A medical personal data secure interaction system and a medical personal data management method

Through a closed-loop collaborative mechanism involving an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module, the security issues of medical data in the cloud storage model are resolved. This enables data transmission and retrieval within the secure internal network domain, eliminates the risk of data leakage, and meets users' needs for convenient querying and authorized sharing.

CN122174264APending Publication Date: 2026-06-09GUIZHOU YIXI CLOUD TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUIZHOU YIXI CLOUD TECHNOLOGY CO LTD
Filing Date
2026-01-29
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing cloud storage and related applications have security flaws in the transmission and storage of medical data. Data is vulnerable to attack, interception and theft, and the lack of user authentication can lead to data leakage, violate personal privacy regulations and threaten public safety.

Method used

A closed-loop collaboration mechanism is adopted, consisting of an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module. Through the one-way signal transmission channel and identity authentication, medical data is ensured not to flow out within the internal network security domain. Only one-way transmission of operation signals and display screens is allowed, forming a closed-loop collaboration mechanism of "external interaction - internal network processing - one-way transmission - identity control".

Benefits of technology

It enables secure storage and transmission of medical data within the intranet security domain, eliminating the risk of data leakage, meeting users' needs for convenient querying and authorized sharing, and resisting mass theft and illegal use by machines.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122174264A_ABST
    Figure CN122174264A_ABST
Patent Text Reader

Abstract

The application provides a medical personal data safe interaction system and a medical personal data management method, and belongs to the technical field of medical data management. The system provided by the application comprises an external network access module, an internal network data processing module, a one-way signal transmission module and an identity authentication module. The external network access module accesses the Internet, is used for establishing a connection with a user end, receiving an entity operation signal of the user end, and feeding back a medical data display picture to the user end. The internal network data processing module accesses the internal network, is used for calling medical data and corresponding applications from the internal network, responding to the entity operation signal and generating the medical data display picture. The one-way signal transmission module is connected with the external network access module and the internal network data processing module, and a two-way independent one-way signal transmission channel is constructed. The identity authentication module is arranged in the internal network data processing module, is used for verifying the identity of a user, and authorizes the internal network data processing module to call the medical data after verification.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of medical data management technology, and in particular to a medical personal data secure interaction system and a medical personal data management method. Background Technology

[0002] Medical personal data, as sensitive information carrying personal health privacy and involving public health security, requires both legal basis and practical necessity for its security management. Original medical diagnosis and treatment data such as personal medical records, imaging examinations, and test results are strictly prohibited from being exposed to the public network environment without authorization due to privacy protection and public interest. However, this type of data must also meet the practical needs of owners to independently access it and authorize professional medical individuals to conduct remote diagnosis and treatment. Therefore, a balance between data use and risk control must be achieved through compliant and secure methods.

[0003] Currently, cloud technology is widely used in the industry for storing and retrieving medical data. In some scenarios, data sharing is also achieved through applications such as cloud-based medical imaging. This model has become the mainstream choice in the past when there was a lack of better alternative technologies, and it has met the need for convenient remote access to a certain extent. However, existing cloud storage and related applications have significant security flaws and shortcomings: First, cloud services are in a public network environment, which is constantly facing attacks and probing, and the probability of large-scale data leakage is extremely high; Second, the data transmission process between the cloud and the client is easily intercepted and gradually decrypted after storage, and the security of the transmission link cannot be guaranteed; Third, after the data reaches the terminal, it may be decomposed and obtained by the device's operating system, posing a risk of being secretly stolen and monitored; More seriously, applications such as cloud-based medical imaging have problems such as exposed data interfaces and arbitrary sharing without user authentication, which allows unrelated entities to easily extract image libraries, and there have even been cases where some entities openly leak medical data under the guise of Internet healthcare and AI training. This not only violates personal privacy regulations, but may also allow centralized regional medical data to be analyzed and used, turning into a potential risk to threaten public safety.

[0004] Therefore, there is an urgent need for a secure medical personal data interaction system that can meet users' core needs for convenient querying and authorized sharing while ensuring that the original medical data does not leak out of the secure domain, thereby eliminating the risk of data leakage at the source. Summary of the Invention

[0005] In view of this, this application provides a medical personal data security interaction system and a medical personal data management method to meet the core needs of users for convenient querying and authorized sharing while ensuring that the original medical data does not flow out of the security domain, thereby eliminating the risk of data leakage at the source.

[0006] Specifically, this application is implemented through the following technical solution:

[0007] The first aspect of this application provides a medical personal data security interaction system, the system comprising: an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module;

[0008] The external network access module connects to the Internet and is used to establish a connection with the user terminal, receive physical operation signals from the user terminal, and provide feedback to the user terminal with medical data display screens.

[0009] The intranet data processing module is connected to the intranet of the medical data production organization to retrieve medical data and corresponding applications from the intranet, respond to the entity operation signals, and generate a medical data display screen.

[0010] The one-way signal transmission module is connected to the external network access module and the internal network data processing module respectively, forming a bidirectional independent one-way signal transmission channel. There is no network communication between the external network access module and the internal network data processing module. The first channel in the one-way signal transmission module is used for the internal network data processing module to transmit medical data display screen to the external network access module in one direction. The second channel is used for the external network access module to transmit physical operation signals to the internal network data processing module in one direction.

[0011] The identity authentication module is deployed on the intranet data processing module and is used to verify the user's identity. After successful verification, the intranet data processing module is authorized to retrieve medical data.

[0012] A second aspect of this application provides a method for managing medical personal data, the method being applied to the medical personal data secure interaction system provided in any one of the first aspects of this application, the method comprising:

[0013] Users establish a connection with the external network access module through the user terminal. The external network access module senses the device information of the user terminal and generates adaptation instructions, which are then synchronized to the internal network data processing module through the one-way signal transmission module.

[0014] The intranet data processing module starts the identity authentication module, generates a login interface, and transmits it to the external network access module through the one-way signal transmission module. The external network access module then feeds back to the user terminal, where the user verifies their identity.

[0015] After identity authentication is successful, the user performs entity operations through the user terminal, generates entity operation signals and transmits them to the external network access module. The external network access module converts the entity operation signals into HID signals and transmits them to the internal network data processing module through the one-way signal transmission module according to the transmission control rules.

[0016] The intranet data processing module responds to the HID signal, retrieves the target medical data and corresponding applications from the intranet, generates an adapted medical data display screen, and transmits it to the external network access module through the one-way signal transmission module.

[0017] The external network access module displays medical data to the user.

[0018] The medical personal data security interaction system and medical personal data management method provided in this application utilize an external network access module as the external interaction interface between the user terminal and the system. This not only fulfills the user terminal's need to easily establish a connection, transmit physical operation signals, and receive display screens without additional adaptation, but also avoids the user terminal directly accessing internal network data. The design of the internal network data processing module, which only retrieves data from the institution's internal network and generates display screens, ensures that the original medical data always remains within the internal network security domain and is not directly output to the external network. Two independent unidirectional channels built using a unidirectional signal transmission module physically block network communication between the external network access module and the internal network data processing module, allowing only operation signals to communicate. The one-way transmission of data from the external network access module to the internal network data processing module, and from the internal network data processing module to the external network access module, completely eliminates the possibility of raw data leakage through network links. Combined with the identity authentication module deployed in the internal network data processing module, data retrieval is only authorized after the user's identity is verified, forming a closed-loop collaborative mechanism of "external interaction - internal network processing - one-way transmission - identity control". Ultimately, through the precise cooperation of each module, while ensuring that personal medical data does not flow out of the internal network security domain and eliminating the risk of bulk theft and leakage, it fully meets the user's needs for querying and authorizing the sharing of medical data, achieving an effective balance between data security and ease of use. Attached Figure Description

[0019] Figure 1 This is a schematic diagram of the structure of the medical personal data security interaction system provided in Embodiment 1 of this application;

[0020] Figure 2 A flowchart of a medical personal data management method provided in Embodiment 2 of this application. Detailed Implementation

[0021] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application.

[0022] The terminology used in this application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The singular forms “a,” “the,” and “the” used herein are also intended to include the plural forms unless the context clearly indicates otherwise. It should also be understood that the term “and / or” as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

[0023] It should be understood that although the terms first, second, third, etc., may be used in this application to describe various information, such information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of this application, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when," "when," or "in response to determination."

[0024] The following specific embodiments are given to illustrate the technical solution of this application in detail.

[0025] Figure 1 This is a schematic diagram of the structure of the medical personal data security interaction system provided in Embodiment 1 of this application. Please refer to... Figure 1 The medical personal data security interaction system provided in this embodiment includes: an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module;

[0026] The external network access module connects to the Internet and is used to establish a connection with the user terminal, receive physical operation signals from the user terminal, and provide feedback to the user terminal with medical data display screens.

[0027] The intranet data processing module is connected to the intranet of the medical data production organization to retrieve medical data and corresponding applications from the intranet, respond to the entity operation signals, and generate a medical data display screen.

[0028] The one-way signal transmission module is connected to the external network access module and the internal network data processing module respectively, forming a bidirectional independent one-way signal transmission channel. There is no network communication between the external network access module and the internal network data processing module. The first channel in the one-way signal transmission module is used for the internal network data processing module to transmit medical data display screen to the external network access module in one direction. The second channel is used for the external network access module to transmit physical operation signals to the internal network data processing module in one direction.

[0029] The identity authentication module is deployed on the intranet data processing module and is used to verify the user's identity. After successful verification, the intranet data processing module is authorized to retrieve medical data.

[0030] Specifically, the medical personal data security interaction system consists of an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module. The external network access module serves as the "external network interaction entry point" between the user terminal and the system. On one hand, it connects to the internet, supporting connections with the user terminal without requiring the user to install additional dedicated software or a VPN; on the other hand, it receives physical operation signals from the user (such as mouse and keyboard clicks, mobile phone touches) and feeds back the medical data display screen transmitted from the internal network to the user terminal, realizing a closed-loop interaction of "operation input - screen output".

[0031] It should be noted that the medical personal data security interaction system described in this embodiment is primarily aimed at the medical field. However, it is also applicable to other fields such as finance.

[0032] The intranet data processing module serves as the "core of secure processing" for medical data. It connects to the intranet of medical data production institutions (such as hospitals) and retrieves only raw medical data and corresponding applications, such as personal medical records, imaging examinations, and test results, from the intranet. At the same time, it responds to operation signals transmitted by the external network access module and generates a medical data display screen adapted to the user end (rather than the original data file), ensuring that the raw data flows within the intranet throughout the entire process and is not output to the external network.

[0033] The unidirectional signal transmission module acts as a "secure connection bridge" between the external network access module and the internal network data processing module. Its core function is to build a "two-way independent, physically isolated" signal transmission channel, preventing direct network communication between the two. Specifically, the first channel (such as an HDMI cable) is used solely for unidirectional transmission of medical data display images (video signals) from the internal network data processing module to the external network access module; the second channel (such as a USB cable) is used solely for unidirectional transmission of physical operation signals (simulated HID mouse and keyboard signals) from the external network access module to the internal network data processing module. This dual unidirectional channel design physically blocks the original data leakage path.

[0034] The identity authentication module, serving as a "secure access checkpoint" for data access, is deployed within the intranet data processing module. It is responsible for strictly verifying user identities (such as dual verification of account password + dynamic SMS verification code, and WeChat Token UUID associated authentication). Only after successful verification is the intranet data processing module authorized to retrieve the corresponding user's medical data, thus preventing unauthorized personnel from accessing the data illegally.

[0035] It should be noted that the one-way signal transmission module is the only connection between modules. The external network access module and the internal network data processing module have no direct network connection; they only interact through the two independent one-way channels of this module. The identity authentication module is a built-in function of the internal network data processing module and does not establish direct external connections with other modules. The data / signal flow relationship is divided into two types: user operation flow: user terminal → external network access module (receive entity operation signals) → one-way signal transmission module (second channel) → internal network data processing module (respond to entity operation signals); screen feedback flow: internal network data processing module (generate display screen) → one-way signal transmission module (first channel) → external network access module (feedback screen) → user terminal.

[0036] In practice, users perform physical operations through their devices (such as clicking the "Image Query" button with a mouse and keyboard, or touching the "Login" icon on their phones), generating physical operation signals (such as mouse and keyboard electrical signals, or phone touch signals). These signals are transmitted via the internet to the external network access module. The external network access module, acting as the "external interaction entry point," first receives the signals and then converts them into standard HID signals (such as standardized signals simulating keyboard key presses or mouse clicks) that can be recognized by the internal network data processing module. The HID signals processed by the external network access module are then transmitted through the second channel (USB cable) of the one-way signal transmission module. This channel is a one-way channel from the external network access module to the internal network data processing module, with no reverse data flow. Since the one-way signal transmission module only provides physical-level signal relay and does not perform data parsing or storage, and there is no network communication between the external network access module and the internal network data processing module, only operation signals are transmitted in this process, without any medical data involved, thus physically blocking the data leakage path.

[0037] Furthermore, the identity authentication module verifies the user's identity. If it is the user's first operation (identity authentication not completed), the intranet data processing module receives the HID signal and starts the built-in identity authentication module to generate a login interface (including an account input box and a dynamic verification code box). If the user has already accessed the platform via WeChat, the external network access module will automatically read the verified TokenUUID from WeChat and transmit it to the identity authentication module through the second channel to simulate filling in account information. The user enters identity credentials (such as account password + dynamic SMS verification code) through the user terminal, and the relevant input commands are transmitted again to the identity authentication module through the "external network access module → one-way signal transmission module second channel". The identity authentication module verifies the credentials. If the verification is successful, it sends an "authorize data retrieval" command to the intranet data processing module. If the verification fails, the process is directly blocked, and no data-related feedback is generated. After identity verification is successful, the intranet data processing module receives the authorization instruction from the identity authentication module and, based on the user's specific needs for operating the HID signal (such as "querying image data from March 2024"), retrieves the corresponding original medical data (such as DICOM format images and PDF test reports) from the medical institution's intranet database. This process is completed entirely within the intranet, and the original data is not associated with the external network. The intranet data processing module does not transmit the original data files externally, but instead performs "visual processing" on the retrieved data. Based on the user terminal device information (resolution, OS type) synchronized by the external network access module, it adjusts the screen size and adapts the format to generate a medical data display screen (in video stream format, such as a dynamic display interface for images or a readable interface for reports). If DICOM image data is retrieved, the display screen will deliberately retain a "pixel-to-entity size deviation of 0.1mm" to ensure that even if the user takes a screenshot, the image will lose its original medical application value, further strengthening security protection.

[0038] Finally, the display screen (video signal) generated by the intranet data processing module is transmitted unidirectionally to the external network access module through the first channel (HDMI cable) of the unidirectional signal transmission module. This channel is a unidirectional channel from the intranet data processing module to the external network access module, transmitting only video stream signals and prohibiting the external network from transmitting any data back to the intranet, ensuring that the intranet environment is not vulnerable to external network attacks. After receiving the video signal from the display screen, the external network access module directly feeds it back to the user terminal. The user terminal screen displays a medical data display interface adapted to its own device (such as landscape high-definition images on a computer and portrait reports on a mobile phone). The user can continue to perform subsequent operations (such as zooming in on the image and flipping through pages to view the report), and subsequent operations repeat in a loop according to the above process.

[0039] Optionally, the external network access module is an IPv6 KVM device, and the internal network data processing module is a Raspberry Pi or a smart terminal device with equivalent data processing and internal network access capabilities.

[0040] Optionally, the external network access module and the internal network data processing module are configured into a one-to-one collaborative unit. Multiple collaborative units are arranged in an array and deployed in the institution's computer room. The number of collaborative units in the array is 500 to 1000 pairs to adapt to the user scale and data access needs of the institution's computer room.

[0041] Specifically, an IPv6 KVM device is selected as the external network access module, and a Raspberry Pi or a smart terminal device with equivalent data processing and internal network access capabilities is selected as the internal network data processing module. A one-to-one pairing of "1 IPv6 KVM device + 1 Raspberry Pi / equivalent smart terminal device" is used to construct independent collaborative units, ensuring that each collaborative unit can independently support the medical data interaction needs of one user. Based on the user scale and daily peak data access needs of the medical data production institution, multiple of the above collaborative units are deployed, forming an array and placed in the institution's server room. The number of collaborative units deployed in the array starts from 500-1000 pairs, and can be expanded as needed to adapt to actual usage requirements.

[0042] Optionally, the unidirectional signal transmission module includes two unidirectionally connected transmission lines. One transmission line is an HDMI cable, which serves as a unidirectional transmission channel for the medical data display screen, connecting the intranet data processing module and the extranet access module. It is used for the intranet data processing module to unidirectionally output the medical data display screen in video format to the extranet access module. The other transmission line is a USB cable, which serves as a unidirectional transmission channel for physical operation signals, connecting the extranet access module and the intranet data processing module. It is used for the extranet access module to unidirectionally transmit analog HID mouse and keyboard signals to the intranet data processing module.

[0043] Specifically, an HDMI cable and a USB cable are selected as two independent transmission lines for the unidirectional signal transmission module. One end of the HDMI cable is connected to the video output interface of the intranet data processing module, and the other end is connected to the video input interface of the extranet access module, creating a unidirectional transmission channel that only supports "intranet data processing module → extranet access module". This channel is used for the unidirectional transmission of medical data display images in video format generated by the intranet data processing module to the extranet access module. One end of the USB cable is connected to the signal output interface of the extranet access module, and the other end is connected to the signal input interface of the intranet data processing module, creating a unidirectional transmission channel that only supports "extranet access module → intranet data processing module". This channel is used for the unidirectional transmission of analog HID mouse and keyboard signals converted by the extranet access module to the intranet data processing module. It is ensured that the two transmission lines only realize signal transmission in the corresponding direction and do not have reverse transmission capabilities, and there are no other network connection links between the extranet access module and the intranet data processing module.

[0044] Optionally, the external network access module has multi-terminal adaptation capability, and the user terminal includes a laptop computer and a mobile phone. The mobile phone establishes a connection with the external network access module through a WeChat official account or mini program, and the user terminal does not need to install any additional dedicated software or client.

[0045] Optionally, after receiving the entity operation signal from the user terminal, the external network access module converts the entity operation signal into an HID signal that can be recognized by the internal network data processing module.

[0046] Specifically, the external network access module (KVM) can connect to the user's laptop or mobile phone, such as a WeChat official account or mini-program. Regardless of the terminal interface used, the user experience and performance remain unchanged. Mouse, keyboard, or user touch are all simulated and converted into internal network data processing module (smart terminal interface) response through KVM's HID signal.

[0047] Optionally, the external network access module sets transmission control rules for the converted HID signal. The transmission control rules include signal delay rules and duplicate signal filtering rules. The signal delay rules include: when the HID signal is transmitted from the external network access module to the internal network data processing module, a fixed operation delay of 0.1 seconds is set, and each HID signal is transmitted sequentially at a preset time interval. The duplicate signal filtering rules include: for the HID signal corresponding to a specific input key, a 1-second signal filtering window is set. If the same duplicate HID signal is detected within the signal filtering window, only the first valid signal is retained, and subsequent duplicate signals are ignored.

[0048] In practice, after receiving the physical operation signal from the user terminal, the external network access module first converts it into a standard HID signal that can be recognized by the internal network data processing module. The external network access module then initiates a preset transmission control rule to process the converted HID signal: First, a fixed operation delay of 0.1 seconds is configured for each HID signal. The system controls the signal transmission sequence according to this delay parameter to ensure that all HID signals are transmitted to the internal network data processing module sequentially at a preset time interval of 0.1 seconds. Then, the identification information of specific input keys such as identity authentication and data retrieval confirmation is preset. When the input key corresponding to the HID signal is detected to be a preset specific input key, a 1-second signal filtering window is triggered. Within this 1-second filtering window, if the system continuously detects duplicate HID signals with the same identifier, only the first valid signal is retained. Subsequent duplicate HID signals are directly judged as invalid and filtered, and are not transmitted to the internal network data processing module. The valid HID signal processed by the transmission control rule is transmitted to the internal network data processing module through the second channel of the unidirectional signal transmission module.

[0049] It's important to note that because the user interface input has a 0.1-second delay (and some input keys are specifically designed to ignore other input HID signals for 1 second), the patient's medical data is never physically connected to the external network. It's all rapidly retrieved and processed within the institution's intranet. Therefore, its I / O speed is completely independent of the internet. What the user sees is merely a projection of an intranet smart terminal; no actual original data flows out. For example, medical image DICOM files have a pixel value corresponding to the display entity's mm value. The dynamic scaling of the projection can never perfectly align this terminal attribute, and no matter how advanced AI becomes in the future, there will always be some deviation of 0.1mm. This deviation completely negates the original medical meaning of the so-called screenshot. Therefore, this method of projection from the intranet to the external network, along with the deliberate delay settings of the simulated device, does not affect normal human operation and convenience, but it is an unacceptably inefficient approach for AI, quantum computing, or code-based robots. Thus, it ensures that the individual's personal data belongs to the entity's personnel for their own use, rather than being maliciously stolen in bulk or illegally used.

[0050] Optionally, the external network access module also has a third-party identity association function. If the user accesses through WeChat, the external network access module automatically reads the WeChat verified Token UUID and simulates keyboard input to the corresponding verification area of ​​the identity authentication module, automatically associating the WeChat identity with the medical account.

[0051] Optionally, the external network access module has a device information sensing function. The external network access module automatically identifies the device resolution and operating system type of the user terminal and generates an adaptation command, which is synchronized to the internal network data processing module through the one-way signal transmission module. After receiving the adaptation command, the internal network data processing module adjusts the resolution of the medical data display screen to match the display parameters of the display screen and the user terminal.

[0052] Specifically, whether the user's device is a mobile phone or a computer desktop, when connected to the external network access module, the external network access module senses the user's screen resolution and operating system, and then synchronizes this information to the internal network smart terminal via a HID command. This allows the internal network smart terminal to provide the corresponding interface resolution. The user will see an operating interface that matches their terminal device. The first thing the user sees on the operating interface is the hospital's internal system login management interface, where the user must enter their personal authentication password. Of course, if it's a system like WeChat where verification results in an independent token UUID, and the internal system is also associated with this ID, the external network access module can automatically simulate keyboard input in the corresponding area on the login screen, facilitating user account association. The password authentication can be another dynamic SMS password. After successful authentication, the internal application will display the user's relevant personal information, such as medical records in the medical field. The user needs to click on a specific category to continue browsing detailed information.

[0053] The system provided in this embodiment, in its first aspect, utilizes the collaborative cooperation of an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module. The external network access module serves as the external interface between the user terminal and the system, enabling the user terminal to easily establish a connection without requiring additional software installation. The internal network data processing module retrieves medical data from the institution's internal network and generates display screens, without directly outputting raw data to the external network. The one-way signal transmission module constructs a bidirectional independent one-way channel to physically block network communication between modules, allowing only one-way transmission of operation signals and display screens. The identity authentication module, deployed within the internal network data processing module, only retrieves authorized data from verified users, forming a closed-loop collaborative mechanism. This ensures that medical data remains within the secure internal network domain and does not leak out, while also meeting the core needs of users for querying and authorized sharing. It fundamentally eliminates the risk of data leakage due to attacks, interception, and theft under traditional cloud storage models.

[0054] Secondly, the external network access module sets a transmission control rule for the converted HID signal with a fixed operation delay of 0.1 seconds and a 1-second repeat signal filtering rule for specific input keys. This not only does not affect the normal human operating experience, but also significantly increases the time cost and difficulty of batch simulation operations by AI or code robots, effectively resisting the behavior of machines stealing data in batches.

[0055] Thirdly, the external network access module automatically senses the user's device resolution and operating system type and generates adaptation instructions. The internal network data processing module adjusts the display screen resolution accordingly to ensure that the user obtains an adapted operating interface. Furthermore, for DICOM format image data, the display screen has a preset deviation of 0.1mm between its pixels and the actual size after dynamic scaling. Even if the user takes a screenshot of the display screen, the resulting image will lose its original medical application value due to this deviation, further ensuring that medical data will not be illegally used through screenshots or other means, thus comprehensively strengthening the data security protection effect.

[0056] Corresponding to the aforementioned embodiment of a medical personal data security interaction system, this application also provides an embodiment of a medical personal data management method.

[0057] Figure 2 This is a flowchart illustrating the medical personal data management method provided in Embodiment 2 of this application. Please refer to... Figure 2 The method provided in this embodiment is applied to the medical personal data security interaction system according to any one of the first aspects of this application, and the method includes:

[0058] S201. The user establishes a connection with the external network access module through the user terminal. The external network access module senses the device information of the user terminal and generates an adaptation command, which is then synchronized to the internal network data processing module through the one-way signal transmission module.

[0059] S202. The intranet data processing module starts the identity authentication module, generates a login interface, and transmits it to the external network access module through the one-way signal transmission module. The external network access module then feeds back to the user terminal, where the user verifies their identity.

[0060] S203. After successful identity authentication, the user performs entity operations through the user terminal, generates entity operation signals, and transmits them to the external network access module. The external network access module converts the entity operation signals into HID signals and transmits them to the internal network data processing module through the unidirectional signal transmission module according to the transmission control rules.

[0061] S204. The intranet data processing module responds to the HID signal, retrieves the target medical data and corresponding applications from the intranet, generates an adapted medical data display screen, and transmits it to the external network access module through the one-way signal transmission module.

[0062] S205, the external network access module, feeds back the medical data display screen to the user terminal.

[0063] The method in this embodiment can be used to execute Figure 1 The steps of the system embodiment shown are similar in principle and process, and will not be repeated here.

[0064] The specific implementation process of the functions and roles of each unit in the above device can be found in the implementation process of the corresponding steps in the above method, and will not be repeated here.

[0065] For the device embodiments, since they basically correspond to the method embodiments, the relevant parts can be referred to in the description of the method embodiments. The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this application according to actual needs. Those skilled in the art can understand and implement this without creative effort.

[0066] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of protection of this application.

Claims

1. A medical personal data secure interaction system, characterized in that, The system includes: an external network access module, an internal network data processing module, a one-way signal transmission module, and an identity authentication module; The external network access module connects to the Internet and is used to establish a connection with the user terminal, receive physical operation signals from the user terminal, and provide feedback to the user terminal with medical data display screens. The intranet data processing module is connected to the intranet of the medical data production organization to retrieve medical data and corresponding applications from the intranet, respond to the entity operation signals, and generate a medical data display screen. The one-way signal transmission module is connected to the external network access module and the internal network data processing module respectively, forming a bidirectional independent one-way signal transmission channel. There is no network communication between the external network access module and the internal network data processing module. The first channel in the one-way signal transmission module is used for the internal network data processing module to transmit medical data display screen to the external network access module in one direction. The second channel is used for the external network access module to transmit physical operation signals to the internal network data processing module in one direction. The identity authentication module is deployed on the intranet data processing module and is used to verify the user's identity. After successful verification, the intranet data processing module is authorized to retrieve medical data.

2. The system according to claim 1, characterized in that, The external network access module is an IPv6 KVM device, and the internal network data processing module is a Raspberry Pi or a smart terminal device with equivalent data processing and internal network access capabilities.

3. The system according to claim 1, characterized in that, The external network access module and the internal network data processing module are paired one-to-one to form a collaborative unit. Multiple collaborative units are arranged in an array and deployed in the institution's computer room. The number of collaborative units in the array is 500 to 1000 pairs to adapt to the user scale and data access needs of the institution's computer room.

4. The system according to claim 1, characterized in that, The unidirectional signal transmission module includes two unidirectional transmission lines. One transmission line is an HDMI cable, which serves as a unidirectional transmission channel for medical data display, connecting the intranet data processing module and the extranet access module. It is used for the intranet data processing module to unidirectionally output medical data display images in video format to the extranet access module. The other transmission line is a USB cable, which serves as a unidirectional transmission channel for physical operation signals, connecting the extranet access module and the intranet data processing module. It is used for the extranet access module to unidirectionally transmit analog HID mouse and keyboard signals to the intranet data processing module.

5. The system according to claim 1, characterized in that, After receiving the entity operation signal from the user terminal, the external network access module converts the entity operation signal into an HID signal that can be recognized by the internal network data processing module.

6. The system according to claim 5, characterized in that, The external network access module sets transmission control rules for the converted HID signal, including signal delay rules and duplicate signal filtering rules. The signal delay rules include: when the HID signal is transmitted from the external network access module to the internal network data processing module, a fixed operation delay of 0.1 seconds is set, and each HID signal is transmitted sequentially according to a preset time interval; The repeated signal filtering rule includes: setting a 1-second signal filtering window for the HID signal corresponding to a specific input key; if the same repeated HID signal is detected within the signal filtering window, only the first valid signal is retained, and subsequent repeated signals are ignored.

7. The system according to claim 1, characterized in that, The external network access module has multi-terminal adaptation capability. The user terminal includes a laptop computer and a mobile phone. The mobile phone establishes a connection with the external network access module through a WeChat official account or mini program, and the user terminal does not need to install any additional dedicated software or client.

8. The system according to claim 7, characterized in that, The external network access module also has a third-party identity association function. If the user accesses through WeChat, the external network access module automatically reads the WeChat verified Token UUID and simulates keyboard input to the corresponding verification area of ​​the identity authentication module, automatically associating the WeChat identity with the medical account.

9. The system according to claim 1, characterized in that, The external network access module has a device information sensing function. The external network access module automatically identifies the device resolution and operating system type of the user terminal, generates adaptation instructions, and synchronizes them to the internal network data processing module through the one-way signal transmission module. After receiving the adaptation command, the intranet data processing module adjusts the resolution of the medical data display screen to match the display parameters of the display screen with those of the user terminal.

10. A method for managing personal medical data, characterized in that, The method is applied to the medical personal data security interaction system according to any one of claims 1-9, and the method includes: Users establish a connection with the external network access module through the user terminal. The external network access module senses the device information of the user terminal and generates adaptation instructions, which are then synchronized to the internal network data processing module through the one-way signal transmission module. The intranet data processing module starts the identity authentication module, generates a login interface, and transmits it to the external network access module through the one-way signal transmission module. The external network access module then feeds back to the user terminal, where the user verifies their identity. After identity authentication is successful, the user performs entity operations through the user terminal, generates entity operation signals and transmits them to the external network access module. The external network access module converts the entity operation signals into HID signals and transmits them to the internal network data processing module through the one-way signal transmission module according to the transmission control rules. The intranet data processing module responds to the HID signal, retrieves the target medical data and corresponding applications from the intranet, generates an adapted medical data display screen, and transmits it to the external network access module through the one-way signal transmission module. The external network access module displays medical data to the user.