CN116028486A - Method and device for data storage and data query - Google Patents

Abstract

The invention discloses a method and a device for data storage and data query, and relates to the technical field of Internet medical treatment and information security. One embodiment of the method comprises the following steps: responding to a first data storage request sent by a service front end, storing data to be stored in a first database, generating a storage aging identifier according to a data identifier of the data to be stored, and sending the storage aging identifier to the service front end; and responding to a second data storage request containing the storage aging identifier sent by the service front end, and storing the data identifier into a second database under the condition that the storage aging identifier is not expired. According to the embodiment, the data security is effectively improved, the personal privacy is maintained, and the security of the platform data information is ensured.

Description

Method and device for data storage and data query

technical field

The invention relates to the technical fields of Internet medical care and information security, in particular to a method and device for data storage and data query.

Background technique

With the development and application of Internet and big data technology, the security of data information as an important asset has also received more and more attention, especially the security of personal information. In the scenario where the user enters and inquires personal information through the platform, the existing technology usually realizes the security management of personal data information through technical means such as user authority control and encryption processing.

In the process of implementing the present invention, the inventor found that for personal file data with a large amount of data, when the data access request is obtained, the backend usually decrypts and returns the corresponding file link to the business front end, and the security of the file link is not guaranteed. Effective protection will lead to risks such as data leakage and tampering. Not only will personal privacy not be effectively protected, but the credibility of the platform will also be affected.

Contents of the invention

In view of this, the embodiments of the present invention provide a method and device for data storage and data query. When storing data, a storage aging identifier is generated according to the data identifier of the data to be stored, and the storage aging identifier is completed when the storage aging identifier has not expired. Data storage; when querying data, the data identifier is obtained according to the user identifier to generate a query aging identifier, and the data to be queried is obtained when the query aging identifier has not expired. Through the data storage and query based on access timeliness in the embodiment of the present invention, data security is effectively improved, personal privacy is maintained, and the security of platform data information is guaranteed.

To achieve the above purpose, according to an aspect of the embodiments of the present invention, a data storage method is provided, including:

In response to receiving the first data storage request from the service front end, save the data to be stored in the first database, generate a storage timeliness identifier according to the data identifier of the data to be stored, and send the storage timeliness identifier to the business front end;

In response to receiving a second data storage request from the service front end that includes the storage timeliness identifier, if the storage timeliness identifier has not expired, save the data identifier to the second database.

Optionally, before saving the data to be stored in the first database, it also includes: encrypting the data to be stored; before saving the data identification in the second database, it also includes: identifying the data Perform encryption processing.

Optionally, after generating the storage aging identifier according to the data identifier of the data to be stored, it further includes: establishing and storing a mapping relationship between the storage aging identifier and the data identifier; saving the data identifier to the second Before the database, the method further includes: searching for the data identifier corresponding to the storage expiration identifier from the stored mapping relationship between the storage expiration identifier and the data identifier according to the storage expiration identifier.

Optionally, the second data storage request includes a user ID, and the storage aging ID has an effective time; if the storage aging ID has not expired, saving the data ID to the second database includes: recording receiving the receiving time of the second data storage request, and obtaining the storage aging identifier from the second data storage request; judging the storage aging identifier according to the valid time of the storage expiration identifier and the receiving time whether it has expired; if the receiving time is before the valid time of the stored aging identifier, it is determined that the stored aging identifier has not expired, and the data identifier and the user identifier are associated and stored in the second database.

Optionally, before receiving the first data storage request sent by the service front end, it also includes: in response to the registration request sent by the service front end, assigning access rights to users, and the access rights are used to respond to receiving In the first data storage request sent by the business front-end, authority verification is performed on the user according to the access authority.

According to a second aspect of the embodiments of the present invention, a method for data query is provided, including:

In response to receiving the first data query request from the service front end, according to the user ID in the first data query request, look up the data ID corresponding to the user ID from the second database, and according to the data ID Generate a query timeliness identifier, and send the query timeliness identifier to the service front end;

In response to receiving a second data query request from the service front end that includes the query timeliness identifier, if the query timeliness identifier has not expired, acquire data from the first database according to the query timeliness identifier.

Optionally, searching the second database for the data identifier corresponding to the user identifier according to the user identifier in the first data query request includes: according to the user identifier in the first data query request, searching from the second Searching the encrypted data identifier corresponding to the user identifier in the second database; decrypting the encrypted data identifier to obtain the data identifier; obtaining data from the first database according to the query timeliness identifier, including: according to the query The aging identification acquires encrypted data from the first database; decrypts the encrypted data to obtain the data.

Optionally, the query aging identifier has a valid time, and the query aging identifier has a mapping relationship with the data identifier; after the query aging identifier is generated according to the data identifier, it further includes: establishing and storing the data identifier and The mapping relationship of the query timeliness identifier; in the case that the query timeliness indicator has not expired, obtaining data from the first database according to the query timeliness indicator, including: recording the receiving time of receiving the second data query request , and obtain the query aging identifier from the second data query request; judge whether the query aging identifier is expired according to the valid time of the query aging identifier and the receiving time; In the case of before the effective time of the timeliness mark, it is determined that the query timeliness mark has not expired, and according to the query timeliness mark, the data mark is obtained from the stored mapping relationship between the query timeliness mark and the data mark; The data is acquired from the first database according to the data identifier.

According to a third aspect of the embodiments of the present invention, a data storage device is provided, including:

The first data storage module is configured to save the data to be stored in the first database in response to receiving the first data storage request sent by the service front end, and generate a storage timeliness identifier according to the data identifier of the data to be stored, and store the stored data The storage timeliness identifier is sent to the service front end;

The second data storage module is configured to save the data identifier when the storage expiration identifier has not expired in response to receiving the second data storage request containing the storage aging identifier sent by the service front end to the second database.

According to a fourth aspect of the embodiments of the present invention, a data query device is provided, including:

The first data query module is configured to, in response to receiving the first data query request sent by the service front end, search for data corresponding to the user ID from the second database according to the user ID in the first data query request ID, and generate a query timeliness ID according to the data ID, and send the query timeliness ID to the service front end;

The second data query module is configured to, in response to receiving the second data query request containing the query timeliness identifier sent by the service front end, in the case that the query timeliness identifier has not expired, according to the query timeliness identifier Get data from the first database.

According to a fifth aspect of the embodiments of the present invention, there is provided an electronic device for data storage and data query, which is characterized in that it includes:

one or more processors;

storage means for storing one or more programs,

When the one or more programs are executed by the one or more processors, the one or more processors are made to implement the method provided by the first aspect and/or the second aspect of the embodiment of the present invention.

According to a sixth aspect of the embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, and when the program is executed by a processor, the method provided by the first aspect and/or the second aspect of the embodiments of the present invention is implemented .

An embodiment of the invention has the following advantages or beneficial effects: in response to receiving the first data storage request sent by the service front end, the data to be stored is stored in the first database, and the data to be stored is generated according to the data identification of the data to be stored Store the aging identifier, and send the storage aging identifier to the business front end; in response to receiving the second data storage request containing the storage aging identifier sent by the business front end, save the data identifier to the second data store if the storage aging identifier has not expired. The technical solution of the database realizes that when storing data, a storage aging identifier is generated according to the data identifier of the data to be stored, and the data storage is completed when the storage aging identifier has not expired. The data storage based on the aging identifier effectively improves the data quality. The security of personal privacy is maintained, and the security of platform data information is guaranteed. In addition, the present invention searches the second database for the data identifier corresponding to the user identifier according to the user identifier in the first data query request in response to receiving the first data query request sent by the service front end, and generates Query the timeliness identifier, and send the query timeliness identifier to the service front end; in response to receiving the second data query request containing the query timeliness identifier sent by the business front end, in the case that the query timeliness identifier has not expired, according to the query timeliness identifier from the first The technical solution for obtaining data in the database, when querying data, obtains the data identifier according to the user identifier to generate the query aging identifier, obtains the data to be queried when the query aging identifier has not expired, and performs data query based on the aging identifier, which is effective Improve data security, maintain personal privacy, and ensure the security of platform data information.

Description of drawings

The accompanying drawings are used to better understand the present invention, and do not constitute improper limitations to the present invention. in:

Fig. 1 is a schematic diagram of the main flow of a method for data storage according to an embodiment of the present invention;

Fig. 2 is a schematic diagram of verification of user access rights in an embodiment of the present invention;

FIG. 3 is a schematic overall flowchart of a data storage method according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a main flow of a data query method according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of an overall flow of a method for querying file data according to an embodiment of the present invention;

6 is a schematic diagram of the overall architecture of the method for data storage and data query according to an embodiment of the present invention;

7 is a schematic diagram of main modules of a data storage device according to an embodiment of the present invention;

Fig. 8 is a schematic diagram of main modules of a device for data query according to an embodiment of the present invention;

FIG. 9 is an exemplary system architecture diagram to which the embodiment of the present invention can be applied;

Fig. 10 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.

Detailed ways

The acquisition, storage, use, and processing of data in the technical solution of the present invention all comply with the relevant provisions of national laws and regulations.

Exemplary embodiments of the present invention are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present invention to facilitate understanding, and they should be regarded as exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

The present invention contemplates that entities responsible for collecting, analyzing, disclosing, transmitting, storing or otherwise using such Personal Information data will adhere to established privacy policies and/or privacy practices. Specifically, such entities shall implement and adhere to privacy policies and practices that are recognized as meeting or exceeding industry or government requirements for maintaining the privacy and security of personal information data. Such policies should be easily accessible to users and should be updated as data collection and/or use changes. Personal information from users should be collected for the entity's lawful and reasonable uses and not shared or sold outside of those lawful uses. In addition, such collection/sharing should be done after receiving informed consent from users. In addition, such entities should consider taking any necessary steps to safeguard and secure access to such Personal Information Data and to ensure that others who have access to Personal Information Data comply with their privacy policies and procedures. In addition, such entities may subject themselves to third-party assessments to demonstrate compliance with widely accepted privacy policies and practices. In addition, policies and practices should be tailored to the specific types of personal information data collected and/or accessed, and to applicable laws and standards including jurisdiction-specific considerations. For example, in the United States, the collection or acquisition of certain health data may be governed by federal and/or state laws, such as the Health Insurance Portability and Accountability Act (HIPAA); while health data in other countries may be subject to other regulations and policies and should be dealt with accordingly. Therefore, different privacy practices should be maintained in each country for different types of personal data.

