12
Stripe storage data failureTotal number of nodes involved.
Optionally, the rejecting the request instruction includes:
generating a forced transfer instruction of medical treatment data, and extracting the medical treatment data stored in a single node according to the forced transfer instruction;
when medical treatment data stored in a single node are successfully extracted, a storage result of successful storage data is generated in a history storage record of the single node, and the number of successful nodes corresponding to the storage result is the number of all nodes of the blockchain;
the method comprises the steps of restoring the storage results of all node numbers with the node success number being the blockchain to a historical storage record of a single node, generating a security mechanism upgrading instruction of the single node to a node manager after the restoring operation is completed, and simultaneously storing the extracted medical treatment data to other nodes of the blockchain, wherein the other nodes are different from the single node;
and when the extracted medical treatment data is successfully stored in other nodes of the blockchain, rejecting the request instruction, and initiating a reminding instruction to a requester of the request instruction while rejecting the request instruction, wherein the reminding instruction comprises reminding the requester to reinitiate the request instruction.
Optionally, the calculating obtains the characteristic identifier of the requester who initiates the request instruction, including:
the intelligent gateway and the hardware device where the applicant is located are started, wherein the hardware device comprises a face collector and a fingerprint collector;
collecting the face and the fingerprint of the request person by using the face collector and the fingerprint collector to obtain the request face and the request fingerprint;
acquiring gateway parameters of the intelligent gateway and receiving a password input to the intelligent gateway by a requester;
and calculating according to the request face, the request fingerprint, the gateway parameters and the password to obtain the characteristic identification of the request person.
Optionally, the calculating according to the face, the request fingerprint, the gateway parameter and the password to obtain the feature identifier of the requester includes:
calculating to obtain the characteristic identification of the applicant according to the following formula:
Figure SMS_13
wherein ,
Figure SMS_15
representing the requestor +.>
Figure SMS_19
Is characterized by->
Figure SMS_24
Representing the requestor +.>
Figure SMS_17
Password of->
Figure SMS_20
Represents the IP address where the single node is located, +.>
Figure SMS_23
Representing the requestor +.>
Figure SMS_26
Is to request face, is to be strapped with>
Figure SMS_14
Representing the requestor +.>
Figure SMS_18
Wherein>
Figure SMS_22
and />
Figure SMS_25
Are composed of matrix data in two-dimensional form, +.>
Figure SMS_16
Indicate->
Figure SMS_21
Personal intelligenceGateway parameters of gateway, ">
Figure SMS_27
Representing exclusive OR operation, ++>
Figure SMS_28
Representing a string concatenation operation.
Optionally, the verifying the validity of the applicant based on the feature identifier includes:
transmitting the characteristic identification into a blockchain, wherein the blockchain further comprises a verification node;
after the feature identification is successfully sent to the blockchain, automatically triggering the verification node;
the verification node is utilized to acquire the sender address of the feature identifier, and the sender address is requested to acquire the password of the requester;
comparing the password pre-stored in the blockchain of the requester after the password of the requester is obtained, and judging that the requester is illegal when the obtained password is different from the password pre-stored in the blockchain;
when the obtained password is the same as the password pre-stored in the blockchain, re-acquiring the face and the fingerprint of the requesting person to obtain the verification face and the verification fingerprint;
obtaining the verification identification of the requester based on the verification face, the verification fingerprint, the gateway parameters and the password calculation;
judging whether the errors of the verification mark and the characteristic mark are smaller than a preset error threshold value, and judging that the requester is legal when the errors of the verification mark and the characteristic mark are smaller than the error threshold value;
and judging that the requester is illegal when the error between the verification mark and the characteristic mark is larger than or equal to an error threshold value.
Optionally, the sorting is performed on each node in the node set according to the node priority, so as to obtain a node flow, including:
measuring the flow value required to be consumed by each node in unit time;
calculating the consumed time of each node in the node flow when responding to a task by utilizing a pre-constructed virtual machine;
and sequencing the priority of the nodes according to the length of the consumed time to obtain a node stream, wherein the nodes in the node stream gradually reduce the consumed time when responding to a task from left to right.
Optionally, the calculating, by using the pre-built virtual machine, the time consumed by each node in the node stream when responding to a task includes:
the time spent is calculated according to the following formula:
Figure SMS_29
wherein ,
Figure SMS_30
indicate->
Figure SMS_34
The individual node is at->
Figure SMS_35
Time consumption calculated on the individual virtual machines, < >>
Figure SMS_31
Weight of formula for time consuming calculation>
Figure SMS_33
Indicate->
Figure SMS_36
In the process of responding to the task, the flow value required to be consumed in unit time of each node is +.>
Figure SMS_37
Indicate->
Figure SMS_32
The software and hardware level quantization values of the virtual machines.
