CN117786756B - Method and system for realizing safe sharing of user patient data based on skin database - Google Patents

Method and system for realizing safe sharing of user patient data based on skin database Download PDF

Info

Publication number
CN117786756B
CN117786756B CN202410199959.6A CN202410199959A CN117786756B CN 117786756 B CN117786756 B CN 117786756B CN 202410199959 A CN202410199959 A CN 202410199959A CN 117786756 B CN117786756 B CN 117786756B
Authority
CN
China
Prior art keywords
information
data
patient
request
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410199959.6A
Other languages
Chinese (zh)
Other versions
CN117786756A (en
Inventor
蒋献
刘绪
杜丹
张璐
陈思良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
West China Hospital of Sichuan University
Original Assignee
West China Hospital of Sichuan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by West China Hospital of Sichuan University filed Critical West China Hospital of Sichuan University
Priority to CN202410199959.6A priority Critical patent/CN117786756B/en
Publication of CN117786756A publication Critical patent/CN117786756A/en
Application granted granted Critical
Publication of CN117786756B publication Critical patent/CN117786756B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

The invention relates to the technical field of artificial intelligence, and provides a method and a system for realizing safe sharing of user patient data based on a skin database, wherein the method comprises the following steps: de-labeling the identity of the target patient; generating patient file information of the target patient according to the identification-removed identity information and the skin data, and constructing a patient file information tree; encrypting each archive information node in the patient archive information tree, extracting encryption keywords in the archive information encryption nodes, and generating a security information index according to the encryption keywords; generating a data request message according to the data sharing request, performing double verification on the data request message according to the security information index, and generating a sharing request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold value; and calculating a heterogeneous value of the sharing request ciphertext, and decrypting the sharing request ciphertext to obtain the sharing data of the user patient. The invention can improve the safety of user patient data sharing.

Description

Method and system for realizing safe sharing of user patient data based on skin database
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to a method and a system for realizing safe sharing of user patient data based on a skin database.
Background
With the rapid development of the medical industry and the continuous improvement of informatization degree, the safe sharing of user patient data becomes more and more critical, through sharing the regional medical files, patients can transfer between different medical institutions without gaps, doctors can better understand the health condition of the patients, more continuous and comprehensive medical services are provided, and the safety of the sharing process of the user patient data needs to be analyzed so as to ensure the safe sharing of the user patient data.
The existing safe sharing technology of user patient data is to encrypt the user patient data to ensure that only authorized personnel can access and share the data. In practical application, only the user patient data is encrypted, and data access of illegal users possibly exists, so that illegal leakage of the user patient data exists, and the security of the user patient data sharing is low.
Disclosure of Invention
The invention provides a method and a system for realizing safe sharing of user patient data based on a skin database, which mainly aim to solve the problem of lower safety when user patient data is shared.
In order to achieve the above object, the present invention provides a method for realizing secure sharing of user patient data based on a skin database, comprising:
S1, acquiring skin data of a target patient, and performing de-identification treatment on an identity of the target patient to obtain de-identification identity information;
S2, generating patient file information of the target patient according to the de-identification identity information and the skin data, and constructing a patient file information tree according to the patient file information and a preset time stamp;
S3, encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain archive information encryption nodes, extracting encryption keywords in the archive information encryption nodes, and generating a security information index of the archive information nodes according to the encryption keywords;
S4, generating a data request message according to a preset data sharing request, performing double verification on the data request message according to the security information index to obtain a verification logic value, and generating a sharing request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold value;
S5, calculating a heterogeneous value of the shared request ciphertext by using a preset heterogeneous algorithm, decrypting the shared request ciphertext according to the heterogeneous value and preset whole course tracking information to obtain user patient shared data corresponding to the data shared request, wherein the calculating the heterogeneous value of the shared request ciphertext by using the preset heterogeneous algorithm comprises the following steps:
S51, determining a data privacy value of the shared request ciphertext according to a preset data sensitivity degree;
s52, determining the distance constraint of the shared request ciphertext according to a preset load demand;
s53, calculating the heterogeneous value of the shared request ciphertext according to the data privacy value and the distance constraint by using a preset heterogeneous algorithm:
Wherein, For the heterogeneous value,/>For/>Tag value of individual shared request ciphertext,/>For sharing the amount of request ciphertext,/>For/>Distance constraint of individual shared request ciphertext,/>For sharing data area/>, corresponding to request ciphertextDistance constraint of/>For/>Data privacy value of individual shared request ciphertext,/>As a function of the minimum value.
Optionally, the performing de-identification processing on the identity of the target patient to obtain de-identification identity information includes:
Desensitizing the identity of the target patient to obtain anonymous identity information;
Generating an anonymous identity identifier of the target patient according to the anonymous identity information;
Building an identity mapping relation between the identity and the anonymous identity;
And generating de-identification identity information of the target patient according to the identity mapping relation.
Optionally, the generating patient profile information of the target patient according to the de-identification identity information and the skin data includes:
performing data integration on the skin data according to the de-identification identity information to obtain integrated skin data;
generating basic attributes of the target patient according to the de-identification identity information and the identity;
generating medical attributes of the target patient according to the integrated skin data;
and fusing the basic attribute and the medical attribute to obtain patient file information of the target patient.
Optionally, the constructing a patient profile information tree according to the patient profile information and a preset timestamp includes:
Taking a preset patient skin data pool center as a root node;
Taking a preset medical institution data pool as a child node of the root node;
Taking the patient archive information as an information node, and determining the association relation between the information node and the child node according to the organization identification of the patient archive information;
And associating the child nodes with the information nodes according to the association relation and the time stamp to generate a file information subtree, and returning to the step of taking the patient file information as the information node until all the patient file information is associated, so as to generate a patient file information tree.
Optionally, the encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain an archive information encryption node includes:
Calculating a hash value of each archive information node through a preset hash function;
extracting a archive information father node corresponding to the archive information node;
Encrypting the archive information node according to the hash value of the archive information node and the hash value of the archive information parent node by using the following associated hash algorithm to obtain an archive information encryption hash value:
Wherein, For/>File information encrypted hash value of individual file information node,/>For/>Hash value of individual archive information node,/>For/>Hash value of archive information father node corresponding to each archive information node,/>Is an exclusive or symbol;
And generating the archive information encryption node according to the archive information encryption hash value.
Optionally, the extracting the encryption keyword in the archive information encryption node includes:
Classifying the file information encryption nodes according to information attributes in the patient file information to obtain encryption node categories;
extracting patient keywords in the archive information encryption node according to the encryption node category;
generating an encryption private key of a target patient through a preset random function;
and encrypting the patient keyword according to the encryption private key to obtain an encryption keyword.
Optionally, the generating the security information index of the archive information node according to the encryption keyword includes:
generating a node encryption linked list of the archive information node according to the encryption keyword;
Generating an information index identifier of the archive information node according to the de-identifier identity information of the archive information node;
and associating the information index identifier with the node encryption linked list to obtain a security information index.
Optionally, the generating the data request message according to the preset data sharing request includes:
extracting a request hash value and request content of the data sharing request;
generating a sharing request signature according to the request hash value and the request content;
generating a data request message according to the request hash value, the request content and the sharing request signature, wherein the data request message is:
Wherein, For the data request message,/>Hash value for the request,/>In order for the requested content to be available,To hash a request/>And request content/>The encrypted sharing request is signed.
Optionally, the double verification is performed on the data request message according to the security information index to obtain a verification logic value, which includes:
Performing first re-verification on the shared request signature in the data request message to obtain a first re-verification logic value;
When the first re-verification logic value is equal to a preset logic threshold value, determining a request identity authority corresponding to the data request message according to the security information index;
generating a second re-verification logic value according to the request identity authority;
And multiplying the first re-verification logic value and the second re-verification logic value to obtain a verification logic value.
Optionally, the decrypting the shared request ciphertext according to the heterogeneous value and the preset whole course tracking information to obtain the user patient shared data corresponding to the data sharing request includes:
When the heterogeneous value is larger than a preset heterogeneous threshold value, extracting a key exchange protocol in preset whole-course tracking information;
determining a decryption key corresponding to the shared request ciphertext according to the key exchange protocol;
And decrypting the sharing request ciphertext according to the decryption key to obtain the sharing data of the user patient.
In order to solve the above-mentioned problems, the present invention also provides a system for realizing secure sharing of user patient data based on a skin database, the system comprising:
The de-identification processing module is used for acquiring skin data of a target patient, and performing de-identification processing on the identity of the target patient to obtain de-identification identity information;
the patient archive information tree construction module is used for generating patient archive information of the target patient according to the de-identification identity information and the skin data and constructing a patient archive information tree according to the patient archive information and a preset time stamp;
The system comprises a safety information index generation module, a file information encryption node and a file information index generation module, wherein the safety information index generation module is used for encrypting each file information node in the patient file information tree by utilizing a preset associated hash algorithm to obtain a file information encryption node, extracting encryption keywords in the file information encryption node and generating a safety information index of the file information node according to the encryption keywords;
The sharing request ciphertext generation module is used for generating a data request message according to a preset data sharing request, carrying out double verification on the data request message according to the security information index to obtain a verification logic value, and generating a sharing request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold value;
And the user patient shared data decryption module is used for calculating the heterogeneous value of the shared request ciphertext by utilizing a preset heterogeneous algorithm, and decrypting the shared request ciphertext according to the heterogeneous value and preset whole course tracking information to obtain the user patient shared data corresponding to the data sharing request.
The embodiment of the invention carries out de-identification treatment through the identity mark of the target patient, so that the privacy of the patient can be effectively protected, and the de-identification treatment separates the identity information from specific individuals, so that the data cannot be directly related to specific individuals; the encryption algorithm is utilized to encrypt the archive information node, so that the confidentiality of data can be ensured. Only the correct decryption key is provided for decrypting the shared request ciphertext, so that shared data of a patient is obtained, and the safety of the data is improved; the sharing authority of the data can be controlled by verifying the setting of the logic value and the logic threshold value; only if the preset condition is met, a sharing request ciphertext is generated, so that the validity and the authorization of the data are ensured; encrypting the patient file information tree by utilizing a hash algorithm, so that the integrity of data can be ensured; any tampering to the archive information node affects the calculation result of the hash value, so that the hash value is detected, and the credibility of the data is improved; the shared request ciphertext is decrypted through the whole course tracking information, so that the flow path of the source data can be tracked and traced, and support is provided for supervision and responsibility tracking of the data. Therefore, the method and the system for realizing safe sharing of the user patient data based on the skin database can solve the problem of lower safety when the user patient data is shared.
Drawings
FIG. 1 is a flowchart of a method for implementing secure sharing of user patient data based on a skin database according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a process for removing identity according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating an encryption archive information node according to an embodiment of the present invention;
FIG. 4 is a functional block diagram of a system for implementing secure sharing of user patient data based on a skin database according to an embodiment of the present invention;
the achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a method for realizing safe sharing of user patient data based on a skin database. The execution main body of the method for realizing the safe sharing of the user patient data based on the skin database comprises at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the method for realizing safe sharing of user patient data based on skin database may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a method for implementing secure sharing of user patient data based on a skin database according to an embodiment of the present invention is shown. In this embodiment, the method for implementing secure sharing of user patient data based on skin database includes:
s1, acquiring skin data of a target patient, and performing de-identification treatment on the identity of the target patient to obtain de-identification identity information.
In the embodiment of the invention, the skin data refers to a set of skin related data of a target patient based on a skin database, including skin type, skin problem, treatment scheme and the like, wherein the skin data of the target patient can be acquired from a pre-stored storage area through computer sentences (such as Java sentences, python sentences and the like) with a data grabbing function, and the storage area comprises but is not limited to a database and a blockchain.
Further, in order to protect the identity information of the target patient, reduce the risk of disclosure of personal identity information of the target patient, avoid misuse or illegal use of sensitive information, and require identification removal processing of the identity information of the target patient, so as to protect personal privacy of the target patient.
In the embodiment of the invention, the de-identification identity information refers to the identity information which replaces sensitive attributes and features in the original identity information and is anonymized, wherein the de-identification identity information only comprises a plurality of non-sensitive attributes, such as gender and age, and does not directly or indirectly reveal the personal identity.
In the embodiment of the present invention, referring to fig. 2, the performing de-identification processing on the identity of the target patient to obtain de-identification identity information includes:
s21, desensitizing the identity of the target patient to obtain anonymous identity information;
s22, generating an anonymous identity identifier of the target patient according to the anonymous identity information;
s23, constructing an identity mapping relation between the identity and the anonymous identity;
S24, generating de-identification identity information of the target patient according to the identity mapping relation.
In detail, the identity information of the target patient is subjected to desensitization treatment, such as using a general desensitization method (such as replacement, truncation, hash and the like), real identity information is converted into anonymous or disguised identity, such as replacing identity information (such as name, identification card number and the like) with anonymous or counterfeit identity, so that personal privacy is protected, for example, the original identity information of the target patient is name: thirdly, stretching; identification card number: 1234567890; telephone number: 13812345678, after desensitizing the original identity information, the obtained anonymous identity information is A1B2C3D4E5F6G7H8, namely, the name, the identity card number and the telephone number in the original identity information are removed or replaced by anonymous identity identification, so as to protect personal privacy.
Specifically, a unique random identifier is built according to the anonymous identity information and is used as an anonymous identity identifier of a target patient, so that the anonymous identity identifier can be used for distinguishing different anonymous identity information, and the anonymous identity identifier is used for replacing a real identity identifier so as to protect personal privacy but cannot be associated with original identity information; further, mapping is carried out on the original identity mark and the corresponding anonymous identity mark, so that a mapping relation between the original identity mark and the corresponding anonymous identity mark is established, and the mapping relation can be used for verifying and restoring anonymous identity information; according to the identity mapping relation, the anonymous identity information and the original identity information are restored to generate de-identification identity information of the target patient, so that insensitive attributes and features can be reserved.
Furthermore, patient file information of the target patient is constructed through the identification-removal identity information corresponding to the target patient, so that doctors can be helped to know the health condition and the requirement of the patient more comprehensively during patient data sharing, and the comprehensiveness of data during data sharing is improved.
S2, generating patient file information of the target patient according to the identification-removal identity information and the skin data, and constructing a patient file information tree according to the patient file information and a preset time stamp.
In the embodiment of the present invention, the patient profile information refers to recording personal health information, diagnosis and treatment history of a patient, and related data of medical services, such as personal information, medical record information, and medical service record.
In an embodiment of the present invention, the generating patient profile information of the target patient according to the de-identification identity information and the skin data includes:
performing data integration on the skin data according to the de-identification identity information to obtain integrated skin data;
generating basic attributes of the target patient according to the de-identification identity information and the identity;
generating medical attributes of the target patient according to the integrated skin data;
and fusing the basic attribute and the medical attribute to obtain patient file information of the target patient.
In detail, the skin data corresponding to the target patient is determined according to the identification-removal identity information, and further the skin data from different sources are summarized, such as medical record, medical images, laboratory detection results and the like, so that the skin data of the target patient is ensured to be correct; generating basic attributes according to the de-identification identity information and the identity of the target patient, wherein the basic attributes comprise the de-identification identity information of the target patientAge/>Sex/>Ethnicity/>Personal basic information such as height, weight, etc.
Specifically, by analysis of the skin data, a target patient skin condition description, such as dryness, itching pain, redness, etc., can be determined; the current skin condition of the target patient, such as lesion degree, inflammation degree, pain degree and the like, can be evaluated; a treatment record of the target patient may be determined, wherein the medical attribute includes a skin condition of the target patientSkin condition/>Skin treatment record/>And then the basic attribute and the medical attribute are subjected to attribute splicing to obtain the patient file information of the target patient, wherein the basic attribute is/>Medical attribute is/>Patient profile information is/>
Further, patient profile information of each target patient can be unified, follow-up data query is facilitated, patient data sharing efficiency is improved, safe encryption of patient profile information is achieved, and therefore a patient profile information tree needs to be built based on patient profile information of the target patient.
In the embodiment of the invention, the patient archive information tree is a hierarchical structure for organizing and integrating patient health information, can display personal health information, diagnosis and treatment history and other related data of a patient in a tree form, and provides comprehensive views and analysis through association relations among nodes.
In an embodiment of the present invention, the constructing a patient archive information tree according to the patient archive information and a preset timestamp includes:
Taking a preset patient skin data pool center as a root node;
Taking a preset medical institution data pool as a child node of the root node;
Taking the patient archive information as an information node, and determining the association relation between the information node and the child node according to the organization identification of the patient archive information;
And associating the child nodes with the information nodes according to the association relation and the time stamp to generate a file information subtree, and returning to the step of taking the patient file information as the information node until all the patient file information is associated, so as to generate a patient file information tree.
In detail, the data pool for storing all the patient skin data is taken as a root node of a patient archive information tree, different child nodes extend on the root node, the medical institution data pool is associated with the root node, and as the child nodes of the root node, the information of different medical institutions can be associated with the archive information of a patient, so that the follow-up inquiry and analysis are convenient; the child nodes of each medical institution can extend to different child nodes, namely, the archive information of each patient is used as a node and is associated with the medical institution data node, each patient archive information node comprises personal health information, diagnosis and treatment history and other related data of the patient, and according to the institution identification in the patient archive information, the information node is determined to be associated with which medical institution data node, so that the correct association between each patient archive information node and the medical institution data node can be ensured, for example, different hospitals are used as child nodes, each patient belongs to a certain hospital, the institution identification of the patient archive information is associated with the hospital institution identification, the medical institution to which each patient belongs can be determined, and the patient is associated with the medical institution, so that a patient archive information tree of different hospitals and different patients is formed.
Specifically, each sub-node is associated with a corresponding information node according to the sequence of the time stamps, the time point of each update and modification can be recorded through the association of the time stamps, the subsequent tracing and tracking are convenient, each patient archive information is gradually associated with the information node according to the association relation and the time stamps, and the sub-tree of the patient archive information is generated. Finally, all patient profile information is correlated to produce a complete patient profile information tree.
Illustratively, patient profile information ① and patient profile information ② are both affiliated with a medical facility, and if the timestamp of patient profile information ① and the timestamp of patient profile information ② are within a predetermined timestamp threshold (assuming a difference of 30 minutes), patient profile information ① and patient profile information ② are siblings, and if the timestamp of patient profile information ① is earlier than the timestamp of patient profile information ②, and the timestamp of patient profile information ① and the timestamp of patient profile information ② are not within a predetermined timestamp threshold, patient profile information ② is a child of patient profile information ①.
Furthermore, in order to ensure that sensitive health data of patients are not accessed or tampered by unauthorized persons when being subjected to data sharing, archive information nodes are required to be encrypted, and the encrypted nodes can only be decrypted through a correct secret key, so that the safety of the data is improved.
S3, encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain archive information encryption nodes, extracting encryption keywords in the archive information encryption nodes, and generating a security information index of the archive information nodes according to the encryption keywords.
In the embodiment of the present invention, the archive information encryption node encrypts each archive information content in the patient archive information tree to obtain an encrypted ciphertext of each archive information node.
In the embodiment of the present invention, referring to fig. 3, the encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain an archive information encryption node includes:
s31, calculating a hash value of each archive information node through a preset hash function;
S32, extracting a archive information father node corresponding to the archive information node;
s33, encrypting the archive information node according to the hash value of the archive information node and the hash value of the archive information parent node by using the following associated hash algorithm to obtain an archive information encryption hash value:
Wherein, For/>File information encrypted hash value of individual file information node,/>For/>Hash value of individual archive information node,/>For/>Hash value of archive information father node corresponding to each archive information node,/>Is an exclusive or symbol;
S34, generating the archive information encryption node according to the archive information encryption hash value.
In detail, binary conversion is performed on the corresponding archive information content in each archive information node, the hash value of the archive information content corresponding to each archive information node is calculated through a preset hash function, the hash function comprises, but is not limited to, MD5, SHA-1 and SHA-256, input data are converted into hash values with fixed lengths, further, according to the layout of a patient archive information tree, the archive information father node corresponding to each archive information node can be extracted, and accordingly the hash value of the archive information node and the hash value of the archive information father node are subjected to association operation, and the hash value corresponding to the current archive information node is obtained.
For example, when the archive information parent node corresponding to the archive information node ② is the archive information node ①, the hash value of the archive information node ① is F, and the hash value of the archive information node ② is G, performing exclusive or calculation on the hash value F and the binary number corresponding to the hash value G to obtain the binary number of the archive information content corresponding to the archive information node ②, and further determining the archive information encryption hash value according to the binary number, thereby determining the archive information node ② corresponding to the archive information encryption hash value as the archive information encryption node.
Specifically, the encryption information of each archive information node in the patient archive information tree mainly originates from the hash value of the parent node and the result obtained by calculating the hash value of the current node, and the encryption information of each archive information node is associated with the archive information parent node, so that the encryption information is difficult to tamper in data sharing.
Further, in order to effectively protect sensitive patient archive information from access or interpretation by unauthorized persons, only persons holding the correct decryption key words can decrypt and acquire the original archive information, and therefore, it is necessary to extract the encryption key words of each encryption information content in the archive information encryption node, thereby enhancing the security of data sharing.
In the embodiment of the invention, the encryption key word refers to characteristic words or passwords in the encrypted file information content in the file information encryption node, and is used for protecting and hiding sensitive information and converting original data into an unreadable form, so that the security of the data in the transmission, storage and processing processes is ensured.
In the embodiment of the present invention, the extracting the encryption keyword in the archive information encryption node includes:
Classifying the file information encryption nodes according to information attributes in the patient file information to obtain encryption node categories;
extracting patient keywords in the archive information encryption node according to the encryption node category;
generating an encryption private key of a target patient through a preset random function;
and encrypting the patient keyword according to the encryption private key to obtain an encryption keyword.
In detail, the information attribute in the patient file information comprises personal identity information, medical record information and medicine prescription information, file information content in each file information encryption node is classified according to the information attribute to obtain the personal identity information, medical record information and medicine prescription information corresponding to each target patient, for example, the encryption node types obtained after the file information content in the file information encryption node corresponding to the target patient A is classified are the personal identity information, the medical record information and the medicine prescription information, further, patient keywords in each file information encryption node are extracted according to each encryption node type, and keywords related to the type are extracted from each encryption node type, for example, the patient keywords in the personal identity information are identification card numbers and mobile phone numbers; the patient keywords in the medical record information are the disease types and the disease degrees; the patient keywords in the drug prescription information are drug names, so that individual patient keywords of each target patient are obtained.
Specifically, a random key of a target patient keyword is generated through a preset random function, the preset random function is used for generating a random number, the random number is used as a seed for generating an encryption private key, hash calculation is further carried out on the random number to obtain a hash value corresponding to the random number, the hash value is used as an encryption key corresponding to the patient keyword, the patient keyword is encrypted one by one according to the encryption key, namely binary data corresponding to the patient keyword is spliced with the encryption key, and the encryption key corresponding to the patient keyword is obtained.
Furthermore, the index generated by the encryption key words can better protect privacy and sensitive data of a patient, and only a requesting user who meets the requirements of the encryption key words can access and view the related data, so that risks of data leakage and abuse are effectively reduced, the access speed and the query efficiency of the data are further improved, required data can be rapidly positioned, and the time and resource waste for traversing the whole data set are avoided.
In the embodiment of the invention, the safety information index refers to an index for protecting the privacy of the medical data of a patient and improving the data sharing access efficiency of a user, and the data related to the medical data can be accessed and checked only by authorized personnel by encrypting the sensitive information in the medical data and generating a unique index.
In the embodiment of the present invention, the generating the security information index of the archive information node according to the encryption keyword includes:
generating a node encryption linked list of the archive information node according to the encryption keyword;
Generating an information index identifier of the archive information node according to the de-identifier identity information of the archive information node;
and associating the information index identifier with the node encryption linked list to obtain a security information index.
In detail, the archive information content corresponding to each archive information node is divided into a plurality of encryption keywords, e.g. the encryption keywords includeEach keyword is used as an independent node, so that each keyword corresponds to an encryption node, and the encryption nodes corresponding to all keywords are used for generating a node encryption linked list corresponding to each archive information node, such as/>, for exampleAnd further generating an index identifier of each node encryption linked list according to the de-identification identity information of each archive information node, if the de-identification identity information is A1B2C3D4E5F6G7H8, taking the first 5 numerical values A1B2C thereof as information index identifiers, and further associating the information index identifier of each archive information node with the node encryption linked list to obtain a security information index, wherein the security information index is { A1B2C: /(I)Information index identity and node encryption linked list are stored in a data structure so that matching data can be accessed and queried quickly.
Further, when patient data sharing is needed, a patient data sharing request needs to be acquired, so that the fact that a user needs to share patient data is obtained, and then a data request message is generated according to the data sharing request, so that the content and format of the data request can be better standardized and standardized, the privacy and safety of the data can be better protected, and only authorized personnel can access and view specific data, and therefore risks of data leakage and abuse are effectively reduced.
And S4, generating a data request message according to a preset data sharing request, performing double verification on the data request message according to the security information index to obtain a verification logic value, and generating a sharing request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold value.
In the embodiment of the present invention, the data request message refers to a data request for sharing patient data, and user patient data of a certain data owner is obtained.
In an embodiment of the present invention, the generating a data request message according to a preset data sharing request includes:
extracting a request hash value and request content of the data sharing request;
generating a sharing request signature according to the request hash value and the request content;
generating a data request message according to the request hash value, the request content and the sharing request signature, wherein the data request message is:
Wherein, For the data request message,/>Hash value for the request,/>In order for the requested content to be available,To hash a request/>And request content/>The encrypted sharing request is signed.
In detail, the data sharing request includes a request hash value and request sharing content, wherein the request hash value and request content of the data sharing request can be extracted by an Interceptor (Interceptor), and a hash algorithm, such as SHA-256, can be applied to the content of the data sharing request to obtain a unique and fixed-length hash value, and specific content in the data sharing request includes information of a requested data type, range, condition and the like as the request hash value.
Specifically, hash values are hashed according to requests through a preset signature algorithmRequest content/>Generating a sharing request signature, ensuring the integrity and authenticity of a data sharing request to prevent the request from being tampered, generating the sharing request signature through an RSA algorithm, firstly generating a pair of RSA keys comprising a private key and a public key, signing a request hash value and request content by using the RSA private key, encrypting the request hash value and the request content in the signing process, and generating a signature value/>Further request hash value/>Request content/>And sharing request signature/>And the data request messages are spliced together to form a data request message which can be transmitted to a data provider so that the data provider can verify the validity and the authenticity of the request and share corresponding user patient data according to the request.
Further, before user patient data is acquired based on the generated data request message, double verification of the data request information is required, so that malicious attackers can be prevented from forging or falsifying the data request information, the risk of data leakage is effectively reduced, only the verified requesters can access the data, and the possibility of sensitive data leakage is reduced.
In the embodiment of the invention, the verification logic value refers to a certificate which is passed by the data request message, and when the verification logic value is a preset logic threshold value, the verification is passed, so that the user patient data can be shared to the data requesting party.
In the embodiment of the present invention, the dual verification of the data request message according to the security information index to obtain a verification logic value includes:
Performing first re-verification on the shared request signature in the data request message to obtain a first re-verification logic value;
When the first re-verification logic value is equal to a preset logic threshold value, determining a request identity authority corresponding to the data request message according to the security information index;
generating a second re-verification logic value according to the request identity authority;
And multiplying the first re-verification logic value and the second re-verification logic value to obtain a verification logic value.
In detail, after receiving a request message of a data request party, a data owner firstly verifies whether a shared request signature in the data request message is legal, decrypts and verifies the shared request signature by using a corresponding verification algorithm (such as RSA) and a public key in an RSA key, verifies whether decrypted data is consistent with original data, and if the decrypted data passes verification, namely the signature is valid, obtains a first re-verification logic value of 1; otherwise, the first re-verification logic value is 0, the second re-verification is performed only when the first re-verification logic value is equal to the logic threshold value 1, and when the first re-verification logic value is equal to the logic threshold value 0, the verification is not passed, the data request message is intercepted, and the leakage of the user patient data is avoided.
Specifically, when the first re-verification logic value is equal to the logic threshold value 1, comparing the user corresponding to the data request message with the authorized user identity information in the security information index, determining whether the data sharing request user is an authorized user, if the data sharing request user is the authorized user in the security information index, determining that the user identity authority is the authorized user, further generating a second re-verification logic value, wherein the second re-verification logic value is a digital value 1, if the data sharing request user is not the authorized user in the security information index, determining that the user identity authority is an unauthorized user, the second re-verification logic value is a digital value 0, multiplying the first re-verification logic value and the second re-verification logic value to obtain a final verification logic value, if the verification logic value is the digital value 1, indicating that the data sharing request user passes the verification, and if the verification logic value is not the digital value 1, indicating that the data sharing request user fails the verification.
Further, when the verification logic value is a preset logic threshold value 1, a sharing request ciphertext corresponding to the data sharing request is generated, namely, an encryption keyword of the data sharing request is extracted, the sharing request ciphertext is obtained according to the encryption keyword, the encryption keyword and other necessary information (such as a request identifier, a timestamp and the like) are combined together to obtain the sharing request ciphertext, the generated sharing request ciphertext is returned to a requester, and the requester can use the ciphertext to access the shared data.
Furthermore, based on the different distribution and characteristics of the regional medical archive information data, the acquired shared request ciphertext needs to be subjected to heterogeneity analysis, so that the consistency of the shared request ciphertext is ensured, the validity of the shared request ciphertext can be verified when a receiver uses the shared request ciphertext, and the situation of counterfeiting or falsification is prevented.
S5, calculating a heterogeneous value of the sharing request ciphertext by using a preset heterogeneous algorithm, and decrypting the sharing request ciphertext according to the heterogeneous value and preset whole-course tracking information to obtain user patient sharing data corresponding to the data sharing request.
In the embodiment of the invention, the heterogeneous value is the degree of difference between the characteristics of the shared request ciphertext obtained from different medical institutions aiming at characteristic space heterogeneity and label distribution heterogeneity measurement, and the larger the heterogeneous value is, the larger the difference between the shared request ciphertext is, and the smaller the difference is.
In the embodiment of the present invention, the calculating the heterogeneous value of the shared request ciphertext by using a preset heterogeneous algorithm includes:
determining a data privacy value of the shared request ciphertext according to a preset data sensitivity degree;
determining the distance constraint of the shared request ciphertext according to a preset load demand;
Calculating the heterogeneous value of the shared request ciphertext according to the data privacy value and the distance constraint by using a preset heterogeneous algorithm:
Wherein, For the heterogeneous value,/>For/>Tag value of individual shared request ciphertext,/>For sharing the amount of request ciphertext,/>For/>Distance constraint of individual shared request ciphertext,/>For sharing data area/>, corresponding to request ciphertextDistance constraint of/>For/>Data privacy value of individual shared request ciphertext,/>As a function of the minimum value.
In detail, the data privacy value of the shared request ciphertext is determined according to the data sensitivity level, wherein the data sensitivity level comprises three sensitivity level levels, namely high sensitivity level, medium sensitivity level and low sensitivity level, content analysis is carried out based on the shared request ciphertext data, the types of sensitive information contained in the shared request ciphertext data are identified, such as personal identity information, health data and the like, a weight coefficient is allocated to each sensitive information type and used for measuring the influence degree of the sensitive information type on the data privacy, such as the personal identity information and the health data are probably considered to be most sensitive, a higher weight can be given, the data privacy value is calculated according to the data content and the weight coefficient, the weight of each sensitive information type is multiplied by the average value of the sensitivity level scores in the data in a weighted summation mode, and the final data privacy value is accumulated, wherein the sensitivity level is higher than the corresponding sensitivity level score is the final data privacy valueThe sensitivity level is a middle level and the corresponding sensitivity level score is/>The sensitivity level is low and the corresponding sensitivity level score isMultiplying the average value corresponding to the sensitivity degree score by the weight of the sensitive information type to obtain a data privacy value; the distance constraint is generally used for limiting the similarity or the difference between the ciphertext to meet specific requirements, and a proper distance measurement method is selected to calculate the distance between the ciphertext, such as Euclidean distance, manhattan distance, cosine similarity and the like, if the similarity between the ciphertext is required to be higher, a smaller distance threshold can be set; if the difference between the required ciphertexts is large, a large distance threshold can be set, the distance constraint is used as a condition, the ciphertexts are compared with other ciphertexts, and whether to share or accept the request is determined according to whether the distance meets the constraint condition.
Specifically, whether different shared request ciphertexts have heterogeneity may be determined in the heterogeneity algorithm, if the shared request ciphertexts ① are in the data area a and the shared request ciphertexts ② are in the data area B, it is necessary to calculate the distance constraint between the shared request ciphertexts ① and ②, the distance constraint between the shared request ciphertexts ① and the data area a, the distance constraint between the shared request ciphertexts ② and the tags of the shared request ciphertexts, respectivelyThe label value can be any value capable of distinguishing the shared request ciphertext, for example, the index number corresponding to the shared request ciphertext is converted into the corresponding value, for example, the letter is converted into the value, the value is also the value, and the corresponding value after the conversion of the index number is added to obtain the label/>, of the shared request ciphertextFor each data region/>Calculate its distance to the shared request ciphertext/>And the average of the distances to all other shared request ciphertexts,/>And correcting the heterogeneity among the shared request ciphertexts by the gradient update guide value to obtain the data heterogeneity of the shared request ciphertexts in different areas.
Further, the heterogeneity of the shared request ciphertext is calculated, after the consistency of the shared request ciphertext is ensured, the user patient data requested by the user is required to be sent to the requesting user, so that the sharing of the user patient data is realized, a decryption key is sent to the requesting user through the whole course tracking information of data sharing, and the safety of the whole course tracking information in the data sharing process is ensured.
In the embodiment of the present invention, the user patient sharing data refers to data requested by a user, for example, different medical institutions request to share medical data of the same patient, that is, medical data of a target patient.
In the embodiment of the present invention, the decrypting the shared request ciphertext according to the heterogeneous value and the preset whole course tracking information to obtain the shared data of the user patient corresponding to the data sharing request includes:
When the heterogeneous value is larger than a preset heterogeneous threshold value, extracting a key exchange protocol in preset whole-course tracking information;
determining a decryption key corresponding to the shared request ciphertext according to the key exchange protocol;
And decrypting the sharing request ciphertext according to the decryption key to obtain the sharing data of the user patient.
In detail, when the heterogeneous value is greater than a preset heterogeneous threshold, it indicates that there is consistency between the shared request ciphertexts, further, a secret key for decrypting the shared request ciphertexts is extracted from the whole-course tracking information, then an encryption and decryption secret key in the sharing process of the user patient is recorded in the whole-course tracking information, a user access record and the like are recorded, further, a secret key exchange protocol in the whole-course tracking information is extracted, then the secret key exchange protocol is used for negotiating secret keys between two communication parties, then the secret key exchange is performed between the data provider and the user requester, so that the data requester obtains a decryption secret key of the shared request ciphertexts, the shared request ciphertexts are decrypted according to the decryption secret key, the shared request ciphertexts are converted into plaintext, and the decrypted plaintext is the shared user patient data.
Further, by encrypting and decrypting the user patient data, the security in the data sharing process can be improved, and by analyzing the user patient shared data, the medical professional can obtain more comprehensive and accurate information, so that better medical decisions can be made.
The embodiment of the invention carries out de-identification treatment through the identity mark of the target patient, so that the privacy of the patient can be effectively protected, and the de-identification treatment separates the identity information from specific individuals, so that the data cannot be directly related to specific individuals; the encryption algorithm is utilized to encrypt the archive information node, so that the confidentiality of data can be ensured. Only the correct decryption key is provided for decrypting the shared request ciphertext, so that shared data of a patient is obtained, and the safety of the data is improved; the sharing authority of the data can be controlled by verifying the setting of the logic value and the logic threshold value; only if the preset condition is met, a sharing request ciphertext is generated, so that the validity and the authorization of the data are ensured; encrypting the patient file information tree by utilizing a hash algorithm, so that the integrity of data can be ensured; any tampering to the archive information node affects the calculation result of the hash value, so that the hash value is detected, and the credibility of the data is improved; the shared request ciphertext is decrypted through the whole course tracking information, so that the flow path of the source data can be tracked and traced, and support is provided for supervision and responsibility tracking of the data. Therefore, the method and the system for realizing safe sharing of the user patient data based on the skin database can solve the problem of lower safety when the user patient data is shared.
FIG. 4 is a functional block diagram of a system for implementing secure sharing of user patient data based on a skin database according to an embodiment of the present invention.
The skin database-based secure sharing system 100 for implementing user patient data according to the present invention may be installed in an electronic device. Depending on the functions implemented, the secure sharing system 100 for implementing user patient data based on skin database may include a de-identification processing module 101, a patient archive information tree construction module 102, a secure information index generation module 103, a shared request ciphertext generation module 104, and a user patient shared data decryption module 105. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the de-identification processing module 101 is configured to obtain skin data of a target patient, and perform de-identification processing on an identity of the target patient to obtain de-identification identity information;
the patient archive information tree construction module 102 is configured to generate patient archive information of the target patient according to the de-identification identity information and the skin data, and construct a patient archive information tree according to the patient archive information and a preset timestamp;
The security information index generating module 103 is configured to encrypt each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain an archive information encryption node, extract an encryption keyword in the archive information encryption node, and generate a security information index of the archive information node according to the encryption keyword;
The shared request ciphertext generating module 104 is configured to generate a data request message according to a preset data sharing request, perform double verification on the data request message according to the security information index to obtain a verification logic value, and generate a shared request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold;
The user patient shared data decryption module 105 is configured to calculate a heterogeneous value of the shared request ciphertext by using a preset heterogeneous algorithm, decrypt the shared request ciphertext according to the heterogeneous value and preset whole course tracking information, and obtain user patient shared data corresponding to the data shared request.
In detail, each module in the secure sharing system 100 for implementing user patient data based on skin database in the embodiment of the present invention adopts the same technical means as the secure sharing method for implementing user patient data based on skin database described in fig. 1 to 3, and can produce the same technical effects, which are not described herein.
In the several embodiments provided by the present invention, it should be understood that the disclosed systems and methods may be implemented in other ways. For example, the system embodiments described above are merely illustrative, e.g., the division of the modules is merely a logical function division, and other manners of division may be implemented in practice.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the foregoing description, and all changes which come within the meaning and range of equivalency of the scope of the invention are therefore intended to be embraced therein.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Wherein artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) is the theory, method, technique, and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend, and expand human intelligence, sense the environment, acquire knowledge, and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. Multiple units or systems set forth in the system embodiments may also be implemented by one unit or system in software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (4)

