CN110010215B - Health record management system - Google Patents

Health record management system Download PDF

Info

Publication number
CN110010215B
CN110010215B CN201910265899.2A CN201910265899A CN110010215B CN 110010215 B CN110010215 B CN 110010215B CN 201910265899 A CN201910265899 A CN 201910265899A CN 110010215 B CN110010215 B CN 110010215B
Authority
CN
China
Prior art keywords
client
health
server
file
core server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910265899.2A
Other languages
Chinese (zh)
Other versions
CN110010215A (en
Inventor
郭瑞娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiali Beijing Health Technology Co ltd
Original Assignee
Jiali Beijing Health Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiali Beijing Health Technology Co ltd filed Critical Jiali Beijing Health Technology Co ltd
Priority to CN201910265899.2A priority Critical patent/CN110010215B/en
Publication of CN110010215A publication Critical patent/CN110010215A/en
Application granted granted Critical
Publication of CN110010215B publication Critical patent/CN110010215B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a health archive management system, which comprises a plurality of clients, a core server and a browsing server, wherein the clients and health consultants use the clients to log in the core server together to download and modify health archives, and the clients can independently use the clients to log in the browsing server to check the health archives of the clients. The system ensures the privacy of client data on the basis of controlling the health record modification authority.

Description

Health record management system
Technical Field
The invention belongs to the field of computers, and particularly relates to a health archive management system.
Background
Nowadays, people pay more and more attention to their health, but ordinary people often lack knowledge and ability related to health management. Companies specialized in providing health services have emerged that can provide personalized, modern health management for users.
Referring to fig. 1, there is shown some health management functions that a health services company may provide to the enterprise for information collection and health profile creation, health level management, health maintenance and promotion, health assessment and improvement. To provide health services, health service companies typically need to maintain a health profile for a customer, recording all of the customer's health information and health management information. However, in the actual service process, many customers regard their health information as their privacy information, and need to protect their health information in privacy, which puts high demands on the management of health records.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a health file management system.
The technical scheme adopted by the invention is as follows:
a health record management system comprises a client, a browsing server and a core server, wherein
The client is used for logging in the browsing server by the client to browse the health file of the client, and is used for logging in the core server by the client and the health consultant simultaneously to modify the health file of the client;
the core server is used for storing the health file of the client, providing the health file modification function for the client and pushing the modified health file to the browsing server;
the browsing server is used for receiving the health file pushed by the core server and providing a browsing function of the health file for the client, but does not receive the modification of the health file by the client;
after the client and the health advisor use the client to log in the core server at the same time, the specific process of modifying the profile includes:
(1) the health consultant generates a new health file on the client, the client sends an uploading request to the core server, and the core server sends a random challenge number C to the client after receiving the uploading request;
(2) setting the new health file as file, the password of the health advisor as PW1, and the password of the client as PW2, the client calculates the encryption result R1The following were used:
R1=E1(E2(file),C)
wherein E is1Is a symmetric encryption function, and the key used is the hash value of PW 1; e2Is also a symmetric encryption function, and the key used is PW 2;
(3) the client side sends the encryption result R to the client side1Sending to the core server, the core server encrypts the result R1Carrying out first-layer decryption to obtain a first-layer decryption result R2I.e. by
R2=D1(R1)
Wherein D is1Is with E1A corresponding decryption function;
(4) based on the first layer decryption result R2Including E2(file) and challenge number C, the core server firstly verifies whether the challenge number C is correct, if not, the core server directly refuses the encryption result(ii) a If correct, the core server obtains E2(file) as a health profile for the client;
(5) the core server generates a time stamp of the current time, and the time stamp is compared with R1The association is stored in the core server;
(6) the core server adds the time stamp to E2(file) is sent to the browsing server, which combines the timestamp with E2(file) associative storage;
(7) when the client needs to obtain the health file from the core server, the client sends a downloading request to the core server, and the core server responds to the downloading request and sends R1Sending the data to the client; the client decrypts R by using the hash value of PW11Obtaining E2(file), re-use PW2 to decrypt E2(file), the health profile is obtained.
Further, the process of the client browsing the health record by using the client comprises:
(1) a client inputs an account number and a password of the client on the client, and the client is connected with and logs in a browsing server;
(2) the client requests to download the health file of the client from the browsing server;
(3) the browsing server sends a client account and a timestamp of the client health record to the core server;
(4) the core server checks whether the health file of the client on the browsing server is the latest data or not based on the timestamp, if not, the core server sends the health file of the client and the corresponding timestamp to the browsing server again, and the browsing server stores the received health file and the timestamp in an associated manner;
(5) and the browsing server sends the health file of the client to the client, and the client decrypts the health file by using the password of the client and displays the health file to the client.
Further, the hash value of the client password and the hash value of the health advisor password are stored in the core server, and when the client logs in the core server, the client only needs to send the client account number and the two hash values to the core server, and the core server compares the hash values.
Further, the challenge number C is not less than 128 bits.
Further, according to an embodiment of the present invention, the browsing server stores a hash value of the client account and the password thereof, and when the client logs in the browsing server, the client sends the hash value of the client account and the password thereof to the browsing server, and the browsing server verifies the account and the hash value, and accepts login after the verification is correct.
Further, according to another embodiment of the present invention, the browsing server does not store the account and password information, and when the client logs in the browsing server, the browsing server forwards the received hash value of the client account and the client password to the core server, and the core server performs authentication and informs the browsing server of the authentication result.
The invention has the beneficial effects that: protecting the privacy of the health data of the client and controlling the modification authority of the health file.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:
FIG. 1 is a health management execution plan provided by a health services company.
Fig. 2 is a basic architecture diagram of the system of the present invention.
Detailed Description
The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are provided only for the purpose of illustrating the present invention and are not to be construed as limiting the present invention.
Generally, a health service company needs to provide a server to store a health profile of a client. On one hand, a client can acquire and browse the health record from the server by using the client; on the other hand, the health consultant of the health service company needs to modify the health profile according to the health management execution plan, such as updating the client physical examination data, making a health management plan, and so on. From a client standpoint, many clients desire to acquire and modify health profiles when permitted by a health advisor for privacy concerns; however, the health services company may only allow the client to view the health profile, not allow the client to modify the health profile on its own, and only allow the health advisor to modify the health profile. Based on the above considerations, a health profile management system cannot be implemented using a simple client server architecture.
In this regard, the health profile management system of the present invention uses two types of servers: a browsing server and a core server. Referring to fig. 2, the user can access the two servers through the network using the client, respectively. The health profile of the client is stored on both servers, but the health profile of the browsing server is obtained from the core server and can only be obtained from the core server, and cannot be modified in other ways. And the health record on the core server can be modified by uploading new data by the client.
In other words, the browsing server provides a browsing function of the health profile for the client, and the user connects to the browsing server through the client to obtain the health profile on the browsing server for the user to browse on the client. However, the user cannot modify the health profile on the browsing server through the client. The core server is used for providing a health file modification function for the client, and the user can connect with the core server through the client to obtain the health file on the core server and upload the health file to the core server after modifying the health file.
After obtaining the modified health record, the core server needs to push the health record to the browsing server, so that the data of the browsing server is synchronized with the core server. On the one hand, the requirement of a browsing function is met, and on the other hand, the browsing server of the invention also plays a role of data backup, and when an accident occurs, the data recovery of the core server can be carried out based on the browsing server.
The health record management system of the invention is summarized above, and based on the system architecture, the invention realizes privacy and security protection of health record data, and the following describes the health record management process in detail.
As previously mentioned, the management of health profiles involves two roles: a client and a health advisor for the client. In order to perform corresponding data protection, the client has an account and a password in the system, and the health advisor of the client also has the password. Therefore, the client and the health advisor thereof need to register in the system in advance, and the specific registration process is the same as the prior art and will not be described herein.
The health profile management of the present invention can be specifically divided into a profile modification process and a profile browsing process.
First, the process of modifying a profile is described, where modifying the profile requires the presence of a health advisor and a client at the same time, using the client to connect to the core server, and using the client's account number and password, and the health advisor's password to log in to the core server at the same time.
Specifically, the client may provide a corresponding login interface on which the client enters his account and password, and the health advisor also enters his password, and then the client logs in to the core server using this information. The core server only allows login if the client account number, client password, and health advisor password all match. The specific login process is similar to the prior art, and the hash values of the client password and the health advisor password are stored in the core server, so that the client does not need to send a specific password, only needs to send a client account number and the hash value to the core server, and the core server can carry out the verification by comparing the hash values.
The health advisor may modify or generate a new health profile on the client and instruct the client to upload the new health profile to the core server. At this time, the client needs to encrypt the health file and then upload the health file to the core server, and the uploading process is as follows:
(1) the client sends an uploading request to the core server, and the core server sends a random challenge number C to the client after receiving the uploading request.
The challenge C is to ensure the security of data uploading, and should be a random large number, and preferably, the challenge C is not lower than 128 bits.
(2) Setting the new health file as file, the password of the health advisor as PW1, and the password of the client as PW2, the client calculates the encryption result R1The following were used:
R1=E1(E2(file),C)
wherein E is1Is a symmetric encryption function, and the key used is the hash value of PW1, which is the same as the PW1 hash value used by the core server during login. The specific hash algorithm may use any one of those in the art.
E2Also a symmetric encryption function, the key used is PW 2.
Above E1And E2Any symmetric encryption algorithm known in the art may be used, such as the DES or AES algorithm.
(3) The client side sends the encryption result R to the client side1Sending to the core server, the core server encrypts the result R1Carrying out first-layer decryption to obtain a first-layer decryption result R2I.e. by
R2=D1(R1)
Wherein D is1Is with E1Corresponding decryption function, i.e. D1Is a function of decrypting the hash value of PW1 as a key.
(4) Based on the calculation process of the encryption result, the first layer decryption result R2Should include two parts, i.e. E2(file) and challenge number C. The core server firstly verifies whether the challenge number C is correct or not, and if not, the core server directly rejects the encryption result; if correct, the core server obtains E2(file) as the health profile of the client.
Due to E2The (file) is the health file encrypted by using the client password, and the core server only knows the hash value of the client password and does not know the specific client password, so the core server can not decrypt the client password to obtain the real health file, thereby ensuring the health fileThe data security of (2) has guaranteed customer privacy.
(5) The core server generates a time stamp of the current time, and the time stamp is compared with R1The association is stored in the core server.
The timestamp is used to indicate a last modification time of the health profile.
(6) The core server adds the time stamp to E2(file) is sent to the browsing server, which combines the timestamp with E2(file) associative storage.
According to step 6, after the health record is modified each time, the core server pushes the modified health record and the timestamp to the browsing server, so that the browsing server also objectively plays a role of a backup server, and the browsing server also cannot directly decrypt the health record.
(7) When the client needs to obtain the health file from the core server, the client sends a downloading request to the core server, and the core server responds to the downloading request and sends R1Sending the data to the client; the client decrypts R by using the hash value of PW11Obtaining E2(file), re-use PW2 to decrypt E2(file), the health profile is obtained.
It should be noted that, when the health advisor needs to modify the health profile of the client, if the health profile of the client already exists in the core server, the client first needs to obtain the health profile from the core server to provide the health advisor with the health profile for modification. Step 7 further ensures that the client can decrypt the health profile only if the client password and the health advisor password are obtained. On one hand, the client is not allowed to modify the health file independently, and on the other hand, the health file is acquired by the client, so that the privacy of the health file is ensured.
After the above-mentioned archive modification process, the browsing server stores the encrypted health archive of the client, and then the archive browsing process is explained based on the client and the browsing server.
(1) The client inputs the account number and the password on the client, and the client is connected with and logs in the browsing server.
The specific login mode is the same as that in the prior art, namely, the browsing server stores the hash value of the client account and the password thereof, the client sends the hash value of the client account and the password thereof to the browsing server, and the browsing server verifies the account and the hash value and accepts login after the verification is correct.
Based on another embodiment of the invention, the browsing server may not store the account and password information, but forwards the received hash value of the client account and the password to the core server, and the core server performs the verification and informs the browsing server of the verification result, and the browsing server determines whether to accept the login of the client based on the verification result.
(2) The client requests the browsing server to download the health record of the client.
Based on the above-described profile modification process, the health profile of the customer is already stored on the browser, and the health profile has a corresponding timestamp, which may indicate the version of the health profile.
(3) And the browsing server sends the client account and the time stamp of the client health record to the core server.
In the actual application process, the browsing server may not receive the health profile pushed by the core server for various reasons such as a network, and the health profile on the browsing server is not the latest data, so the purpose of step 3 is that the browsing server confirms to the core server whether the health profile is the latest version of health profile based on the timestamp.
(4) The core server checks whether the health file of the client on the browsing server is the latest data or not based on the time stamp, if not, the core server sends the health file of the client and the corresponding time stamp to the browsing server again, and the browsing server stores the received health file and the time stamp in an associated manner.
This step is similar to step 6 in the file modification process, and the health files are all encrypted health files, i.e., E2(file)。
(5) And the browsing server sends the health file of the client to the client, and the client decrypts the health file by using the password of the client and displays the health file to the client.
Specifically, as mentioned above, the health profile is E2(file), i.e., a file encrypted with the client password, so the client can decrypt the health profile using the password used when the client logged in.
Through the above-mentioned file browsing process, the client allows the client to browse his health file alone, but the health file browsed by the server cannot be modified by the client, so the client cannot modify the health file alone. On the other hand, the health file of the browsing server is encrypted by using the client password, so that only the client can decrypt and browse, and the privacy of the health file is ensured.
The above description is only a preferred embodiment of the present invention, and all equivalent changes or modifications of the structure, characteristics and principles described in the present invention are included in the scope of the present invention.

Claims (6)

1. A health record management system is characterized by comprising a client, a browsing server and a core server, wherein
The client is used for logging in the browsing server by the client to browse the health file of the client, and is used for logging in the core server by the client and the health consultant simultaneously to modify the health file of the client;
the core server is used for storing the health file of the client, providing the health file modification function for the client and pushing the modified health file to the browsing server;
the browsing server is used for receiving the health file pushed by the core server and providing a browsing function of the health file for the client, but does not receive the modification of the health file by the client;
after the client and the health advisor use the client to log in the core server at the same time, the specific process of modifying the profile includes:
(1) the health consultant generates a new health file on the client, the client sends an uploading request to the core server, and the core server sends a random challenge number C to the client after receiving the uploading request;
(2) setting the new health file as file, the password of the health advisor as PW1, and the password of the client as PW2, the client calculates the encryption result R1The following were used:
R1=E1(E2(file),C)
wherein E is1Is a symmetric encryption function, and the key used is the hash value of PW 1; e2Is also a symmetric encryption function, and the key used is PW 2;
(3) the client side sends the encryption result R to the client side1Sending to the core server, the core server encrypts the result R1Carrying out first-layer decryption to obtain a first-layer decryption result R2I.e. by
R2=D1(R1)
Wherein D is1Is with E1A corresponding decryption function;
(4) based on the first layer decryption result R2Including E2(file) and challenge number C, the core server verifies the challenge number C is correct at first, if incorrect, the core server refuses the encryption result directly; if correct, the core server obtains E2(file) as a health profile for the client;
(5) the core server generates a time stamp of the current time, and the time stamp is compared with R1The association is stored in the core server;
(6) the core server adds the time stamp to E2(file) is sent to the browsing server, which combines the timestamp with E2(file) associative storage;
(7) when the client needs to obtain the health file from the core server, the client sends a downloading request to the core server, and the core server responds to the downloading request and sends R1Sending the data to the client; the client decrypts R by using the hash value of PW11Obtaining E2(file), re-use PW2 to decrypt E2(file) to obtainTo a health profile.
2. The health profile management system of claim 1, wherein the process of a client browsing the health profile using a client comprises:
(1) a client inputs an account number and a password of the client on the client, and the client is connected with and logs in a browsing server;
(2) the client requests to download the health file of the client from the browsing server;
(3) the browsing server sends a client account and a timestamp of the client health record to the core server;
(4) the core server checks whether the health file of the client on the browsing server is the latest data or not based on the timestamp, if not, the core server sends the health file of the client and the corresponding timestamp to the browsing server again, and the browsing server stores the received health file and the timestamp in an associated manner;
(5) and the browsing server sends the health file of the client to the client, and the client decrypts the health file by using the password of the client and displays the health file to the client.
3. The health record management system according to any one of claims 1-2, wherein the core server stores a hash value of the client password and a hash value of the health advisor password, and when the client logs in the core server, the client only needs to send the client account and the two hash values to the core server, and the core server performs the hash value comparison.
4. The health profile management system of any of claims 1-2, wherein the challenge number C is not less than 128 bits.
5. The health record management system according to any one of claims 1 to 2, wherein the browsing server stores a hash value of the client account and the password thereof, and when the client logs in the browsing server, the client sends the hash value of the client account and the password thereof to the browsing server, and the browsing server verifies the client account and the hash value, and accepts the login after the verification is correct.
6. The health profile management system according to any one of claims 1 to 2, wherein the browsing server does not store account and password information, and when the client logs in the browsing server, the browsing server forwards the received hash value of the client account and the client password to the core server, and the core server performs authentication and notifies the browsing server of the authentication result.
CN201910265899.2A 2019-04-03 2019-04-03 Health record management system Active CN110010215B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910265899.2A CN110010215B (en) 2019-04-03 2019-04-03 Health record management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910265899.2A CN110010215B (en) 2019-04-03 2019-04-03 Health record management system

Publications (2)

Publication Number Publication Date
CN110010215A CN110010215A (en) 2019-07-12
CN110010215B true CN110010215B (en) 2021-03-30

Family

ID=67169850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910265899.2A Active CN110010215B (en) 2019-04-03 2019-04-03 Health record management system

Country Status (1)

Country Link
CN (1) CN110010215B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113422757B (en) * 2021-06-04 2023-04-07 广西电网有限责任公司 Document management system based on encryption application

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611558A (en) * 2012-04-27 2012-07-25 西安电子科技大学 Magic square-based secret key distribution and identity authentication method of electronic account administrated by multi-users commonly
CN104166823A (en) * 2014-09-12 2014-11-26 罗满清 Intelligent medical data safety guarantee system
CN104410621A (en) * 2014-11-25 2015-03-11 北京国双科技有限公司 Data processing method and system for site read and write
CN107426223A (en) * 2017-08-01 2017-12-01 中国工商银行股份有限公司 Cloud file encryption and decryption method, encryption and decryption device and processing system
US9853959B1 (en) * 2012-05-07 2017-12-26 Consumerinfo.Com, Inc. Storage and maintenance of personal data
CN108197260A (en) * 2017-12-30 2018-06-22 南京陶特思软件科技有限公司 A kind of document file management system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10250576B2 (en) * 2017-02-08 2019-04-02 International Business Machines Corporation Communication of messages over networks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611558A (en) * 2012-04-27 2012-07-25 西安电子科技大学 Magic square-based secret key distribution and identity authentication method of electronic account administrated by multi-users commonly
US9853959B1 (en) * 2012-05-07 2017-12-26 Consumerinfo.Com, Inc. Storage and maintenance of personal data
CN104166823A (en) * 2014-09-12 2014-11-26 罗满清 Intelligent medical data safety guarantee system
CN104410621A (en) * 2014-11-25 2015-03-11 北京国双科技有限公司 Data processing method and system for site read and write
CN107426223A (en) * 2017-08-01 2017-12-01 中国工商银行股份有限公司 Cloud file encryption and decryption method, encryption and decryption device and processing system
CN108197260A (en) * 2017-12-30 2018-06-22 南京陶特思软件科技有限公司 A kind of document file management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向社区用户的健康档案信息服务***设计与分析;夏樾;《中国优秀硕士学位论文全文数据库.医药卫生科技辑》;20160515(第05期);E053-36 *

Also Published As

Publication number Publication date
CN110010215A (en) 2019-07-12

Similar Documents

Publication Publication Date Title
US11100240B2 (en) Secure data parser method and system
US9906500B2 (en) Secure data parser method and system
JP6082589B2 (en) Encryption key management program, data management system
US8098829B2 (en) Methods and systems for secure key delivery
US9164926B2 (en) Security control method of network storage
US10685141B2 (en) Method for storing data blocks from client devices to a cloud storage system
US20120331088A1 (en) Systems and methods for secure distributed storage
US20080022088A1 (en) Methods and systems for key escrow
CN105103488A (en) Policy enforcement with associated data
US7673134B2 (en) Backup restore in a corporate infrastructure
KR20200112055A (en) Method for sharing data in block chain environment and apparatus
CN110010215B (en) Health record management system
KR102638374B1 (en) Method for saving to distribution data employing image value deciding based in CNN and blockchain driving

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant