KR102275657B1 - Medical data service management device and management method of medical data using block chain - Google Patents

Abstract

The medical data service management apparatus for securing the reliability of personal consent information for medical data according to the present invention stores the user's personal consent information for the user's medical data, and matches the received personal consent information with the medical data and an interface control module for controlling movement and utilization of the medical data with a medical institution or a utilization institution based on the personal consent information matched with the personal consent information.

Description

Medical data service management device using block chain and medical data management method using the same {MEDICAL DATA SERVICE MANAGEMENT DEVICE AND MANAGEMENT METHOD OF MEDICAL DATA USING BLOCK CHAIN}

The present invention relates to a medical data service management apparatus for securing the reliability of personal consent information for medical data using a block chain and a medical data management method using the same.

Due to the development of smart health technology and the increase in demand for health, the recent health care industry is expanding its scope of application to health management and disease prediction as well as disease treatment. In addition, individuals are active in daily health care and health management, effectively manage the acquired health information, and have a higher interest in customized precision medical care and health management services.

In addition, large-scale health care and health management big data is being produced, and the development of technology to analyze big data and creative business models using it are leading new innovation. In the future, it is expected that various consulting services related to disease prevention and health management will be provided through the use of wearable IoT devices, genome analysis, and artificial intelligence.

However, most of the recent health and medical big data platform construction and utilization is being promoted by providers (medical institutions, government, etc.), and it is mainly used for precision treatment and medical research. And, although the big data held by the government (eg, the National Health Insurance Corporation) is open to the private sector to a limited extent, the effect of utilization is still insufficient.

In addition, the big data business led by private medical institutions is expected to take a considerable amount of time and high cost to develop into a general-purpose commercial platform because it has to undergo data and technology standardization as well as the conversion process to the existing system. And, regarding health and medical data, regulations related to the Personal Information Protection Act are very strict worldwide, and in particular, under the existing provider-centered system, there is a fundamental problem that there are many difficulties in the universal use of big data.

In order to solve the problems of the current medical health management system centered on such providers, it is necessary to build a new type of consumer-oriented health care ecosystem.
Also, as a prior art document related to the present invention, which will be described later, 'Blockchain and artificial intelligence-based personalized health care system and block chain and artificial intelligence using the same' of Korean Patent Publication No. 10-1964733 (published on April 2, 2019) There is a method of providing personalized health care services based on

Matters described in this background section are prepared to enhance understanding of the background of the invention, and may include matters that are not already known to those of ordinary skill in the art to which this technology belongs.

The present invention is to improve the security of medical data and to propose a medical data management system and a medical data management method using the block chain that can build a security management system for the safe movement and utilization of medical data.

In addition, the present invention intends to propose a medical data management system and a medical data management method using the block chain that can build a consumer-oriented health management ecosystem by improving security for the movement and transaction of medical data.

In addition, the present invention intends to propose a medical data management system and a medical data management method using the block chain that can secure the reliability of the original authentication and build a security management system for the safe movement and utilization of medical data.

In addition, the present invention intends to propose a medical data management system and a medical data management method using the block chain that can secure the reliability and transparency of medical data transactions through the establishment of a security management system for the movement and transaction of medical data. .

In addition, the present invention provides a medical data management system using a block chain that can provide personalized services by facilitating practical health promotion activities by recycling medical data for health promotion, and convenient use of various health management services, and We would like to propose a method for managing medical data using

The medical data service management device using the block chain of the present invention includes a personal consent information management module that stores the user's personal consent information for the user's medical data, and manages the received personal consent information by matching it with the medical data; and an interface control module for controlling movement and utilization of the medical data with a medical institution or a utilization institution based on the personal consent information matched with the medical data.

The personal consent information management module may include a data matching unit that matches the personal consent information for each medical data type so that the original medical data can be authenticated, medical data moved, and medical data transaction is possible for each unit of the personal consent information.

It may further include a block chain management module that stores the hash value of the personal consent information in the block chain, and receives and manages the personal consent information storage ID from the block chain.

The block chain management module receives the first personal consent information from the medical institution data relay device so that the medical institution data relay device can download medical data to the user terminal, and blocks the hash value of the first personal consent information After being stored in the chain, the first personal consent information storage ID for the first personal consent information may be issued and provided to the medical institution data relay device.

The block chain management module receives the second personal consent information for uploading medical data from the user terminal, stores the hash value of the second personal consent information in the block chain, and receives the second personal consent information for the second personal consent information A personal consent information storage ID may be issued and provided to the medical institution data relay device.

The block chain management module may further include a service usage history management unit for storing hash values for the usage details of medical data and health-related services by the utilization institution in the block chain.

The medical data management method using the block chain of the present invention comprises the steps of receiving first personal consent information of a user regarding consent to download medical data from a user terminal, storing the first personal consent information in the block chain, and then storing the first personal consent information in the block chain. receiving a first personal consent information storage ID from a chain; and transmitting the first personal consent information storage ID to a requesting device; and the medical data downloaded from the requesting device based on the first personal consent information storage ID and receiving the download history of

The medical data may be managed by matching the unit of personal consent information by the user.

Receiving the user's second personal consent information for consent to upload medical data, and storing the second personal consent information for consent to upload medical data in a block chain, based on the second personal consent information The method may further include uploading medical data.

The uploading may include uploading re-encrypted medical data from the user terminal.

The method may further include receiving the medical data usage history and health-related service usage history of the utilization institution, and storing hash values for the received medical data usage history and health-related service usage history in the block chain.

According to the present invention, the security of medical data is improved by encrypting the attribute value of medical data through a digital signature to generate an original authentication ciphertext, and performing the original authentication of the medical data using the original authentication ciphertext. It provides an environment in which to build a security management system for safe movement and utilization.

In addition, the present invention generates an original authentication ciphertext of medical data using a medical institution private key, and manages to decrypt the original authentication ciphertext and perform original authentication of medical data only when the utilizing institution is provided with the corresponding medical institution public key, It improves the security of medical data and provides an environment in which to build a consumer-oriented health care ecosystem.

In addition, the present invention improves the security of the movement and transaction of medical data by the user terminal re-encrypts the decrypted medical data using the user symmetric key and delivers it to the medical data service management device, and creates a consumer-oriented health care ecosystem. It provides an environment in which to build.

In addition, the present invention generates a symmetric key cipher text by encrypting the user symmetric key with the public key of the utilization institution, and decrypts the medical data cipher text by extracting the user symmetric key from the symmetric key cipher text with the symmetric key cipher text with the utilization institution private key. It provides an environment in which to build a consumer-oriented health care ecosystem by improving security for health care providers.

In addition, the present invention decrypts the original authentication ciphertext using the medical institution public key to extract the original authentication hash value, calculates the medical data hash value from the decrypted medical data source, and compares the original authentication hash value and the medical data hash value. By performing the original authentication of the decrypted medical data original, it provides an environment in which the reliability of the original authentication can be secured and a security management system for safe movement and utilization of medical data can be established.

In addition, the present invention stores various security keys such as a public key of a medical institution and a public key of a utilization institution in the block chain, manages the storage ID of the corresponding security key, and requests the security key for encryption and decryption of medical data. By querying and providing the security key stored in the block chain using the key's storage ID, it provides an environment in which to build a security management system for the safe movement and utilization of medical data.

In addition, the present invention secures the reliability of the user's personal consent by storing the user's personal consent details and personal consent information for the download and upload of medical data, etc. in the block chain, and increases the reliability of the movement and transaction of medical data. It provides an environment that can build a consumer-oriented health care ecosystem.

In addition, by storing the user's personal consent information related to the movement and utilization of medical data in the block chain and managing the personal consent information storage ID, the user's personal consent details for medical data can be reliably managed, and the medical data It provides an environment to secure the reliability and transparency of medical data transactions by improving the reliability of movement and transactions.

In addition, the present invention improves the reliability and transparency of medical data transactions by performing original authentication of medical data for each user's individual consent unit or controlling the transfer and management of medical data, thereby improving the reliability of medical data movement and transactions. It provides an environment to secure

In addition, the present invention classifies types of medical data, manages them separately by data type, and manages various types of medical data by applying and managing individual consent procedures for each data type, effectively managing various types of medical data, and It provides an environment that can improve reliability.

In addition, the present invention effectively verifies the service usage history of medical data, secures the reliability of the verification of the service usage history, and the user by storing the hash value of the service usage history for the medical data of the utilization institution in the block chain. Provides an environment in which patients can effectively understand and manage their own medical data history.

In addition, the present invention provides personal medical data to a utilization institution and provides various application services to individuals who are the subject of medical data through original authentication, thereby facilitating practical health promotion activities by recycling medical data to health promotion, It provides an environment in which a variety of health care services can be conveniently used to provide personalized services.

In addition, the present invention provides an environment in which an ecosystem can be built to safely utilize the necessary data to companies that want to provide an individual optimized health care service based on industrially legal personal medical data.

The effects of the present invention are not limited to the above-mentioned effects, and the effects not mentioned will be clearly understood by those of ordinary skill in the art to which the present invention belongs from the present specification and the accompanying drawings.

1 is a block diagram schematically illustrating a medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention.
2 is a flowchart schematically illustrating a process of a medical data original authentication method for performing original authentication by encrypting medical data and decrypting encrypted medical data according to an embodiment of the present invention.
3 is a block diagram schematically illustrating a medical institution data relay device for receiving and encrypting medical data from a medical institution according to an embodiment of the present invention.
4 is a flowchart schematically illustrating a process in which a medical institution data relay device generates an original authentication cipher text and a medical data cipher text and downloads it to a user terminal according to an embodiment of the present invention.
5 is a diagram illustrating an example in which a medical institution data relay device encrypts health examination data or prescription data and generates an original authentication cipher text according to an embodiment of the present invention.
6 is a diagram schematically illustrating a process in which a medical institution data relay device encrypts medical data using a medical institution symmetric key and downloads it to a user terminal according to another embodiment of the present invention.
7 is a block diagram schematically illustrating a user terminal in which a user application for receiving and reading medical data is installed according to an embodiment of the present invention.
8 is a flowchart schematically illustrating a process of downloading medical data from a user terminal, decoding the medical data, and reading the medical data according to an embodiment of the present invention.
9 is a flowchart schematically illustrating a process of encrypting and uploading medical data and a symmetric key according to an embodiment of the present invention.
10 is a diagram illustrating an example of encrypting and uploading health checkup data in a user terminal according to an embodiment of the present invention.
11 is a flowchart schematically illustrating a process of encrypting and uploading medical data and a symmetric key according to another embodiment of the present invention.
12 is a diagram illustrating an example of encrypting and uploading health checkup data in a user terminal according to another embodiment of the present invention.
13 is a block diagram schematically illustrating a medical data service management apparatus according to an embodiment of the present invention.
14 is a flowchart schematically illustrating a process in which the medical data service management apparatus groups and transmits encrypted medical data and an encrypted key value according to an embodiment of the present invention.
15 is a diagram illustrating an example of transmitting health checkup data from a medical data service management apparatus according to an embodiment of the present invention.
16 is a flowchart schematically illustrating a process in which the medical data service management apparatus groups and transmits encrypted medical data and an encrypted key value according to another embodiment of the present invention.
17 is a diagram illustrating an example of transmitting health checkup data from a medical data service management apparatus according to another embodiment of the present invention.
18 is a block diagram schematically illustrating an apparatus for utilizing medical data that utilizes medical data according to an embodiment of the present invention.
19 is a flowchart schematically illustrating a process in which the medical data utilization device performs original authentication on the medical data original by decrypting the original authentication cipher text and the medical data cipher text according to an embodiment of the present invention.
20 is a diagram illustrating an example of performing original authentication of health checkup data in an apparatus for utilizing medical data according to an embodiment of the present invention.
21 is a process of downloading medical data to a user terminal and uploading the medical data to a medical data service management device by the user terminal in the medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention; is a flow chart briefly illustrating
22 is a flowchart schematically illustrating a process of a method of transmitting medical data to a utilization institution in a medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings, embodiments of the present invention will be described in detail so that those of ordinary skill in the art to which the present invention pertains can easily implement them. However, the present invention may be embodied in many different forms and is not limited to the embodiments described herein. And in order to clearly explain the present invention in the drawings, parts irrelevant to the description are omitted, and similar reference numerals are attached to similar parts throughout the specification.

Throughout the specification, when a part "includes" a certain element, it means that other elements may be further included, rather than excluding other elements, unless otherwise stated. In addition, terms such as “…unit”, “…group”, and “module” described in the specification mean a unit that processes at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software. have.

As used herein, a “user terminal or mobile device” refers to a portable device that provides data communication and social network service, and can be connected to a vehicle terminal through wired or wireless communication.

For example, it includes a cellular phone, a personal digital assistant (PDA), a smart phone, a notebook, or a wearable device.

Now, with reference to FIGS. 1 to 22, a medical data management system for medical data original authentication and personal consent information management using a block chain according to an embodiment of the present invention and a medical data original authentication method using the same will be described in detail. .

1 is a block diagram schematically illustrating a medical data management system for medical data original authentication and personal consent information management using a block chain according to an embodiment of the present invention. At this time, the medical data management system only shows a schematic configuration necessary for description according to an embodiment of the present invention, but is not limited to this configuration.

Referring to FIG. 1 , a medical data management system for medical data original authentication and personal consent information management using a block chain according to an embodiment of the present invention is a medical institution data relay device 100 , a user terminal 200 , and medical data It includes a service management device 300 , a block chain system 400 , and a medical data utilization device 500 .

Medical institution data relay device 100 is a medical institution (eg, a hospital system, a medical institution, or a health insurance corporation) that is a source of medical data, medical data management for original medical data authentication and personal consent information management using block chain The system (or medical data management system) includes an agent system for a medical institution that links with the IT system of the medical data service management device 300 . In addition, the medical institution data relay device 100 provides an interworking function for a medical data service between the internal IT system of the medical institution and the IT system of the medical data management system.

In addition, the medical institution data relay device 100 is in charge of a series of interface functions for safely providing a specific individual's medical data (eg, my data) stored in the hospital IT system to an authenticated individual. In addition, the medical institution data relay device 100 includes functions for registering institution information of a hospital required for medical data application service deployment to the medical data service management device 300 .

The medical institution data relay device 100 is connected to the medical institution server 10 of the medical institution, and receives personal medical data from the medical institution server 10 . In addition, the medical institution data relay apparatus 100 may generate an original authentication ciphertext by encrypting the attribute value of medical data through a digital signature, and may generate a medical data ciphertext by encrypting the medical data. The medical institution data relay device 100 is disposed in a medical institution according to an embodiment of the present invention, and includes a medical institution gateway or medical institution server gateway connected to the medical institution server 10, or a hospital agent connected to the hospital system. do.

The user terminal 200 includes a user terminal that is the owner of personal medical data, and includes a user application 200a according to an embodiment of the present invention. Here, in the user application 200a, the service user, who is the owner, controls his/her medical data, and may receive various application services related to health management from the medical data service management device 300 or the medical data utilization device 500 . .

In addition, the user application 200a provides a function for the owner to directly download his/her medical data from a medical institution to his/her user terminal 200 . In addition, the user application 200a uses the personal medical data stored in the user terminal 200 with the medical data service management device 300 and the medical data utilization device 500 (eg, a medical data application service system or medical data utilization). system) to provide a safe delivery function.

For example, the user terminal 200 receives the original authentication encrypted text and the medical data encrypted text from the medical institution data relay device 100, decrypts the medical data encrypted text, and reads the medical data. In addition, the user terminal 200 may re-encrypt the decrypted medical data using the user symmetric key and transmit it to the medical data service management apparatus 300 or the medical data utilization apparatus 500 .

The medical data service management apparatus 300 is in charge of a common core function of the medical data management system. The medical data service management apparatus 300 may provide security management of medical data and infrastructure element functions, and may provide common element functions for various application services related to medical data utilization and health management.

In addition, the medical data service management apparatus 300 may provide a service operation management function such as registration management of each party participating in the ecosystem. In addition, the medical data service management apparatus 300 may provide a consistent interworking interface function for an application system for a basic health care service and each 3rd party system.

For example, the medical data service management apparatus 300 receives and stores the original authentication encrypted text and the medical data encrypted text from the medical institution data relay device 100 or the user terminal 200 . In addition, the medical data service management apparatus 300 may provide the original authentication encrypted text and the medical data encrypted text to the medical data utilization device 500 with the user's personal consent.

The medical data service management device 300 encrypts (converts to a hash value) the user's personal consent details to prove the reliability of personal consent, stores it in the block chain system 400, receives the storage ID, and receives the medical data service management device (300) can be stored and managed in the DB. In addition, the medical data service management apparatus 300 may transmit the stored ID value to the user terminal 200 of the user and share it with the user.

In addition, the medical data service management device 300 receives various security keys for encryption and decryption of medical data from the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 . and stored in the block chain system 400 . In addition, when receiving a request for a specific security key from a specific device, the medical data service management device 300 may query the specific security key stored in the block chain system 400 and transmit it to the specific device.

Here, the security key includes a medical institution private key (Private-Key) generated by a specific medical institution generating medical data, a medical institution public key (Public-Key), and a medical institution symmetric key. And, the security key includes a user private key (Private-Key), a user public key (Public-Key), and a user symmetric key of a specific user who is the owner. In addition, the security key includes a private key (Private-Key) and a public key (Public-Key) of a specific application organization that intends to utilize medical data.

In addition, the medical data utilization device 500 provides a practical IT-based application service to the user terminal 200 by utilizing the medical data. The medical data utilization device 500 directly provides health-related application services to individuals by utilizing the medical data provided by the user's personal consent. In addition, all users (owners) subscribing to the service can basically be provided with a service that can always grasp the history of their own medical data or health checkup data.

For example, the medical data utilization device 500 may obtain the original medical data by decrypting the medical data encrypted text received from the medical data service management device 300 . In addition, the medical data utilization apparatus 500 may perform the original authentication of the medical data original by using the original authentication cipher text.

Hereinafter, it has been described that the medical data utilization device 500 performs original authentication of medical data according to an embodiment of the present invention, but the scope of the present invention is not limited thereto, and according to another embodiment of the present invention, The user terminal 200 or the medical data service management apparatus 300 may directly perform original authentication of medical data.

2 is a flowchart schematically illustrating a process of a medical data original authentication method for performing original authentication by encrypting medical data and decrypting encrypted medical data according to an embodiment of the present invention. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIG. 1 .

Referring to FIG. 2 , in the medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention, the medical institution data relay device 100 receives medical data consented by the user from the medical institution server 10 . is received (S102).

Then, the medical institution data relay device 100 encrypts the attribute value of the medical data through a digital signature using the medical institution private key to generate an original authentication ciphertext (S104).

In addition, the medical institution data relay device 100 encrypts the medical data using a medical institution symmetric key or a user public key to generate a first medical data encrypted text, and groups the generated original authentication encrypted text and the first medical data encrypted text. do (S106).

For example, if the user's medical data (original full plain text) includes a plurality of (N) original plain text medical data, after extracting a hash value of each medical data original plain text, each hash value is A plurality of original authentication ciphertexts can be generated by digitally signing the medical institution private key.

In addition, the medical institution data relay device 100 matches and groups each medical data original plain text and each original authentication cipher text, and then encrypts the grouped data at once using a medical institution symmetric key to obtain a first medical data cipher text. can create

Also, the medical institution data relay apparatus 100 may encrypt the medical institution symmetric key using the user public key to generate a medical institution symmetric key cipher text. In addition, the medical institution data relay apparatus 100 may group the medical data encrypted text including the original authentication encrypted text and the medical institution symmetric key encrypted text and transmit the grouped text to the user terminal 200 .

The user terminal 200 receives the original authentication encrypted text and the first medical data encrypted text from the medical institution data relay device 100 . And, the user terminal 200 can read the original medical data by decrypting the first medical data encrypted text using the medical institution symmetric key or the user's private key. Here, when receiving the grouped data of the medical data encrypted text and the medical institution symmetric key encrypted text, the user terminal 200 decrypts the medical institution symmetric key encrypted text using the user's private key to decrypt the medical institution symmetric key encrypted text. The key may be obtained, and the medical data original plain text may be obtained using the obtained symmetric key of the medical institution.

Then, the user terminal 200 may re-encrypt the decrypted medical data using the user symmetric key and generate a second medical data encrypted text. In this case, the user terminal 200 may encrypt the user symmetric key using the public key of the application organization that intends to utilize the medical data, and generate a symmetric key cipher text through this (S108).

In addition, the medical data service management device 300 receives and stores the original authentication cipher text and the medical data cipher text from the medical institution data relay device 100 or the user terminal 100, and stores the stored original authentication cipher text and the medical data. The encrypted data may be provided to the medical data utilization device 500 installed in the utilization institution.

Also, the medical data service management apparatus 300 may receive the symmetric key cipher text from the user terminal 200 and provide the received symmetric key cipher text to the medical data utilization apparatus 500 . At this time, when the delivery key and the symmetric key cipher text are received together from the user terminal 200, the medical data service management apparatus 300 re-encrypts the symmetric key cipher text using the delivery key, and uses the re-encrypted symmetric key cipher text to the medical It may be provided to the data utilization device 500 .

Here, the medical data service management device 300 receives various security keys from the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 and stores them in the block chain system 400 . can In addition, when a specific key is requested from the specific device, the medical data service management device 300 inquires for a specific security key stored in the block chain system 400, and provides the storage ID of the specific security key to the specific device. can transmit

Then, the medical data utilization device 500 extracts the user symmetric key by decrypting the symmetric key cipher text using the public key of the utilization institution (S110).

Then, the medical data utilization device 500 decrypts the medical data encrypted text using the extracted user symmetric key to obtain a medical data source, and calculates a medical data hash value from the decrypted medical data source (S112).

In addition, the medical data utilization device 500 decrypts the original authentication cipher text using the public key of the medical institution to extract the original authentication hash value (S114).

Then, the medical data utilization apparatus 500 compares the Winborn authentication hash value with the medical data hash value to perform original authentication of the medical data source (S116).

As described above, the medical data management system according to an embodiment of the present invention encrypts the attribute value of medical data through a digital signature to generate an original authentication ciphertext, and performs original authentication of medical data using the original authentication ciphertext, It improves the security of medical data and provides an environment in which to build a security management system for the safe movement and use of medical data.

3 is a block diagram schematically illustrating a medical institution data relay device for receiving and encrypting medical data from a medical institution according to an embodiment of the present invention. In this case, the medical institution data relay apparatus only shows a schematic configuration necessary for description according to an embodiment of the present invention, but is not limited to this configuration.

Referring to FIG. 3 , a medical institution data relay apparatus 100 according to an embodiment of the present invention is disposed in a medical institution and may be connected to a medical institution server 10 of the medical institution. In addition, the medical institution data relay device 100 provides an access right relay function and an interworking function for data download to the inside of the medical institution server 10 for the user terminal 200 that wants to download the medical data.

In addition, the medical institution data relay device 100 provides a function to generate and manage a security key required for the original authentication or digital signature of the user's medical data, and provides a function for managing the user's personal consent for medical data download. do. Here, the security key of the medical institution includes a medical institution asymmetric key and a medical institution symmetric key for encrypting or decrypting medical data, and the medical institution asymmetric key is a medical institution private key (Private-Key) and a medical institution public key ( Public-Key) may be included.

In addition, the medical institution public key generated by the medical institution server 10 or the medical institution data relay device 100 may be transmitted to and stored in the medical data service management device 300 . In this case, the medical data service management apparatus 300 may store the medical institution public key in the internal DB of the server and the blockchain system 400 , and manage the storage ID of the medical institution public key stored in the blockchain system 400 . In addition, the medical data service management apparatus 300 may provide the storage ID of the medical institution public key to the medical institution data relay apparatus 100 .

Additionally, when a medical institution public key of a specific medical institution is requested from the medical data utilization device 500 , the medical data service management device 300 uses the storage ID of the medical institution public key to store the medical institution public key stored in the block chain system 400 . After inquiring about , it is possible to provide the medical institution public key of the corresponding medical institution to the medical data utilization device 500 .

In addition, the medical institution data relay device 100 may receive medical data from the medical institution server 10, encrypt the attribute value of the medical data through a digital signature using the medical institution private key, and generate an original authentication ciphertext.

Also, the medical institution data relay apparatus 100 may generate the first medical data encrypted text by encrypting the medical data using the user public key or the medical institution symmetric key. In addition, the medical institution data relay apparatus 100 groups the original authentication encrypted text and the first medical data encrypted text, and transmits the grouped data to the user terminal 200 or the medical data service management apparatus 300 .

Here, when the user's medical data (original full plain text) includes a plurality (N) of original plain text of medical data, the medical institution data relay device 100 extracts a hash value of each original plain text of medical data, , it is possible to digitally sign each hash value with a medical institution private key to generate a plurality of original authentication ciphertexts.

In addition, the medical institution data relay device 100 matches each medical data original plain text and each original authentication cipher text to group them, and then encrypts the grouped data at once using a medical institution symmetric key to generate a first medical data cipher text. can do. Therefore, the first encrypted medical data generated at this time may include the original authentication encrypted text.

In addition, the medical institution data relay device 100 may process the personal consent of the user (owner) necessary for downloading medical data from the medical institution server 10 . For example, the medical institution data relay apparatus 100 may receive information necessary for hospital access authentication from the user terminal 200 , and process access authentication and relay functions for accessing the medical institution server 10 .

In addition, the medical institution data relay apparatus 100 may obtain a user's personal data list from the medical institution server 10 and provide it to the user terminal 200 . In addition, the medical institution data relay apparatus 100 waits for individual consent from the user terminal 200 , and when the user's personal consent is obtained, the medical institution data relay apparatus 100 may receive the user public key from the user terminal 200 .

In addition, the medical institution data relay device 100 stores the user's personal consent details in the DB of the medical institution data relay device 100 and at the same time requests the medical data service management device 300 to register the user's personal consent details, As a result, the personal consent information storage ID stored in the block chain system 400 is received and managed. Here, the personal consent information storage ID includes a code value issued to distinguish the specific personal consent details of a specific user from other personal consent details.

In addition, the medical institution data relay device 100 may provide the personal consent information storage ID to the medical institution server 10 and request and receive medical data of the corresponding user. Also, the medical institution data relay device 100 may encrypt the medical data received from the medical institution server 10 and download it to the user terminal 200 .

In addition, the medical institution data relay device 100 processes and manages the personal identification information of a specific user when processing medical data encryption. For example, the medical institution data relay device 100 separates data attribute values (eg, name, gender, age, address, etc.) related to the identification of the user contained in the original My Data structure into a separate data segment. It is processed by decoupling into (subset). In addition, the medical institution data relay device 100 independently separates the data itself containing the actual medical data attribute and the identification attribute value for security management and processes the data as separate data.

The medical institution data relay device 100 includes a medical data receiving unit 110 , an encryption control unit 120 , a security key management unit 130 , a personal consent management unit 140 , and a data download unit 150 according to an embodiment of the present invention. ) is included.

The medical data receiving unit 110 receives the user's medical data for which personal consent has been obtained from the medical institution server 10 , and transmits the received medical data to the encryption control unit 120 . In addition, the medical data receiving unit 110 classifies the types of medical data, and manages them separately for each data type.

In addition, the medical data receiving unit 110 may independently divide the data itself containing the attributes of the actual medical data and the identification attribute value of a specific user, process them as separate data, and manage them.

The medical data receiving unit 110 includes a data type management unit 112 according to an embodiment of the present invention.

The data type management unit 112 classifies the types of medical data and manages them separately for each data type. Here, the medical data type includes health checkup data, questionnaire data, and prescription data. In this case, the data type management unit 112 separates the health checkup data into units of each category (eg, n) so as to be suitable for the screening process of the individual consent unit by the user terminal 200 in the case of the health checkup data. carry out

The encryption control unit 120 generates an original authentication cipher text for original authentication of the medical data received by the medical data receiving unit 110 . In addition, the encryption control unit 120 may encrypt the medical data to generate a medical data encrypted text.

In addition, the encryption control unit 120 may generate an original authentication cipher text and medical data cipher text as many as the number of categories (n) only in the case of health checkup data.

In addition, the encryption control unit 120 includes an original authentication cipher text generation unit 122 and a medical data encrypted text generation unit 124 according to an embodiment of the present invention.

The original authentication ciphertext generation unit 122 generates the original authentication ciphertext by encrypting the attribute value of the medical data through a digital signature using the private key of the medical institution of a specific medical institution. Here, the original authentication cipher text can be decrypted only by the public key of a specific medical institution stored in the block chain system 400 .

At this time, when the user's medical data (original full plain text) includes a plurality (N) of original plain text medical data, the original authentication cipher text generator 122 extracts the hash value of each medical data original plain text. Thereafter, each hash value may be digitally signed with a medical institution private key to generate a plurality of original authentication ciphertexts.

The medical data encrypted text generation unit 124 encrypts the medical data using a user public key or a medical institution symmetric key to generate a medical data encrypted text. Here, the attribute value of the medical data may include a hash value (HASH) of the original plain text of the medical data.

And, when the user's medical data (original full plain text) includes a plurality (N) of original medical data plain text, the medical data encrypted text generation unit 124 provides each medical data original plain text and each original proof. After grouping by matching the ciphertext, the grouped data may be encrypted at once using a medical institution symmetric key to generate a first ciphertext for medical data.

The security key management unit 130 receives and manages a medical institution private key of a specific medical institution and a user public key of a user. In addition, the security key management unit 130 includes a medical institution key management unit 132 and a user key management unit 134 according to an embodiment of the present invention.

The medical institution key management unit 132 receives the medical institution private key and the medical institution public key from the medical institution server 10 of a specific medical institution. Then, the medical institution key management unit 132 stores the medical institution private key in the DB, and transmits the medical institution public key to the medical data service management device 300 to store and manage the medical institution public key in the block chain system 400 .

The user key management unit 134 receives the user public key from the user terminal 200 of the user registered in the medical data service management apparatus 300 , and stores and manages the user public key received for each user in a DB.

The personal consent management unit 140 receives and manages personal consent details or personal consent information related to the movement or download of medical data from the user terminal 200, and from the medical data service management device 300 to the blockchain system 400. Receives and manages the stored personal consent information storage ID. Here, the personal consent information storage ID includes a code value issued to distinguish the specific personal consent details of a specific user from other personal consent details.

Then, the personal consent management unit 140 stores the personal consent details received from the user terminal 200 and the personal consent information storage ID received from the medical data service management device 300 in the personal consent history storage unit 142 . .

In addition, the personal consent management unit 140 applies and manages one individual consent procedure for one case of data specified for each data type. For example, the personal consent management unit 140 processes one download for one specified health checkup data type with one personal consent, and one download process with one personal consent for one specified questionnaire data type. And, for one specified prescription data type, one download is processed with one individual consent.

In addition, the personal consent management unit 140 may apply the individual consent procedure once to the total number of data cases during a specified period for each data type divided by the data type management unit 112 . For example, for a total of m health checkup data for a specified period (eg, day, week, month, year, etc.), one individual consent can be used for batch processing.

In addition, the personal consent management unit 140 may batch-process downloads with one personal consent for a total of m prescription data for a specified period. However, the personal consent management unit 140 does not process different data types as one personal consent at the same time.

The data download unit 150 downloads the original authentication cipher text and the medical data cipher text generated by the encryption control unit 120 , and the personal consent information storage ID to the user terminal 200 . In this case, the data download unit 150 may directly transmit the original authentication encrypted text, the medical data encrypted text, and the personal consent information storage ID to the medical data service management apparatus 300 according to another embodiment of the present invention.

4 is a flowchart schematically illustrating a process in which a medical institution data relay device generates an original authentication cipher text and medical data cipher text and downloads it to a user terminal according to an embodiment of the present invention, and FIG. 5 is an embodiment of the present invention. It is a diagram illustrating an example in which a medical institution data relay device encrypts health checkup data or prescription data and generates an original authentication ciphertext. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 3 .

4 and 5, the medical institution data relay device 100 encrypts the attribute value of the medical data original plain text through a digital signature using the medical institution private key of a specific medical institution to generate an original authentication cipher text (S210).

Then, the medical institution data relay apparatus 100 encrypts the original medical data plain text using the user public key of a specific user who is the owner of the medical data to generate the first medical data encrypted text (S220).

In addition, the medical institution data relay apparatus 100 groups the original authentication encrypted text and the first medical data encrypted text, and provides the grouped data to the user terminal 200 of the specific user (S230).

Referring to FIG. 5A , since the health checkup data type includes several data categories with different data attributes, each category is divided into independent subcomponents (eg, data It is processed separately into segments or subsets), and individual consent and data download can be processed for each data segment individually.

Also, the medical institution data relay device 100 may process the download for one health checkup data through one individual consent approval procedure. At this time, although the individual consent approval code value (eg, individual consent code x) is the same for each data segment or data subset, it can be managed independently by matching each sub-component.

And, the medical institution data relay device 100 goes through each of the medical data encryption and original authentication encryption process for each of the sub-components of the health examination data, and matches the medical data cipher text and the original authentication cipher text generated for each sub-component. can do. In addition, the medical institution data relay apparatus 100 may provide the grouped data to the user terminal 200 at this time.

Referring to FIG. 5B , in the case of prescription data or questionnaire data, due to the nature of the data type, one case of prescription data or one case of questionnaire data may be downloaded through a single individual consent procedure. In addition, as for the personal consent approval code value (for example, individual consent code y) of prescription data or questionnaire data, one individual consent approval code value can be identically used when downloading data, and the same single individual consent approval code value is It can be used by matching with user identification identification, medical data ciphertext, or original authentication ciphertext.

6 is a diagram schematically illustrating a process in which a medical institution data relay device encrypts medical data using a medical institution symmetric key and downloads it to a user terminal according to another embodiment of the present invention.

Referring to FIG. 6 , when the user's medical data (original full plain text) includes a plurality of (N) medical data original plain texts, the medical institution data relay apparatus 100 may After extracting the hash value, each hash value can be digitally signed with the private key of the medical institution to generate a plurality of original authentication ciphertexts.

In addition, the medical institution data relay device 100 matches and groups each medical data original plain text and each original authentication cipher text, and then encrypts the grouped data at once using a medical institution symmetric key to obtain a first medical data cipher text. can create And at this time, the generated first medical data encrypted text may include an original authentication encrypted text.

Also, the medical institution data relay apparatus 100 may encrypt the medical institution symmetric key using the user public key and generate a medical institution symmetric key encrypted text. In addition, the medical institution data relay apparatus 100 may group the medical data encrypted text including the original authentication encrypted text and the medical institution symmetric key encrypted text and transmit the grouped text to the user terminal 200 .

Also, the medical institution data relay apparatus 100 may generate the first medical data encrypted text by using the medical institution symmetric key and the user public key together. For example, the medical institution data relay device 100 may encrypt the original plain text of the medical data using the medical institution symmetric key, encrypt the medical institution symmetric key again with the user public key, and download it to the user terminal 200 . Here, the medical institution symmetric key includes a one-time symmetric key that is issued and discarded after being used by a medical institution whenever necessary. It provides an environment where there is no need.

In addition, according to another embodiment of the present invention, the medical institution data relay apparatus 100 provides one symmetric key for N medical data original segments at a time in order to improve the size problem and encryption processing performance of medical data to be encrypted. It can be bundled and encrypted. For example, the present invention creates a hash value for each medical data source segment and digitally signs each medical data source segment with a private key of a medical institution in order to provide an original authentication for each N medical data source segment to generate an original authentication ciphertext. have. In this case, the original authentication ciphertext for each segment may be processed so that a matching relationship with each first medical data ciphertext can be maintained.

Then, the user terminal 200 decrypts the medical data encrypted text using the user's private key and the medical institution symmetric key. First, the user terminal 200 uses the user's private key to decrypt the cipher text of the medical institution symmetric key to obtain the medical institution symmetric key used for encryption of medical data. Then, the user terminal 200 may obtain the original plain text of the medical data by using the medical institution symmetric key obtained here. In this case, the user terminal 200 may obtain each of the plurality of medical data original plain texts using the symmetric key of the medical institution, and read each of the acquired medical data original plain texts.

7 is a block diagram schematically illustrating a user terminal in which a user application for receiving and reading medical data is installed according to an embodiment of the present invention. In this case, the user terminal in which the user application is installed shows only a schematic configuration necessary for description according to an embodiment of the present invention, but is not limited to this configuration.

The user terminal 200 according to an embodiment of the present invention receives the original authentication encrypted text and the first medical data encrypted text from the medical institution data relay device 100, and decrypts the first medical data encrypted text using the user's private key. and a user application 200a for reading or re-encrypting the decrypted medical data using a user symmetric key to generate a second medical data encrypted text. Then, the user application 200a may generate a symmetric key cipher text by encrypting the user symmetric key with the public key of the utilization institution.

Here, the user symmetric key is generated and managed in the user terminal 200, and a plurality of the same as the number of datasets of medical data may be generated, and the plurality of user symmetric keys may be used for encryption of each dataset of medical data. have. For example, in FIG. 9 or FIG. 11 below, when the number of grouped datasets is N or the first medical data ciphertext and the original authentication ciphertext are N, the user terminal 200 may generate N user symmetric keys. have. Then, the user terminal 200 may generate a second medical data encrypted text, a first symmetric key encrypted text, or a second symmetric key encrypted text by encrypting each of the N pieces of data with a separate user symmetric key.

In addition, after downloading medical data from the medical institution data relay device 100 , the user terminal 200 may provide various functions for the user and process various tasks for uploading medical data.

After the user terminal 200 stores all the received medical data in a predefined folder, the user application 200a decrypts the medical data encrypted text to obtain the medical data original plain text. In addition, the user application 200a may display on the app UI to confirm to the user that the medical data original plain text is the user's own data, and notify the download completion result to the medical institution data relay device 100 .

In addition, the user application 200a at the same time generates a second medical data encrypted text by re-encrypting the original plain text medical data using a user symmetric key, etc. At this time, the user application 200a re-encrypts the user symmetric key using the public key or the user public key to create a symmetric key cipher text, and completes the preparation for uploading medical data to the medical data service management device 300 can do.

In addition, the user application 200a may transmit a download event result to the medical data service management device 300 as an alarm, and perform a personal consent procedure for uploading the user's medical data with the medical data service management device 300 . .

In addition, the user terminal 200 may perform encryption for personal consent and data upload for each type of medical data.

For example, since the health examination data type includes several data categories with different data properties, each category is separated and processed into independent data segments in order to give the user, who is the owner, an opportunity to select and control each category. of data segments can be individually processed with personal consent and data download/upload.

In addition, the type of questionnaire data may be processed as one individual consent and upload of one questionnaire data due to the characteristics of the data type. In addition, as for the type of prescription data, one prescription data can be processed with one individual consent and download/upload due to the characteristics of the data type.

Referring to FIG. 7 , the user terminal 200 according to an embodiment of the present invention includes a data transmission/reception unit 210 , a personal consent processing unit 220 , and an application control unit 230 .

The data transceiver 210 receives the original authentication encrypted text and the first medical data encrypted text from the medical institution data relay device 100 . In addition, the data transceiver 210 may upload the original authentication ciphertext, the second medical data ciphertext, and the symmetric key ciphertext to the medical data service management apparatus 300 .

The personal consent processing unit 220 performs the user's personal consent procedure necessary for service subscription such as personal medical data issuance, medical data management service, and medical data utilization service according to an embodiment of the present invention, and is transmitted to the device and server. You can proceed with the service subscription application process.

For example, when the user terminal 200 applies for service subscription to the medical data service management apparatus 300 , the medical data service management apparatus 300 receives personal consent information regarding service subscription from the user terminal 200 . do. Then, the medical data service management apparatus 300 may store the received personal consent information in the DB of the server, and then store the hash value of the personal consent information related to the service subscription in the block chain system 400 .

In addition, the medical data service management device 300 fetches the subscription personal consent information storage ID related to the service service subscription from the block chain system 400 and delivers it to the user terminal 200 , and provides the service to the user terminal 200 . You can request to generate the required security key.

In addition, the personal consent processing unit 220 may perform the user's personal consent procedure required when the medical institution data relay device 100 inquires or downloads medical data from the medical institution server 10 . Also, the personal consent processing unit 220 may perform a personal consent procedure necessary to upload medical data to the medical data service management apparatus 300 .

In addition, the personal consent processing unit 220 performs a personal consent procedure for providing medical data to the medical data utilization device 500 , and stores the personal consent information in the block chain system 400 medical data service management device It can be passed to (300).

Then, the application control unit 230 may decrypt the medical data encrypted text to read the medical data, or re-encrypt the decrypted medical data using the user symmetric key. In addition, the application control unit 230 may generate a symmetric key cipher text by encrypting the user symmetric key with the public key of the utilization institution.

The application control unit 230 includes a data medical data viewing unit 240 , a key management unit 250 , and an encryption unit 260 according to an embodiment of the present invention.

The medical data reading unit 240 stores the original authentication encrypted text and the medical data encrypted text received from the data transmitting and receiving unit 210 . Then, the medical data reading unit 240 decrypts the medical data encrypted text to read the original medical data, and then deletes the read medical data original. At this time, the medical data reading unit 240 may read the medical data by decrypting the medical data encrypted text using the public key of the medical institution or the private key of the user.

The medical data reading unit 240 is a medical data decryption unit 242 that decrypts the medical data encrypted text using the medical institution public key or the user private key according to an embodiment of the present invention, and the original authentication encrypted text and the medical data encrypted text to the user terminal It may include a medical data storage unit 244 for storing in (200).

The key management unit 250 may generate various security keys for the user and may generate a transmission key for re-encrypting the symmetric key cipher text. The key management unit 250 includes a user security key generation unit 252 and a delivery key generation unit 254 according to an embodiment of the present invention.

The user security key generator 252 may generate and manage a user's user private key, a user public key, and a user symmetric key for security management.

The delivery key generation unit 254 may generate a delivery key by combining the user's private key and the public key of the utilization organization. For example, the delivery key generation unit 254 may generate the delivery key by encrypting the user's private key using the public key of the utilization institution.

The encryption unit 260 may re-encrypt the decrypted medical data using the user symmetric key to generate a second medical data encrypted text. In addition, the encryption unit 260 may group the second medical data encrypted text and the original authentication encrypted text to be transmitted to the medical data service management device 300 . In addition, the encryption unit 260 may generate a symmetric key cipher text by encrypting the user symmetric key using the public key of the utilization institution.

The encryption unit 260 includes a medical data encryption unit 262 and a symmetric key cipher text generation unit 264 according to an embodiment of the present invention.

The medical data encryption unit 262 may re-encrypt the medical data decrypted in the medical data reading unit 240 using the user symmetric key to generate a second medical data encrypted text.

In addition, the symmetric key cipher text generation unit 264 may generate the first symmetric key cipher text by encrypting the user symmetric key using the public key of the utilization institution of a specific utilization institution. Here, the first symmetric key encrypted text may be generated in a one-to-one relationship as much as the number of medical data or the number of second medical data encrypted text.

In addition, the symmetric key cipher text generation unit 264 may generate a second symmetric key cipher text by encrypting the user symmetric key using the user public key. Here, the second symmetric key ciphertext may be generated in a one-to-one relationship by the number of the medical data or the number of the second medical data ciphertext.

In this case, it is characterized in that only one transmission key is generated regardless of the number of the medical data or the second medical data encrypted text. In addition, the second symmetric key cipher text may be re-encrypted by the transmission key to be converted into a third symmetric key cipher text for obtaining a user symmetric key.

8 is a flowchart schematically illustrating a process of downloading medical data from a user terminal, decoding the medical data, and reading the medical data according to an embodiment of the present invention. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 7 .

8, according to an embodiment of the present invention, the user terminal 200 stores the original authentication cipher text and the first medical data cipher text received from the medical institution data relay device 100 in a designated folder, and each original authentication cipher text and the first medical data encrypted text (S310).

Then, the user terminal 200 decrypts the first medical data encrypted text using the medical institution symmetric key or the user's private key to generate the medical data original plain text, reads the medical data original plain text, and then removes it (S320).

9 is a flowchart schematically illustrating a process of encrypting and uploading medical data and a symmetric key according to an embodiment of the present invention, and FIG. 10 is an encrypted and uploading health checkup data in a user terminal according to an embodiment of the present invention. It is a drawing showing an example. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 7 .

9 and 10 , according to an embodiment of the present invention, the user terminal 200 stores the original authentication encrypted text and the first medical data encrypted text received from the medical institution data relay device 100 in a corresponding folder, and each The original authentication cipher text and the first medical data cipher text are separated (S410).

Then, the user terminal 200 may decrypt the first medical data encrypted text using the medical institution symmetric key or the user's private key to generate the medical data original plain text (S420).

In addition, the user terminal 200 may generate a second medical data encrypted text by encrypting the original medical data plain text using the user symmetric key (S430).

Then, the user terminal 200 may group the original authentication ciphertext and the second medical data ciphertext so that the original authentication ciphertext and the second medical data ciphertext can be matched and transmitted to the medical data service management apparatus 300 (S440).

In addition, the user terminal 200 may generate a first symmetric key cipher text by encrypting the user symmetric key with the public key of the utilization institution of a specific utilization institution requesting medical data (S450). Here, the first symmetric key encrypted text may be generated in a one-to-one relationship as much as the number of medical data or the number of second medical data encrypted text.

In addition, the user terminal 200 may match the grouped original authentication ciphertext and the second medical data ciphertext with the first symmetric key ciphertext and upload them to the medical data service management apparatus 300 .

11 is a flowchart schematically illustrating a process of encrypting and uploading medical data and a symmetric key according to another embodiment of the present invention, and FIG. 12 is an encrypted and uploaded health checkup data in a user terminal according to another embodiment of the present invention. It is a drawing showing an example. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 7 .

11 and 12, according to an embodiment of the present invention, the user terminal 200 stores the original authentication encrypted text and the first medical data encrypted text received from the medical institution data relay device 100 in a corresponding folder, and each The original authentication cipher text and the first medical data cipher text are separated (S510).

Then, the user terminal 200 may decrypt the first medical data encrypted text using the medical institution symmetric key or the user private key to generate the original medical data plain text (S520).

In addition, the user terminal 200 may generate a second medical data encrypted text by encrypting the original medical data plain text using the user symmetric key (S530).

In addition, the user terminal 200 may group the original authentication ciphertext and the second medical data ciphertext so that the original authentication ciphertext and the second medical data ciphertext can be matched and transmitted to the medical data service management apparatus 300 (S540).

At this time, the user terminal 200 may generate a second symmetric key cipher text by encrypting the user symmetric key with the user public key (S550). Here, the second symmetric key encrypted text may be generated in a one-to-one relationship as much as the number of the medical data or the number of the second medical data encrypted text.

In addition, the user terminal 200 may generate a delivery key by encrypting the user's private key with the public key of the specific utilization institution that has requested the medical data (S560). Here, only one transmission key may be generated regardless of the number of the medical data or the second medical data encrypted text.

In addition, the user terminal 200 may match the grouped original authentication ciphertext and the second medical data ciphertext, the second symmetric key ciphertext, and the transmission key, and upload them to the medical data service management apparatus 300 .

13 is a block diagram schematically illustrating a medical data service management apparatus according to an embodiment of the present invention. In this case, the medical data service management apparatus only shows a schematic configuration necessary for description according to an embodiment of the present invention, but is not limited to this configuration.

According to an embodiment of the present invention, the medical data service management apparatus 300 transmits the original authentication encrypted text and the medical data encrypted text from the medical institution data relay device 100 or the user terminal 200 to verify the original medical data. Receive and save In addition, the medical data service management apparatus 300 may provide the original authentication encrypted text and the medical data encrypted text of the specific user to the medical data utilization device 500 that has requested the specific user's medical data.

In addition, the medical data service management device 300 receives various security keys for encryption and decryption of medical data from the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 . and stored in the block chain system 400 . In addition, when receiving a request for a specific security key from a specific device, the medical data service management device 300 may query the specific security key stored in the block chain system 400 and transmit it to the specific device.

In addition, the medical data service management device 300 stores personal consent details and personal consent information of a specific user in order to secure the reliability of personal consent for medical data, and matches personal consent information and data for each data type. provided to the device. The medical data service management device 300 stores the personal consent information of the specific user in the block chain system 400 , and receives and manages the personal consent information storage ID from the block chain system 400 .

For example, the medical data service management device 300 encrypts (converts to a hash value) the details of the user's personal consent to prove the reliability of the personal consent and stores it in the block chain system 400, and the block chain system 400 ) may be issued/transmitted and stored in the DB of the medical data service management apparatus 300 for management. In addition, the medical data service management apparatus 300 may transmit the stored ID value stored in the DB to the user terminal 200 of the user and share it with the user.

In addition, the medical data service management device 300 may request the medical institution data relay device 100 to download the specific user's medical data based on the personal consent information storage ID. Also, the medical data service management apparatus 300 may request to upload medical data to the user terminal 200 of the specific user based on the personal consent information storage ID.

Referring to FIG. 13 , the medical data service management device 300 includes an interface control module 310 , an authentication and authority management module 320 , a security key management module 330 , and personal consent information according to an embodiment of the present invention. It includes a management module 340 , a block chain management module 350 , and a data management module 360 .

The interface control module 310 is responsible for a common core function of the medical data management system, and provides services such as security management of medical data and common element functions for infrastructure element functions and application services, and registration management of each party participating in the ecosystem. It can provide operation management function.

This interface control module 310 controls the operation of the medical data service management device 300, the authentication and authority management module 320, the security key management module 330, the personal consent information management module 340, the block chain The management module 350 and the data management module 360 are controlled so that the operation of each part is smooth.

For example, the interface control module 310 controls to match and store the user's personal consent information related to the movement and utilization of medical data by data type, and stores the personal consent information collected from the user terminal 200 in a block chain system It can be controlled to store it in 400 and manage it.

In addition, the interface control module 310 may control movement and utilization of medical data of a specific user based on the personal consent information collected from the user terminal 200 of the specific user. For example, the interface control module 310 may control movement and utilization of the specific medical data by a medical institution or a utilization institution based on specific personal consent information matched with the specific medical data.

The authentication and authority management module 320 may perform a function of authenticating a medical institution, a user, and a utilization institution, registering it in the system, and granting authority.

In addition, the authentication and authority management module 320 includes a medical institution manager 322 , a user manager 324 , and a utilization institution manager 326 according to an embodiment of the present invention.

The medical institution management unit 322 may be connected to the medical institution data relay device 100 disposed in a specific medical institution to continuously maintain a networking state, and may provide a function of registering various types of information of the specific medical institution in the system.

The user management unit 324 may perform a function of registering personal consent information for downloading and uploading medical data of a specific user, medical data utilization service, and the like, and managing user information of a specific user.

The utilization institution management unit 326 may register a specific utilization institution using medical data in the system and provide various interface functions with the medical data utilization device 500 connected to the specific utilization institution.

The security key management module 330 receives and manages various security keys from the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 .

In addition, the security key management module 330 includes a security key storage unit 332 and a security key transfer unit 334 according to an embodiment of the present invention.

The security key storage unit 332 may receive various security keys from the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 , and store the received security keys.

In addition, when a specific security key is requested from a specific device, the security key transfer unit 334 may perform a function of inquiring the specific security key stored in the block chain system 400 and transmitting it to the specific device.

The personal consent information management module 340 stores various types of personal consent information of the user, and performs a function of managing the stored personal consent information by matching the data type. For example, the personal consent information management module 340 may collect the user's personal consent information regarding the movement and utilization of the user's specific medical data, and match the collected personal consent information with the specific medical data and store it. .

The personal consent information management module 340 includes a personal consent information storage unit 342 and a data matching unit 344 according to an embodiment of the present invention.

The personal consent information storage unit 342 stores and manages the details of a specific user's service subscription agreement, the user's movement agreement details for specific medical data, and the usage agreement details of the specific medical data.

The data matching unit 344 may perform a function of matching the personal consent information for each data type so that the original authentication of medical data and data transmission and management are possible for each individual consent unit of the user. For example, the data matching unit 344 may match the personal consent information for each medical data type to enable original authentication of medical data, movement of medical data, and transaction of medical data for each unit of the personal consent information.

The data matching unit 344 matches and manages a specific type of medical data with the corresponding personal consent information. For example, the data matching unit 344 matches and manages one piece of personal consent information with respect to one specified health checkup data. In addition, the data matching unit 344 may manage by matching one piece of personal consent information with respect to one specified questionnaire data. In addition, the data matching unit 344 may match and manage one piece of personal consent information with respect to one specified prescription data.

In addition, the data matching unit 344 may manage by matching the personal consent information once with respect to the total number of data for a period specified for each type of medical data. In this case, when the data types are different, the data matching unit 344 may match and manage each individual consent information for each data type without matching the same personal consent information and processing.

The block chain management module 350 controls and manages to store in the block chain system 400 information on a specific user's personal consent information, security key, medical data utilization and service usage history, etc. for the issuance and movement of medical data. function can be performed.

For example, when the blockchain management module 350 receives the medical institution public key from the medical institution data relay device 100, it stores the medical institution public key in the blockchain system 400, and receives a medical institution public key storage ID. can manage Here, the medical institution public key storage ID may include a code value issued to distinguish the public key of a specific medical institution from security keys of other medical institutions.

In addition, when the user agrees to download and upload his/her medical data, the block chain management module 350 stores the relevant personal consent details and personal consent information in the block chain system 400, and stores the personal consent details in the corresponding personal consent details. Personal consent information storage ID can be issued and managed.

In addition, the block chain management module 350 includes a personal consent information storage management unit 352 , a security key storage management unit 354 , and a service usage history management unit 356 according to an embodiment of the present invention.

The personal consent information storage management unit 352 may store various personal consent information by the user in the block chain system 400, and may receive and manage the personal consent information storage ID.

The security key storage management unit 354 may store various security keys in the block chain system 400, and may receive and manage the storage ID of the corresponding security key.

The service usage history management unit 356 performs a function of storing and managing the medical data usage history and health-related service usage history of the utilization institution in the block chain system 400 .

For example, the service usage history management unit 356 may store a hash value for the medical data usage history of the utilization institution and the usage history of the health-related service in the block chain system 400 .

The data management module 360 relays the movement and transaction of medical data between the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 , and performs a function of guiding the relay result.

In addition, the data management module 360 includes a data relay unit 362 , a symmetric key encryption unit 364 , and a data result processing unit 366 according to an embodiment of the present invention.

The data relay unit 362 may request and transmit medical data between the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 .

The symmetric key encryption unit 364 may re-encrypt the second symmetric key cipher text using the transfer key to generate a third symmetric key cipher text.

The data result processing unit 366 may store and guide the result of data relay between the medical institution data relay device 100 , the user terminal 200 , and the medical data utilization device 500 .

14 is a flowchart schematically illustrating a process in which the medical data service management apparatus groups and transmits encrypted medical data and an encrypted key value according to an embodiment of the present invention, and FIG. 15 is a medical data service management apparatus according to an embodiment of the present invention. It is a diagram illustrating an example of transmitting health checkup data from a data service management device. In this case, the following flowchart will be described using the same reference numerals in connection with the configurations of FIGS. 1 to 13 .

14 and 15 , the medical data service management apparatus 300 receives an original authentication ciphertext, a second medical data ciphertext, and a first symmetric key ciphertext from the user terminal 200 of a specific user (S610, S620). ).

Then, the medical data service management device 300 groups the original authentication cipher text, the second medical data cipher text, and the first symmetric key cipher text, and the data grouped in the medical data utilization device 500 requesting the medical data and the cipher text can be transmitted by matching a security key capable of decrypting (S630).

16 is a flowchart schematically illustrating a process in which the medical data service management apparatus groups and transmits encrypted medical data and an encrypted key value according to another embodiment of the present invention, and FIG. 17 is a medical data service management apparatus according to another embodiment of the present invention. It is a diagram illustrating an example of transmitting health checkup data from a data service management device. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 3 .

16 and 17 , when the medical data service management apparatus 300 receives the second symmetric key cipher text together with the delivery key from the user terminal 200 of a specific user, the second symmetric key using the delivery key A third symmetric key ciphertext may be generated by re-encrypting the key ciphertext (S710).

In addition, the medical data service management device 300 groups the original authentication cipher text, the second medical data cipher text, and the third symmetric key 　 cipher text, and the medical data utilization device 500 of the specific utilization institution that requested the specific user's medical data. Grouped data may be delivered to (S720).

18 is a block diagram schematically illustrating an apparatus for utilizing medical data that utilizes medical data according to an embodiment of the present invention. In this case, the medical data utilization apparatus only shows a schematic configuration necessary for description according to an embodiment of the present invention, but is not limited to this configuration.

The medical data utilization apparatus 500 may decrypt the medical data encrypted text to obtain the medical data original, and perform original authentication of the medical data original using the original authentication encrypted text.

Referring to FIG. 18 , the medical data utilization device 500 includes a controller 510 , a data receiver 520 , a decoder 530 , an original verification performing unit 540 , and data utilization according to an embodiment of the present invention. part 550 .

The control unit 510 controls the operation of the medical data utilization device 500, and the operation of each unit such as the data receiving unit 520, the decoding unit 530, the original authentication performing unit 540, and the data utilizing unit 550 is performed. It can be controlled smoothly.

The data receiving unit 520 may receive a medical data cipher text encrypted by a user symmetric key of a specific user and an original authentication cipher text encrypted by a medical institution public key.

In addition, the data receiving unit 520 may include a data storage unit 512 for storing the received medical data encrypted text, original authentication encrypted text, and the like.

The decryption unit 530 may decrypt the encrypted text of the medical data of a specific user or decrypt the original authentication encrypted text. And, the decryption unit 530 decrypts the medical data encrypted text using the symmetric key extraction unit 532 for extracting the user symmetric key using the private key of the utilization institution, and the extracted user symmetric key to obtain the medical data original. It may include a medical data decoding unit 532 .

The original authentication performing unit 540 may perform original authentication on the decrypted original medical data by using the hash value of the decrypted original authentication cipher text.

The original authentication performing unit 540 decrypts the original authentication ciphertext using the public key of the medical institution to extract the original authentication hash value by using a hash value extraction unit 542 for extracting the original authentication hash value, and a hash for calculating the medical data hash value from the decrypted medical data source. It may include a value extractor 544, and a hash value comparison unit 546 that compares the original authentication hash value with the medical data hash value and performs original authentication of the decrypted medical data source.

The data utilization unit 550 performs various analyzes requested by a specific user by utilizing the medical data whose original is proven, and provides the analysis result to the user terminal 200 and the medical data service management device 300 of the specific user. can

19 is a flowchart schematically illustrating a process in which the medical data utilization device decrypts the original authentication cipher text and the medical data cipher text to perform the original authentication on the medical data original according to an embodiment of the present invention, and FIG. It is a diagram illustrating an example of performing original authentication of health checkup data in a medical data utilization device according to an embodiment. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 18 .

19 and 20, the medical data utilization device 500 may separate the grouped original authentication ciphertext and the second medical data ciphertext into the original authentication ciphertext and the second original authentication ciphertext (S810).

In addition, the medical data utilization device 500 decrypts the first symmetric key cipher text using the utilization institution private key to extract the user symmetric key of a specific user, or decrypts the third symmetric key cipher text using the utilization institution private key. A user symmetric key of a specific user may be extracted (S820).

Then, the medical data utilization device 500 may decrypt the medical data encrypted text using the extracted user symmetric key to obtain the original medical data plain text (S830).

Then, the medical data utilization apparatus 500 may calculate a medical data hash value from the original plain text of the medical data (S840).

In addition, the medical data utilization device 500 may extract the original authentication hash value by decrypting the original authentication cipher text using the public key of the medical institution (S850).

Then, the medical data utilization apparatus 500 may perform original authentication of the decrypted medical data original by comparing the original authentication hash value with the medical data hash value (S860 and S870).

In addition, the medical data utilization device 500 provides various services related to utilization and application of medical data to a specific user who is the owner of the medical data by utilizing the original plain text of medical data whose original is verified (S880). Here, various services related to the utilization and application of medical data may include a recipe for a healthy nutritional diet or a list of healthy diets obtained by analyzing a health checkup data pattern.

In addition, the various services may include the total size of the user group and statistical data characteristic information (eg, gender, age, residential area, etc.) possessed by the utilization institution. In addition, the various services may include types of health checkup data and statistical characteristic information (statistical values for each chronic disease, etc.).

21 is a process of downloading medical data to a user terminal and uploading the medical data to a medical data service management device by the user terminal in the medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention; It is a flow chart showing briefly. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 20 .

Referring to FIG. 21, in the medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention, a medical data service management device 300 includes a medical institution data relay device 100, a user terminal ( 200), and manages service subscription and registration of the medical data utilization device 500, and generates and stores various security keys of the medical institution data relay device 100, the user terminal 200, and the medical data utilization device 500 manage

For example, the medical data service management device 300 receives data from the medical institution data relay device 100 and registers the corresponding medical institution and the public key of the medical institution ( S902 ).

At this time, the medical data service management apparatus 300 stores the medical institution public key in the blockchain system 400, and stores the medical institution public key storage ID issued by the blockchain system 400 in the DB (S904 and S906) .

Then, the medical institution data relay apparatus 100 receives a request for downloading medical data from the user terminal 200 of a specific user, and receives a user public key from the user terminal 200 (S906 and S908). In this case, the medical institution data relay apparatus 100 may transmit the first personal consent information regarding the data download consent received from the user terminal 200 to the medical data service management apparatus 300 ( S910 ). Here, the first personal consent information includes personal consent details (individual consent 1-1) for access to medical institution server and medical data list inquiry, and personal consent details (individual consent 1-2) for downloading the selected item. . In addition, the personal consent details are 'personal consent confirmation action result value (personal consent key value)' and 'personal authentication procedure confirmation key value' and ' The user identifier (date of birth + service subscription ID value)' and the like are combined.

Then, after the medical data service management device 300 stores the first personal consent information in the block chain system 400, the first personal consent information storage ID issued by the block chain system 400 is transferred to the medical institution data relay device. It can be provided to (100) (S912). Here, the first personal consent information storage ID includes a code value capable of distinguishing the first personal consent information regarding the download consent for the specific medical data of the specific user from other personal consent information. For example, the medical data service management device 300 provides the first personal consent information storage ID to the user terminal or various requesting organizations, and if necessary in the future, the specific medical treatment information through the first personal consent information storage ID It is possible to prove a specific user's personal consent to data.

In addition, the medical institution data relay device 100 requests medical data of a specific user from the medical institution server 10 based on the first personal consent information storage ID related to data download consent, and receives the specific user's medical data from the medical institution server 10 . receive medical data.

In addition, the medical institution data relay device 100 may generate an original authentication ciphertext by encrypting the attribute value of the medical data through a digital signature using the medical institution private key of a specific medical institution (S914).

In addition, the medical institution data relay device 100 encrypts the medical data using the symmetric key of the medical institution of the specific medical institution or the user public key of the specific user received from the user terminal 200 to generate the first medical data encrypted text. There is (S916).

In addition, the medical institution data relay device 100 may download the encrypted original authentication ciphertext and the first medical data ciphertext together with the personal consent information to the user terminal 200 (S918). In addition, when the medical data download is completed, the user terminal 200 may generate a signal indicating that the data download is normally completed and transmit it to the medical data service management apparatus 300 .

Then, the user terminal 200 may decrypt the first medical data encrypted text using the medical institution symmetric key or the user's private key to read the medical data original and then delete the read medical data original (S920).

The user terminal 200 may transmit the user's second personal consent information for consent to upload medical data to the medical data service management apparatus 300 ( S922 ). At this time, the medical data service management apparatus 300 collects and stores the user's second personal consent information for consent to upload medical data, and provides medical data to the user terminal 200 based on the collected second personal consent information. It can transmit a signal that upload is possible.

Here, the second personal consent information storage ID includes a code value that can distinguish the second personal consent information regarding the upload consent of the specific user for specific medical data from other personal consent information. In addition, the medical data service management apparatus 300 provides the second personal consent information storage ID to the user terminal or various requesting organizations. And, if necessary in the future, the medical data service management apparatus 300 may verify the personal consent details regarding the upload of medical data of a specific user to the specific medical data through the second personal consent information storage ID.

Then, the medical data service management device 300 stores the second personal consent information for consent to upload medical data in the blockchain system 400 (S924), and then the second issued by the blockchain system 400 The personal consent information storage ID may be transmitted to the user terminal 200 to request upload of medical data.

The user terminal 200 may re-encrypt the decrypted medical data using the user symmetric key to generate a second medical data encrypted text (S926).

Then, the user terminal 200 may generate a symmetric key cipher text by encrypting the user symmetric key using the public key generated by the specific application organization (S928).

Then, the user terminal 200 uploads the original authentication ciphertext, the second medical data ciphertext, and the symmetric key ciphertext to the medical data service management device 300 , and uploads the medical data from the medical data service management device 300 . A result may be provided (S930).

22 is a flowchart schematically illustrating a process of a method of transmitting medical data to a utilization institution in a medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention. In this case, the following flowchart will be described using the same reference numerals in connection with the configuration of FIGS. 1 to 21 .

Referring to FIG. 22 , in the medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention, the medical data service management device 300 receives data from the medical data utilization device 500 . It is possible to register the relevant utilization institution and the public key of the utilization institution of the relevant utilization institution (S1002).

In addition, the medical data service management device 300 may store the public key of the utilization institution in the block chain system 400, and store the utilization institution public key storage ID issued by the block chain system 400 in the DB (S1004 and S1004 and S1006). Here, the public key storage ID of the utilization institution includes a code value issued to distinguish the public key of a specific utilization institution from the public key of other utilization institutions.

In addition, when receiving a user's medical data request from the medical data utilization device 500, the medical data service management apparatus 300 may transmit the medical data request to the user's user terminal 200 (S1008).

And, when receiving a request for the public key of the specific utilization institution from the user terminal 200 (S1010), the medical data service management device 300 uses the utilization institution public key storage ID in the block chain system 400 as the public key storage ID. It is possible to inquire the public key of the utilization institution of a specific utilization institution (S1012).

In addition, the medical data service management apparatus 300 may receive a utility public key from the block chain system 400 and provide the issued utility public key to the user terminal 200 ( S1014 and S1016 ).

The user terminal 200 may re-encrypt the decrypted medical data using the user symmetric key to generate a second medical data encrypted text (S1018).

Also, the user terminal 200 may generate a second symmetric key cipher text by encrypting the user symmetric key using the user public key (S1020).

Then, the user terminal 200 may generate a delivery key by encrypting the user symmetric key using the issued public key of the utility organization (S1022).

Then, the user terminal 200 uploads the second medical data encrypted text, the second symmetric key encrypted text, and the transmission key together with the original authentication encrypted text to the medical data service management device 300, and uploads the uploaded data to the specific utilization institution. It may be requested to be transmitted to the medical data utilization device 500 (S1024).

Then, the medical data service management apparatus 300 may re-encrypt the second symmetric key cipher text using the transmission key transmitted from the user terminal 200 to generate a third symmetric key cipher text (S1026).

Then, the medical data service management apparatus 300 may transmit the original authentication encrypted text, the second medical data encrypted text, and the third symmetric key encrypted text to the medical data utilization device 500 (S1028).

In addition, the medical data utilization device 500 may request the medical data service management device 300 for a medical institution public key of a specific medical institution that has issued the user's medical data (S1030).

Then, the medical data service management apparatus 300 may inquire the medical institution public key with the medical institution public key storage ID of the specific medical institution in the block chain system 400 ( S1032 ).

In addition, the medical data service management device 300 may receive a medical institution public key from the block chain system 400 and provide the issued medical institution public key to the medical data utilization device 500 ( S1034 and S1036 ).

Also, the medical data utilization apparatus 500 may decrypt the original authentication data using the medical institution public key, and extract an original authentication hash value from the decrypted data (S1038).

Also, the medical data utilization device 500 may decrypt the third symmetric key cipher text using the private key of the utilization institution to obtain the user symmetric key of the specific user (S1040).

Then, the medical data utilization device 500 decrypts the second medical data encrypted text using the obtained user symmetric key to obtain a medical data source, and calculates a medical data hash value from the decrypted medical data source ( S1042).

In addition, the medical data utilization apparatus 500 may compare the original authentication hash value with the medical data hash value to perform original authentication of the decrypted medical data original ( S1044 ).

In addition, the medical data utilization apparatus 500 may provide various application services to the user terminal 200 by utilizing the original certified medical data. In addition, the medical data utilization device 500 may transmit the application service usage history to the medical data service management device 300 .

In addition, the medical data service management device 300 stores the application service usage history received from the medical data utilization device 500 in the block chain system 500, and the application service usage history storage ID from the block chain system 500 can be provided and managed. In addition, the medical data service management apparatus 300 may provide the application service usage history and the application service usage history storage ID to the user terminal 200 . Here, the application service usage history storage ID distinguishes the specific application service usage history provided by a specific user institution by utilizing the medical data of a specific user from the usage details provided by other utilization organizations, or uses the usage details related to other users. It includes the code value issued to distinguish it from

As described above, the medical data management system for medical data original authentication and personal consent information management according to an embodiment of the present invention encrypts the attribute value of medical data through a digital signature to generate an original authentication ciphertext, and generate an original authentication ciphertext. It provides an environment to improve the security of medical data and to build a security management system for safe movement and utilization of medical data by performing original authentication of medical data using

In addition, the present invention generates an original authentication ciphertext of medical data by using a medical institution private key, and manages to decrypt the original authentication ciphertext only when the utilizing institution receives the corresponding medical institution public key and perform original authentication of medical data, It provides an environment that can improve the security of medical data.

In addition, the present invention provides an environment in which the user terminal can improve the security of the movement and transaction of medical data by re-encrypting the decrypted medical data using the user's symmetric key and transmitting it to the medical data service management apparatus.

In addition, the present invention generates a symmetric key cipher text by encrypting the user symmetric key with the public key of the utilization institution, and decrypts the medical data cipher text by extracting the user symmetric key from the symmetric key cipher text with the utilization institution private key It provides an environment that can improve security.

In addition, the present invention decrypts the original authentication ciphertext using the medical institution public key to extract the original authentication hash value, calculates the medical data hash value from the decrypted medical data source, and compares the original authentication hash value and the medical data hash value. By performing the original authentication of the decrypted medical data original, it provides an environment in which the reliability of the original authentication can be secured and a security management system for safe movement and utilization of medical data can be established.

In addition, the present invention stores various security keys such as a public key of a medical institution and a public key of a utilization institution in the block chain, manages the storage ID of the corresponding security key, and requests the security key for encryption and decryption of medical data. By querying and providing the security key stored in the block chain using the key's storage ID, it provides an environment in which to build a security management system for the safe movement and utilization of medical data.

In addition, the present invention secures the reliability of the user's personal consent by storing the user's personal consent details and personal consent information for the download and upload of medical data, etc. in the block chain, and increases the reliability of the movement and transaction of medical data. It provides an environment for improvement.

In addition, by storing the user's personal consent information related to the movement and utilization of medical data in the block chain and managing the personal consent information storage ID, the user's personal consent details for medical data can be reliably managed, and the medical data It provides an environment to secure the reliability and transparency of medical data transactions by improving the reliability of movement and transactions.

In addition, the present invention improves the reliability and transparency of medical data transactions by performing original authentication of medical data for each user's individual consent unit or controlling the transfer and management of medical data, thereby improving the reliability of medical data movement and transactions. It provides an environment to secure

In addition, the present invention classifies types of medical data, manages them separately by data type, and manages various types of medical data by applying and managing individual consent procedures for each data type, effectively managing various types of medical data, and It provides an environment that can improve reliability.

In addition, the present invention effectively verifies the service usage history of medical data, secures the reliability of the verification of the service usage history, and the user by storing the hash value of the service usage history for the medical data of the utilization institution in the block chain. Provides an environment in which patients can effectively understand and manage their own medical data history.

In addition, the present invention provides personal medical data to a utilization institution and provides various application services to individuals who are the subject of medical data through original authentication, thereby facilitating practical health promotion activities by recycling medical data to health promotion, It provides an environment in which a variety of health care services can be conveniently used to provide personalized services.

In addition, the present invention provides an environment in which an ecosystem can be built to safely utilize the necessary data to companies that want to provide an individual optimized health care service based on industrially legal personal medical data.

The embodiment of the present invention described above is not implemented only through the apparatus and method, and may be implemented through a program for realizing a function corresponding to the configuration of the embodiment of the present invention or a recording medium in which the program is recorded. Such a recording medium may be executed not only in the server but also in the user terminal.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improved forms of the present invention are also provided by those skilled in the art using the basic concept of the present invention as defined in the following claims. is within the scope of the right.

Claims (11)

A personal consent information management module that stores the user's personal consent information for the user's medical data, and manages the received personal consent information by matching it with the medical data;
An interface control module for controlling movement and utilization of the medical data with a medical institution or a utilization institution based on the personal consent information matched with the medical data, and
A block chain management module that stores the hash value of the personal consent information in the block chain, and receives and manages the personal consent information storage ID from the block chain
A medical data service management device using a block chain comprising a. In claim 1,
The personal consent information management module,
A data matching unit that matches the personal consent information for each medical data type so that the original medical data authentication, medical data movement, and medical data transaction are possible for each unit of the personal consent information
A medical data service management device using a block chain comprising a. delete In claim 1,
The blockchain management module is
After receiving the first personal consent information from the medical institution data relay device and storing the hash value of the first personal consent information in the block chain so that the medical institution data relay device can download medical data to the user terminal, the Medical data service management device using block chain, characterized in that the first personal consent information storage ID for the first personal consent information is issued and provided to the medical institution data relay device. In claim 1,
The blockchain management module is
Receive the second personal consent information for uploading medical data from the user terminal, store the hash value of the second personal consent information in the block chain, and issue a second personal consent information storage ID for the second personal consent information Medical data service management device using block chain, characterized in that it is received and provided to a medical institution data relay device. In claim 1,
The blockchain management module is
Service usage history management unit that stores hash values for medical data usage history and health-related service usage history by the user organization in the block chain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ;
Medical data service management device using a block chain further comprising a. receiving, by the medical data service management device, the user's first personal consent information on consent to download medical data from the user terminal;
receiving, by the medical data service management device, a first personal consent information storage ID from the block chain after storing the hash value of the first personal consent information in a block chain; and
transmitting, by the medical data service management device, the first personal consent information storage ID to the requesting device, and receiving the download details of the medical data downloaded from the requesting device based on the first personal consent information storage ID;
A method of managing medical data using a block chain, including In claim 7,
The medical data is
Medical data management method using block chain, characterized in that it is managed by matching the unit of personal consent information by the user. In claim 8,
receiving, by the medical data service management device, the user's second personal consent information for consent to upload medical data; and
Storing, by the medical data service management device, the second personal consent information for consent to upload medical data in a block chain;
receiving, by the medical data service management device, uploading medical data based on the second personal consent information;
Medical data management method using a block chain further comprising a. In claim 9,
The uploading step is
A medical data management method using a block chain, characterized in that the re-encrypted medical data is uploaded from the user terminal. In claim 10,
The medical data service management device receives the medical data usage history and health-related service usage history of the utilization institution, and stores a hash value for the received medical data usage history and health-related service usage history in the block chain. step
Medical data management method using a block chain further comprising a.

Images