1. A method for implementing secure sharing of user patient data based on a skin database, the method comprising:
S1, acquiring skin data of a target patient, and performing de-identification treatment on an identity of the target patient to obtain de-identification identity information;
S2, generating patient file information of the target patient according to the de-identification identity information and the skin data, and constructing a patient file information tree according to the patient file information and a preset time stamp;
S3, encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain archive information encryption nodes, extracting encryption keywords in the archive information encryption nodes, and generating a security information index of the archive information nodes according to the encryption keywords;
S4, generating a data request message according to a preset data sharing request, performing double verification on the data request message according to the security information index to obtain a verification logic value, and generating a sharing request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold value;
S5, calculating a heterogeneous value of the shared request ciphertext by using a preset heterogeneous algorithm, decrypting the shared request ciphertext according to the heterogeneous value and preset whole course tracking information to obtain user patient shared data corresponding to the data shared request, wherein the calculating the heterogeneous value of the shared request ciphertext by using the preset heterogeneous algorithm comprises the following steps:
S51, determining a data privacy value of the shared request ciphertext according to a preset data sensitivity degree;
s52, determining the distance constraint of the shared request ciphertext according to a preset load demand;
s53, calculating the heterogeneous value of the shared request ciphertext according to the data privacy value and the distance constraint by using a preset heterogeneous algorithm:
Wherein, For the heterogeneous value,/>For/>Tag value of individual shared request ciphertext,/>For sharing the amount of request ciphertext,/>For/>Distance constraint of individual shared request ciphertext,/>For sharing data area/>, corresponding to request ciphertextDistance constraint of/>For/>Data privacy value of individual shared request ciphertext,/>As a function of the minimum value;
the constructing a patient archive information tree according to the patient archive information and a preset time stamp comprises the following steps:
Taking a preset patient skin data pool center as a root node;
Taking a preset medical institution data pool as a child node of the root node;
Taking the patient archive information as an information node, and determining the association relation between the information node and the child node according to the organization identification of the patient archive information;
According to the association relation and the timestamp, associating the child node with the information node to generate a file information subtree, and returning to the step of taking the patient file information as the information node until all the patient file information is associated, and generating a patient file information tree;
Encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain an archive information encryption node, wherein the method comprises the following steps:
Calculating a hash value of each archive information node through a preset hash function;
extracting a archive information father node corresponding to the archive information node;
Encrypting the archive information node according to the hash value of the archive information node and the hash value of the archive information parent node by using the following associated hash algorithm to obtain an archive information encryption hash value:
Wherein, For/>File information encrypted hash value of individual file information node,/>For/>Hash value of individual archive information node,/>For/>Hash value of archive information father node corresponding to each archive information node,/>Is an exclusive or symbol;
generating a file information encryption node according to the file information encryption hash value;
the extracting the encryption key words in the archive information encryption node comprises the following steps:
Classifying the file information encryption nodes according to information attributes in the patient file information to obtain encryption node categories;
extracting patient keywords in the archive information encryption node according to the encryption node category;
generating an encryption private key of a target patient through a preset random function;
Encrypting the patient keywords according to the encryption private key to obtain encrypted keywords;
The generating the security information index of the archive information node according to the encryption key word comprises the following steps:
generating a node encryption linked list of the archive information node according to the encryption keyword;
Generating an information index identifier of the archive information node according to the de-identifier identity information of the archive information node;
associating the information index identifier with the node encryption linked list to obtain a security information index;
the generating a data request message according to a preset data sharing request includes:
extracting a request hash value and request content of the data sharing request;
generating a sharing request signature according to the request hash value and the request content;
generating a data request message according to the request hash value, the request content and the sharing request signature, wherein the data request message is:
Wherein, For the data request message,/>Hash value for the request,/>For the request content,/>To hash a request/>And request content/>The encrypted sharing request signature;
the double verification of the data request message according to the security information index is performed to obtain a verification logic value, which comprises the following steps:
Performing first re-verification on the shared request signature in the data request message to obtain a first re-verification logic value;
When the first re-verification logic value is equal to a preset logic threshold value, determining a request identity authority corresponding to the data request message according to the security information index;
generating a second re-verification logic value according to the request identity authority;
Multiplying the first re-verification logic value and the second re-verification logic value to obtain a verification logic value;
decrypting the sharing request ciphertext according to the heterogeneous value and the preset whole course tracking information to obtain user patient sharing data corresponding to the data sharing request, wherein the method comprises the following steps:
When the heterogeneous value is larger than a preset heterogeneous threshold value, extracting a key exchange protocol in preset whole-course tracking information;
determining a decryption key corresponding to the shared request ciphertext according to the key exchange protocol;
And decrypting the sharing request ciphertext according to the decryption key to obtain the sharing data of the user patient.
2. The method for realizing safe sharing of user patient data based on skin database according to claim 1, wherein the step of performing de-identification processing on the identity of the target patient to obtain de-identification identity information comprises the steps of:
Desensitizing the identity of the target patient to obtain anonymous identity information;
Generating an anonymous identity identifier of the target patient according to the anonymous identity information;
Building an identity mapping relation between the identity and the anonymous identity;
And generating de-identification identity information of the target patient according to the identity mapping relation.
3. The method for securely sharing user patient data based on skin database according to claim 1, wherein said generating patient profile information of said target patient from said de-identification identity information and said skin data comprises:
performing data integration on the skin data according to the de-identification identity information to obtain integrated skin data;
generating basic attributes of the target patient according to the de-identification identity information and the identity;
generating medical attributes of the target patient according to the integrated skin data;
and fusing the basic attribute and the medical attribute to obtain patient file information of the target patient.
4. A system for enabling secure sharing of user patient data based on a skin database, the system comprising:
The de-identification processing module is used for acquiring skin data of a target patient, and performing de-identification processing on the identity of the target patient to obtain de-identification identity information;
the patient archive information tree construction module is used for generating patient archive information of the target patient according to the de-identification identity information and the skin data and constructing a patient archive information tree according to the patient archive information and a preset time stamp;
The system comprises a safety information index generation module, a file information encryption node and a file information index generation module, wherein the safety information index generation module is used for encrypting each file information node in the patient file information tree by utilizing a preset associated hash algorithm to obtain a file information encryption node, extracting encryption keywords in the file information encryption node and generating a safety information index of the file information node according to the encryption keywords;
The sharing request ciphertext generation module is used for generating a data request message according to a preset data sharing request, carrying out double verification on the data request message according to the security information index to obtain a verification logic value, and generating a sharing request ciphertext corresponding to the data sharing request when the verification logic value is a preset logic threshold value;
The user patient shared data decryption module is configured to calculate a heterogeneous value of the shared request ciphertext by using a preset heterogeneous algorithm, decrypt the shared request ciphertext according to the heterogeneous value and preset whole course tracking information, and obtain user patient shared data corresponding to the data shared request, where the calculating the heterogeneous value of the shared request ciphertext by using the preset heterogeneous algorithm includes: determining a data privacy value of the shared request ciphertext according to a preset data sensitivity degree; determining the distance constraint of the shared request ciphertext according to a preset load demand; calculating the heterogeneous value of the shared request ciphertext according to the data privacy value and the distance constraint by using a preset heterogeneous algorithm:
Wherein, For the heterogeneous value,/>For/>Tag value of individual shared request ciphertext,/>For sharing the amount of request ciphertext,/>For/>Distance constraint of individual shared request ciphertext,/>For sharing data area/>, corresponding to request ciphertextDistance constraint of/>For/>Data privacy value of individual shared request ciphertext,/>As a function of the minimum value;
the constructing a patient archive information tree according to the patient archive information and a preset time stamp comprises the following steps:
Taking a preset patient skin data pool center as a root node;
Taking a preset medical institution data pool as a child node of the root node;
Taking the patient archive information as an information node, and determining the association relation between the information node and the child node according to the organization identification of the patient archive information;
According to the association relation and the timestamp, associating the child node with the information node to generate a file information subtree, and returning to the step of taking the patient file information as the information node until all the patient file information is associated, and generating a patient file information tree;
Encrypting each archive information node in the patient archive information tree by using a preset associated hash algorithm to obtain an archive information encryption node, wherein the method comprises the following steps:
Calculating a hash value of each archive information node through a preset hash function;
extracting a archive information father node corresponding to the archive information node;
Encrypting the archive information node according to the hash value of the archive information node and the hash value of the archive information parent node by using the following associated hash algorithm to obtain an archive information encryption hash value:
Wherein, For/>File information encrypted hash value of individual file information node,/>For/>Hash value of individual archive information node,/>For/>Hash value of archive information father node corresponding to each archive information node,/>Is an exclusive or symbol;
generating a file information encryption node according to the file information encryption hash value;
the extracting the encryption key words in the archive information encryption node comprises the following steps:
Classifying the file information encryption nodes according to information attributes in the patient file information to obtain encryption node categories;
extracting patient keywords in the archive information encryption node according to the encryption node category;
generating an encryption private key of a target patient through a preset random function;
Encrypting the patient keywords according to the encryption private key to obtain encrypted keywords;
The generating the security information index of the archive information node according to the encryption key word comprises the following steps:
generating a node encryption linked list of the archive information node according to the encryption keyword;
Generating an information index identifier of the archive information node according to the de-identifier identity information of the archive information node;
associating the information index identifier with the node encryption linked list to obtain a security information index;
the generating a data request message according to a preset data sharing request includes:
extracting a request hash value and request content of the data sharing request;
generating a sharing request signature according to the request hash value and the request content;
generating a data request message according to the request hash value, the request content and the sharing request signature, wherein the data request message is:
Wherein, For the data request message,/>Hash value for the request,/>For the request content,/>To hash a request/>And request content/>The encrypted sharing request signature;
the double verification of the data request message according to the security information index is performed to obtain a verification logic value, which comprises the following steps:
Performing first re-verification on the shared request signature in the data request message to obtain a first re-verification logic value;
When the first re-verification logic value is equal to a preset logic threshold value, determining a request identity authority corresponding to the data request message according to the security information index;
generating a second re-verification logic value according to the request identity authority;
Multiplying the first re-verification logic value and the second re-verification logic value to obtain a verification logic value;
decrypting the sharing request ciphertext according to the heterogeneous value and the preset whole course tracking information to obtain user patient sharing data corresponding to the data sharing request, wherein the method comprises the following steps:
When the heterogeneous value is larger than a preset heterogeneous threshold value, extracting a key exchange protocol in preset whole-course tracking information;
determining a decryption key corresponding to the shared request ciphertext according to the key exchange protocol;
And decrypting the sharing request ciphertext according to the decryption key to obtain the sharing data of the user patient.
CN202410199959.6A 2024-02-23 2024-02-23 Method and system for realizing safe sharing of user patient data based on skin database Active CN117786756B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410199959.6A CN117786756B (en) 2024-02-23 2024-02-23 Method and system for realizing safe sharing of user patient data based on skin database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410199959.6A CN117786756B (en) 2024-02-23 2024-02-23 Method and system for realizing safe sharing of user patient data based on skin database

Publications (2)

Publication Number Publication Date
CN117786756A CN117786756A (en) 2024-03-29
CN117786756B true CN117786756B (en) 2024-05-14

Family

ID=90392819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410199959.6A Active CN117786756B (en) 2024-02-23 2024-02-23 Method and system for realizing safe sharing of user patient data based on skin database

Country Status (1)

Country Link
CN (1) CN117786756B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7158871B1 (en) * 1998-05-07 2007-01-02 Art - Advanced Recognition Technologies Ltd. Handwritten and voice control of vehicle components
CN109492358A (en) * 2018-09-25 2019-03-19 国网浙江省电力有限公司信息通信分公司 A kind of open interface uniform authentication method
CN112272092A (en) * 2020-08-30 2021-01-26 河南大学 Data editing method applied to block chain
CN112800249A (en) * 2021-02-01 2021-05-14 南京理工大学 Fine-grained cross-media retrieval method based on generation of countermeasure network
CN112836225A (en) * 2021-02-08 2021-05-25 西安邮电大学 Electronic medical record sharing method based on block chain
CN114026823A (en) * 2019-04-29 2022-02-08 麦迪瑟斯达道斯德萨乌德股份公司 Computer system for processing anonymous data and method of operation thereof
CN114048501A (en) * 2021-10-14 2022-02-15 中国银联股份有限公司 Data desensitization method, federal learning method and system
CN114826736A (en) * 2022-04-26 2022-07-29 平安普惠企业管理有限公司 Information sharing method, device, equipment and storage medium
CN114884747A (en) * 2022-06-16 2022-08-09 华北电力大学(保定) Energy transaction data sharing system and method based on cloud chain fusion
CN115065679A (en) * 2022-06-02 2022-09-16 湖南天河国云科技有限公司 Block chain based electronic health profile sharing model, method, system, and medium
CN115329177A (en) * 2022-08-19 2022-11-11 阿里巴巴(中国)有限公司 Data processing method, device, storage medium and program product
CN116720218A (en) * 2023-06-13 2023-09-08 北京两江科技有限公司 Cross-system account sharing service method and system based on block chain
CN117454440A (en) * 2023-09-05 2024-01-26 山西晋普达电子科技有限公司 Technology archive authentication method and intelligent management system based on traceable digital signature technology

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080104402A1 (en) * 2006-09-28 2008-05-01 Shay Gueron Countermeasure against fault-based attack on RSA signature verification
US10229270B2 (en) * 2016-12-23 2019-03-12 Amazon Technologies, Inc. Host attestation
US11416621B2 (en) * 2020-06-18 2022-08-16 Micron Technology, Inc. Authenticating software images

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7158871B1 (en) * 1998-05-07 2007-01-02 Art - Advanced Recognition Technologies Ltd. Handwritten and voice control of vehicle components
CN109492358A (en) * 2018-09-25 2019-03-19 国网浙江省电力有限公司信息通信分公司 A kind of open interface uniform authentication method
CN114026823A (en) * 2019-04-29 2022-02-08 麦迪瑟斯达道斯德萨乌德股份公司 Computer system for processing anonymous data and method of operation thereof
CN112272092A (en) * 2020-08-30 2021-01-26 河南大学 Data editing method applied to block chain
CN112800249A (en) * 2021-02-01 2021-05-14 南京理工大学 Fine-grained cross-media retrieval method based on generation of countermeasure network
CN112836225A (en) * 2021-02-08 2021-05-25 西安邮电大学 Electronic medical record sharing method based on block chain
CN114048501A (en) * 2021-10-14 2022-02-15 中国银联股份有限公司 Data desensitization method, federal learning method and system
CN114826736A (en) * 2022-04-26 2022-07-29 平安普惠企业管理有限公司 Information sharing method, device, equipment and storage medium
CN115065679A (en) * 2022-06-02 2022-09-16 湖南天河国云科技有限公司 Block chain based electronic health profile sharing model, method, system, and medium
CN114884747A (en) * 2022-06-16 2022-08-09 华北电力大学(保定) Energy transaction data sharing system and method based on cloud chain fusion
CN115329177A (en) * 2022-08-19 2022-11-11 阿里巴巴(中国)有限公司 Data processing method, device, storage medium and program product
CN116720218A (en) * 2023-06-13 2023-09-08 北京两江科技有限公司 Cross-system account sharing service method and system based on block chain
CN117454440A (en) * 2023-09-05 2024-01-26 山西晋普达电子科技有限公司 Technology archive authentication method and intelligent management system based on traceable digital signature technology

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A secure searchable encryption scheme for cloud using hash-based indexing;Nitish Andola;《Journal of Computer and System Sciences》;20220630;第126卷;119-137 *
Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing;S. Chenthara;《IEEE Access》;20191231;第7卷;74361-74382 *
基于云计算技术的区域医疗档案信息数据安全共享方法;邱琳;《电脑知识与技术》;20231031;第19卷(第32期);72-74 *

Also Published As

Publication number Publication date
CN117786756A (en) 2024-03-29

Similar Documents

Publication Publication Date Title
Shen et al. Privacy-preserving image retrieval for medical IoT systems: A blockchain-based approach
CN109326337B (en) Model and method for storing and sharing electronic medical record based on block chain
CN111727594B (en) System and method for privacy management using digital ledgers
US7571472B2 (en) Methods and apparatus for credential validation
Ying et al. A lightweight policy preserving EHR sharing scheme in the cloud
US20210266170A1 (en) System and method of trustless confidential positive identification and de-anonymization of data using blockchain
Reen et al. Decentralized patient centric e-health record management system using blockchain and IPFS
CN112530531B (en) Electronic medical record storage and sharing method based on double-block chain
US9698974B2 (en) Method for creating asymmetrical cryptographic key pairs
CN111881481B (en) Medical data processing method, device, equipment and storage medium based on blockchain
CN114026823A (en) Computer system for processing anonymous data and method of operation thereof
CN112951356B (en) Cross-modal medical data joint sharing method based on alliance chain
Pedrosa et al. A pseudonymisation protocol with implicit and explicit consent routes for health records in federated ledgers
CN112398920A (en) Medical privacy data protection method based on block chain technology
CN114579998A (en) Block chain assisted medical big data search mechanism and privacy protection method
Kaur et al. Attribute-based access control scheme for secure storage and sharing of EHRs using blockchain and IPFS
Wang et al. Health data security sharing method based on hybrid blockchain
CN117786756B (en) Method and system for realizing safe sharing of user patient data based on skin database
CN116401718A (en) Block chain-based data protection method and device, electronic equipment and storage medium
Mahapatra et al. A secure health management framework with anti-fraud healthcare insurance using blockchain
Li et al. Privacy protection for medical image management based on blockchain
Zhao et al. Feasibility study on security deduplication of medical cloud privacy data
Hakim et al. Blockchain for Secure Medical Records Storage and Medical Service Framework using SHA 256–Verifiable Key
CN116308434B (en) Insurance fraud identification method and system
Arul et al. Hyperledger blockchain based secure storage of electronic health record system in edge nodes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant