Summary of the invention
The object of the invention is to be achieved through the following technical solutions.
According to the embodiment of the present invention, propose a kind of portable medical sensitive data encryption method, described method comprises:
S1, the supplemental characteristic that collection is relevant to user health carried out the first encryption, and the image data of carrying out after the first encryption are sent to electronic health record unit before sending the data that gather;
S2, when user accesses electronic health record unit, carry out the authentication to user, and after by authentication, unlocking electronic case history unit;
S3, the digital health archives that generate are carried out to the second encryption;
S4, to having carried out the image data of the first encryption and having carried out the second encryption digital health archives and carried out the 3rd encryption;
S5, to having carried out preparing after the 3rd encryption being uploaded to image data and the digital health file data of macrodata storage unit, carry out the 4th encryption.
According to the preferred embodiment of the present invention, described step S2 specifically comprises:
By user, identify access unit and carry out the authentication to user, described user identifies access unit and comprises card reader and authentication unit, wherein
B1, described card reader send the inquiry instruction with the first pseudo-random number to user RFID label;
B2, described RFID label receive after inquiry instruction, from RFID label chip internal programmable ROM (read-only memory), read the first key, the first key and the first pseudo-random number are carried out to Hash operation, the second data and unique identifier after encrypting are carried out to mask by the first random number, then the first data that mask is obtained send card reader to;
B3, card reader correctly recognize after the first data after above-mentioned mask, send the first data to authentication unit together with the first pseudo-random number;
B4, authentication unit judge in the steps below to the first data and the first pseudo-random number:
B41, remove the mask in the first data, obtain the second data and unique identifier after Hash operation;
B42, according to unique identifier, from the storage information of authentication unit, obtain the first corresponding key;
B43, the first key is carried out to Hash operation with the first pseudo-random number according to algorithm identical in step B2, obtain the 3rd data;
B44, the 3rd data and the second data are compared, if equated, think that label is legal, otherwise think that label is pseudo-label, stop communication;
If B5 label is legal RFID label, authentication unit takes out from macrodata storage unit, and the second key and unique identifier C are carried out to Hash operation, obtains the 4th data, and sends to card reader;
B6, card reader send the 4th data to RFID label;
B7, RFID label receive after the 4th data, from RFID label chip internal programmable ROM (read-only memory), read the second key, then according to the identical algorithm of step B5, the second key and unique identifier are carried out to Hash operation, obtain the 5th data; Compare the 4th data and the 5th data, if equated,, by authentication, interactive authentication completes again; Otherwise, authentification failure, RFID label does not respond other instructions of this card reader;
B8, after completing authentication, card reader and label both sides upgrade the first key in an identical manner, the second key.
According to the preferred embodiment of the present invention, described step S3 specifically comprises: by electronic signature unit, carry out described the second encryption:
A1, generate after newly-built digital health archives, to electronic signature unit, send the signature request of appending that comprises signer identity and subscriber identity information;
A2, electronic signature unit extract signer identity, the subscriber identity information appending in signature request;
A3, electronic signature unit complete authentication according to the following steps:
A31, electronic signature unit send random message to electronic health record unit;
A32, electronic health record unit signer feed back to electronic signature unit with private key after to this message encryption;
The PKI of A33, electronic signature cell call signer is to decrypt messages, and whether comparison is consistent with random message, carries out in this way steps A 4, otherwise execution step A11;
A4, electronic signature unit, by authentication, connect with macrodata storage unit, by signer identity, the subscriber identity information extracting, macrodata storage unit are carried out to query manipulation, and return to Query Result to electronic health record unit; If Query Result is empty, execution step A5, otherwise execution step A6;
A5, electronic health record unit directly, to sending to electronic signature unit after newly-built digital health archives signature, then perform step A9;
A6, electronic signature unit extract corresponding original digital health archives from macrodata storage unit, preserve, and send a to electronic health record unit after removal document signature information;
A7, electronic health record unit are appended to newly-built digital health archives after original digital health archives of reception, form and upgrade digital health archives, after upgrading digital health archives signature, send to electronic signature unit;
A8, electronic signature unit will compare with original digital health archives corresponding part in the renewal digital health archives after signature, as found to be tampered, and execution step A11, otherwise execution step A9;
After the PKI of A9, electronic signature cell call signer is decrypted the digital health archives signature from electronic health record unit, contrast with the corresponding data of corresponding digital health archives, if comparing result, unanimously by signature verification, performs step A10, otherwise execution step A11;
A10, the digital health archives by signature authentication are deposited in macrodata storage unit, as exist original digital health archives to delete;
A11, feedback result message are to electronic health record unit.
According to the preferred embodiment of the present invention, described step S4 specifically comprises:
By the pre-ciphering unit of macrodata, carry out described the 3rd encryption:
C1, read file destination;
C2, whole file is carried out to the digital summary computing in Secure Hash Algorithm-256, obtain source document hashed value;
C3, file is decomposed into file end is divided and document body part;
C4, (263, 264-1] in set, obtain at random a number X ';
C5, by file end divide, source document hashed value and random number X ' packing obtain core data;
C6, use RSA PKI are encrypted core data, form encrypt file bag;
C7, document body is partly divided into the data block of 32 byte-sized, if last data block is less than 32 bytes, last data block is carried out to cover and make it equal 32 bytes, the data block total number obtaining is designated as m;
C8, according to formula Xn+1=μ Xn(1-Xn) carry out recursive operation, until generate Xk+m, n is natural number, and k is 4, the end decimal number of random number X ', and μ is recurrence parameter, initial value X0for primary key, X0computing formula be X0=(X '-263)/263;
The initial value of C9, setting variable i is 1;
C10, by Xk+ias the input of Secure Hash Algorithm-256, the CHAR of output 32 bytes, as the AES dynamic key of i data block, then enters step C11;
C11, utilize AES dynamic key to be encrypted corresponding data block, then enter step C12;
The size of C12, judgement i and m, if i<m increases 1 by i, then jumps to step C10; If i=m, enters step C13;
C13, m data block by encrypt file bag and after encrypting are packaged into digital envelope, and digital envelope is sent to macrodata distributed storage ciphering unit.
According to the preferred embodiment of the present invention, described step S5 specifically comprises: by macrodata distributed storage ciphering unit, carry out described the 4th encryption:
D1, macrodata distributed storage ciphering unit are received the write request of the pre-ciphering unit of macrodata, the reference position O of include file name, write request and write request length L;
D2, to make T be the higher value in the length of (O+L) and source document, check whether the existing storage space of source document is more than or equal to T, if, existing storage space is used for storing data to be written, otherwise, macrodata storage unit reads keeper's configuration information or Uses Defaults, and determines file distribution formula backup number R, minute block size B, fragment size S and encryption algorithm type; Macrodata storage unit, according to storer total volume, is chosen the storer of R least-loaded as new storage space, and by existing storage space, for storing the front portion of data to be written, new storage space is for storing the remaining data of the data that write; The relevant data that write request is needed comprise piecemeal size B, fragment size S, and encryption algorithm type returns to the pre-ciphering unit of macrodata in the mode of safety;
D3, the pre-ciphering unit of macrodata calculate the piece O/B at write request reference position place, calculate write request reference position P1 and end position P2 in data block;
D4, judge that reference position P1 and end position P2, whether at the edge of section, if so, proceed to step D5, otherwise reference position P1 or end position P2, in the centre of certain section, read this section of original information, and deciphering, step D5 entered;
D5, data to be written in this piece are carried out to sectional encryption, and be written to a plurality of backup of memory;
D6 is if carry out for the first time this step, and write request end position and reference position be not in same, calculates reference position P1 and the end position P2 of write request in second piece, then forwards step D4 to; Otherwise, forward step D7 to;
D7, macrodata distributed storage ciphering unit send write request to the pre-ciphering unit of macrodata and complete feedback information.
Portable medical sensitive data encryption method of the present invention, all links in whole medical procedures have been contained, can effectively prevent the leakage of data in each link, when more convenient and effective medical services are provided to user, ensure the safety of user related information, there is wide market outlook and beneficial effect.
Embodiment
Illustrative embodiments of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown illustrative embodiments of the present disclosure in accompanying drawing, yet should be appreciated that and can realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order more thoroughly to understand the disclosure that these embodiments are provided, and can by the scope of the present disclosure complete convey to those skilled in the art.
According to the embodiment of the present invention, a kind of portable medical data encryption system is proposed, as shown in Figure 1, described system comprises that data transmission ciphering unit, user identify access unit, electronic health record unit, electronic signature unit, the pre-ciphering unit of macrodata, macrodata storage unit and macrodata distributed storage ciphering unit;
Described data transmission ciphering unit for after gathering the supplemental characteristic relevant to user health, was encrypted, and the image data after being encrypted is sent to electronic health record unit before sending the data that gather;
Described user identifies access unit when user accesses electronic health record method, carries out the authentication to user, and after by authentication, unlocking electronic case history method;
Described electronic health record unit is used for according to the image data receiving and doctor's diagnostic data generating digital health account;
Sign for the digital health archives that electronic health record unit is generated in described electronic signature unit, for guaranteeing the authenticity of data and preventing from being tampered;
The pre-ciphering unit of described macrodata is for encrypting being in advance about to be uploaded to the data of macrodata storage unit, and the described data that are about to be uploaded to macrodata storage unit comprise image data after encryption and through the digital health archives of electronic signature;
Described macrodata storage unit is for storing whole users' encrypted image data and the digital health archives through signing electronically, described macrodata storage unit is distributed storage, it comprises and is arranged at the high in the clouds macrodata administrative unit of administration of health department and the distributed memory that is arranged at each medical institutions, described distributed memory is all set to 1+n redundancy backup, adopts high speed fibre to connect between each distributed memory;
Described macrodata distributed storage ciphering unit is encrypted for carrying out the macrodata of distributed storage.
According to the embodiment of the present invention, also propose a kind of portable medical sensitive data encryption method, as shown in Figure 2, described method comprises:
S1, the supplemental characteristic that collection is relevant to user health carried out the first encryption, and the image data of carrying out after the first encryption are sent to electronic health record unit before sending the data that gather;
S2, when user accesses electronic health record unit, carry out the authentication to user, and after by authentication, unlocking electronic case history unit;
S3, the digital health archives that generate are carried out to the second encryption;
S4, to having carried out the image data of the first encryption and having carried out the second encryption digital health archives and carried out the 3rd encryption;
S5, to having carried out preparing after the 3rd encryption being uploaded to image data and the digital health file data of macrodata storage unit, carry out the 4th encryption.
According to the preferred embodiment of the present invention, as shown in Figure 3, described data transmission ciphering unit comprises: DB44 input port, FPGA enciphering/deciphering processing module, DB44 output port, random number generation module, Flash memory chip and testing circuit;
Described DB44 input port is connected with FPGA enciphering/deciphering processing module, and DB44 output port is connected with FPGA enciphering/deciphering processing module; DB44 input port receives the signal of higher level's link arrival and carries enough in FPGA enciphering/deciphering processing module, FPGA enciphering/deciphering processing module is extracted data message and is adopted block cipher to carry out enciphering/deciphering to data, then export by enciphering/deciphering data and arrive DB44 output port, flow into next processing unit of communication link; Random number generation module is connected with FPGA enciphering/deciphering processing module, and the desirable true random sequence that random number generation module produces is input to FPGA enciphering/deciphering processing module, as the initial encryption key of block encryption algorithm; Flash memory chip is connected with FPGA enciphering/deciphering processing module, and the algorithm routine that whole enciphering/deciphering module electrifying startup stage F PGA enciphering/deciphering processing module reads the inner pre-stored of Flash memory chip is configured; Testing circuit is connected with FPGA enciphering/deciphering processing module, and on-line testing and calibration function are provided;
Described DB44 input port completes the physical layer interface function with communication link upper level;
Described FPGA enciphering/deciphering processing module is core information processing unit, and it consists of monolithic fpga chip, completes input message extraction, enciphering/deciphering processing and message sending function; Described FPGA enciphering/deciphering processing module is carried out enciphering/deciphering to information and is adopted symmetric block ciphers technology, and mode of operation is selected output feedback mode;
Described DB44 output port completes the physical layer interface function with communication link next stage;
Described random number generation module provides initial key owing to producing desirable true random number and being input to FPGA enciphering/deciphering processing module for cryptographic algorithm;
Described Flash memory chip is mainly used in preserving the configurator that powers on, and it is to have to meet at method programing function and capacity the nonvolatile memory of configurator size requirement;
Described testing circuit is realized the test of transmitting encrypted data and calibration.
According to the preferred embodiment of the present invention, described step S2 specifically comprises:
By user, identify access unit and carry out the authentication to user, described user identifies access unit and comprises card reader and authentication unit, wherein:
B1, described card reader send the inquiry instruction with the first pseudo-random number to user RFID label;
B2, described RFID label receive after inquiry instruction, from RFID label chip internal programmable ROM (read-only memory), read the first key, the first key and the first pseudo-random number are carried out to Hash operation, the second data and unique identifier after encrypting are carried out to mask by the first random number, then the first data that mask is obtained send card reader to;
B3, card reader correctly recognize after the first data after above-mentioned mask, send the first data to authentication unit together with the first pseudo-random number;
B4, authentication unit judge in the steps below to the first data and the first pseudo-random number:
B41, remove the mask in the first data, obtain the second data and unique identifier after Hash operation;
B42, according to unique identifier, from the storage information of authentication unit, obtain the first corresponding key;
B43, the first key is carried out to Hash operation with the first pseudo-random number according to algorithm identical in step B2, obtain the 3rd data;
B44, the 3rd data and the second data are compared, if equated, think that label is legal, otherwise think that label is pseudo-label, stop communication;
If B5 label is legal RFID label, authentication unit takes out from macrodata storage unit, and the second key and unique identifier C are carried out to Hash operation, obtains the 4th data, and sends to card reader;
B6, card reader send the 4th data to RFID label;
B7, RFID label receive after the 4th data, from RFID label chip internal programmable ROM (read-only memory), read the second key, then according to the identical algorithm of step B5, the second key and unique identifier are carried out to Hash operation, obtain the 5th data; Compare the 4th data and the 5th data, if equated,, by authentication, interactive authentication completes again; Otherwise, authentification failure, RFID label does not respond other instructions of this card reader;
B8, after completing authentication, card reader and label both sides upgrade the first key in an identical manner, the second key.
According to the preferred embodiment of the present invention, described step S3 specifically comprises: by described electronic signature unit, carry out described the second encryption:
A1, electronic health record unit generate after newly-built digital health archives, to electronic signature unit, send the signature request of appending that comprises signer identity and subscriber identity information;
A2, electronic signature unit extract signer identity, the subscriber identity information appending in signature request;
A3, electronic signature unit complete authentication according to the following steps:
A31, electronic signature unit send random message to electronic health record unit;
A32, electronic health record unit signer feed back to electronic signature unit with private key after to this message encryption;
The PKI of A33, electronic signature cell call signer is to decrypt messages, and whether comparison is consistent with random message, carries out in this way steps A 4, otherwise execution step A11;
A4, electronic signature unit, by authentication, connect with macrodata storage unit, by signer identity, the subscriber identity information extracting, macrodata storage unit are carried out to query manipulation, and return to Query Result to electronic health record unit; If Query Result is empty, execution step A5, otherwise execution step A6;
A5, electronic health record unit directly, to sending to electronic signature unit after newly-built digital health archives signature, then perform step A9;
A6, electronic signature unit extract corresponding original digital health archives from macrodata storage unit, preserve, and send a to electronic health record unit after removal document signature information;
A7, electronic health record unit are appended to newly-built digital health archives after original digital health archives of reception, form and upgrade digital health archives, after upgrading digital health archives signature, send to electronic signature unit;
A8, electronic signature unit will compare with original digital health archives corresponding part in the renewal digital health archives after signature, as found to be tampered, and execution step A11, otherwise execution step A9;
After the PKI of A9, electronic signature cell call signer is decrypted the digital health archives signature from electronic health record unit, contrast with the corresponding data of corresponding digital health archives, if comparing result, unanimously by signature verification, performs step A10, otherwise execution step A11;
A10, the digital health archives by signature authentication are deposited in macrodata storage unit, as exist original digital health archives to delete;
A11, feedback result message are to electronic health record unit.
According to the preferred embodiment of the present invention, described step S4 specifically comprises by the pre-ciphering unit of described macrodata and carries out described the 3rd encryption:
C1, read file destination;
C2, whole file is carried out to the digital summary computing in Secure Hash Algorithm-256, obtain source document hashed value;
C3, file is decomposed into file end is divided and document body part;
C4, (263, 264-1] in set, obtain at random a number X ';
C5, by file end divide, source document hashed value and random number X ' packing obtain core data;
C6, use RSA PKI are encrypted core data, form encrypt file bag;
C7, document body is partly divided into the data block of 32 byte-sized, if last data block is less than 32 bytes, last data block is carried out to cover and make it equal 32 bytes, the data block total number obtaining is designated as m;
C8, according to formula Xn+1=μ Xn(1-Xn) carry out recursive operation, until generate Xk+m, n is natural number, and k is 4, the end decimal number of random number X ', and μ is recurrence parameter, initial value X0for primary key, X0computing formula be X0=(X '-263)/263;
The initial value of C9, setting variable i is 1;
C10, by Xk+ias the input of Secure Hash Algorithm-256, the CHAR of output 32 bytes, as the AES dynamic key of i data block, then enters step C11;
C11, utilize AES dynamic key to be encrypted corresponding data block, then enter step C12;
The size of C12, judgement i and m, if i<m increases 1 by i, then jumps to step C10; If i=m, enters step C13;
C13, m data block by encrypt file bag and after encrypting are packaged into digital envelope, and digital envelope is sent to macrodata distributed storage ciphering unit.
According to the preferred embodiment of the present invention, described step S5 specifically comprises: by macrodata distributed storage ciphering unit, carry out described the 4th encryption:
D1, macrodata distributed storage ciphering unit are received the write request of the pre-ciphering unit of macrodata, the reference position O of include file name, write request and write request length L;
D2, to make T be the higher value in the length of (O+L) and source document, check whether the existing storage space of source document is more than or equal to T, if, existing storage space is used for storing data to be written, otherwise, macrodata storage unit reads keeper's configuration information or Uses Defaults, and determines file distribution formula backup number R, minute block size B, fragment size S and encryption algorithm type; Macrodata storage unit, according to storer total volume, is chosen the storer of R least-loaded as new storage space, and by existing storage space, for storing the front portion of data to be written, new storage space is for storing the remaining data of the data that write; The relevant data that write request is needed comprise piecemeal size B, fragment size S, and encryption algorithm type returns to the pre-ciphering unit of macrodata in the mode of safety;
D3, the pre-ciphering unit of macrodata calculate the piece O/B at write request reference position place, calculate write request reference position P1 and end position P2 in data block;
D4, judge that reference position P1 and end position P2, whether at the edge of section, if so, proceed to step D5, otherwise reference position P1 or end position P2, in the centre of certain section, read this section of original information, and deciphering, step D5 entered;
D5, data to be written in this piece are carried out to sectional encryption, and be written to a plurality of backup of memory;
D6 is if carry out for the first time this step, and write request end position and reference position be not in same, calculates reference position P1 and the end position P2 of write request in second piece, then forwards step D4 to; Otherwise, forward step D7 to;
D7, macrodata distributed storage ciphering unit send write request to the pre-ciphering unit of macrodata and complete feedback information.
The above; be only the present invention's embodiment preferably, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by the described protection domain with claim.