CN106357608A - Method for encrypting and decrypting private data for personal healthcare data - Google Patents

Abstract

The invention relates to a private data encryption and decryption method for personal medical and health data. The length of private information encrypted by this method is not limited, and the longer the password, the higher the encryption strength, thereby solving the problem of server computing resource consumption in the case of a large amount of data encryption , and at the same time reduce the possibility of the encrypted ciphertext being cracked when using methods such as exhaustion and password attack. In addition, the private data decryption method oriented to the personal medical health portal is used to match the encryption method proposed by the present invention, which is convenient to use and has high reliability.

Description

A private data encryption and decryption method for personal medical and health data

technical field

The invention relates to the field of privacy data protection, in particular to a private data encryption and decryption method for personal medical and health data.

Background technique

With the rapid development of computer application technology, especially large-scale new applications of cloud storage and cloud computing, which are oriented to regional health and medical and health service centers, the amount of medical and health data is increasing rapidly, and medical and health data has become a hot treasure. Protecting personal privacy involved in medical and health data without affecting mining and application has become a current research hotspot.

In the process of realizing privacy data encryption technology, traditional encryption technology is generally used, such as symmetric encryption technology DES, AES, etc., asymmetric encryption technology RSA, Elgamal, etc., because most commonly used encryption algorithms are affected by the length of the key. People are constantly looking for new encryption methods to make up for these shortcomings, and some unique encryption technologies or solutions have emerged, such as the "Method for Storing Encrypted Data" with the patent number ZL 02803770.7 , "Rubik's Cube Encryption and Decryption Method" with application number 201210220262.X, "A Method for Decrypting Medical Privacy Data Self-encrypting Machine" with application number 201510876310.4, "Method, Device and Terminal for Managing Personal Information" with application number 201210315347.6 "Wait.

The patent No. ZL 02803770.7 "Method for storing encrypted data" lies in "extracting data from an encrypted data stream and sending it to the storage unit (DB), and using at least one specific password before transferring the extracted data to the storage unit. (K1, K2) re-encrypt these data", this method relies on a smart card device, which will inevitably cause a performance bottleneck in the case of large concurrent encrypted data or decrypted data.

The "Rubik's Cube Encryption and Decryption Method" with the application number 201210220262.X lies in "making each character in the key string represent a rotation operation of the Rubik's cube, a rotation operation corresponding to a series of transposition operations of the Rubik's cube serial numbers, the Rubik's cube The block number corresponds to the bit position of the plaintext bit stream value", and the invention "proposes an encryption method with unlimited key length and high enough encryption strength, so as to solve the problem that the encrypted ciphertext is exhausted and exhausted by a computer with extremely fast performance. The possibility of cracking through methods such as password attacks." The more characters encrypted by this method, the more server operating resources will be consumed, which is not suitable for data center application scenarios where a large amount of data is encrypted and decrypted.

Application No. 201510876310.4 "A Method for Decrypting Medical Privacy Data Self-Encrypting Machine" stores the key together with the encrypted data to "provide a method that can overcome the traditional encryption and decryption of private data" by using traditional encryption algorithms , and disperse the fixed-length key (DES is 7 bytes, AES is 8/12/16 bytes) and encrypted algorithm identification into the 1K-byte password area storing random numbers. The first byte of the key at position p[81], and the value of this byte is also the position value stored in the next Key byte in the password area. This technology focuses on providing a method of randomly storing the key in the password area to store the key together with the ciphertext and prevent the key from being cracked. Since this method stores the key, the encryption algorithm identifier, and the encrypted data together, for the technicians who implement the privacy data encryption algorithm or those who know the algorithm, these encrypted data are equivalent to no encryption, and the patient's private data still faces the risk of being compromised. risk of snooping;

Application No. 201210315347.6 "Method, Device and Terminal for Managing Personal Information" selects different concealment strategies according to the field length of personal information, and "encrypts all personal information according to the password preset by the user" to achieve "double protection". the goal of". This method describes how to use the interface of the application system to hide the corresponding information, and does not make any requirements or descriptions on how to implement the encryption method, so the "Method, Device and Terminal for Managing Personal Information" with the application number of 201210315347.6 focuses on describing one A scheme for personal privacy protection.

Contents of the invention

In order to overcome the above disadvantages, the present invention aims to provide a private data encryption method for personal medical and health data. The length of private information encrypted by this method is not limited, and the longer the password, the higher the encryption strength, thereby solving the problem of mass data encryption. In this case, the consumption of server computing resources is a problem, and at the same time, it reduces the possibility of the encrypted ciphertext being cracked when using methods such as exhaustion and password attacks.

Another object of the present invention is to provide a private data decryption method for personal medical and health data. This decryption method is used to match the above encryption method, which is convenient to use and has high reliability.

The present invention achieves the above object through the following technical solutions: a private data encryption method for personal medical and health data, comprising the following steps:

(1) Create a two-dimensional array arry_2rd of M×N, and fill the dictionary code into the two-dimensional array;

(2) Convert the password of the personal medical and health data account into an ASCII code, and combine the ASCII code into a numeric string num_password;

(3) convert the number string num_password into a binary number string byte_password;

(4) Extract the numbers of the digital string byte_password from left to right until the numbers are extracted, divide the two-dimensional array arry_2rd into two sub-arrays of equal size according to the extracted numbers, and insert the array with a large subscript into Before subscripting the small array, get a new two-dimensional array arry_2rd;

(5) extract characters line by line from the new two-dimensional array arry_2rd until the extraction is complete, and generate the ciphertext dictionary arry_1rd;

(6) Encrypt the private information of personal medical and health data respectively. The encryption method is:

(6.1) Put the printable characters in the ASCII code table in the 10th area of the blank area of the GB2312 code table in turn, and put the blank characters, line breaks, and tabs in the 11th area of the blank area in turn, and generate the modified GB2312 code table;

(6.2) Extract the characters in the plaintext involving privacy information from left to right in turn, find the area code and bit number of the character in the modified GB2312 code table, and extract the character in the corresponding position from the ciphertext dictionary arry_1rd according to the area code and bit number , put the character corresponding to the area code on the left, and the character corresponding to the bit number on the right, to form a ciphertext string corresponding to two digits of the source character, until all the private information is converted, and the ciphertext characters are spliced into the final ciphertext.

As preferably, the dictionary code of described step (1) is all as the character collection of password, when filling, the character that dictionary code comprises is filled in the two-dimensional array arry_2rd of M * N one by one, when the last character has been filled , the remaining array space is used to store space characters, where M×N is greater than the number of characters contained in the dictionary code.

As a preference, the step (4) divides the two-dimensional array arry_2rd into two sub-arrays of equal size according to the extracted numbers as follows:

(i) If the number is 0, divide the two-dimensional array arry_2rd into two sub-arrays of equal size from the middle along the X-axis;

(ii) If the number is 1, divide the two-dimensional array arry_2rd into two sub-arrays of equal size from the middle along the Y axis.

Preferably, the private information of the personal medical and health data includes name, ID number, contact number, contact address, work unit, and login password information.

Preferably, when the step (5) extracts characters from the new two-dimensional array arry_2rd, when a space character is encountered, the space character is skipped to obtain the next character.

A decryption method supporting the privacy data encryption method as described above, comprising the following steps:

1) Obtain the ciphertext dictionary arry_1rd;

2) Extract the characters in the ciphertext sequentially from left to right to obtain area code characters and bit code characters;

3) find the area code character index and the bit code character index in the ciphertext dictionary arry_1rd according to the area code character and the bit code character respectively;

4) Find the corresponding characters in the modified GB2312 code table according to the obtained area code index and bit code index until the characters in the ciphertext are extracted and converted.

Preferably, the method step of obtaining the ciphertext dictionary arry_1rd is the same as the step of obtaining the ciphertext dictionary arry_1rd in the private data encryption method.

Preferably, the method for extracting characters in the ciphertext in step 2) is to extract two characters at a time.

Preferably, the step 4) adds 1 to the acquired area code index and bit code index respectively, and then searches the corresponding character in the modified GB2312 coding table.

The beneficial effects of the present invention are: 1) the feature of the present invention is that even if the technician knows the details of the encryption, the ciphertext cannot be deciphered without knowing the password; 2) The length of encrypted private information is not limited, and the longer the password, the higher the encryption strength, thus solving the problem of server computing resource consumption in the case of large amounts of data encryption, and at the same time reducing the use of exhaustive and encrypted ciphertexts. The possibility of being cracked in case of password attack and other methods.

Description of drawings

Fig. 1 is the general flow chart of encryption method of the present invention;

Fig. 2 is a flow diagram of encrypting private data according to a ciphertext dictionary when data is encrypted in the present invention;

Fig. 3 is a schematic diagram of an array segmentation method when the extracted number is 0 according to the embodiment of the present invention;

Fig. 4 is a schematic diagram of sequentially inserting arrays with large subscripts before arrays with small subscripts according to an embodiment of the present invention.

detailed description

The present invention is further described below in conjunction with specific embodiment, but protection scope of the present invention is not limited thereto:

Embodiment: as shown in Fig. 1, Fig. 2, a kind of privacy data encryption method for personal medical health data, comprises the following steps:

1) Fill the dictionary code of 94 characters into a 10×10 two-dimensional array. Fill the 10×10 two-dimensional array arry_2rd in the order of Table 1, and store spaces in the last six positions. The filling results are shown in Table 2:

Table 1

! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D. E. f G h I J K L m N o P Q R S T u V W x Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m no o p q r the s t u v w x the y z { | } ~

Table 2

2) Convert the password of the personal medical and health data account into ASCII codes, and combine the ASCII codes into a number string, and convert the number string into a binary number string; we assume that the user sets his account password as: 123456 , then we convert the ASCII code 49 50 51 52 53 54 of the password into a binary string: 110001 110010 110011110100 110101 110110.

3) Extract the digits of the digit string sequentially from left to right until the digits are extracted. If the digit is 0, divide the two-dimensional array arry_2rd as described above into two sub-arrays of equal size from the middle along the X-axis direction; If the number is 1, then divide the two-dimensional array arry_2rd as mentioned above into two sub-arrays of equal size from the middle along the Y-axis direction. Figure 3 shows the situation where the extracted number is 0; and the subscript The large arrays are sequentially inserted before the arrays with small subscripts to obtain a new two-dimensional array arry_2rd, as shown in Figure 4.

In this embodiment, it is as follows:

For the first time, take the first digit of the binary string from left to right as "1" and convert the result of the two-dimensional array of the above dictionary code as shown in Table 3:

S T u V W x Y Z [ \ ! " # $ % & ' ( ) * ] ^ _ ` a b c d e f + , - . / 0 1 2 3 4 g h i j k l m no o p 5 6 7 8 9 : ; < = > q r the s t u v w x the y z ? @ A B C D. E. f G h { | } ~ I J K L m N o P Q R

table 3

For the second time, take the second digit of the binary string from left to right as "1", and the conversion result is as shown in Table 4:

5 6 7 8 9 : ; < = > S T u V W x Y Z [ \ q r the s t u v w x the y z ! " # $ % & ' ( ) * ? @ A B C D. E. f G h ] ^ _ ` a b c d e f { | } ~ + , - . / 0 1 2 3 4 I J K L m N o P Q R g h i j k l m no o p

Table 4

For the third time, take the third digit array of the binary string from left to right as "0", and the conversion result is shown in Table 5:

table 5

The final conversion results are shown in Table 6:

\ [ Z Y x W V u T S * ) ( ' & % $ # " ! f e d c b a ` _ ^ ] 4 3 2 1 0 / . - , + p o no m l k j i h g > = < ; : 9 8 7 6 5 z the y x w v u t the s r q h G f E. D. C B A @ ? ~ } | { R Q P o N m L K J I

Table 6

4) Output the dictionary code string to obtain the ciphertext dictionary arry_1rd:

\[ZYXWVUTS*)('&%$#"!fedcba`_^]43210/.-,+ponmlkjihg>=<;:98765zyxwvutsrqHGFEDCBA@?～}|{RQPONMLKJI

5) Combine the ciphertext dictionary arry_1rd and the modified GB2312 code table to encrypt the private information in turn, find the area code and bit code of the original character in the GB2312 code table, and find the corresponding area code of the original character in the ciphertext dictionary arry_1rd characters to form ciphertext. For example, the original character: a, the area code of the GB2312 code table is 10, the bit number is 65, and the corresponding characters in arry_1rd are S and v respectively.

Let's assume the user's name is abc:

Name: abc

Area Code——1065 1066 1067

Ciphertext - SvSuSt

The final encrypted result:

Name: SvSuSt

Assume that the user's name is Ximen Chuuxue:

Name: Ximen Fuxue

Area Code——4687 3537 2021 4909

Ciphertext - kP0.! f

The final encrypted result:

Name: kP0.! f

A kind of decryption method supporting the private data encryption method as described above, specifically for first obtaining the ciphertext dictionary arry_1rd; then extracting the two characters of the ciphertext SvSuSt of the name successively from left to right, to the ciphertext dictionary arry_1rd (ciphertext dictionary arry_1rd is generated in real time by entering the password, and the system does not keep it) Find the corresponding location and the result is: 1065 10661067. According to the above results, look up the corresponding characters in the modified GB2312 encoding table: abc.

If the password entered is incorrect, the wrong ciphertext dictionary arry_1rd will be obtained, and the decrypted name will be other characters. The deciphering method named Ximen Chuuxue is deduced by analogy and will not be described again.

The encryption technology of the invention can encrypt all characters in the GB2312 code table, including printable characters in the ASCII code table. Encryption will encounter problems if encountering individual rare Chinese characters other than the GB2312 code table. The solution is that in the process of encrypting personal privacy information, if you encounter some rare Chinese characters outside the GB2312 code table, you can fill the rare Chinese characters into the remaining blank area of the GB2312 code table, and at the same time maintain the character set and Personally uniquely identifiable information (to avoid conflicts of rare characters in the blank space) achieves the purpose of encryption.

To sum up, compared with the common encryption technology, the present invention is basically a character search process for encryption and decryption. It has the characteristics of simple implementation, less computing resources on the server, and unlimited encrypted character length. It is very suitable for database application scenarios. .

The above descriptions are the specific embodiments of the present invention and the technical principles used. If the changes made according to the conception of the present invention do not exceed the spirit covered by the description and accompanying drawings, they should still be Belong to the protection scope of the present invention.

Claims (9)

1. a kind of privacy data encryption method towards personal medical treatment ＆ health data is it is characterised in that comprise the steps:

(1) create the two-dimensional array arry_2rd of m × n, dictionary code is filled to two-dimensional array；

(2) password of the account of personal medical treatment ＆ health data is converted into ascii code, and numeric string is formed in the spelling of ascii code num_password；

(3) numeric string num_password is converted into the numeric string byte_password of 2 systems；

(4) extract the numeral of numeric string byte_password from left to right successively until digital extraction finishes, obtained according to extraction Numeral two-dimensional array arry_2rd cutting is the big subnumber group of two grades, and array big for subscript is sequentially inserted into subscript Before little array, obtain new two-dimensional array arry_2rd；

(5) extracting character from new two-dimensional array arry_2rd one by one line by line to finish until extracting, generating ciphertext dictionary arry_ 1rd；

(6) respectively the privacy information of personal medical treatment ＆ health data is encrypted, the method for encryption is:

(6.1) printable character in ascii coding schedule is put into successively in the 10th area of gb2312 coding schedule clear area, by sky Wrongly written or mispronounced character symbol, newline, tab are put in the 11st area of clear area successively, generate amended gb2312 coding schedule；

(6.2) extract the character being related in privacy information plaintext successively from left to right, search this character gb2312 after the modification Area code in coding schedule and item, extract the character of correspondence position in ciphertext dictionary arry_1rd according to area code and item, will The corresponding character of area code is placed on the left side, and the corresponding character of item is placed on the right, and composition source word symbol corresponds to the ciphertext character string of two, Until privacy information is all changed finishing, ciphertext character is spliced into final ciphertext.

2. a kind of privacy data encryption method towards personal medical treatment ＆ health data according to claim 1, its feature exists In: the dictionary code of described step (1) is all character sets as password, character during filling, dictionary code being comprised line by line by In the individual two-dimensional array arry_2rd being filled into m × n, after last character has been filled, sky is deposited in remaining array space Lattice accord with, wherein, the character number that m × n comprises more than dictionary code.

3. a kind of privacy data encryption method towards personal medical treatment ＆ health data according to claim 1, its feature exists In: described step (4) according to extracting the side that two-dimensional array arry_2rd cutting is the big subnumber group of two grades by the numeral obtaining Method is as follows:

If (i) numeral be 0, along the x-axis direction by two-dimensional array arry_2rd from middle cutting be the big subnumber group of two grades；

(ii) if numeral be 1, along the y-axis direction by two-dimensional array arry_2rd from middle cutting be the big subnumber group of two grades.

4. a kind of privacy data encryption method towards personal medical treatment ＆ health data according to claim 1, its feature exists In: the privacy information of described individual's medical treatment ＆ health data includes name, ID (identity number) card No., telephone number, contact address, job note Position, login password information.

5. a kind of privacy data encryption method towards personal medical treatment ＆ health data according to claim 1, its feature exists In: described step (5) when running into space character, is skipped space character and is taken off one when new two-dimensional array arry_2rd extracts character Position character.

6. a kind of decryption method of supporting privacy data encryption method as claimed in claim 1 is it is characterised in that include as follows Step:

1) obtain ciphertext dictionary arry_1rd；

2) extract the character in ciphertext from left to right successively, obtain area's code character and bit code character；

3) area's code character index and bit word are found respectively in ciphertext dictionary arry_1rd according to area's code character and bit code character Symbol index；

4) index in amended gb2312 coding schedule and search corresponding character according to the area's code index obtaining and bit code, until Character in ciphertext extracts conversion and finishes.

7. decryption method according to claim 6 it is characterised in that: the described method step obtaining ciphertext dictionary arry_1rd Rapid identical with obtaining ciphertext dictionary arry_1rd step in privacy data encryption method.

8. decryption method according to claim 6 it is characterised in that: described step 2) extract ciphertext in character method It is two characters of each extraction.

9. decryption method according to claim 6 it is characterised in that: described step 4) by the area code obtaining index and bit code Index searches corresponding character after Jia 1 respectively again in amended gb2312 coding schedule.