Notwithstanding the foregoing, the present invention also contemplates embodiments in which a user selectively blocks the use or access of personal information data. That is, the present invention contemplates that hardware elements and/or software elements may be provided to prevent or prevent access to such personal information data. For example, with respect to accessing or storing health information, the technology of the present invention may be configured to allow users to choose to "opt in" or "opt out" of the collection of personal information data during registration for the service or at any time thereafter. In another example, a user may choose not to provide certain types of health-related information. In yet another example, the user may choose to limit the length of time the health-related information is maintained or disable storage of the health-related information altogether. In addition to providing "opt-in" and "opt-out" options, the present invention contemplates providing notices related to access or use of personal information. For example, users can be notified that their personal information data will be accessed when downloading an application, and then reminded again just before personal information data is accessed by the application.

Furthermore, it is an object of the present invention that personal information data should be managed and processed to minimize the risk of unintentional or unauthorized access or use. Risk is minimized by limiting data collection and deleting data once it is no longer needed. Additionally, and when applicable, including in certain health-related applications, data de-identification may be used to protect user privacy. By removing specific identifiers (e.g., date of birth, etc.), controlling the amount or specificity of data stored (e.g., collecting location data at the city level rather than at the address level), controlling how data is stored (e.g., , aggregate data across users), and/or other methods to facilitate de-identification.

At present, in the scenario where users enter and query personal information through the platform, for personal file information with a large amount of data, when the data access request is obtained, the backend usually decrypts and returns the corresponding file link to the business front end. The security of the link is not effectively guaranteed, resulting in risks such as data leakage and tampering. Not only is personal privacy not effectively protected, but the credibility of the platform will also be affected, which cannot well meet practical applications.

In order to solve the above-mentioned problems existing in the prior art, the present invention proposes a method for data storage and data query. When storing data, a storage aging identifier is generated according to the data identifier of the data to be stored. Complete data storage under certain circumstances; when querying data, obtain the data identifier according to the user identifier to generate the query aging identifier, and obtain the data to be queried when the query aging identifier has not expired. Through the data storage and query based on the aging label in the embodiment of the present invention, data security is effectively improved, personal privacy is maintained, and the security of platform data information is guaranteed.

In the introduction of the embodiments of the present invention, involved nouns and their meanings are as follows:

AES: Advanced Encryption Standard (AES) in cryptography, also known as Rijndael encryption, is a block encryption standard;

RSA: an asymmetric encryption algorithm widely used in public key encryption and electronic commerce;

CRC: Cyclic redundancy check code, which is the most commonly used error checking code in the field of data communication;

MD5: Information Digest Algorithm, a widely used cryptographic hash function;

token: It means a token (temporary) in computer identity authentication, and is generally used as an invitation and login system;

File system: Internal file storage middleware, providing basic services for file data storage.

FIG. 1 is a schematic diagram of a main flow of a data storage method according to an embodiment of the present invention. As shown in FIG. 1 , the data storage method of the embodiment of the present invention includes the following steps S101 to S102.

Step S101: In response to receiving the first data storage request from the service front end, save the data to be stored in the first database, generate a storage timeliness identifier according to the data identifier of the data to be stored, and send the storage timeliness to the business front end.

Specifically, in the Internet hospital scenario, according to the national diagnosis and treatment technical specifications and operating procedures, doctors from all over the country can submit personal information for electronic real-name authentication, and become a resident doctor after passing the review of the Internet hospital platform. Personally identifiable information such as name, age, gender, ethnicity, and place of origin, as well as qualification document information such as a doctor's ID picture. For information with a small amount of data such as personal identity information, after the access authority verification is passed, it will be encrypted by the Internet hospital platform, and then saved to MySQL by the doctor master data service of the Internet hospital platform, and when the data is queried , the business front end obtains the encrypted data from MySQL, decrypts the encrypted data and displays it to the user. The embodiments of the present invention mainly focus on the file data with a large amount of data, and describe the method and device for storing and querying the file data.

According to an embodiment of the present invention, before receiving the first data storage request sent by the service front end, it also includes: in response to the registration request sent by the service front end, assigning access rights to users, and the access rights are used for In response to receiving the first data storage request sent by the service front end, an authorization check is performed on the user according to the access authorization.

Specifically, before receiving the first data storage request from the business front-end, the doctor user needs to send a registration request to the Internet hospital platform through the business front-end. For example, permission to upload, modify, and query doctors' personal information, to verify permissions before doctors log in to the Internet hospital platform to access and process personal information, which improves data security.

Figure 2 is a schematic diagram of verification of user access rights in the embodiment of the present invention. In the figure, the registration center assigns access rights tokens to users at the front end of the business, and when the user sends an access request with the token of the access rights to the file service of the Internet hospital platform through the front end of the business , the access right is verified by the registration center, and the user is allowed to access after the verification is passed.

According to another embodiment of the present invention, before saving the data to be stored in the first database, the method further includes: encrypting the data to be stored.

Specifically, based on the security of personal information, the Internet hospital platform encrypts the file data to be stored by doctors, including the encryption of personal identity information and the encryption of file data. The existing encryption algorithms include AES, RSA, CRC, and MD5. Among them, CRC and MD5 algorithms are mainly used for file verification, and the encrypted content is irreversible; AES is a decryptable symmetric encryption algorithm, which uses the same secret key for encryption and decryption. Fast and efficient, but there is a problem of key exchange; RSA is asymmetric encryption, with optional key lengths of 128 bits, 192 bits, and 256 bits. The higher the key length, the higher the encryption level, but the performance is worse. Considering the Internet hospital scene of the embodiment of the present invention, the encryption and decryption of files are all completed by the file service of the platform, which belongs to the unified service system, and there is no need to consider the issue of key exchange, so AES symmetric encryption is adopted, and the content of the key is agreed to be used.

According to yet another embodiment of the present invention, after generating the storage aging identifier according to the data identifier of the data to be stored, the method further includes: establishing and storing a mapping relationship between the storage aging identifier and the data identifier.

Specifically, the doctor uploads the qualification file data at the front end of the business, sends a file data storage request to the Internet hospital platform, and the Internet hospital platform receives the file data storage request from the business front end, and the file data is saved through the file service of the Internet hospital platform To the first database file system, considering that the file data is generally a picture of a qualification file, and its data volume is relatively large, when saving the file to the file system, the file system will return the data ID, through which the data ID can be obtained from the file system. The corresponding file data can be understood as a file link. The file service of the Internet hospital platform generates the corresponding storage aging identifier according to the received data identifier, establishes the mapping relationship between the storage aging identifier and the data identifier, saves it in the Redis database, and then sends the generated storage aging identifier to the business front end.

Step S102, in response to receiving the second data storage request from the service front end that includes the storage timeliness identifier, if the storage timeliness identifier has not expired, save the data identifier to the second database.

Specifically, the business front end receives the storage timeliness identifier sent by the Internet platform, which is used to control the access timeliness. In general, the storage of qualification files needs to be echoed in the interface of the business frontend, such as uploaded file scanning The picture will be filled in the entry position in the form of a picture thumbnail. Considering the security of the file data, the data identification corresponding to the file data is not displayed to the front end of the business, and the file data needs to be stored jointly with the personal identity information of the doctor, so it is necessary to pass the data identification corresponding to the file data through the doctor master data service of the Internet hospital platform Save to the second database MySQL.

According to an embodiment of the present invention, the second data storage request includes a user ID, and the storage aging ID has a valid time; if the storage aging ID has not expired, save the data ID to the second database , including: recording the receiving time of receiving the second data storage request, and obtaining the storage aging identifier from the second data storage request; Whether the storage timeliness ID has expired; if the receiving time is before the valid time of the storage timeliness ID, it is determined that the storage timeliness ID has not expired, and the data ID and the user ID are associated and stored in the Second database.

According to another embodiment of the present invention, before saving the data identifier to the second database, it further includes: according to the storage expiration identifier, searching for the stored mapping relationship between the storage expiration identifier and the data identifier The data identifier corresponding to the storage timeliness identifier.

According to yet another embodiment of the present invention, before saving the data identifier into the second database, the method further includes: encrypting the data identifier.

Specifically, the business front-end sends a second data storage request with a user ID and a storage timeliness ID to the Internet hospital platform, and the doctor master data service of the Internet hospital platform invokes the file service according to the storage timeliness ID, and records the time when the second data storage request is received. The receiving time is to determine whether the receiving time is before the valid time according to the valid time stored in the aging identifier. If the receiving time is before the valid time, it means that the storage timeliness mark has not expired, and the business front-end is allowed to access. The Internet hospital platform will return the files saved in the first database to the business front-end in the form of picture thumbnails. In addition, the storage timeliness stored from Redis Find the data identifier of the file corresponding to the storage time-sensitive identifier in the mapping relationship between the identifier and the data identifier, and after encrypting the data identifier, associate the encrypted data identifier with the user identifier and save it to MySQL, to complete the storage of doctor file data.

The specific data structure example of the database MySQL corresponding to the doctor master data service is shown in Table 1 below. Among them, information such as doctor's name, birthday, gender, and avatar link with a small amount of data is directly saved in MySQL. For the doctor's qualification certificate file, it needs to be saved to the file system through the file service. MySQL only saves the data identification of the doctor's qualification certificate file. It not only ensures the security of data, but also optimizes the data storage structure of the platform, which is more conducive to the improvement of efficiency.

Table 1:

field definition type of data field description doctorName String doctor name doctor Brithday date doctor birthday doctorSex Integer doctor sex doctorHeadUrl String Doctor Avatar Link doctorCertificateKey String Data identification of doctor qualification certificate file

FIG. 3 is a schematic flowchart of the overall data storage method according to the embodiment of the present invention. The doctor uploads the file data at the business front end, and sends a file data storage request to the Internet hospital platform; the file service of the Internet hospital platform receives the file data storage request from the business front end, encrypts the file data, and saves it to the A database file system; the file service sets the effective time according to the data identifier corresponding to the file data returned by the file system to generate a storage aging identifier, establishes a mapping relationship between the storage aging identifier and the data identifier, saves it to Redis, and returns the storage aging identifier to Business front. The business front-end sends the second data storage request including the user ID and the storage aging ID to the Internet hospital platform, and the doctor master data service of the Internet hospital platform calls the file service to judge the expiration of the storage aging ID according to the storage aging ID; if it has expired, Then send a message to the business front-end that the storage has failed and needs to be re-uploaded; if it has not expired, search for the data identifier of the file corresponding to the storage expiration identifier from the mapping relationship between the storage expiration identifier and the data identifier stored in Redis, and obtain the data identifier Associate with the user ID and save it to MySQL to complete data storage.

Through the above-mentioned user authority verification, personal information encryption processing, and file data identification mapping and timeliness control, the security of personal information is guaranteed to the greatest extent, personal privacy is maintained, and the security of platform data information is guaranteed.

FIG. 4 is a schematic diagram of a main flow of a data query method according to an embodiment of the present invention. As shown in FIG. 4 , the data storage method of the embodiment of the present invention includes the following steps S401 to S402.

Step S401, in response to receiving the first data query request sent by the service front end, according to the user ID in the first data query request, look up the data ID corresponding to the user ID from the second database, and according to the The data identifier generates a query timeliness identifier, and sends the query timeliness identifier to the service front end.

According to an embodiment of the present invention, searching the second database for the data identifier corresponding to the user identifier according to the user identifier in the first data query request includes: according to the user identifier in the first data query request An identifier, searching the second database for an encrypted data identifier corresponding to the user identifier; decrypting the encrypted data identifier to obtain the data identifier.

According to another embodiment of the present invention, the query aging identifier has a mapping relationship with the data identifier; after generating the query aging identifier according to the data identifier, it further includes: establishing and storing the data identifier and the query aging Identified mapping relationship.

Specifically, after the user sends the first data query request to the Internet hospital platform through the business front end, the Internet hospital platform verifies the user's access authority, and after the verification is passed, according to the user ID in the first data query request, the The encrypted data identifier is obtained from the relationship between the encrypted data identifier and the user identifier in the MySQL database corresponding to the doctor master data service of the hospital platform; the encrypted data identifier is decrypted by the file service of the Internet hospital platform to obtain the data identifier, according to The data identifier generates the query aging identifier. The file service of the Internet hospital platform establishes the mapping relationship between the data identifier and the query aging identifier, stores it in the Redis database, and then sends the query aging identifier to the business front end.

Step S402, in response to receiving the second data query request containing the query timeliness identifier sent by the service front end, in the case that the query timeliness identifier has not expired, from the first database according to the query timeliness identifier retrieve data.

According to an embodiment of the present invention, the query timeliness ID has a valid time, and in the case that the query timeliness ID has not expired, obtaining data from the first database according to the query timeliness ID includes: recording the receipt of the The receiving time of the second data query request, and obtaining the query aging identifier from the second data query request; judging whether the query aging identifier has expired according to the valid time of the query aging identifier and the receiving time; When the receiving time is before the effective time of the query timeliness ID, it is determined that the query timeliness ID has not expired, and according to the query timeliness ID, from the stored mapping relationship between the query timeliness ID and the data ID In the process, the data identifier is obtained; and the data is acquired from the first database according to the data identifier.

According to another embodiment of the present invention, obtaining data from the first database according to the query aging identifier includes: acquiring encrypted data from the first database according to the query aging identifier; decrypting the encrypted data to obtain the the above data.

Specifically, the business front-end sends a second data query request with a query timeliness identifier to the Internet hospital platform, and the file service of the Internet hospital platform records the receiving time of the second data query request, and judges the receipt according to the valid time in the query timeliness identifier. Whether the time is before the effective time. If the receiving time is before the effective time, it means that the query timeliness ID has not expired, and the business front-end is allowed to access it. Find the data ID corresponding to the query timeliness ID from the mapping relationship between the query timeliness ID and the data ID stored in Redis, and use the data ID from the file The encrypted file data is obtained in the system, and the file service of the Internet hospital platform decrypts it to obtain the file data, and finally returns the file data to the business front end to complete the query of the file data.

FIG. 5 is a schematic diagram of an overall flow of a method for querying file data according to an embodiment of the present invention. The doctor user sends the first data query request to the Internet hospital platform through the business front end; the doctor master data service of the Internet hospital platform obtains the corresponding data identification from the second database MySQL according to the user identification in the first data query request; the Internet hospital platform The file service generates the corresponding query aging identifier based on the data identifier and sets the valid time, establishes the mapping relationship between the data identifier and the query aging identifier, and saves it to Redis, then assembles the query aging identifier through parameter replacement and returns it to the front end of the business; business The front end sends a second data query request to the Internet hospital platform according to the received query timeliness; the file service records the receiving time, and judges whether the received timeliness has expired according to the valid time in the query timeliness; if it has expired, return the file to the business front end Inaccessible message; if it has not expired, obtain the data identifier according to the mapping relationship between the data identifier in Redis and the query aging identifier, and load the encrypted file data from the first database file system according to the data identifier; finally decrypt the encrypted file data , get the file and show it to the business front end.

Fig. 6 is a schematic diagram of the overall architecture of the method for data storage and data query according to the embodiment of the present invention. The doctor APP and the doctor qualification review platform belong to the front-end business, and the doctor master data service and file service belong to the back-end service of the Internet hospital platform. The doctor APP supports the personal information entry, upload, query, and decryption of personal identity information for doctor users. The doctor qualification review platform supports operators to query doctors' personal information, including personal identity information and qualification documents. The doctor master data service supports verification of user access rights, encrypted storage of doctors' personal identity information, obtaining corresponding data identifiers from file services according to storage aging identifiers or query aging identifiers, and storing the obtained data identifiers in the second database MySQL . The file service supports generating storage or query aging identifiers based on data identifiers, establishing and storing the mapping relationship between data identifiers and storage aging identifiers, as well as the mapping relationship between data identifiers and query aging identifiers, and encrypting and decrypting file data.

For data storage, the doctor user enters personal information through the doctor APP, and uploads the qualification file to the file service of the Internet hospital platform (① in the figure); Verification, after the verification is passed, the qualification file is encrypted and stored in the first database file system; the storage aging identifier is generated according to the data identifier corresponding to the qualification file returned by the file system, and the data identifier and storage are established and stored. The mapping relationship of the aging identifier; then return the stored aging identifier to the front-end doctor APP (② in the figure); the doctor APP sends a second data storage request including the doctor’s personal identity information and the stored aging identifier to the doctor’s master data service (③ in the figure ), the doctor master data service encrypts and stores the personal identity information, calls the file service to judge the timeliness of the storage timeliness according to the storage timeliness mark, and returns the data mark corresponding to the storage timeliness mark to the doctor master In the data service, the doctor master data service stores the obtained data identification in the second database MySQL.

For data query, the doctor sends the first data query request (④ or ⑥ in the figure) to the doctor master data service of the Internet hospital platform through the doctor APP or the operator through the doctor resource review platform; The data identification of the file to be queried is obtained in the second database MySQL; the file service generates the query timeliness label according to the data label, and establishes and stores the mapping relationship between the data label and the query timeliness label; the doctor uses the doctor APP or the operator through the doctor resource review platform to send data to the Internet The file service of the hospital platform sends the second data query request (⑤ or ⑦ in the figure), and if the query timeliness mark has not expired, the encrypted file data is obtained from the first database file system according to the query timeliness mark; The encrypted file data is decrypted, the file data is obtained, and returned to the business front end.

Through the data storage and data query based on the aging label in the embodiment of the present invention, the security of data is effectively improved, personal privacy is maintained, and the security of platform data information is guaranteed.

Fig. 7 is a schematic diagram of main modules of a data storage device according to an embodiment of the present invention. As shown in FIG. 7 , the data storage device 700 mainly includes a first data storage module 701 and a second data storage module 702 .

The first data storage module 701 is configured to store the data to be stored in the first database in response to receiving the first data storage request sent by the service front end, and generate a storage timeliness identifier according to the data identifier of the data to be stored, and store The storage aging identifier is sent to the service front end;

The second data storage module 702 is configured to, in response to receiving a second data storage request containing the storage timeliness identifier sent by the service front end, store the data identifier in the case that the storage timeliness has not expired. Save to the second database.

According to an embodiment of the present invention, the data storage device 700 may also include an encryption module (not shown in the figure), configured to: perform encryption on the data to be stored before saving the data to be stored in the first database encryption processing; and performing encryption processing on the data identifier before storing the data identifier in the second database.

According to another embodiment of the present invention, the data storage device 700 may also include a mapping relationship module (not shown in the figure), configured to: after generating a storage timeliness identifier according to the data identifier of the data to be stored, establish And storing the mapping relationship between the storage timeliness identifier and the data identifier; and before saving the data identifier into the second database, according to the storage timeliness identifier, from the stored storage timeliness identifier and the data identifier Find the data identifier corresponding to the storage aging identifier in the mapping relationship.

According to yet another embodiment of the present invention, the second data storage request includes a user identifier, and the storage aging identifier has a valid time; the second data storage module 702 can also be used to: record the receipt of the second The receiving time of the data storage request, and obtaining the storage aging identifier from the second data storage request; judging whether the storage aging identifier has expired according to the valid time of the storage aging identifier and the receiving time; in the If the receiving time is before the valid time of the stored aging identifier, it is determined that the stored aging identifier has not expired, and the data identifier and the user identifier are associated and stored in the second database.

According to yet another embodiment of the present invention, the data storage device 700 may also include a permission verification module (not shown in the figure), configured to: before receiving the first data storage request from the service front end, respond to Assigning access rights to the user based on the registration request sent by the service front end, and the access rights are used to perform permission verification on the user according to the access rights in response to receiving the first data storage request sent by the service front end.

Fig. 8 is a schematic diagram of main modules of a device for data query according to an embodiment of the present invention. As shown in FIG. 8 , the data query device 800 mainly includes a first data query module 801 and a second data query module 802 .

The first data query module 801 is configured to, in response to receiving the first data query request sent by the service front end, search for the user ID corresponding to the user ID from the second database according to the user ID in the first data query request A data identifier, and generate a query timeliness identifier according to the data identifier, and send the query timeliness identifier to the service front end;

The second data query module 802 is configured to, in response to receiving the second data query request containing the query timeliness identifier sent by the service front end, in the case that the query timeliness identifier has not expired, according to the query timeliness Identifies that the data is acquired from the first database.

According to an embodiment of the present invention, the first data query module 801 may also be configured to: search the encrypted data corresponding to the user ID from the second database according to the user ID in the first data query request identification; decrypt the encrypted data identification to obtain the data identification; the second data query module 802 can also be used to: obtain encrypted data from the first database according to the query timeliness identification; The data is decrypted to obtain said data.

According to another embodiment of the present invention, the query aging identifier has a valid time, and the query aging identifier has a mapping relationship with the data identifier; the data query device 800 may also include a mapping relationship module (not shown in the figure out), used to: after generating the query timeliness identifier according to the data identifier, establish and store the mapping relationship between the data identifier and the query timeliness identifier; the second data query module 802 can also be used to: record receiving the receiving time of the second data query request, and obtaining the query aging identifier from the second data query request; judging the query aging identifier according to the valid time of the query aging identifier and the receiving time expired; in the case that the receiving time is before the effective time of the query aging identifier, it is determined that the query aging identifier has not expired, and according to the query aging identifier, from the stored query aging identifier and the data In the mapping relationship of the identification, the data identification is obtained; and the data is obtained from the first database according to the data identification.

Fig. 9 is an exemplary system architecture diagram to which the embodiment of the present invention can be applied.

As shown in FIG. 9 , a system architecture 900 may include terminal devices 901 , 902 , and 903 , a network 904 and a server 905 . The network 904 is used as a medium for providing communication links between the terminal devices 901 , 902 , 903 and the server 905 . Network 904 may include various connection types, such as wires, wireless communication links, or fiber optic cables, among others.

Users can use terminal devices 901, 902, 903 to interact with server 905 through network 904 to receive or send messages and the like. Various communication client applications may be installed on the terminal devices 901, 902, and 903, such as data query applications, data storage applications, etc. (just examples).

The terminal devices 901, 902, and 903 may be various electronic devices with display screens and supporting web browsing, including but not limited to smart phones, tablet computers, laptop computers, desktop computers, and the like.

The server 905 may be a server that provides various services, such as a background management server that provides support for data storage and data query performed by users using the terminal devices 901 , 902 , and 903 (just an example). The background management server may store the data to be stored in the first database in response to receiving the first data storage request sent by the business front end, and generate a storage aging identifier according to the data identifier of the data to be stored, and store the storage aging identifier Send it to the service front end; in response to receiving the second data storage request containing the storage timeliness identifier from the service frontend, if the storage timeliness identifier has not expired, save the data identifier to The second database and the like process, and feed back the processing results (for example, storage results, etc.—just an example) to the terminal device.

It should be noted that the data storage and data query methods provided by the embodiments of the present invention are generally executed by the server 905 , and correspondingly, the data storage and data query devices are generally set in the server 905 .

It should be understood that the numbers of terminal devices, networks and servers in FIG. 9 are only illustrative. According to the implementation needs, there can be any number of terminal devices, networks and servers.

Referring now to FIG. 10 , it shows a schematic structural diagram of a computer system 1000 suitable for implementing a terminal device or a server according to an embodiment of the present invention. The terminal device or server shown in FIG. 10 is just an example, and should not limit the functions and application scope of this embodiment of the present invention.

As shown in FIG. 10 , a computer system 1000 includes a central processing unit (CPU) 1001, which can operate according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage section 1008 into a random-access memory (RAM) 1003 Instead, various appropriate actions and processes are performed. In the RAM 1003, various programs and data necessary for the operation of the system 1000 are also stored. The CPU 1001, ROM 1002, and RAM 1003 are connected to each other via a bus 1004. An input/output (I/O) interface 1005 is also connected to the bus 1004 .

The following components are connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, etc.; an output section 1007 including a cathode ray tube (CRT), a liquid crystal display (LCD), etc., and a speaker; a storage section 1008 including a hard disk, etc. and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the Internet. A drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is mounted on the drive 1010 as necessary so that a computer program read therefrom is installed into the storage section 1008 as necessary.

In particular, according to the disclosed embodiments of the present invention, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, the disclosed embodiments of the present invention include a computer program product, which includes a computer program carried on a computer-readable medium, where the computer program includes program codes for executing the methods shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via communication portion 1009 and/or installed from removable media 1011 . When this computer program is executed by a central processing unit (CPU) 1001, the above-described functions defined in the system of the present invention are performed.

It should be noted that the computer-readable medium shown in the present invention may be a computer-readable signal medium or a computer-readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to, electrical connections with one or more wires, portable computer diskettes, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the described. In the present invention, a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In the present invention, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, in which computer-readable program codes are carried. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the described. A computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in conjunction with an instruction execution system, apparatus, or device. . Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the described.

The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, program segment, or portion of code that contains one or more logic devices for implementing the specified Executable instructions for a function. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or they may sometimes be executed in the reverse order, depending upon the functionality involved. It should also be noted that each block in the block diagrams or flowchart illustrations, and combinations of blocks in the block diagrams or flowchart illustrations, can be implemented by a dedicated hardware-based system that performs the specified function or operation, or can be implemented by a A combination of dedicated hardware and computer instructions.

The units involved in the description in the embodiments of the present invention may be implemented by means of software or by means of hardware. The described unit may also be set in a processor, for example, it may be described as: a processor includes: a first data storage module and a second data storage module.

Among them, the names of these modules do not constitute a limitation on the module itself under certain circumstances. For example, the first data storage module can also be described as "responsive to receiving the first data storage request from the front end of the business. , saving the data to be stored in the first database, generating a storage timeliness identifier according to the data identifier of the data to be stored, and sending the storage timeliness identifier to the front-end module of the service”.

On the other hand, the present invention also provides a computer-readable medium. The computer-readable medium may be included in the device described in the embodiments, or it may exist independently without being assembled into the device. The computer-readable medium carries one or more programs, and when the one or more programs are executed by the device, the device includes: in response to receiving the first data storage request sent by the service front end, storing the saving the data to be stored in the first database, generating a storage aging identifier according to the data identifier of the data to be stored, and sending the storage aging identifier to the service front end; The second data storage request for storing the timeliness identifier, if the storage timeliness indicator has not expired, save the data identifier to the second database.

According to the technical solution of the embodiment of the present invention, it has the following advantages or beneficial effects: in response to receiving the first data storage request sent by the service front end, the data to be stored is stored in the first database, and according to the data identification of the data to be stored Generate a storage aging identifier, and send the storage aging identifier to the business front end; in response to receiving the second data storage request containing the storage aging identifier sent by the business front end, if the storage aging identifier has not expired, save the data identifier to the first The technical solution of the second database realizes that when storing data, a storage aging identifier is generated according to the data identifier of the data to be stored, and the data storage is completed when the storage aging identifier has not expired. The data storage based on the aging identifier effectively improves the Data security maintains personal privacy and ensures the security of platform data information. In addition, the present invention searches the second database for the data identifier corresponding to the user identifier according to the user identifier in the first data query request in response to receiving the first data query request sent by the service front end, and generates Query the timeliness identifier, and send the query timeliness identifier to the service front end; in response to receiving the second data query request containing the query timeliness identifier sent by the business front end, in the case that the query timeliness identifier has not expired, according to the query timeliness identifier from the first The technical solution for obtaining data in the database, when querying data, obtains the data identifier according to the user identifier to generate the query aging identifier, obtains the data to be queried when the query aging identifier has not expired, and performs data query based on the aging identifier, which is effective Improve data security, maintain personal privacy, and ensure the security of platform data information.

The specific implementation methods are not intended to limit the protection scope of the present invention. It should be apparent to those skilled in the art that various modifications, combinations, sub-combinations and substitutions may occur depending on design requirements and other factors. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (12)

1. A method for data storage, comprising: In response to receiving the first data storage request from the service front end, save the data to be stored in the first database, generate a storage timeliness identifier according to the data identifier of the data to be stored, and send the storage timeliness identifier to the business front end; In response to receiving a second data storage request from the service front end that includes the storage timeliness identifier, if the storage timeliness identifier has not expired, save the data identifier to the second database. 2. The method according to claim 1, further comprising: before storing the data to be stored in the first database: Encrypting the data to be stored; Before saving the data identifier into the second database, it also includes: Perform encryption processing on the data identifier. 3. The method according to claim 1, further comprising: after generating the storage aging identifier according to the data identifier of the data to be stored: Establishing and storing the mapping relationship between the storage timeliness identifier and the data identifier; Before saving the data identifier into the second database, it also includes: Searching for the data identifier corresponding to the storage expiration identifier from the stored mapping relationship between the storage expiration identifier and the data identifier according to the storage expiration identifier. 4. The method according to claim 3, wherein the second data storage request includes a user ID, and the storage aging ID has an effective time; In the case that the storage timeliness identifier has not expired, saving the data identifier to the second database includes: Recording the receiving time of receiving the second data storage request, and obtaining the storage aging identifier from the second data storage request; judging whether the storage timeliness has expired according to the valid time of the storage timeliness and the receiving time; If the receiving time is before the valid time of the stored aging identifier, it is determined that the stored aging identifier has not expired, and the data identifier and the user identifier are associated and stored in the second database. 5. The method according to claim 1, characterized in that, before receiving the first data storage request from the service front end, further comprising: In response to the registration request sent by the service front end, assign access rights to the user, and the access rights are used to verify the user's rights according to the access rights in response to receiving the first data storage request sent by the service front end . 6. A method for data query, comprising: In response to receiving the first data query request from the service front end, according to the user ID in the first data query request, look up the data ID corresponding to the user ID from the second database, and according to the data ID Generate a query timeliness identifier, and send the query timeliness identifier to the service front end; In response to receiving a second data query request from the service front end that includes the query timeliness identifier, if the query timeliness identifier has not expired, acquire data from the first database according to the query timeliness identifier. 7. The method according to claim 6, wherein, according to the user identifier in the first data query request, searching the second database for the data identifier corresponding to the user identifier comprises: Searching for an encrypted data identifier corresponding to the user identifier from the second database according to the user identifier in the first data query request; decrypting the encrypted data identifier to obtain the data identifier; Acquiring data from the first database according to the query timeliness identifier, including: Acquiring encrypted data from the first database according to the query aging identifier; The encrypted data is decrypted to obtain the data. 8. The method according to claim 6, wherein the query aging identifier has a valid time, and the query aging identifier has a mapping relationship with the data identifier; After generating the query timeliness identifier according to the data identifier, it also includes: Establishing and storing the mapping relationship between the data identifier and the query timeliness identifier; In the case that the query aging identifier has not expired, acquiring data from the first database according to the query aging identifier includes: Recording the receiving time of receiving the second data query request, and obtaining the query timeliness identifier from the second data query request; judging whether the query timeliness has expired according to the valid time of the query timeliness and the receiving time; In the case where the receiving time is before the effective time of the query aging identifier, it is determined that the query aging identifier has not expired, and according to the query aging identifier, from the stored mapping between the query aging identifier and the data identifier In the relationship, the data identifier is obtained; The data is acquired from the first database according to the data identifier. 9. A device for data storage, comprising: The first data storage module is configured to save the data to be stored in the first database in response to receiving the first data storage request sent by the service front end, and generate a storage timeliness identifier according to the data identifier of the data to be stored, and store the stored data The storage timeliness identifier is sent to the service front end; The second data storage module is configured to save the data identifier when the storage expiration identifier has not expired in response to receiving the second data storage request containing the storage aging identifier sent by the service front end to the second database. 10. A device for data query, characterized in that it comprises: The first data query module is configured to, in response to receiving the first data query request sent by the service front end, search for data corresponding to the user ID from the second database according to the user ID in the first data query request ID, and generate a query timeliness ID according to the data ID, and send the query timeliness ID to the service front end; The second data query module is configured to, in response to receiving the second data query request containing the query timeliness identifier sent by the service front end, in the case that the query timeliness identifier has not expired, according to the query timeliness identifier Get data from the first database. 11. A mobile electronic device terminal, characterized in that it comprises: one or more processors; storage means for storing one or more programs, When the one or more programs are executed by the one or more processors, the one or more processors are made to implement the method according to any one of claims 1-8. 12. A computer-readable medium, on which a computer program is stored, wherein, when the program is executed by a processor, the method according to any one of claims 1-8 is realized.

Images