CN109194523B - Privacy protection multi-party diagnosis model fusion method and system and cloud server - Google Patents
Privacy protection multi-party diagnosis model fusion method and system and cloud server Download PDFInfo
- Publication number
- CN109194523B CN109194523B CN201811163660.6A CN201811163660A CN109194523B CN 109194523 B CN109194523 B CN 109194523B CN 201811163660 A CN201811163660 A CN 201811163660A CN 109194523 B CN109194523 B CN 109194523B
- Authority
- CN
- China
- Prior art keywords
- model
- medical center
- cloud computing
- terminal
- computing server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Medical Treatment And Welfare Office Work (AREA)
- Measuring And Recording Apparatus For Diagnosis (AREA)
Abstract
The invention belongs to the technical field of information security, and discloses a privacy-protecting multi-party diagnosis model fusion method and system and a cloud server; the medical center system comprises a trusted authority, a cloud server and a medical center terminal. The trusted authority completes system initialization and provides system parameters and key distribution for the medical center terminal and the cloud computing server; the cloud computing server stores encrypted data resources, and fuses the local diagnosis models to generate a global diagnosis model; the medical center terminal generates a local diagnosis model, encrypts and sends the local diagnosis model to the cloud computing server, and simultaneously undertakes a fusion computing task issued by the cloud computing server; the medical center terminal and the cloud computing server perform bidirectional authentication in service. The invention realizes privacy protection of local diagnosis models and case data resources of the medical center, improves system efficiency, and can be used for providing convenient and private online medical service for users in actual life.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a privacy-protecting multi-party diagnosis model fusion method and system and a cloud server.
Background
Currently, the current state of the art commonly used in the industry is such that: with the development of data mining technology and the popularization of intelligent wearable equipment, online medical diagnosis appears in daily life of people. Compared with the traditional medical treatment mode, the on-line medical diagnosis breaks through the regional limitation, shortens the medical treatment time of the user, and provides a new medical treatment mode for the user. However, in the conventional online medical diagnosis system, the medical center server provides services to the user by collecting and analyzing case data of the user to form a local diagnosis model, and since the case data owned by a single medical center terminal is limited, the generated diagnosis model is not accurate enough, and misdiagnosis is easily caused. In order to provide high-quality medical diagnosis services, multiple medical centers want to merge respective local diagnosis models into a more accurate global diagnosis model, however, the local diagnosis models are generated by each medical center with a lot of resources, and have high sensitivity and confidentiality, and the merging of models requires each medical center to share its own local diagnosis model, which causes sensitive data leakage. In order to find a solution to the above problem, solutions have been proposed, in which: the prior art, namely a system and a method for inquiring medical diagnosis service with bidirectional privacy protection, discloses a method for realizing the medical diagnosis inquiry service with the privacy protection, wherein the system is divided into a medical diagnosis server and a medical user terminal, and inquiry information of a user is encrypted by a lightweight random hiding technology, so that the bidirectional privacy protection of the user inquiry information and a medical diagnosis server database is realized. However, the method has certain defects, for example, the medical diagnosis service database has insufficient data, and misjudgment is easy to generate; the method is based on a lightweight random disturbance technology, the encryption degree is low, and the privacy protection effect is easy to lose. In the second prior art, "an electronic privacy information protection system for smart medical treatment" includes three components, namely a relay station, a cloud server and a user side, wherein the relay station is used for providing electronic medical data of a user, the cloud server is responsible for receiving the electronic medical data and verifying whether the user has access to the data, and the privacy protection effect is achieved by means of a general protection strategy and a personal privacy strategy regulation in the cloud server. The method ensures the identity security of the user accessing the data, but the data is not encrypted, so that the data is leaked once being stolen in the transmission process.
In summary, the problems of the prior art are as follows: the existing online medical diagnosis service method has the defects of single diagnosis model and no encryption in the data transmission process; in application, the diagnosis accuracy is low, data is leaked, and the privacy of a user cannot be protected.
The difficulty and significance for solving the technical problems are as follows: the traditional technologies such as secure multi-party computing and the like cannot well balance privacy protection and data processing efficiency, and the anonymization technology brings larger communication overhead. The technology can not meet the characteristics of large data volume, real-time diagnosis and timely feedback in the fusion of the diagnosis model. Therefore, a novel and efficient encryption method for privacy protection needs to be designed for diagnosis model fusion, and the method can realize privacy protection on the premise that the use of online diagnosis services by users is not influenced and the medical center does not reveal self case data, and eliminate the worry that the medical center reveals sensitive data.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a privacy protection multi-party diagnosis model fusion method and system and a cloud server.
The invention is realized in such a way that a privacy-protecting multiparty diagnosis model fusion method comprises the following steps:
initializing system parameters, randomly selecting security parameters required in a data processing process by a trusted authority, and generating a key required in encryption and authentication processes;
step two, screening and generating a local diagnosis model, encrypting the local diagnosis model by using the distributed distribution key, and then sending the encrypted local diagnosis model;
step three, fusing local diagnosis models, selecting one medical center terminal as a computing terminal after receiving the local diagnosis models, issuing computing tasks, and sending the distribution key held by the medical center terminal to other terminals; decrypting the transmitted encrypted diagnosis model by using the received distribution key, calculating a fusion result, and returning a final calculation result; generating an encrypted global diagnostic model;
and step four, the terminal obtains the global diagnosis model, sends the encrypted global diagnosis model to all medical center terminals, and decrypts by using the received distribution key to obtain the global diagnosis model.
Further, the privacy-preserving multi-party diagnosis model fusion method specifically comprises the following steps:
step one, initializing system parameters:
(1) the trusted authority selects a secure parameter α and two large prime numbers p and q, where | p | ═ q | ═ α;
(2) calculating to obtain a public key PK ═ N ═ pq and a private key SK ═ λ ═ lcm (p-1, q-1); the trusted authority selects a generator g;
(3) calculating delta according to the N and the lambda in the step (2), then setting a threshold value u which is less than the number N of the medical center terminals, and defining a formula
(4) The trusted authority divides the private key SK into n +1 distribution keys SK q (α) according to q (x)i) I is 0, 1, 2 … n and is sent to n medical center terminals and cloud computing servers;
(6) The trusted authority then followsSelects a random number as its authentication private key ASKTAAnd calculates its authentication public key
(7) Finally, the trusted authority selects a secure symmetric encryption algorithm E () namely AES and an encryption hash functionAnd publishing the system parameters
(8) Each medical centre terminal obtains its own distribution key from a trusted authority. Meanwhile, the medical center terminal generates an authentication private key thereof according to the step (6)And authenticating the public key
(9) Finally, the medical center terminal issues an authentication public keyAnd negotiate session keys with other medical center terminals
step two, encrypting the local diagnosis model:
(1) the medical centre terminal generates a diagnosis model for the parameters of each case:
wherein { Pi1…PisForm the model upper limit PSKY (S)i),{Pi(s+1)…PitLower limit of composition model NSKY (S)i);
(2) Then each item of data pijkRespectively encrypted to form:
sending to a cloud computing server, wherein { EPi1…EPisForm the upper limit of the model EPSKY (S)i),{EPi(s+1)…EPitLower limit of composition model ENSKY (S)i);
Step three, fusing the diagnosis models:
1) the cloud computing server receives all EMi,i=1,......,n;
2) Cloud computing server applies model EMiMiddle EPSKY (S)i) All vectors EP ofijRespectively with other modelsIs/are as followsAll vectorsBy comparison, ENSKY (S)i) All vectors EP ofijRespectively with other modelsIs/are as followsAll vectorsComparing;
3) for all models EMiAll the steps are carried out once 2), and finally, a result overall diagnosis model is obtained:
the result is still an encrypted state;
4) the cloud computing server sends the encrypted global diagnosis model EGM to all medical center terminals;
step four, reading a fusion result:
1) the medical center terminal decrypts the diagnosis model EGM to obtain the final directly used general diagnosis model
Further, the encrypting the diagnostic model specifically includes:
(1) each medical center terminal has a local diagnosis model generated by the case data of the center, and the model is composed of a matrix:
is shown in which { Pi1…PisForm the model upper limit PSKY (S)i),{Pi(s+1)…PitForm the lower limit NSKY (S) of the modeli);
(2) The medical center terminal selects some random integers rijkAnd performing an encryption operation of encrypting each element in the diagnostic model by using a public key N;
(3) after encryption is completed, the medical center terminal can obtain an encrypted local diagnosis model:
wherein { EPi1…EPisForm the upper limit of the model EPSKY (S)i),{EPi(s+1)…EPitLower limit of composition model ENSKY (S)i);
(4) Then the medical center terminal generates a signatureWhere TS is a time stamp and SI is a sessionThe ID is used to defend against potential replay attacks;
(5) and finally, the medical center terminal packages the encrypted local diagnosis model:
and sending the data to a cloud computing server.
Further, the comparing the local diagnostic model specifically includes:
(1) cloud computing server slave { EPSKY (S)1)…EPSKY(Sn) Choose two vectors EP inijAndwherein i is not equal to i',two random integers are selected, rc,rc′Satisfy | rc′|=α/2;
(2) For all k-1, …, m, the cloud computing server performs the following calculations:
(3) then the cloud computing server obtains a fused vector AEPij=(acpij1,…,acpijm) The cloud computing server then obtains the private key sk of the cloud computing serverCComputing vector AEPijAnd obtainWherein
(4) Then the cloud computing server randomly selects one medical center terminal from all medical center terminals as a computing terminal and uses the computing terminal as a serverIs sent to a computing terminal, whereinAt the same time willIs sent to all medical center terminals, wherein
(5) Received by other medical center terminalAfter that, useDecrypting to obtain AEPij||CS||TS||SI||SigCSAnd verifying its validity;
(6) using self-stored private keysComputingWhereinThen the medical center terminal except the computing terminal calculates itselfIs sent to a computing terminal, wherein
(7) Receiving cloud server by computing terminalAnd other n-1Of medical centre terminalsThen, the computing terminal firstly carries out decryption and verification on validity;
(8) fromSelecting v (v ≧ u) elements, establishing a mapping relation to ADS, and performing AEPijDecryption is performed by performing the following operations:
(9) calculating terminal Final pass t'ijkTo determine EPijAndthe relationship of (1): if all of t'ijkIf | is greater than N/2, the computing terminal can concludeDominating EPijI.e. EPijCan be left off; if all of t'ijkIf < N/2, the computing terminal can conclude EPijDominatingNamely, it isCan be left off; otherwise, the computing terminal concludes that the EP is presentijAndthere is no relationship, both vectors remain;
(10) finally, the computing terminal generates the signatureWherein VR isijIs EPijAndwill then beAnd returning the data to the cloud computing server.
Another object of the present invention is to provide a privacy-protected multiparty diagnostic model fusion system running the privacy-protected multiparty diagnostic model fusion method, the privacy-protected multiparty diagnostic model fusion system comprising:
the trusted authority is used for providing a trusted key for the cloud computing server and the medical center terminal, and the key is used for encrypting and decrypting the local diagnosis model and verifying data transmission;
the medical center terminal is used for storing and generating a local diagnosis model and sending the model to the cloud computing server after encrypting the model; and receiving the model fusion computing task issued by the cloud computing server, locally decrypting the model data, computing, and then sending the computing result to the cloud computing server.
The cloud computing server is used for storing the encrypted local diagnosis models sent by the medical center terminals, distributing and fusing computing tasks and receiving computing results; completing the fusion of the diagnosis model.
The trusted authority further comprises:
the key generation module comprises an authentication key generation submodule, a session key generation submodule, a main private key generation submodule and a main private key decomposition submodule:
the authentication key generation submodule is used for generating an authentication key pair which is used for ensuring that a data receiver confirms that the data content is correct;
a session key generation submodule for generating a session key pair for making a data receiving side confirm that data originates from an intended transmitting side;
and the main private key generation sub-module and the main private key decomposition sub-module are used for generating a main private key, decomposing the main private key into distribution private keys and sending the distribution private keys to the medical center terminal and the cloud computing server. The private key is assigned to encrypt the model.
The medical center terminal further includes:
the model fusion module comprises a local model generation submodule, a data decryption submodule and a fusion calculation submodule; the cloud computing server is used for generating a patient data model, decrypting data sent by the cloud computing server, fusing computing tasks and finally sending a computing result back to the cloud computing server;
the medical center security support module comprises an encryption sending submodule, a key storage submodule and a decryption authentication submodule, and is used for encrypting the local diagnosis model and sending the encrypted local diagnosis model to the cloud computing server, confirming the source and the correctness of data when the data are received, storing keys sent by other terminals and sharing the own distributed private key when the other terminals or the cloud computing server need to distribute the private key.
The cloud computing server further comprises:
the model assistance fusion module comprises a diagnosis model receiving sub-module, a fusion task issuing sub-module and a global model generating sub-module; the system comprises a medical center terminal, a local diagnosis module, a model fusion module, a local diagnosis module and a local diagnosis module, wherein the local diagnosis module is used for receiving an encrypted local diagnosis model sent by the medical center terminal, issuing a calculation task of model fusion, receiving calculation results of all parties and fusing the results into a global diagnosis model;
the cloud server security support module comprises a secret key storage submodule, an encryption sending submodule and a decryption authentication submodule; the system is used for storing keys sent by other terminals, encrypting and sending data, confirming the source and the correctness of the data when the data is received, and sharing the own distributed private key when other terminals need to distribute the private key.
The invention also aims to provide a cloud server for operating the privacy-protecting multi-party diagnosis model fusion method.
Another object of the present invention is to provide an online medical diagnosis system running the privacy-preserving multiparty diagnosis model fusion method.
In summary, the advantages and positive effects of the invention are: the invention realizes the privacy protection of data resources; the data is encrypted before being transmitted, and the encryption state is kept in the data processing process, so that the privacy and the safety of the data are greatly improved, and the data leakage of a medical center terminal is prevented; the fault-tolerant mechanism of the fusion of the diagnostic models is realized, and under the support of a decryption threshold value technology, even if a small number of medical center terminals cannot work due to force-inefficacy factors, the fusion results of the diagnostic models can still be correctly calculated. Meanwhile, the threshold value can be set according to different environmental elasticity. The cloud computing server has strong computing capacity, can rapidly complete a large amount of data processing, and greatly improves the efficiency of model fusion. Experiments show that in the scheme, the total time of the cloud computing server for performing the one-time fusion computing is not more than 1ms, and compared with the scheme based on the random disturbance and the paillier encryption, the efficiency is improved by about 10 times. The cost of the cloud computing server and the medical center terminal, which are communicated once, does not exceed 100KB, and the cost is saved by about 20 times compared with the scheme of random disturbance and paillier encryption. Meanwhile, the diagnosis accuracy of the fused global diagnosis model is 97%, and compared with a scheme based on a local diagnosis model, the diagnosis accuracy is improved by 30%.
Drawings
Fig. 1 is a flowchart of a privacy-preserving multi-party diagnosis model fusion method according to an embodiment of the present invention.
FIG. 2 is a schematic structural diagram of a privacy-preserving multi-party diagnosis model fusion system provided by an embodiment of the present invention;
fig. 3 is a flowchart of system initialization according to an embodiment of the present invention.
Fig. 4 is a flowchart of a medical center terminal according to an embodiment of the present invention.
FIG. 5 is a flow chart of diagnostic model fusion provided by an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the existing online medical diagnosis service method, the diagnosis model is single, and no encryption exists in the data transmission process; the problems of low diagnosis accuracy, data leakage and incapability of protecting the privacy of a user can be caused in application; the invention provides a multi-party diagnosis model fusion method for privacy protection; on the premise of ensuring the privacy of the local diagnosis model of the hospital, the local diagnosis models of all medical centers are fused to generate a more accurate global diagnosis model.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, the privacy-protected multi-party diagnosis model fusion method provided by the embodiment of the present invention includes the following steps:
s101: initializing system parameters, randomly selecting security parameters required in the data processing process by a trusted authority, and generating keys required in the encryption and authentication processes;
s102: encrypting the local diagnosis model, screening and generating the local diagnosis model by the medical center terminal, encrypting the local diagnosis model by using a distribution key distributed by a trusted authority, and then sending the encrypted local diagnosis model to the cloud computing server;
s103: the cloud computing server fuses the local diagnosis model, the cloud computing server selects one medical center terminal as a computing terminal after receiving the local diagnosis model and issues computing tasks, and meanwhile all the medical center terminals and the cloud computing server send the distribution keys held by the medical center terminals and the cloud computing server to the rest of terminals. And the computing terminal decrypts the encrypted diagnosis model sent by the cloud computing server by using the received distribution key, calculates a fusion result and returns the final calculation result to the cloud computing server. The cloud computing server integrates all computing results to generate an encrypted global diagnosis model;
s104: the medical center terminal obtains the global diagnosis model, the cloud computing server sends the encrypted global diagnosis model to all the medical center terminals, and the medical center terminals decrypt the encrypted global diagnosis model by using the received distribution keys to finally obtain the global diagnosis model.
The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.
As shown in fig. 2, the privacy-protected multi-party diagnosis model fusion system provided by the embodiment of the present invention includes three components, namely, a trusted authority, a medical center terminal, and a cloud computing server. Wherein:
the trusted authority completes system initialization, sets some parameters and distributes keys according to the number of the terminals and the servers.
The medical center terminal generates a local patient data model, encrypts the data model and sends the encrypted data model to the cloud computing server, receives computing tasks from the cloud computing server, shares keys with other terminals and returns computing results to the cloud computing server;
the cloud computing server receives the diagnosis model sent by the medical center terminal, selects two vectors of the two models each time for comparison, issues a computing task, receives a computing result, and finally fuses a global diagnosis model.
The trusted authority comprises: and a key generation module.
The key generation module is used for generating an initial key of the whole system. Firstly, setting a security parameter alpha and two large prime numbers p and q, and then calculating a public key N and a main private key lambda;
the module cuts and distributes the main private key to 1 cloud computing server of n medical center terminals. That is, it needs to calculate the parameter δ, and then generate n +1 cut private keys q (x) by using the formula q (x)i) And sending the data to a medical center terminal and a cloud computing server.
A medical center terminal, comprising: the model fusion module and the medical center safety support module.
The medical center safety support module is used for encrypting the diagnosis model and sending the diagnosis model to the cloud computing server, and decrypting, authenticating, storing and sharing the received data and the key. Wherein the key store is used to store private keys distributed by a trusted authorityAnd the authentication public key and the session key of other terminals, and share the own private distribution key when other medical center terminals need to decrypt. The module can also encrypt a local diagnosis model through a paillier encryption system and encrypt the encrypted diagnosis model, namely the matrix EMiAnd sending the data to a cloud computing server.
The model fusion module is used for integrating case data to generate a local diagnosis model, namely a matrix LMi() Wherein the upper half zone is the upper limit point of the diagnostic model and the lower half zone is the lower limit point of the diagnostic model. Each row of row vectors represents a case data, each column represents a diagnostic parameter; and the system is also used for receiving the fusion computing task issued by the cloud computing server, namely the comparison of the vectors. Firstly, v (v is more than or equal to u) private keys shared by other medical center terminals and the cloud computing server are needed to decrypt the received encrypted data. Then, the vector sizes can be compared to obtain the relationship between the vectors. And finally, only sending the calculation result, namely the vector relation, back to the cloud computing server.
The cloud computing server comprises a cloud server security support module and a model assistance fusion module.
The security module is used for storing a private key sk sent by a trusted authorityCAnd the authentication public key and the session key of other terminals are also used for carrying out a series of decryption calculations on the encrypted diagnosis model and sharing the calculation results to the required medical center terminal.
The model assisting fusion module is used for fusing the diagnosis models of all the medical centers into a global diagnosis model. The module can receive local diagnosis models of all medical centers, select two models each time to issue comparison calculation tasks, then receive calculation results, abandon vectors dominated by other vectors, and form upper and lower limits of the models again, and finally fuse the models into a whole diagnosis model.
The privacy-preserving multi-party diagnosis model fusion method provided by the embodiment of the invention comprises the following steps:
step 1, initializing system parameters.
1.1) the trusted authority selects a security parameter α and two large prime numbers p, q, where | p | ═ q | ═ α;
1.2) the trusted authority calculates the public key N ═ pq using the parameters, the private key λ ═ 1cm (p-1, q-1) and then the trusted authority selects a generator g, for example g ═ a2NWherein a is oneRandom number (g ═ 1+ N is defined in the present invention for the sake of simplicity of calculation);
1.3) to resolve the private key, the trusted authority first calculates a parameter δ, where δ ≡ 0 mod λ and δ ≡ 1mod N2. Then setting a threshold value u less than the maximum number of terminals and defining a formulaWherein a is1,a2,…,au-1Is thatMedium u-1 random numbers;
1.4) mixingIn which n +1 different non-zero elements alpha0,α1,…,αnAnd substituting to obtain n +1 different results, namely, the mechanism divides the private key into n +1 parts. And the data is distributed to all n medical center terminals and cloud computing servers;
1.6) the trusted authority thenSelects a random number as its authentication private key ASKTAAnd calculates its authentication public key
1.7) finally the trusted authority selects a secure symmetric encryption algorithm E (), AES, a cryptographic hash functionAnd publish these system parameters
1.8) each medical centre terminal obtains its own distribution key and system parameters from a trusted authority. Meanwhile, the medical center terminal generates an authentication private key of the medical center terminal according to the step 1.6)And authenticating the public key
1.9) finally, the medical center terminal issues the authentication public keyAnd negotiate with other medical center terminals to generate session keys
and 2, encrypting and sending the local diagnosis model.
2.1) each medical centre terminal has a local diagnostic model generated from the data of the case in the centre, which model is formed by a matrix:
is shown in which { Pi1…PisForm the model upper limit PSKY (S)i),{Pi(s+1)…PitForm the lower limit NSKY (S) of the modeli);
2.2) the medical centre terminal selects some random integers rijkAnd performing an encryption operation of encrypting each element in the diagnostic model by using a public key N;
2.3) after the encryption is finished, the medical center terminal can obtain an encrypted local diagnosis model:
wherein { EPi1…EPisForm the upper limit of the model EPSKY (S)i),{EPi(s+1)…EPitForm a model lower limit ENSKY (S)i);
2.4) then the terminal of the medical centre generates a signatureWhere TS is a time stamp and SI is a session ID to defend against potential replay attacks;
2.5) finally, the medical center terminal sends the encrypted local diagnosis model package:
and sending the data to a cloud computing server.
And 3, fusing the diagnosis models.
3.1) after the cloud computing server receives the diagnosis model packages sent by all the medical terminals, aiming at each diagnosis model packageThe cloud computing server is used firstlySession keyDecryption acquisition
3.2) the cloud computing service then checks TS, SI, andwhether it is valid, e.g. whether it is verifiedIf yes, proceeding to next step, otherwise discarding the packet;
3.3) then the cloud computing server fuses the received local diagnosis models. The fusion model discards some useless vector points in the matrix by comparison, and the comparison steps are as follows:
3.3.1) cloud computing Server from { EPSKY (S)1)…EPSKY(Sn) Choose two vectors EP inijAndwherein i is not equal to i',two random integers are then selected, rc,rc′Satisfy | rc′|=α/2;
3.3.2) for all k ═ 1, …, m, cloud computing servers, the following calculations were performed:
3.3.3) the cloud computing Server obtains a fused vector AEPij=(acpij1,…,acpijm) The cloud computing server then obtains the private key sk of the cloud computing serverCTo calculate the vector AEPijAnd obtainWherein
3.3.4) then the cloud computing server randomly selects one medical center terminal from all the medical center terminals as a computing terminal and uses the computing terminal as a terminalIs sent to a computing terminal, whereinAt the same time willIs sent to all medical center terminals, wherein
3.3.5) receipt by the other medical center terminalsThen, first useDecrypting to obtain AEPij||CS||TS||SI||SigCSAnd verifying its validity;
3.3.6) then with its own stored private keyComputingWhereinThen the medical center terminal except the computing terminal calculates itselfIs sent to a computing terminal, wherein
3.3.7) the computing terminal receives the cloud serverAnd other n-1 medical centre terminalsThen, the computing terminal firstly decrypts and verifies the validity of the decryption and the verification;
3.3.8) then fromSelecting v (v ≧ u) elements, establishing a mapping relation to ADS, and performing AEPijDecryption is performed by performing the following operations:
3.3.9) calculating terminal Final pass t'ijkTo determine EpijAndthe relationship of (1): if all of t'ijkIf | is greater than N/2, the computing terminal can concludeDominating EPijI.e. EPijCan be left off; if all of t'ijkIf | is greater than N/2, the computing terminal can conclude that EPijDominatingNamely, it isCan be left off; otherwise, the computing terminal concludes that the EP is presentijAndthere is no relationship, both vectors remain;
3.3.10) final computation terminal generates signatureWherein VR isijIs EPijAndwill then beReturning to the cloud computing server;
3.4) the cloud computing server receives the computing resultAnd then first decrypt and verify its validity. EP's can then be obtainedijAnda dominance relationship of (c);
3.5) finally, determining EPSKY (S) by using the above stepsi) The cloud computing server obtains a series of EPSKY (S) vectors that are not processed by any EPSKYi) And i is 1, 2, …, a point epky(s) where n is dominant from above. The corresponding further series is not subject to any ENSKY (S)i) A point enky(s) where i is 1, 2, …, and n is dominant from below may be obtained by the same operation;
3.6) EPKY (S) and ENKY (S) form the encrypted fusion result EGM (the encrypted synthesized diagnosis model), and EPKY (S) { EG (EG) { EG) }1,…,EGs′And enky(s) { EG(s′+1),…,EGt′}, the diagnostic model fusion result can be expressed as:
3.7) the elements in the EGM are still encrypted by the public key N at this time. Then, the cloud computing server computes elements of the partMake up EGM(CS)And generates a signatureThen sending the encrypted global diagnostic model packageTo all medical center terminals.
And 4, reading the fusion result.
4.1) the medical center terminal receives the encrypted global diagnosis model packetThen, each medical center terminal firstly decrypts and verifies the validity of the medical center terminal;
4.2) then each medical centre terminal uses its own private key for distributionComputingTo obtainThen self-owned through a secure channelSharing the information to other medical center terminals;
4.3) as long as there are v (v is more than or equal to u) partial decrypted ciphertextsWhen shared, the global diagnostic model can be recovered by the following steps:
4.3.2) the medical centre terminal performs the following calculation to obtain each element g in the EGMij:
4.4) finally by decrypting each element in the EGM with the above steps, all the medical center terminals can get pky(s) ═ G1,…,Gs′And nky(s) ═ G(s′+1),…,Gt′And constructing a global diagnosis model:
the above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (7)
1. A privacy-protected multi-party diagnosis model fusion method is characterized by comprising the following steps:
initializing system parameters, randomly selecting security parameters required in a data processing process by a trusted authority, and generating a key required in encryption and authentication processes;
step two, screening and generating a local diagnosis model, encrypting the local diagnosis model by using the distributed distribution key, and then sending the encrypted local diagnosis model;
step three, fusing local diagnosis models, selecting one medical center terminal as a computing terminal after receiving the local diagnosis models, issuing computing tasks, and sending the distribution key held by the medical center terminal to other terminals; decrypting the transmitted encrypted diagnosis model by using the received distribution key, calculating a fusion result, and returning a final calculation result; generating an encrypted global diagnostic model;
the terminal obtains a global diagnosis model, sends the encrypted global diagnosis model to all medical center terminals, and decrypts by using the received distribution key to obtain the global diagnosis model;
the privacy-protecting multi-party diagnosis model fusion method specifically comprises the following steps:
step one, initializing system parameters:
(1) the trusted authority selects a secure parameter α and two large prime numbers p and q, where | p | ═ q | ═ α;
(2) calculating to obtain a public key PK ═ N ═ pq and a private key SK ═ λ ═ lcm (p-1, q-1); the trusted authority selects a generator g;
(3) calculating delta according to the N and the lambda in the step (2), then setting a threshold value u which is less than the number N of the medical center terminals, and defining a formulaTo resolve the private key, the trusted authority first computes a parameter δ, where δ ≡ 0 mod λ and δ ≡ 1mod N2Then setting a threshold u less than the maximum number of terminals and defining a formulaWherein a is1,a2,…,au-1Is thatMedium u-1 random numbers;
(4) the trusted authority divides the private key SK into n +1 distribution keys SK q (α) according to q (x)i) I is 0, 1, 2 … n and is sent to n medical center terminals anda cloud computing server;
(6) The trusted authority then followsSelects a random number as its authentication private key ASKTAAnd calculates its authentication public key
(7) Finally, the trusted authority selects a secure symmetric encryption algorithm E()AES, a cryptographic hash functionAnd publishing the system parameters
(8) Each medical center terminal obtains a distribution key of the medical center terminal from a trusted authority; meanwhile, the medical center terminal generates an authentication private key thereof according to the step (6)And authenticating the public key
(9) Finally, the medical center terminal issues an authentication public keyAnd negotiate session keys with other medical center terminals
step two, encrypting the local diagnosis model:
(1) the medical centre terminal generates a diagnosis model for the parameters of each case:
wherein { Pi1 … PisForm the model upper limit PSKY (S)i),{Pi(s+1) … PitLower limit of composition model NSKY (S)i);
(2) Then each item of data pijkRespectively encrypted to form:
sending to a cloud computing server, wherein { EPi1 … EPisForm the upper limit of the model EPSKY (S)i),{EPi(s+1) … EPitLower limit of composition model ENSKY (S)i);
Step three, fusing the diagnosis models:
1) the cloud computing server receives all EMi,i=1,......,n;
2) Cloud computing server applies model EMiMiddle EPSKY (S)i) All vectors EP ofijRespectively with other models EMi′EPSKY (S) ofi′) All vector EPi′j′By comparison, ENSKY (S)i) All vectors EP ofijRespectively with other models EMi′ENSKY (S) ofi′) All vector EPi′j′Comparing;
3) for all models EMiAll go intoAnd (5) performing the step 2), and finally obtaining a result overall diagnosis model:
the result is still an encrypted state;
4) the cloud computing server sends the encrypted global diagnosis model EGM to all medical center terminals;
step four, reading a fusion result:
1) the medical center terminal decrypts the diagnosis model EGM to obtain the final directly used general diagnosis model
2. The privacy-preserving multi-party diagnostic model fusion method as claimed in claim 1, wherein the encrypting the diagnostic model specifically comprises:
(1) each medical center terminal has a local diagnosis model generated by the case data of the center, and the model is composed of a matrix:
is shown in which { Pi1 … PisForm the model upper limit PSKY (S)i),{Pi(s+1) … PitForm the lower limit NSKY (S) of the modeli);
(2) The medical center terminal selects some random integers rijkAnd performing an encryption operation of encrypting each element in the diagnostic model by using a public key N;
(3) after encryption is completed, the medical center terminal can obtain an encrypted local diagnosis model:
wherein { EPi1 … EPisForm the upper limit of the model EPSKV (S)i),{EPi(s+1) … EPitLower limit of composition model ENSKY (S)i);
(4) Then the medical center terminal generates a signatureWhere TS is a time stamp and SI is a session ID to defend against potential replay attacks;
(5) and finally, the medical center terminal packages the encrypted local diagnosis model:
and sending the data to a cloud computing server.
3. The privacy-preserving multi-party diagnostic model fusion method as claimed in claim 1, wherein the comparing of the local diagnostic models specifically includes:
(1) cloud computing server slave { EPSKY (S)1)…EPSKY(Sn) Choose two vectors EP inijAnd EPi′j′Wherein i is not equal to i',two random integers are selected, rc,rc′Satisfy | rc′|=α/2;
(2) For all k-1, …, m, the cloud computing server performs the following calculations:
(3) then the cloud computing server obtains a fused vector AEPij=(acpij1,…,acpijm) The cloud computing server then obtains the private key sk of the cloud computing serverCComputing vector AEPijAnd obtainWherein
(4) Then the cloud computing server randomly selects one medical center terminal from all medical center terminals as a computing terminal and uses the computing terminal as a serverIs sent to a computing terminal, whereinAt the same time willIs sent to all medical center terminals, wherein
(5) Received by other medical center terminalAfter that, useDecrypting to obtain AEPij||CS||TS||SI||SigCSAnd verifying its validity;
(6) using self-stored private keysComputingWhereinThen the medical center terminal except the computing terminal calculates itselfIs sent to a computing terminal, wherein
(7) Receiving cloud server by computing terminalAnd other n-1 medical centre terminalsThen, the computing terminal firstly carries out decryption and verification on validity;
(8) fromSelecting v (v ≧ u) elements, establishing a mapping relation to ADS, and performing AEPijDecryption is performed by performing the following operations:
(9) calculating terminal Final pass t'ijkTo determine EPijAnd EPi′j′The relationship of (1): if all of t'ijkIf | is greater than N/2, the computing terminal can conclude that EPi′j′Dominating EPijI.e. EPijCan be left off; if all of t'ijkIf < N/2, the computing terminal can conclude EPijDominating EPi′j′I.e. EPi′j′Can be left off; otherwise, the computing terminal concludes that the EP is presentijAnd EPi′j′There is no relationship, both vectors remain;
4. A privacy-preserving multiparty diagnostic model fusion system for operating the privacy-preserving multiparty diagnostic model fusion method of claim 1, wherein the privacy-preserving multiparty diagnostic model fusion system comprises:
the trusted authority is used for providing a trusted key for the cloud computing server and the medical center terminal, and the key is used for encrypting and decrypting the local diagnosis model and verifying data transmission;
the medical center terminal is used for storing and generating a local diagnosis model and sending the model to the cloud computing server after encrypting the model; receiving a model fusion computing task issued by a cloud computing server, locally decrypting model data, computing, and then sending a computing result to the cloud computing server;
the cloud computing server is used for storing the encrypted local diagnosis models sent by the medical center terminals, distributing and fusing computing tasks and receiving computing results; completing the fusion of the diagnosis model.
5. The privacy-preserving multi-party diagnostic model fusion system of claim 4, wherein the trusted authority further comprises:
the key generation module comprises an authentication key generation submodule, a session key generation submodule, a main private key generation submodule and a main private key decomposition submodule:
the authentication key generation submodule is used for generating an authentication key pair which is used for ensuring that a data receiver confirms that the data content is correct;
a session key generation submodule for generating a session key pair for making a data receiving side confirm that data originates from an intended transmitting side;
the main private key generation sub-module and the main private key decomposition sub-module are used for generating a main private key, decomposing the main private key into distribution private keys and sending the distribution private keys to the medical center terminal and the cloud computing server; the private key is assigned to encrypt the model.
6. The privacy-preserving multi-party diagnostic model fusion system of claim 4, wherein the medical center terminal further comprises:
the model fusion module comprises a local model generation submodule, a data decryption submodule and a fusion calculation submodule; the cloud computing server is used for generating a patient data model, decrypting data sent by the cloud computing server, fusing computing tasks and finally sending a computing result back to the cloud computing server;
the medical center security support module comprises an encryption sending submodule, a key storage submodule and a decryption authentication submodule, and is used for encrypting the local diagnosis model and sending the encrypted local diagnosis model to the cloud computing server, confirming the source and the correctness of data when the data are received, storing keys sent by other terminals and sharing the own distributed private key when the other terminals or the cloud computing server need to distribute the private key.
7. The privacy-preserving multi-party diagnostic model fusion system of claim 4, wherein the cloud computing server further comprises:
the model assistance fusion module comprises a diagnosis model receiving sub-module, a fusion task issuing sub-module and a global model generating sub-module; the system comprises a medical center terminal, a local diagnosis module, a model fusion module, a local diagnosis module and a local diagnosis module, wherein the local diagnosis module is used for receiving an encrypted local diagnosis model sent by the medical center terminal, issuing a calculation task of model fusion, receiving calculation results of all parties and fusing the results into a global diagnosis model;
the cloud server security support module comprises a secret key storage submodule, an encryption sending submodule and a decryption authentication submodule; the system is used for storing keys sent by other terminals, encrypting and sending data, confirming the source and the correctness of the data when the data is received, and sharing the own distributed private key when other terminals need to distribute the private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811163660.6A CN109194523B (en) | 2018-10-01 | 2018-10-01 | Privacy protection multi-party diagnosis model fusion method and system and cloud server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811163660.6A CN109194523B (en) | 2018-10-01 | 2018-10-01 | Privacy protection multi-party diagnosis model fusion method and system and cloud server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109194523A CN109194523A (en) | 2019-01-11 |
CN109194523B true CN109194523B (en) | 2021-07-30 |
Family
ID=64946993
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811163660.6A Active CN109194523B (en) | 2018-10-01 | 2018-10-01 | Privacy protection multi-party diagnosis model fusion method and system and cloud server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109194523B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110728291B (en) * | 2019-07-12 | 2022-02-22 | 之江实验室 | Feature importance ranking system based on random forest algorithm in multi-center mode |
CN110362586B (en) * | 2019-07-12 | 2021-08-03 | 之江实验室 | Multi-center biomedical data cooperative processing system and method without patient data sharing |
CN110611567B (en) * | 2019-09-20 | 2022-01-18 | 福州大学 | Privacy protection medical diagnosis and treatment system based on non-deterministic finite automaton |
CN110796267A (en) * | 2019-11-12 | 2020-02-14 | 支付宝(杭州)信息技术有限公司 | Machine learning method and machine learning device for data sharing |
CN111159727B (en) * | 2019-12-11 | 2022-12-09 | 西安交通大学医学院第一附属医院 | Multi-party cooperation oriented Bayes classifier safety generation system and method |
CN111832040A (en) * | 2020-05-27 | 2020-10-27 | 福建亿能达信息技术股份有限公司 | Risk coefficient evaluation system, device and medium based on public and private key encryption |
CN112133423A (en) * | 2020-08-28 | 2020-12-25 | 北京世纪互联宽带数据中心有限公司 | Medical data processing method and device based on edge calculation and network equipment |
CN112347473B (en) * | 2020-11-06 | 2022-07-26 | 济南大学 | Machine learning security aggregation prediction method and system supporting bidirectional privacy protection |
CN113254989B (en) * | 2021-04-27 | 2022-02-15 | 支付宝(杭州)信息技术有限公司 | Fusion method and device of target data and server |
CN113517065B (en) * | 2021-05-31 | 2022-05-24 | 湖北工业大学 | Cloud-assisted decision tree model diagnosis system and method for protecting medical data privacy |
CN113794685B (en) * | 2021-08-16 | 2023-09-29 | 德威可信(北京)科技有限公司 | Data transmission method and device based on credibility assessment |
CN117411652A (en) * | 2022-07-08 | 2024-01-16 | 抖音视界有限公司 | Data processing method, electronic device and computer readable storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104915608A (en) * | 2015-05-08 | 2015-09-16 | 南京邮电大学 | Privacy protection type data classification method for information physical fusion system |
CN105577368A (en) * | 2016-01-14 | 2016-05-11 | 西安电子科技大学 | Two-way privacy protective system and method for inquiring medical diagnostic service |
CN105897742A (en) * | 2016-05-26 | 2016-08-24 | 北京航空航天大学 | Anonymous identity-based access control method applicable to electronic healthy network |
CN107635018A (en) * | 2017-10-30 | 2018-01-26 | 福州大学 | Support the cross-domain medical cloud storage system of urgent access control and safe duplicate removal |
-
2018
- 2018-10-01 CN CN201811163660.6A patent/CN109194523B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104915608A (en) * | 2015-05-08 | 2015-09-16 | 南京邮电大学 | Privacy protection type data classification method for information physical fusion system |
CN105577368A (en) * | 2016-01-14 | 2016-05-11 | 西安电子科技大学 | Two-way privacy protective system and method for inquiring medical diagnostic service |
CN105897742A (en) * | 2016-05-26 | 2016-08-24 | 北京航空航天大学 | Anonymous identity-based access control method applicable to electronic healthy network |
CN107635018A (en) * | 2017-10-30 | 2018-01-26 | 福州大学 | Support the cross-domain medical cloud storage system of urgent access control and safe duplicate removal |
Non-Patent Citations (1)
Title |
---|
WBAN网络中条件隐私保护的远程用户认证方案;曹进 等;《通信学报》;20160425;第1-9页 * |
Also Published As
Publication number | Publication date |
---|---|
CN109194523A (en) | 2019-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109194523B (en) | Privacy protection multi-party diagnosis model fusion method and system and cloud server | |
CN110084068B (en) | Block chain system and data processing method for block chain system | |
US10903991B1 (en) | Systems and methods for generating signatures | |
US6915434B1 (en) | Electronic data storage apparatus with key management function and electronic data storage method | |
EP2721765B1 (en) | Key generation using multiple sets of secret shares | |
US9065637B2 (en) | System and method for securing private keys issued from distributed private key generator (D-PKG) nodes | |
KR100406754B1 (en) | Forward-secure commercial key escrow system and escrowing method thereof | |
US8683209B2 (en) | Method and apparatus for pseudonym generation and authentication | |
CN110830245B (en) | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate | |
CN110881177B (en) | Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing | |
US20040165728A1 (en) | Limiting service provision to group members | |
CN112187798B (en) | Bidirectional access control method and system applied to cloud-side data sharing | |
CN110913390B (en) | Anti-quantum computing Internet of vehicles method and system based on identity secret sharing | |
CN107248980B (en) | Mobile application recommendation system and method with privacy protection function under cloud service | |
CN111159766A (en) | Network car booking service method and system with privacy protection function and storage medium | |
CN116707854A (en) | Robust cloud storage access control method based on attribute encryption | |
CN110880969A (en) | Method and system for generating QKD network authentication key based on alliance chain and implicit certificate | |
CN116709303B (en) | Satellite edge calculation method and device for remote monitoring | |
CN117118759B (en) | Method for reliable use of user control server terminal key | |
CN116723511B (en) | Position management method and system for realizing privacy protection in Internet of vehicles and Internet of vehicles | |
CN111740986B (en) | System and method for realizing data sharing control based on identification cipher technology | |
CN112671729B (en) | Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium | |
CN115278657A (en) | V2I communication system and method with privacy protection function in Internet of vehicles | |
CN113886781A (en) | Multi-authentication encryption method, system, electronic device and medium based on block chain | |
CN118018320A (en) | Data sharing method, system and device free of key delegation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |