CN120281560A

CN120281560A - Medical examination data sharing method and system based on cloud authentication

Info

Publication number: CN120281560A
Application number: CN202510591423.3A
Authority: CN
Inventors: 刘池波
Original assignee: Taizhou Municipal Hospital
Current assignee: Taizhou Municipal Hospital
Priority date: 2025-05-08
Filing date: 2025-05-08
Publication date: 2025-07-08

Abstract

The application relates to the field of medical test data and discloses a medical test data sharing method based on cloud authentication, which comprises the following steps of dynamically desensitizing original medical test data at edge nodes to generate desensitized data meeting privacy-utility balance; the authentication method comprises the steps of verifying the identity and authority of a user at a request end through a zero knowledge proof protocol, generating an authentication result bound with a privacy policy, conducting hierarchical encryption on desensitization data based on an anti-quantum attribute-based encryption algorithm, generating a ciphertext dynamically associated with an access attribute, dynamically decrypting the data according to a real-time context parameter, and conducting secondary desensitization processing in combination with an access scene. By adopting the technical scheme of dynamic desensitization and rate distortion theoretical optimization, the technical effect of privacy-utility dynamic balance is achieved, and compared with the problems of fixed static desensitization rule, over protection or under protection in the prior art, the method solves the core defect that the method cannot adapt to the sharing requirement of multi-scene data.

Description

Medical examination data sharing method and system based on cloud authentication

Technical Field

The invention relates to the field of medical test data, in particular to a cloud authentication-based medical test data sharing method and system.

Background

The current medical inspection data sharing system generally adopts role-based access control (RBAC) and combines the traditional encryption technology to realize cloud authentication, and mainly relates to key technologies such as static data desensitization, certificate type identity verification, homomorphic encryption operation and the like. The related schemes are practically deployed in scenes such as regional medical complexes, cross-institution inspection result mutual recognition and the like, and data flow security is ensured by means of methods such as double-factor authentication, attribute-based encryption (ABE) and the like. When the prior art system is used for dealing with dynamic sharing demands, authority management is usually carried out by combining an audit log and an Access Control List (ACL), and part of the system tries to introduce a blockchain technology to realize operation and evidence storage.

However, static desensitization rules are difficult to adapt to the differential privacy requirements of multiple types of test data, the traditional identity authentication has double risks of evidence impersonation and privacy disclosure, a single encryption strategy cannot balance the instantaneity of edge computing nodes and the long-term security of central storage, and mechanical access control lacks dynamic response capability to a context environment and novel attack means, so that the defects of insufficient privacy protection intensity, low cross-domain authentication efficiency, weak quantum attack resistance and strategy iteration hysteresis systematicness are faced in the medical data sharing process.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides a medical test data sharing method and a system based on cloud authentication, which solve the problems that static desensitization rules are difficult to adapt to differentiated privacy requirements of multi-type test data in the prior art, double risks of evidence impossibility and privacy disclosure exist in traditional identity authentication, real-time performance of edge computing nodes and long-term security of central storage cannot be balanced by a single encryption strategy, and dynamic response capability systematic defects of a context environment and novel attack means are lacking in mechanical access control.

In order to achieve the purpose, the medical examination data sharing method based on cloud authentication comprises the following steps of:

Performing dynamic desensitization processing on the original medical examination data at the edge node to generate desensitized data meeting privacy-utility balance;

And dynamically desensitizing the original medical test data at the edge node to generate desensitized data meeting the privacy-utility balance. And (3) quantitatively analyzing the balance relation between the data availability and the privacy disclosure risk through a rate distortion theory optimization model, and adjusting the desensitization strategy in real time. And a feature analysis engine is arranged in the edge node, sensitive fields are identified, attribute labels are marked, and the optimal desensitization rule is dynamically generated by combining sliding window statistics and joint probability distribution. The differential privacy noise injection module generates noise based on a hardware random source, and preserves data statistics characteristics while protecting sensitive information.

The mathematical optimization framework is established through the rate distortion theory, sensitive information leakage is restrained at the information theory level, the edge calculation is used for realizing data localization processing, original data transmission is avoided, and the defending capability of differential privacy noise on background knowledge attack is enhanced.

Verifying the identity and authority of the user at the request end through a zero knowledge proof protocol, and generating an authentication result bound with the privacy policy;

And verifying the identity and authority of the user at the request end through a zero knowledge proof protocol, and generating an authentication result bound with the privacy policy. The rights statement submitted by the user is compiled into an arithmetic circuit logic constraint, and verifiable zero knowledge proof is generated based on elliptic curve bilinear pairing. In the verification process, the cloud policy management module only verifies the validity of the certificate, and does not acquire the true identity or certificate content of the user.

The zero knowledge proof realizes 'proof is authorized' through a cryptography protocol, the private information is not revealed in the verification process, bilinear pairing provides mathematical non-counterfeitability to prevent proof forging or falsification, and dynamic strategy binding enables rights to be associated with an access scene in real time.

Hierarchical encryption is carried out on the desensitized data based on an anti-quantum attribute-based encryption algorithm, and ciphertext dynamically associated with the access attribute is generated;

And carrying out hierarchical encryption on the desensitized data based on an anti-quantum attribute-based encryption algorithm to generate a ciphertext dynamically associated with the access attribute. And constructing a layered encryption system by adopting a lattice cryptographic algorithm, adopting a lightweight LWE encryption scheme by an edge cloud layer, and supporting long-term safe storage by adopting a full homomorphic BGV algorithm by a central cloud layer. The attribute policy parser encodes the access conditions into boolean logic expressions, the ciphertext decryption key only validating when the requesting end attribute matches the policy.

The lattice password is based on RLWE mathematical problems, resists quantum computing attack, gives consideration to edge computing efficiency and central storage security in hierarchical encryption, and realizes fine-granularity access control by attribute dynamic binding.

Dynamically decrypting data according to the real-time context parameters, and carrying out secondary desensitization processing by combining the access scene;

and dynamically decrypting the data according to the real-time context parameters, and carrying out secondary desensitization processing by combining the access scene. The decryption gateway integrates a context awareness engine, collects device fingerprint, geographic location and timestamp parameters, and triggers a dynamic decryption policy. When an irregular access scene is detected, a bit masking operation is applied to the decrypted data, concealing the unnecessary fields and embedding the invisible watermark.

The context parameters construct a multidimensional access scene portrait to realize dynamic authority control, secondary desensitization reduces privacy leakage risk through data degradation, and the watermarking technology provides leakage traceability.

Writing the data operation record into the blockchain for audit tracing, and iteratively updating the desensitization strategy according to the privacy attack model;

And writing the data operation record into the blockchain for audit tracing, and iteratively updating the desensitization strategy according to the privacy attack model. And the block chain link point adopts PBFT consensus mechanism to ensure that the operation log is not tamperable. The attack model training platform evaluates the protection capability of the current strategy by generating an anti-network simulation privacy attack and drives the dynamic adjustment rate distortion optimization parameters.

The block chain distributed account book guarantees the credibility and integrity of audit data, resists learning to simulate real attack behaviors, realizes active evolution of defense strategies, and ensures no service interruption of strategy iteration by a hot update mechanism.

Preferably, the dynamic desensitization treatment comprises:

Constructing a rate distortion theoretical optimization model, and restricting sensitive attribute leakage to be not more than a preset threshold value by taking the mutual information of the minimum desensitization data and the original data as a target;

Differential privacy noise is superimposed on the desensitized data, and the noise scale parameter is determined by the ratio of the global sensitivity of the utility attribute to the privacy budget.

And constructing a rate distortion theoretical optimization model, and restricting the leakage quantity of sensitive attributes not to exceed a preset threshold value by taking the mutual information of the minimum desensitization data and the original data as a target. And (3) quantitatively analyzing the balance relation between the data availability loss and the privacy disclosure risk by dynamically adjusting the conditional probability distribution. The optimization engine continuously updates the desensitization rule based on the iterative algorithm, and suppresses potential inferred paths of the sensitive information on the premise of meeting clinical analysis requirements.

The privacy protection is converted into an optimization problem under the constraint of the information theory by the rate distortion theory framework, the data relevance is reduced through mutual information minimization, and the privacy disclosure upper limit is controlled by utilizing the sensitive attribute mutual information threshold value. The dynamic adjustment mechanism enables the desensitization strategy to adapt to different data types and use scenes, and the problem of over-protection or under-protection caused by static rules is avoided.

Differential privacy noise is superimposed on the desensitized data, and the noise scale parameter is determined by the ratio of the global sensitivity of the utility attribute to the privacy budget. The noise injection module differentially configures noise intensity according to the statistical characteristics and the service requirements of the data fields. For continuous data with high sensitivity of blood sugar value, nonlinear noise scaling strategy is adopted, and for discrete classified data, disturbance mechanism based on probability distribution is applied.

Differential privacy eliminates the influence of individual data on the overall statistical result through a mathematically provable noise mechanism. The global sensitivity quantifies the maximum influence of single data change on output, and the privacy budget is combined to control noise intensity, so that the adjustable balance of privacy protection intensity and data availability is realized. The noise generator is based on a hardware true random source, and ensures that an attacker cannot reversely infer an original value through a probability model.

The rate distortion optimization engine is cooperated with the differential privacy module, and the primary desensitization data generated by the rate distortion model is used as the input of differential privacy processing, so that a dual privacy protection layer is formed. The former eliminates structural privacy disclosure through information theory constraint, and the latter resists inference attack based on background knowledge through random noise.

The dynamic adjustment unit interacts with the noise parameter library to dynamically adjust the privacy threshold of the rate distortion model and the budget allocation of the differential privacy according to the privacy attack situation (model reconstruction accuracy) monitored in real time, so as to form closed loop feedback.

The sensitivity calculator is linked with the noise injection unit, and pre-calculates the global sensitivity of each field aiming at different medical examination projects (blood routine and gene detection), stores the global sensitivity into a parameter library and guides the dynamic adaptation of noise scale.

Preferably, the rate-distortion theoretical optimization model is solved by the following objective function:

;

Wherein, the

Is the original dataAnd desensitization dataIs a mutual information of (a);

In order to account for the loss of utility of the data, As an original utility attribute,Is a desensitized attribute;

the value range is 1.0-5.0 for the utility loss weight factor;

the value range is 0.1-0.5 bit for privacy budget.

And constructing an optimization target with the minimized mutual information of the original data and the desensitized data as a core, and simultaneously restraining the sensitive attribute leakage quantity. By quantitatively analyzing the dynamic balance between data relevance and privacy risk, a composite objective function containing utility loss weights is designed. The optimization engine dynamically adjusts conditional probability distribution based on an iterative algorithm, and on the premise of meeting the availability requirement of clinical data, sensitive information leakage is restrained to the greatest extent.