Optionally, the selecting a response server for extracting medical treatment data of the node stream includes:
determining all response servers that can serve medical visit data of the extracted node stream;
sequentially acquiring hardware parameters and software parameters of each response server, wherein the hardware parameters comprise CPU frequency and memory, and the software parameters comprise bandwidth values and power consumption values;
removing response servers which do not meet the extraction of the medical treatment data according to the hardware parameters and the software parameters;
and selecting the response server with the lowest number of times of server crashes in the history record from the rest response servers, wherein the security level of the response server is highest.
In order to solve the problems described in the background art, the embodiment of the invention firstly receives a request instruction of medical treatment data, wherein the medical treatment data is stored in one or more nodes of a blockchain in advance, and the node number for storing the medical treatment data is determined according to the request instruction. Importantly, the essential difference between the embodiment of the invention and the traditional method is that instead of directly extracting the medical treatment data in response to the request instruction of the medical treatment data, the node number storing the medical treatment data is determined first, so that only 1 node stores the medical treatment data, and a plurality of nodes store the medical treatment data separately, and the essential difference is that the medical treatment data is extracted. Therefore, when the node number is 1, the node for storing the medical treatment data is locked to be a single node, and the safety coefficient value of the single node and the characteristic identification of the requester are obtained through calculation, and the safety of the node and the requester is repeatedly verified, so that the safety of the extracted medical treatment data is ensured. In addition, when the number of nodes is greater than 1, all nodes comprising medical treatment data are determined to obtain a node set, and each node is sequenced according to the priority of the node to obtain a node stream, wherein the function of the node stream is to optimize the extraction time of the extracted medical treatment data and prevent the leakage of the medical treatment data caused by overlong extracted medical treatment data. Therefore, the data risk identification method applied to the medical scene can improve the safety of acquiring the medical treatment data.
Drawings
Fig. 1 is a flow chart of a data risk identification method applied in a medical scenario according to an embodiment of the present invention;
the achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, a flow chart of a data risk identification method applied in a medical scene according to an embodiment of the invention is shown. In this embodiment, the data risk identification method applied in a medical scene includes:
s1, receiving a request instruction of medical treatment data, wherein the medical treatment data is stored in one or more nodes of a blockchain in advance.
It should be noted that the request instruction is generally issued by medical related demanding personnel, such as scientific researchers, doctors in hospitals or related patients. Illustratively, a scientific research staff engaged in a hospital of the small Zhang Wei, the hospital hopes that the small sheet can put forward a more reasonable medication scheme aiming at thyroid medication, and the small sheet firstly wants to acquire all medical treatment data about thyroid in the hospital, so as to initiate a request instruction of the thyroid medical treatment data.
It should be explained that the medical visit data is stored in advance in one or more nodes of the blockchain according to the size of the medical visit data.
S2, determining the number of nodes for storing the medical treatment data according to the request instruction, and locking the node for storing the medical treatment data as a single node when the number of nodes is 1.
Illustratively, as described above for the small Zhang Xiangyao, thyroid visit data is acquired and the hospital's thyroid visit data is found to be of a small data volume, so all of the thyroid visit data is stored in one node in the blockchain, and thus the node is referred to as a single node.
S3, according to the historical storage record of the single node, calculating to obtain the safety coefficient value of the single node, and when the safety coefficient value of the single node is smaller than or equal to a preset safety threshold value, rejecting the request instruction.
In detail, the calculating, according to the history storage record of the single node, the security coefficient value of the single node includes:
receiving a calculation expiration date for calculating the security coefficient value of the single node, and acquiring a storage record of each historically stored data of the single node according to the calculation expiration date, wherein the storage result of each storage record comprises a successful storage data and a failed storage data, and when each storage result of the successful storage data or the failed storage data is recorded, whether other nodes of the block chain agree to execute the storage operation of the single node or not is recorded, wherein the opinion comprises agreement to execute the storage operation and disagreement to execute the storage operation;
counting the number of nodes which are agreed to execute the storage operation by other nodes of the blockchain when the storage data is successful, obtaining the number of nodes success, and counting the number of nodes which are not agreed to execute the storage operation by other nodes of the blockchain when the storage data is failed, obtaining the number of nodes failure;
and calculating the security coefficient value of the single node according to the node success number and the node failure number.
For example, assuming that the set calculation deadline is 2023, 2 nd and 10 th, it indicates that all history storage records of a single node are acquired before 2023, 2 nd and 10 th, and 100 storage records are assumed, wherein 90 storage data succeed and 10 storage data fail, so that the number of nodes which agree or disagree to store when each storage data succeed or fails needs to be counted, and the number of node successes or the number of node failures corresponding to each storage data succeed or storage data fail is obtained.
Further, the calculating, according to the node success number and the node failure number, a security coefficient value of a single node includes:
the security coefficient value of the single node is calculated according to the following formula:
Figure SMS_38
wherein ,
Figure SMS_40
security coefficient value representing a single node,>
Figure SMS_43
representing the storage result as the number of successful storage data, < >>
Figure SMS_47
Representing the storage result as the number of storage data failures, < >>
Figure SMS_41
Indicate->
Figure SMS_42
Node success number when stripe storage data is successful, +.>
Figure SMS_46
Indicate->
Figure SMS_48
The number of node failures when the stripe fails to store data, +.>
Figure SMS_39
Indicate->
Figure SMS_44
Total number of nodes involved when bar storage data is successful, < >>
Figure SMS_45
Indicate->
Figure SMS_49
The total number of nodes involved in the failure of the stripe to store data.
According to the calculation, the security coefficient value of the single node can be obtained, and the security coefficient value of the single node is compared with a preset security threshold, when the comparison result is smaller than or equal to the preset security threshold, the security coefficient of the single node is lower, and at the moment, if the data stored in the single node is called again, the risk of data leakage is easy to be caused, so in detail, the request instruction is rejected, and the method comprises the following steps:
generating a forced transfer instruction of medical treatment data, and extracting the medical treatment data stored in a single node according to the forced transfer instruction;
when medical treatment data stored in a single node are successfully extracted, a storage result of successful storage data is generated in a history storage record of the single node, and the number of successful nodes corresponding to the storage result is the number of all nodes of the blockchain;
the method comprises the steps of restoring the storage results of all node numbers with the node success number being the blockchain to a historical storage record of a single node, generating a security mechanism upgrading instruction of the single node to a node manager after the restoring operation is completed, and simultaneously storing the extracted medical treatment data to other nodes of the blockchain, wherein the other nodes are different from the single node;
and when the extracted medical treatment data is successfully stored in other nodes of the blockchain, rejecting the request instruction, and initiating a reminding instruction to a requester of the request instruction while rejecting the request instruction, wherein the reminding instruction comprises reminding the requester to reinitiate the request instruction.
It can be understood that, when the security coefficient value of the single node is smaller than or equal to the security threshold, the embodiment of the invention transfers the medical treatment data stored by the single node to other nodes of the blockchain for security, and in order to improve the storage security of the single node, the embodiment of the invention also initiates a security mechanism upgrade instruction of the single node to the node manager. Further, after the transfer of the medical treatment data is successfully completed, the embodiment of the invention rejects the request instruction and reminds the requester to reinitiate the request instruction so as to acquire the medical treatment data again.
And S4, calculating to obtain the characteristic identification of the requester initiating the request instruction when the security coefficient value of the single node is larger than the security threshold value.
In detail, the calculating obtains the characteristic identifier of the requester who initiates the request instruction, including:
the intelligent gateway and the hardware device where the applicant is located are started, wherein the hardware device comprises a face collector and a fingerprint collector;
collecting the face and the fingerprint of the request person by using the face collector and the fingerprint collector to obtain the request face and the request fingerprint;
acquiring gateway parameters of the intelligent gateway and receiving a password input to the intelligent gateway by a requester;
and calculating according to the request face, the request fingerprint, the gateway parameters and the password to obtain the characteristic identification of the request person.
For example, the small-sized doctor uses the computer of the hospital to request to acquire thyroid gland treatment data in the hospital, so that an intelligent gateway supporting the computer of the hospital to access the internet and hardware equipment with face recognition and fingerprint collection functions are required to be provided.
Further, the gateway parameters of the intelligent gateway include, but are not limited to, a device number of the gateway device, an access permission number, an IP address, etc. And the password input by the applicant to the intelligent gateway can be, but not limited to, the identity card account number of the applicant, the number of the applicant in the hospital, and the like.
In addition, the calculating according to the request face, the request fingerprint, the gateway parameter and the password to obtain the characteristic identifier of the request includes:
calculating to obtain the characteristic identification of the applicant according to the following formula:
Figure SMS_50
wherein ,
Figure SMS_52
representing the requestor +.>
Figure SMS_55
Is characterized by->
Figure SMS_58
Representing the requestor +.>
Figure SMS_54
Password of->
Figure SMS_57
Represents the IP address where the single node is located, +.>
Figure SMS_59
Representing the requestor +.>
Figure SMS_63
Is to request face, is to be strapped with>
Figure SMS_51
Representing the requestor +.>
Figure SMS_56
Wherein>
Figure SMS_61
and />
Figure SMS_64
Are composed of matrix data in two-dimensional form, +.>
Figure SMS_53
Indicate->
Figure SMS_60
Gateway parameters of the individual intelligent gateway,>
Figure SMS_62
representing exclusive OR operation, ++>
Figure SMS_65
Representing a string concatenation operation.
According to the above, the feature identifier having a strict correspondence with the requester can be obtained by the face, the fingerprint, the gateway parameter and the password having the specific identifier.
And S5, verifying the validity of the requester based on the characteristic identifier, refusing the request instruction when the requester is illegal, and extracting medical treatment data from a single node and sending the medical treatment data to the requester when the requester is legal.
In detail, the verifying the validity of the applicant based on the feature identification includes:
transmitting the characteristic identification into a blockchain, wherein the blockchain further comprises a verification node;
after the feature identification is successfully sent to the blockchain, automatically triggering the verification node;
the verification node is utilized to acquire the sender address of the feature identifier, and the sender address is requested to acquire the password of the requester;
comparing the password pre-stored in the blockchain of the requester after the password of the requester is obtained, and judging that the requester is illegal when the obtained password is different from the password pre-stored in the blockchain;
when the obtained password is the same as the password pre-stored in the blockchain, re-acquiring the face and the fingerprint of the requesting person to obtain the verification face and the verification fingerprint;
obtaining the verification identification of the requester based on the verification face, the verification fingerprint, the gateway parameters and the password calculation;
judging whether the errors of the verification mark and the characteristic mark are smaller than a preset error threshold value, and judging that the requester is legal when the errors of the verification mark and the characteristic mark are smaller than the error threshold value;
and judging that the requester is illegal when the error between the verification mark and the characteristic mark is larger than or equal to an error threshold value.
In the embodiment of the invention, in order to prevent someone from maliciously stealing the password of the original requester, after the verification node is started, the password of the requester is acquired through the verification node, and the password of the requester is acquired through a question-answer mode, namely, the secret of the requester is acquired firstly, the secret is transmitted to the requester, and the requester is required to acquire the password of the requester again after the secret is acquired.
Further, when the password comparison is consistent (i.e. the password is passed), the hardware device is started again to acquire the face and the fingerprint of the requester again, and the method aims to prevent the requester from helping the requester to download the data after logging in, so that the risk of data leakage is improved. The generation process of the verification identifier is the same as that of the feature identifier, and is not described in detail herein.
And S6, when the number of the nodes is greater than 1, determining all the nodes comprising the medical treatment data to obtain a node set.
It can be understood that when the number of nodes is greater than 1, it indicates that the medical treatment data needs to be split and stored in different blockchain nodes due to the reasons of improving the security or excessively large data volume of the medical treatment data, so that all the nodes storing the medical treatment data need to be determined first, and a node set is obtained.
In addition, it should be emphasized that when the number of nodes is greater than 1, verification is also performed on the validity of the applicant, where the verification method is the same as the verification method when the number of nodes is equal to 1, and no further description is given here.
And S7, sequencing each node in the node set according to the node priority to obtain a node stream.
It should be explained that, in order to improve the extraction efficiency of subsequently extracting medical treatment data, the embodiment of the present invention needs to perform sorting on a node set, specifically, perform sorting on each node in the node set according to a node priority, to obtain a node stream, including:
measuring the flow value required to be consumed by each node in unit time;
calculating the consumed time of each node in the node flow when responding to a task by utilizing a pre-constructed virtual machine;
and sequencing the priority of the nodes according to the length of the consumed time to obtain a node stream, wherein the nodes in the node stream gradually reduce the consumed time when responding to a task from left to right.
It should be explained that the virtual machine may simulate the consumed time required for each node to respond to a data storage instruction, a data extraction instruction, etc. according to the node attribute information.
