Search

CN-121983208-A - Medical data secure transmission method and big data digital signature system

CN121983208ACN 121983208 ACN121983208 ACN 121983208ACN-121983208-A

Abstract

The invention relates to the technical field of data management and discloses a safe transmission method of medical data and a big data digital signature system. The system comprises a signature preprocessing module, a layered signature module, a privacy purification module, a verification module and a traceability module. The method realizes accurate identification of data association risks by constructing a risk association map through layering processing, strengthens balance privacy and usability through differentiated privacy, strengthens authorization controllability by combining blockchain key management, and ensures large file transmission integrity and repudiation resistance, and is controllable in whole-process audit. According to the system, the relevance of the signature and the privacy features is improved through the module design, the integrity and the relevance of a signature chain are guaranteed, the privacy protection and the verifiability are compatible, the dispute traceability capability is efficiently verified and provided, and the pediatric medical data safety is cooperatively guaranteed with the method.

Inventors

  • TAN JIANHAO
  • GONG GUIFANG
  • WU JIABAO
  • CAO XIAOJUN
  • WANG QIAN
  • ZHOU MI
  • CHEN RONGBIN

Assignees

  • 广州医科大学附属妇女儿童医疗中心

Dates

Publication Date
20260505
Application Date
20251231

Claims (10)

  1. 1. A method of secure transmission of medical data, the method comprising: Dividing pediatric medical data into identity data, diagnosis and treatment data and associated data according to sensitivity, and constructing a risk associated map based on a preset pediatric privacy policy, wherein the risk associated map is used for quantifying sensitive associated strength among data features; The privacy enhancement step is to reversibly desensitize the identity data according to the risk association map, perform feature confusion transformation on diagnosis and treatment data, and add access constraint tags to the association data; A key negotiation step, based on a blockchain node, generating a session key pool with a symmetric key and an asymmetric key pair through guardian authorization, performing key negotiation on two transmission parties corresponding to the data processed in the privacy enhancement step through a key exchange algorithm, and binding a key validity period with an authorization duration; A step of segmented transmission, which is to carry out segmented transmission on the large file data which is determined to be transmitted in the key negotiation step, wherein each data segment is provided with a check code based on a privacy protection factor, and the check code is bound with a timestamp signature of a guardian; and an audit trail step, namely transmitting the whole transmission process in the segmented transmission step through an encryption protocol, storing an operation log in a blockchain, and pushing a transmission event notification to a guardian in real time.
  2. 2. The method for secure transmission of medical data according to claim 1, wherein the risk correlation profile is constructed by: Extracting personal identification features from the identity data, extracting clinical features from the diagnosis and treatment data, and extracting associated features from the associated data; Classifying the extracted features according to sensitivity types, wherein the sensitivity types comprise direct identification types, indirect association types and low sensitivity types, and carrying out unique coding and basic sensitivity weight assignment on each type of features; constructing an N multiplied by N order initial matrix by taking the codes of the features as row or column indexes, wherein the initial matrix is used for storing the sensitive association strength among the features, the initial value of the elements is 0, and N is the total number of the features; Based on the historical pediatric medical data in a preset time period, counting the simultaneous occurrence times of any two features in the same data record, taking the ratio of the times to the total record number of the historical data as co-occurrence frequency, and updating to the corresponding position of an initial matrix to form an association matrix; multiplying the basic sensitive weight of the features with the corresponding co-occurrence frequency to obtain sensitive association strength values among the features, and filling the association strength values into an association matrix; Repeating the calculation of the co-occurrence frequency and the sensitive association intensity value and the update of the association matrix based on the newly added pediatric medical data according to a preset period; And converting the updated association matrix into a risk association graph, wherein nodes of the risk association graph represent characteristics, and the thickness of the edge corresponds to the sensitive association strength value.
  3. 3. The method for secure transmission of medical data according to claim 2, wherein when classifying features by sensitivity type: If a feature belonging to the indirect association class is verified in the historical medical data to be associable to the identity of the patient through the public information, upgrading the type of the feature from the indirect association class to a direct identification class; if the co-occurrence frequency of the features of the low-sensitivity class exceeds a preset frequency threshold, temporarily upgrading the sensitivity type of the features of the low-sensitivity class into an indirect association class until the co-occurrence frequency is reduced below the threshold, and recovering to the low-sensitivity class.
  4. 4. The method for secure transmission of medical data according to claim 1, wherein in the privacy enhancing step: the reversible desensitization comprises pseudonym substitution and local field encryption based on SM4 algorithm; Compressing characteristic dimensions of diagnosis and treatment data higher than preset association strength, and reserving original dimensions of the characteristic dimensions of the diagnosis and treatment data lower than the preset association strength; The access constraint tag comprises an authorized body type, a data use scene and an access aging interval.
  5. 5. The method of claim 1, wherein the generating of the session key pool comprises: the guardian submits an authorization request to the block chain link point through the two-factor authentication, and after the node authentication is passed, a key generation algorithm is triggered to generate a session key pool with a symmetric key of A group and an asymmetric key of B group; the symmetric key is generated by adopting a national secret SM4 algorithm, the asymmetric key pair is generated based on an SM2 elliptic curve cryptography algorithm, and each group of keys is provided with a unique identifier which is bound with a guardian authorization ID and a transmission session ID.
  6. 6. The method for securely transmitting medical data according to claim 1, wherein the key agreement is performed on both transmission parties corresponding to the data processed in the privacy enhancing step by a key exchange algorithm, comprising: the transmission initiator randomly selects 1 group of asymmetric key pairs from the session key pool, and transmits the public key to the receiver through block chain link point encryption; The receiver calculates a shared secret key by using the temporary private key generated by the receiver and the public key of the initiator, then encrypts and feeds back confirmation information through the public key of the initiator, and after verifying the integrity through the block chain link point, the transmitter and the receiver derive a session master key based on the shared secret key; The blockchain node generates a non-tamperable negotiation log for the key negotiation process, wherein the negotiation log comprises key exchange time, participant identification and public key fingerprint.
  7. 7. The secure transmission method of medical data according to claim 1, wherein in the step of transmitting in segments: The step of key negotiation determines that the transmitted large file data is transmitted in a fragmented manner, and comprises the steps of determining the transmitted large file data in the key negotiation step, splitting the data fragments according to a preset size threshold value, and generating a unique identification ID for each data fragment; the privacy protection factor comprises a random noise value dynamically generated based on the sensitivity level of the fragmented data; The timestamp signature comprises a signature which is generated by a block chain node pre-authorized by a guardian based on UTC standard time and is obtained after the block chain node is signed by a guardian private key.
  8. 8. The method according to claim 7, wherein in the step of segmented transmission, when the receiving party checks, if the check code of the data segment is inconsistent with the local calculation result, the verification of the timestamp signature fails or the transmission interrupt exceeds a preset duration, the invalid data segment is deleted, the timestamp signature which has passed the verification is reserved, and the data segment corresponding to the invalid segment is requested to be transmitted again based on the segment transmission state log of the blockchain memory card.
  9. 9. A big data digital signature system applying the secure transmission method of medical data according to any of claims 1-8, characterized in that the system comprises: The signature preprocessing module is configured to receive pediatric medical data, split a data block based on a constructed risk association graph, wherein the data block comprises an identity data block, a diagnosis and treatment data block and an association data block, and extract the identity data and the diagnosis and treatment data with privacy characteristics; The hierarchical signature module is configured to generate a data block signature on the bottom layer of each split data block through a batch signature algorithm and a key in a session key pool, and the data block signatures are aggregated by a high layer to form an associated signature chain, wherein the associated signature chain comprises data association relation codes and block chain anchor points; the privacy purification module is configured to perform reversible desensitization processing on the identity data in the associated signature chain and feature confusion on diagnosis and treatment data according to the access constraint label of the guardian, and retain the verification identification; The verification module is configured to verify the integrity and the authenticity of the associated signature chain processed by the privacy purification module through an aggregation public key in the asymmetric key pair; And the traceability module is configured to generate an evidence chain to carry out closed-loop verification of dispute tracing based on audit logs stored in the blockchain when the verification of the associated signature chain processed by the verification module generates disputes.
  10. 10. The big data digital signature system as recited in claim 9, wherein the closed loop verification of the dispute tracing based on the audit log generation evidence chain stored in the blockchain comprises the steps of: Based on the blockchain anchor point generated by the hierarchical signature module, locating an audit log in a blockchain, and extracting a transmission session ID, guardian authorization details and a data state record associated with the signature chain; by a zero knowledge proof technology, taking a time stamp and an access constraint label in an audit log as inputs, reconstructing fragments related to a dispute point in a related signature chain generation path, and hiding privacy features and complete processing logic of original data; The reconstructed segment is bound with the blockchain anchor point to form an evidence chain, and minimum information required for verification is disclosed to a supervisor.

Description

Medical data secure transmission method and big data digital signature system Technical Field The invention relates to the technical field of data management, in particular to a safe transmission method of medical data and a big data digital signature system. Background With the development of medical informatization and big data technology, the inter-institution sharing (such as cross-hospital consultation, remote diagnosis and treatment, scientific research collaboration and the like) of pediatric medical data (such as identity information of children patients, diagnosis and treatment records, medication history, family medical history and the like) is increasingly frequent, so that the diagnosis and treatment efficiency is improved, the medical research is promoted, and meanwhile, serious privacy leakage and safe transmission challenges are faced due to the high sensitivity of the data. Children as a special group, the medical data not only relates to personal privacy, but also relates to family information, so that strict privacy protection and authorization requirements need to be met when medical data for pediatric patients are transmitted and used. However, in the existing data transmission method, a static classification mode (such as direct identification and indirect identification) is mostly adopted to desensitize or protect medical data, but dynamic association risks among different data features are ignored, if a certain low-sensitivity feature (such as the onset age of a specific disease) is co-occurrence with a direct identification feature (such as a name and an identity card number) at high frequency, the identity of a patient can be reversely pushed through association analysis, so that privacy leakage is caused. In the segmented transmission of large-file medical data (such as image inspection results and long-term diagnosis files), the existing verification mechanism (such as simple hash verification) is not combined with the data privacy feature, sensitive information can be leaked due to verification codes, transmission logs are easy to tamper, when the integrity or authorization validity of the data is in dispute, a non-tamper evidence storage and traceability means is lacking, and a responsibility subject is difficult to be clearly defined. Therefore, for the specificity of pediatric medical data, there is a need for a medical data management technique that refines privacy protection and ensures traceability throughout the transmission. Disclosure of Invention The invention aims to provide a safe transmission method of medical data and a big data digital signature system, so as to solve the technical problems in the background technology. In order to achieve the above purpose, the present invention discloses the following technical solutions: In a first aspect, the invention discloses a method for secure transmission of medical data, the method comprising: Dividing pediatric medical data into identity data, diagnosis and treatment data and associated data according to sensitivity, and constructing a risk associated map based on a preset pediatric privacy policy, wherein the risk associated map is used for quantifying sensitive associated strength among data features; The privacy enhancement step is to reversibly desensitize the identity data according to the risk association map, perform feature confusion transformation on diagnosis and treatment data, and add access constraint tags to the association data; A key negotiation step, based on a blockchain node, generating a session key pool with a symmetric key and an asymmetric key pair through guardian authorization, performing key negotiation on two transmission parties corresponding to the data processed in the privacy enhancement step through a key exchange algorithm, and binding a key validity period with an authorization duration; A step of segmented transmission, which is to carry out segmented transmission on the large file data which is determined to be transmitted in the key negotiation step, wherein each data segment is provided with a check code based on a privacy protection factor, and the check code is bound with a timestamp signature of a guardian; and an audit trail step, namely transmitting the whole transmission process in the segmented transmission step through an encryption protocol, storing an operation log in a blockchain, and pushing a transmission event notification to a guardian in real time. Preferably, the risk correlation map is constructed by the following steps: Extracting personal identification features from the identity data, extracting clinical features from the diagnosis and treatment data, and extracting associated features from the associated data; Classifying the extracted features according to sensitivity types, wherein the sensitivity types comprise direct identification types, indirect association types and low sensitivity types, and carrying out unique coding and basic sensitivity weight assign