[go: up one dir, main page]

CN114386053A - Medical data encryption storage method and storage medium - Google Patents

Medical data encryption storage method and storage medium Download PDF

Info

Publication number
CN114386053A
CN114386053A CN202111491952.4A CN202111491952A CN114386053A CN 114386053 A CN114386053 A CN 114386053A CN 202111491952 A CN202111491952 A CN 202111491952A CN 114386053 A CN114386053 A CN 114386053A
Authority
CN
China
Prior art keywords
chain
data
medical data
user
unique
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111491952.4A
Other languages
Chinese (zh)
Inventor
张少林
徐光智
张宁明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Mengwang Iot Technology Development Co ltd
Original Assignee
Shenzhen Mengwang Iot Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Mengwang Iot Technology Development Co ltd filed Critical Shenzhen Mengwang Iot Technology Development Co ltd
Priority to CN202111491952.4A priority Critical patent/CN114386053A/en
Publication of CN114386053A publication Critical patent/CN114386053A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of communication, and provides a medical data encryption storage method and a storage medium, wherein a unique identification serial code of a user is used as a basis, a unique target public key and a unique target private key are obtained through initialization and stored in a first chain in a block chain, then a preset encryption strategy is combined to carry out data encryption on medical data of the user to obtain a digital signature and a data ciphertext, the digital signature and the data ciphertext are stored in a second chain in the block chain, when a viewing request is received, data inquiry and decryption are carried out according to the viewing request, and whether a first abstract value and a second abstract value are equal or not is obtained through data decryption comparison, so that whether the viewing request is an operation authorized by the user can be judged; the decryption key and the encrypted data are respectively stored in different block chain chains, so that the medical data are effectively prevented from being stolen or damaged, the safety of the authentication information is ensured, and the information safety can be further improved.

Description

Medical data encryption storage method and storage medium
Technical Field
The invention relates to the technical field of communication, in particular to a medical data encryption storage method and a storage medium.
Background
Electronic Medical Record (EMR), also called computerized Medical Record system or computer-based patient Record, is a digitized Medical Record that is kept, managed, transmitted and reproduced by Electronic devices (computers, health cards, etc.) to replace handwritten paper records. The content of the medical record comprises all information of the paper medical record, and compared with the paper medical record, the electronic medical record also has the significance of providing complete, real-time, anytime and anywhere patient information access for medical care personnel, supporting medical information sharing of patients among different medical institutions and the like.
With the higher dependence degree of the medical and health industry on the information system and the increasingly prominent information safety problem, the medical and health institutions at all levels pay high attention to the information safety guarantee work. However, the safety construction of the medical industry at present has many problems, such as single technical means, incomplete informatization management system, weak consciousness of personnel safety construction and the like, so that the safety level of the hospital information system is low, and the hospital information system is easy to be attacked. Most hospitals today introduce information systems to manage the daily operations of the hospital. However, many medical data in many hospitals are stored in the clear and are likely to be stolen or destroyed. Moreover, each medical institution manages the respective electronic medical record, so that the electronic medical record has the risk of being tampered, and the authenticity of the electronic medical record cannot be ensured. Therefore, the encryption technology must be reasonably applied to the hospital information system to recode and encrypt the data, so that the security of the system network communication is effectively improved, and the data leakage and damage are effectively avoided.
Disclosure of Invention
The invention provides a medical data encryption storage method and a storage medium, which solve the technical problems of low protection performance, easy stealing or damage, user data leakage and damage and low authenticity of the conventional medical data.
In order to solve the technical problems, the invention provides a medical data encryption storage method, which comprises the following steps:
s1, initializing according to the unique identification serial code of the user to obtain a corresponding target public key and a target private key, and uploading to a first chain in a block chain;
s2, acquiring medical data of a user, encrypting the medical data according to a preset encryption strategy, the target public key and the target private key, and uploading the acquired digital signature and data ciphertext to a second chain in the block chain;
s3, binding the acquired unique retention ID of the second chain with a user;
s4, when a viewing request is received, respectively acquiring the target public key and the target private key from the first chain and the digital signature and the data ciphertext from the second chain according to the viewing request, and decrypting the data to obtain a first digest value and a second digest value;
s5, comparing the first abstract value with the second abstract value, and determining whether to execute the checking request according to the comparison result.
The basic scheme is based on the unique identification serial code of a user, a unique target public key and a unique target private key are obtained through initialization and stored in a first chain in a block chain, then data encryption is carried out on medical data of the user in combination with a preset encryption strategy to obtain a digital signature and a data ciphertext, the digital signature and the data ciphertext are stored in a second chain in the block chain, when a viewing request is received, data query and decryption are carried out according to the viewing request, and whether a first abstract value and a second abstract value are equal or not is obtained through data decryption comparison, so that whether the viewing request is authorized operation of the user can be judged; the decryption key and the encrypted data are respectively stored in different block chain chains, so that the medical data are effectively prevented from being stolen or damaged, the safety of the authentication information is ensured, and the information safety can be further improved.
In a further embodiment, the step S1 specifically includes: and allocating a unique identity sequence code to a user, initializing to generate a corresponding target public key and a target private key according to the unique identity sequence code and the current timestamp, and uploading the target public key and the target private key to a first chain in a block chain for storage.
According to the scheme, the target public key and the target private key are generated by combining the unique identity serial code with the current timestamp, so that the uniqueness of the target public key and the target private key and the binding relation with the user can be ensured, and the relevance between the encrypted and stored medical data and the user is enhanced.
In further embodiments, the step S2 includes:
s21, acquiring medical data of a user, and encrypting the medical data for the first time according to a national encryption algorithm to obtain a corresponding data abstract value;
s22, encrypting the medical data and the data abstract value for the second time according to the target private key to obtain a digital signature;
s23, carrying out third encryption on the digital signature according to the target public key to obtain a data ciphertext;
and S24, uploading the digital signature and the data ciphertext to a second chain in the block chain for storage.
According to the scheme, based on the confidentiality requirement of data, a national secret encryption algorithm, a target private key and a target public key are sequentially adopted to encrypt medical data of a user for three times, so that the safety of the medical data in the transmission process is improved; the digital signature and the data ciphertext obtained in the data encryption process are stored in the second chain different from the first chain of the block chain, and the decryption key and the encrypted data are separated, so that the information safety can be further improved.
In further embodiments, the step S3 includes:
s31, acquiring the unique retention ID of the second chain;
s32, storing the unique identification sequence code and the unique retention ID in a third storage medium in a binding mode, and setting the unique identification sequence code as a query key of the third storage medium.
In the scheme, besides data storage, a third storage medium is also arranged and used as a storage area of the second chain inquiry connection unique retention ID, and the storage area is connected with the unique identification serial code of the user, so that the user can only perform data inquiry by the user or an authorized initiation requester.
In further embodiments, the step S4 includes:
s41, analyzing the obtained viewing request, and determining the unique identity serial code of the user;
s42, querying the first chain and the third storage medium according to the unique identity serial code, and acquiring a corresponding target public key, a target private key and a unique retention ID;
s43, inquiring the second chain according to the unique retention ID to obtain a corresponding digital signature and a corresponding data ciphertext;
s44, decrypting the digital signature according to the target private key to obtain a first abstract, and decrypting the data ciphertext according to the target private key to obtain a second abstract.
In further embodiments, the step S5 includes:
s51, comparing the first abstract value with the second abstract value, if the first abstract value and the second abstract value are equal, judging that the checking request passes the verification and enters the next step, otherwise, judging that the verification fails and rejecting the checking request;
and S52, checking whether the corresponding medical data are complete, and if so, responding to the viewing request to feed back the medical data for viewing.
According to the scheme, the unique identification serial code of the user is used as a query verification basis, the target public key and the target private key corresponding to the unique identification serial code are obtained, the unique reserved ID is obtained for data query, the digital signature is decrypted according to the target private key to obtain the first abstract, the data ciphertext is decrypted according to the target private key to obtain the second abstract, and only when the first abstract value and the second abstract value are equal, the query is shown to be the user or authorized to be queried, so that the medical data of the patient can be prevented from being tampered by lawbreakers, and unnecessary medical accidents are avoided.
In a further embodiment, the present invention further comprises the steps of:
and S6, identifying the viewing request, triggering a dynamic protection contract when the initiating requester is judged to be an authorized user, re-executing the steps S1-S3 after the query is finished, and updating the corresponding first chain, the second chain and the unique retention ID.
According to the scheme, after the authorization query is detected, the steps of key and data updating are set, so that the safety of data storage can be effectively improved, and the key is prevented from being stolen.
In a further embodiment, the third storage medium is a cache medium Redis.
The present invention also provides a storage medium having stored thereon a computer program for implementing the above-described medical data encryption storage method. The storage medium may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like.
Drawings
Fig. 1 is a work flow chart of a medical data encryption storage method according to an embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in detail below with reference to the accompanying drawings, which are given solely for the purpose of illustration and are not to be construed as limitations of the invention, including the drawings which are incorporated herein by reference and for illustration only and are not to be construed as limitations of the invention, since many variations thereof are possible without departing from the spirit and scope of the invention.
Example 1
As shown in fig. 1, the medical data encryption and storage method according to the embodiment of the present invention includes steps S1 to S6:
s1, initializing according to the unique identification serial code of the user to obtain a corresponding target public key and a target private key, and uploading to a first chain in the block chain, specifically: and allocating a unique identity sequence code to a user, initializing to generate a corresponding target public key and a target private key according to the unique identity sequence code and the current timestamp, and uploading the target public key and the target private key to a first chain in the block chain for storage.
In the embodiment, the target public key and the target private key are generated by combining the unique identity serial code with the current timestamp, so that the uniqueness of the target public key and the target private key and the binding relationship with the user can be ensured, and the relevance between the encrypted and stored medical data and the user can be enhanced.
S2, acquiring medical data of a user, encrypting the medical data according to a preset encryption strategy, a target public key and a target private key, and uploading the acquired digital signature and data ciphertext to a second chain in a block chain, wherein the method comprises the following steps of S21-S24:
s21, acquiring medical data of a user, and encrypting the medical data for the first time according to a national encryption algorithm to obtain a corresponding data abstract value;
s22, encrypting the medical data and the data abstract value for the second time according to the target private key to obtain a digital signature;
s23, carrying out third encryption on the digital signature according to the target public key to obtain a data ciphertext;
and S24, uploading the digital signature and the data ciphertext to the second chain in the block chain for storage.
According to the embodiment, based on the confidentiality requirement of data, a national secret encryption algorithm, a target private key and a target public key are sequentially adopted to encrypt medical data of a user for three times, so that the safety of the medical data in the transmission process is improved; the digital signature and the data ciphertext obtained in the data encryption process are stored in the second chain different from the first chain of the block chain, and the decryption key and the encrypted data are separated, so that the information safety can be further improved.
S3, binding the acquired unique retention ID of the second chain with the user, and comprising the following steps of S31-S32:
s31, acquiring the unique retention ID of the second chain;
and S32, storing the unique identification sequence code and the unique retention ID in a third storage medium in a binding manner, and setting the unique identification sequence code as a query key of the third storage medium.
In this embodiment, the third storage medium is a cache medium Redis.
In this embodiment, in addition to the data storage, a third storage medium is further provided, and is used as a storage area for the second chain query connection unique retention ID, and the storage area is connected with the unique identification serial code of the user, so that the user can only perform the data query by itself or an authorized initiation requester.
S4, when a viewing request is received, respectively acquiring a target public key and a target private key from the first chain and acquiring a digital signature and a data ciphertext from the second chain according to the viewing request, and decrypting the data to obtain a first digest value and a second digest value, wherein the steps S41-S44 are as follows:
s41, analyzing the obtained viewing request, and determining the unique identity serial code of the user;
s42, inquiring the first chain and the third storage medium according to the unique identity identification sequence code, and acquiring a corresponding target public key, a target private key and a unique retention ID;
s43, inquiring the second chain according to the unique retention ID, and acquiring a corresponding digital signature and a corresponding data ciphertext;
s44, decrypting the digital signature according to the target private key to obtain a first abstract, and decrypting the data ciphertext according to the target private key to obtain a second abstract.
S5, comparing the first abstract value with the second abstract value, and determining whether to execute the checking request according to the comparison result, including steps S51-S52:
s51, comparing the first abstract value with the second abstract value, if the first abstract value and the second abstract value are equal, judging that the checking request passes the verification and enters the next step, otherwise, judging that the verification fails and rejecting the checking request;
and S52, checking whether the corresponding medical data is complete, and if so, feeding back the medical data for checking in response to the checking request.
In the embodiment, the unique identification serial code of the user is used as a query verification basis, the target public key and the target private key corresponding to the unique identification serial code are obtained, the unique reserved ID is obtained for data query, the digital signature is decrypted according to the target private key to obtain the first abstract, the data ciphertext is decrypted according to the target private key to obtain the second abstract, and only when the first abstract value and the second abstract value are equal, the query is shown to be the user or authorized to be queried, so that the medical data of the patient can be prevented from being tampered by lawbreakers, and unnecessary medical accidents are avoided.
And S6, identifying the checking request, triggering a dynamic protection contract when the initiating requester is judged to be an authorized user, re-executing the steps S1-S3 after the query is finished, and updating the corresponding first chain, the second chain and the unique retention ID.
In this embodiment, authorized users include, but are not limited to, authorized doctors, family members.
For example, when the initiating requester is an authorized doctor, a dynamic protection contract is triggered, steps S1 to S3 are re-executed after the query is completed, the target public key and the target private key stored in the first chain of the block chain are updated, the digital signature and the data ciphertext stored in the second chain of the block chain are updated, and the acquired new unique retention ID is updated in the cache medium Redis of the system. That is, after the doctor obtains the authorization of the patient and initiates the checking request, the system dynamically changes the public key and the private key of the patient and the information of the corresponding block in the block chain, and the doctor needs to obtain the new authorization of the patient again if the doctor wants to check again.
After the authorization query is detected, the steps of key and data updating are set, so that the security of data storage can be effectively improved, and the key is prevented from being stolen.
The method comprises the steps that on the basis of a unique identity identification sequence code of a user, a unique target public key and a unique target private key are obtained through initialization and stored in a first chain in a block chain, then data encryption is carried out on medical data of the user in combination with a preset encryption strategy to obtain a digital signature and a data ciphertext, the digital signature and the data ciphertext are stored in a second chain in the block chain, when a viewing request is received, data inquiry and decryption are carried out according to the viewing request, and whether a first abstract value and a second abstract value are equal or not is obtained through data decryption comparison, so that whether the viewing request is authorized operation of the user can be judged; the decryption key and the encrypted data are respectively stored in different block chain chains, so that the medical data are effectively prevented from being stolen or damaged, the safety of the authentication information is ensured, and the information safety can be further improved.
Example 2
An embodiment of the present invention further provides a storage medium, on which a computer program is stored, where the computer program is used to implement the medical data encryption storage method in embodiment 1. The storage medium may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (9)

1. A medical data encryption storage method is characterized by comprising the following steps:
s1, initializing according to the unique identification serial code of the user to obtain a corresponding target public key and a target private key, and uploading to a first chain in a block chain;
s2, acquiring medical data of a user, encrypting the medical data according to a preset encryption strategy, the target public key and the target private key, and uploading the acquired digital signature and data ciphertext to a second chain in the block chain;
s3, binding the acquired unique retention ID of the second chain with a user;
s4, when a viewing request is received, respectively acquiring the target public key and the target private key from the first chain and the digital signature and the data ciphertext from the second chain according to the viewing request, and decrypting the data to obtain a first digest value and a second digest value;
s5, comparing the first abstract value with the second abstract value, and determining whether to execute the checking request according to the comparison result.
2. The medical data encryption storage method according to claim 1, wherein the step S1 is specifically: and allocating a unique identity sequence code to a user, initializing to generate a corresponding target public key and a target private key according to the unique identity sequence code and the current timestamp, and uploading the target public key and the target private key to a first chain in a block chain for storage.
3. The medical data encryption storage method according to claim 2, wherein the step S2 includes:
s21, acquiring medical data of a user, and encrypting the medical data for the first time according to a national encryption algorithm to obtain a corresponding data abstract value;
s22, encrypting the medical data and the data abstract value for the second time according to the target private key to obtain a digital signature;
s23, carrying out third encryption on the digital signature according to the target public key to obtain a data ciphertext;
and S24, uploading the digital signature and the data ciphertext to a second chain in the block chain for storage.
4. The medical data encryption storage method according to claim 1, wherein the step S3 includes:
s31, acquiring the unique retention ID of the second chain;
s32, storing the unique identification sequence code and the unique retention ID in a third storage medium in a binding mode, and setting the unique identification sequence code as a query key of the third storage medium.
5. The medical data encryption storage method according to claim 4, wherein the step S4 includes:
s41, analyzing the obtained viewing request, and determining the unique identity serial code of the user;
s42, querying the first chain and the third storage medium according to the unique identity serial code, and acquiring a corresponding target public key, a target private key and a unique retention ID;
s43, inquiring the second chain according to the unique retention ID to obtain a corresponding digital signature and a corresponding data ciphertext;
s44, decrypting the digital signature according to the target private key to obtain a first abstract, and decrypting the data ciphertext according to the target private key to obtain a second abstract.
6. The medical data encryption storage method according to claim 1, wherein the step S5 includes:
s51, comparing the first abstract value with the second abstract value, if the first abstract value and the second abstract value are equal, judging that the checking request passes the verification and enters the next step, otherwise, judging that the verification fails and rejecting the checking request;
and S52, checking whether the corresponding medical data are complete, and if so, responding to the viewing request to feed back the medical data for viewing.
7. The medical data encryption storage method according to claim 1, further comprising the steps of:
and S6, identifying the viewing request, triggering a dynamic protection contract when the initiating requester is judged to be an authorized user, re-executing the steps S1-S3 after the query is finished, and updating the corresponding first chain, the second chain and the unique retention ID.
8. The medical data encryption storage method according to claim 4, wherein: the third storage medium is a cache medium Redis.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for implementing a medical data encryption storage method according to any one of claims 1 to 8.
CN202111491952.4A 2021-12-08 2021-12-08 Medical data encryption storage method and storage medium Pending CN114386053A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111491952.4A CN114386053A (en) 2021-12-08 2021-12-08 Medical data encryption storage method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111491952.4A CN114386053A (en) 2021-12-08 2021-12-08 Medical data encryption storage method and storage medium

Publications (1)

Publication Number Publication Date
CN114386053A true CN114386053A (en) 2022-04-22

Family

ID=81196523

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111491952.4A Pending CN114386053A (en) 2021-12-08 2021-12-08 Medical data encryption storage method and storage medium

Country Status (1)

Country Link
CN (1) CN114386053A (en)

Similar Documents

Publication Publication Date Title
US10614244B1 (en) Sensitive data aliasing
US6131090A (en) Method and system for providing controlled access to information stored on a portable recording medium
CN107925581B (en) Biometric authentication system and authentication server
US8347101B2 (en) System and method for anonymously indexing electronic record systems
US7254706B2 (en) System and method for downloading of files to a secure terminal
US8607332B2 (en) System and method for the anonymisation of sensitive personal data and method of obtaining such data
US20130318361A1 (en) Encrypting and storing biometric information on a storage device
CN104704493A (en) Searchable encrypted data
CN112804218A (en) Data processing method, device and equipment based on block chain and storage medium
CN112565265A (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
WO2023154436A1 (en) Generating and maintaining digital tokens on a blockchain using physical device identifiers
US6625733B1 (en) Electronic information inquiry method
US20250053672A1 (en) System for decentralized identification of file access permission
CN113901520A (en) Data processing method, device, equipment and medium based on block chain
US20090144553A1 (en) System and method of controlling access to a device
CN114386053A (en) Medical data encryption storage method and storage medium
US20220337415A1 (en) Data Security Solution Using Randomized 3-Axis Data Shapes and Tokenized Data Element Placement of Encrypted and Non-Encrypted Data
Ko et al. A Study on Secure Medical‐Contents Strategies with DRM Based on Cloud Computing
Calani et al. Exploiting the blockchain to guarantee GDPR compliance while consents evolve under data owners' control
KR20210007687A (en) Integrated authentication and data providing method and apparatus for personal data utilization service
JP2574755B2 (en) Personal authentication system
US11822375B1 (en) Systems and methods for partially securing data
US12182309B2 (en) Method and system for unifying de-identified data from multiple sources
US11514144B1 (en) Universal identification device
JP2024124962A (en) Information processing device, user management device, user management system, computer program, information processing method, and user management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination