CN116527355B - Encryption sharing system for medical data - Google Patents
Encryption sharing system for medical data Download PDFInfo
- Publication number
- CN116527355B CN116527355B CN202310456162.5A CN202310456162A CN116527355B CN 116527355 B CN116527355 B CN 116527355B CN 202310456162 A CN202310456162 A CN 202310456162A CN 116527355 B CN116527355 B CN 116527355B
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- user
- key
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 claims abstract description 28
- 238000000034 method Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 13
- 230000007246 mechanism Effects 0.000 claims abstract description 10
- 238000007726 management method Methods 0.000 claims description 44
- 238000006243 chemical reaction Methods 0.000 claims description 27
- 230000006835 compression Effects 0.000 claims description 20
- 238000007906 compression Methods 0.000 claims description 20
- 238000013478 data encryption standard Methods 0.000 claims description 15
- 238000012550 audit Methods 0.000 claims description 5
- 230000006837 decompression Effects 0.000 claims description 5
- 238000011084 recovery Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 7
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses an encryption sharing system of medical data, and belongs to the technical field of medical data sharing. The encryption sharing system for the medical data comprises a data uploading protection module, a cloud storage encryption protection module, a shared data encryption module and a data access module. The system is provided with encryption options in the medical data uploading process, a user can not only shield and hide personal information by setting, but also convert and encrypt format of user uploading data by using triple DES algorithm of the system, and the internet security encryption protocol protection provided by the system in the medical data transmission process can check encrypted transmission information, and the system adopts a data privacy protection mechanism combining asymmetric encryption and symmetric encryption and face recognition verification in the medical data accessing link in the cloud storage mode by selecting the encrypted cloud sharing link mode to share medical data.
Description
Technical Field
The invention relates to the technical field of medical data sharing, in particular to an encryption sharing system of medical data.
Background
With the rapid development of information technology, the digitization of medical data has been widely used, and for medical staff in medical institutions and patients and families who go to the medical institutions to see the doctor, the doctor is mostly done through the medical information system set up in hospitals for interaction handling and information recording, while the medical information system relates to medical data with a plurality of sensitive information including medical personal information, patient anamnesis and doctor information, and how to reasonably and safely protect and share the medical data is always a difficulty in the medical industry. Even some data owners do not want to provide own medical data because they worry about invading privacy, and the medical data is valuable, and the medical information is easily collected illegally and is resale without strict protection. Therefore, in order to make the medical data legally protected and not illegally utilized, and make more people willing to trust the medical information system, voluntarily provide communication between the medical data and the patients with other diseases in the hospital, the protection and transmission of the medical data are required to be upgraded into a safer and more reliable medical data system based on the original medical information system in the hospital.
Disclosure of Invention
1. Technical problem to be solved
The invention aims to provide an encryption sharing system for medical data, which is used for solving the problems in the background art:
the medical information system relates to medical data with a plurality of sensitive information including medical personal information, patient anamnesis and medical information, and a plurality of data are related to personal privacy, so how to reasonably and safely protect and share the medical data is always a difficult point of the medical industry. Even some data owners do not want to provide own medical data because they worry about invading privacy, and the medical data is valuable, and the medical information is easily collected illegally and is resale without strict protection.
2. Technical proposal
The encryption sharing system of the medical data comprises a data uploading protection module, a cloud storage encryption protection module, a shared data encryption module and a data access module;
preferably, the data uploading protection module comprises a medical data uploading privacy protection module and an uploading format conversion module;
preferably, the cloud storage encryption protection module comprises an encryption protection module of dynamic data and a zero knowledge encryption module;
preferably, the shared data encryption module comprises a shared data privacy protection module and a key life cycle security management module;
preferably, the data access module comprises an access right module and a face recognition secondary verification module.
Preferably, the medical data uploading privacy protection module is used for shielding and hiding personal information of an uploading user in a process of uploading medical data of a personal data end, and the medical data uploading privacy protection module is provided with a user public selection authority, wherein the user public selection authority comprises anonymous selection authority of a system user and encryption setting authority of the user on the uploading medical data.
Preferably, the uploading format conversion module includes setting a data conversion encryption algorithm, the data conversion encryption algorithm sets triple DES to convert data, the triple DES encrypts the data through a public key after converting the data, the data after triple DES encryption is stored in a private hidden space of a cloud of the system, and the private hidden space of the cloud of the system is decrypted by using the private key.
Preferably, the encryption protection module of the dynamic data comprises an internet security encryption protocol protection, the internet security encryption protocol protection is provided with an encryption protection at a medical data transmitting end, and the internet security encryption protocol protection is provided with a system verification identification in the medical data transmitting process, and the system verification identification is used for carrying out information comparison verification on a data source of transmitting the medical data.
Preferably, the zero-knowledge encryption module is provided with a zero-knowledge encryption mode, and the zero-knowledge encryption mode stores an encryption key used for cloud storage encryption outside the cloud.
Preferably, the shared data privacy protection module is provided with a cloud shared link encryption, the cloud shared link encryption is established on the basis of uploading data by a user, the cloud shared link encryption is provided with two encryption modes, wherein the two encryption modes are symmetric encryption and asymmetric encryption, the symmetric encryption is that an uploading user carries a decompression public key in a file compression packet after format conversion, the asymmetric encryption is that the uploading user carries a public key for applying for access in the file compression packet after format conversion, and after the public key for applying for access is licensed by the uploading user, the user sends an independent private key to each application public key visitor for opening the compression packet.
Preferably, the key life cycle security management module is provided with an automated key service management system, the automated key service management system performs unified and centralized management on various keys, password terminals and password applications used by medical data, the unified and centralized management range comprises key generation, key storage, key distribution, key backup, key updating, key revocation, key archiving, key recovery and security management, the automated key service management system is provided with a user management function, a permission management function and a security audit function based on users, and the automated key service management system interacts with a medical transaction service system to help users safely and conveniently create a key use environment required by medical transaction.
Preferably, the access authority module sets a data privacy protection mechanism combining asymmetric encryption and symmetric encryption, the data privacy protection mechanism combining asymmetric encryption and symmetric encryption is set in a user access cloud database authority request link, the user access cloud database authority request link sends an access request to a system server through a personal account number in a system by the user, the access request is automatically associated to check the access user after being received by the server, and the system opens the access authority after the information of the access user is accurate.
Preferably, the face recognition secondary verification module automatically checks the access user information when the user accesses the medical data, and pops up a face recognition verification window in an access interface of the access user after the system server automatically checks the access user information, wherein the face recognition verification window is used for secondarily comparing the personal information of the user.
3. Advantageous effects
Compared with the prior art, the invention has the advantages that:
1) In the invention, the encryption options are set in the medical data uploading process, the user can not only mask and hide personal information by setting, but also perform format conversion and encryption on the user uploading data by using a triple DES algorithm of the system, and the internet security encryption protocol protection provided by the system in the medical data transmission process can check the encrypted transmission information until the medical data is transmitted and stored in the data cloud, and the system stores an encryption key used for data cloud storage encryption outside the data cloud by using a zero knowledge encryption mode, so that any possibility of accessing the data by a cloud computing provider is eliminated, and the medical data is effectively encrypted and protected in the uploading process.
2) In the invention, on the cloud storage, the format conversion encryption of an uploading file can be selected to be stored in a data cloud, the sharing of medical data in the form of encrypted cloud sharing links can be selected, the public key for applying for access is attached to the file compression package after the format conversion by an uploading user, the public key can trigger the access permission of the uploading user, after the permission of the uploading user is obtained, the uploading user can send a private key to each visitor applying for the public key for opening the compression package, in addition, the system is provided with a perfect automatic key service management system, the system takes the whole life cycle management of a key as a core, the key use environment required by a service is safely and conveniently created by the user, and the safe use of the medical data encryption key can be effectively provided.
3) In the invention, in the link of accessing medical data, the system adopts a data privacy protection mechanism combining asymmetric encryption and symmetric encryption and face identification verification, when a user needs to check shared medical data of a cloud, the user needs to send an access request to an access file or a link, a system server can check specific information of an access object after receiving the request, and pop up a face identification verification window on an access interface of the access user, when the face identification verification of the access user is passed, a personal information service port of the access user can send a random string encrypted by a public key to the system server, the system server decrypts the random string by a private key after receiving the random string, and after decryption, the server uses the random string to carry out symmetric encryption, so that the access user can carry out encryption access on the shared cloud, thereby blocking malicious access and preventing data theft and data disclosure during access.
Drawings
FIG. 1 is a schematic diagram of the overall system of the present invention;
FIG. 2 is a schematic diagram of an overall system subdivision module according to the present invention.
Detailed Description
Examples: referring to fig. 1-2, an encryption sharing system for medical data includes a data uploading protection module, a cloud storage encryption protection module, a shared data encryption module and a data access module; the data uploading protection module comprises a medical data uploading privacy protection module and an uploading format conversion module; the cloud storage encryption protection module comprises an encryption protection module of dynamic data and a zero knowledge encryption module; the shared data encryption module comprises a shared data privacy protection module and a secret key life cycle safety management module; the data access module comprises an access right module and a face recognition secondary verification module, and specifically, the functions of the modules are seen: the data uploading protection module is mainly used for effectively protecting user information and uploading data in the uploading process of a user, the cloud storage encryption protection module is mainly used for detecting data transmitted by the user when the user transmits the data to the cloud, malicious viruses and harmful information are prevented from flowing into the cloud, and encryption setting of medical data in the cloud storage is carried out, the shared data encryption module relates to a protection mode of the system for the user to upload medical data file data and a key life cycle for the system to be equipped with the data, and the data access module is used for accessing the medical data stored in the cloud in other medical care and patient users by using account numbers.
The medical data uploading privacy protection module is used for shielding and hiding personal information of an uploading user in the process of uploading the medical data of the personal data end, and the medical data uploading privacy protection module is provided with user public selection rights which comprise anonymous selection rights of a system user and encryption setting rights of the user to the uploading medical data.
The uploading format conversion module comprises a data conversion encryption algorithm, the data conversion encryption algorithm sets triple DES (data encryption standard) to convert data, the triple DES encrypts the data through a public key after converting the data, the data after triple DES encryption is stored in a private hidden space of a system cloud, and the private hidden space of the system cloud is decrypted by using the private key.
The dynamic data encryption protection module comprises an internet security encryption protocol protection, wherein the internet security encryption protocol protection is provided with encryption protection at a medical data sending end, and a system verification identification is arranged in the medical data sending process, and is used for carrying out information comparison verification on a data source for sending medical data.
The zero knowledge encryption module is provided with a zero knowledge encryption mode, and the zero knowledge encryption mode stores an encryption key used for cloud storage encryption outside the cloud.
Specifically, in the process of uploading medical data to the cloud, an encryption option is set on the sending port system aiming at uploading data, a user can choose whether to mask and hide personal information according to the actual situation of the user, the system is provided with an information disclosure selection authority on the personal user side, after the user chooses the upper-level ' whether to mask and hide personal information ', the system can automatically pop up the ' whether to open and upload content ' instruction option, a subcommand under the instruction is also provided with the ' whether to anonymously submit ' instruction option and the ' whether to select system encryption ' instruction option, after the user chooses to agree to encrypt, the system firstly uses triple DES algorithm to convert the format of uploading data of the user, specifically converts the uploaded plaintext data into a 64-bit block, uses a 48-bit cloud key to encrypt the ciphertext, then uses decryption and re-encrypt data to operate DES encryption three times, and then uses the system verification recognition set in the medical data transmission process to verify the data source of the sent medical data again, and uses the internet security encryption protocol to protect the sent medical data until the medical data is transmitted in a security protection mode, the medical data can not be stored in a cloud provider's encryption key can be stored in a cloud-free manner, and the cloud can not be stored in a cloud-encrypted key-encrypted manner, and can not be stored in any cloud-encrypted key-encrypted manner, and can be stored in the cloud-encrypted data can be stored in the cloud can be encrypted by any cloud can be stored in the cloud or encrypted, and can be encrypted by any cloud can be stored in the cloud can be encrypted.
The shared data privacy protection module is provided with cloud sharing link encryption, the cloud sharing link encryption is established on the basis of uploading data by a user, the cloud sharing link encryption is provided with two encryption modes, wherein the two encryption modes are symmetric encryption and asymmetric encryption, the symmetric encryption is that an uploading user attaches a decompression public key in a file compression package after format conversion, the asymmetric encryption is that the uploading user attaches a public key for application access in the file compression package after format conversion, and after the public key for application access is licensed by the uploading user, the user sends an independent private key to each application public key visitor for opening the compression package.
The key life cycle safety management module is provided with an automatic key service management system, the automatic key service management system performs unified and centralized management on various keys, password terminals and password applications used by medical data, the unified and centralized management range comprises key generation, key storage, key distribution, key backup, key update, key revocation, key archiving, key recovery and safety management, the automatic key service management system is provided with a user management function, a permission management function and a safety audit function based on users, and the automatic key service management system interacts with a medical transaction service system to help users safely and conveniently create key use environments required by medical transaction.
Specifically, when a user wants to upload a shared file, the user can select to encrypt the file in a format conversion manner, and can select to share medical data in a cloud shared link manner, one of encryption manners set by the cloud shared link is that the uploading user can select to attach a decompression public key in a file compression package after format conversion, the public key is in a plaintext display manner during access, an access person only needs to extract the public key to decompress the file compression package, the other encryption manner set by the cloud shared link is that the uploading user applies for the public key for access in the file compression package after format conversion, the public key is not used for decompressing the file compression package, but triggers the access permission of the uploading user, after obtaining the permission of the uploading user, the uploading user can apply for each visitor applying for the public key, send the private key to open the compression package, the secret key of each person is different and disposable, the visitor can download and access the shared medical data by opening the secret key, in addition, the system is provided with a perfect automatic key service management system, the system takes the whole life cycle management of the secret key as a core, performs unified and centralized management on various secret keys, password equipment, password terminals and password applications in the system, comprises secret key generation, secret key storage, secret key distribution, secret key backup, secret key update, secret key revocation, secret key archiving, secret key restoration and security management, provides user management and authority management and security audit functions based on users, can interact with a medical service handling system, is provided with safe secret key storage and password operation in performance, uses password hardware conforming to national password standards as a support for key operation and storage, the security of the secret key is fully ensured; the system supports the related password specifications issued by the national password administration, perfectly supports the national password algorithm, and can be seamlessly connected with the application of various different password systems; the system adopts a multi-process and multi-thread modular design, and has strong parallel processing capability; the system adopts multi-level user operation authority control, strictly controls the operation of various keys and provides sound log audit function; an advanced memory detection mechanism and a process daemon monitoring mechanism are adopted to ensure that a medical data system has no memory conflict and leakage and long-term stable operation; the multi-dimensional user custom management of the key is provided, such as life cycle configuration of the key, type and quantity configuration of the key, access and authority configuration of the key and flexible configuration of password hardware, so that the user is helped to safely and conveniently create a key use environment required by a service, and safe use of the medical data encryption key can be effectively provided.
The access authority module is provided with a data privacy protection mechanism combining asymmetric encryption and symmetric encryption, the data privacy protection mechanism combining the asymmetric encryption and the symmetric encryption is arranged in a user access cloud database authority request link, the user access cloud database authority request link sends an access request to a system server through a personal account number in a system, the access request is automatically associated with and checked to access the user after being received by the server, and the system opens access authority after the information of the access user is accurate.
The face recognition secondary verification module automatically checks the access user information when the user accesses the medical data, and pops up a face recognition verification window on an access interface of the access user after the system server automatically checks the access user information, wherein the face recognition verification window is used for secondarily comparing the personal information of the user.
Specifically, when a user needs to check shared medical data of a cloud, the user needs to send an access request to an access file or a link, the system server checks specific information of an access object after receiving the request, and pops up a face recognition verification window on an access interface of the access user after the system server automatically checks the information of the access user, so that the account is prevented from being stolen by others.
The working principle of the invention is as follows:
firstly, in the process of uploading medical data to a cloud terminal by a user, an encryption option is set on a sending port system aiming at uploading data, the user can select whether to mask and hide personal information according to the actual situation of the user, the system sets information disclosure selection permission on a personal user side, after the user selects the upper-level instruction of masking and hiding the personal information, the system automatically pops up the instruction option of whether to disclose uploading content, and a subcommand under the instruction is also provided with the instruction option of whether to anonymously submit and the instruction option of whether to select system encryption, after the user selects encryption approval, the system firstly utilizes triple DES algorithm to convert the format of the uploading data of the user, specifically converts the uploaded plaintext data into 64-bit blocks, and uses a 48-bit key to convert the plaintext for encryption, the system uses a zero knowledge encryption mode to store an encryption key used by the cloud storage encryption outside the cloud, although the cloud storage provider can host medical data of a hospital, as the cloud storage provider does not have the encryption key, the cloud storage encryption can prevent the transmission of the key to the cloud storage provider, the cloud storage encryption method can eliminate any possibility that the cloud computing provider accesses the data, and when a user wants to upload a shared file, in addition to selecting the form of uploading a file to encrypt the file format conversion, the method can also select the form of sharing medical data in the form of cloud sharing link, one of the encryption forms set by the cloud sharing link is that an uploading user can select to attach a decompression public key in the file compression package after format conversion, the public key is in a plaintext display form when accessing, an accessing person only needs to extract the public key to decompress the file compression package, the other form of the encryption set by the cloud sharing link is that the uploading user applies for the public key for accessing in the file compression package after format conversion, the public key is not used for decompressing the file compression package, but triggers the access permission of the uploading user, after obtaining the permission of the uploading user, the uploading user can apply for the visitor of the public key to each application, the system is provided with a perfect automatic key service management system, which takes the whole life cycle management of the key as a core, helps users to safely and conveniently create a key use environment required by business, can effectively provide safe use of a medical data encryption key, and finally, when the users need to check the shared medical data of the cloud, the users need to send an access request to an access file or a link, the system server can check specific information of an access object after receiving the request, and pop up a face recognition verification window on an access interface of the access users after the system server automatically checks the information of the access users, thereby avoiding the account from being used by others, when the face identification of the access user passes the verification, the personal information service port of the access user can send a random string encrypted by a public key to the system server, the system server decrypts the random string by a private key after receiving the random string, the server uses the random string to carry out symmetric encryption after decrypting, the system opens the encryption access authority, and the access user can carry out encryption access on the shared cloud, so that malicious access can be blocked, and data theft and data disclosure during access can be prevented.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the above-described embodiments, and that the above-described embodiments and descriptions are only preferred embodiments of the present invention, and are not intended to limit the invention, and that various changes and modifications may be made therein without departing from the spirit and scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (4)
1. An encrypted sharing system for medical data, characterized in that: the encryption sharing system of the medical data comprises a data uploading protection module, a cloud storage encryption protection module, a shared data encryption module and a data access module;
the data uploading protection module comprises a medical data uploading privacy protection module and an uploading format conversion module;
the cloud storage encryption protection module comprises an encryption protection module of dynamic data and a zero knowledge encryption module;
the shared data encryption module comprises a shared data privacy protection module and a secret key life cycle safety management module;
the data access module comprises an access right module and a face recognition secondary verification module, the shared data privacy protection module is provided with a cloud shared link encryption, the cloud shared link encryption is established on the basis of uploading data by a user, the cloud shared link encryption is provided with two encryption modes, the two encryption modes are symmetric encryption and asymmetric encryption, the symmetric encryption is that an uploading user carries a decompression public key in a file compression packet after format conversion, the asymmetric encryption is that the uploading user carries a public key for applying for access in the file compression packet after format conversion, and after the public key for applying for access is licensed by the uploading user, the user sends an independent private key to each application public key visitor for opening the compression packet;
the medical data uploading privacy protection module is used for shielding and hiding personal information of an uploading user in the process of uploading medical data of the personal data end, and is provided with user public selection rights which comprise anonymous selection rights of a system user and encryption setting rights of the user on the uploading medical data;
the uploading format conversion module is used for setting a data conversion encryption algorithm, the data conversion encryption algorithm sets triple DES (data encryption standard) to convert data, the triple DES encrypts the data through a public key after converting the data, the data after the triple DES encryption is stored in a private hidden space of a system cloud, and the private hidden space of the system cloud is decrypted by using the private key;
the dynamic data encryption protection module is used for protecting an internet security encryption protocol, the internet security encryption protocol protection is provided with encryption protection at a medical data sending end, and the internet security encryption protocol protection is provided with system verification identification in the medical data sending process, wherein the system verification identification is used for carrying out information comparison verification on a data source for sending medical data;
the zero-knowledge encryption module is provided with a zero-knowledge encryption mode, and the zero-knowledge encryption mode stores an encryption key used for cloud storage encryption outside the cloud;
the key life cycle safety management module is provided with an automatic key service management system, and the automatic key service management system performs unified and centralized management on various keys, password terminals and password applications used by medical data.
2. An encrypted sharing system for medical data according to claim 1, wherein: the unified centralized management range comprises key generation, key storage, key distribution, key backup, key updating, key revocation, key archiving, key recovery and safety management, the automatic key service management system is provided with a user management function, a right management function and a safety audit function based on users, and the automatic key service management system interacts with the medical transaction service system to help the users safely and conveniently create a key use environment required by medical transaction.
3. An encrypted sharing system for medical data according to claim 1, wherein: the access authority module is provided with a data privacy protection mechanism combining asymmetric encryption and symmetric encryption, the data privacy protection mechanism combining the asymmetric encryption and the symmetric encryption is arranged in a user access cloud database authority request link, the user access cloud database authority request link sends an access request to a system server through a personal account number in a system by the user, the access request is automatically associated to check the access user after being received by the server, and the system opens the access authority after the information of the access user is accurate.
4. An encrypted sharing system for medical data according to claim 1, wherein: the face recognition secondary verification module automatically checks the access user information when the user accesses the medical data, and pops up a face recognition verification window on an access interface of the access user after the system server automatically checks the access user information, wherein the face recognition verification window is used for secondarily comparing the personal information of the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310456162.5A CN116527355B (en) | 2023-04-25 | 2023-04-25 | Encryption sharing system for medical data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310456162.5A CN116527355B (en) | 2023-04-25 | 2023-04-25 | Encryption sharing system for medical data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116527355A CN116527355A (en) | 2023-08-01 |
| CN116527355B true CN116527355B (en) | 2024-01-23 |
Family
ID=87391542
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310456162.5A Active CN116527355B (en) | 2023-04-25 | 2023-04-25 | Encryption sharing system for medical data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116527355B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110008746A (en) * | 2019-04-01 | 2019-07-12 | 大连理工大学 | Medical records storage, shared and safety Claims Resolution model and method based on block chain |
| CN115242518A (en) * | 2022-07-25 | 2022-10-25 | 深圳万海思数字医疗有限公司 | Medical health data protection system and method under mixed cloud environment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090193267A1 (en) * | 2008-01-28 | 2009-07-30 | Chiasen Chung | Secure electronic medical record storage on untrusted portal |
-
2023
- 2023-04-25 CN CN202310456162.5A patent/CN116527355B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110008746A (en) * | 2019-04-01 | 2019-07-12 | 大连理工大学 | Medical records storage, shared and safety Claims Resolution model and method based on block chain |
| CN115242518A (en) * | 2022-07-25 | 2022-10-25 | 深圳万海思数字医疗有限公司 | Medical health data protection system and method under mixed cloud environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116527355A (en) | 2023-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Al-Issa et al. | eHealth cloud security challenges: a survey | |
| US11470054B2 (en) | Key rotation techniques | |
| US8929544B2 (en) | Scalable and secure key management for cryptographic data processing | |
| Fabian et al. | Collaborative and secure sharing of healthcare data in multi-clouds | |
| KR100334720B1 (en) | Adapter Having Secure Function and Computer Secure System Using It | |
| US9158933B2 (en) | Protection of encryption keys in a database | |
| US8625802B2 (en) | Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management | |
| EP3585023B1 (en) | Data protection method and system | |
| US9300639B1 (en) | Device coordination | |
| CN103336929B (en) | Method and system for encrypted file access | |
| CN106575342A (en) | Kernel program including relational data base, and method and device for executing said program | |
| CN104239820A (en) | Secure storage device | |
| CN105740725A (en) | File protection method and system | |
| CN112307515A (en) | Database-based data processing method and device, electronic equipment and medium | |
| CN111815817A (en) | Access control safety control method and system | |
| CN111815812A (en) | Third-party unlocking control method and system for electronic lock | |
| JP5711117B2 (en) | Access to medical data | |
| CN116527355B (en) | Encryption sharing system for medical data | |
| CN116663047A (en) | Fine-granularity safe data sharing method for privacy protection of patient health record | |
| CN107317925B (en) | Mobile terminal | |
| CN111815811B (en) | Electronic lock safety coefficient | |
| Yao et al. | Privacy information antistealing control method of medical system based on cloud computing | |
| CN111343421B (en) | Video sharing method and system based on white-box encryption | |
| US20210111870A1 (en) | Authorizing and validating removable storage for use with critical infrastrcture computing systems | |
| Sethia et al. | Security framework for portable NFC mobile based health record system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |