CN117177243A - Biomedical data sharing system based on 5G Internet of things - Google Patents

Abstract

The application relates to the technical field of data sharing, in particular to a biomedical data sharing system based on a 5G Internet of things, which comprises a data sharing platform, wherein the data sharing platform is in communication connection with a client, a data storage module, a history trust evaluation module, an attribute trust evaluation module, an access authorization module and a continuous monitoring module; the client side has two roles of a sharing main body and an access main body, wherein the access main body initiates an access request to the sharing main body through a data sharing platform; the historical trust evaluation module is used for acquiring a historical trust value when the access subject initiates the biomedical data access request; the attribute trust evaluation module is used for updating the historical trust value of the access subject; the access authorization module is used for acquiring an access subject authorization mode; the continuous monitoring module is used for controlling the whole access process according to the monitoring result of the pre-planned monitoring item; the dynamic and changeable cloud environment security access control requirements faced by biomedical data sharing are met.

Description

Biomedical data sharing system based on 5G Internet of things

Technical Field

The application relates to the technical field of data sharing, in particular to a biomedical data sharing system based on a 5G Internet of things.

Background

Along with the gradual expansion of medical data services from medical informatization to medical conjuncts and medical communities, the data sharing requirement is continuously deepened, and medical big data resources are required to be fully shared and also to be strongly protected, so that the data security is a realistic requirement through effective medical big data access control;

the comparison document CN110362586B, a multi-center biomedical data collaborative processing system without patient data sharing and a method thereof, are used for jointly applying a parameter sharing mechanism and an asynchronous communication mechanism to multi-center medical data collaborative calculation through the connection management of a parameter manager and a task scheduler of a cloud server; the safety isolation of the medical center data and the cloud server can be met, and the privacy of the medical center patient data is fully protected; meanwhile, compared with a direct synchronous exchange data calculation result, the calculation waiting time is effectively reduced, and the analysis efficiency and the data processing capacity of multi-center cooperative processing are greatly improved;

the contrast file CN115394392B is used for processing data sharing signaling sent by a patient end through a sharing processing module and combining with the corresponding treatment data of the patient, analyzing the treatment data to obtain analysis duration, sequencing the treatment number at the forefront treatment number treatment time of the sharer through the analysis duration and the treatment number to obtain data sharing time, sharing the corresponding medical data of the patient when the current time is equal to the data sharing time, and then sending the medical data of the patient to the treatment time when the patient is treated so that a doctor can know the treatment data before the patient when the patient is treated;

the traditional biomedical data sharing is usually located in a medical institution, and a role-based access control mode is adopted, wherein the authorization behavior of the access control mode is static, namely after a main body has access rights to certain resources, the main body is not changed under the condition that no security accident occurs, so that potential safety hazards are buried in the biomedical data sharing;

for the case of data sharing in which a plurality of medical institutions exist at the same time, two extreme cases are easy to occur in the conventional access control method based on the location information of an IP address or the means of controlling access rights based on the identity of an access subject: firstly, excessive authorization is performed, resource access rights beyond responsibility are opened for a main body, and potential safety hazards are increased; secondly, the authorization is insufficient, when the access strategy is too severe, the normal execution of the access request related to responsibility of the main body is influenced, so that the working efficiency is reduced, the safety of the access request cannot be considered, and the data security threat caused by the allowed access request cannot be prejudged under the existing access strategy, so that the support of variable attribute of the access main body and the dynamic continuous access control are extremely important in the sharing requirement of medical large data;

how to participate in the data sharing access control decision process in the whole course is a problem which needs to be solved by dynamically and reasonably regulating the access process, and a biomedical data sharing system based on the 5G Internet of things is provided.

Disclosure of Invention

In order to solve the technical problems, the application aims to provide a biomedical data sharing system based on the 5G Internet of things, which comprises a data sharing platform, wherein the data sharing platform is in communication connection with a client, a data storage module, a historical trust evaluation module, an attribute trust evaluation module, an access authorization module and a continuous monitoring module;

the client has two roles of a sharing main body and an access main body, the sharing main body and the data sharing platform are connected in a distributed mode through an Internet of things node, and the client is used for uploading biomedical data, acquired by a plurality of edge devices, about the sharing main body to the data sharing platform; the access subject initiates an access request to biomedical data through a data sharing platform;

the data storage module is used for storing historical data information of the client;

the history trust evaluation module is used for acquiring a history trust value of an access subject when initiating a biomedical data access request according to the history access record;

the attribute trust evaluation module is used for updating the historical trust value of the access subject matched with the attribute of the shared subject according to the association degree of the access subject and the attribute of the shared subject, and updating the historical trust value of the access subject not matched with the attribute of the shared subject according to the historical access record related to the attribute of the access subject and the attribute of the shared subject;

the access authorization module is used for acquiring an access subject authorization mode through a comparison result of a current access trust value of the access subject and a minimum trust value of biomedical data of a shared subject accessed by the access subject;

the continuous monitoring module is used for acquiring a preplanned monitoring item and a real-time monitoring item of an access subject granted access rights, acquiring trust loss values of various index data of the preplanned monitoring item under the current real-time monitoring item condition according to a historical access record, and controlling the whole access process according to the monitoring result of the preplanned monitoring item.

Further, the process of the access subject for initiating the access request to the biomedical data through the data sharing platform comprises the following steps:

the access subject logs in the data sharing platform through inputting the access ID and the password, meanwhile, the access subject inputs the visit ID of the sharing subject to be accessed into the data sharing platform, and the data sharing platform acquires the fixed attribute and the history access record of the access subject according to the access ID information;

the data sharing platform acquires the fixed attribute of the shared subject and various biomedical data of the shared subject and the sensitivity level of the various biomedical data according to the visit ID information.

Further, the process of the history trust evaluation module obtaining the history trust value when the access subject initiates the biomedical data access request according to the history access record includes:

the historical access records of the access subjects comprise the access frequency of the access subjects initiating the biomedical data access requests, the accumulated times of the access subjects accessing the biomedical data of different sensitivity levels of a plurality of sharing subjects and the times of the trust value unit of the access subjects reduced to zero when the access subjects access the biomedical data of different sensitivity levels;

and acquiring a historical trust value when the access subject initiates the biomedical data access request according to the historical access record.

Further, the process of updating the historical trust value of the access entity matched with the attribute of the shared entity by the attribute trust evaluation module according to the association degree of the access entity and the attribute of the shared entity comprises the following steps:

acquiring attribute association degrees of the access subject and the sharing subject according to the fixed attribute of the sharing subject and the fixed attribute of the access subject, setting an attribute association degree threshold value, and comparing the attribute association degrees of the access subject and the sharing subject with the attribute association degree threshold value;

and when the attribute association degree of the access subject and the sharing subject is larger than or equal to the attribute association degree threshold, updating the historical trust value of the access subject to the current access trust value.

Further, the process of updating the historical trust value of the access entity, which does not match the attribute of the shared entity, by the attribute trust evaluation module according to the historical access record of the access entity and the attribute of the shared entity includes:

when the attribute association degree of the access subject and the sharing subject is smaller than an attribute association degree threshold, acquiring an error value of the attribute association degree and the attribute association degree threshold, and acquiring a first trust attenuation value according to the error value;

acquiring accumulated times of accessing biomedical data of different sensitivity levels of a shared subject to which the access subject belongs according to a historical access record of the access subject, and acquiring a second trust attenuation value of the access subject according to the accumulated times and the times of reducing the trust value amount to zero when the access subject accesses the biomedical data of different sensitivity levels of the shared subject;

and acquiring the attenuated historical trust value according to the historical trust value, the first trust attenuation value and the second trust attenuation value of the access subject, and updating the attenuated historical trust value as the current access trust value of the access subject.

Further, the process of obtaining the authorization mode of the access subject by the access authorization module through the comparison result of the current access trust value of the access subject and the minimum trust value of the biomedical data of the shared subject accessed by the access subject includes:

setting minimum trust values allowed to be accessed by biomedical data with different sensitivity levels, acquiring the minimum trust value of the biomedical data of the shared subject accessed by the access subject according to the corresponding relation between the sensitivity level and the minimum trust value, and comparing the current access trust value of the access subject with the minimum trust value;

if the current access trust value of the access subject is greater than or equal to the minimum trust value, directly granting access rights to the biomedical data access request initiated by the access subject;

and if the current access trust value of the access subject is smaller than the minimum trust value, the access subject submits a manual auditing application file to the data sharing platform, and an administrator of the data sharing platform determines whether to grant access rights according to the manual auditing application file.

Further, the process of the continuous monitoring module obtaining the pre-planned monitoring item and the real-time monitoring item of the access subject granted with the access right includes:

obtaining a pre-plan of an access subject granted access rights, the pre-plan including a sensitivity level range of biomedical data in a biomedical data access initiated by the access subject, an access time period, an IP address of the access subject, and biomedical data request amounts of different sensitivity levels;

each index data in the pre-plan of the access subject to which the access right is granted is used as a pre-plan monitoring item in the access process of the access subject;

and acquiring access scene information in the access process of the access subject granted with the access permission, acquiring a real-time influence factor according to the access scene information, and taking the real-time influence factor as a real-time monitoring item in the access process of the access subject.

Further, the process of the continuous monitoring module obtaining the trust loss value of each item of index data of the pre-planned monitoring item under the current real-time monitoring item condition according to the historical access record comprises the following steps:

acquiring the abnormal times that all index data of the pre-plan monitoring item under different real-time influence factors do not accord with the corresponding threshold ranges according to the historical access records of a plurality of access subjects stored by a data storage module, wherein the trust value limit of the plurality of access subjects is reduced to zero, and acquiring the index weights of all index data of the pre-plan monitoring item under different real-time influence factors according to the abnormal times under the different real-time influence factors;

and acquiring trust loss values of all the index data of the pre-planned monitoring item under the current real-time monitoring item condition according to the index weights of all the index data of the pre-planned monitoring item under different real-time influence factors.

Further, the process of controlling the whole access process by the continuous monitoring module according to the monitoring result of the pre-planned monitoring item comprises the following steps:

acquiring monitoring data of each index data in a pre-planned monitoring item, comparing the data monitoring with a threshold value of each index data corresponding to the pre-planned monitoring item, and acquiring an error value of each index data;

presetting an error threshold interval, judging whether the error value of each index data falls within the error threshold interval, and if so, proving that the access process of the current access subject accords with a pre-plan;

if the error value does not fall in the error threshold interval, acquiring index data of which the error value does not fall in the error threshold interval, and acquiring a trust loss value of the index data;

and acquiring a current access trust value of the access main body, updating the current access trust value of the access main body according to the current access trust value and the trust loss value of the index data of which the error value does not fall in the error threshold value interval, and immediately stopping the access process of the access main body when the current access trust value of the access main body is reduced to zero.

Compared with the prior art, the application has the beneficial effects that:

1. the attribute of the supporting biomedical data access subject is variable, and when malicious behaviors exist in the historical access behaviors of the access subject or the risk of the access request of the access subject is large, the attribute trust evaluation module model updates the historical trust value of the access subject and provides a reference for the trust evaluation of the subsequent access subject;

2. supporting dynamic and continuous access control, wherein the continuous monitoring module acquires a preplanned monitoring item and a real-time monitoring item of an access subject to which access rights are granted, continuously audits an access process of the access subject according to a monitoring result of the preplanned monitoring item, and realizes continuous variable access process control according to a change of a trust value;

3. the cross-domain sharing of the biomedical data is supported, different medical institutions are allowed to access biomedical data of other institutions under the condition of meeting access control so as to conduct remote medical treatment, disease research and other works, and the problems of excessive authorization of main body access rights and insufficient main body access rights in the cross-domain sharing of the biomedical data are solved through the pre-decision of the historical trust evaluation module and the attribute trust evaluation module and the dynamic change access control of the continuous monitoring module, so that the dynamic changeable cloud environment security access control requirements faced by the biomedical data sharing are met.

Drawings

Fig. 1 is a schematic diagram of a biomedical data sharing system based on 5G internet of things according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

As shown in fig. 1, a biomedical data sharing system based on the 5G internet of things comprises a data sharing platform, wherein the data sharing platform is in communication connection with a client, a data storage module, a historical trust evaluation module, an attribute trust evaluation module, an access authorization module and a continuous monitoring module;

the client has two roles of a sharing main body and an access main body, the sharing main body and the data sharing platform are connected in a distributed mode through an Internet of things node, and the client is used for uploading biomedical data, acquired by a plurality of edge devices, about the sharing main body to the data sharing platform; the access subject initiates an access request to biomedical data through a data sharing platform;

the data storage module is used for storing historical data information of the client;

the history trust evaluation module is used for acquiring a history trust value of an access subject when initiating a biomedical data access request according to the history access record;

the attribute trust evaluation module is used for updating the historical trust value of the access subject matched with the attribute of the shared subject according to the association degree of the access subject and the attribute of the shared subject, and updating the historical trust value of the access subject not matched with the attribute of the shared subject according to the historical access record related to the attribute of the access subject and the attribute of the shared subject;

the access authorization module is used for acquiring an access subject authorization mode through a comparison result of a current access trust value of the access subject and a minimum trust value of biomedical data of a shared subject accessed by the access subject;

the continuous monitoring module is used for acquiring a preplanned monitoring item and a real-time monitoring item of an access subject granted access rights, acquiring trust loss values of various index data of the preplanned monitoring item under the current real-time monitoring item condition according to a historical access record, and controlling the whole access process according to the monitoring result of the preplanned monitoring item.

It should be further noted that, in the implementation process, the process of the access subject for initiating the access request to the biomedical data through the data sharing platform includes:

the access subject logs in the data sharing platform by inputting the access ID, and simultaneously the access subject inputs the visit ID of the sharing subject to be accessed into the data sharing platform, and the data sharing platform acquires the fixed attribute and the history access record of the access subject according to the access ID information;

the data sharing platform acquires the fixed attribute of the shared subject and various biomedical data of the shared subject and the sensitivity level of the various biomedical data according to the visit ID information.

It should be further noted that, in this embodiment, the access subject of this embodiment includes not only medical industry personnel of the medical institution where the sharing subject generates biomedical data, but also medical industry personnel other than the medical institutions where there is a resource sharing and cooperation relationship with the data sharing platform.

It should be further noted that, in this embodiment, the fixed attribute of the access subject includes: the job title of the visiting subject, including the attending doctor, expert, researcher, nurse and other job title, the professional field of the visiting subject, including the internal science, the external science, the child science, the obstetrics, the ophthalmology and the otorhinolaryngology science and other professions.

It should be further noted that in this example, the fixed attribute of the shared subject includes, but is not limited to: sharing basic physiological indexes of a main body, including height, weight, blood pressure, heart rate and the like; sharing the subject's current etiology categories, including angina, parkinson's disease, cataracts, fractures, and other disease categories; medical history of the shared subject, including past history of disease, surgery, medication, and allergies of the shared subject; family history of shared subjects: such as a disease or genetic disease associated with a shared subject relative; social context of shared subjects: including occupation of the shared subject, marital status, education level, living environment, etc.

It should be further noted that in this example, the biomedical data of the shared subject includes, but is not limited to: physiological index data: vital sign data including heart rate, blood pressure, body temperature, respiratory rate, etc.; laboratory inspection data: test results including blood, urine, tissue and the like samples, such as hemoglobin levels, blood glucose concentrations, biochemical indicators in blood and the like; image data: image data obtained by medical imaging technologies such as X-ray, CT scanning, MRI and the like are used for detecting and diagnosing structures and abnormal conditions in a human body; genomic data: DNA sequence information including human genome for research of genetic diseases and guidance of personalized treatment; biomarker data: including information on the expression and concentration of proteins, genes, metabolites, etc. in the human body.

It should be further noted that in this example, the sensitivity level of the biomedical data of the shared subject includes: primary sensitive data, secondary sensitive data, tertiary sensitive data and quaternary sensitive data; the higher the sensitivity level, the more private the corresponding data is represented, and the higher the authority level required for access is;

the primary sensitive data comprises personal identity information such as name, ID card number, social security number, medical record number and the like;

the secondary sensitive data includes biomedical data related to the physical condition and treatment of the individual, such as diagnostic results, medical history, drug prescriptions, surgical records, etc., which relate to the individual's disease and treatment information, and need to be properly protected and restricted from access;

the tertiary sensitivity data includes biomedical data related to disease risk and genomic information, such as genetic test results, genetic variation data, family history, etc., which may reveal individual genetic characteristics and disease risk, requiring careful handling and protection.

The four-level sensitive biomedical data comprise data related to private information such as mental diseases, sexual health and the like, such as mental health records, venereal disease examination results and the like, and the data belong to the most sensitive private information and are required to be particularly protected and strictly limited in access.

It should be further noted that, in the implementation process, the process of the history trust evaluation module obtaining, according to the history access record, the history trust value when the access subject initiates the biomedical data access request includes:

the historical access record of the access subject comprises an access frequency C1 of the access subject initiating biomedical data access requests, the accumulated times Ni of the access subject accessing biomedical data of different sensitivity levels of a plurality of sharing subjects and the times NTi of which the trust value limit of the access subject is reduced to zero when the access subject accesses biomedical data of different sensitivity levels, wherein i=1, 2,3 and 4; the i represents a sensitivity level;

the historical trust value CT of the access subject is obtained by calculating the formula CT=C1×a1+N1×a2+N2×a3+N3×a4+N4×a5+N1×a6+N2×a7+N3×a8+N4×a9, wherein a1, a2, a3, a4, a5, a6, a7, a8 and a9 are weight factors, N1, N2, N3 and N4 respectively represent the accumulated times of the access subject for accessing the primary sensitive data, the secondary sensitive data, the tertiary sensitive data and the quaternary sensitive data, and NT1, NT2, NT3 and NT4 respectively represent the accumulated times of the access subject for accessing the primary sensitive data, the secondary sensitive data, the tertiary sensitive data and the quaternary sensitive data.

It should be further noted that, in the implementation process, the process of updating, by the attribute trust evaluation module, the historical trust value of the access subject matched with the shared subject attribute according to the association degree of the access subject and the shared subject attribute includes:

when the attribute association degree of the access subject and the sharing subject is obtained according to the fixed attribute of the sharing subject and the fixed attribute of the access subject, setting an attribute association degree threshold value, and comparing the attribute association degree of the access subject and the sharing subject with the attribute association degree threshold value;

and when the attribute association degree of the access subject and the sharing subject is larger than or equal to the attribute association degree threshold, updating the historical trust value of the access subject to the current access trust value.

It should be further noted that, in the implementation process, the process of obtaining the attribute association degree between the access subject and the sharing subject according to the fixed attribute of the sharing subject and the fixed attribute of the access subject includes:

acquiring the title and the professional field scope of the access subject according to the fixed attribute of the access subject, and acquiring the type scope of the etiology possibly related to the shared subject at present, the type scope of the etiology possibly related to the shared subject in the past, the type scope of the etiology possibly related to the relatives of the shared subject and the type scope of the etiology possibly related to the living environment of the shared subject according to the fixed attribute of the shared subject;

professional field scope of subject to be accessedThe range of etiology types currently likely to be involved with the shared subjectShared subject may have been involved in the past in a range of etiology typesThe range of etiology types to which the relatives of the shared subject may relateThe range of etiology types that the living environment of the shared subject may relate toPerforming association degree comparison of the etiology types, setting weights for the etiology type ranges related to different conditions of the shared subject, and when the professional domain range of the access subject comprises the etiology type range related to the shared subject, performing attribute association degree of the access subject and the shared subject1, when the scope of the professional domain of the access subject does not include the scope of the etiology types related to the shared subject, the association degree of the access subject and the shared subjectIs 0;

using the formula=×a10+×a11+×a12+Calculating and obtaining attribute association degree of access subject and sharing subject by using Xa 13Where a10, a11, a12 and a13 are weight factors.

It should be further noted that, in the implementation process, the process of updating, by the attribute trust evaluation module, the historical trust value of the access subject that does not match the attribute of the shared subject according to the historical access record related to the attribute of the access subject includes:

when the attribute association degree of the access subject and the sharing subject is smaller than an attribute association degree threshold, acquiring an error value of the attribute association degree and the attribute association degree threshold, and acquiring a first trust attenuation value according to the error value;

acquiring accumulated times of accessing biomedical data of different sensitivity levels of a shared subject to which the access subject belongs according to a historical access record of the access subject, and acquiring a second trust attenuation value of the access subject according to the accumulated times and the times of reducing the trust value amount to zero when the access subject accesses the biomedical data of different sensitivity levels of the shared subject;

and acquiring the attenuated historical trust value according to the historical trust value, the first trust attenuation value and the second trust attenuation value of the access subject, and updating the attenuated historical trust value into the current access trust value of the access subject, wherein the current access trust value = the sum of the first trust attenuation value and the second trust attenuation value subtracted from the historical trust value.

It should be further noted that, the second trust attenuation value in the present application indicates whether there is a correlation other than attribute matching between the access subject and the shared subject, the stronger the correlation other than attribute matching between the access subject and the shared subject is, the smaller the second trust attenuation value is, otherwise, the weaker the correlation other than attribute matching between the access subject and the shared subject is, the larger the second trust attenuation value is;

for example, there is no visit relationship between doctor a and patient B, and doctor a's medical professional field does not include the etiology category of patient B, but doctor a contains a history of multiple visits to patient B's biomedical data, and the trust records of several history are all good, then doctor a's second trust attenuation value for visiting patient B is small or zero; on the contrary, there is no visit relation between doctor a and patient B, and the medical professional field of doctor a does not include the etiology type of patient B, and there is no history of visit records related to doctor a and patient B, the second trust attenuation value of doctor a visiting patient B is larger.

It should be further noted that, in the implementation process, the process of obtaining, by the access authorization module, the access authorization mode of the access subject through a comparison result of the current access trust value of the access subject and the minimum trust value of the biomedical data of the shared subject accessed by the access subject includes:

setting minimum trust values allowed to be accessed by biomedical data with different sensitivity levels, acquiring the minimum trust value of the biomedical data of the shared subject accessed by the access subject according to the corresponding relation between the sensitivity level and the minimum trust value, and comparing the current access trust value of the access subject with the minimum trust value;

if the current access trust value of the access subject is greater than or equal to the minimum trust value, directly granting access rights to the biomedical data access request initiated by the access subject;

and if the current access trust value of the access subject is smaller than the minimum trust value, the access subject submits a manual auditing application file to the data sharing platform, and an administrator of the data sharing platform determines whether to grant access rights according to the manual auditing application file.

It should be further noted that, in the implementation process, the process of the continuous monitoring module obtaining the pre-planned monitoring item and the real-time monitoring item of the access subject granted with the access right includes:

obtaining a pre-plan of an access subject granted access rights, the pre-plan including a sensitivity level range of biomedical data in a biomedical data access initiated by the access subject, an access time period, an IP address of the access subject, and biomedical data request amounts of different sensitivity levels;

each index data in the pre-plan of the access subject to which the access right is granted is used as a pre-plan monitoring item in the access process of the access subject;

and acquiring access scene information in the access process of the access subject granted with the access permission, acquiring a real-time influence factor according to the access scene information, and taking the real-time influence factor as a real-time monitoring item in the access process of the access subject.

It should be further noted that, in the present application, the influence factors of the access scene information in the access process of the access subject granted with the access right include, but are not limited to:

the equipment used when the access main body accesses comprises a tablet, a computer, a mobile phone and the like;

the actual geographic location of the visit subject at the time of visit, such as home, hospital, research institute, related medical business, etc.;

accessing scene information when the subject accesses, such as office, learning, vacation, etc.;

for example, when accessing biomedical data of a certain sensitivity level, it is necessary to obtain an electronic signature of a shared subject to which the biomedical data belongs or an electronic signature of another access subject related to the shared subject, which is preset in the shared subject.

It should be further noted that, in the implementation process, the process of obtaining, by the continuous monitoring module, the trust loss value of each item of index data of the pre-planned monitoring item under the current real-time monitoring item condition according to the history access record includes:

acquiring the abnormal times that all index data of the pre-plan monitoring item under different real-time influence factors do not accord with the corresponding threshold ranges according to the historical access records of a plurality of access subjects stored by a data storage module, wherein the trust value limit of the plurality of access subjects is reduced to zero, and acquiring the index weights of all index data of the pre-plan monitoring item under different real-time influence factors according to the abnormal times under the different real-time influence factors;

and acquiring trust loss values of all the index data of the pre-planned monitoring item under the current real-time monitoring item condition according to the index weights of all the index data of the pre-planned monitoring item under different real-time influence factors.

It should be further noted that, in the implementation process, the process of controlling the whole access process by the continuous monitoring module according to the monitoring result of the pre-planned monitoring item and the trust loss value of each index data of the pre-planned monitoring item includes:

acquiring monitoring data of each index data in a pre-planned monitoring item, comparing the data monitoring with a threshold value of each index data corresponding to the pre-planned monitoring item, and acquiring an error value of each index data;

presetting an error threshold interval, judging whether the error value of each index data falls within the error threshold interval, and if so, proving that the access process of the current access subject accords with a pre-plan;

if the error value does not fall in the error threshold interval, acquiring index data of which the error value does not fall in the error threshold interval, and acquiring a trust loss value of the index data;

and acquiring a current access trust value of the access main body, updating the current access trust value of the access main body according to the current access trust value and the trust loss value of the index data of which the error value does not fall in the error threshold value interval, and immediately stopping the access process of the access main body when the current access trust value of the access main body is reduced to zero.

The above embodiments are only for illustrating the technical method of the present application and not for limiting the same, and it should be understood by those skilled in the art that the technical method of the present application may be modified or substituted without departing from the spirit and scope of the technical method of the present application.

Claims (9)

1. The biomedical data sharing system based on the 5G Internet of things comprises a data sharing platform, and is characterized in that the data sharing platform is in communication connection with a client, a data storage module, a historical trust evaluation module, an attribute trust evaluation module, an access authorization module and a continuous monitoring module;

the client has two roles of a sharing main body and an access main body, the sharing main body and the data sharing platform are connected in a distributed mode through an Internet of things node, and the client is used for uploading biomedical data, acquired by a plurality of edge devices, about the sharing main body to the data sharing platform; the access subject initiates an access request to biomedical data through a data sharing platform;

the data storage module is used for storing historical data information of the client;

the history trust evaluation module is used for acquiring a history trust value of an access subject when initiating a biomedical data access request according to the history access record;

the attribute trust evaluation module is used for updating the historical trust value of the access subject matched with the attribute of the shared subject according to the association degree of the access subject and the attribute of the shared subject, and updating the historical trust value of the access subject not matched with the attribute of the shared subject according to the historical access record related to the attribute of the access subject and the attribute of the shared subject;

the access authorization module is used for acquiring an access subject authorization mode through a comparison result of a current access trust value of the access subject and a minimum trust value of biomedical data of a shared subject accessed by the access subject;

the continuous monitoring module is used for acquiring a preplanned monitoring item and a real-time monitoring item of an access subject granted access rights, acquiring trust loss values of various index data of the preplanned monitoring item under the current real-time monitoring item condition according to a historical access record, and controlling the whole access process according to the monitoring result of the preplanned monitoring item.

2. The biomedical data sharing system based on the 5G internet of things according to claim 1, wherein the process of the access subject for initiating the access request to the biomedical data through the data sharing platform comprises:

the access subject logs in the data sharing platform through inputting the access ID and the password, meanwhile, the access subject inputs the visit ID of the sharing subject to be accessed into the data sharing platform, and the data sharing platform acquires the fixed attribute and the history access record of the access subject according to the access ID information;

the data sharing platform acquires the fixed attribute of the shared subject and various biomedical data of the shared subject and the sensitivity level of the various biomedical data according to the visit ID information.

3. The biomedical data sharing system based on the 5G internet of things of claim 2, wherein the process of the history trust evaluation module obtaining the history trust value of the access subject when initiating the biomedical data access request according to the history access record comprises:

the historical access records of the access subjects comprise the access frequency of the access subjects initiating the biomedical data access requests, the accumulated times of the access subjects accessing the biomedical data of different sensitivity levels of a plurality of sharing subjects and the times of the trust value unit of the access subjects reduced to zero when the access subjects access the biomedical data of different sensitivity levels;

and acquiring a historical trust value when the access subject initiates the biomedical data access request according to the historical access record.

4. The biomedical data sharing system based on 5G internet of things as set forth in claim 3, wherein the process of updating the historical trust value of the access subject matching the shared subject attribute by the attribute trust evaluation module according to the association degree of the access subject and the shared subject attribute comprises:

acquiring attribute association degrees of the access subject and the sharing subject according to the fixed attribute of the sharing subject and the fixed attribute of the access subject, setting an attribute association degree threshold value, and comparing the attribute association degrees of the access subject and the sharing subject with the attribute association degree threshold value;

and when the attribute association degree of the access subject and the sharing subject is larger than or equal to the attribute association degree threshold, updating the historical trust value of the access subject to the current access trust value.

5. The biomedical data sharing system as claimed in claim 4, wherein said attribute trust evaluation module updates the historical trust value of the accessing agent that does not match the attribute of the sharing agent based on the historical access record of the accessing agent related to the attribute of the sharing agent, comprising:

when the attribute association degree of the access subject and the sharing subject is smaller than an attribute association degree threshold, acquiring an error value of the attribute association degree and the attribute association degree threshold, and acquiring a first trust attenuation value according to the error value;

acquiring accumulated times of accessing biomedical data of different sensitivity levels of a shared subject to which the access subject belongs according to a historical access record of the access subject, and acquiring a second trust attenuation value of the access subject according to the accumulated times and the times of reducing the trust value amount to zero when the access subject accesses the biomedical data of different sensitivity levels of the shared subject;

and acquiring the attenuated historical trust value according to the historical trust value, the first trust attenuation value and the second trust attenuation value of the access subject, and updating the attenuated historical trust value as the current access trust value of the access subject.

6. The biomedical data sharing system based on the 5G internet of things according to claim 5, wherein the process of the access authorization module obtaining the access subject authorization mode by comparing the current access trust value of the access subject with the minimum trust value of the biomedical data of the shared subject accessed by the access subject comprises:

setting minimum trust values allowed to be accessed by biomedical data with different sensitivity levels, acquiring the minimum trust value of the biomedical data of the shared subject accessed by the access subject according to the corresponding relation between the sensitivity level and the minimum trust value, and comparing the current access trust value of the access subject with the minimum trust value;

if the current access trust value of the access subject is greater than or equal to the minimum trust value, directly granting access rights to the biomedical data access request initiated by the access subject;

and if the current access trust value of the access subject is smaller than the minimum trust value, the access subject submits a manual auditing application file to the data sharing platform, and an administrator of the data sharing platform determines whether to grant access rights according to the manual auditing application file.

7. The 5G internet of things-based biomedical data sharing system according to claim 6, wherein the process of the continuous monitoring module acquiring the pre-planned monitoring item and the real-time monitoring item of the access subject granted the access right comprises:

obtaining a pre-plan of an access subject granted access rights, the pre-plan including a sensitivity level range of biomedical data in a biomedical data access initiated by the access subject, an access time period, an IP address of the access subject, and biomedical data request amounts of different sensitivity levels;

each index data in the pre-plan of the access subject to which the access right is granted is used as a pre-plan monitoring item in the access process of the access subject;

and acquiring access scene information in the access process of the access subject granted with the access permission, acquiring a real-time influence factor according to the access scene information, and taking the real-time influence factor as a real-time monitoring item in the access process of the access subject.

8. The biomedical data sharing system based on the 5G internet of things as set forth in claim 7, wherein the process of the continuous monitoring module obtaining the trust loss value of each index data of the pre-planned monitoring item under the current real-time monitoring item condition according to the history access record includes:

acquiring the abnormal times that all index data of the pre-plan monitoring item under different real-time influence factors do not accord with the corresponding threshold ranges according to the historical access records of a plurality of access subjects stored by a data storage module, wherein the trust value limit of the plurality of access subjects is reduced to zero, and acquiring the index weights of all index data of the pre-plan monitoring item under different real-time influence factors according to the abnormal times under the different real-time influence factors;

and acquiring trust loss values of all the index data of the pre-planned monitoring item under the current real-time monitoring item condition according to the index weights of all the index data of the pre-planned monitoring item under different real-time influence factors.

9. The biomedical data sharing system based on the 5G internet of things of claim 8, wherein the continuous monitoring module controls the whole access process according to the monitoring result of the pre-planned monitoring item comprises:

acquiring monitoring data of each index data in a pre-planned monitoring item, comparing the data monitoring with a threshold value of each index data corresponding to the pre-planned monitoring item, and acquiring an error value of each index data;

presetting an error threshold interval, judging whether the error value of each index data falls within the error threshold interval, and if so, proving that the access process of the current access subject accords with a pre-plan;

if the error value does not fall in the error threshold interval, acquiring index data of which the error value does not fall in the error threshold interval, and acquiring a trust loss value of the index data;

and acquiring a current access trust value of the access main body, updating the current access trust value of the access main body according to the current access trust value and the trust loss value of the index data of which the error value does not fall in the error threshold value interval, and immediately stopping the access process of the access main body when the current access trust value of the access main body is reduced to zero.