CN113766512A - Medical big data information safety processing method and system - Google Patents

Medical big data information safety processing method and system Download PDF

Info

Publication number
CN113766512A
CN113766512A CN202111315344.8A CN202111315344A CN113766512A CN 113766512 A CN113766512 A CN 113766512A CN 202111315344 A CN202111315344 A CN 202111315344A CN 113766512 A CN113766512 A CN 113766512A
Authority
CN
China
Prior art keywords
patient
medical
access
processing system
mobile device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111315344.8A
Other languages
Chinese (zh)
Inventor
陆广林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Tianpeng Computer Technology Co ltd
Original Assignee
Guangzhou Tianpeng Computer Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Tianpeng Computer Technology Co ltd filed Critical Guangzhou Tianpeng Computer Technology Co ltd
Priority to CN202111315344.8A priority Critical patent/CN113766512A/en
Publication of CN113766512A publication Critical patent/CN113766512A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Biomedical Technology (AREA)
  • Public Health (AREA)
  • Primary Health Care (AREA)
  • Medical Informatics (AREA)
  • Epidemiology (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a medical big data information safety processing method and a system, wherein the method comprises the following steps: authenticating the patient mobile device and the mobile device of the medical institution; determining that a mobile device of a patient is geographically proximate to a node located at a medical facility location; sending a request to the patient mobile device to authorize a medical facility to access an electronic patient medical record stored in a remote medical data security processing system database remote from the node; based on a determination of the proximity detection, the authorization is obtained from the patient to enable a medical institution to access the patient's electronic medical record. The invention provides a medical big data information security processing method and a system, which allow patients to store medical information data in an independent database in a security format, allow different medical staff to access data in a limited range for each patient, allow the patients to store and store personal access keys and prevent unauthorized access to the medical information data.

Description

Medical big data information safety processing method and system
Technical Field
The invention relates to the technical field of big data safety, in particular to a medical big data information safety processing method and system.
Background
Today, the patient's medical data information is maintained by the different hospitals, outpatients, pharmacies, and associated service providers that the patient is receiving treatment. When a patient changes geographical location to receive treatment from different doctors, the system becomes more complex due to privacy protection and internal policies of different medical providers. On the one hand, the patient's health records must be secure and confidential, and access to these records must be strictly protected against access to medical information by unauthorized users; on the other hand, physicians must have complete and accurate information about the patient's medical history, condition, and treatment regimen. Currently existing systems allow patients to invite physicians to share their patients' medical data. However, these systems require that they be granted authorization using the user identification and password of the doctor or their delegate. Thus, more and more user passwords are issued by patients to access their medical information, increasing the likelihood of obtaining a patient's personal key through an illegal route.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a medical big data information safety processing method and a system, wherein the method comprises the following steps:
authenticating a mobile device of a patient on a remote server;
authenticating a mobile device of a medical institution;
determining, by electronic device proximity detection, that a mobile device of a patient is geographically proximate to a node located at a medical facility location for determining whether the medical facility has access to an electronic patient medical record stored in a remote medical data security processing system remote from the node;
sending a request to a patient mobile device to authorize a medical facility to access an electronic patient medical record stored in a remote medical data security processing system database remote from the node;
obtaining the authorization from the patient based on the determination of the proximity detection to enable the medical institution to access the patient's electronic medical record;
obtaining a patient personal electronic key for decrypting a patient electronic medical record stored in a medical data security processing system database, wherein access to the patient personal electronic key is provided by a patient for a specified limited period of time;
decrypting, on a remote server, an electronic medical record of a patient with a private key of the patient;
carrying out secondary encryption on the electronic medical record of the patient by using asynchronous PKI keys of the medical institution and the remote server and safely transmitting the electronic medical record to the medical institution for viewing and updating;
storing in a medical data security processing system database an electronic medical record of a patient encrypted with the patient's private key;
receiving at a server a locator of an electronic medical record of a patient stored in a medical data security processing system database;
finding the electronic medical record of the patient in a medical data safety processing system database by using the locator so as to be checked and updated by a medical institution; wherein the medical data security processing system database does not maintain or store any patient identification information other than the locator in an unencrypted format.
Preferably, further comprising:
receiving an updated patient electronic medical record from the medical facility, the updated patient electronic medical record being encrypted with the asynchronous PKI key of the server;
decrypting the updated patient electronic medical record using the server's personal PKI key;
secondarily encrypting the updated patient electronic medical record on the server by using the private key of the patient;
storing the updated encrypted record in a medical data security processing system database.
Preferably, further comprising:
receiving a fingerprint of an operator of a mobile device of a medical facility and verifying that it matches a stored fingerprint of the medical facility, the medical facility being authorized by a patient to access the patient's personal electronic medical record stored in a medical data security processing system database;
a fingerprint of an operator of a patient's mobile device is received and verified to match a stored fingerprint authorized by the patient to authorize access to the patient's personal electronic medical record stored in the medical data security processing system database.
Preferably, further comprising:
maintaining a separate database of locators mapped to each registered patient;
receiving and processing identity information of a patient to access a medical data security processing system database;
upon authenticating the identity of the patient and requesting access to the patient mobile device of the medical data security processing system database, the locator of the patient's electronic medical record stored in the medical data security processing system database is transmitted to a server for reading and updating access to the record.
The invention further provides a medical big data information safety processing system which is used for executing the medical big data information safety processing method.
Compared with the prior art, the invention has the following advantages:
the invention provides a medical big data information security processing method and a system, which allow patients to store medical information data in an independent database in a security format, allow different medical staff to access data in a limited range for each patient, allow the patients to store and store personal access keys and prevent unauthorized access to the medical information data.
Drawings
Fig. 1 is a flowchart of a medical big data information security processing method according to an embodiment of the present invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
The invention provides a medical big data information safety processing method and system. Fig. 1 is a flow chart of a medical big data information security processing method and system according to an embodiment of the invention.
The present invention allows different patients to store their medical information data in a secure and encrypted format at a centralized location and to use only one key for accessing the medical information data that they have stored separately in an encrypted format in a medical data security processing system, denying access to or reading the patient's stored medical information if there is no patient's correct key, so that the patient can quickly create, update, and upload medical data maintained by a particular doctor or hospital to the patient's other medical information. The patient can restrict access to a subset of the medical information of any patient healthcare provider and can share viewing or updating with the doctor according to a particular time and place, e.g., during doctor visits, hospital treatment.
Each doctor and each electronic medical record may have only a subset of the medical information for a particular patient, and the patient may have control and access to more complete medical information, and may remove all access authorization after the patient leaves the medical site, but keep the medical information accessible to the patient. The present invention allows medical personnel to quickly upload data to a medical data security processing system, but makes such uploading secure and tamper-resistant by encrypting each patient's medical information data with each patient's private key. The medical institution transfers the patient data from the electronic medical record to a more secure medical data security processing system, which can only decrypt using a private symmetric key held by the medical institution. The method comprises the steps of copying a personal patient record of a doctor in the medical data security processing system to the medical data security processing system of a patient, secondarily encrypting medical information of the patient by using a symmetric private key of the patient and storing the medical information in the medical data security processing system, wherein the access to the medical information data copy of the patient is owned by the patient, and the access can be authorized to a plurality of medical institutions by the patient.
The patient controls access to medical information data stored in the cloud. The patient is allowed to access and share this medical information with the doctor when the patient is at the geographic location of the medical site. The doctor views and updates the patient's medical information in the virtual medical directory. After the update is completed, anyone in the medical institution can not access the medical information of the patient any more, and the risk caused by granting the permanent access right to the medical information for each medical institution is reduced.
The patient record of the present invention contains a record locator. The patient's record is identified by a record locator without the need for personally identifiable information. Each different patient's record is separately encrypted with its own owner's symmetric encryption key, the patient owns and controls access to his own encrypted medical information data stored in the data record repository by controlling the symmetric private encryption key and by the required authorization and mapping processes. In this process, the patient is authenticated and then the mapping is provided to the patient's actual encrypted record. In a preferred embodiment, the data structure used by the system does not include any personal information, such as name, address, etc. These data can only be identified and accessed by anonymous keys.
The system not only retains the anonymously encrypted medical information data for the patient, but also provides an independent keystore server and secure directory mapping server as an additional security layer for accessing the medical information in the medical data security processing system data. The keystore server provides secure electronic storage for patients who keep copies of their personal symmetric keys. The keystore server provides the key directly to the medical data security processing system server, or to the patient's authorized device. The medical data security processing system account directory mapping server provides the medical data security processing system account for the given patient after performing the requested authentication with the private key and the properly verified patient credentials, and will provide the medical data security processing system account for the given patient based on the private key from the keystore server for the particular patient. Finally, after obtaining the patient's private key and the account of the particular patient, the medical data security processing system server processes and validates the data and uses the patient's private key to retrieve or update the medical data security processing system data. The private key is stored at a different server location than the medical data security processing system data. Identifiable information is removed from the patient's data stored in the medical data security processing system and reduced to only an account or locator and an encrypted patient record. Even if the data record is intercepted by an unauthorized person, the information would be effectively useless if it were not associated with the correct patient account. Therefore, a security level is added to the data access and update capability of the medical data security processing system.
According to the present invention, the medical data security processing system server does not store a copy of the patient private key for accessing the medical information data of the patient in the medical data security processing system. The system server receives the patient's key only for a limited period of time for authorized reading and updating of the medical information data by the patient during a limited specified period of time, such as during patient access to a medical facility. Once the authorized access or update process is complete, the system server will erase the patient's key. The patient's permanent key is saved by the patient in a personal electronic device or placed in a keystore.
In an alternative embodiment, the identity of the mobile device of the operating patient may also be confirmed by requesting the fingerprint of the operator of the mobile device, receiving it at the authorization server and comparing it with the registration record for each patient to ensure that the correct person operates the patient's mobile device. The patient is allowed to use a different mobile device and confirm his identity to the authorization server by transmitting a fingerprint extracted by the hardware and application software on the mobile device. An application executing on the mobile device requests the user to enter a fingerprint in advance and sends it to the server for authentication.
Proximity information about each patient mobile device is sent to a proximity detection server and determined at the server, and the mobile device information for the medical facility is received and processed at the medical facility mobile device server. The patient authentication server communicates with the medical facility mobile device server, and the patient uses the secure key to authorize access to a particular medical facility based on the presence of the patient at the medical facility and the key authorization. It may also rely on fingerprint authentication of the device operator to ensure that the patient has authorized access, and that the authorized medical authority operates the mobile device that has requested access to the patient's medical information.
The symmetric key is transmitted to encrypt or decrypt the medical information patient's data using the patient's symmetric key. The patient provides and transmits his symmetric key to the system server and the medical data security processing system within a preset time to allow a particular authorized medical institution to access the patient's encrypted medical information at the medical data security processing system. The patient's private key is not sent or maintained by the medical institution, and the patient only needs one key to let a plurality of medical staff read and update the patient's medical information, which is stored in an encrypted format in the medical data security processing system.
The transmission protocol utilizes PKI asymmetric key encryption transmission for secure transmission, and uses the patient's private symmetric key to encrypt and decrypt the patient's medical information data, including updates to stored records. The patient mobile device establishes secure communication with the server. The patient mobile device receives the server public key and encrypts the patient's private symmetric key using the server public key, which is sent by the system server to the patient mobile device. The system server receives the patient's symmetric private key from the patient mobile device and decrypts the transmission using the server's private key. When a patient gives independent authorization to a particular medical institution, it is allowed to decrypt and read or update the patient's medical information on the system server using the patient's symmetric private key. This allows the system server to encrypt and decrypt data of the medical data security processing system during authorized access by a particular medical institution. Once the authorization expires, the system server will erase the patient's private symmetric key and not save it in any of its internal memory or the medical data security processing system database.
The server is also in data communication with a mobile device of the medical facility and a medical data security processing system server that stores encrypted patient medical records. When it is confirmed that a particular authorized doctor is allowed to read or update the patient's medical information using the mobile device, it decrypts the patient's medical information using the patient's private symmetric key, which is received and saved at the system server during authorized access. It then uses the doctor's PKI asymmetric key to encrypt the medical information data twice for secure transmission to the mobile device of the medical institution.
The mobile device of the medical institution receives the public key of the system server and uses the public key to encrypt the doctor's public key and transmit it to the system server. The system server then uses the doctor's public key to encrypt and transmit the patient data record from the system server to the doctor's mobile device, which receives the patient record and displays it on the screen of the doctor's mobile device. The doctor's device does not have the patient's private key because the key is sent to the system server and, when authorized, is used to decrypt the patient's medical information data during the authorization session. The server then secondarily encrypts the decrypted patient's medical information with the doctor's asymmetric key for secure transmission from the server to the doctor's mobile device. This allows the doctor's mobile device to decrypt the twice-encrypted patient data using its public and private keys and view or update the data on the doctor's mobile device. For updates, the system server will send the doctor's mobile device its public key, which can be used to encrypt the transmitted update data. The updated record will then be secondarily encrypted using the patient private symmetric encryption key at the system server and then stored in encrypted form at the medical data security processing system.
After the authentication is completed and a new record location key for the patient data record is provided to the system server, the data record is created and encrypted with the record number and the patient's private symmetric key. The request from the patient, along with the user identification and password, is processed on the system server, which then automatically generates a request to authenticate the record database and receives a record location identification for the patient data record location. The location key is then sent to the data record repository, which uses the key to find and return to the system server the patient's encrypted medical information data record. The encrypted medical information record is transmitted to a system server and then to the patient's mobile device. These encrypted data records cannot be decrypted and read without the private key of the patient. The medical facility does not maintain and control access to the original electronic version of the patient medical information data.
Optionally, in terms of secure data storage of the secret key, a further embodiment of the invention constructs the encryption key from a plurality of key factors, wherein the constructing process comprises: distributing the plurality of key factors to a plurality of key maintenance modules, wherein each key maintenance module adopts a plurality of independent security protection strategies for each key factor in the plurality of key factors; access to the plurality of key factors is requested to construct the encryption key. When the mobile device encrypts data, the encryption process comprises the following steps: receiving a subset of the plurality of key factors over a twice-encrypted communication channel; generating an encryption key at the mobile device; and after encrypting the data, deleting a subset of the plurality of key factors received over the twice-encrypted communication channel, retaining any of the plurality of key factors previously stored at the mobile device; the encrypted data is stored in a plurality of servers coupled to the mobile device. While the mobile device is decrypting the data, receiving a subset of the plurality of key factors over a twice-encrypted communication channel; generating an encryption key at the mobile device; and after decrypting the data, deleting the subset of the plurality of key factors received over the twice-encrypted communication channel, preserving the plurality of key factors previously stored at the mobile device.
Further, storing the plurality of key elements in a plurality of servers coupled to the mobile device; performing encryption and decryption within the client trusted computing device; a plurality of key factors within a client trusted storage device is monitored, the client trusted storage device being locally connected to the client trusted computing device to enable temporary transfers during encryption and decryption.
Recovering, at the mobile device, a plurality of passwords, wherein the plurality of key factors includes a plurality of passwords for recovery by the mobile device, the plurality of passwords associated with a password transformation stored in a plurality of servers and a password recovery phrase stored in a client trusted storage device, the recovering the plurality of passwords further comprising: transmitting a cryptographic transformation to the client trusted computing device over the twice-encrypted communication channel; and receiving, at the client trusted computing device, the passphrase recovery from the client trusted storage device.
Wherein the password recovery phrase associated with each password is constructed from a plurality of answers to a plurality of questions determined during the enrollment process, wherein the plurality of questions are distributed among a plurality of servers and the plurality of answers are stored in the client trusted storage device.
Preferably, the data is encrypted using a second layer of encryption at the plurality of servers prior to storing the encrypted data. Wherein encrypting data using the second encryption layer comprises: the server-centric encryption key is generated by adding a second plurality of key factors bit-by-bit, the second plurality of key factors being stored on different ones of the plurality of servers, and wherein the second plurality of key factors are required to reconstruct the server-centric encryption key.
Wherein receiving the subset of the plurality of key factors over the twice-encrypted communication channel further comprises: providing a twice encrypted communication channel as an encryption layer that complements an existing communication protocol, the encryption layer formed by: an encryption key is constructed from first and second dependent variables, the first dependent variable being determined by a first measurement of the server and the second dependent variable being determined by a second measurement of the mobile device, both the first and second measurements being a function of a random procedure to enable a probabilistic result of a set of transmissions to be measured. Wherein the random procedure capable of measuring a probability result for a set of transmissions comprises: the method includes sending a plurality of UDP packets between the server and the mobile device, and measuring a plurality of travel times between the server and the mobile device. The plurality of travel times includes travel times for a first phase from the server to the mobile device and to the server and a second phase from the mobile device to the server and to the mobile device, the plurality of travel times including delay measurements for the first phase and the second phase.
Wherein a plurality of UDP packets are sent between the server and the mobile device, and measuring a plurality of travel times between the server and the mobile device includes measuring a plurality of travel times from the server to the client trusted computing device, to the second client trusted computing device, and back to the server. Sending a plurality of UDP messages between the server and the mobile device includes: sending UDP messages on a communication channel which is easy to generate channel errors, wherein each message comprises a pseudo-random bit; and receiving at the server a plurality of indices of the UDP messages, the plurality of indices selected by the mobile device and identifying a subset of UDP messages successfully received in the first transmission attempt; and generating an encryption key by using the identified UDP packet subset. Generating the key using the identified subset of UDP packets includes adding the subset of UDP packets by a bitwise addition process.
In summary, the present invention provides a method and a system for securely processing medical big data information, which allow patients to store medical information data in a secure format in an independent database, and enable each patient to allow different medical staff to access a limited range of data, allow patients to store and store private access keys, and prevent unauthorized access to medical information data.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (5)

1. A medical big data information security processing method is used for realizing the security access of patient medical data, and is characterized by comprising the following steps:
authenticating a mobile device of a patient on a remote server;
authenticating a mobile device of a medical institution;
determining, by electronic device proximity detection, that a mobile device of a patient is geographically proximate to a node located at a medical facility location for determining whether the medical facility has access to an electronic patient medical record stored in a remote medical data security processing system remote from the node;
sending a request to a patient mobile device to authorize a medical facility to access an electronic patient medical record stored in a remote medical data security processing system database remote from the node;
obtaining the authorization from the patient based on the determination of the proximity detection to enable the medical institution to access the patient's electronic medical record;
obtaining a patient personal electronic key for decrypting a patient electronic medical record stored in a medical data security processing system database, wherein access to the patient personal electronic key is provided by a patient for a specified limited period of time;
decrypting, on a remote server, an electronic medical record of a patient with a private key of the patient;
carrying out secondary encryption on the electronic medical record of the patient by using asynchronous PKI keys of the medical institution and the remote server and safely transmitting the electronic medical record to the medical institution for viewing and updating;
storing in a medical data security processing system database an electronic medical record of a patient encrypted with the patient's private key;
receiving at a server a locator of an electronic medical record of a patient stored in a medical data security processing system database;
finding the electronic medical record of the patient in a medical data safety processing system database by using the locator so as to be checked and updated by a medical institution; wherein the medical data security processing system database does not maintain or store any patient identification information other than the locator in an unencrypted format.
2. The method of claim 1, further comprising:
receiving an updated patient electronic medical record from the medical facility, the updated patient electronic medical record being encrypted with the asynchronous PKI key of the server;
decrypting the updated patient electronic medical record using the server's personal PKI key;
secondarily encrypting the updated patient electronic medical record on the server by using the private key of the patient;
storing the updated encrypted record in a medical data security processing system database.
3. The method of claim 1, further comprising:
receiving a fingerprint of an operator of a mobile device of a medical facility and verifying that it matches a stored fingerprint of the medical facility, the medical facility being authorized by a patient to access the patient's personal electronic medical record stored in a medical data security processing system database;
a fingerprint of an operator of a patient's mobile device is received and verified to match a stored fingerprint authorized by the patient to authorize access to the patient's personal electronic medical record stored in the medical data security processing system database.
4. The method of claim 1, further comprising:
maintaining a separate database of locators mapped to each registered patient;
receiving and processing identity information of a patient to access a medical data security processing system database;
upon authenticating the identity of the patient and requesting access to the patient mobile device of the medical data security processing system database, the locator of the patient's electronic medical record stored in the medical data security processing system database is transmitted to a server for reading and updating access to the record.
5. A medical big data information safety processing system, which is used for executing the method of claims 1-4.
CN202111315344.8A 2021-11-08 2021-11-08 Medical big data information safety processing method and system Pending CN113766512A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111315344.8A CN113766512A (en) 2021-11-08 2021-11-08 Medical big data information safety processing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111315344.8A CN113766512A (en) 2021-11-08 2021-11-08 Medical big data information safety processing method and system

Publications (1)

Publication Number Publication Date
CN113766512A true CN113766512A (en) 2021-12-07

Family

ID=78784775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111315344.8A Pending CN113766512A (en) 2021-11-08 2021-11-08 Medical big data information safety processing method and system

Country Status (1)

Country Link
CN (1) CN113766512A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190102569A1 (en) * 2017-10-04 2019-04-04 Amir Keyvan Khandani Methods for secure data storage
CN110299195A (en) * 2019-06-11 2019-10-01 中国矿业大学 The electronic health record shared system and application method with secret protection based on alliance's chain
US10841286B1 (en) * 2015-12-02 2020-11-17 Ilya Aronovich Apparatus, system and method for secure universal exchange of patient medical records utilizing key encryption technology
US20210104304A1 (en) * 2016-12-02 2021-04-08 from William Frumkin and from Bernard Davidovics Apparatus, System and Method for Patient-Authorized Secure and Time-limited Access to Patient Medical Records Utilizing Key Encryption

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10841286B1 (en) * 2015-12-02 2020-11-17 Ilya Aronovich Apparatus, system and method for secure universal exchange of patient medical records utilizing key encryption technology
US20210104304A1 (en) * 2016-12-02 2021-04-08 from William Frumkin and from Bernard Davidovics Apparatus, System and Method for Patient-Authorized Secure and Time-limited Access to Patient Medical Records Utilizing Key Encryption
US20190102569A1 (en) * 2017-10-04 2019-04-04 Amir Keyvan Khandani Methods for secure data storage
CN110299195A (en) * 2019-06-11 2019-10-01 中国矿业大学 The electronic health record shared system and application method with secret protection based on alliance's chain

Similar Documents

Publication Publication Date Title
US11887705B2 (en) Apparatus, system and method for patient-authorized secure and time-limited access to patient medical records utilizing key encryption
US6229894B1 (en) Method and apparatus for access to user-specific encryption information
US7334255B2 (en) System and method for controlling access to multiple public networks and for controlling access to multiple private networks
US8856530B2 (en) Data storage incorporating cryptographically enhanced data protection
EP2731042B1 (en) Computer system for storing and retrieval of encrypted data items using a tablet computer and computer-implemented method
US10841286B1 (en) Apparatus, system and method for secure universal exchange of patient medical records utilizing key encryption technology
CN105122265B (en) Data safety service system
US8683209B2 (en) Method and apparatus for pseudonym generation and authentication
CN105103488A (en) Policy enforcement with associated data
CN105191207A (en) Federated key management
WO2020186823A1 (en) Blockchain-based data querying method, device, system and apparatus, and storage medium
CN101919202A (en) Information distribution system and program for the same
ES2665887T3 (en) Secure data system
US11604888B2 (en) Digital storage and data transport system
KR101701304B1 (en) Method and system for managing medical data using attribute-based encryption in cloud environment
US20240064009A1 (en) Distributed anonymized compliant encryption management system
JPH10111897A (en) Clinical consultation information sharing method
KR100656402B1 (en) Method and apparatus for the secure digital contents distribution
JP5494171B2 (en) File management system, storage server, client, file management method and program
KR102605087B1 (en) System and method for sharing patient's medical data in medical cloud environment
CN113766511A (en) Medical block chain data storage method and system
CN113766512A (en) Medical big data information safety processing method and system
CN115460228B (en) Medical data access control method and system
JP2004102524A (en) Security system and security method for database
Preethi et al. A Secure Protocol for Authentication and Data Storage for Healthcare System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211207

RJ01 Rejection of invention patent application after publication