TWI506474B - Heterogeneous information device integration method - Google Patents

Description

Heterogeneous information device integration interface method

The present invention relates to a heterogeneous information device integration and interfacing method, and more particularly to a heterogeneous information device integration and interfacing method for transmitting information only temporarily and once to improve the security of information transmission between information systems. .

Among the various industries in the society, medical care is a very important and indispensable industry. At present, domestic medical institutions are actively using electronic medical records to replace the traditional paper-based medical records, in order to achieve paperless operation, avoid waste of paper resources, and effectively save costs.

In order to use the electronic medical record, the medical information system (HIS) in the medical institution needs to be connected to the medical record output and management platform before the medical record is produced. However, most of the information systems used within medical institutions are constructed by different platforms and multiple programming languages. Different heterogeneous information systems are at risk of data theft during data exchange and exchange. In order to satisfy the effective and safe transmission of more confidential user information among various information systems, the present invention proposes a heterogeneous information device integration interface method.

In view of the above problems of the prior art, the object of the present invention is to provide a heterogeneous information device integration interface method to effectively reduce the risk of being stolen when information is transmitted between heterogeneous information systems.

According to the purpose of the present invention, a heterogeneous information device integration interface method is provided for providing a user terminal computer to securely connect with a remote server. The method comprises the following steps: sending a connection through a user terminal computer The login request is generated to generate a public key and a private key corresponding to one of the login information, and receive a public key transmitted by the authentication server to encrypt the interface login information according to the public key to generate a mediation Log in to the encrypted information; Receiving login encryption information and public key transmitted by the client computer through the authentication server, and decrypting the login encryption information according to a private key to restore the login information and determining the login Whether the information has the right to interface with the service; if the authentication server determines that the login encrypted information has the service permission, the interface is generated by the authentication server, and the interface code is transmitted to the user terminal and a remote server; and decoding the interface code by using the private key via the user terminal computer and executing an interface login procedure, and querying the validity of the interface code via the remote server, and determining that the interface code is valid Afterwards, the login page provided by the remote server is transmitted to the user terminal through the interface authentication server to complete the interface login procedure.

Preferably, the authentication server can perform user authentication on the login information through an identity verification database to determine whether the login information has the service authority; if the login information does not interface with the service When the permission is listed in the blacklist, the authentication server generates an error message and transmits it to the user's computer. Otherwise, if the login information has the interface permission, the authentication server is generated. Pick up the code.

Preferably, when the authentication server determines that the incoming login information does not have the service permission, and continuously receives the plurality of incoming login requests sent by the user's computer for a period of time and exceeds the set number of requests. The interface authentication server adds the user terminal to the blacklist.

Preferably, the heterogeneous information device integration interface method further comprises the steps of: reordering the interface login information by the user terminal computer and confusing the parameter into a binary data code, and then transmitting the information according to the authentication server. The key pair encrypts the login information.

Preferably, the heterogeneous information device integration interface method further comprises the steps of: encrypting the interface code according to the public key by the interface authentication server, and transmitting the encrypted interface code to the user terminal computer.

Preferably, the interface code includes a network location corresponding to the remote server.

Preferably, the heterogeneous information device integration interface method further comprises the following steps: analyzing the interface code through the user terminal computer to determine whether the network location in the interface code has a system hazard, and if so, interrupting the interface Login request, if no, perform the login process.

Preferably, the heterogeneous information device integration interface method further comprises the following steps: The authentication server registers the login information and classifies the server name, user account and request login time included in the login information.

Preferably, the heterogeneous information device integration interface method further comprises the following steps: if the remote server determines that the interface code is not valid through the interface authentication server, or the user terminal does not log in at the corresponding request time When logging in the interval, the error message is sent to the user's computer through the authentication server; otherwise, when the remote server sends the login page to the user's computer to complete the login process, The end server changes the corresponding state of the interface code to complete the connection, so that the interface code is invalid and the interface login program can no longer be executed through the interface code.

Preferably, the authentication server adds a timing in a random manner to the interface code when the interface code is generated.

According to the above, the heterogeneous information device integration interface method according to the present invention has one or more of the following characteristics:

1. The present invention can provide a user identity identification component through an asymmetric encryption and decryption component and then identify the identity of the user through the authentication component of the authentication server, thereby improving the security of the information system and enhancing the use. Managed features.

2. The invention encodes the data of the identity authentication component through the coding management component, and adds the timing mixing component to perform coding conversion, providing the strength of the secondary coding to reduce the possibility of being cracked and strengthening the timeliness of the system. Sex.

3. After obtaining the returned information via the encoding management component, the present invention can verify whether the returned message has been tampered with or invalidated by interfacing the login component to ensure the integrity and uniqueness of the information.

4. The login information obtained by the invention through the login component can only be used once, and is discarded after being used up, and cannot be used twice. Even if the interested person picks up the message, the same information can be used to log in through the code query component. The system ensures the security of the heterogeneous system login process.

5. The present invention provides that after receiving the asymmetric encryption-oriented webpage returned by the encoding management component, the user needs to decrypt the navigation URL through the asymmetric encryption and decryption component of the system itself, thereby increasing the system data. Security when transmitting.

6. The interface authentication server of the present invention receives the result encrypted by the user through the asymmetric encryption and decryption component and completes the user authentication process, and then combines the timing hybrid component to generate an irreversible interface code, and registers it later. The interface is connected to the login database. Only a single set of interface code exists in the same sequence and can only be used once. If the interface code has been used by the login system or exceeds the time limit allowed for login, this The interface code is invalid immediately.

7. The interface analysis component of the present invention comprises a heterogeneous system interface login classification and an interface blacklist establishment. In the past, the medical information systems were independent of each other. Therefore, the hospital information room management staff could not clearly observe the interoperability between the systems. The interface analysis component of the present invention, in the interface classification part, was to connect the servers and users. Requests the time of the login to classify, finds the server interface at each time point to conduct statistical analysis regularly, and provides the results of the analysis to the system administrators by wired or wireless network transmission, so that the system administrators The analysis data can be used for mediation control or system adjustment; the blacklist is established when a user continuously sends an interface request within a specific time interval, and the number of requests in this time interval can be determined by the system administrator. If the number of requests set by the system administrator exceeds the number of requests set by the system administrator, the user account and the IP address of the interface request are added to the blacklist. After the system administrator releases the restriction, the interface can be requested again. Sign in.

S11~S14‧‧‧Steps

1‧‧‧User computer

11‧‧‧Local System

12‧‧‧Asymmetric encryption and decryption components

13‧‧‧Interfaced login components

2‧‧‧Remote Server

21‧‧‧Certification query component

22‧‧‧ Remote system

3‧‧‧Interface authentication server

31‧‧‧Identification component

32‧‧‧Code Management Components

33‧‧‧Sequence mixing components

34‧‧‧Interfacing analysis components

Figure 1 is a flow chart of a method for integrating and connecting heterogeneous information devices of the present invention.

Figure 2 is a system architecture diagram of an embodiment of a heterogeneous information device integration interface method of the present invention.

The technical features, contents, and advantages of the present invention, as well as the advantages thereof, can be understood by the present inventors, and the present invention will be described in detail with reference to the accompanying drawings. The subject matter is only for the purpose of illustration and description. It is not intended to be a true proportion and precise configuration after the implementation of the present invention. Therefore, the scope and configuration relationship of the attached drawings should not be interpreted or limited. First described.

Please refer to FIG. 1 , which is a flowchart of a method for integrating and connecting heterogeneous information devices according to the present invention. The process steps include:

Step S11: Sending a login request via a user terminal to generate a public key and a private key corresponding to one of the login information, and receiving a public key transmitted by the authentication server, according to The public key encrypts the incoming login information to generate an encrypted login information. The user-side computer confuses the incoming login information with the parameters and converts them into binary data codes, and then encrypts the incoming login information according to the public key transmitted by the authentication server.

Step S12: receiving the login login encryption information and the public key transmitted by the user terminal computer through the interface authentication server, and decrypting the login login encryption information according to a private key to restore the login information and determining Whether the login information has the ability to interface with the service. The authentication server uses an authentication database to perform user authentication on the login information to determine whether the login information has the service authority; if the login information does not interface with the service or When it is listed in the blacklist, the authentication server generates an error message and transmits it to the user's computer. Otherwise, if the login information has the interface permission, the authentication server is interfaced. Code. In addition, when the authentication server determines that the login information does not have the service permission, and continuously receives the plurality of incoming login requests sent by the user's computer for a period of time and exceeds the set number of requests, The authentication server adds the user terminal to the blacklist.

Step S13: If the authentication server determines that the login encrypted information interface is the service authority, an interface code is generated via the interface authentication server, and the interface code is transmitted to the user terminal computer and the remote server. The interface authentication server encrypts the interface code according to the public key, and then transmits the encrypted interface code to the user terminal computer. In addition, when the authentication server determines that the login encrypted information has the service authority, the login information is registered, and the server name, user account and request login time included in the login information are displayed. sort.

Step S14: Decoding the interface code by using the private key through the user terminal computer and executing an interface login procedure, and querying the validity of the interface code via the remote server, and after determining that the interface code is valid, The authentication server transmits the login page provided by the remote server to the user terminal computer to complete the interface login procedure. Wherein, the interface code includes a network location corresponding to the remote server, and the client computer is in front of performing the interface login procedure. The interface code is analyzed to determine whether the network location in the interface code has a system hazard, and if so, the login request is interrupted, and if not, the interface login procedure is performed. If the remote server passes the interface authentication server to determine that the interface code is not valid, or the user terminal does not log in within one of the time intervals corresponding to the requested login time, an error is sent through the interface authentication server. The login prompt is sent to the user terminal; otherwise, when the remote server transmits the login page to the client computer to complete the interface login procedure, the corresponding status of the interface code is changed to the completion interface via the remote server. , the interface code is invalidated and the interface login program can no longer be executed through the interface code.

Please refer to FIG. 2 , which is a system architecture diagram of an embodiment of a heterogeneous information device integration and interfacing method of the present invention. The heterogeneous information device integration interface method of the present invention mainly uses the asymmetric encryption/decryption component 12 to encrypt the interface login information through the public key provided by the authentication server 3, and combines the advanced encryption standard with the random timing. The output is based on the public key and the private key of the login information, and the encryption result (intermediate login encryption information) and the public key are transmitted to the authentication server 3. The encrypted result cannot be restored by the public key generated by the asymmetric encryption/decryption component 12 or the public key of the interface server 3, and after the authentication server 3 receives the incoming login encrypted information, Use its own private key to restore to the login information. In this way, the user's interface login information is encrypted, and then the irreversible login code corresponding to the authentication server 3 authentication registration and return is introduced, and the user is guided through the interface login component 13 Login system. The asymmetric encryption/decryption component 12 is responsible for reordering the incoming login information and confusing the parameters into a non-human-readable binary data code, and translating the public key of the authentication server 3 Encryption, if the binary data code is cracked, it is not possible to directly obtain the content of the original login information. The interface login component 13 is primarily responsible for parsing the validity of the interface code provided by the authentication server 3, which prevents the interface code from being corrupted and modified during transmission.

After the authentication server 3 receives the incoming login request sent by the asymmetric interface encryption/decryption component 12 of the user computer 1 through the Internet, the incoming login information is first introduced to the user. The private key is restored and parsed, and it is verified whether the user has the right to request the interface service in the system, and the interface analysis component 34 is used to query whether the interface login information exists in the blacklist. Cancel this interface if there is no corresponding usage right or this user is blacklisted The login request is registered and an error message is returned to the user's computer; otherwise, the login information is registered through the code management component 32, and the server name and user account included in the login information are connected. The request login time is transmitted to the interface analysis component 34 for classification. The encoding management component 32 combines the timing mixing component 33 to obtain a unique timing for the login information, and calculates a unique interface code corresponding to the login information through the interface unique code generation algorithm. The interface code is combined with the network location of the remote server 2 and then asymmetrically encrypted by the public key provided by the client computer 1 and transmitted back to the asymmetric encryption/decryption component 12 of the user computer 1. Finally, the server, the user and the time of requesting the login are classified, and the server interface of each time point is found to be statistically analyzed periodically, and the analysis result is transmitted by wired or wireless network. Provided to system administrators to enable system administrators to perform control or system adjustments through this analysis data.

After receiving the unique interface code from the authentication server 3, the client computer 1 performs asymmetric decryption and restoration using its own private key, and then calls the login component 13 to perform the actual system interface login. program. The interface login component 13 analyzes the obtained interface code before initiating the login procedure, attempts to network the information, determines the validity of the purpose, and if the imported login location is detected to have a high degree of system The hazard suspends the connection request service and reminds the user that the interface code has been corrupted. Otherwise, the interface login procedure is executed, and the remote server 2 obtains the relevant unique connection code for the login. The validity of the unique interface code is confirmed via the authentication query component 21 to the authentication server 3. If the set valid time period has been exceeded, the error introduction login prompt page is imported, otherwise the login login procedure is completed and the corresponding login page is imported, and the interface status is updated to completion by the authentication query component 21. Sign in. In other words, the user can no longer perform the one-time login process through the unique connection code.

The functions of the above components are as follows:

1. The client computer 1 includes a local end system 11, an asymmetric encryption/decryption component 12, and an interface login component 13. When the user needs to interface with other remote systems, the local login system 1 can send the interface login information to the asymmetric encryption/decryption component 12 for encryption. The encryption method is provided by the authentication server 3. The key is executed, and the result obtained after encryption can no longer be restored using this public key. The asymmetric encryption/decryption component 12 receives the interface authentication server After the unique connection code of the network location including the remote server 2 is transmitted, the user uses the private key to decrypt and restore, and then tests the connection security through the interface login component 13, and then initiates the login through the interface. Services and information transfer via the Internet.

In the heterogeneous information device integration interface method of the present invention, the user computer 1 performs the following steps: a. The user computer 1 transmits the login information through the asymmetric encryption standard to the random encryption standard through the asymmetric encryption and decryption component 12. The hybrid output is based on the public key and the private key of the login information, and requests the authentication server 3 to release the public key, and then performs the login information through the public key provided by the server 3. Encryption, finally transmitting the login encryption information and the public key to the authentication server 3 to issue a login request, requesting the authentication server 3 to generate the interface code; b, through the interface of the authentication server 3 The identity authentication component 31 to the identity verification database (not shown) queries the identity of the user and, after passing the authentication, starts the code management component 32 to generate the interface code and stores it in the interface to the authentication database (not shown) and back Passing the interface code outputted to the user terminal computer 1; c, decrypting and verifying the interface code returned by the authentication server 3, confirming the correctness of the code, and then starting the interface login component 13 Line interfacing sign-in process.

2. The remote server 2 includes an authentication query component 21 and a remote system 22. The authentication query component 21 is responsible for confirming to the authentication server 3 whether the interface code is valid, confirming the validity of the interface code, and then importing the user into the remote system 22 page to be connected, and completing the normal interface login procedure. The backward interface authentication server 3 changes the unique interface code to the logged in state.

In the heterogeneous information device integration interface method of the present invention, the remote server 21 performs the following steps: a. After receiving the login request from the user terminal computer 1, the remote server 2 transmits the mediation code through the interface code. The code management component 32 in the authentication server 3 obtains the code status existing in the authentication database and returns it. b. determines whether the user who has accessed the login request service has permission to log in. If so, The authentication server 3 transmits the login page provided by the remote server 2 to the user terminal computer 1; c. After completing the normal interface login procedure, the remote server 2 transmits the authentication server 3 The status update service is interfaced, and the corresponding interface code in the change authentication database is the completed interface service.

3. The authentication server 3 is interfaced with an authentication component 31, an encoding management component 32, a timing mixing component 33, and an interface analysis component 34. Authentication component 31, when the user When the asynchronous login/decryption component 12 proposes the incoming login request, the decryption and restore analysis is performed using the private key of the user, and the user identity verification is performed; the identity verification component 31 maintains the interface between the system and the user. When the user who proposes the login request does not have permission to connect to the remote server 2, the authentication component 31 returns an interface error message to the user computer 1. The encoding management component 32 is responsible for processing the interfacing code output and validity registration of all systems. If the previously generated interfacing code does not complete the interrogating login service within a specific time interval, the encoding management component will be used. 32 logout. The timing mixing component 33, the main function is that when the encoding management component 32 produces a unique interface code, a random confusion timing is added to achieve its uniqueness. The analysis component 34 is configured to interface the heterogeneous system with the login and the blacklist, so that the system administrator can perform the control or system adjustment of the classified data through the component, and the blacklist is Enhance the security of the login and prevent unauthorized users from logging in through a large amount of user data.

The heterogeneous information device integration interface method of the present invention mediates the steps performed by the authentication server 31: a. receiving the encrypted interface information encrypted by the user terminal computer 1, and inputting the binary data of the encrypted information. The code is reversed into a message format that can be processed by the system, and the encrypted login information is decoded and restored according to the private key; b. After the identity authentication component 31 obtains the login information of the previous binary data code inversion, the corresponding column is The user account and password are retrieved and retrieved into the identity authentication database for retrieval, and the result is returned to the identity authentication component 31; c. After the user passes the identity verification, the code management component 32 is first obtained by the timing mixing component 33. The random sequence is combined with the interface code and transmitted to the interface authentication database for registration, and then the interface code is transmitted to the user terminal computer 1 and the remote server 2 to complete the subsequent interface login procedure; d, the user If it is not possible to pass the authentication check, it is determined whether the user continuously submits the login request within a fixed time period, if the system has been exceeded. Managers of the set number of requests, this new user to the blacklist, the system manager until the lifting of restrictions, before again requesting access via sign.

In summary, the heterogeneous information device integration interface method of the present invention combines a short-term time-sensitive and one-time interface code generation method, and an asymmetric encryption/decryption component of a user-side common interface, so that the user can authenticate the backend. The public key provided by the server and the interface information to be transmitted are used as parameters of the asymmetric encryption and decryption component, and the addition of the public key cannot be used. The secret result can be used to provide data security and confidentiality services before the heterogeneous system is interfaced. In addition, the present invention also classifies the time of each server, the user, and the request interface through the interface analysis component, and finds the server interface situation at each time point through the classification to perform statistical analysis periodically. The results of the analysis are provided to the system administrators by wired or wireless network transmission, so that the system administrator can perform the connection control or system adjustment through the analysis data, thereby improving the previous medical information systems by themselves. Hospital information room managers are less able to clearly observe and clarify the problems that occur between the various systems.

The above is intended to be illustrative only and not limiting. Any equivalent modifications or alterations to the spirit and scope of the invention are intended to be included in the scope of the appended claims.

S11~S14‧‧‧Steps

Claims (10)

A heterogeneous information device integration interface method for providing a user terminal computer to securely connect with a remote server, the method comprising the steps of: sending a login request via a user terminal computer to generate a corresponding A public key and a private key are connected to one of the login information, and receive a public key transmitted by the authentication server to encrypt the interface login information according to the public key to generate an incoming login encryption information; Receiving, by the interface authentication server, the interface login encryption information and the public key transmitted by the user terminal, and decrypting the interface login encryption information according to a private key to restore the login Information, and determining whether the interface login information has an interface service authority; if the interface authentication server determines that the interface login encryption information has a service permission, generating an interface code via the interface authentication server, and Transmitting the interfacing code to the client computer and the remote server; and using the private key to connect the interfacing code via the user end computer Decoding and executing an interrogation procedure, and querying the validity of the interfacing code via the remote server, and determining that the interfacing code is valid, providing the remote server through the interfacing authentication server The login page is transmitted to the client computer to complete the interface login procedure. The heterogeneous information device integration and interfacing method according to claim 1, wherein the interface authentication server performs user authentication on the interface login information through an identity verification database to determine the interface. Whether the login information has the service permission; if the login information does not have the service permission or is listed in the blacklist, the authentication server generates an error message and transmits it to the user computer. If the interface login information has an interface service permission, the interface authentication server generates the interface code. The heterogeneous information device integration and interfacing method according to claim 2, wherein the interfacing authentication server determines that the intervening login information does not have a service authority, and continuously receives the user end for a period of time. When the plurality of incoming login requests sent by the computer exceed the set number of requests, the interface authentication server adds the user terminal to the blacklist. For example, the heterogeneous information device integration and interfacing method described in claim 1 further includes the following steps: reordering the interface login information by the user terminal computer and confusing the parameter into a binary data code, and then The public key transmitted by the authentication server is connected to the login key The message is encrypted. The heterogeneous information device integration interface method according to claim 1, further comprising the step of: encrypting the interface code according to the public key by the interface authentication server, and then encrypting the interface code The interface code is passed to the user terminal computer. The heterogeneous information device integration interface method according to claim 1, wherein the interface code includes a network location corresponding to the remote server. The heterogeneous information device integration interface method according to claim 6, further comprising the following steps: analyzing the interface code through the user terminal computer to determine whether the network location in the interface code is There is a system hazard, and if so, the interrogation request is interrupted, and if not, the interrogation procedure is executed. The heterogeneous information device integration interface method of claim 1, further comprising the steps of: registering the login information through the interface authentication server, and including in the login information The server name, user account number, and request login time are classified. The method for integrating and connecting a heterogeneous information device as described in claim 8 further includes the step of: if the remote server determines, by the interface authentication server, that the interface code is not valid, or the user When the terminal computer does not log in within one of the time intervals corresponding to the requested login time, an error message is sent to the user computer through the interface authentication server; otherwise, when the remote server transmits the login page to When the user terminal computer completes the interface login procedure, the corresponding state of the interface code is changed to completion through the remote server, so that the interface code is invalid and cannot be executed through the interface code. Introduce the login program. The heterogeneous information device integration interface method of claim 1, wherein the interface authentication server adds a timing in a random manner to the interface code when the interface code is generated.