Further, the calculating, by using the pre-constructed virtual machine, the time consumed by each node in the node stream when responding to a task includes:
the time spent is calculated according to the following formula:
Figure SMS_66
wherein ,
Figure SMS_69
indicate->
Figure SMS_71
The individual node is at->
Figure SMS_72
Time consumption calculated on the individual virtual machines, < >>
Figure SMS_68
Weight of formula for time consuming calculation>
Figure SMS_70
Indicate->
Figure SMS_73
In the process of responding to the task, the flow value required to be consumed in unit time of each node is +.>
Figure SMS_74
Indicate->
Figure SMS_67
The software and hardware level quantization values of the virtual machines.
From the above description, it is known that by the time consumed for the response task of each node, ordering can be performed for each node in the node set, thereby obtaining the node set.
S8, selecting a response server for extracting the medical treatment data of the node flow, wherein the security level of the response server is highest, and extracting the medical treatment data from the node flow by using the response server.
In an embodiment of the present invention, the selecting a response server for extracting medical treatment data of the node flow includes:
determining all response servers that can serve medical visit data of the extracted node stream;
sequentially acquiring hardware parameters and software parameters of each response server, wherein the hardware parameters comprise CPU frequency and memory, and the software parameters comprise bandwidth values and power consumption values;
removing response servers which do not meet the extraction of the medical treatment data according to the hardware parameters and the software parameters;
and selecting the response server with the lowest number of times of server crashes in the history record from the rest response servers, wherein the security level of the response server is highest.
In summary, the embodiment of the invention improves the security of medical treatment data acquisition from multiple angles of node selection, sorting, server selection and the like.
In order to solve the problems described in the background art, the embodiment of the invention firstly receives a request instruction of medical treatment data, wherein the medical treatment data is stored in one or more nodes of a blockchain in advance, and the node number for storing the medical treatment data is determined according to the request instruction. Importantly, the essential difference between the embodiment of the invention and the traditional method is that instead of directly extracting the medical treatment data in response to the request instruction of the medical treatment data, the node number storing the medical treatment data is determined first, so that only 1 node stores the medical treatment data, and a plurality of nodes store the medical treatment data separately, and the essential difference is that the medical treatment data is extracted. Therefore, when the node number is 1, the node for storing the medical treatment data is locked to be a single node, and the safety coefficient value of the single node and the characteristic identification of the requester are obtained through calculation, and the safety of the node and the requester is repeatedly verified, so that the safety of the extracted medical treatment data is ensured. In addition, when the number of nodes is greater than 1, all nodes comprising medical treatment data are determined to obtain a node set, and each node is sequenced according to the priority of the node to obtain a node stream, wherein the function of the node stream is to optimize the extraction time of the extracted medical treatment data and prevent the leakage of the medical treatment data caused by overlong extracted medical treatment data. Therefore, the data risk identification method applied to the medical scene can improve the safety of acquiring the medical treatment data.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (10)

1. A data risk identification method applied in a medical scene, the method comprising:
receiving a request instruction of medical treatment data, wherein the medical treatment data is pre-stored in one or more nodes of a blockchain;
determining the number of nodes for storing the medical treatment data according to the request instruction, and locking the node for storing the medical treatment data as a single node when the number of nodes is 1;
according to the history storage record of the single node, calculating to obtain the safety coefficient value of the single node, and rejecting the request instruction when the safety coefficient value of the single node is smaller than or equal to a preset safety threshold value;
when the safety coefficient value of the single node is larger than the safety threshold value, calculating to obtain the characteristic identification of the requester initiating the request instruction;
verifying the validity of the requester based on the feature identifier, rejecting the request instruction when the requester is illegal, and extracting medical treatment data from a single node and sending the medical treatment data to the requester when the requester is legal;
when the node number is greater than 1, determining all nodes comprising medical treatment data to obtain a node set;
sequencing each node in the node set according to the node priority to obtain a node stream;
and selecting a response server for extracting the medical treatment data of the node flow, wherein the security level of the response server is highest, and extracting the medical treatment data from the node flow by using the response server.
2. The method for identifying data risk in a medical scenario according to claim 1, wherein the calculating the security coefficient value of the single node according to the historic storage record of the single node comprises:
receiving a calculation expiration date for calculating the security coefficient value of the single node, and acquiring a storage record of each historically stored data of the single node according to the calculation expiration date, wherein the storage result of each storage record comprises a successful storage data and a failed storage data, and when each storage result of the successful storage data or the failed storage data is recorded, whether other nodes of the block chain agree to execute the storage operation of the single node or not is recorded, wherein the opinion comprises agreement to execute the storage operation and disagreement to execute the storage operation;
counting the number of nodes which are agreed to execute the storage operation by other nodes of the blockchain when the storage data is successful, obtaining the number of nodes success, and counting the number of nodes which are not agreed to execute the storage operation by other nodes of the blockchain when the storage data is failed, obtaining the number of nodes failure;
and calculating the security coefficient value of the single node according to the node success number and the node failure number.
3. The method for identifying data risk in medical situations according to claim 2, wherein the calculating the security coefficient value of a single node according to the node success number and the node failure number comprises:
the security coefficient value of the single node is calculated according to the following formula:
Figure QLYQS_1
wherein ,
Figure QLYQS_3
security coefficient value representing a single node,>
Figure QLYQS_5
representing the storage result as the number of successful storage data, < >>
Figure QLYQS_7
Representing the storage result as the number of storage data failures, < >>
Figure QLYQS_9
Indicate->
Figure QLYQS_10
Node success number when stripe storage data is successful, +.>
Figure QLYQS_11
Indicate->
Figure QLYQS_12
The number of node failures when the stripe fails to store data, +.>
Figure QLYQS_2
Indicate->
Figure QLYQS_4
Total number of nodes involved when bar storage data is successful, < >>
Figure QLYQS_6
Indicate->
Figure QLYQS_8
The total number of nodes involved in the failure of the stripe to store data.
4. The method for identifying data risk in a medical scenario according to claim 3, wherein said rejecting said request instruction comprises:
generating a forced transfer instruction of medical treatment data, and extracting the medical treatment data stored in a single node according to the forced transfer instruction;
when medical treatment data stored in a single node are successfully extracted, a storage result of successful storage data is generated in a history storage record of the single node, and the number of successful nodes corresponding to the storage result is the number of all nodes of the blockchain;
the method comprises the steps of restoring the storage results of all node numbers with the node success number being the blockchain to a historical storage record of a single node, generating a security mechanism upgrading instruction of the single node to a node manager after the restoring operation is completed, and simultaneously storing the extracted medical treatment data to other nodes of the blockchain, wherein the other nodes are different from the single node;
and when the extracted medical treatment data is successfully stored in other nodes of the blockchain, rejecting the request instruction, and initiating a reminding instruction to a requester of the request instruction while rejecting the request instruction, wherein the reminding instruction comprises reminding the requester to reinitiate the request instruction.
5. The method for identifying data risk in a medical scenario of claim 4, wherein the calculating obtains a characteristic identifier of a requestor initiating a request instruction, comprising:
the intelligent gateway and the hardware device where the applicant is located are started, wherein the hardware device comprises a face collector and a fingerprint collector;
collecting the face and the fingerprint of the request person by using the face collector and the fingerprint collector to obtain the request face and the request fingerprint;
acquiring gateway parameters of the intelligent gateway and receiving a password input to the intelligent gateway by a requester;
and calculating according to the request face, the request fingerprint, the gateway parameters and the password to obtain the characteristic identification of the request person.
6. The method for recognizing data risk in medical situations according to claim 5, wherein the calculating the feature identifier of the requesting person according to the requesting face, the request fingerprint, the gateway parameter and the password comprises:
calculating to obtain the characteristic identification of the applicant according to the following formula:
Figure QLYQS_13
wherein ,
Figure QLYQS_15
representing the requestor +.>
Figure QLYQS_18
Is characterized by->
Figure QLYQS_23
Representing the requestor +.>
Figure QLYQS_20
Password of->
Figure QLYQS_24
Represents the IP address where the single node is located, +.>
Figure QLYQS_26
Representing the requestor +.>
Figure QLYQS_27
Is to request face, is to be strapped with>
Figure QLYQS_14
Representing the requestor +.>
Figure QLYQS_17
Wherein>
Figure QLYQS_21
and />
Figure QLYQS_22
Are composed of matrix data in two-dimensional form, +.>
Figure QLYQS_16
Indicate->
Figure QLYQS_19
Gateway parameters of the individual intelligent gateway,>
Figure QLYQS_25
representing exclusive OR operation, ++>
Figure QLYQS_28
Representing a string concatenation operation.
7. The method for identifying data risk in a medical scenario of claim 6, wherein verifying the validity of the requestor based on the characteristic identification comprises:
transmitting the characteristic identification into a blockchain, wherein the blockchain further comprises a verification node;
after the feature identification is successfully sent to the blockchain, automatically triggering the verification node;
the verification node is utilized to acquire the sender address of the feature identifier, and the sender address is requested to acquire the password of the requester;
comparing the password pre-stored in the blockchain of the requester after the password of the requester is obtained, and judging that the requester is illegal when the obtained password is different from the password pre-stored in the blockchain;
when the obtained password is the same as the password pre-stored in the blockchain, re-acquiring the face and the fingerprint of the requesting person to obtain the verification face and the verification fingerprint;
obtaining the verification identification of the requester based on the verification face, the verification fingerprint, the gateway parameters and the password calculation;
judging whether the errors of the verification mark and the characteristic mark are smaller than a preset error threshold value, and judging that the requester is legal when the errors of the verification mark and the characteristic mark are smaller than the error threshold value;
and judging that the requester is illegal when the error between the verification mark and the characteristic mark is larger than or equal to an error threshold value.
8. The method for identifying data risk in a medical scenario of claim 7, wherein said performing a ranking on each node in the set of nodes according to a node priority to obtain a node flow comprises:
measuring the flow value required to be consumed by each node in unit time;
calculating the consumed time of each node in the node flow when responding to a task by utilizing a pre-constructed virtual machine;
and sequencing the priority of the nodes according to the length of the consumed time to obtain a node stream, wherein the nodes in the node stream gradually reduce the consumed time when responding to a task from left to right.
9. The method for identifying data risk in a medical scenario of claim 8, wherein calculating the time spent by each node in the node stream in response to a task using the pre-built virtual machine comprises:
the time spent is calculated according to the following formula:
Figure QLYQS_29
wherein ,
Figure QLYQS_31
indicate->
Figure QLYQS_34
The individual node is at->
Figure QLYQS_36
Time consumption calculated on the individual virtual machines, < >>
Figure QLYQS_32
Weight of formula for time consuming calculation>
Figure QLYQS_33
Represent the first/>
Figure QLYQS_35
In the process of responding to the task, the flow value required to be consumed in unit time of each node is +.>
Figure QLYQS_37
Indicate->
Figure QLYQS_30
The software and hardware level quantization values of the virtual machines.
10. The method for data risk identification in a medical setting of claim 9, wherein the selecting a response server for extracting medical visit data for the node stream comprises:
determining all response servers that can serve medical visit data of the extracted node stream;
sequentially acquiring hardware parameters and software parameters of each response server, wherein the hardware parameters comprise CPU frequency and memory, and the software parameters comprise bandwidth values and power consumption values;
removing response servers which do not meet the extraction of the medical treatment data according to the hardware parameters and the software parameters;
and selecting the response server with the lowest number of times of server crashes in the history record from the rest response servers, wherein the security level of the response server is highest.
CN202310673161.6A 2023-06-08 2023-06-08 Data risk identification method applied to medical scene Active CN116403671B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310673161.6A CN116403671B (en) 2023-06-08 2023-06-08 Data risk identification method applied to medical scene

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310673161.6A CN116403671B (en) 2023-06-08 2023-06-08 Data risk identification method applied to medical scene

Publications (2)

Publication Number Publication Date
CN116403671A true CN116403671A (en) 2023-07-07
CN116403671B CN116403671B (en) 2023-09-22

Family

ID=87012734

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310673161.6A Active CN116403671B (en) 2023-06-08 2023-06-08 Data risk identification method applied to medical scene

Country Status (1)

Country Link
CN (1) CN116403671B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109255255A (en) * 2018-10-22 2019-01-22 北京锐安科技有限公司 Data processing method, device, equipment and storage medium based on block chain
CN109947844A (en) * 2018-11-15 2019-06-28 陕西医链区块链集团有限公司 Medical data management system based on medical block chain
CN111444258A (en) * 2020-02-11 2020-07-24 江苏荣泽信息科技股份有限公司 Medical data sharing method based on block chain
WO2020168772A1 (en) * 2019-02-18 2020-08-27 深圳壹账通智能科技有限公司 Electronic medical record storing method, system, apparatus, and device, and medium
CN112351085A (en) * 2020-10-29 2021-02-09 邢国帅 Network resource safety sharing method
KR20220005277A (en) * 2020-07-06 2022-01-13 코리 컴퍼니 리미티드 Method for management medical data based on blockchain and system for the method
CN115270193A (en) * 2022-09-27 2022-11-01 武汉市香芋科技有限公司 Data file secure sharing method and device based on block chain and under cooperative synchronization
US20230006846A1 (en) * 2020-11-23 2023-01-05 Tencent Technology (Shenzhen) Company Limited Data processing method and apparatus based on blockchain network
CN115794958A (en) * 2023-01-28 2023-03-14 广东南方电信规划咨询设计院有限公司 Medical data sharing method, device and system based on block chain
CN115985436A (en) * 2022-12-12 2023-04-18 武汉东方赛思软件股份有限公司 Medical information sharing method based on intelligent medical treatment
JP2023523611A (en) * 2020-06-28 2023-06-06 北京沃▲東▼天▲駿▼信息技▲術▼有限公司 Methods, systems and apparatus for storing blockchain-based data

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109255255A (en) * 2018-10-22 2019-01-22 北京锐安科技有限公司 Data processing method, device, equipment and storage medium based on block chain
CN109947844A (en) * 2018-11-15 2019-06-28 陕西医链区块链集团有限公司 Medical data management system based on medical block chain
WO2020168772A1 (en) * 2019-02-18 2020-08-27 深圳壹账通智能科技有限公司 Electronic medical record storing method, system, apparatus, and device, and medium
CN111444258A (en) * 2020-02-11 2020-07-24 江苏荣泽信息科技股份有限公司 Medical data sharing method based on block chain
JP2023523611A (en) * 2020-06-28 2023-06-06 北京沃▲東▼天▲駿▼信息技▲術▼有限公司 Methods, systems and apparatus for storing blockchain-based data
KR20220005277A (en) * 2020-07-06 2022-01-13 코리 컴퍼니 리미티드 Method for management medical data based on blockchain and system for the method
CN112351085A (en) * 2020-10-29 2021-02-09 邢国帅 Network resource safety sharing method
US20230006846A1 (en) * 2020-11-23 2023-01-05 Tencent Technology (Shenzhen) Company Limited Data processing method and apparatus based on blockchain network
CN115270193A (en) * 2022-09-27 2022-11-01 武汉市香芋科技有限公司 Data file secure sharing method and device based on block chain and under cooperative synchronization
CN115985436A (en) * 2022-12-12 2023-04-18 武汉东方赛思软件股份有限公司 Medical information sharing method based on intelligent medical treatment
CN115794958A (en) * 2023-01-28 2023-03-14 广东南方电信规划咨询设计院有限公司 Medical data sharing method, device and system based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐健 等: "基于区块链网络的医疗记录安全储存访问方案", 《计算机应用》, pages 1500 - 1506 *

Also Published As

Publication number Publication date
CN116403671B (en) 2023-09-22

Similar Documents

Publication Publication Date Title
RU2320009C2 (en) Systems and methods for protected biometric authentication
US20240073213A1 (en) System and method for handling user requests for web services
US8079061B2 (en) Authentication system managing method
US10897461B2 (en) Pharmacy database access methods and systems
CN111415163A (en) Service processing and verifying method, system and verifying node based on block chain
CN111339141B (en) Data transmission method, block chain node equipment and medium
CN109948320B (en) Block chain-based identity recognition management method, device, medium and electronic equipment
CN115270193B (en) Data file secure sharing method and device based on block chain and collaborative synchronization
CN109409552A (en) Reserve access method, system, computer equipment and storage medium
CN101506818A (en) Computer resource verifying method and computer resource verifying program
CN112581233A (en) Method, device, equipment and computer-readable storage medium for order offline operation
CN111796936A (en) Request processing method and device, electronic equipment and medium
US7421739B2 (en) System and method for monitoring and ensuring data integrity in an enterprise security system
CN114547701A (en) Block chain-based tamper-proof identification chip information trusted storage system
JP7060449B2 (en) Biometric system, biometric method, and biometric program
CN112632513B (en) Front-end and back-end separation-based identity authentication implementation method
CN116403671B (en) Data risk identification method applied to medical scene
CN112216367A (en) Medicine safety distribution management method and device, computer equipment and storage medium
CN115985436B (en) Medical information sharing method based on intelligent medical treatment
JP3583892B2 (en) Network security methods
JP5276554B2 (en) Biometric information authentication apparatus and biometric information authentication program
CN111241139B (en) Data statistical method, device, computer equipment and storage medium
CN112765588A (en) Identity recognition method and device, electronic equipment and storage medium
CN114238908B (en) Page repeated login method, device, equipment and storage medium
CN113886493B (en) System log security query method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant