CN113470810B - Online diagnosis system and method for protecting privacy of patients and data leakage - Google Patents
Online diagnosis system and method for protecting privacy of patients and data leakage Download PDFInfo
- Publication number
- CN113470810B CN113470810B CN202110648084.XA CN202110648084A CN113470810B CN 113470810 B CN113470810 B CN 113470810B CN 202110648084 A CN202110648084 A CN 202110648084A CN 113470810 B CN113470810 B CN 113470810B
- Authority
- CN
- China
- Prior art keywords
- medical
- secret
- share
- shares
- medical data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H50/00—ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics
- G16H50/20—ICT specially adapted for medical diagnosis, medical simulation or medical data mining; ICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for computer-aided diagnosis, e.g. based on medical expert systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2411—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Bioethics (AREA)
- Public Health (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Software Systems (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Biology (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Bioinformatics & Computational Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Pathology (AREA)
- Evolutionary Computation (AREA)
- Epidemiology (AREA)
- Primary Health Care (AREA)
- Measuring And Recording Apparatus For Diagnosis (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
The invention discloses an online diagnosis system and method for protecting privacy and data leakage of patients. The medical user terminal generates medical data secret shares and initiates a diagnosis request to the cloud server by the medical data shares, and a diagnosis result is obtained under the assistance of the data terminal after a service response is received; the medical cloud server completes the medical data preprocessing on the secret share, calculates a decision function value and returns the decision function share as a service response to the user; the medical data terminal generates diagnosis model parameter shares and sends the diagnosis model parameter shares to each server, and the medical data terminal interacts with the user terminal to assist the user in obtaining diagnosis results. The invention realizes the privacy protection of the medical data and the diagnosis model parameters of the user, and can be used for providing the privacy-protected online diagnosis service for the medical user.
Description
Technical Field
The invention belongs to the field of medical information privacy protection, machine learning and cloud computing; relates to a method for diagnosing diseases by using a SVM classification algorithm in machine learning; aiming at the privacy protection requirements of medical information of users and a medical institution diagnosis model, the on-line diagnosis system and the method with privacy protection function for the users, the cloud server and the medical data terminal (medical service institution) are designed.
Technical Field
Currently, to improve the convenience of medical diagnostic services, some platforms and organizations are looking at developing online disease diagnostic services based on machine learning classification algorithms. The online diagnosis service is that a user sends medical data such as age, sex, symptoms, physical examination indexes and the like to a service provider, and the service provider classifies the medical data of the user by using a diagnosis model owned by the service provider to obtain whether a diagnosis result of a certain disease of the user is negative or positive. Since the medical data of the user is transmitted in a plaintext basically, the personal information and the health state data of the user are easily leaked, and the privacy safety and even the personal safety of the user are endangered. Furthermore, the model data of the service provider is also typically stored in the cloud server in clear text, again with the risk of leakage. Therefore, it is necessary to provide a clinical diagnosis system and method with high efficiency and privacy protection.
Disclosure of Invention
In order to solve the privacy protection problem in the online medical diagnosis system, the invention provides a clinical diagnosis system and a method for protecting the privacy and data leakage of patients.
The technical scheme adopted by the system of the invention is as follows: an online diagnosis system for protecting privacy of patients and data leakage comprises a medical user terminal, a medical cloud server and a medical data terminal;
the medical user terminal comprises an initialization module and a diagnosis request module; the initialization module is used for completing system initialization; the diagnosis request module is used for generating a clinical diagnosis service request, sending the clinical diagnosis service request to the medical cloud server, receiving a response from the medical cloud server and obtaining a diagnosis result;
the medical cloud server comprises a registration module and a medical diagnosis module; the registration module is used for providing registration for the user; the medical diagnosis module is used for receiving a service request from the user terminal and the classification model parameters of the medical data terminal, realizing the safety calculation process in the classification process and returning the calculation result to the user terminal as a response;
the medical data terminal comprises an initialization module, a model storage module, a share generation module, a data processing module and a model updating module; the initialization module is used for completing system initialization; the model storage module is used for storing the classification model parameters of the existing support vector machine; the share generation module is used for generating secret shares of SVM classifier parameters and distributing the secret shares to the medical cloud servers; the data processing module is used for interacting with the user terminal and assisting the user terminal to obtain a final result; and the model updating module is used for updating and maintaining the SVM classifier.
The medical user terminal sends a service request by distributing own medical data share to n medical cloud servers which are not colluded, and each medical cloud server obtains SVM classifier parameter share and random number share from the medical data terminal after receiving the medical data share from the medical user terminal; after each medical cloud server carries out normalization and scaling pretreatment on medical data of a user in share, the share of the pretreated user data and the share of the classifier parameters are utilized to homomorphically calculate the share of a decision function value; each medical cloud server protects the decision function index by using the random number share, and returns the decision function value share with the random number to the medical user terminal; and the medical user terminal recovers the decision function value with the random number by using the share, and obtains a classification result after interacting with the medical data terminal.
The method adopts the technical scheme that: an online diagnosis method for protecting privacy of a patient and data leakage comprises the steps of utilizing a shamir threshold scheme to divide medical data of the user and parameters of an SVM classifier, utilizing the homomorphism of the shamir threshold scheme to predict the medical data of the user in shares through the SVM two classifiers, generating shares of corresponding class labels, and recovering whether the obtained class label values are negative or positive to corresponding diagnosis results. The method specifically comprises the following steps:
step 1: initializing a system;
the medical user terminal and the medical data terminal agree a large prime number p; the medical data terminal discloses the big prime number p to each medical cloud server; wherein p is more than or equal to n +1, and n is the number of the medical cloud servers;
step 2: a service request;
the medical user terminal generates secret shares of the medical data and distributes the shares to the n medical cloud servers in sequence; each medical cloud server sends a classifier parameter request to the medical data terminal after receiving medical data shares from a user;
the medical user generates a secret share of medical data according to a (k, n) -shamir secret partition threshold scheme, wherein n is required to be more than or equal to 2k +1, and k represents a threshold of the shamir secret partition scheme; the medical data of the user is a vector with m dimensions, and is expressed as t ═ t (t)1,...,tm) (ii) a The share generation method comprises the following steps: randomly selecting k-1 coefficients a over GF (p) \ {0}1,a2,...,ak-1Constructing a k-1 degree polynomial f (x) a0+a1x+…+ak-1xk-1(modp) with the factor a0Gf (p) denotes a finite field of modulo p, { (i, f (i) | i ═ 1, 2.. said., n } is a0N secret shares of a0Secret split notation [ a ]0;f]k(ii) a The user respectively uses each dimension of the medical data vector as secret to construct m polynomials to generate m groups of secret shares, and the secret shares are recorded as [ t1;f1]k,[t2;f2]k,...,[tm;fm]kSequentially distributing the n secret shares of each group to n medical cloud servers;
and step 3: a service response;
each medical cloud server calculates decision function value share; protecting the decision function value by using a random number R selected by the medical data terminal;
and 4, step 4: responding to the reception;
the medical user terminal restores a decision function value with a random number; the medical user terminal and the medical data terminal jointly eliminate random number interference; and the medical user terminal obtains the classification result.
Compared with the prior art, the method of the invention has the following advantages:
1. privacy protection of user medical data is realized. In the invention, the medical data of the user is distributed and stored in a plurality of non-colluding servers in a secret share mode, the shares are transmitted through a secure channel, and all medical cloud servers, data terminals and any hackers cannot obtain the medical information of the user, thereby ensuring the privacy of the medical information of the user.
2. Privacy protection of SVM classifier model parameters is realized. In the invention, the SVM classifier model parameters are distributed and stored in a plurality of non-colluding servers in the form of secret shares, the shares are transmitted through a secure channel, and all medical cloud servers, user terminals and any hackers cannot obtain the relevant information of the classifier model, thereby ensuring the privacy of the classifier model parameters.
3. Compared with the existing safe online diagnosis scheme, the method has high efficiency. The safety diagnosis process is realized by using a homomorphic secret sharing technology, an encryption and decryption process is not needed, the classification efficiency is high, and efficient online diagnosis service can be provided.
Drawings
FIG. 1: a system architecture diagram of an embodiment of the invention;
FIG. 2 is a schematic diagram: a method flow diagram of an embodiment of the invention;
FIG. 3: the invention provides a flow chart of a decision function value share calculating method.
Detailed Description
In order to facilitate the understanding and practice of the present invention for those of ordinary skill in the art, the present invention will be described in further detail with reference to the accompanying drawings and examples, it being understood that the examples described herein are for purposes of illustration and explanation only and are not intended to be limiting.
Clinical diagnosis is a classification service based on clinical medical data. Users who need diagnosis services want to obtain the diagnosis result of a certain disease without knowing their medical data, and to realize efficient and reliable disease diagnosis while ensuring user privacy. Therefore, the diagnosis service of privacy protection has good practical significance and application value.
Referring to fig. 1, the online diagnosis system for protecting privacy and data leakage of a patient provided by the invention comprises a medical user terminal, a medical cloud server and a medical data terminal;
the medical user terminal comprises an initialization module and a diagnosis request module; the initialization module is used for completing system initialization; the diagnosis request module is used for generating a clinical diagnosis service request, sending the clinical diagnosis service request to the medical cloud server, receiving a response from the medical cloud server and obtaining a diagnosis result;
the medical cloud server comprises a registration module and a medical diagnosis module; the registration module is used for providing registration for the user; the medical diagnosis module is used for receiving the service request from the user terminal and the classification model parameters of the medical data terminal, realizing the safety calculation process in the classification process and returning the calculation result to the user terminal as a response;
the medical data terminal comprises an initialization module, a model storage module, a share generation module, a data processing module and a model updating module; the initialization module is used for completing system initialization; the model storage module is used for storing the parameters of the existing SVM classifier; the share generation module is used for generating secret shares of SVM classifier parameters and distributing the secret shares to the medical cloud servers; the data processing module is used for interacting with the user terminal and assisting the user terminal to obtain a final result; and the model updating module is used for updating and maintaining the SVM classifier.
The diagnosis request module comprises a share generation sub-module and a secret recovery sub-module; the share generation sub-module is used for constructing a polynomial to realize a shamir threshold scheme, generating secret shares of the medical data of the user and distributing the shares to all medical cloud servers; and the secret recovery sub-module is used for receiving the secret shares from the medical cloud servers and recovering the secret content through a Lagrange interpolation formula.
The medical diagnosis module comprises a share generation sub-module and a safety calculation sub-module; the share generation submodule is used for constructing a polynomial to realize a shamir threshold scheme, generating a secret share of SVM classifier parameters and distributing the share to all medical cloud servers including the share generation submodule; and the safety calculation sub-module is used for receiving secret shares from other medical cloud servers and performing safety calculation by utilizing the homomorphism of the shamir threshold scheme.
The medical user sends a service request to the medical cloud server by using the user terminal, the n noncompact servers obtain respective classifier parameter shares from the medical data terminal, then the share of the decision function value is calculated by using the homomorphism of the shamir secret segmentation scheme, and the share is returned to the user to obtain the symbol of the decision function, so that the classification result is obtained. In the whole protocol process, all medical cloud servers cannot obtain any information of user data and classifier parameters, the medical data terminal cannot obtain any information of user medical data, the user cannot obtain any information of the classifier parameters, and classification results can be obtained only by the user, so that the privacy protection function is realized.
Referring to fig. 2, a medical user issues a service request by distributing own medical data shares to n medical cloud servers which are not colluded, and each medical cloud server receives medical data shares from the user and then obtains SVM classifier parameter shares and random number shares from a medical data terminal. And after the user data is subjected to normalization and scaling pretreatment on the share by each server, the share of the pretreated user data and the share of the classifier parameters are homomorphically calculated to obtain the share of the decision function value. And then, each server protects the decision function index by using the random number share and returns the decision function value share with the random number to the user. And finally, recovering the decision function value with the random number by the user by using the share, and interacting with the medical data terminal to obtain a classification result. The concrete implementation comprises four steps: system initialization, service request, service response, response acceptance.
Step 1: initializing a system;
step 1.1: a large prime number p is agreed between the medical user and the data terminal, and the p is more than or equal to n +1, and in the subsequent steps, the user and the data terminal generate respective secret shares by taking the p as a modulus of a shamir secret segmentation scheme.
Step 1.2: and the data terminal discloses the large prime number p to each medical cloud server.
Step 2: a service request;
step 2.1: a medical user generates a secret share of medical data according to a (k, n) -shamir secret partition threshold scheme, wherein n is required to be more than or equal to 2k +1, and k represents a threshold of the shamir secret partition scheme; the medical data of the user is a vector with m dimensions, and is expressed as t ═ t (t)1,...,tm). The share generation method comprises the following steps: under GF (p)Randomly selecting k-1 coefficients a on {0}1,a2,...,ak-1Constructing a k-1 degree polynomial f (x) a0+a1x+…+ak-1xk-1(modp) in which the coefficient a is divided0Gf (p) denotes a finite field of modulo p, { (i, f (i) | i ═ 1, 2.. said., n } is a0N secret shares of a0Secret split notation [ a ]0;f]k. The user respectively uses each dimension of the medical data vector as secret to construct m polynomials to generate m groups of secret shares, and the secret shares are recorded as [ t1;f1]k,[t2;f2]k,...,[tm;fm]kAnd sequentially distributing the n secret shares of each group to the n medical cloud servers. For example: the ith server obtains m secret shares, respectively: (i, f)1(i)),(i,f2(i)),...,(i,fm(i))。
Step 2.2: and each medical cloud server sends a classifier parameter request to the medical data terminal after receiving the medical data share from the user.
And 3, step 3: a service response;
step 3.1: and after receiving the classifier parameter request from the medical cloud server, the medical data terminal selects a random number R for protecting the decision function value calculated in the subsequent step.
Step 3.2: and the medical data terminal generates SVM classification model parameters and secret shares of the selected random numbers according to the (k, n) -shamir secret partition threshold scheme. The SVM classification model is in the form of
The classifier parameters mainly include the following information: support vectorTag value corresponding to support vectorLagrange multiplierAn intercept parameter b and a kernel function index parameter d, whereinIs a set of support vectors. Furthermore, the preprocessing data terminal is also required to distribute the parameters necessary for the preprocessing process to the servers in order to subsequently allow the servers to normalize and scale the user medical data in shares. The pretreatment method comprises the following steps:where γ is the scaling factor, σ is the standard deviation of all training samples,is the mean of all samples. Data terminal and calculating alphasysAndthereafter, a construction polynomial generates a preprocessing parameter share, a classifier parameter share, and a share of the random number r. The shares for user medical data preprocessing includeThe fraction used for the calculation of the decision function value comprisesWherein, mu1,μ2,...,μm,ξ、τ、Respectively representing k-1 degree polynomials corresponding to secret division of each parameter; and the data terminal distributes the shares to the servers in sequence and broadcasts the kernel function index d to all the servers at the same time.
Step 3.3: after receiving all shares from the data terminal, each medical cloud server preprocesses the medical data shares of the users by using the preprocessing shares;
step 3.3.1: each server calculates a share of the pre-processed medical data. Take the jth dimension of the user's medical data as an example: the ith server holds a share (i, f) of medical dataj(i) Sample mean fraction (i, g)j(i) Parameter share (i, h (i)); wherein f isj、gjH represents tj、The k-1 th polynomial corresponding to the secret segmentation; according to a pre-processing formulaCalculating the jth dimension of the preprocessed medical data vectorThe ith fraction (i, h (i) (f)j(i)-gj(i) For all servers) may be represented as they commonly holdSecret partitioning ofThe threshold of the newly generated secret segmentation is raised from k to 2k, the function h and the function f-g are k-1 polynomial, the multiplied function is 2(k-1) polynomial, the number of equations required for solving is doubled correspondingly, and the secret is recoveredThe required portion is also doubled accordingly.
Step 3.3.2: the medical cloud server performs reduction processing on the share of the preprocessed medical data, and the share of the preprocessed medical data is processedSecret partitioning ofThe threshold drops to k. Defining a function f '═ h (f-g), each server holds a share (i, f' (i)), i ═ 1, 2.
WhereinThis equation holds for any polynomial f' (X) with the highest degree smaller than n. Each server respectively takes the share of the preprocessed medical data owned by the server as a secret generation share [ f' (i); lambda [ alpha ]i]kAnd distribute to all medical cloud servers including oneself; each server receives all shares from other servers and computes:
Step 3.4: each medical cloud server calculates decision function value shares, and the specific flow is shown in fig. 3;
step 3.4.1: and calculating the kernel function base number part: nuclear function is likeThe bottom number part of the stepIs divided intoWherein x iss、Respectively representing a support vector and a preprocessed medical data vector;
the server calculates:
for is toGo down and define the functionoAfter the threshold is reducedThe k-1 th polynomial corresponding to the secret division of (1) is used for the secret division after reductionRepresenting, then calculatingWherein v represents a k-1 degree polynomial corresponding to the secret partition of integer 1;
step 3.4.2: the kernel function bases are multiplied by one another.
The server calculates:
step 3.4.3: the calculation result decreases. The descending method is the same as step 3.3.2, and the secret division after descending is usedAnd (4) showing. The base multiply and fall operations of step 3.4.2 and step 3.4.3 are repeated untilMultiplying d-1 times to obtain secret partition of kernel functionWherein, delta, epsilonsRespectively representThe corresponding k-1 th order polynomial,representing a set of support vectors;
step 3.4.4: and calculating the decision function value share. The decision function is of the form:
server computing
Then descending, the descending method is the same as the step 3.3.2, and the secret division after descending is used And (4) showing. Plus the intercept part:
calculating the secret partition of the decision function value, and recording as [ d (t); pi + xi]k。
Step 3.5: and protecting the decision function value by using a random number R selected by the data terminal. Before introducing random number, the decision function value is firstly multiplied by two to obtain secret partition of 2d (t) [2d (t); 2 (Pi + xi)]k. Since the whole shamir threshold scheme is designed on a finite field of modulo p, the secret that is finally recovered is also modulo p, i.e. 2d (t) modp. As the classification result in step 3.2 is positive or negative of decision function d (t), since | d (t) | is much smaller than large prime number p, it is obvious that: d (t) < 0, d (t) modp > p/2, 2d (t) modp ═ 2d (t) — (p), since p is odd, 2d (t) modp is also odd; d (t) > 0, d (t) modp < p/2, 2d (t) modp ═ 2d (t), and obviously, 2d (t) modp is an even number. The classification result can then be determined by recovering the lowest bit of the secret 2d (t) modp: the lowest order is 1, which indicates that the examination result of the patient is negative; a lowest order 0 indicates a positive patient test result. Then, protecting the decision function value by using a random number R to obtain [2d (t) + R; 2(π + ξ) + τ]kWith [2d (t) + R; f]kIndicating that all servers send their own share of 2d (t) + R to the medical user.
And 4, step 4: responding to the reception;
step 4.1: and reducing the decision function value with the random number. After receiving all secret shares from the server, the medical user restores the secret 2d (t) + R by using a Lagrange interpolation formula:
step 4.2: the medical user and the data terminal jointly eliminate random number interference. The secret restored by the user is denoted as S ═ 2d (t) + R (modp), and the lowest bit thereof is denoted as S0(ii) a In step 3.5, the lowest bit of the classification result corresponding to 2d (t) modp is recorded as V0(ii) a The lowest position of R is designated as R0. Considering the phenomenon that the introduction of the random number R may cause a value overflow, i.e. 2d (t) + R > p, i.e. S < R, there are, in turn:
the medical user and the data terminal compare the S and R sizes by using a safety comparison protocol, and the result is represented by one bit c: c ═ 0 denotes S > R; and c is 1, which means S < R. c are obtained by the user while the data terminal willR0And sending the data to the user.
Step 4.3: and obtaining a classification result. The user utilizes the comparison result c and R from the data terminal0ComputingComprises the following steps:
the invention provides a medical diagnosis scheme with privacy protection, which is realized in a cloud computing environment based on the homomorphism of a shamir threshold scheme. The scheme not only can generate auxiliary diagnosis results for the user under the condition of not revealing privacy information of the patient and a diagnosis model of a service provider, but also can reduce the calculation amount and shorten the service response time.
It should be understood that parts of the specification not set forth in detail are well within the prior art.
It should be understood that the above description of the preferred embodiments is given for clarity and not for any purpose of limitation, and that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. An online diagnostic system that protects patient privacy and data leakage, characterized by: the medical cloud server comprises a medical user terminal, a medical cloud server and a medical data terminal;
the medical user terminal comprises an initialization module and a diagnosis request module; the initialization module is used for completing system initialization; the diagnosis request module is used for generating a clinical diagnosis service request, sending the clinical diagnosis service request to the medical cloud server, receiving a response from the medical cloud server and obtaining a diagnosis result;
the medical cloud server comprises a registration module and a medical diagnosis module; the registration module is used for providing registration for the user; the medical diagnosis module is used for receiving a service request from the user terminal and the classification model parameters of the medical data terminal, realizing the safety calculation process in the classification process and returning the calculation result to the user terminal as a response;
the medical data terminal comprises an initialization module, a model storage module, a share generation module, a data processing module and a model updating module; the initialization module is used for completing system initialization; the model storage module is used for storing the parameters of the existing SVM classifier; the share generation module is used for generating secret shares of SVM classifier parameters and distributing the secret shares to the medical cloud servers; the data processing module is used for interacting with the user terminal and assisting the user terminal to obtain a final result; the model updating module is used for updating and maintaining the SVM classifier;
the medical user terminal sends a service request by distributing own medical data share to n medical cloud servers which are not colluded, and each medical cloud server obtains SVM classifier parameter share and random number share from the medical data terminal after receiving the medical data share from the medical user terminal; after medical data of a user are subjected to normalization and scaling pretreatment on shares by each medical cloud server, decision function value shares are homomorphically calculated by utilizing the pretreated user data shares and classifier parameter shares; each medical cloud server protects the decision function value by using the random number share and returns the decision function value share with the random number to the medical user terminal; and the medical user terminal recovers the decision function value with the random number by using the share, and eliminates the random number after interacting with the medical data terminal to obtain a classification result.
2. The online diagnostic system for protecting patient privacy and data leakage according to claim 1, wherein: the diagnosis request module comprises a share generation sub-module and a secret recovery sub-module;
the share generation sub-module is used for constructing a polynomial to realize a shamir threshold scheme, generating a secret share of the medical data of the user and distributing the share to all medical cloud servers; and the secret recovery sub-module is used for receiving the secret shares from the medical cloud servers and recovering the secret content through a Lagrange interpolation formula.
3. The online diagnostic system for protecting patient privacy and data leakage according to claim 1, wherein: the medical diagnosis module comprises a share generation sub-module and a safety calculation sub-module;
the share generation submodule is used for constructing a polynomial to realize a shamir threshold scheme, generating a secret share of SVM classifier parameters and distributing the share to all medical cloud servers including the share; and the safety calculation sub-module is used for receiving secret shares from other medical cloud servers and performing safety calculation by utilizing the homomorphism of the shamir threshold scheme.
4. An online diagnostic method for protecting patient privacy and data leakage, comprising the steps of:
step 1: initializing a system;
the medical user terminal and the medical data terminal agree a large prime number p; the data terminal discloses the big prime number p to each medical cloud server; wherein p is more than or equal to n +1, and n is the number of the medical cloud servers;
step 2: a service request;
the medical user terminal generates secret shares of the medical data and distributes the shares to the n medical cloud servers in sequence; each medical cloud server sends a classifier parameter request to the medical data terminal after receiving medical data shares from a user;
the medical user generates the secret share of the medical data according to a (k, n) -shamir secret segmentation threshold scheme, wherein n is required to be more than or equal to 2k +1, and k represents the threshold of the shamir secret segmentation scheme; the medical data of the user is a vector with m dimensions, and is expressed as t ═ t (t)1,…,tm) (ii) a The share generation method comprises the following steps: randomly selecting k-1 coefficients a over GF (p) \ {0}1,a2,…,ak-1Constructing a k-1 degree polynomial f (x) a0+a1x+…+ak-1xk-1(modp), coefficient a0For secrecy, gf (p) denotes a finite field of modulo p, { (i, f (i) | i ═ 1,2, …, n } denotes a0N secret shares of a0Secret split notation [ a ]0;f]k(ii) a The user respectively uses each dimension of the medical data vector as secret to construct m polynomials to generate m groups of secret shares, and the secret shares are recorded as [ t1;f1]k,t2;f2]k,…,tm;fm]kSequentially distributing the n secret shares of each group to n medical cloud servers;
and step 3: a service response;
each medical cloud server calculates decision function value share; protecting the decision function value by using a random number R selected by the medical data terminal;
and 4, step 4: responding to the reception;
the medical user terminal restores a decision function value with a random number; the medical user terminal and the medical data terminal jointly eliminate random number interference; and the medical user terminal obtains the classification result.
5. The online diagnostic method of claim 4, wherein the online diagnostic method comprises: the specific implementation of the step 3 comprises the following substeps:
step 3.1: after receiving a classifier parameter request from a medical cloud server, a medical data terminal selects a random number R for protecting a decision function value calculated in the subsequent step;
step 3.2: the medical data terminal generates SVM classification model parameters and secret shares of the selected random numbers according to a (k, n) -shamir secret partition threshold scheme; wherein k represents a threshold of the shamir secret partitioning scheme; the medical data of the user is a vector of m dimensions, and is expressed by t ═ t (t)1,…,tm);
The SVM classification model is as follows:
wherein, SVMThe classification model parameters include: support vectorTag value corresponding to support vectorLagrange multiplierAn intercept parameter b and a kernel function index parameter d, whereinIs a set of support vectors;
the medical data terminal distributes parameters necessary for the preprocessing process to each medical cloud server; the pretreatment method comprises the following steps:where γ is the scaling factor, σ is the standard deviation of all training samples,is the mean of all samples; medical data terminal and calculating alphasysAndthen, constructing a polynomial to generate a preprocessing parameter share, a classifier parameter share and a share of a random number r; the shares for user medical data preprocessing includeThe fraction used for decision function value calculation includes [ x [ ]s1;μ1]k,xs2;μ2]k,…,[xsm;μm]k,[b;ξ]k,[R;τ]k,[1;υ]k,Wherein, mu1,μ2,…,μm,ξ、τ、Respectively representing k-1 degree polynomials corresponding to secret division of each parameter; the medical data terminal distributes the shares to all medical cloud servers in sequence, and broadcasts the kernel function index d to all medical cloud servers;
step 3.3: after receiving all shares from the medical data terminals, each medical cloud server preprocesses the shares of the medical data of the users by using the preprocessing shares;
step 3.3.1: each medical cloud server calculates the share of the preprocessed medical data;
for the jth dimension of the user's medical data, the ith server holds a share (i, f) of the medical dataj(i) Sample mean fraction (i, g)j(i) Parameter share (i, h (i)); wherein f isj、gjH represents tj、The k-1 th polynomial corresponding to the secret segmentation;
according to a pre-processing formulaCalculating the jth dimension of the preprocessed medical data vectorThe ith fraction (i, h (i) (f)j(i)-gj(i) For all medical cloud servers) indicating that they commonly holdSecret partitioning ofMultiplication calculation on the secret share can double the threshold, and the newly generated secret partition threshold can be increased from k to 2 k;
step 3.3.2: the medical cloud server performs reduction processing on the share of the preprocessed medical data, and the share of the preprocessed medical data is processedSecret partitioning ofThe threshold is decreased to k; define function f ═ h (f)j-gj) Each medical cloud server holds a share (i, f' (i)), i being 1,2, …, m, and the lagrange interpolation formula includes:
whereinThis equation holds for any polynomial f' (X) with the highest degree smaller than n; each medical cloud server generates shares [ f' (i) by taking the own preprocessed medical data shares as secrets; lambda [ alpha ]i]kAnd distribute to all medical cloud servers including oneself; each medical cloud server receives all shares from other medical cloud servers and calculates:
Step 3.4: each medical cloud server calculates decision function value share;
step 3.4.1: calculating a kernel function base number part;
the nuclear function is as followsCalculate its base partWherein x iss、Respectively representing a support vector and a preprocessed medical data vector;
the medical cloud server calculates:
to pairDescending is carried out, and a function o is defined to represent that the threshold is descendedThe descending secret division is recorded as the k-1 degree polynomial corresponding to the secret divisionThen calculateWherein v represents a k-1 degree polynomial corresponding to secret division of an integer 1;
step 3.4.2: multiplying the kernel function base number by the cumulative number;
the medical cloud server calculates:
step 3.4.3: the calculation result is decreased;
for secret division after descentRepresents; repeating the base multiplication and reduction operations of steps 3.4.2 and 3.4.3 until d-1 multiplications, the secret partition to find the kernel function being represented asWherein, delta, epsilonsRespectively representThe corresponding k-1 th order polynomial is divided,representing a set of support vectors;
step 3.4.4: calculating a decision function value share;
the decision function is of the form:
the server calculates:
plus the intercept part:
calculating the secret partition of the decision function value, and recording as [ d (t); pi + xi]k;
Step 3.5: protecting the decision function value by using a random number R selected by the medical data terminal;
firstly, carrying out one-time multiplication operation on the decision function value to obtain secret segmentation [2d (t) ] of 2d (t); 2 (Pi + xi)]k(ii) a Since the whole shamir threshold scheme is designed on a finite field of modulo p, the finally restored secret is also modulo p, i.e. 2d (t) modp; the classification result is subsequently judged by recovering the lowest bit of the secret 2d (t) modp: the lowest order is 1, which indicates that the examination result of the patient is negative; the lowest order 0 indicates that the patient test result is positive;
then, protecting the decision function value by using a random number R to obtain [2d (t) + R; 2(π + ξ) + τ]kWith [2d (t) + R; f]kIt is shown that all medical cloud servers send their own share of 2d (t) + R to the medical users.
6. The online diagnostic method of claim 5, wherein the online diagnostic method comprises: the specific implementation of the step 4 comprises the following substeps:
step 4.1: reducing a decision function value with a random number;
after receiving all secret shares from the medical cloud server, the medical user terminal restores the secret 2d (t) + R by using a Lagrange interpolation formula:
and 4.2: the medical user terminal and the medical data terminal jointly eliminate random number interference;
the secret restored by the medical user terminal is denoted as S ═ 2d (t) + R (modp), and the lowest bit thereof is denoted as S0(ii) a The lowest bit of the diagnostic result corresponding to 2d (t) modp is recorded as V0(ii) a The lowest position of R is designated as R0(ii) a Considering the phenomenon that the introduction of the random number R may cause the overflow of the value, i.e. 2d (t) + R > p, i.e. S < R, further there are:
the medical user terminal and the medical data terminal compare the magnitude of S and R by using a safety comparison protocol, and the result is represented by one bit c: c ═ 0 denotes S > R; c ═ 1 denotes S < R; c is obtained by the user while the medical data terminal will R0Sending the information to a medical user terminal;
step 4.3: obtaining a classification result;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110648084.XA CN113470810B (en) | 2021-06-10 | 2021-06-10 | Online diagnosis system and method for protecting privacy of patients and data leakage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110648084.XA CN113470810B (en) | 2021-06-10 | 2021-06-10 | Online diagnosis system and method for protecting privacy of patients and data leakage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113470810A CN113470810A (en) | 2021-10-01 |
CN113470810B true CN113470810B (en) | 2022-07-05 |
Family
ID=77869600
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110648084.XA Active CN113470810B (en) | 2021-06-10 | 2021-06-10 | Online diagnosis system and method for protecting privacy of patients and data leakage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113470810B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114155969B (en) * | 2021-11-16 | 2022-10-18 | 医渡云(北京)技术有限公司 | Medical data acquisition method and device, electronic equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105354233A (en) * | 2015-10-08 | 2016-02-24 | 西安电子科技大学 | Linear SVM classification service query system and method with two-way privacy protection |
CN110752024A (en) * | 2019-10-17 | 2020-02-04 | 湖北工业大学 | Online medical diagnosis service system based on privacy protection |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7685115B2 (en) * | 2006-07-21 | 2010-03-23 | Mitsubishi Electronic Research Laboratories, Inc. | Method for classifying private data using secure classifiers |
KR102667837B1 (en) * | 2017-08-30 | 2024-05-21 | 인퍼, 인코포레이티드 | High-precision privacy-preserving real-value function evaluation |
-
2021
- 2021-06-10 CN CN202110648084.XA patent/CN113470810B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105354233A (en) * | 2015-10-08 | 2016-02-24 | 西安电子科技大学 | Linear SVM classification service query system and method with two-way privacy protection |
CN110752024A (en) * | 2019-10-17 | 2020-02-04 | 湖北工业大学 | Online medical diagnosis service system based on privacy protection |
Non-Patent Citations (4)
Title |
---|
《同态加密技术及其在云计算隐私保护中的应用》;李宗育;《软件学报》;20171017;全文 * |
《强抗泄漏的无条件安全动态秘密共享方案》;张明武等;《密码学报》;20160815;全文 * |
《智能电网中V2G网络安全与隐私保护研究》;谌刚;《中国优秀博硕士学位论文全文数据库(博士)》;20200715;全文 * |
《面向医疗数据查询计算的隐私保护方法研究》;华佳烽;《中国优秀博硕士学位论文全文数据库(博士)》;20210515;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113470810A (en) | 2021-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108712260B (en) | Multi-party deep learning computing agent method for protecting privacy in cloud environment | |
Liu et al. | Hybrid privacy-preserving clinical decision support system in fog–cloud computing | |
US10296709B2 (en) | Privacy-preserving genomic prediction | |
US8903090B2 (en) | Securely classifying data | |
CN112822005B (en) | Secure transfer learning system based on homomorphic encryption | |
Yang et al. | An efficient and privacy-preserving disease risk prediction scheme for e-healthcare | |
Guo et al. | A privacy-preserving online medical prediagnosis scheme for cloud environment | |
Paul et al. | Privacy-preserving collective learning with homomorphic encryption | |
CN113470810B (en) | Online diagnosis system and method for protecting privacy of patients and data leakage | |
US20240013034A1 (en) | Neural network prediction system for privacy preservation | |
CN113849828B (en) | Anonymous generation and attestation of processed data | |
Li et al. | GPU accelerated full homomorphic encryption cryptosystem, library and applications for iot systems | |
Liu et al. | PE-HEALTH: Enabling fully encrypted CNN for health monitor with optimized communication | |
CN113517065B (en) | Cloud-assisted decision tree model diagnosis system and method for protecting medical data privacy | |
US11700110B2 (en) | Approximate algebraic operations for homomorphic encryption | |
CN111797907B (en) | Safe and efficient SVM privacy protection training and classification method for medical Internet of things | |
Liu et al. | Efficient and Privacy-Preserving Logistic Regression Scheme based on Leveled Fully Homomorphic Encryption | |
Zhou et al. | Homomorphic multi-label classification of virus strains | |
Phan et al. | Privacy-Preserving X-ray Image Enhancement: A GAN-Cybersecurity-Based Approach | |
Liu et al. | Secure medical data on cloud storage via DNA homomorphic encryption technique | |
Kolhar et al. | An Intelligent Cardiovascular Diseases Prediction System Focused on Privacy. | |
JP7368386B2 (en) | Prediction model conversion method and system | |
US20240062053A1 (en) | Generating an output for a rectified linear unit (relu)-activated neuron of a neural network | |
EP4087177A1 (en) | Blind rotation for use in fully homomorphic encryption | |
CN115276950B (en) | Processing method and device of private data and computing equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |