Medical health record data encryption and sharing method and device based on homomorphic computation

By using layered encryption and data processing in a secure computing environment, the privacy protection of medical and health record data throughout its entire lifecycle is solved, enabling secure data sharing and compliant use.

CN122339729APending Publication Date: 2026-07-03DIGITAL INTELLIGENCE CLOUD ALLIANCE (SHANDONG) DIGITAL TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
DIGITAL INTELLIGENCE CLOUD ALLIANCE (SHANDONG) DIGITAL TECHNOLOGY CO LTD
Filing Date
2026-03-10
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing methods for protecting and sharing the privacy of medical and health records cannot achieve full lifecycle privacy protection. Furthermore, plaintext data is easily accessed and stolen without authorization, and anonymization processes reduce data integrity. Cross-data source correlation analysis poses a risk of privacy leakage.

Method used

A layered encryption strategy is adopted to encrypt medical and health record data, generating encrypted data. This encrypted data is then used for computation and sharing within the encrypted data usage environment. Combined with access control and sensitivity level classification, this ensures that the data maintains privacy protection throughout its entire lifecycle.

Benefits of technology

It achieves privacy protection for data throughout its entire lifecycle, allowing it to be used without decryption, preventing cross-data leakage, balancing the flexibility of data sharing with privacy and security, and meeting compliance requirements.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122339729A_ABST
    Figure CN122339729A_ABST
Patent Text Reader

Abstract

This application discloses a method and device for encrypting and sharing medical and health record data based on encrypted computation. The method includes: preprocessing received medical and health record data to obtain compliant data; encrypting the compliant data using a preset layered encryption strategy to obtain encrypted data; calling a preset medical basic algorithm and encapsulating the medical basic algorithm into an encrypted computation operator adapted to the encryption form and structural attributes of the encrypted data; creating an encrypted data usage environment based on user-submitted task and permission requests; performing fragmented computation on the encrypted data within the authorized scope using the adapted encrypted computation operator within the encrypted data usage environment to obtain encrypted computation results; and classifying the encrypted computation results according to sensitivity levels to complete the sharing of medical and health record data. This method strengthens the privacy and security protection of medical and health record data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data privacy protection and sharing technology, and in particular to a method and device for encrypting and sharing medical and health record data based on encrypted computing. Background Technology

[0002] With the rapid development of medical informatization, the value of medical and health record data is becoming increasingly prominent. However, medical and health record data contains a large amount of sensitive personal information, involving patient privacy, and its sharing and use face strict compliance requirements. Currently, methods for privacy protection and sharing of medical and health record data have certain limitations; On the one hand, some existing methods use desensitization techniques such as deletion, replacement, and masking to remove sensitive fields from medical and health record data before sharing the data. However, this method may reduce the data value due to excessive desensitization, making it difficult to meet the data integrity requirements of research and other scenarios. At the same time, attackers may still be able to re-identify sensitive information through cross-data source correlation analysis, thus posing a risk of privacy breaches.

[0003] On the other hand, some existing methods encrypt and store data using symmetric and asymmetric encryption. However, in actual sharing, the data often needs to be decrypted into plaintext before it can be used. At this point, the data is in plaintext, making it extremely vulnerable to unauthorized access, theft, or misuse, thus failing to achieve full lifecycle privacy protection for the data. Summary of the Invention

[0004] This application provides a method and device for encrypting and sharing medical and health record data based on encrypted computing, which solves the problem that the existing methods for privacy protection and sharing of medical and health record data cannot achieve privacy protection throughout the entire data lifecycle.

[0005] The embodiments of this application adopt the following technical solutions: On the one hand, embodiments of this application provide a method for encrypting and sharing medical and health record data based on encrypted computation, the method comprising: The received medical and health record data is preprocessed to obtain compliant data; The compliant data is encrypted using a preset layered encryption strategy to obtain encrypted data. Invoke a preset medical basic algorithm and encapsulate the medical basic algorithm into a dense state computation operator that adapts to the encryption form and structural attributes of the dense state data; Create a secure data usage environment based on the user's submitted task and permission requests; Receive the encrypted data processing task submitted by the user within the encrypted data usage environment, and match the appropriate encrypted calculation operator according to the encrypted data processing task; The dense state data within the authorized range is sliced ​​and calculated using an adapted dense state calculation operator to obtain the dense state calculation results; The results of the dense state calculation are classified and processed according to their sensitivity levels. Combined with preset result usage rules and export control rules, medical and health record data sharing is completed.

[0006] In one example, the preprocessing of received medical and health record data to obtain compliant data specifically includes: The medical and health record data is format-validated to determine whether it conforms to a preset medical data standard format. If the medical and health record data does not conform to the preset medical data standard format, a prompt message including the specific error reason will be returned, and the corrected medical and health record data will be received again. Perform integrity checks on the medical and health record data that has passed the format validation to determine whether any key fields are missing from the medical and health record data. If the medical and health record data has missing key fields, a prompt message including the specific reason for the error will be returned, and the corrected medical and health record data will be received again. Data cleaning is performed on the medical and health record data that has passed the integrity check. Outliers and duplicates in the medical and health record data that has passed the integrity check are identified and processed to obtain cleaned medical and health record data. The cleaned medical and health record data is standardized to obtain compliant data.

[0007] In one example, the encryption of the compliant data using a preset layered encryption strategy to obtain encrypted data specifically includes: The structured data in the compliant data is subjected to fine-grained encryption processing according to the sensitivity of the fields to obtain encrypted data; The unstructured data in the compliant data is converted into structured feature vectors using a feature extraction algorithm; The feature vector is fragmented and encrypted using a homomorphic encryption algorithm or a secure multi-party computation protocol to obtain encrypted data.

[0008] In one example, the fine-grained encryption processing of the structured data in the compliant data according to the sensitivity of the fields to obtain encrypted data specifically includes: A symmetric encryption algorithm is used to generate the symmetric key for the highly sensitive fields in the structured data; The highly sensitive field is encrypted using the symmetric key to obtain the encrypted data of the highly sensitive field; The symmetric key is encrypted using an asymmetric encryption algorithm, and the encrypted symmetric key is associated with the encrypted data for storage to obtain the encrypted data of the highly sensitive field. The sensitive fields in the structured data are encrypted using a homomorphic encryption algorithm to obtain the encrypted data of the sensitive fields. A lightweight symmetric encryption algorithm is used to encrypt the low-sensitivity fields in the structured data to obtain the encrypted data of the low-sensitivity fields.

[0009] In one example, after encapsulating the medical fundamental algorithm into a cryptographic computation operator adapted to the cryptographic form and structural properties of the cryptographic data, the method further includes: The dense-state computation operator is subjected to operator lightweight design, operator parallelization processing, and operator dynamic expansion; Assign a unique operator identifier to each dense state computation operator and store the dense state computation operators in a preset operator library.

[0010] In one example, the creation of a secure data usage environment based on the user-submitted task and permission requests specifically includes: The system receives permission requests and task requests submitted by users. The permission requests include the purpose of data use, the range of encrypted data to be accessed, and the type of encrypted computation operator to be invoked. The task requests include the task type, data size, and computational resource requirements. The permission request is processed through a multi-node approval process to generate permission credentials; Based on the task type and data scale in the task application, a dedicated sandbox is created; the dedicated sandbox is allocated independent computing and storage resources and pre-installed with the operating environment and medical processing tools required for encrypted computing; the computing resources are dynamically adjusted according to the task complexity, and the storage resources only grant access to encrypted data within the authorized scope; Containerization and process isolation technologies are used to perform resource and data isolation processing on the dedicated sandbox. The access credentials, user account, and isolated sandbox are bound together to obtain the encrypted data usage environment.

[0011] In one example, the matching of the appropriate dense-state computation operator based on the dense-state data processing task specifically includes: Extract the target features corresponding to the dense-state data processing task; Based on the target features, the adaptation features of each dense state computation operator are matched to select the dense state computation operators that are suitable for the dense state data processing task.

[0012] In one example, the classification and processing of the dense state calculation results according to sensitivity levels, combined with preset result usage rules and export control rules, achieves secure sharing of medical and health record data, specifically including: Based on the task type and sensitivity corresponding to the dense state calculation results, the dense state calculation results are divided into high-sensitivity results, medium-sensitivity results, and low-sensitivity results; Highly sensitive results are stored in a closed state within the closed data usage environment. Subsequent authorized association operations are only permitted within the closed data usage environment, and exporting the closed data usage environment is prohibited. Sensitive results are desensitized to remove sensitive information; The sensitive results with sensitive information removed are returned to the encrypted data usage environment for authorized user use, and the encrypted data usage environment of the sensitive results is restricted. The low-sensitivity result is decrypted into plaintext, and the plaintext is then subject to secondary authorization and approval. Export the plaintext data that has passed the second authorization approval to the encrypted data usage environment.

[0013] In one example, the method further includes: When the medical and health record data exceeds a preset data threshold, the medical and health record data becomes ultra-large-scale data; The massive data is divided into multiple data fragments according to a preset fragmentation rule. Preprocess each data fragment to obtain effective data fragments; The valid data segments are then integrated and processed to obtain compliant data.

[0014] On the other hand, embodiments of this application provide a medical and health record data encryption and sharing device based on encrypted computing, including: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to execute any of the above-described methods for medical and health record data encryption and sharing based on encrypted computing.

[0015] The above-described technical solutions adopted in the embodiments of this application can achieve the following beneficial effects: The method provided in this application encrypts compliant data using a preset layered encryption strategy to obtain encrypted data, avoiding data integrity damage caused by the removal of sensitive fields during the de-identification process. Moreover, the data exists in encrypted form throughout its entire lifecycle and can be used without decryption. This solves the problem that existing symmetric / asymmetric encryption methods require decryption into plaintext when using data, making them vulnerable to unauthorized access and theft. It achieves data usability without visibility and realizes privacy protection throughout the entire lifecycle.

[0016] Based on user task requests and permission requests, a dedicated encrypted data usage environment is created. Combined with permission control, data access within the authorized scope is realized. This solves the problems in existing technologies where de-identified data is easily re-identified through cross-data source correlation analysis and the permissions control for encrypted data is insufficient. It prevents cross-data leakage and strengthens privacy and security protection.

[0017] The results of dense state calculations are classified and processed according to their sensitivity levels, and preset rules for the use and export of results are executed. This solves the problem of lack of security control over results during data sharing and the risk of privacy leakage in existing technologies, while balancing the flexibility of data sharing with privacy security and compliance requirements. Attached Figure Description

[0018] To more clearly illustrate the technical solution of this application, some embodiments of this application will be described in detail below with reference to the accompanying drawings, in which: Figure 1 A flowchart illustrating a method for encrypting and sharing medical and health record data based on dense state computation, provided in an embodiment of this application; Figure 2 This is a schematic diagram of a medical and health record data encryption and sharing device based on encrypted computing, provided as an embodiment of this application. Detailed Implementation

[0019] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions of this application will be clearly and completely described below in conjunction with specific embodiments and corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0020] Some embodiments of this application will now be described in detail with reference to the accompanying drawings.

[0021] Figure 1This is a flowchart illustrating a method for encrypting and sharing medical and health record data based on encrypted computing, provided in an embodiment of this application. This method can be applied to different business domains. The process can be executed by computing devices in the corresponding domain, and certain input parameters or intermediate results in the process can be manually adjusted to help improve accuracy.

[0022] The analysis method involved in the embodiments of this application can be implemented by a terminal device or a server, and this application does not impose any special limitations on it. For ease of understanding and description, the following embodiments are all described in detail using a server as an example.

[0023] It should be noted that the server can be a single device or a system composed of multiple devices, i.e., a distributed server. This application does not make any specific limitations on this.

[0024] Figure 1 The process includes the following steps: S101. Preprocess the received medical and health record data to obtain compliant data.

[0025] Medical and health record data may include, for example, basic patient information such as name and ID number, diagnostic records, examination reports, medication history, medical imaging files, and scanned copies of doctors' handwritten medical records. It may also include structured data such as electronic medical record database tables, and both structured and unstructured fields in laboratory reports.

[0026] This application's embodiments feature multi-source data adaptation capabilities, supporting application programming interfaces (APIs) and secure file transfer protocols (SFTP) for data access, and are compatible with both standard medical industry protocols and non-standard data formats. Non-standard format data can be configured with custom parsing templates through a visual interface to achieve standardized field mapping for access. This application's embodiments support batch access and real-time access. Batch access can, for example, employ breakpoint resume technology to adapt to historical data migration, while real-time access can, for example, use the WebSocket protocol to adapt to real-time outpatient diagnostic data, ensuring low latency.

[0027] In some embodiments of this application, the medical and health record data is first validated to determine whether it conforms to a preset medical data standard format. If the medical and health record data does not conform to the preset medical data standard format, a prompt message including the specific reason for the error is returned, and the corrected medical and health record data is received again.

[0028] Among them, the preset medical data standard format can be the standard format requirements corresponding to industry specifications such as the built-in "Electronic Medical Record Basic Dataset", "DICOM Medical Imaging Standard", electronic medical record data transmission protocol (HL7 FHIR) and medical imaging data transmission protocol (DICOM).

[0029] Secondly, the medical and health record data that has passed format validation undergoes an integrity check to determine if any critical fields are missing. If critical fields are missing, a message including the specific reason for the error is returned, and the corrected medical and health record data is received again.

[0030] Key fields refer to the core fields that ensure the validity and usability of data, such as the diagnosis time and doctor's employee number in medical data, and the test index values ​​and reference ranges in test reports.

[0031] Subsequently, the medical and health record data that passed the integrity check was cleaned. Outliers and duplicates in the medical and health record data that passed the integrity check were identified and processed to obtain the cleaned medical and health record data.

[0032] Outliers refer to data that exceeds the normal physiological or logically reasonable range, such as a blood glucose level recorded as 1000 mmol / L. Duplicate values ​​refer to redundant data such as repeated examination records of the same patient.

[0033] Finally, the cleaned medical and health record data is standardized to obtain compliant data.

[0034] Standardization processing refers to converting heterogeneous data from different hospitals into a unified format. For example, age fields are uniformly converted to years in years, and diagnostic results are uniformly mapped to ICD-10 disease codes.

[0035] Furthermore, to reduce the data processing pressure on a single node, the method also includes: When medical and health record data exceeds a preset data threshold, the medical and health record data is considered ultra-large-scale data. The ultra-large-scale data is segmented according to preset segmentation rules, resulting in multiple data segments. Each data segment is preprocessed to obtain valid data segments. These valid data segments are then integrated to obtain compliant data.

[0036] The preset data threshold refers to the criteria for judging ultra-large-scale data set according to actual application scenarios, such as TB-level medical image datasets and million-level structured diagnosis and treatment datasets. The preset sharding rules may include sharding by patient identity identifier (ID) hash, sharding by time range, etc., to adapt to subsequent distributed storage and parallel computing needs.

[0037] It should be noted that after the ultra-large-scale data is sharded, each shard independently performs the preprocessing process. After processing, the shard structure is retained, and it is only logically integrated into a compliant data set, laying the foundation for subsequent distributed encrypted storage.

[0038] S102. Encrypt the compliant data using a preset layered encryption strategy to obtain encrypted data.

[0039] Among them, the layered encryption strategy refers to encrypting data of different specifications according to differentiated encryption strategies.

[0040] In some embodiments of this application, structured data in compliant data undergoes fine-grained encryption based on field sensitivity to obtain encrypted data. Unstructured data in the compliant data is then converted into structured feature vectors using a feature extraction algorithm. Homomorphic encryption algorithms or secure multi-party computation protocols are then used to perform fragmented encryption on the feature vectors to obtain encrypted data.

[0041] Among them, field sensitivity refers to classifying structured data fields into three levels: extremely sensitive (e.g., name, ID number, contact information), medium-high sensitive (e.g., blood glucose level, medication dosage, examination indicators), and low sensitive (e.g., hospital department information, equipment number).

[0042] Feature extraction algorithms can include, for example, lesion feature extraction models based on UNet or ResNet50, and semantic feature extraction methods using OCR technology and the BERT model for unstructured text data. Homomorphic encryption algorithms can include, for example, the CKKS algorithm to support real-valued encrypted computation, and the BFV algorithm to adapt to feature vector encryption, supporting direct computation operations on encrypted data without decryption.

[0043] Secure Multi-Party Computation Protocol (SMPC) refers to the fragmented encryption of feature vectors for unstructured text-based data. It requires multiple nodes to collaborate in computation to restore the features, thereby improving privacy and security.

[0044] For example, fine-grained encryption processing is performed on structured data within compliant data according to the sensitivity of each field to obtain encrypted data. This can include, for instance, generating a symmetric key for highly sensitive fields in the structured data using a symmetric encryption algorithm. The highly sensitive fields are then encrypted using this symmetric key to obtain encrypted data for those fields. Next, the symmetric key is encrypted using an asymmetric encryption algorithm, and the encrypted symmetric key is associated with and stored with the encrypted data to obtain encrypted data for the highly sensitive fields. Finally, homomorphic encryption algorithms are used to encrypt moderately sensitive fields in the structured data to obtain encrypted data for those fields. Finally, lightweight symmetric encryption algorithms are used to encrypt low-sensitivity fields in the structured data to obtain encrypted data for those fields.

[0045] Symmetric encryption algorithms, such as AES-256, are characterized by high encryption efficiency and strong security. Asymmetric encryption algorithms are used to encrypt the symmetric key, ensuring key security; an example is the RSA-4096 algorithm. Lightweight symmetric encryption algorithms, such as SM4, reduce computational overhead while maintaining basic security.

[0046] Optionally, in some embodiments of this application, unstructured data such as raw medical image data can be stored locally by the data holder, with only the extracted feature vectors encrypted before uploading. Text-based data, for example, can be converted into text via OCR, semantic feature vectors can be extracted, and then fragmented and encrypted using the SMPC protocol, and distributed and stored across multiple nodes.

[0047] For example, encrypted data transmission can employ the TLS 1.3 protocol to prevent theft or tampering during transmission. For storage, distributed storage and data fragmentation encryption can be used, where each fragment is encrypted with an independent key, and erasure coding technology is used to generate redundant fragments to ensure data availability.

[0048] The symmetric key for highly sensitive fields is stored in association after being encrypted asymmetrically. Only authorized users can decrypt the symmetric key, thus achieving dual security protection.

[0049] S103. Call the preset medical basic algorithm and encapsulate the medical basic algorithm into a dense calculation operator that adapts to the encryption form and structural attributes of dense data.

[0050] Among them, medical basic algorithms can include statistical analysis algorithms, scientific research analysis algorithms, and clinical-specific algorithms. Statistical analysis algorithms can include algorithms for calculating mean, variance, and median, scientific research analysis algorithms can include algorithms for regression analysis and classification model training, and clinical-specific algorithms can include algorithms for medical image lesion segmentation and gene sequence alignment.

[0051] The encryption form and structural attributes of encrypted data refer to the encryption algorithm type, data storage form, and data type of encrypted data. Encryption algorithm types can include, for example, AES-256, CKKS, BFV, etc.; data storage forms can include, for example, fragmented storage, whole-data storage, etc.; and data types can include, for example, structured encrypted data, unstructured feature vector encrypted data, etc.

[0052] In some embodiments of this application, after encapsulating the basic medical algorithm into a dense-state computation operator adapted to the encryption form and structural properties of dense-state data, the method further includes: The dense-state computation operators are designed with lightweight operation, parallelized operation, and dynamic expansion. A unique operator identifier is assigned to each dense-state computation operator, and the dense-state computation operators are stored in a preset operator library.

[0053] Among them, operator lightweight design refers to optimizing the operator computation logic to reduce the number of dense multiplication operations. For example, the mean calculation operator reduces the number of dense multiplication operations from O(n) to 1 by first summing and then dividing, where n is the amount of data.

[0054] Operator parallelization can be implemented, for example, by deploying operators on GPU clusters to support parallel computation of multiple data slices. Dynamic operator expansion can be achieved, for example, by using an operator development software development kit (SDK) to support user-defined dense-state operators specifically for medical scenarios.

[0055] Optionally, when developing custom operators, the SDK can, for example, include built-in tools for checking the security of dense computation to ensure that the operators meet the security requirements of not leaking the original data and can be seamlessly integrated into the operator library.

[0056] The pre-defined operator library stores encapsulated, dense-state computation operators to establish a mapping relationship between operator identifiers, applicable data types, and computational functions. For example, the pre-defined operator library can be functionally categorized into statistical analysis, research analysis, and clinical-specific categories for easy matching and retrieval. The statistical analysis category might store operators for mean and variance calculations; the research analysis category might store operators for regression analysis and classification model training; and the clinical-specific category might store operators for medical image lesion segmentation.

[0057] S104. Create a secure data usage environment based on the task and permission requests submitted by the user.

[0058] The permission request may include, for example, the purpose of data use, the range of encrypted data to be accessed, the type of encrypted computation operator to be invoked, and the method of data use, such as performing only encrypted statistical analysis and not exporting the original data.

[0059] Task requests can include details such as task type, data size, and computing resource requirements. Task types can include tasks like statistical analysis of disease clinical characteristics, training of medical data prediction models, and querying emergency room treatment data. Data size can include information such as the number of data shards. Computing resource requirements can include requirements for resources such as the Central Processing Unit (CPU), GPU, and memory.

[0060] In some embodiments of this application, firstly, a user-submitted permission request and task request are received. The permission request includes the purpose of data use, the range of encrypted data to be accessed, and the type of encrypted computation operator to be invoked. The task request includes the task type, data size, and computational resource requirements. The permission request undergoes multi-node approval processing to generate permission credentials.

[0061] The approval nodes can include, for example, the hospital ethics committee, the data security management department, and the health commission's regulatory node. The hospital ethics committee reviews medical ethics compliance, the data security management department reviews the reasonableness of the data scope, and the health commission's regulatory node reviews overall compliance. Access credentials serve as the core basis for access control and may include information such as credential number, authorized data scope, permitted operation types, and validity period.

[0062] Secondly, a dedicated sandbox is created based on the task type and data scale in the task application. Each dedicated sandbox is allocated independent computing and storage resources, and pre-installed with the runtime environment and medical processing tools required for encrypted computing. Computing resources are dynamically adjusted according to task complexity, and storage resources are only accessible for encrypted data within the authorized scope.

[0063] Finally, containerization and process isolation technologies are used to isolate resources and data within the dedicated sandbox. Access credentials, user accounts, and the isolated sandbox are bound together to create a secure data usage environment.

[0064] Optionally, Kubernetes container orchestration technology can be used to predict resource requirements based on task type and data scale, enabling dynamic scaling up and down. Task priorities can be set; for example, emergency medical tasks have higher priority than research tasks, to ensure resource requirements for critical tasks are met.

[0065] Sandbox network access can employ policies such as default denial and on-demand allowance, permitting communication only with the access control module, task execution module, and audit log module, while prohibiting internet access. The sandbox should also be prohibited from writing data to external storage to prevent data leakage.

[0066] S105. Receive the encrypted data processing task submitted by the user in the encrypted data usage environment, and match the appropriate encrypted calculation operator according to the encrypted data processing task.

[0067] Dense-state data processing tasks may include, for example, statistical analysis tasks, model training tasks, and clinical analysis tasks. Statistical analysis tasks may include, for example, calculating average blood glucose levels for patients and statistically analyzing regional disease incidence rates; model training tasks may include training diabetes prediction models; and clinical analysis tasks may include analyzing medical imaging lesion features.

[0068] In some embodiments of this application, target features corresponding to the dense-state data processing task are extracted. Based on the target features and the adaptation features of each dense-state computation operator, dense-state computation operators adapted to the dense-state data processing task are selected.

[0069] Among them, target features refer to the core attributes of dense data processing tasks, such as task type, data type, data scale, computational requirements, and authorized data range. Adaptation features refer to attributes such as the applicable data types, supported computational functions, and adaptability to data sharding of dense computation operators.

[0070] Optionally, in the examples of this application, the matching method can be optimized, for example, by using drag-and-drop operation based on a visual interface or by automatically matching through a programming interface operator, to improve matching efficiency. When facing scenarios involving ultra-large-scale data processing tasks, for example, operators supporting multi-shard collaborative computation can be automatically matched to ensure the feasibility of parallel computing.

[0071] S106. Perform piecewise computation on the dense state data within the authorized range using the adapted dense state computation operator to obtain the dense state computation result.

[0072] In some embodiments of this application, task queues and thread pools can be used to support the parallel execution of multiple tasks. For resource-intensive tasks, such as large-scale model training, resource limits can be imposed to avoid affecting other tasks. A task failure retry mechanism can also be set, for example, retrying 3 times by default, with intervals of 10 seconds, 30 seconds, and 60 seconds respectively. The reason for the retry failure is recorded and the user is notified.

[0073] Operators deployed on GPU clusters can also be used to support synchronous computation of multiple data shards. For example, during the training of a logistic regression model, dense gradient calculations can be performed on 10 data shards simultaneously to significantly shorten training time.

[0074] It can also verify user permissions, sandbox legitimacy, and operation scope in real time during the calculation process. If there is unauthorized access or violation, the calculation will be blocked immediately and the anomaly will be recorded.

[0075] S107. Classify and process the results of dense state calculation according to their sensitivity level, and combine them with the preset results usage rules and export control rules to complete the sharing of medical and health record data.

[0076] The sensitivity level is categorized into three levels—high sensitivity, medium sensitivity, and low sensitivity—based on task type and outcome characteristics. High-sensitivity outcomes may include, for example, dense-state model parameters or individual patient feature vectors. Medium-sensitivity outcomes may include statistical data such as regional disease incidence rates. Low-sensitivity outcomes may include statistical data from hospital departments.

[0077] In some embodiments of this application, based on the task type and sensitivity level corresponding to the encrypted computation results, the encrypted computation results are divided into high-sensitivity results, medium-sensitivity results, and low-sensitivity results. High-sensitivity results are stored in encrypted form within the encrypted data usage environment, allowing only subsequent authorized association operations within this environment and prohibiting their export. Medium-sensitivity results undergo de-identification processing to remove sensitive information. The medium-sensitivity results with removed sensitive information are returned to the encrypted data usage environment for user authorization, restricting their export. Low-sensitivity results are decrypted into plaintext, and secondary authorization approval is performed on the plaintext. The plaintext that passes the secondary authorization approval is compliantly exported to the encrypted data usage environment.

[0078] Among these, desensitization refers to partially decrypting moderately sensitive results, retaining statistical significance while removing sensitive individual information. Results usage rules refer to the restrictions on the use of results with different sensitivity levels; for example, highly sensitive results are only permitted for subsequent association operations within a sandbox. Export control rules refer to the authorization requirements and operational specifications for exporting results.

[0079] Secondary authorization approval could be implemented, for example, requiring approval from a data security administrator after exporting low-sensitivity results to ensure compliance. Dynamic watermarks could include information such as the exporting user, export time, and purpose, which could be used to trace the source of the leak.

[0080] Optionally, in some embodiments of this application, after the task is completed, the user can manually destroy the results or set an automatic destruction time. Once the results are destroyed, they are completely deleted and cannot be recovered, thus avoiding the risk of leakage caused by long-term storage.

[0081] Highly sensitive and moderately sensitive results are stored exclusively within a dedicated sandbox and are not permitted to be written to external storage media. Low-sensitivity results, stored in plaintext, can be watermarked with information such as data source and usage authorization to prevent tampering or misuse. Highly sensitive results can be displayed in encrypted form within the sandbox, moderately sensitive results in de-identified plaintext, and low-sensitivity results in watermarked plaintext to ensure users obtain only the relevant information they need.

[0082] The method provided in this application preprocesses the received medical and health record data to screen for compliant data, ensuring data compliance while preserving the complete medical value of the data. It encrypts the compliant data using a pre-defined layered encryption strategy to obtain encrypted data, which exists in encrypted form throughout its entire lifecycle and can be used without decryption, achieving data usability without visibility and full lifecycle privacy protection.

[0083] By encapsulating basic medical algorithms into dense-state computation operators adapted to dense-state data, it supports the direct execution of statistical analysis, model training, and other operations in a dense-state environment, fully releasing the research and application value of medical data.

[0084] Create a dedicated secure data usage environment based on user task requests and permission requests, and combine this with permission control to enable data access within the authorized scope, prevent cross-data leakage, and strengthen privacy and security protection.

[0085] The results of encrypted computation are classified and processed according to their sensitivity level, and preset rules for the use and export of the results are implemented to balance the flexibility of data sharing with privacy and security and to meet compliance requirements.

[0086] It should be noted that, although the embodiments in this application are based on... Figure 1 Steps S101 to S107 will be described sequentially, but this does not mean that steps S101 to S107 must be performed in a strict order. The reason this embodiment follows this order is... Figure 1 The order in which steps S101 to S107 are described is provided to facilitate understanding of the technical solutions of the embodiments of this application by those skilled in the art. In other words, in the embodiments of this application, the order of steps S101 to S107 can be appropriately adjusted according to actual needs.

[0087] based on Figure 1 In addition to the method described herein, this specification also provides some specific implementation schemes and extension schemes of this method, which will be further explained below.

[0088] Based on the same idea, some embodiments of this application also provide devices and non-volatile computer storage media corresponding to the above methods.

[0089] Figure 2 A schematic diagram of a medical and health record data encryption and sharing device based on encrypted computing, provided for embodiments of this application, includes: At least one processor; and, A memory communicatively connected to the at least one processor; wherein, The memory stores instructions that can be executed by the at least one processor, which, when executed by the at least one processor, enables the at least one processor to perform any of the preceding claims of a method for encrypting and sharing medical and health record data based on encrypted computation.

[0090] The various embodiments in this application are described in a progressive manner. Similar or identical parts between embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, the device embodiments are basically similar to the method embodiments, so the description is relatively simple; relevant parts can be referred to the descriptions of the method embodiments.

[0091] The devices and methods provided in this application are one-to-one correspondences. Therefore, the devices also have similar beneficial technical effects as their corresponding methods. Since the beneficial technical effects of the methods have been described in detail above, the beneficial technical effects of the devices will not be repeated here.

[0092] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0093] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0094] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0095] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0096] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0097] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0098] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0099] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0100] The above description is merely an embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the technical principles of this application should fall within the protection scope of this application.

Claims

1. A method for encrypting and sharing medical and health record data based on dense-state computation, characterized in that, The method includes: The received medical and health record data is preprocessed to obtain compliant data; The compliant data is encrypted using a preset layered encryption strategy to obtain encrypted data. Invoke a preset medical basic algorithm and encapsulate the medical basic algorithm into a dense state computation operator that adapts to the encryption form and structural attributes of the dense state data; Create a secure data usage environment based on the user's submitted task and permission requests; Receive the encrypted data processing task submitted by the user within the encrypted data usage environment, and match the appropriate encrypted calculation operator according to the encrypted data processing task; The dense state data within the authorized range is sliced ​​and calculated using an adapted dense state calculation operator to obtain the dense state calculation results; The results of the dense state calculation are classified and processed according to their sensitivity levels. Combined with preset result usage rules and export control rules, medical and health record data sharing is completed.

2. The method according to claim 1, characterized in that, The preprocessing of the received medical and health record data to obtain compliant data specifically includes: The medical and health record data is format-validated to determine whether it conforms to a preset medical data standard format. If the medical and health record data does not conform to the preset medical data standard format, a prompt message including the specific error reason will be returned, and the corrected medical and health record data will be received again. Perform integrity checks on the medical and health record data that has passed the format validation to determine whether any key fields are missing from the medical and health record data. If the medical and health record data has missing key fields, a prompt message including the specific reason for the error will be returned, and the corrected medical and health record data will be received again. Data cleaning is performed on the medical and health record data that has passed the integrity check. Outliers and duplicates in the medical and health record data that has passed the integrity check are identified and processed to obtain cleaned medical and health record data. The cleaned medical and health record data is standardized to obtain compliant data.

3. The method according to claim 1, characterized in that, The process of encrypting the compliant data using a preset layered encryption strategy to obtain encrypted data specifically includes: The structured data in the compliant data is subjected to fine-grained encryption processing according to the sensitivity of the fields to obtain encrypted data; The unstructured data in the compliant data is converted into structured feature vectors using a feature extraction algorithm; The feature vector is fragmented and encrypted using a homomorphic encryption algorithm or a secure multi-party computation protocol to obtain encrypted data.

4. The method according to claim 3, characterized in that, The process of performing fine-grained encryption on the structured data in the compliant data according to the sensitivity of each field to obtain encrypted data specifically includes: A symmetric encryption algorithm is used to generate the symmetric key for the highly sensitive fields in the structured data; The highly sensitive field is encrypted using the symmetric key to obtain the encrypted data of the highly sensitive field; The symmetric key is encrypted using an asymmetric encryption algorithm, and the encrypted symmetric key is associated with the encrypted data for storage to obtain the encrypted data of the highly sensitive field. The sensitive fields in the structured data are encrypted using a homomorphic encryption algorithm to obtain the encrypted data of the sensitive fields. A lightweight symmetric encryption algorithm is used to encrypt the low-sensitivity fields in the structured data to obtain the encrypted data of the low-sensitivity fields.

5. The method according to claim 1, characterized in that, After encapsulating the medical fundamental algorithm into a cryptographic computation operator adapted to the cryptographic form and structural attributes of the cryptographic data, the method further includes: The dense-state computation operator is subjected to operator lightweight design, operator parallelization processing, and operator dynamic expansion; Assign a unique operator identifier to each dense state computation operator and store the dense state computation operators in a preset operator library.

6. The method according to claim 1, characterized in that, The process of creating a secure data usage environment based on the user's submitted task and permission requests specifically includes: The system receives permission requests and task requests submitted by users. The permission requests include the purpose of data use, the range of encrypted data to be accessed, and the type of encrypted computation operator to be invoked. The task requests include the task type, data size, and computational resource requirements. The permission request is processed through a multi-node approval process to generate permission credentials; Based on the task type and data scale in the task application, a dedicated sandbox is created; the dedicated sandbox is allocated independent computing and storage resources and pre-installed with the operating environment and medical processing tools required for encrypted computing; the computing resources are dynamically adjusted according to the task complexity, and the storage resources only grant access to encrypted data within the authorized scope; Containerization and process isolation technologies are used to perform resource and data isolation processing on the dedicated sandbox. The access credentials, user account, and isolated sandbox are bound together to obtain the encrypted data usage environment.

7. The method according to claim 1, characterized in that, The matching and adaptation of the dense state computation operator based on the dense state data processing task specifically includes: Extract the target features corresponding to the dense-state data processing task; Based on the target features, the adaptation features of each dense state computation operator are matched to select the dense state computation operators that are suitable for the dense state data processing task.

8. The method according to claim 1, characterized in that, The process of classifying the dense state calculation results according to sensitivity levels, combined with preset result usage rules and export control rules, to achieve secure sharing of medical and health record data, specifically includes: Based on the task type and sensitivity corresponding to the dense state calculation results, the dense state calculation results are divided into high-sensitivity results, medium-sensitivity results, and low-sensitivity results; Highly sensitive results are stored in a closed state within the closed data usage environment. Subsequent authorized association operations are only permitted within the closed data usage environment, and exporting the closed data usage environment is prohibited. Sensitive results are desensitized to remove sensitive information; The sensitive results with sensitive information removed are returned to the encrypted data usage environment for authorized user use, and the encrypted data usage environment of the sensitive results is restricted. The low-sensitivity result is decrypted into plaintext, and the plaintext is then subject to secondary authorization and approval. Export the plaintext data that has passed the second authorization approval to the encrypted data usage environment.

9. The method according to claim 1, characterized in that, The method further includes: When the medical and health record data exceeds a preset data threshold, the medical and health record data becomes ultra-large-scale data; The massive data is divided into multiple data fragments according to a preset fragmentation rule. Preprocess each data fragment to obtain effective data fragments; The valid data segments are then integrated and processed to obtain compliant data.

10. A medical and health record data encryption and sharing device based on encrypted computing, characterized in that, include: At least one processor; as well as, A memory communicatively connected to the at least one processor; wherein, The memory stores instructions that can be executed by the at least one processor, which, when executed by the at least one processor, enables the at least one processor to perform the method for encrypting and sharing medical and health record data based on encrypted computing as described in any one of claims 1-9.