The mutual information minimization eliminates the statistical relevance among the data through the information theory principle, cuts off the sensitive attribute deducing path, introduces Manhattan distance quantization data degradation to the effect of downstream tasks by the utility loss function, and dynamically adjusts the balance relation between privacy protection intensity and data availability through the weight factor. The privacy budget threshold is used as a hard constraint to ensure that sensitive information leakage is always in a controllable range.

The utility loss weight factor and the privacy budget parameters are dynamically configured according to the data usage scenario. The weight factor adjusting module combines the types of the data fields (continuous check values and discrete classification labels) and the service requirements (high data fidelity required by emergency call) to adjust the optimization direction in real time. The privacy budget management module monitors real-time attack risk, and automatically tightens the privacy disclosure threshold when a novel attack mode is detected.

The weight factor is used as an optimization direction regulator, the data utility (the blood glucose value precision is reserved) can be guaranteed preferentially by increasing the weight, otherwise, the privacy protection is enhanced, the privacy budget threshold is used as a safety valve, and the self-adaptive defense system is formed by combining attack situation perception and dynamic contraction or relaxation of constraint boundaries.

Preferably, the zero knowledge proof protocol includes:

Compiling the user permission statement into an arithmetic circuit constraint to generate a zero knowledge proof based on elliptic curve bilinear pairing;

the authentication process does not transmit the user's true identity information and binds the device fingerprint with the temporary access token.

The user rights statement is converted to an arithmetic circuit constraint, and a natural language policy ("trimethly attending physician") is mapped to a sequence of boolean logic operations by a logic expression parsing engine. The compiler carries out structural coding on the authority statement based on a preset rule base, generates a circuit topology comprising a plurality of layers of logic gates, and ensures that the authority verification condition can be expressed in a mathematical form.

The arithmetic circuit converts complex authority logic into verifiable mathematical constraint to eliminate natural language ambiguity, the multi-layer logic gate design supports nested condition judgment to realize fine granularity authority control, and the circuit topology optimization reduces verification calculation amount and improves zero knowledge proof generation efficiency.

Zero knowledge proof is generated based on bilinear pairing of elliptic curves, and the discrete logarithm problem of elliptic curve groups is utilized to ensure proof of falsification. The certification generator generates a temporary key pair through a random number seed, and combines a public reference character string to construct a certification parameter, so that a verifier can only confirm the validity of the statement and cannot reversely push a user private certificate.

Bilinear pairing provides non-interactive proving capability, verification can be completed through single communication, mathematical characteristics of elliptic curve groups guarantee strong security of proving, valid proving cannot be forged even if an attacker obtains public parameters, and a temporary key mechanism realizes 'one-time one-secret', so that privacy leakage caused by proving multiplexing is prevented.

After passing the verification, a temporary access token is generated and cryptographically bound with the requesting device fingerprint. The fingerprint acquisition module extracts the hardware characteristics (MAC address and processor serial number) of the device, generates a unique identifier through a hash function, combines the unique identifier with the token validity period field, encrypts the unique identifier, and stores the encrypted unique identifier in the verification log.

The device fingerprint provides a hardware-level identity mark, enhances the anti-tampering capability of authentication, ensures that unauthorized devices cannot be used even if certificates are revealed by dynamic binding of tokens, protects fingerprint privacy by hash encryption, and prevents reverse engineering from acquiring original hardware information.

The logic compiler is linked with the circuit optimizer, and the original circuit generated by the compiler compresses the logic level through the optimizer, so that the computational complexity of the subsequent proof generation is reduced.

The proving generator cooperates with the verification gateway, and the proving parameter output by the generator is adapted to the bilinear pairing verification algorithm of the verification gateway, so that protocol consistency is ensured.

The token manager interacts with the audit module, dynamically bound token information is synchronized to an audit log in real time, and data support is provided for abnormal access traceability.

Preferably, the elliptic curve parameters satisfy:

;

and the verification process performs a bilinear pairing operation:

;

In the formula, ,,In order to demonstrate the parameters of the device,,A member is generated for the elliptic curve group,Is a hash function.

And constructing a cryptography group by adopting a specific elliptic curve equation and modulus parameters, wherein the modulus is selected as a standardized large prime number, so as to ensure that the group operation meets the mathematical assumption of the discrete logarithm problem. And the curve parameters pass the international password standard verification, the implantation risk of the back door is eliminated, and compatibility support is provided for bilinear pairing operation.

The discrete logarithm of the elliptic curve group is a safety foundation, so that an attacker cannot deduce private information through known public parameters, the randomness of group element distribution is enhanced by a large prime modulus, an attack means based on a small group substructure is resisted, the cross-platform compatibility is ensured by standardized parameters, and the interoperability requirements among heterogeneous medical systems are met.

The verification process is based on the mathematical characteristics of bilinear mapping, and the verification validity is confirmed through pairing operation among group elements. The random disturbance factor is introduced when the proving parameter is generated, so that the intermediate variable generated by each verification is unpredictable, and replay attack or intermediate person tampering is prevented.

Bilinear pairing maps group elements to an expansion domain, realizes the mathematical binding of proving by utilizing non-degradability and calculability of the group elements, destroys a linear relation model constructed by an attacker by random disturbance factors, ensures independent safety in each verification process, and ensures that the proving cannot be forged or tampered by the uniqueness of a pairing result.

The common reference character string and the group generator are dynamically updated according to a preset period, and the updating strategy is combined with the abnormal access record in the blockchain audit log. When the potential key leakage risk is detected, triggering a group parameter rotation mechanism, regenerating an elliptic curve base point and discarding historical parameters.

The correlation between the historical data and the current system is cut off by dynamic parameter updating, forward safety is achieved, trusted abnormal event triggering basis is provided for block chain audit, objectivity of parameter rotation decision is guaranteed, and an obsolete parameter list is synchronized to all verification nodes to prevent expiration evidence from being maliciously reused.

Preferably, the quantum attribute-based encryption includes:

using RLWE problem-based lattice cryptographic algorithm to configure polynomial ring dimension Modulus of;

And generating a layered ciphertext, wherein the edge cloud ciphertext is encrypted by LWE, and the center cloud ciphertext is encrypted in a full homomorphic mode by BGV.

An encryption system is constructed by adopting a lattice cryptographic algorithm based on RLWE (on-loop fault tolerance learning) problems, and quantum attack resistance is realized through a polynomial loop structure and modulus parameter configuration. The polynomial ring dimension and the modulus are selected to balance the calculation efficiency and the security, ensure that the encryption operation can be rapidly completed in the edge calculation environment, and simultaneously meet the long-term confidentiality requirement of medical data.

The mathematical complexity of RLWE problems is based on the shortest vector problem in lattice theory, even a quantum computer cannot break in polynomial time, a high-dimension polynomial ring expands a key space, exhaustive attack is resisted, hierarchical modulus design optimizes ciphertext noise growth, and full homomorphic operation feasibility is guaranteed.

The edge cloud node adopts a lightweight LWE encryption scheme to quickly encrypt data with high time efficiency requirements, and a central cloud persistence layer deploys a BGV isomorphic encryption algorithm to support statistical analysis operation in a ciphertext state. The encryption strategy generator dynamically matches encryption levels according to data classification tags (inspection reports, image files), ensuring that high value data gets a higher level of protection.

The LWE encryption realizes high efficiency through linear operation, adapts to limited computing resources of edge nodes, supports ciphertext addition and multiplication operation by using a BGV algorithm, meets the requirement of central cloud on data mining, and realizes scene adaptation of security and availability by using a layered architecture, so that performance bottleneck of a single encryption strategy is avoided.

The attribute policy parser encodes access control conditions ("department: cardiovascular department") as mathematical constraints on the polynomial ring, bound to ciphertext. When the decryption key is generated, whether the attribute set of the request end meets the policy expression of ciphertext binding or not needs to be verified, and the key parameter is matched with the current encryption level.

The attribute binding realizes policy embedding through polynomial multiplication on the ring, ensures the inseparability of ciphertext and access conditions, prevents the decryption of high-protection hierarchical data by a low-security-level key through hierarchical matching verification, realizes fine-granularity access control by a dynamic association mechanism, and avoids the static permission defect of the traditional RBAC model.

And the parameter configurator is linked with the key generator, dynamically adjusts the polynomial ring dimension and the modulus parameter according to the hardware performance difference of the edge and the central node, and generates encryption keys adapting to different levels.

The attribute policy engine interacts with the hierarchical encryption unit, and the policy conditions are compiled into mathematical constraints in real time to drive the encryption algorithm and parameter set corresponding to the edge cloud and the center cloud selection.

The noise controller cooperates with the isomorphic operation module to monitor the BGV ciphertext noise level, trigger ciphertext refresh operation when the noise approaches the safety threshold, and maintain the feasibility of isomorphic operation.

Preferably, the LWE encryption process is expressed as:

;

Wherein:

As a common matrix of the two-dimensional matrix, Is a random vector;

, is a discrete Gaussian distribution error vector, standard deviation ;

Is a common parameter matrix.

And constructing a high-dimensional integer matrix based on the lattice cipher theory as a public parameter of the encryption system, wherein the design of the dimension and the modulus of the matrix conforms to the quantum attack resistance standard. The matrix elements are filled by a random number generator that can prove security, ensuring that their linear independence satisfies the mathematical assumption of fault-tolerant learning problems. The matrix updating period is associated with the blockchain audit log, and when abnormal access behaviors are detected, matrix reconstruction is triggered, and the association of the historical ciphertext and the current system is cut off.

The public matrix is used as a basic carrier of encryption operation, the security of the public matrix depends on the computational complexity of the shortest vector problem in lattice theory, even if an attacker obtains the matrix, a private key cannot be deduced, the dynamic reconfiguration mechanism realizes forward security, the risk of decoding a historical ciphertext caused by long-term key leakage is prevented, the security intensity and the computational overhead are balanced by matrix dimension and modulus parameters, and the resource constraint of an edge node is adapted.

During encryption, a random vector and a discrete Gaussian distribution error vector are introduced, and original data are confused through linear combination and modular operation. The random vector generator ensures uniqueness and unpredictability based on a physical entropy source (hardware noise), standard deviation parameters of error vectors are configured in a grading mode according to data sensitivity, and high-density data adopts larger disturbance intensity.

The random vector destroys the certainty of the encryption process, prevents the attack of a selected plaintext, masks the statistical characteristics of the original data by the discrete Gaussian error through the probability distribution characteristic, ensures that the ciphertext still remains indistinguishable under a quantum computing model, and realizes the scene adaptation of the safety and the computing precision by a grading error strategy so as to avoid the data misalignment caused by excessive noise.

The common matrix and error parameters are differentially configured according to the data level (edge layer, center layer). The edge layer adopts a low-dimensional matrix and a smaller modulus to improve the encryption speed, and the center layer uses high-dimensional parameters to ensure long-term security. The parameter switching engine monitors the ciphertext decryption failure rate in real time, and when the error rate exceeds a threshold value, the parameter upgrading process is triggered.

The layering parameters realize the optimal balance of the edge computing efficiency and the central storage security, the dynamic monitoring mechanism adjusts the encryption strength in a self-adaptive mode, local vulnerability caused by fixed parameters is avoided, the parameter switching process is in seamless connection, and the continuity of the encryption service is not affected.

Preferably, the dynamic decryption includes:

geographical location Time stamp;

When the access scenario is an unnecessary right, a binary masking operation is applied to the decrypted data:

;

Wherein, the Decrypted data, mask matrixAnd dynamically generating according to the role authority.

And acquiring fingerprints, geographic positions and timestamp parameters of the request terminal equipment in real time, and constructing a multidimensional access scene portrait. The device fingerprint generates a unique identity through fusing hardware identifiers (MAC addresses and IMEI numbers) by a hash function, the geographic position obtains longitude and latitude coordinates by a GPS/Beidou positioning interface, and the timeliness is ensured by synchronizing the time stamp with a system clock. When an irregular access scenario (non-working time, off-site login) is detected, dynamic decryption policy adjustment is triggered.

The device fingerprint provides hardware-level identity non-repudiation, prevents account theft, limits the geographic boundary of data access by the geofence technology, blocks cross-regional unauthorized access, and realizes time-period-based hierarchical control of data availability by linking the time stamp with a preset access policy.

And dynamically generating a binary mask matrix according to the role authority, and selectively hiding the decrypted data. The mask generator only retains the necessary fields of the current business scenario (blood type and allergy history are displayed when emergency call is made, medical history details are hidden) based on the minimum necessary principle, the proportion of the hidden fields is dynamically adjusted through a strategy engine, and the upper limit is not more than 30%. After the masking operation, invisible digital watermarks are embedded, and operator identity and time information are recorded.

The binary mask realizes the accurate control of the granularity of the data field through bit operation, avoids all or no access modes, ensures the usability of clinical diagnosis core information by minimum necessary principles, provides leakage traceability and deterres internal malicious behaviors by digital watermarking.

When the role authority is changed, the policy management center automatically issues a new mask rule to the edge node. The mask matrix version number is bound with the user authority version, and the latest rule can be loaded after the consistency of the decryption gateway check version. When it is detected that the mask data is frequently accessed, a risk assessment is triggered and the concealment ratio threshold is tightened.

The authority-mask version binding prevents excessive exposure of data caused by policy updating lag, the access frequency monitoring identifies potential data crawling behavior, the protection intensity is dynamically adjusted, the edge node preloading policy reduces decryption delay, and the fluency of a high-timeliness scene of emergency treatment is ensured.

Preferably, the policy update includes:

evaluating desensitized data attack success rate by generating countering network Dynamically adjusting privacy budgets:

;

Wherein, the In order for the rate of learning to be high,Is an attack success rate threshold;

And generating a strategy difference file by adopting BSDiff algorithm, and updating the strategy difference file to the edge node.

By creating a privacy attack simulation environment against a network (GAN), the generator attempts to reconstruct the original sensitive information from the desensitized data, and the arbiter evaluates the accuracy of the reconstructed results. The attack success rate is calculated through the reconstruction accuracy rate of the statistics generator on a preset test set, and when the accuracy rate exceeds a threshold value, a privacy budget tightening strategy is triggered. And introducing a data distribution drift compensation mechanism in the process of countermeasure training, and dynamically adjusting an attack strategy of the generator to approximate to the real attack behavior.

The method comprises the steps of generating privacy attacks in the worst case of the countermeasure learning simulation of a countermeasure network, exposing potential vulnerabilities of a desensitization strategy, quantifying the actual threat degree of the attacks by the reconstruction accuracy, providing objective basis for dynamic adjustment, and ensuring that an attack model continuously tracks data characteristic changes by distribution drift compensation so as to avoid evaluation deviation.

And adjusting privacy budget parameters through a negative feedback control algorithm according to the difference value of the attack success rate and the threshold value. When the attack success rate is continuously higher than the threshold value, the privacy budget is exponentially reduced to enhance the protection intensity, and when the attack success rate is lower than the safety baseline, the budget is linearly relaxed to improve the data utility. The adjustment process introduces smooth filtering treatment to avoid service oscillation caused by parameter mutation.

The negative feedback control establishes a dynamic balance relation between an attack situation and protection intensity to realize self-adaptive defense, exponentially adjusts and strengthens the quick response capability to high-risk attack, linearly relaxes the stability of guaranteeing the data availability recovery, and smoothly filters and eliminates noise interference to ensure the robustness of strategy adjustment.

And generating a strategy difference file by adopting BSDiff algorithm, and transmitting only the changed part of strategy parameters to the edge node. The hot deployment engine loads a new strategy in the memory and maintains the old version for standby, and the updating without service interruption is realized through flow switching. The version rollback module monitors the running index (desensitization failure rate) of the new strategy, and automatically switches to the historical stable version when abnormal.

The difference update reduces network transmission load, improves the update efficiency of the edge node, avoids the read-write delay of a disk during the memory hot loading, ensures the real-time performance in a high concurrency scene, and ensures the continuous availability of the system by providing update fault-tolerant capability through a version rollback mechanism.

The attack success rate index is synchronized to the budget manager in real time, and the closed-loop adjustment of the privacy parameters is driven.

The BSDiff engine interacts with the edge node policy library, namely, the difference file is written in through an incremental update interface of the edge computing node, so that bandwidth occupation and storage overhead are reduced.

The attack log analyzer cooperates with the blockchain audit module to synchronize the abnormal samples used in the attack model training to the blockchain memory card and provide verifiable data sources for policy optimization.

A system based on the above method, comprising:

The dynamic desensitization module is deployed at the edge node and internally provided with a rate distortion optimization engine and a differential privacy noise injection unit;

the zero knowledge authentication gateway, the integrated arithmetic circuit compiler and the bilinear pairing verifier support zk-SNARK protocol;

the hierarchical encryption unit is used for configuring a grid password parameter generator and realizing the hierarchical encryption of LWE and BGV algorithms;

And the strategy management center is connected with the blockchain audit node and the attack model training platform and drives closed-loop strategy updating.

The invention provides a medical examination data sharing method and system based on cloud authentication. The beneficial effects are as follows:

1. The invention adopts a dynamic desensitization and rate distortion theoretical optimization technical scheme, achieves the technical effect of privacy-utility dynamic balance, and solves the core defect that the invention can not adapt to the sharing requirement of multi-scene data compared with the problems of fixed, over-protection or under-protection of static desensitization rules in the prior art.

2. According to the invention, through the technical scheme of dynamic binding of zero knowledge proof and equipment fingerprints, the identity authentication effect without trust dependence is realized, and compared with the defect that privacy information is easy to reveal in certificate or password authentication in the prior art, the key short board that internal personnel override or falsify identity cannot be resisted is solved.

3. The quantum security fine granularity access control effect is formed based on the quantum layered encryption resistance and attribute dynamic association technical scheme, compared with the problem that a single encryption strategy in the prior art is difficult to consider efficiency and long-term security, the quantum security fine granularity access control method solves the obvious weakness that quantum computing attack and dynamic authority management cannot be handled.

4. The invention combines the technical scheme of context sensing and countermeasure learning strategy iteration, builds the technical effect of a self-adaptive privacy protection system, and solves the inherent limitation that the self-adaptive privacy protection system cannot cope with novel attack and complex scene evolution compared with the defects of mechanical access control and static defense strategies in the prior art.

Drawings

FIG. 1 is a schematic flow chart of the method of the present invention;

fig. 2 is a system architecture diagram of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Examples:

Referring to fig. 1-2, an embodiment of the invention provides a medical examination data sharing method based on cloud authentication, which includes the following steps:

step S1, dynamic desensitization treatment of edge node

In the medical examination data sharing method based on cloud authentication, step S1 serves as a core link of data preprocessing, and forms a technical closed loop with subsequent authentication and encryption steps. Specifically, after the privacy desensitization of the edge node is completed, the original check data is uploaded to the cloud through the encryption channel, and input data conforming to the privacy specification is provided for zero-knowledge authentication in the step S2.

In some embodiments, after the edge node receives the raw medical test data, the data fields are first partitioned by a structured parsing engine. Specifically, for HL7FHIR format data, the patient identifier, test item code, and numeric result fields are extracted. The sensitive attribute tagging module identifies a set of sensitive fields S based on a pre-set keyword library ("HIV positive" "tumor markers"). The utility attribute set U is dynamically selected according to the downstream task demand, and the blood sugar value and the continuous white blood cell count value are obtained.

In general, the joint probability distribution P (X, S, U) is estimated by a sliding window statistical method:

;

Wherein, the In order to indicate the function,Is the historical data sample size.

In one possible implementation, the objective function is designed to minimize mutual information between the desensitized data and the original data and to constrain the amount of sensitive attribute leakage. Specifically, the optimization problem is expressed as:

;

In the formula, Representing mutual information;

As a function of the loss of utility, Selecting Manhattan distance;

Is an adjustable weight factor (typical value 1.0-5.0);

is a privacy budget (typical value 0.1-0.5 bits).

In some embodiments, the optimal condition distributionIterative calculations were performed by a modified Blahut-Arimoto algorithm. The specific implementation method comprises the following steps:

Initializing a conditional probability matrix Is uniformly distributed;

the iterative update rule is:

;

Wherein, the Updating by an adaptive adjustment strategy for Lagrangian multipliers:

;

the learning rate is (typical value is 0.01-0.1).

The termination condition is set to be that the mutual information variation of 10 continuous iterations is smaller than。

Alternatively, the optimal desensitization data is obtainedThereafter, to the utility attributes thereinLaplace noise is injected to further enhance privacy protection. Specifically:

;

Noise scale parameter By global sensitivityAnd privacy budgetsAnd (3) determining:

;

In the formula, The global sensitivity of the blood glucose level was 200mg/dL;

is a differential privacy budget (typical values 0.1-1.0).

Step S2, zero knowledge identity authentication process

In the medical examination data sharing method based on cloud authentication, the step S2 serves as a core link of access control, and is linked with the desensitization processing of the step S1 and the subsequent encryption and decryption flow forming technology. Specifically, the desensitization data generated in step S1 needs to ensure that only authorized users can access through zero knowledge authentication in step S2, and meanwhile, leakage of true identity information of the users is avoided, so that a trusted authority determination basis is provided for attribute-based encryption in step S3.

In some embodiments, the identity claims submitted by the doctor terminal are in JSON-LD structured format. Specifically, the declaration content includes a role identification, organization code, and authority age field. The declaration compiler converts the natural language policy ("emergency doctor rights with hospital a") into boolean logic expressions.

In one possible implementation, the arithmetic circuit generator builds constraints based on an R1CS (Rank-1 ConstraintSystem) model. When verifying whether the digital certificate hash value exists in the precompiled legal list, the circuit contains the following constraints:

;

In the formula, For the hash value of the certificate to be verified,Is a list of legal hashes.

In general, the zk-SNARK protocol uses a BN128 elliptic curve whose parameters are defined as:

;

The trusted settings phase generates a Common Reference String (CRS) by secure multiparty computation. Specifically, the number of participants is not less than 3, and the random number seeds of the respective parties are mixed by a threshold signature protocol.

Alternatively, when compliance with national standards is desired, the elliptic curve may be replaced with an SM2 curve, whose equation is:

;

In some embodiments, the attestation generation phase invokes the Groth16 algorithm to generate a zero knowledge attestation. Specifically, for declarations of And privacy credentialProof ofThe calculation process of (1) satisfies the following conditions:

;

In the formula, As a common parameter in the CRS,,In the form of a random number,For the output of the hash function,Is a polynomial coefficient.

The verification stage performs a bilinear pairing operation, determining whether the following equation holds:

;

Wherein, the As a function of the hash-up,For a bilinear mapping,,Respectively elliptical curve groups,Is a generator of (1).

In one possible implementation, the temporary access token is generated after authentication passes. Specifically, the token validity period is 15 minutes, and the fingerprint information of the requesting device is bound. The device fingerprint is generated by the following feature combination:

;

In the formula, For the SHA3-256 hash function,Representing a string join operation.

The embodiment realizes the high-security authentication of the non-trusted third party through zero knowledge proof. In some extended embodiments:

the hash function can be replaced by BLAKE2b algorithm to improve the calculation efficiency;

Declaring a policy extensible support time-lock condition ("valid only at 9:00-18:00"), where a timestamp comparison constraint is to be added to the arithmetic circuitry;

bilinear pairing operations may use the Ate pairing to optimize the computation speed.

Step S3, hierarchical attribute-based encryption storage

In the medical examination data sharing method based on cloud authentication, the step S3 serves as a core link of data security storage and is cooperated with the desensitization processing of the step S1 and the authentication result forming technology of the step S2. Specifically, the desensitization data generated in the step S1 is required to be stored in a layered manner through the quantum-resistant encryption algorithm in the step S3, and meanwhile, the authority authentication result in the step S2 is dynamically bound to the ciphertext attribute strategy, so that a strategy matching basis is provided for context-aware decryption in the subsequent step S4.

In some embodiments, an anti-quantum property-based encryption scheme is built based on RLWE (RingLearningWithErrors) problems. Specifically, the following lattice password parameters are selected:

Polynomial ring dimension: ;

Modulus: (satisfy the following );

Error distribution, discrete Gaussian distribution(Standard deviation))。

In the main key generation stage, a central cloud platform generates a public matrixTrapdoor baseWherein. Specifically, matrixConstructed by NISTDRBG random number generator and satisfies:

;

In the formula, The disclosed Gadget matrix is used for realizing efficient lattice operation.

In one possible implementation, the access policy is expressed by monotonic boolean logic. "Emergency doctor AND Hospital A" may be encoded as an attribute vectorWhereinThe total number of attributes is preset for the system. The user private key generation algorithm applies the GPV (Gentry-Peikert-Vaikuntanathan) sampling technique:

;

Specifically, when an attribute vector When the strategy is satisfied, trapdoor baseThe corresponding decryption key may be derived.

In some embodiments, the desensitized dataLayered encryption according to timeliness:

1. edge cloud cache layer:

encrypting recent data (within 7 days), encrypting with lightweight LWE:

;

In the formula, As a common matrix of the two-dimensional matrix,As a random vector of values,,Is a discrete Gaussian distribution error vector, standard deviation,Is a common parameter matrix.

And the ciphertext-related attribute tag (department: emergency department) is stored in the regional edge node.

2. Center cloud persistence layer:

encrypting long-term data by adopting a fully homomorphic BGV scheme:

;

In the formula, As a random vector of values,Is an error term.

The ciphertext strategy is expanded into a time constraint expression (the validity period is less than or equal to 5 years) and is stored in a central cloud cold storage.

Alternatively, the automatic re-encryption flow is triggered when the access policy is changed. Specifically, the new and old policy differenceUpdating ciphertext by:

;

In the formula, For the newly added random vector, the forward security is ensured.

The above embodiments achieve a balance of storage efficiency and security through hierarchical encryption. In some extended embodiments:

the edge cloud cache layer can manage the storage space by adopting an LRU replacement algorithm;

the central cloud cold storage can be configured into a 6+3 erasure code redundancy mode, so that disaster recovery capacity is improved;

the attribute vector encoding may be replaced with a secret sharing scheme based on Shamir threshold.

Step S4, context-aware dynamic decryption

In the medical examination data sharing method based on cloud authentication, step S4 serves as a core link of data access control, and is linked with the authentication result of step S2 and the encryption storage strategy forming technology of step S3. Specifically, after the user authority is verified through zero-knowledge authentication in the step S2, the ciphertext generated in the step S3 is dynamically decrypted in the step S4 according to the real-time access scene, and secondary desensitization is performed by combining a context awareness strategy, so that the data can meet clinical requirements on the premise of minimizing privacy leakage risks.

In some embodiments, after receiving the decryption request, the cloud first parses the ciphertext-bound property policy. Specifically, for the edge Yun Miwen generated in step S3,The attribute matcher executes a rapid bloom filter operation to verify the attribute set of the request endWhether or not the policy tree is satisfied。

In one possible implementation, the dynamic decryption key generation employs a lattice rounding algorithm:

;

In the formula, For the user private key derived in step S3,The function is rounded to the power of 2 for eliminating noise interference.

Specifically, the context awareness engine collects the following parameters in real time:

Device fingerprint-computing device unique identification by hash function:

;

In the formula, The SM3 national cryptographic hash algorithm is selected and used,Representing a string join operation.

Geographic position, calling GeoIP2 database to analyze IP address to obtain longitude and latitude coordinates。

Time stamp-synchronized NTP Server gets atomic clock timeAnd checking whether the time window is within the policy allowable range.

When an irregular access scenario (dead time or strange device) is detected, a secondary desensitization rule base is triggered.

Alternatively, the decrypted dataAnd carrying out field hiding according to a preset rule. Specifically, for access requests by non-attending physicians, the bit-masking operation is used to conceal sensitive fields:

;

In the formula, Is a binary mask matrix, its elementsThe definition is as follows:

;

Meanwhile, invisible digital watermarks are embedded in the data stream, and the watermark strength parameters are as follows:

;

ensuring that the watermark does not affect the downstream analysis tasks by more than 5%.

In one possible implementation, the system monitors response delay of decryption requests. When (when)And starting the bandwidth capacity expansion flow of the edge node:

;

In the formula, For the current bandwidth to be available,To adjust the post-bandwidth. If 5 consecutive requests timeout, triggering a fusing mechanism, suspending the user access authority for 30 minutes.

Step S5, block chain audit and strategy update

In the medical examination data sharing method based on cloud authentication, the step S5 is used as a feedback optimization link of a technical closed loop, and forms a dynamic association with the decryption access log of the step S4 and the desensitization strategy of the step S1. Specifically, the operation record generated in the step S4 is verified to be tamper-proof through the blockchain storage in the step S5, and the rate distortion optimization parameters in the step S1 are updated according to the latest privacy attack model, so as to form an adaptively enhanced privacy protection mechanism.

In some embodiments, the audit log is stored in key-value pairs, including operation time, user fingerprint, data hash fields. Specifically, the log entry is structured and encoded in ProtocolBuffers format, and the hash value is calculated by SM3 cryptographic algorithm:

;

In the formula, Is a random number (128 bits in length) for preventing rainbow table attacks. The block hash calculation adopts Merkle tree aggregation:

;

Wherein, the Merkle tree roots hashed for all log entries of the block,The random number is demonstrated for the workload.

In one possible implementation, the blockchain network employs PBFT (PracticalByzantineFaultTolerance) consensus algorithm. Specifically, for each new block, at leastAgreement of individual nodes, whereinIs the total node number (typical value)。

The smart contracts are deployed as the following functions:

the strategy updating trigger is that when a novel privacy attack mode is detected, a strategy optimizing request is automatically generated;

version rollback if the new strategy causes the accuracy of the downstream task to drop beyond a threshold Rollback to the previous generation strategy.

In some embodiments, the privacy attack model is built using a Generation Antagonism Network (GAN). A generatorAttempting to desensitize data fromReconstructing original sensitive attributesDistinguishing deviceThe real and the generated data are distinguished. The objective function is:

;

after training convergence, attack success rate Adjusting privacy budgets for step S1:

;

In the formula,For a learning rate (typical value 0.1),Is a threshold (20%).

Alternatively, the policy update file is distributed via an incremental transport protocol. Specifically, the difference fileThe calculation formula of (2) is as follows:

;

In the formula, The compression rate can reach more than 90% for binary difference algorithm. Edge node receptionThen, loading a new strategy in real time through a memory patch technology:

;

Version management maintains a most recent 3 rd generation policy snapshot with snapshot metadata stored on IPFS distributed networks.

Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims

1. The medical examination data sharing method based on cloud authentication is characterized by comprising the following steps of:

and writing the data operation record into the blockchain for audit tracing, and iteratively updating the desensitization strategy according to the privacy attack model.

2. The cloud authentication-based medical test data sharing method of claim 1, wherein the dynamic desensitization process comprises:

3. The cloud authentication-based medical test data sharing method according to claim 2, wherein the rate-distortion theoretical optimization model is solved by the following objective function:

;

Wherein, the

Is the original dataAnd desensitization dataIs a mutual information of (a);

the value range is 1.0-5.0 for the utility loss weight factor;

the value range is 0.1-0.5 bit for privacy budget.

4. The cloud authentication-based medical test data sharing method of claim 1, wherein the zero knowledge proof protocol comprises:

5. The cloud authentication-based medical test data sharing method of claim 4, wherein the elliptic curve parameters satisfy:

;

and the verification process performs a bilinear pairing operation:

;

6. The cloud authentication-based medical verification data sharing method according to claim 1, wherein the anti-quantum attribute-based encryption comprises:

7. The cloud authentication-based medical verification data sharing method of claim 6, wherein the LWE encryption process is expressed as:

;

Wherein:

As a common matrix of the two-dimensional matrix, Is a random vector;

, is a discrete Gaussian distribution error vector, standard deviation ;

Is a common parameter matrix.

8. The cloud authentication-based medical verification data sharing method of claim 1, wherein the dynamically decrypting comprises:

geographical location Time stamp;

;

9. The cloud authentication-based medical verification data sharing method of claim 1, wherein the policy update comprises:

;

10. A system based on the method of claim 1, comprising: