Nothing Special   »   [go: up one dir, main page]

CN107026859A - A kind of safe transmission method of privacy cloud medical data - Google Patents

A kind of safe transmission method of privacy cloud medical data Download PDF

Info

Publication number
CN107026859A
CN107026859A CN201710211529.1A CN201710211529A CN107026859A CN 107026859 A CN107026859 A CN 107026859A CN 201710211529 A CN201710211529 A CN 201710211529A CN 107026859 A CN107026859 A CN 107026859A
Authority
CN
China
Prior art keywords
module
medical data
data
modules
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710211529.1A
Other languages
Chinese (zh)
Inventor
马莹莹
赵姝畅
郭娟娟
马建峰
王祥宇
常益嘉
骆苑新雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710211529.1A priority Critical patent/CN107026859A/en
Publication of CN107026859A publication Critical patent/CN107026859A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method of privacy cloud medical data safe transmission, SM4 IP kernel is called to be encrypted through AXI buses by ARM the data collected, after the completion of encryption, ARM is digitally signed using SM2 algorithms to the data after encryption, in signature process, the IP kernel of SM3 algorithms is called to carry out computing acceleration, after the completion of be sent to high in the clouds using WIFI, the present invention solves existing individual privacy medical data before Cloud Server is sent to, encryption is needed to ensure security, but, the data bandwidth that high-precision medical data needs is very big, the problem of computing capability of traditional software is difficult to meet real-time encrypted demand, the present invention ensures the security of data by SM4 algorithms, ensure the reliability of data by SM2 Digital Signature Algorithms, utilize the parallel processing capability of hardware, the secret protection completed in Personal medical data transmitting procedure of real-time high-efficiency.

Description

A kind of safe transmission method of privacy cloud medical data
Technical field
The invention belongs to field of information security technology, it is related to a kind of safe transmission method of privacy cloud medical data.
Background technology
In recent years, with medical treatment transducer technology, mobile communication technology (3G, LTE, 4G etc.), cloud computing and related nothing The fusion of line communication technology and network technology, the wireless mobile medical monitoring network (Wireless based on wireless body area network Mobile Healthcare Monitoring Network, WMHMN) obtain deep development.Compared to treatment after disease hair Traditional medical system, by feat of cloud computing and portable medical technology, WMHMN can make patient remove the limit of when and where from System, in the case where not influenceing daily life carry out physical condition information monitor in real time, realize common disease early stage monitoring and Prevention, postoperative medical assistance rehabilitation and emergency treatment, reduce medical treatment cost, alleviate the deficient pressure of medical resource. With the development of big data technology, research institution can analyze valuable conclusion from the medical big data of patient, promote The development of science and technology.
However, the physiologic information that portable medical, internet infirmary are collected, positional information and from these information it is anti- Life style, hobby, custom mirrored etc. is all extremely important and sensitive privacy information, it is necessary to assure the secrecy of these information Property, integrality and accuracy, once information leakage or distorting, not only result in the diagnosis for making to make mistake in medical monitoring center and control Treat, or even can also threaten the life security of patient.The information security issue of current medical industry is extremely serious.Hospital's pipe in 2014 Reason company Community Health Systems lost 4,500,000 medical records.2 months 2015 American Medical underwriters Anthem is disclosed and is invaded a thing, stolen more than 80,000,000 personal information, is referred to as medical information leakage event maximum in history. Ponemon research institutes《5th medical data privacy is reported with security study》It has been shown that, the health care institution more than 90% deposits Revealed in two years in the past at least five times in leaking data, and 40% company data.
Market Research Corporation of America Gartner research shows that more than 70% potential user thinks that safety problem is refusal Use the main cause of cloud service.If not can solve this problem, the development to internet cloud medical industry will Cause greatly to influence.
The high-precision medical data data volume per second that need to be transmitted is very big, and general software cryptography mode is difficult to meet and added Close demand.
The content of the invention
It is an object of the invention to provide a kind of method of privacy cloud medical data safe transmission, existing individual is solved hidden Private medical data is before Cloud Server is sent to, it is necessary to encrypt to ensure security, however, high-precision medical data needs Data bandwidth it is very big, the problem of computing capability of traditional software is difficult to meet real-time encrypted demand, the present invention passes through SM4 algorithms ensure the security of data, ensure the reliability of data by SM2 Digital Signature Algorithms, utilize the parallel of hardware Disposal ability, the secret protection completed in Personal medical data transmitting procedure of real-time high-efficiency.
To achieve these goals, the technical solution adopted by the present invention is that the technical solution adopted in the present invention is, a kind of The safe transmission method of privacy cloud medical data, including data upload step, it is specific as follows:
Step 1), user using medical data acquisition instrument gather Personal medical data;
Step 2), user and Cloud Server carry out key agreement, obtain the public key and SM4 module AESs of SM2 modules Key;
Step 3), by step 1) in the medical data of collection be passed in Zedboard;
Step 4), call by Zedboard SM4 modules to use step 2) in obtained key medical data is carried out it is real Shi Jiami;
Step 5), Zedboard use step 2) in obtained public key using SM2 modular algorithms to step 4) after encryption Medical data is digitally signed, wherein, the signature process in SM2 modules calls SM3 modules to complete, and detailed process is as follows: Step 51), start SM3 modules in algorithm, start successively read in initiation parameter and by step 4) encrypt after medical data;
Step 52), the medical data after encryption is input to interface module, and pass through iteration module, expansion module and pressure Contracting module is iterated, extends successively, compresses and obtains the Hash Value of 256;
Step 53), output Hash Value, and provide work complement mark position;
Step 6), to step 5) after signature data are plus timestamp and upload to Cloud Server.
The step 4) comprise the following steps that:
Step 41), first input 128 keys, then input enable signal give SM4 modules, SM4 modules are drawn high immediately Busy signals;
Step 42), round key module is according to step 41) 128 keys of input carry out key computing, generate round key, SM4 modules draw high round key and complete signal;
Step 43) then input medical data, round function module is according to step 42) in generation round key to medical number According to being encrypted;
Step 44), in step 43) in encryption after the completion of draw high encryption and complete signal, that is, complete a group encryption, repeat to walk It is rapid 43) and 44) until completing the encryption of all medical datas.
The step 43) in medical data split be filled into the plaintext of 128 first, then inputted.
Step 52) in, the medical data after encryption is split with 512 for unit first, when last segmentation When unit is less than 512,0 to 512 completion message filling is added at the end of cutting unit, obtained each cutting unit is equal For 512;Cutting unit is sequentially inputted to interface module and carried out successively by iteration module, expansion module and compression module Iteration, extension, compression obtain the Hash Value of 256;
Wherein, step 52) in detailed process be, input first cutting unit, by iteration module, expansion module and pressure Contracting module is iterated, extends successively, compresses and obtains process values, by current process value and next cutting unit input interface simultaneously Module, after being iterated by iteration module, then by expansion module and compression module is extended and is compressed, until last Individual cutting unit computing terminates to obtain the Hash Value of 256.
Also include data storing steps, it is specific as follows:
Step 7), Cloud Server receive and first verify that whether timestamp correct after data, correctly then carry out next step, not just It is true then abandon;
Step 8), whether be tampered using the private key inspection data of oneself with server;Upcheck, preserve, do not pass through Then abandon.
What the SM3 modules and SM4 modules were connected by AXI buses with ARM, SM4 modules be used for implementation process control, Data input is exported and operational order parsing;SM4 modules include round function module and round key module, wherein, round function mould Block includes 32 level production lines, is a F function per one-level, and each F functions are converted by L conversion and T and constituted, wherein, L conversion For linear transformation, T is transformed to nonlinear transformation, it is necessary to 4 S boxes;Round key module is converted and linear transformation by nonlinear transformation T Lrk conversion compositions, Lrk conversion needs 4 S boxes;
SM3 modules are controlled by command signal, and subscriber signal is converted into the signal of algoritic module by interface module, and Buffering area and control signal are controlled, wherein buffering area includes input block and output buffer;SM3 modules include Top-layer Design Method Module and the iteration module being controlled by Top-layer Design Method module, expansion module and compression module, iteration module, expansion module With the submodule that compression module is Top-layer Design Method module;In Top-layer Design Method module SM3 modules are realized by calling each submodule The Hash Value of algorithm is calculated, and Top-layer Design Method module uses sequential logical circuit, utilization state machine each submodule is called into And the execution of control algolithm.
Also include be connected on ARM be used for gather medical data sensor and for cloud server data cube computation WIFI module.
The present invention is developed using Zedboard, is encrypted after user's collection Personal medical data using SM4, and use SM2 algorithms are digitally signed, and data are sent to high in the clouds.
Cloud server is to the correctness for after this data, first verifying that SM2 signatures, after checking is correct, using advance Obtained key carries out SM4 decryption, you can obtain Personal medical data.
Compared with prior art, the present invention at least has the advantages that, passes through FPGA SM4 algorithms close to state and state Need the close SM3 hash algorithms of the state used to be optimized in close SM2 Digital Signature Algorithms, greatly improve arithmetic speed, it is full The real-time of the big band data encryption of foot.
Brief description of the drawings
Fig. 1 is data upload process flow chart of the invention;
Fig. 2 is data storage procedure flow chart of the invention;
Fig. 3 is Zedboard board structure figures of the invention;
Fig. 4 is SM4 top-level module design drawings of the invention;
Fig. 5 is SM4 hardware design structure figures of the invention;
Fig. 6 is SM3 hardware structure diagrams of the invention;
The packet content that Fig. 7 uploads for the present invention;
Fig. 8 is the data before present invention upload;
Fig. 9 is the data that cloud server is stored;
Figure 10 is that speed traditional software encrypts the FPGA enciphering rate comparison diagrams designed with the present invention.
Embodiment
The present invention is described in detail with reference to the accompanying drawings and detailed description.
The present invention is based on Zedboard boards, is realized by Hardware/Software Collaborative Design, wherein, as shown in figure 3, Zedboard Board, including ARM and the SM3 modules and SM4 modules that are connected by AXI buses with ARM, SM4 modules are used for implementation process control System, data input output and operational order parsing;SM4 modules include round function module and round key module, wherein, round function Module includes 32 level production lines, is a F function per one-level, and each F functions are converted by L conversion and T and constituted, wherein, L becomes Linear transformation is changed to, T is transformed to nonlinear transformation, it is necessary to 4 S boxes;Round key module is by nonlinear transformation T conversion and linear change Lrk conversion compositions are changed, Lrk conversion needs 4 S boxes;
SM3 modules are controlled by command signal, and subscriber signal is converted into the signal of algoritic module by interface module, and Buffering area and control signal are controlled, wherein buffering area includes input block and output buffer;SM3 modules include Top-layer Design Method Module and the iteration module being controlled by Top-layer Design Method module, expansion module and compression module, iteration module, expansion module With the submodule that compression module is Top-layer Design Method module;In Top-layer Design Method module SM3 modules are realized by calling each submodule The Hash Value of algorithm is calculated, and Top-layer Design Method module uses sequential logical circuit, utilization state machine each submodule is called into And the execution of control algolithm, in addition to be connected on ARM be used for gather medical data sensor and be used for and cloud service The WIFI module of device data cube computation.
Zedboard boards carry out data acquisition by sensor first, by the data collected by ARM through AXI buses SM4 IP kernel is called to be encrypted, after the completion of encryption, ARM is digitally signed using SM2 algorithms to the data after encryption, In signature process, call SM3 algorithms IP kernel carry out computing acceleration, after the completion of be sent to high in the clouds using WIFI.
The transmission method of the present invention includes data upload step, as shown in figure 1, specific as follows:
Step 1), user using medical data acquisition instrument gather Personal medical data;
Step 2), user and Cloud Server carry out key agreement, obtain the public key and SM4 module AESs of SM2 modules Key;
Step 3), by step 1) in the medical data of collection be passed in Zedboard;
Step 4), call by Zedboard SM4 modules to use step 2) in obtained key medical data is carried out it is real Shi Jiami;
Step 5), Zedboard use step 2) in obtained public key using SM2 modular algorithms to step 4) after encryption Medical data is digitally signed, wherein, the signature process in SM2 modules calls SM3 modules to complete;
Step 6), to step 5) after signature data are plus timestamp and upload to Cloud Server.
Also include data storing steps, as shown in Fig. 2 specific as follows:
Step 7), Cloud Server receive and first verify that whether timestamp correct after data, correctly then carry out next step, not just It is true then abandon;
Step 8), whether be tampered using the private key inspection data of oneself with server;Upcheck, preserve, do not pass through Then abandon.
As shown in figure 5, SM4 modules include being used for implementation process control, what data input output and operational order were parsed Top-level module.Top-level module is arranged with round function module and round key module, wherein, round function module includes 32 grades of flowing water Line, is a F function per one-level, and each F functions are converted by L conversion and T and constituted, wherein, L is transformed to linear transformation, and T becomes Nonlinear transformation is changed to, it is necessary to 4 S boxes;Round key module is made up of nonlinear transformation T conversion and linear transformation Lrk conversion, Lrk conversion needs 4 S boxes.
As shown in figure 4, SM4 modules (i.e. encrypting module) running is as follows:
Step 41), first input 128 keys, then input enable signal give SM4 modules, SM4 modules are drawn high immediately Busy signals;
Step 42), round key module is according to step 41) 128 keys of input carry out key computing, generate round key, SM4 modules draw high round key and complete signal;
Step 43) then input 128 plaintexts, round function module is according to step 42) in generation round key to plaintext enter Row encryption;
Step 44), step 43) in encryption after the completion of draw high encryption complete signal, that is, complete a group encryption.
As shown in fig. 6, SM3 modules are realized using hardware description language, modularized design is carried out first, SM3 modules include Top-layer Design Method module and the iteration module being controlled by Top-layer Design Method module, expansion module and compression module, iteration module, Expansion module and the submodule that compression module is Top-layer Design Method module;In Top-layer Design Method module, by call each submodule come Realize that the Hash Value of SM3 modular algorithms is calculated, Top-layer Design Method module uses sequential logical circuit, and utilization state machine is to each submodule Be called so control algolithm execution.
SM3 modules are controlled by command signal, 512 inputs and 256 outputs are provided with, by interface module by user Signal is converted into the signal of algoritic module, and controls buffering area and control signal, and wherein buffering area includes input block and defeated Go out buffering area;
The SM3 modular algorithm courses of work are:
Step 51), start algorithm in SM3 modules, start to read in initiation parameter and message m successively;
Step 52), to the medical data after encryption with 512 be unit split, when last cutting unit not When sufficient 512,0 to 512 completion message filling is added at the end of cutting unit, obtained each cutting unit is 512 Position;Cutting unit is sequentially inputted to interface module and is iterated successively by iteration module, expansion module and compression module, Extension, compression obtain the Hash Value of 256;
Step 53), output Hash Value, and provide work complement mark position.
Wherein, step 52) in, first cutting unit is inputted, by iteration module, expansion module and compression module successively It is iterated, extends, compressing and obtain process values, current process value and next cutting unit input interface module simultaneously passes through After iteration module is iterated, then by expansion module and compression module it is extended and compresses, until last segmentation is single N ary operation terminates to obtain the Hash Value of 256.
Embodiment:
User terminal sends encryption data test:
As shown in fig. 7, we have caught the continuous several groups of data uploaded to cloud server terminal of collection terminal our upload 13 groups Initial data is (9,3) (18,9) (8,10) (13,5) (19,14) (7,13) (11,13) (4,7) (6,4) (12,7) (4,6) (2 5) (16,3), are analyzed packet, and it is all encryption completely to find data, it is impossible to obtain initial data.
Cloud server terminal stores ciphertext data test:
One group of medical data, the number that then database arrives cloud server beyond the clouds are directly uploaded in txt file According to printing, the data variation inside observation, such as Fig. 8 are the data before uploading, and Fig. 9 is the number that Cloud Server connects and stored According to by contrast as can be seen that the data of user are stored among Cloud Server after being all encrypted, Cloud Server is in data Appearance is known nothing.
The AES velocity test table of the present invention of table 1
Algorithm Highest frequency (HZ) Theoretical velocity (bps) Actual frequency (HZ) Actual speed (bps)
SM3 167M 1336M 100M 800M
SM4 286M 1144M 200M 800M
As can be seen from the above table, hardware encryption module data throughout of the invention is very big, and reality can be met completely When monitoring data encryption.
As shown in Figure 10, the FPGA enciphering rate comparison diagrams that traditional software encryption is designed with the present invention, encryption of the invention More than fast ten times of the traditional software cryptography of throughput ratio, can meet high-precision medical data real-time Transmission encryption requirements completely.

Claims (7)

1. a kind of safe transmission method of privacy cloud medical data, it is characterised in that specific as follows including data upload step:
Step 1), user using medical data acquisition instrument gather Personal medical data;
Step 2), user and Cloud Server carry out key agreement, obtain SM2 modules public key and SM4 module AESs it is close Key;
Step 3), by step 1) in the medical data of collection be passed in Zedboard;
Step 4), call by Zedboard SM4 modules to use step 2) in obtained key medical data is carried out in real time plus It is close;
Step 5), Zedboard use step 2) in obtained public key using SM2 modular algorithms to step 4) medical treatment after encryption Data are digitally signed, wherein, the signature process in SM2 modules calls SM3 modules to complete, and detailed process is as follows:Step 51), start SM3 modules in algorithm, start successively read in initiation parameter and by step 4) encrypt after medical data;
Step 52), the medical data after encryption is input to interface module, and pass through iteration module, expansion module and compression mould Block is iterated, extends successively, compresses and obtains the Hash Value of 256;
Step 53), output Hash Value, and provide work complement mark position;
Step 6), to step 5) after signature data are plus timestamp and upload to Cloud Server.
2. a kind of safe transmission method of privacy cloud medical data according to claim 1, it is characterised in that the step 4) comprise the following steps that:
Step 41), input 128 keys first, then input enables signal and gives SM4 modules, and SM4 modules draw high busy letters immediately Number;
Step 42), round key module is according to step 41) 128 keys of input carry out key computing, generate round key, SM4 moulds Block draws high round key and completes signal;
Step 43) then input medical data, round function module is according to step 42) in generation round key medical data is entered Row encryption;
Step 44), in step 43) in encryption after the completion of draw high encryption complete signal, that is, complete a group encryption, repeat step 43) and 44) until completing the encryption of all medical datas.
3. a kind of safe transmission method of privacy cloud medical data according to claim 2, it is characterised in that the step 43) medical data in is split first is filled into the plaintext of 128, is then inputted.
4. the safe transmission method of a kind of privacy cloud medical data according to claim 1, it is characterised in that step 52) In, the medical data after encryption is split with 512 for unit first, when last cutting unit is less than 512, 0 to 512 completion message filling is added at the end of cutting unit, obtained each cutting unit is 512;Will segmentation list Member is sequentially inputted to interface module and is iterated successively by iteration module, expansion module and compression module, extends, compress To the Hash Value of 256.
5. the safe transmission method of a kind of privacy cloud medical data according to claim 4, it is characterised in that wherein, step It is rapid 52) in detailed process be, input first cutting unit, carried out successively by iteration module, expansion module and compression module Iteration, extension, compression obtain process values, by current process value and next cutting unit while input interface module, passes through iteration After module is iterated, then by expansion module and compression module it is extended and compresses, until last cutting unit fortune Calculate the Hash Value for terminating to obtain 256.
6. the safe transmission method of a kind of privacy cloud medical data according to claim 1, it is characterised in that also including number It is specific as follows according to storing step:
Step 7), Cloud Server receive and first verify that whether timestamp correct after data, correctly then carry out next step, it is incorrect then Abandon;
Step 8), whether be tampered using the private key inspection data of oneself with server;Upcheck, preserve, not by then losing Abandon.
7. a kind of safe transmission method of privacy cloud medical data according to claim 1, it is characterised in that the SM3 What module and SM4 modules were connected by AXI buses with ARM, SM4 modules be used for implementation process control, data input output with And operational order parsing;SM4 modules include round function module and round key module, wherein, round function module includes 32 grades of flowing water Line, is a F function per one-level, and each F functions are converted by L conversion and T and constituted, wherein, L is transformed to linear transformation, and T becomes Nonlinear transformation is changed to, it is necessary to 4 S boxes;Round key module is made up of nonlinear transformation T conversion and linear transformation Lrk conversion, Lrk conversion needs 4 S boxes;
SM3 modules are controlled by command signal, and subscriber signal is converted into the signal of algoritic module by interface module, and are controlled Buffering area and control signal, wherein buffering area include input block and output buffer;SM3 modules include Top-layer Design Method module And iteration module, expansion module and the compression module being controlled by Top-layer Design Method module, iteration module, expansion module and pressure Contracting module is the submodule of Top-layer Design Method module;In Top-layer Design Method module SM3 modular algorithms are realized by calling each submodule Hash Value calculate, Top-layer Design Method module uses sequential logical circuit, and utilization state machine is called and then controlled to each submodule The execution of algorithm processed.
CN201710211529.1A 2017-03-31 2017-03-31 A kind of safe transmission method of privacy cloud medical data Pending CN107026859A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710211529.1A CN107026859A (en) 2017-03-31 2017-03-31 A kind of safe transmission method of privacy cloud medical data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710211529.1A CN107026859A (en) 2017-03-31 2017-03-31 A kind of safe transmission method of privacy cloud medical data

Publications (1)

Publication Number Publication Date
CN107026859A true CN107026859A (en) 2017-08-08

Family

ID=59527758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710211529.1A Pending CN107026859A (en) 2017-03-31 2017-03-31 A kind of safe transmission method of privacy cloud medical data

Country Status (1)

Country Link
CN (1) CN107026859A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306899A (en) * 2018-05-03 2018-07-20 山东九州信泰信息科技股份有限公司 A kind of method that safe transmission is carried out to sensitive data in cloud service environment
CN109274663A (en) * 2018-09-07 2019-01-25 西安莫贝克半导体科技有限公司 Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN109495497A (en) * 2018-12-11 2019-03-19 西安邮电大学 Based on the management of credit worthiness dynamic and domestic cryptographic algorithm privacy information encrypted transmission method
CN110177106A (en) * 2019-05-31 2019-08-27 贵州精准健康数据有限公司 Medical imaging data transmission system
CN110716818A (en) * 2019-09-30 2020-01-21 腾讯科技(深圳)有限公司 Exception handling method and device, hardware protection equipment and storage medium
CN111310203A (en) * 2020-02-10 2020-06-19 广东工业大学 Electronic medical record hybrid encryption method based on SM2 and SM4
CN111343014A (en) * 2020-02-17 2020-06-26 上海科技大学 Data center network topology design method based on combination design
CN111416717A (en) * 2019-01-07 2020-07-14 中安网脉(北京)技术股份有限公司 Parallel multi-path hardware implementation method for SM2 algorithm
CN111899082A (en) * 2020-06-30 2020-11-06 福建亿能达信息技术股份有限公司 Hospital pre-paid money supervision system, equipment and medium
CN113810352A (en) * 2020-06-12 2021-12-17 佳易科技股份有限公司 Virtual private network connection method and memory card device using the same

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882847A (en) * 2012-08-24 2013-01-16 山东省计算中心 Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof
CN103049710A (en) * 2012-12-13 2013-04-17 国家广播电影电视总局广播科学研究院 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
CN104166823A (en) * 2014-09-12 2014-11-26 罗满清 Intelligent medical data safety guarantee system
CN104200177A (en) * 2014-09-12 2014-12-10 罗满清 Mobile medical sensitive data encryption method
CN104468125A (en) * 2014-12-24 2015-03-25 江西倍康信息技术有限公司 Mobile Internet information communication encryption method based on GMB algorithm
CN105099711A (en) * 2015-08-28 2015-11-25 北京三未信安科技发展有限公司 ZYNQ-based small-sized cipher machine and data encryption method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882847A (en) * 2012-08-24 2013-01-16 山东省计算中心 Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof
CN103049710A (en) * 2012-12-13 2013-04-17 国家广播电影电视总局广播科学研究院 Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
CN104166823A (en) * 2014-09-12 2014-11-26 罗满清 Intelligent medical data safety guarantee system
CN104200177A (en) * 2014-09-12 2014-12-10 罗满清 Mobile medical sensitive data encryption method
CN104468125A (en) * 2014-12-24 2015-03-25 江西倍康信息技术有限公司 Mobile Internet information communication encryption method based on GMB algorithm
CN105099711A (en) * 2015-08-28 2015-11-25 北京三未信安科技发展有限公司 ZYNQ-based small-sized cipher machine and data encryption method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王崇森: ""基于FPGA的云存储安全系统研究与实现"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
王晓燕等: ""基于FPGA的SM3算法优化与实现"", 《计算机工程》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306899B (en) * 2018-05-03 2019-04-23 山东九州信泰信息科技股份有限公司 A kind of method that safe transmission is carried out to sensitive data in cloud service environment
CN108306899A (en) * 2018-05-03 2018-07-20 山东九州信泰信息科技股份有限公司 A kind of method that safe transmission is carried out to sensitive data in cloud service environment
CN109274663A (en) * 2018-09-07 2019-01-25 西安莫贝克半导体科技有限公司 Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN109495497A (en) * 2018-12-11 2019-03-19 西安邮电大学 Based on the management of credit worthiness dynamic and domestic cryptographic algorithm privacy information encrypted transmission method
CN111416717B (en) * 2019-01-07 2023-01-03 中安网脉(北京)技术股份有限公司 SM2 algorithm parallel multi-path hardware implementation method
CN111416717A (en) * 2019-01-07 2020-07-14 中安网脉(北京)技术股份有限公司 Parallel multi-path hardware implementation method for SM2 algorithm
CN110177106A (en) * 2019-05-31 2019-08-27 贵州精准健康数据有限公司 Medical imaging data transmission system
CN110716818B (en) * 2019-09-30 2022-02-11 腾讯科技(深圳)有限公司 Exception handling method and device, hardware protection equipment and storage medium
CN110716818A (en) * 2019-09-30 2020-01-21 腾讯科技(深圳)有限公司 Exception handling method and device, hardware protection equipment and storage medium
CN111310203A (en) * 2020-02-10 2020-06-19 广东工业大学 Electronic medical record hybrid encryption method based on SM2 and SM4
CN111343014B (en) * 2020-02-17 2022-12-02 上海科技大学 Data center network topology design method based on combination design
CN111343014A (en) * 2020-02-17 2020-06-26 上海科技大学 Data center network topology design method based on combination design
CN113810352A (en) * 2020-06-12 2021-12-17 佳易科技股份有限公司 Virtual private network connection method and memory card device using the same
CN113810352B (en) * 2020-06-12 2024-02-23 佳易科技股份有限公司 Virtual private network connection method and memory card device using the same
CN111899082A (en) * 2020-06-30 2020-11-06 福建亿能达信息技术股份有限公司 Hospital pre-paid money supervision system, equipment and medium

Similar Documents

Publication Publication Date Title
CN107026859A (en) A kind of safe transmission method of privacy cloud medical data
WO2022057631A1 (en) Data processing method and system based on node group, and device and medium
Kocabas et al. Utilizing homomorphic encryption to implement secure and private medical cloud computing
EP2874341B1 (en) Secure evaluation of a program
CN102882847B (en) Secure digital (SD)-password-card-based secure communication method of Internet of things healthcare service system
CN102571357B (en) Signature realization method and signature realization device
CN102970143B (en) Method for securely computing index of sum of held data of both parties by adopting addition homomorphic encryption
CN104602015A (en) Real-time video monitoring encryption and authentication method
CN107995143A (en) Medical imaging treating method and apparatus
CN111083150A (en) Identity authentication and data security transmission method under medical sensor network environment
CN111222158A (en) Block chain-based two-party security and privacy comparison method
Naresh et al. Secure lightweight IoT integrated RFID mobile healthcare system
CN105099671B (en) A kind of identity hides and non-extensible safe authentication key agreement method
Zheng et al. Comparative study on electrocardiogram encryption using elliptic curves cryptography and data encryption standard for applications in Internet of medical things
CN107465508A (en) A kind of method, system and the equipment of software and hardware combining construction true random number
Sangariand et al. A light-weight cryptography analysis for wireless based healthcare applications
Yang et al. Secure and privacy-preserving human interaction recognition of pervasive healthcare monitoring
CN106658490A (en) Wireless sensor network homomorphic encryption privacy protection method
CN111859339A (en) Identity verification system based on computer network
CN106506263A (en) Application information obtains system, unit and method
Iavich et al. A Post-Quantum secure e-Health system for the data management
CN114499822A (en) Efficient outsourcing aggregation and appointed acquisition method of multi-source data
CN113890890A (en) Efficient data management method applied to intelligent medical system
CN106933676A (en) A kind of mathematical operation system
CN106686586B (en) Wireless transmission system and encryption and decryption method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170808