WO2020186823A1 - 区块链的数据查询方法、装置、系统、设备及存储介质 - Google Patents
区块链的数据查询方法、装置、系统、设备及存储介质 Download PDFInfo
- Publication number
- WO2020186823A1 WO2020186823A1 PCT/CN2019/122575 CN2019122575W WO2020186823A1 WO 2020186823 A1 WO2020186823 A1 WO 2020186823A1 CN 2019122575 W CN2019122575 W CN 2019122575W WO 2020186823 A1 WO2020186823 A1 WO 2020186823A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- ciphertext
- terminal
- information
- electronic medical
- request
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H10/00—ICT specially adapted for the handling or processing of patient-related medical or healthcare data
- G16H10/60—ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Definitions
- This application relates to the field of data transmission technology, in particular to a blockchain data query method, device, system, equipment and storage medium.
- the health information platform uses electronic medical records to store all patient data and update the data in real time.
- the currently established health information platforms usually rely on centralized information systems to carry them, and based on this centralized information system, the storage and storage of electronic medical records are realized. Transmission of data in electronic medical records.
- the centralized information system protects the user’s personal privacy through identity authentication and authorization. It also binds and stores the user’s medical information with the user’s identity information, contact information, and other personal information. When a patient’s medical information is requested, the information system will transmit the data to the doctor directly based on the user’s name.
- Doctors can freely view personal medical information stored in the information system, which is likely to cause the malicious spread of medical information in the information system, resulting in the spread of information, and the security of the information is low.
- this application provides a blockchain data query method, device, system, equipment and storage medium.
- the main purpose is to solve the problem that doctors can view personal medical information stored in the information system at will, which is likely to cause The medical information in the information system is maliciously spread, causing the spread of information and the problem of low information security.
- the first aspect of the embodiments of the present application provides a blockchain-based data query method, which includes:
- the query request When a query request is received, obtaining a first certificate private key, the query request carries an information identifier, and the first certificate private key is the certificate private key of the first digital certificate of the first terminal;
- the text is generated by the second terminal after receiving the requested cipher text transmitted by the electronic medical record storage device and transmitted to the electronic medical record storage device.
- the first terminal of this application needs to generate a request ciphertext when requesting information, and use the electronic medical record storage device to send
- the second terminal transmits the requested ciphertext, and can obtain the target medical information that it wants to query with the permission of the second terminal, so that the first terminal cannot obtain the user's electronic medical record at will, reducing the risk of malicious spread of information and avoiding information
- the proliferation of information security is high.
- FIG. 1A shows a schematic flowchart of a method for querying data on a blockchain provided by an embodiment of the present application
- FIG. 1B shows a schematic flowchart of a method for querying data on a blockchain according to an embodiment of the present application
- FIG. 1C shows a schematic flowchart of a method for querying data on a blockchain according to an embodiment of the present application
- FIG. 2 shows a schematic flowchart of a method for querying data on a blockchain according to an embodiment of the present application
- FIG. 3A shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application
- FIG. 3B shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application
- FIG. 4A shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application
- FIG. 4B shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application
- FIG. 5A shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application
- FIG. 5B shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application
- FIG. 5C shows a schematic structural diagram of a block chain data query device provided by an embodiment of the present application.
- Fig. 6 shows a schematic diagram of a device structure of a device provided in an embodiment of the present application.
- the embodiment of the application provides a method for querying data on the blockchain.
- the private key of the first certificate can be used to generate the request ciphertext, and the electronic medical record storage device transmits the request ciphertext to the second terminal, so that the second terminal is based on the request
- the ciphertext is used to determine whether to display the information to the first terminal, to ensure that the first terminal requests to view the information with the permission of the second terminal, so as to reduce the risk of malicious spread of information, avoid the spread of information, and the security of information is higher.
- the method includes:
- the first terminal When receiving the query request, the first terminal obtains the first certificate private key, the query request carries an information identifier, and the first certificate private key is the certificate private key of the first digital certificate of the first terminal.
- the first terminal when a query request is received, in order to encrypt the query request so as to ensure the security of the query request during transmission, the first terminal obtains the private key of the first certificate so that it can be subsequently based on the first certificate.
- the private key of the certificate encrypts the query request.
- the first terminal encrypts the query request using the first certificate private key, generates the request ciphertext, and transmits the request ciphertext and the first terminal identifier to the electronic medical record storage device, and the electronic medical record storage device stores the electronic medical record based on the blockchain.
- the first terminal after the first terminal obtains the first certificate private key, it can use the first certificate private key to encrypt the query request to generate an encrypted query request, that is, the request ciphertext, and the The request ciphertext is transmitted to the electronic medical record storage device to ensure that the request ciphertext will not be tampered with during transmission.
- the first terminal receives the feedback ciphertext returned by the electronic medical record storage device after receiving the request ciphertext and the first terminal identifier, extracts the target medical information indicated by the information identifier from the feedback ciphertext, and the feedback ciphertext is received by the second terminal
- the request ciphertext transmitted by the electronic medical record storage device is generated and transmitted to the electronic medical record storage device.
- the feedback ciphertext is generated by the second terminal according to the request ciphertext transmitted by the first terminal Therefore, the target medical information indicated by the information identifier can be extracted from the feedback ciphertext.
- the first terminal when the first terminal requests query information, it needs to generate the request ciphertext, and use the electronic medical record storage device to transmit the request ciphertext to the second terminal, and only obtain the desired ciphertext with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- the embodiment of the application provides a method for querying data on the blockchain.
- the private key of the first certificate can be used to generate the request ciphertext, and the electronic medical record storage device transmits the request ciphertext to the second terminal, so that the second terminal is based on the request
- the ciphertext is used to determine whether to display the information to the first terminal, to ensure that the first terminal requests to view the information with the permission of the second terminal, so as to reduce the risk of malicious spread of information, avoid the spread of information, and the security of information is higher.
- the method includes:
- the electronic medical record storage device receives the request ciphertext and the first terminal identifier transmitted by the first terminal, it transmits the request ciphertext and the first terminal identifier to the second terminal, and the first terminal uses the first certificate for the request ciphertext.
- the private key encrypts and generates the query request, the query request carries an information identifier, and the first certificate private key is the certificate private key of the first digital certificate of the first terminal.
- the electronic medical record storage device when the electronic medical record storage device receives the requested ciphertext transmitted by the first terminal, in order for the second terminal to determine whether the first terminal can provide the information it wants to query, the electronic medical record storage device will The ciphertext is requested to be transmitted to the second terminal.
- the electronic medical record storage device When the electronic medical record storage device receives the information identifier returned by the second terminal, it queries the information ciphertext of the target medical information indicated by the stored information identifier, and transmits the information ciphertext to the second terminal.
- the electronic medical record storage device when the electronic medical record storage device receives the information identifier returned by the second terminal, since the electronic medical record storage device stores the electronic medical records of all users, the electronic medical record storage device can query the information according to the information identifier.
- the information ciphertext indicated by the identifier is transmitted to the second terminal, so that the second terminal can decide whether to transmit the information ciphertext indicated by the information identifier to the first terminal for viewing.
- the electronic medical record storage device receives the feedback ciphertext returned by the second terminal, and transmits the feedback ciphertext to the first terminal.
- the feedback ciphertext is generated and sent by the second terminal after receiving the information ciphertext.
- the electronic medical record storage device receives the feedback ciphertext returned by the second terminal, it means that the second terminal allows the first terminal to view the information. Therefore, the electronic medical record storage device transmits the information to the second terminal.
- the feedback ciphertext is transmitted to the first terminal so that the first terminal can view the feedback ciphertext.
- the first terminal when the first terminal requests query information, it needs to generate the request ciphertext, and use the electronic medical record storage device to transmit the request ciphertext to the second terminal, and only obtain the desired ciphertext with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- the embodiment of the application provides a method for querying data on the blockchain.
- the private key of the first certificate can be used to generate the request ciphertext, and the electronic medical record storage device transmits the request ciphertext to the second terminal, so that the second terminal is based on the request
- the ciphertext is used to determine whether to display the information to the first terminal, to ensure that the first terminal requests to view the information with the permission of the second terminal, so as to reduce the risk of malicious spread of information, avoid the spread of information, and the security of information is higher.
- the method includes:
- the second terminal uses the first certificate public key indicated by the first terminal identifier to decrypt the request ciphertext, and the request ciphertext is generated by the first terminal It is transmitted to the electronic medical record storage device, the first certificate public key is the certificate public key of the first digital certificate of the first terminal, and the electronic medical record storage device stores the electronic medical record based on the blockchain.
- the request ciphertext is generated by using the first certificate private key encryption of the first terminal, and the certificate private key and the certificate public key
- the keys can be mutually encrypted and decrypted. Therefore, the second terminal uses the first certificate public key to decrypt the request ciphertext.
- the second terminal If the second terminal successfully decrypts the request ciphertext using the first certificate public key, it extracts the information identifier from the request ciphertext, and transmits the information identifier to the electronic medical record storage device.
- the second terminal uses the first certificate public key to successfully decrypt the request ciphertext, it means that the request ciphertext has not been tampered with during transmission. Therefore, it can be included in the decrypted request ciphertext. Extract the information ID. Since the user’s electronic medical records are all stored in the electronic medical record storage device, in order to obtain the information indicated by the information identifier, the second terminal needs to transmit the information identifier to the electronic medical record storage device, so that the electronic medical record storage device sends the second terminal according to the information identifier. The terminal returns the information it needs to obtain.
- the second terminal receives the information ciphertext returned by the electronic medical record storage device, and extracts the target medical information indicated by the information identifier from the information ciphertext.
- the second terminal after the second terminal receives the information ciphertext indicated by the information identifier returned by the electronic medical record storage device, since the information ciphertext is usually obtained by encrypting the second certificate public key of the second terminal, the second terminal The terminal can use its own second certificate private key to decrypt the information ciphertext, thereby extracting the target medical information from the information ciphertext.
- the second terminal encrypts the target medical information based on the first certificate public key, generates a feedback ciphertext, and transmits the feedback ciphertext to the electronic medical record storage device.
- the second terminal after the second terminal obtains the target medical information, in order to ensure the security of the target medical information during the transmission process, and the target medical information can only be viewed by the first terminal, the second terminal is based on The first certificate public key encrypts the target medical information, generates the feedback ciphertext, and transmits the feedback ciphertext to the electronic medical record storage device, and the electronic medical record storage device transmits the feedback ciphertext to the first terminal, so that the first terminal adopts itself
- the private key of the first certificate can decrypt the feedback ciphertext, thereby reading the target medical information in the feedback ciphertext.
- the first terminal when the first terminal requests query information, it needs to generate the request ciphertext, and use the electronic medical record storage device to transmit the request ciphertext to the second terminal, and only obtain the desired ciphertext with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- the embodiment of the application provides a data transmission method based on blockchain.
- the first certificate private key can be used to generate the request ciphertext, and the electronic medical record storage device transmits the request ciphertext to the second terminal, so that the second terminal is based on the
- the ciphertext is requested to determine whether to display the information to the first terminal, ensuring that the first terminal's request to view the information requires the permission of the second terminal, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security
- the purpose of this method is applied to the first terminal, the electronic medical record storage device and the second terminal, and involves the interaction between the first terminal, the electronic medical record storage device and the second terminal.
- the method includes:
- the first terminal receives the query request, it obtains the first certificate private key, uses the first certificate private key to encrypt the query request, generates the request ciphertext, and transmits the request ciphertext and the first terminal identification to the electronic medical record storage equipment.
- the applicant realizes that there are a large number of terminals connected to the electronic medical record storage device, including terminals in hospitals and terminals held by users.
- users electronic medical records are stored in electronic medical record storage devices.
- electronic medical record storage devices In order to ensure the security and fairness of electronic medical records stored in electronic medical record storage devices, electronic medical record storage devices usually use blockchain technology to store users.
- Blockchain technology has the characteristics of decentralization. This feature makes the information stored in the electronic medical record storage system open and transparent. In order to prevent the hospital from randomly acquiring the information in the user's electronic medical record in the electronic medical record storage system, it will lead to electronic The information in the medical record storage system is leaked.
- the embodiment of the application When accessing the information, the embodiment of the application requires the hospital to request the user to view the information, and the user can share the information that the hospital wants to view through the electronic medical record storage system.
- the hospital terminal is used as the first terminal and the user terminal is the second terminal as an example for description.
- the electronic medical record storage system can also access a large number of other terminals.
- the embodiment of the present application does not specifically limit the number of terminals accessed in the electronic medical record storage system.
- the electronic medical record storage system may provide a client for the first terminal and the second terminal, and provide the first terminal and the second terminal with information transmission services based on the client.
- the client can provide an information transmission portal.
- the information identification needs to be carried in the query request.
- the information identification may be the user's user name, user account, user ID number, etc.
- the first terminal needs to encrypt the query request and transmit the encrypted query request.
- the digital certificate includes the certificate public key and the certificate private key.
- the certificate public key is open to everyone, and the certificate private key is It is owned by the terminal itself, and the certificate public key and the certificate private key have the characteristics of mutual encryption and decryption.
- the first terminal encrypts the query request, due to its own certificate public key (that is, the first certificate public key) It is open to the outside world, so you can use your own certificate private key (that is, the first certificate private key) to encrypt the query request, generate the request ciphertext, and transmit the request ciphertext to the electronic medical record storage system to be based on the request
- the ciphertext is used to realize the operation of requesting information query from the second terminal.
- the digital certificate of each terminal can be stored correspondingly with the terminal identification of the terminal, so that when querying the digital certificate, the query can be based on the terminal identification.
- the first terminal in order for the second terminal to know which terminal is requesting query information when receiving the request ciphertext transmitted by the electronic medical record storage device, the first terminal is transmitting the request ciphertext to the electronic medical record storage device At this time, the terminal name or terminal number can be extracted, the terminal name or terminal number is used as the first terminal identification, and the first terminal identification is also transmitted to the second terminal along with the request cipher text, so that the second terminal can also It is determined whether information can be transmitted to the first terminal according to the identity of the first terminal.
- the electronic medical record storage device When the electronic medical record storage device receives the request ciphertext and the first terminal identifier transmitted by the first terminal, it transmits the request ciphertext and the first terminal identifier to the second terminal.
- the electronic medical record storage device when the electronic medical record storage device receives the request ciphertext and the first terminal identifier transmitted by the first terminal, only the user can authorize the doctor to inquire whether or not his electronic medical record can be checked. Therefore, the electronic medical record storage device The received request ciphertext and the first terminal identifier transmitted by the first terminal are transmitted to the second terminal, so that the second terminal determines whether to transmit the information it wants to query to the first terminal.
- the second terminal uses the first certificate public key indicated by the first terminal identifier to decrypt the request ciphertext, if the first certificate public key is used If decryption of the requested ciphertext fails, the following steps 204 to 206 are executed; if the first certificate public key is used to decrypt the request ciphertext successfully, the following steps 207 to 211 are executed.
- the second terminal when the second terminal receives the request ciphertext transmitted by the electronic medical record storage device, since the request ciphertext is generated by the first terminal based on the first certificate private key signature of its own first digital certificate, Therefore, as long as the second terminal can decrypt the request ciphertext using the first certificate public key, it means that the request ciphertext has not been tampered with during transmission, and the second terminal can trust the request ciphertext.
- the second terminal fails to decrypt the request ciphertext using the first certificate public key, it means that the request ciphertext is likely to be tampered with during transmission, or the request ciphertext was not sent by the first terminal, which may be Other malicious nodes forged, that is, the following steps 204 to 206 are executed. If the second terminal uses the first certificate public key to decrypt the request ciphertext successfully, it means that the request ciphertext has not been tampered with during transmission, the content included in the request ciphertext is true, and the request ciphertext is determined Generated and sent by the first terminal, that is, execute the following steps 207 to 211.
- the second terminal can query the first digital certificate of the first terminal through the first terminal identifier, and the first digital certificate is included in the first digital certificate.
- the first certificate public key is obtained, and the request ciphertext is decrypted based on the first certificate public key.
- the process of obtaining the public key of the first certificate by the second terminal according to the first terminal identifier is the same as the process of obtaining the public key of the second certificate by the first terminal in step 201, and will not be repeated here.
- the second terminal may also use the first terminal identifier of the first terminal after receiving the first terminal identifier of the first terminal.
- a terminal identification is shown to the user of the second terminal. If the user of the second terminal is not allowed to transmit information to the first terminal, that is, the user of the second terminal does not want to authorize the first terminal to view the information, the second terminal can directly execute The following steps 204 to 206 do not need to decrypt the request ciphertext.
- the second terminal If the decryption of the request ciphertext using the first certificate public key fails, the second terminal generates a failure response and transmits the failure response to the electronic medical record storage device.
- the second terminal fails to decrypt the request ciphertext using the first certificate public key, it means that the request ciphertext may be tampered with during transmission, or the request ciphertext was not sent by the first terminal , May be forged by other malicious nodes. Therefore, a failure response is generated, and the failure response is transmitted to the electronic medical record storage device, so that the electronic medical record storage will output the failure response to the first terminal, so that the first terminal can obtain the After the failure response, the request cipher text can be resent.
- the electronic medical record storage device receives the failure response transmitted by the second terminal, and transmits the failure response to the first terminal.
- the electronic medical record storage device when the electronic medical record storage device receives the failure response transmitted by the second terminal, in order to enable the first terminal to determine based on the failure response that the transmitted request ciphertext is not recognized by the second terminal, so that the first terminal The request ciphertext can be resent, and the electronic medical record storage device transmits the received failure response to the first terminal.
- the first terminal receives the failure response transmitted by the electronic medical record storage device, and re-executes the foregoing process of generating the request ciphertext and transmitting the request ciphertext to the electronic medical record storage device.
- the first terminal after the first terminal receives the failure response transmitted by the electronic medical record storage device, it can be determined that the previously sent request ciphertext is not recognized by the second terminal. In this way, the first terminal needs to re-execute In the above step 201, a new request ciphertext is regenerated, and the generated new request ciphertext is retransmitted to the electronic medical record storage device for transmission.
- the process of generating and transmitting the request ciphertext is consistent with the process shown in step 201 above, and will not be repeated here.
- the second terminal uses the first certificate public key to successfully decrypt the request ciphertext, extract the information identifier from the request ciphertext, and transmit the information identifier to the electronic medical record storage device.
- the second terminal uses the first certificate public key to successfully decrypt the request ciphertext, it means that the request ciphertext is authentic and has not been tampered with during transmission. Therefore, it can be based on the request ciphertext.
- the text is the first terminal to transmit information.
- the second terminal since the second terminal has successfully decrypted the request ciphertext, the second terminal can extract the information identifier from the successfully decrypted request ciphertext, and determine the information requested by the first terminal according to the information identifier.
- the second terminal since personal medical information is stored in the electronic medical record storage device, in order to obtain the information requested by the first terminal, the second terminal transmits the obtained information identifier to the electronic medical record storage device. So that the electronic medical record storage device determines the target medical information according to the information identifier, and returns the target medical information to the second terminal, and the second terminal decides whether to transmit the target medical information to the first terminal.
- the electronic medical record storage device receives the information identifier returned by the second terminal, extracts the information ciphertext indicated by the information identifier, and transmits the information ciphertext to the second terminal.
- the electronic medical record storage device after the electronic medical record storage device receives the information identifier returned by the second terminal, it can extract the information requested by the second terminal according to the information identifier, and transmit the acquired information to the second terminal.
- the electronic medical record storage device uses the user's certificate public key to encrypt the electronic medical record when storing the electronic medical record of each user, and stores the encrypted electronic medical record, that is, it stores the information ciphertext including the electronic medical record, Therefore, the electronic medical record storage device can only obtain the information ciphertext according to the information identifier. In this way, the electronic medical record storage device only needs to transmit the obtained information ciphertext to the second terminal.
- the electronic medical record storage device when obtaining the information ciphertext, the electronic medical record storage device can first determine the target block where the information ciphertext is located according to the information identifier , And obtain the target block; subsequently, extract the information cipher text indicated by the information identifier in the target block, and transmit the information cipher text to the second terminal.
- the second terminal receives the information ciphertext returned by the electronic medical record storage device, extracts the target medical information indicated by the information identifier from the information ciphertext, encrypts the target medical information based on the first certificate public key, generates a feedback ciphertext, and sends the feedback ciphertext
- the document is transferred to the electronic medical record storage device.
- the second terminal after the second terminal receives the information ciphertext returned by the electronic medical record storage device, the information ciphertext is encrypted, and it is usually the second certificate public using the second digital certificate of the second terminal.
- the key is encrypted. Therefore, only the second terminal can decrypt the information ciphertext, so as to obtain the target medical information indicated by the information identifier in the information ciphertext.
- the second terminal receives the information ciphertext indicated by the information identifier returned by the electronic medical record storage device, and obtains the second certificate private key stored by itself; then, uses the second certificate private key to decrypt the information ciphertext, Extract the target medical information from the information ciphertext.
- the second terminal uses the second certificate private key to decrypt the information ciphertext, thereby extracting the target medical information from the information ciphertext.
- the second terminal encrypts the target medical information based on the first certificate public key, and generates a feedback secret including the target medical information. And transmit the feedback ciphertext to the electronic medical record storage device, so that the electronic medical record storage device transmits the feedback ciphertext to the first terminal to realize the information query requested by the first terminal.
- the electronic medical record storage device receives the feedback ciphertext returned by the second terminal, and transmits the feedback ciphertext to the first terminal.
- the electronic medical record storage device after the electronic medical record storage device receives the feedback ciphertext returned by the second terminal, it can transmit the feedback ciphertext to the first terminal so that the first terminal can obtain the target medical information in the feedback ciphertext .
- the first terminal receives the feedback ciphertext returned by the electronic medical record storage device after receiving the requested ciphertext, obtains the first certificate private key, uses the first certificate private key to decrypt the feedback ciphertext, and extracts the feedback ciphertext The target medical information indicated by the information identifier.
- the first terminal after the first terminal receives the feedback ciphertext returned by the electronic medical record storage device, since the feedback ciphertext is obtained by encrypting the first certificate public key of the first terminal, the first terminal can obtain The first certificate private key is used to decrypt the feedback ciphertext, and the target medical information indicated by the information identifier is extracted from the decrypted feedback ciphertext.
- the first terminal when the first terminal requests query information, it needs to generate the request ciphertext, and use the electronic medical record storage device to transmit the request ciphertext to the second terminal, and only obtain the desired ciphertext with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- an embodiment of the present application provides a blockchain data query device.
- the device includes: an acquisition module 301, an encryption module 302, and an extraction module 303.
- the obtaining module 301 is configured to obtain a first certificate private key when a query request is received, the query request carries an information identifier, and the first certificate private key is the certificate private key of the first digital certificate of the first terminal ;
- the encryption module 302 is configured to use the first certificate private key to encrypt the query request, generate the request ciphertext, and transmit the request ciphertext and the first terminal identifier to the electronic medical record storage device.
- the electronic medical record storage device stores the electronic Medical record
- the extraction module 303 is configured to receive the feedback ciphertext returned by the electronic medical record storage device after receiving the request ciphertext and the first terminal identifier, and extract the target medical information indicated by the information identifier from the feedback ciphertext, and the feedback ciphertext is sent by the second terminal Generated and transmitted to the electronic medical record storage device after receiving the requested ciphertext transmitted by the electronic medical record storage device.
- the extraction module 303 includes a receiving unit 3031 and a decrypting unit 3032.
- the receiving unit 3031 is configured to receive the feedback ciphertext returned by the electronic medical record storage device after receiving the request ciphertext, and obtain the first certificate private key;
- the decryption unit 3032 is configured to use the first certificate private key to decrypt the feedback ciphertext, and extract the target medical information indicated by the information identifier from the feedback ciphertext.
- the acquisition module 301 is also used to re-execute the above-mentioned process of generating the request ciphertext and transmitting the request ciphertext to the electronic medical record storage device if a failure response returned by the electronic medical record storage device is received.
- the first terminal when the first terminal requests for inquiring information, it needs to generate the request ciphertext, and transmit the request ciphertext to the second terminal by means of the electronic medical record storage device, and obtain the desired ciphertext only with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- an embodiment of the application provides a blockchain data query device.
- the device includes: a first transmission module 401, an extraction module 402, and The second transmission module 403.
- the first transmission module 401 is configured to transmit the request ciphertext and the first terminal identifier to the second terminal when the request ciphertext and the first terminal identifier transmitted by the first terminal are received, and the request ciphertext is adopted by the first terminal
- the first certificate private key encrypts and generates the query request, the query request carries an information identifier, and the first certificate private key is the certificate private key of the first digital certificate of the first terminal;
- the extraction module 402 is configured to, when receiving the information identifier returned by the second terminal, query the information ciphertext of the target medical information indicated by the stored information identifier, and transmit the information ciphertext to the second terminal;
- the second transmission module 403 is configured to receive the feedback ciphertext returned by the second terminal, and transmit the feedback ciphertext to the first terminal.
- the feedback ciphertext is generated and sent by the second terminal after receiving the information ciphertext.
- the device further includes a third transmission module 404.
- the third transmission module 404 is configured to transmit the failure response to the first terminal if the failure response returned by the second terminal is received.
- the first terminal when the first terminal requests for inquiring information, it needs to generate the request ciphertext, and transmit the request ciphertext to the second terminal by means of the electronic medical record storage device, and obtain the desired ciphertext only with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- an embodiment of the application provides a blockchain data query device.
- the device includes: a decryption module 501, an extraction module 502, and a receiving module 503 and encryption module 504.
- the decryption module 501 is configured to use the first certificate public key indicated by the first terminal identifier to decrypt the request ciphertext when the request ciphertext and the first terminal identifier transmitted by the electronic medical record storage device are received, and the request ciphertext is
- the terminal generates and transmits to the electronic medical record storage device, the first certificate public key is the certificate public key of the first digital certificate of the first terminal, and the electronic medical record storage device stores the electronic medical record based on the blockchain;
- the extraction module 502 is configured to, if the request ciphertext is successfully decrypted using the first certificate public key, extract the information identifier from the request ciphertext, and transmit the information identifier to the electronic medical record storage device;
- the receiving module 503 is configured to receive the information ciphertext returned by the electronic medical record storage device, and extract the target medical information indicated by the information identifier from the information ciphertext;
- the encryption module 504 is configured to encrypt the target medical information based on the first certificate public key, generate feedback ciphertext, and transmit the feedback ciphertext to the electronic medical record storage device.
- the receiving module 503 includes an acquiring unit 5031 and a decrypting unit 5032.
- the obtaining unit 5031 is configured to receive the information cipher text indicated by the information identifier returned by the electronic medical record storage device, and obtain the second certificate private key, which is the certificate private key of the second digital certificate of the second terminal;
- the decryption unit 5032 is configured to use the second certificate private key to decrypt the information ciphertext, and extract the target medical information indicated by the information identifier from the information ciphertext.
- the device further includes a generating module 505.
- the generating module 505 is configured to generate a failure response if the decryption of the request ciphertext using the first certificate public key fails, and transmit the failure response to the electronic medical record storage device.
- the first terminal when the first terminal requests for inquiring information, it needs to generate the request ciphertext, and transmit the request ciphertext to the second terminal by means of the electronic medical record storage device, and obtain the desired ciphertext only with the permission of the second terminal.
- the queried target medical information prevents the first terminal from obtaining the user's electronic medical record at will, which reduces the risk of malicious spread of information, avoids the spread of information, and has high information security.
- the device 600 includes a communication bus, a processor, a memory, and a communication interface, and may also include an input/output interface, and a display device, wherein one of the functional units The communication between each other can be completed through the bus.
- the memory stores computer-readable instructions, and the processor is used to execute the programs stored in the memory and execute the blockchain data transmission method in the foregoing embodiment.
- a computer-readable storage medium has computer-readable instructions stored thereon, and when the computer-readable instructions are executed by a processor, the steps of the blockchain data transmission method are realized.
- the software product can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.), including several
- the instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute the methods described in each implementation scenario of this application.
- modules in the device in the implementation scenario can be distributed in the device in the implementation scenario according to the description of the implementation scenario, or can be changed to be located in one or more devices different from the implementation scenario.
- the modules of the above implementation scenarios can be combined into one module or further divided into multiple sub-modules.
- Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
- Volatile memory may include random access memory (RAM) or external cache memory.
- RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Medical Informatics (AREA)
- Primary Health Care (AREA)
- Public Health (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Epidemiology (AREA)
- Medical Treatment And Welfare Office Work (AREA)
- Storage Device Security (AREA)
- Measuring And Recording Apparatus For Diagnosis (AREA)
Abstract
本申请公开了一种区块链的数据查询方法、装置、系统、设备及存储介质,涉及数据传输技术领域,可以使第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。所述方法包括:当接收到查询请求时,获取第一证书私钥,查询请求中携带信息标识;采用第一证书私钥对查询请求进行加密,生成请求密文,将请求密文和第一终端标识传输至电子病历存储设备;接收电子病历存储设备在接收到请求密文和第一终端标识后返回的反馈密文,在反馈密文中提取信息标识指示的目标医疗信息。
Description
本申请申明享有2019年03月21日递交的申请号为201910218386.6、名称为“区块链的数据查询方法、装置、系统、设备及存储介质”中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。
本申请涉及数据传输技术领域,特别是涉及一种区块链的数据查询方法、装置、系统、设备及存储介质。
随着互联网技术的飞速发展,卫生与健康现代医疗卫生体系的建设规划也越来越成熟,预计到2020年,将建成全面的健康信息平台,实现所在地区各大医院之间信息的互联互通。健康信息平台中采用电子病历的形式存储患者的所有数据并实时更新数据,目前已经建立的健康信息平台通常依赖中心化的信息系统所搭载,并基于该中心化的信息系统实现电子病历的存储及电子病历中数据的传输。
相关技术中,中心化的信息系统是通过身份认证和授权来保护用户的个人隐私的,也即将用户的医疗信息与用户的身份信息、联系方式信息等个人信息绑定存储,当医生需要查询某位病人的医疗信息时,直接根据用户的姓名在向信息系统请求数据,信息系统便会将数据传输给医生。
在实现本申请的过程中,申请人发现相关技术至少存在以下问题:
医生可以随意查看信息系统中存储的个人的医疗信息,很有可能导致信息系统中的医疗信息被恶意传播,造成信息的扩散,信息的安全性较低。
有鉴于此,本申请提供了一种区块链的数据查询方法、装置、系统、设备及存储介质,主要目的在于解决目前医生可以随意查看信息系统中存储的个人的医疗信息,很有可能导致信息系统中的医疗信息被恶意传播,造成信息的扩散,信息的安全性较低的问题。
本申请实施例的第一方面提供了一种基于区块链的数据查询方法,该方法包括:
当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;
采用所述第一证书私钥对所述查询请求进行加密,生成请求密文,将所述请求密文和第一终端标识传输至电子病历存储设备,所述电子病历存储设备基于区块链存储电子病历;
接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,所述反馈密文由第二终端接收到所述电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
在本申请实施例中,与目前医生可以随意查看信息系统中存储的个人的医疗信息的方式相比,本申请第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
图1A示出了本申请实施例提供的一种区块链的数据查询方法流程示意图;
图1B示出了本申请实施例提供的一种区块链的数据查询方法流程示意图;
图1C示出了本申请实施例提供的一种区块链的数据查询方法流程示意图;
图2示出了本申请实施例提供的一种区块链的数据查询方法流程示意图;
图3A示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图3B示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图4A示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图4B示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图5A示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图5B示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图5C示出了本申请实施例提供的一种区块链的数据查询装置的结构示意图;
图6示出了本申请实施例提供的一种设备的装置结构示意图。
本申请实施例提供了一种区块链的数据查询方法,可以采用第一证书私钥生成请求密文,由电子病历存储设备将请求密文传输给第二终端,使得第二终端基于该请求密文来确定是否将信息展示给第一终端,保证第一终端请求查看信息需要经过第二终端的允许,达到降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高的目的,如图1A所示,该方法包括:
101、第一终端当接收到查询请求时,获取第一证书私钥,查询请求中携带信息标识,第一证书私钥为第一终端的第一数字证书的证书私钥。
在本申请实施例中,当接收到查询请求时,为了对查询请求进行加密,从而保证查询请求在传输过程中的安全性,第一终端获取第一证书私钥,以便在后续基于该第一证书私钥对查询请求进行加密。
102、第一终端采用第一证书私钥对查询请求进行加密,生成请求密文,将请求密文和第一终端标识传输至电子病历存储设备,电子病历存储设备基于区块链存储电子病历。
在本申请实施例中,当第一终端获取到第一证书私钥后,便可以采用第一证书私钥对查询请求进行加密,生成加密后的查询请求,也即请求密文,并将该请求密文传输至电子病历存储设备,以便保证请求密文在传输的过程中不会被篡改。
103、第一终端接收电子病历存储设备在接收到请求密文和第一终端标识后返回的反馈密文,在反馈密文中提取信息标识指示的目标医疗信息,反馈密文由第二终端接收到电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
在本申请实施例中,当第一终端接收到电子病历存储设备在接收到请求密文后返回的反馈密文后,由于反馈密文是第二终端根据第一终端传输的请求密文生成的,因此,可以在反馈密文中提取到信息标识指示的目标医疗信息。
本申请实施例提供的方法,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
本申请实施例提供了一种区块链的数据查询方法,可以采用第一证书私钥生成请求密文,由电子病历存储设备将请求密文传输给第二终端,使得第二终端基于该请求密文来确定是否将信息展示给第一终端,保证第一终端请求查看信息需要经过第二终端的允许,达到降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高的目的,如图1B所示,该方法包括:
104、电子病历存储设备当接收到第一终端传输的请求密文和第一终端标识时,将请求密文和第一终端标识传输至第二终端,请求密文由第一终端采用第一证书私钥对查询请求进行加密生成,查询请求中携带信息标识,第一证书私钥为第一终端的第一数字证书的证书私钥。
在本申请实施例中,当电子病历存储设备当接收到第一终端传输的请求密文时,为了使第二终端可以确定是否可以为第一终端提供其希望查询的信息,电子病历存储设备将请求密文传输至第二终端。
105、电子病历存储设备当接收到第二终端返回的信息标识时,查询存储信息标识指示的目标医疗信息的信息密文,将信息密文传输至第二终端。
在本申请实施例中,当电子病历存储设备接收到第二终端返回的信息标识时,由于电子病历存储设备中存储有全部用户的电子病历,因此,电子病历存储设备可以根据信息标识查询到信息标识指示的信息密文,并将该信息密文传输至第二终端,以便第二终端决定是否可以将信息标识指示的信息密文传输给第一终端进行查看。
106、电子病历存储设备接收第二终端返回的反馈密文,将反馈密文传输至第一终端,反馈密文由第二终端在接收到信息密文后生成并发送的。
在本申请实施例中,电子病历存储设备如果接收到第二终端返回的反馈密文,则表示第二终端允许第一终端是可以查看信息的,因此,电子病历存储设备将第二终端传输的反馈密文传输给第一终端,以便第一终端对该反馈密文进行查看。
本申请实施例提供的方法,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
本申请实施例提供了一种区块链的数据查询方法,可以采用第一证书私钥生成请求密文,由电子病历存储设备将请求密文传输给第二终端,使得第二终端基于该请求密文来确定是否将信息展示给第一终端,保证第一终端请求查看信息需要经过第二终端的允许,达到降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高的目的,如图1C所示,该方法包括:
107、第二终端当接收到电子病历存储设备传输的请求密文和第一终端标识时,采用第一终端标识指示的第一证书公钥对请求密文解密,请求密文由第一终端生成并传输至电子病历存储设备,第一证书公钥为第一终端的第一数字证书的证书公钥,电子病历存储设备基于区块链存储电子病历。
在本申请实施例中,当第二终端接收到电子病历存储设备传输的请求密文时,由于请求密文是采用第一终端的第一证书私钥加密生成的,且证书私钥和证书公钥是可以相互加密解密的,因此,第二终端采用第一证书公钥对请求密文进行解密。
108、第二终端如果采用第一证书公钥对请求密文解密成功,则在请求密文中提取信息标识,将信息标识传输至电子病历存储设备。
在本申请实施例中,如果第二终端采用第一证书公钥对请求密文解密成功,则表示该请求密文在传输的过程中并没有被篡改,因此,可以在解密后的请求密文中提取到信息标识。由于用户的电子病历都存储在电子病历存储设备中,因此,为了获取到信息标识指示的信息,第二终端需要将信息标识传输给电子病历存储设备,以便电子病历存储设备按照信息标识给第二终端返回其需要获取的信息。
109、第二终端接收电子病历存储设备返回的信息密文,在信息密文中提取信息标识指示的目标医疗信息。
在本申请实施例中,当第二终端接收到电子病历存储设备返回的信息标识指示的信息密文后,由于信息密文通常采用第二终端的第二证书公钥加密得到,因此,第二终端可以采用自身的第二证书私钥对信息密文进行解密,从而在信息密文中提取到目标医疗信息。
110、第二终端基于第一证书公钥对目标医疗信息进行加密,生成反馈密文,将反馈密文传输至电子病历存储设备。
在本申请实施例中,当第二终端获取到目标医疗信息后,为了保证目标医疗信息在传输过程中的安全性,且该目标医疗信息仅能由第一终端查看,因此,第二终端基于第一证书公钥对目标医疗信息加密,生成反馈密文,并将该反馈密文传输至电子病历存储设备,由电子病历存储设备将反馈密文传输至第一终端,使得第一终端采用自身的第一证书私钥便可以对反馈密文进行解密,从而读取到反馈密文中的目标医疗信息。
本申请实施例提供的方法,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
本申请实施例提供了一种基于区块链的数据传输方法,可以采用第一证书私钥生成请求密文,由电子病历存储设备将请求密文传输给第二终端,使得第二终端基于该请求密文来确定是否将信息展示给第一终端,保证第一终端请求查看信息需要经过第二终端的允许,达到降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高的目的,如图2所示,该方法应用于第一终端、电子病历存储设备以及第二终端,涉及到第一终端、电子病历存储设备以及第二终端之间的交互,该方法包括:
201、当第一终端接收到查询请求时,获取第一证书私钥,采用第一证书私钥对查询请求进行加密,生成请求密文,将请求密文和第一终端标识传输至电子病历存储设备。
在本申请实施例中,申请人认识到,电子病历存储设备中接入有大量的终端,其中不乏医院的终端以及用户所持的终端。而通常来说,用户的电子病历都是存储在电子病历存储设备中的,为了保证电子病历存储设备中存储的电子病历的安全性以及公正性,电子病历存储设备通常采用区块链技术存储用户的电子病历。区块链技术具有去中心化的特性,这个特性使得存储在电子病历存储系统中的信息都是公开且透明的,为了避免医院随意在电子病历存储系统中获取用户电子病历中的信息而导致电子病历存储系统中的信息泄露,本申请实施例在进行信息的访问时,需要医院向用户请求查看信息,并由用户通过电子病历存储系统,将医院想要查看的信息进行分享。在本申请实施例中,以医院的终端为第一终端,用户的终端为第二终端为例进行说明,而在实际应用的过程中,电子病历存储系统中还可以接入大量其他的终端,本申请实施例对电子病历存储系统中接入的终端数量不进行具体限定。
其中,为了满足医院与用户之间的信息传输需求,电子病历存储系统可以为第一终端与第二终端提供客户端,并基于该客户端为第一终端与第二终端提供信息传输的服务。客户端可提供信息传输入口,当检测到第一终端中有用户触发该信息传输入口时,确定接收到第一终端的查询请求时,为了使第二终端在接收到查询请求时可以确定第一终端请求查看哪种信息,查询请求中需要携带信息标识,具体地,信息标识可为用户的用户姓名、用户账号、用户身份证号码等。
考虑到查询请求在传输的过程中可能会被不法分子篡改,第一终端在接收到查询请求后,需要对查询请求进行加密,并将加密后的查询请求进行传输。其中,由于接入电子病历存储设备中的每一个终端均配置有唯一且固定的数字证书,数字证书中包括证书公钥和证书私钥,证书公钥是公开给所有人的,证书私钥是终端自己持有的,且证书公钥和证书私钥具有相互加密和解密的特性,因此,第一终端在对查询请求进行加密时,由于自身的证书公钥(也即第一证书公钥)是对外公开的,因此,可以采用自身的证书私钥(也即第一证书私钥)对查询请求进行加密,生成请求密文,并将请求密文传输给电子病历存储系统,以便基于该请求密文来实现向第二终端请求进行信息查询的操作。其中,为了对多个终端的多个数字证书进行区分,可以将每个终端的数字证书与该终端的终端标识对应存储,以便在查询数字证书时,可以基于终端标识进行查询。
在实际应用的过程中,为了使第二终端在接收到电子病历存储设备传输的请求密文时,可以获知是哪一种终端请求查询信息,第一终端在向电子病历存储设备传输请求密文时,可以提取该自身的终端名称或者终端编号,将终端名称或者终端编号作为第一终端标识,并将第一终端标识也随着请求密文传输给第二终端,以使第二终端还可以根据第一终端的身份来确定是否可以向第一终端传输信息。
202、当电子病历存储设备接收到第一终端传输的请求密文和第一终端标识时,将请求密文和第一终端标识传输至第二终端。
在本申请实施例中,当电子病历存储设备接收到第一终端传输的请求密文和第一终端标识时,由于只有用户才可以授权医生是否可以查询自己的电子病历,因此,电子病历存储设备将接收到的第一终端传输的请求密文和第一终端标识传输至第二终端,以便第二终端确定是否向第一终端传输其想要查询的信息。
203、当第二终端接收到电子病历存储设备传输的请求密文和第一终端标识时,采用第一终端标识指示的第一证书公钥对请求密文进行解密,如果采用第一证书公钥对请求密文解密失败,则执行下述步骤204至步骤206;如果采用第一证书公钥对请求密文解密成功,则执行下述步骤207至步骤211。
在本申请实施例中,当第二终端接收到电子病历存储设备传输的请求密文时,由于请求密文是由第一终端基于自身的第一数字证书的第一证书私钥签名生成的,因此,只要第二终端采用第一证书公钥可以对请求密文进行解密,则表示该请求密文在传输的过程中并没有被篡改,第二终端是可以对该请求密文进行信任的,这样,如果第二终端采用第一证书公钥对请求密文解密失败,则表示该请求密文在传输的过程中很可能被篡改,或者该请求密文不是由第一终端发送的,可能是其他的恶意节点伪造的,也即执行下述步骤204至步骤206。如果第二终端采用第一证书公钥对请求密文解密成功,则表示该请求密文在传输的过程中并没有被篡改,该请求密文包括的内容是真实的,且该请求密文确定由第一终端生成并发送的,也即执行下述步骤207至步骤211。
其中,由于电子病历存储设备在传输请求密文时,携带了第一终端标识,因此,第二终端可以通过第一终端标识查询到第一终端的第一数字证书,并在第一数字证书中获取到第一证书公钥,基于第一证书公钥实现对请求密文的解密。具体地,第二终端根据第一终端标识获取第一证书公钥的过程与上述步骤201中第一终端获取第二证书公钥的过程一致,此处不再进行赘述。
需要说明的是,如果电子病历存储设备在传输请求密文时还携带了第一终端的第一终端标识,则第二终端在接收到第一终端的第一终端标识后,还可以将该第一终端标识展示给第二终端的用户,若第二终端的用户不允许将信息传输给第一终端,也即第二终端的用户不希望授权第一终端查看信息,则第二终端可以直接执行下述步骤204至步骤206,而无需再对请求密文进行解密。
204、如果采用第一证书公钥对请求密文解密失败,则第二终端生成失败响应,并将失败响应传输至电子病历存储设备。
在本申请实施例中,如果第二终端采用第一证书公钥对请求密文解密失败,则表示请求密文在传输的过程中可能被篡改,或者该请求密文不是由第一终端发送的,可能是其他的恶意节点伪造的,因此,生成失败响应,并将该失败响应传输给电子病历存储设备,以便电子病历存储将该失败响应输给第一终端,使第一终端在获取到该失败响应后,可以重新发送请求密文。
205、电子病历存储设备接收第二终端传输的失败响应,将失败响应传输至第一终端。
在本申请实施例中,当电子病历存储设备接收到第二终端传输的失败响应时,为了使第一终端可以基于该失败响应确定传输的请求密文没有被第二终端认可,以便第一终端可以重新发送请求密文,电子病历存储设备将接收到的失败响应传输给第一终端。
206、第一终端接收电子病历存储设备传输的失败响应,重新执行上述生成请求密文,并将请求密文传输至电子病历存储设备的过程。
在本申请实施例中,当第一终端接收到电子病历存储设备传输的失败响应后,便可以确定之前发送的请求密文并没有被第二终端所认可,这样,第一终端便需要重新执行上述步骤201,重新生成新的请求密文,并将生成的新的请求密文再次传输给电子病历存储设备进行传输。其中,生成请求密文并进行传输的过程与上述步骤201中所示的过程一致,此处不再进行赘述。
207、如果第二终端采用第一证书公钥对请求密文解密成功,则在请求密文中提取信息标识,将信息标识传输至电子病历存储设备。
在本申请实施例中,如果第二终端采用第一证书公钥对请求密文解密成功,则表示请求密文是真实的,并没有在传输的过程中进行篡改,因此,可以基于该请求密文为第一终端传输信息。其中,由于第二终端已经对该请求密文进行解密成功,因此,第二终端可以在解密成功的请求密文中提取到信息标识,并根据信息标识来确定第一终端请求查询的信息。
在实际应用的过程中,由于个人的医疗信息均存储在电子病历存储设备中,因此,为了获取到第一终端请求查询的信息,第二终端将获取到的信息标识传输给电子病历存储设备,以便电子病历存储设备根据信息标识确定目标医疗信息,并将目标医疗信息返回给第二终端,由第二终端决定是否将目标医疗信息传输给第一终端。
208、电子病历存储设备接收第二终端返回的信息标识,提取信息标识指示的信息密文,将信息密文传输至第二终端。
在本申请实施例中,当电子病历存储设备接收到第二终端返回的信息标识后,便可以按照信息标识,提取到第二终端请求的信息,并将获取到的信息传输给第二终端。其中,由于电子病历存储设备在存储每个用户的电子病历时都会采用用户的证书公钥对电子病历进行加密,并将加密后的电子病历进行存储,也即存储包括电子病历的信息密文,因此,电子病历存储设备仅能根据信息标识获取到信息密文,这样,电子病历存储设备仅需将获取到的信息密文传输给第二终端即可。
在实际应用的过程中,由于电子病历存储设备是采用区块链技术进行信息存储的,因此,在获取信息密文时,电子病历存储设备可以首先根据信息标识确定信息密文所在的目标区块,并获取到该目标区块;随后,在该目标区块中提取信息标识指示的信息密文,将该信息密文传输给第二终端。
209、第二终端接收电子病历存储设备返回的信息密文,在信息密文中提取信息标识指示的目标医疗信息,基于第一证书公钥对目标医疗信息进行加密,生成反馈密文,将反馈密文传输至电子病历存储设备。
在本申请实施例中,当第二终端接收到电子病历存储设备返回的信息密文后,由于该信息密文是加密的,且通常是采用第二终端的第二数字证书的第二证书公钥加密得到的,因此,只有第二终端才可以对该信息密文进行解密,从而获取到该信息密文中信息标识指示的目标医疗信息。具体地,首先,第二终端接收电子病历存储设备返回的信息标识指示的信息密文,并获取自身所存储的第二证书私钥;随后,采用第二证书私钥对信息密文进行解密,在信息密文中提取目标医疗信息。这样,第二终端在接收到信息密文后,采用第二证书私钥对该信息密文进行解密,从而在信息密文中提取到目标医疗信息。
进一步地,为了保证目标医疗信息在传输至第一终端的过程中不会被不法分子篡改或者窃取,第二终端基于第一证书公钥对目标医疗信息进行加密,生成包括目标医疗信息的反馈密文,并将该反馈密文传输给电子病历存储设备,以便电子病历存储设备将该反馈密文传输给第一终端,实现第一终端请求的信息查询。
210、电子病历存储设备接收第二终端返回的反馈密文,将反馈密文传输至第一终端。
在本申请实施例中,当电子病历存储设备接收到第二终端返回的反馈密文后,便可以将该反馈密文传输给第一终端,以便第一终端在反馈密文中获取到目标医疗信息。
211、第一终端接收电子病历存储设备在接收到请求密文后返回的反馈密文,获取第一证书私钥,采用第一证书私钥,对反馈密文进行解密,在反馈密文中提取到信息标识指示的目标医疗信息。
在本申请实施例中,当第一终端接收到电子病历存储设备返回的反馈密文后,由于反馈密文是采用第一终端的第一证书公钥加密得到的,因此,第一终端可以获取第一证书私钥,并采用该第一证书私钥对反馈密文进行解密,在解密后的反馈密文中提取到信息标识指示的目标医疗信息。
本申请实施例提供的方法,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
进一步地,作为图1A所述方法的具体实现,本申请实施例提供了一种区块链的数据查询装置,如图3A所示,所述装置包括:获取模块301,加密模块302和提取模块303。
该获取模块301,用于当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;
该加密模块302,用于采用第一证书私钥对查询请求进行加密,生成请求密文,将请求密文和第一终端标识传输至电子病历存储设备,电子病历存储设备基于区块链存储电子病历;
该提取模块303,用于接收电子病历存储设备在接收到请求密文和第一终端标识后返回的反馈密文,在反馈密文中提取信息标识指示的目标医疗信息,反馈密文由第二终端接收到电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
在具体的应用场景中,如图3B所示,该提取模块303,包括接收单元3031和解密单元3032。
该接收单元3031,用于接收电子病历存储设备在接收到请求密文后返回的反馈密文,获取第一证书私钥;
该解密单元3032,用于采用第一证书私钥,对反馈密文进行解密,在反馈密文中提取到信息标识指示的目标医疗信息。
在具体的应用场景中,该获取模块301,还用于如果接收到电子病历存储设备返回的失败响应,则重新执行上述生成请求密文,并将请求密文传输至电子病历存储设备的过程。
本申请实施例提供的装置,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
进一步地,作为图1B所述方法的具体实现,本申请实施例提供了一种区块链的数据查询装置,如图4A所示,所述装置包括:第一传输模块401,提取模块402和第二传输模块403。
该第一传输模块401,用于当接收到第一终端传输的请求密文和第一终端标识时,将请求密文和第一终端标识传输至第二终端,请求密文由第一终端采用第一证书私钥对查询请求进行加密生成,查询请求中携带信息标识,第一证书私钥为第一终端的第一数字证书的证书私钥;
该提取模块402,用于当接收到第二终端返回的信息标识时,查询存储信息标识指示的目标医疗信息的信息密文,将信息密文传输至第二终端;
该第二传输模块403,用于接收第二终端返回的反馈密文,将反馈密文传输至第一终端,反馈密文由第二终端在接收到信息密文后生成并发送的。
在具体的应用场景中,如图4B所示,该装置还包括第三传输模块404。
该第三传输模块404,用于如果接收到第二终端返回的失败响应,则将失败响应传输至第一终端。
本申请实施例提供的装置,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
进一步地,作为图1C所述方法的具体实现,本申请实施例提供了一种区块链的数据查询装置,如图5A所示,所述装置包括:解密模块501,提取模块502,接收模块503和加密模块504。
该解密模块501,用于当接收到电子病历存储设备传输的请求密文和第一终端标识时,采用第一终端标识指示的第一证书公钥对请求密文解密,请求密文由第一终端生成并传输至电子病历存储设备,第一证书公钥为第一终端的第一数字证书的证书公钥,电子病历存储设备基于区块链存储电子病历;
该提取模块502,用于如果采用第一证书公钥对请求密文解密成功,则在请求密文中提取信息标识,将信息标识传输至电子病历存储设备;
该接收模块503,用于接收电子病历存储设备返回的信息密文,在信息密文中提取信息标识指示的目标医疗信息;
该加密模块504,用于基于第一证书公钥对目标医疗信息进行加密,生成反馈密文,将反馈密文传输至电子病历存储设备。
在具体的应用场景中,如图5B所示,该接收模块503,包括获取单元5031和解密单元5032。
该获取单元5031,用于接收电子病历存储设备返回的信息标识指示的信息密文,获取第二证书私钥,第二证书私钥为第二终端的第二数字证书的证书私钥;
该解密单元5032,用于采用第二证书私钥对信息密文进行解密,在信息密文中提取信息标识指示的目标医疗信息。
在具体的应用场景中,如图5C所示,该装置还包括生成模块505。
该生成模块505,用于如果采用第一证书公钥对请求密文解密失败,则生成失败响应,并将失败响应传输至电子病历存储设备。
本申请实施例提供的装置,第一终端在请求查询信息时,需要生成请求密文,借助电子病历存储设备向第二终端传输请求密文,并在第二终端的允许下才能获取到想要查询的目标医疗信息,使得第一终端不能随意获取用户的电子病历,降低了信息被恶意传播的风险,避免信息的扩散,信息的安全性较高。
需要说明的是,本申请实施例提供的一种区块链的数据查询装置所涉及各功能单元的其他相应描述,可以参考图1A至图1C和图2中的对应描述,在此不再赘述。
在示例性实施例中,参见图6,还提供了一种设备,该设备600包括通信总线、处理器、存储器和通信接口,还可以包括、输入输出接口和显示设备,其中,各个功能单元之间可以通过总线完成相互间的通信。该存储器存储有计算机可读指令,处理器,用于执行存储器上所存放的程序,执行上述实施例中的区块链的数据传输方法。
一种计算机可读存储介质,其上存储有计算机可读指令,所述计算机可读指令被处理器执行时实现所述的区块链的数据传输方法的步骤。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到本申请可以通过硬件实现,也可以借助软件加必要的通用硬件平台的方式来实现。基于这样的理解,本申请的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施场景所述的方法。
本领域技术人员可以理解附图只是一个优选实施场景的示意图,附图中的模块或流程并不一定是实施本申请所必须的。
本领域技术人员可以理解实施场景中的装置中的模块可以按照实施场景描述进行分布于实施场景的装置中,也可以进行相应变化位于不同于本实施场景的一个或多个装置中。上述实施场景的模块可以合并为一个模块,也可以进一步拆分成多个子模块。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一计算机非易失性可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink) DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。
Claims (20)
- 一种区块链的数据查询方法,其特征在于,包括:当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;采用所述第一证书私钥对所述查询请求进行加密,生成请求密文,将所述请求密文和第一终端标识传输至电子病历存储设备,所述电子病历存储设备基于区块链存储电子病历;接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,所述反馈密文由第二终端接收到所述电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
- 根据权利要求1所述的方法,其特征在于,所述接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,包括:接收所述电子病历存储设备在接收到所述请求密文后返回的所述反馈密文,获取所述第一证书私钥;采用所述第一证书私钥,对所述反馈密文进行解密,在所述反馈密文中提取到所述信息标识指示的目标医疗信息。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:如果接收到所述电子病历存储设备返回的失败响应,则重新执行上述生成请求密文,并将所述请求密文传输至所述电子病历存储设备的过程。
- 一种区块链的数据查询方法,其特征在于,包括:当接收到第一终端传输的请求密文和第一终端标识时,将所述请求密文和所述第一终端标识传输至第二终端,所述请求密文由所述第一终端采用第一证书私钥对查询请求进行加密生成,所述查询请求中携带信息标识,所述第一证书私钥为所述第一终端的第一数字证书的证书私钥;当接收到所述第二终端返回的所述信息标识时,查询存储所述信息标识指示的目标医疗信息的信息密文,将所述信息密文传输至所述第二终端;接收所述第二终端返回的反馈密文,将所述反馈密文传输至所述第一终端,所述反馈密文由所述第二终端在接收到所述信息密文后生成并发送的。
- 根据权利要求4所述的方法,其特征在于,所述方法还包括:如果接收到所述第二终端返回的失败响应,则将所述失败响应传输至所述第一终端。
- 一种区块链的数据查询方法,其特征在于,包括:当接收到电子病历存储设备传输的请求密文和第一终端标识时,采用所述第一终端标识指示的第一证书公钥对所述请求密文解密,所述请求密文由第一终端生成并传输至所述电子病历存储设备,所述第一证书公钥为所述第一终端的第一数字证书的证书公钥,所述电子病历存储设备基于区块链存储电子病历;如果采用所述第一证书公钥对所述请求密文解密成功,则在所述请求密文中提取信息标识,将所述信息标识传输至所述电子病历存储设备;接收所述电子病历存储设备返回的信息密文,在所述信息密文中提取所述信息标识指示的目标医疗信息;基于所述第一证书公钥对所述目标医疗信息进行加密,生成反馈密文,将所述反馈密文传输至所述电子病历存储设备。
- 根据权利要求6所述的方法,其特征在于,所述接收所述电子病历存储设备返回的信息密文,在所述信息密文中提取所述信息标识指示的目标医疗信息,包括:接收所述电子病历存储设备返回的所述信息密文,获取第二证书私钥,所述第二证书私钥为第二终端的第二数字证书的证书私钥;采用所述第二证书私钥对所述信息密文进行解密,在所述信息密文中提取所述信息标识指示的目标医疗信息。
- 根据权利要求6所述的方法,其特征在于,所述方法还包括:如果采用所述第一证书公钥对所述请求密文解密失败,则生成失败响应,并将所述失败响应传输至所述电子病历存储设备。
- 一种区块链的数据查询系统,其特征在于,包括第一终端、电子病历存储设备以及第二终端,其中,所述电子病历存储设备基于区块链存储电子病历,所述第一终端当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;所述第一终端采用所述第一证书私钥对所述查询请求进行加密,生成请求密文,将所述请求密文和第一终端标识传输至电子病历存储设备;所述电子病历存储设备当接收到所述第一终端传输的所述请求密文和第一终端标识时,将所述请求密文和第一终端标识传输至所述第二终端;所述第二终端当接收到所述电子病历存储设备传输的所述请求密文和第一终端标识时,采用所述第一终端标识指示的第一证书公钥对所述请求密文解密,所述第一证书公钥为所述第一终端的第一数字证书的证书公钥;所述第二终端如果采用所述第一证书公钥对所述请求密文解密成功,则在所述请求密文中提取信息标识,将所述信息标识传输至所述电子病历存储设备;所述电子病历存储设备当接收到所述第二终端返回的所述信息标识时,提取所述信息标识指示的信息密文,将所述信息密文传输至所述第二终端;所述第二终端接收所述电子病历存储设备返回的所述信息标识指示的所述信息密文,在所述信息密文中提取目标医疗信息;所述第二终端基于所述第一证书公钥对所述目标医疗信息进行加密,生成反馈密文,将所述反馈密文传输至所述电子病历存储设备;所述电子病历存储设备接收所述第二终端返回的所述反馈密文,将所述反馈密文传输至所述第一终端;所述第一终端接收所述电子病历存储设备在接收到所述请求密文后返回的所述反馈密文,在所述反馈密文中提取所述信息标识指示的所述目标医疗信息。
- 一种区块链的数据查询装置,其特征在于,包括:获取模块,用于当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;加密模块,用于采用所述第一证书私钥对所述查询请求进行加密,生成请求密文,将所述请求密文和第一终端标识传输至电子病历存储设备,所述电子病历存储设备基于区块链存储电子病历;提取模块,用于接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,所述反馈密文由第二终端接收到所述电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
- 一种终端设备,其特征在于,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时执行以下步骤:当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;采用所述第一证书私钥对所述查询请求进行加密,生成请求密文,将所述请求密文和第一终端标识传输至电子病历存储设备,所述电子病历存储设备基于区块链存储电子病历;接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,所述反馈密文由第二终端接收到所述电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
- 根据权利要求11所述的终端设备,其特征在于,所述接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,包括:接收所述电子病历存储设备在接收到所述请求密文后返回的所述反馈密文,获取所述第一证书私钥;采用所述第一证书私钥,对所述反馈密文进行解密,在所述反馈密文中提取到所述信息标识指示的目标医疗信息。
- 根据权利要求11所述的中的终端设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:如果接收到所述电子病历存储设备返回的失败响应,则重新执行上述生成请求密文,并将所述请求密文传输至所述电子病历存储设备的过程。
- 一种终端设备,其特征在于,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时执行以下步骤:当接收到第一终端传输的请求密文和第一终端标识时,将所述请求密文和所述第一终端标识传输至第二终端,所述请求密文由所述第一终端采用第一证书私钥对查询请求进行加密生成,所述查询请求中携带信息标识,所述第一证书私钥为所述第一终端的第一数字证书的证书私钥;当接收到所述第二终端返回的所述信息标识时,查询存储所述信息标识指示的目标医疗信息的信息密文,将所述信息密文传输至所述第二终端;接收所述第二终端返回的反馈密文,将所述反馈密文传输至所述第一终端,所述反馈密文由所述第二终端在接收到所述信息密文后生成并发送的。
- 一种终端设备,其特征在于,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时执行以下步骤:当接收到电子病历存储设备传输的请求密文和第一终端标识时,采用所述第一终端标识指示的第一证书公钥对所述请求密文解密,所述请求密文由第一终端生成并传输至所述电子病历存储设备,所述第一证书公钥为所述第一终端的第一数字证书的证书公钥,所述电子病历存储设备基于区块链存储电子病历;如果采用所述第一证书公钥对所述请求密文解密成功,则在所述请求密文中提取信息标识,将所述信息标识传输至所述电子病历存储设备;接收所述电子病历存储设备返回的信息密文,在所述信息密文中提取所述信息标识指示的目标医疗信息;基于所述第一证书公钥对所述目标医疗信息进行加密,生成反馈密文,将所述反馈密文传输至所述电子病历存储设备。
- 一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如下步骤:当接收到查询请求时,获取第一证书私钥,所述查询请求中携带信息标识,所述第一证书私钥为第一终端的第一数字证书的证书私钥;采用所述第一证书私钥对所述查询请求进行加密,生成请求密文,将所述请求密文和第一终端标识传输至电子病历存储设备,所述电子病历存储设备基于区块链存储电子病历;接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,所述反馈密文由第二终端接收到所述电子病历存储设备传输的请求密文后生成并传输至电子病历存储设备的。
- 根据权利要求16所述的计算机非易失性可读存储介质,其特征在于,所述接收所述电子病历存储设备在接收到所述请求密文和所述第一终端标识后返回的反馈密文,在所述反馈密文中提取所述信息标识指示的目标医疗信息,包括:接收所述电子病历存储设备在接收到所述请求密文后返回的所述反馈密文,获取所述第一证书私钥;采用所述第一证书私钥,对所述反馈密文进行解密,在所述反馈密文中提取到所述信息标识指示的目标医疗信息。
- 根据权利要求16所述的计算机非易失性可读存储介质,其特征在于,所述计算机可读指令被处理器执行时还实现如下步骤:如果接收到所述电子病历存储设备返回的失败响应,则重新执行上述生成请求密文,并将所述请求密文传输至所述电子病历存储设备的过程。
- 一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如下步骤:当接收到第一终端传输的请求密文和第一终端标识时,将所述请求密文和所述第一终端标识传输至第二终端,所述请求密文由所述第一终端采用第一证书私钥对查询请求进行加密生成,所述查询请求中携带信息标识,所述第一证书私钥为所述第一终端的第一数字证书的证书私钥;当接收到所述第二终端返回的所述信息标识时,查询存储所述信息标识指示的目标医疗信息的信息密文,将所述信息密文传输至所述第二终端;接收所述第二终端返回的反馈密文,将所述反馈密文传输至所述第一终端,所述反馈密文由所述第二终端在接收到所述信息密文后生成并发送的。
- 一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如下步骤:当接收到电子病历存储设备传输的请求密文和第一终端标识时,采用所述第一终端标识指示的第一证书公钥对所述请求密文解密,所述请求密文由第一终端生成并传输至所述电子病历存储设备,所述第一证书公钥为所述第一终端的第一数字证书的证书公钥,所述电子病历存储设备基于区块链存储电子病历;如果采用所述第一证书公钥对所述请求密文解密成功,则在所述请求密文中提取信息标识,将所述信息标识传输至所述电子病历存储设备;接收所述电子病历存储设备返回的信息密文,在所述信息密文中提取所述信息标识指示的目标医疗信息;基于所述第一证书公钥对所述目标医疗信息进行加密,生成反馈密文,将所述反馈密文传输至所述电子病历存储设备。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910218386.6 | 2019-03-21 | ||
CN201910218386.6A CN110049016B (zh) | 2019-03-21 | 2019-03-21 | 区块链的数据查询方法、装置、系统、设备及存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020186823A1 true WO2020186823A1 (zh) | 2020-09-24 |
Family
ID=67274973
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/122575 WO2020186823A1 (zh) | 2019-03-21 | 2019-12-03 | 区块链的数据查询方法、装置、系统、设备及存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110049016B (zh) |
WO (1) | WO2020186823A1 (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202779A (zh) * | 2020-09-29 | 2021-01-08 | 深圳壹账通智能科技有限公司 | 基于区块链的信息加密方法、装置、设备及介质 |
CN112966022A (zh) * | 2021-03-10 | 2021-06-15 | 安徽航天信息科技有限公司 | 一种数据交易平台的信息查询方法、装置及系统 |
CN113626486A (zh) * | 2021-07-15 | 2021-11-09 | 广州市挖米科技有限责任公司 | 一种saas化电子病历结构化高速传输与展示方法及装置 |
CN116743513A (zh) * | 2023-08-16 | 2023-09-12 | 成都中医药大学附属医院(四川省中医医院) | 一种电子病历远程调阅的安全操作方法及系统 |
CN116821941A (zh) * | 2023-08-25 | 2023-09-29 | 建信金融科技有限责任公司 | 数据加密解密方法、装置、设备及存储介质 |
CN117240576A (zh) * | 2023-10-09 | 2023-12-15 | 上海市口腔医院(上海市口腔健康中心) | 一种物联网医疗平台的入侵检测方法及系统 |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110049016B (zh) * | 2019-03-21 | 2022-02-18 | 深圳壹账通智能科技有限公司 | 区块链的数据查询方法、装置、系统、设备及存储介质 |
CN110224989B (zh) * | 2019-05-10 | 2022-01-28 | 深圳壹账通智能科技有限公司 | 信息交互方法、装置、计算机设备及可读存储介质 |
CN110414253A (zh) * | 2019-08-05 | 2019-11-05 | 深圳市网心科技有限公司 | 一种基于区块链的电子病历管理方法、装置、系统及设备 |
CN111783070B (zh) * | 2020-06-29 | 2024-06-25 | 平安科技(深圳)有限公司 | 基于区块链的档案信息获取方法、装置、设备及存储介质 |
CN112016124B (zh) * | 2020-09-07 | 2024-05-28 | 公安部第三研究所 | 基于数据对象主体去标识化实现信息查询的方法 |
CN112699385A (zh) * | 2020-12-21 | 2021-04-23 | 布比(北京)网络技术有限公司 | 一种基于区块链对电子健康记录进行访问控制的方法及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107579979A (zh) * | 2017-09-07 | 2018-01-12 | 成都理工大学 | 基于区块链技术的电子病历的共享查询方法 |
US20180089374A1 (en) * | 2013-07-05 | 2018-03-29 | Tillata Corlette Gibson | Method and System for Transferring Mammograms with Blockchain Verification |
CN108449359A (zh) * | 2018-04-16 | 2018-08-24 | 济南浪潮高新科技投资发展有限公司 | 一种基于区块链的电子病历共享方法和系统 |
CN109326337A (zh) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | 基于区块链的电子医疗记录存储和共享的模型及方法 |
CN110049016A (zh) * | 2019-03-21 | 2019-07-23 | 深圳壹账通智能科技有限公司 | 区块链的数据查询方法、装置、系统、设备及存储介质 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471826B (zh) * | 2014-09-04 | 2019-08-20 | 中电长城网际系统应用有限公司 | 密文数据查询方法、装置和密文查询服务器 |
US10715312B2 (en) * | 2016-07-29 | 2020-07-14 | Workday, Inc. | System and method for blockchain-based device authentication based on a cryptographic challenge |
CN106339639A (zh) * | 2016-08-30 | 2017-01-18 | 弗洛格(武汉)信息科技有限公司 | 基于区块链的学分成绩管理方法及系统 |
CN108614974B (zh) * | 2018-04-24 | 2021-06-01 | 南京邮电大学 | 一种基于区块链的快递信息隐私保护系统及其保护方法 |
-
2019
- 2019-03-21 CN CN201910218386.6A patent/CN110049016B/zh active Active
- 2019-12-03 WO PCT/CN2019/122575 patent/WO2020186823A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180089374A1 (en) * | 2013-07-05 | 2018-03-29 | Tillata Corlette Gibson | Method and System for Transferring Mammograms with Blockchain Verification |
CN107579979A (zh) * | 2017-09-07 | 2018-01-12 | 成都理工大学 | 基于区块链技术的电子病历的共享查询方法 |
CN108449359A (zh) * | 2018-04-16 | 2018-08-24 | 济南浪潮高新科技投资发展有限公司 | 一种基于区块链的电子病历共享方法和系统 |
CN109326337A (zh) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | 基于区块链的电子医疗记录存储和共享的模型及方法 |
CN110049016A (zh) * | 2019-03-21 | 2019-07-23 | 深圳壹账通智能科技有限公司 | 区块链的数据查询方法、装置、系统、设备及存储介质 |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202779A (zh) * | 2020-09-29 | 2021-01-08 | 深圳壹账通智能科技有限公司 | 基于区块链的信息加密方法、装置、设备及介质 |
CN112966022A (zh) * | 2021-03-10 | 2021-06-15 | 安徽航天信息科技有限公司 | 一种数据交易平台的信息查询方法、装置及系统 |
CN112966022B (zh) * | 2021-03-10 | 2024-04-05 | 安徽航天信息科技有限公司 | 一种数据交易平台的信息查询方法、装置及系统 |
CN113626486A (zh) * | 2021-07-15 | 2021-11-09 | 广州市挖米科技有限责任公司 | 一种saas化电子病历结构化高速传输与展示方法及装置 |
CN116743513A (zh) * | 2023-08-16 | 2023-09-12 | 成都中医药大学附属医院(四川省中医医院) | 一种电子病历远程调阅的安全操作方法及系统 |
CN116743513B (zh) * | 2023-08-16 | 2023-10-20 | 成都中医药大学附属医院(四川省中医医院) | 一种电子病历远程调阅的安全操作方法及系统 |
CN116821941A (zh) * | 2023-08-25 | 2023-09-29 | 建信金融科技有限责任公司 | 数据加密解密方法、装置、设备及存储介质 |
CN116821941B (zh) * | 2023-08-25 | 2023-12-19 | 建信金融科技有限责任公司 | 数据加密解密方法、装置、设备及存储介质 |
CN117240576A (zh) * | 2023-10-09 | 2023-12-15 | 上海市口腔医院(上海市口腔健康中心) | 一种物联网医疗平台的入侵检测方法及系统 |
CN117240576B (zh) * | 2023-10-09 | 2024-03-29 | 上海市口腔医院(上海市口腔健康中心) | 一种物联网医疗平台的入侵检测方法、系统、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN110049016A (zh) | 2019-07-23 |
CN110049016B (zh) | 2022-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020186823A1 (zh) | 区块链的数据查询方法、装置、系统、设备及存储介质 | |
US7688975B2 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
WO2016180264A1 (zh) | 获取电子文件的方法及装置 | |
KR101625359B1 (ko) | 유비쿼터스 환자 모니터링을 위한 개인 보안 관리자 | |
WO2020186827A1 (zh) | 用户认证方法、装置、计算机设备及计算机可读存储介质 | |
JP2022507151A (ja) | 安全な無線ファームウェアアップグレード | |
CN106452770B (zh) | 一种数据加密方法、解密方法、装置和系统 | |
EP2544117A1 (en) | Method and system for sharing or storing personal data without loss of privacy | |
WO2020186822A1 (zh) | 基于区块链的数据查询方法、装置、设备及可读存储介质 | |
WO2012024872A1 (zh) | 移动互联网加密通讯的方法、系统及相关装置 | |
CN113645195B (zh) | 基于cp-abe和sm4的云病历密文访问控制系统及方法 | |
JP2008099267A (ja) | ネットワーク内で無線端末と設備との間のセッションを保護する方法 | |
CN108809633B (zh) | 一种身份认证的方法、装置及系统 | |
WO2018076740A1 (zh) | 数据传输方法及相关设备 | |
ES2665887T3 (es) | Sistema de datos seguro | |
JP2020533853A (ja) | デジタル証明書を管理するための方法および装置 | |
US20180013832A1 (en) | Health device, gateway device and method for securing protocol using the same | |
JP5992535B2 (ja) | 無線idプロビジョニングを実行するための装置及び方法 | |
WO2014146609A1 (zh) | 信息处理方法、信任服务器及云服务器 | |
CN110519222B (zh) | 基于一次性非对称密钥对和密钥卡的外网接入身份认证方法和系统 | |
CN115766098A (zh) | 基于区块链与代理重加密的个人健康数据共享方法 | |
CN116709325B (zh) | 一种基于高速加密算法的移动设备安全认证方法 | |
Wang et al. | Data transmission and access protection of community medical internet of things | |
CN105518696B (zh) | 对数据存储器执行操作 | |
JP5678150B2 (ja) | ユーザ端末、鍵管理システム、及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19920335 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/02/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19920335 Country of ref document: EP Kind code of ref document: A1 |