Summary of the invention
The objective of the invention is at the deficiencies in the prior art, a kind of wireless real-time community medicine devices for interventional and method with security mechanism is provided.
The objective of the invention is to be achieved through the following technical solutions: a kind of wireless real-time community medicine devices for interventional with security mechanism is characterized in that it mainly is made up of wireless sensor network and supervisory control comuter; Wherein, described wireless sensor network comprises terminal node, routing node and base-station node; Base-station node is connected with the monitoring computer by serial ports or network interface.
Further, terminal node mainly is made up of wireless module, CPU module, encrypting module, power module and sensing module.Described wireless module, encrypting module, power module and sensing module all link to each other with CPU module, and power module links to each other with sensing module with wireless module respectively.CPU module has a memory; Described routing node mainly is made up of wireless module, CPU module and power module.Described wireless module links to each other with power module respectively with CPU module, and wireless module links to each other by bus with CPU module.CPU module has a memory; Described base-station node comprises the node module and the gateway processes module that is used for computer network communication and storage that are used for the wireless receiving and dispatching data.Wherein, node module mainly is made up of wireless module, second CPU module and power module, and wireless module links to each other with power module respectively with second CPU module, and wireless module links to each other by bus with second CPU module.The gateway processes module mainly is made up of first CPU module and Ethernet interface/serial ports, first CPU module links to each other by bus with Ethernet interface/serial ports, the first processor module links to each other by bus with second processor module, and first CPU module links to each other with power module.The first processor module and second processor module all have a memory.
Further, described monitoring computer is this locality monitoring computer of band deciphering module and local data base.Base-station node is connected with local monitoring computer by serial ports or network interface.
Further, described monitoring computer is the long distance monitoring computer of band deciphering module and remote data base.Base-station node is connected with the long distance monitoring computer by serial ports or network interface.
Further, described monitoring computer is this locality monitoring computer of band deciphering module and local data base and the long distance monitoring computer of band deciphering module and remote data base; Base-station node is connected with local monitoring computer or long distance monitoring computer by serial ports or network interface, and local monitoring computer links to each other by wired with the long distance monitoring computer.
A kind of method for supervising of using the wireless real-time community medicine devices for interventional of above-mentioned band security mechanism, this method may further comprise the steps:
(1) terminal node selects a random number to produce the private key of terminal node, and this private key safety is kept in the memory of terminal node;
(2) utilize elliptic curve cryptosystem, terminal node is according to corresponding public key of private key regeneration of harsh one-tenth;
(3) sensing module of terminal node is gathered physiological data, and physiological data is sent in the memory;
(4) encrypting module of terminal node utilizes elliptic curve cryptosystem to carry out encryption to the physiological data in the memory;
(5) terminal node sends terminal node PKI and data encrypted bag to base-station node by its wireless module channel.If terminal node can not directly be communicated by letter with base-station node, can communicate by letter with base-station node in the multi-hop mode by guarding in the zone other terminal node or routing node;
(6) mass data of arrival base-station node is stored in the memory of base-station node temporarily;
(7) if the monitoring computer is guarded computer for this locality of band deciphering module and local data base, base-station node is sent to local monitoring computer by serial ports or network interface with the data that receive; Local monitoring computer utilizes base-station node private key and terminal node PKI, and the enciphered data of sending to is decrypted processing; Local monitoring computer extracts, analyzes the relevant field through the data after the deciphering and operation such as conversion, and the storage after will changing is in local data base.Local monitoring computer access is positioned at the local data base on the local monitoring computer, and data are guarded, analyze, added up and background process such as alarm;
(8) if the monitoring computer is the long distance monitoring computer of band deciphering module and remote data base, base-station node is sent to the long distance monitoring computer by serial ports or network interface with the data that receive; The long distance monitoring computer utilizes base-station node private key and terminal node PKI, and the enciphered data of sending to is decrypted processing; The long distance monitoring computer is to extracting, analyze through the relevant field of data after the deciphering and operation such as conversion, and the storage after will changing is in remote data base.The long distance monitoring computer access is positioned at the remote data base on the long distance monitoring computer, and data are guarded, analyze, added up and background process such as alarm;
(9) if the monitoring computer is this locality monitoring computer of band deciphering module and local data base and the long distance monitoring computer of band deciphering module and remote data base, base-station node is sent to local monitoring computer by serial ports or network interface with the data that receive; Local monitoring computer utilizes base-station node private key and terminal node PKI, and the enciphered data of sending to is decrypted processing; Local monitoring computer extracts, analyzes the relevant field through the data after the deciphering and operation such as conversion, and the storage after will changing is in local data base.Local monitoring computer access is positioned at the local data base on the local monitoring computer, and data are guarded, analyze, added up and background process such as alarm.The long distance monitoring computer is by the computer network access local data base, and it is synchronous to carry out remote data base and local data base; Local data base with all data backups to remote data base; Local data base is only preserved the part local data in the setting-up time section, and other data beyond this time period are kept at remote data base.
The invention has the beneficial effects as follows:
1. the present invention utilizes wireless multi-channel data transmission means, make people be in or community in just can be human body relevant physiological characteristic signal, transmit to Local or Remote monitoring computer center in real time by WSN network and computer network, the monitoring center can be different according to sufferer feedbacks such as patient's condition loopback alarm signal, diagnostic result and medication guide, feedback information can be selected note, phone or network mail advice method for use.The wireless real-time Transmission mode of this employing WSN, can reduce or remove the line between bedside monitoring instrument and the medical-therapeutic treatment of human body transducer, make children under guardianship can have more free activity space, under the situation that does not influence daily life, obtain physiological parameter more accurately, sufferer just can be enjoyed and at home in the same treatment service of hospital, both save medical expense, realized the monitoring of patient under unconstrained state simultaneously again, improved patient's rehabilitation rate and quality of life.
2. system adopts the elliptic curve encryption algorithm in the public-key cryptosystem to carry out key management, can select for use symmetric cryptographic algorithm to realize the Hybrid Encryption pattern, can select for use simple xor operation to carry out effective encryption and decryption algorithm.Sensitive datas such as assurance human body physiological characteristics signal transmit with encrypted test mode, can effectively prevent external attacks such as eavesdropping.Simultaneously, in the transmission of Information process, use Message Authentication Code MAC (MessageAuthentication Code) to prevent that information from being altered by malice and abandon, make native system certain defense reaction also be arranged to internaling attack, thereby ensure the privacy of patient data and the fail safe of system, the present invention can be applicable to the wireless real time medical devices for interventional of family, community, sanatorium and hospitals at different levels.
Embodiment
(as family, community, sanatorium and hospitals at different levels etc.) form a wireless sensor network by three kinds of dissimilar nodes in the surveyed area of native system, they are terminal node, routing node and base-station node, carry out mutual communication by wireless channel between each node, wireless signal can select for use the whole world of 2.4GHz to disclose wireless free frequency range.Terminal node can be worn on the human body, (encrypting module is realized by elliptic curve encryption algorithm to detect human body physiological characteristics signal after concurrent warp let-off elliptic curve cryptosystem is encrypted, the cryptographic algorithm flow process is seen shown in Figure 10), be sent to base-station node through route node multi-hop, or terminal node directly sends to base-station node, the patient can freely walk about in the monitored area, does not influence their daily life; Routing node is compared the few physiological parameter sensors module of terminal node, and it mainly plays packet forwarding effect, generally by a plurality of routing node stationary distribution in the monitored area; Base-station node is responsible for collecting all data of wireless sensor network in the monitored area, carry out the data centralization operation, base-station node is connected with local monitoring computer by serial ports or network interface, base-station node also can be connected with the long distance monitoring computer by network interface, a plurality of surveyed areas are shared a long distance monitoring computer, carry out the collection and the control of teledata.More than the different nodes of three classes can constitute a wireless self-organization network, inner networking mode can be selected the XMesh wireless sensor networking mode of U.S. Crossbow company for use.
Native system adopts wireless sensor network as local data collection and treatment system, adopt a kind of public-key cryptosystem---elliptic curve cryptography ECC algorithm, guarantee data integrity and fail safe in the wireless sensor network internal transmission through the suitable sensor network after the lightweight.Simultaneously, in wired computer network transmission, local monitoring computer can be selected fire compartment wall, IPSec, SSL and other traditional computer network security measure for use, strengthens data transmission security between this locality monitoring computer and long distance monitoring computer.
As shown in Figure 1, the medical monitoring system based on wireless sensor network of band security mechanism of the present invention has used three category nodes: terminal node, routing node and base-station node, form wireless self-organization network between each node, constitute the data acquisition in family or community monitoring zone and the wireless sensor network of forwarding.The terminal node collection is also encrypted after each body weight for humans wants physiological data, pass on or directly be sent to base-station node through the route node and focus on, data encrypted is delivered to Local or Remote monitoring computer at last and is decrypted that (deciphering module is realized by elliptic curve encryption algorithm, the decipherment algorithm flow process is seen shown in Figure 11), local monitoring computer and long distance monitoring computer can be selected wired connection for use.Base-station node, local monitoring computer and long distance monitoring computer are formed wired computer network.Local monitoring computer and long distance monitoring computer to each Human Physiology data that collect be decrypted, store, analyze, operation such as processing, and make corresponding conclusion, by modes such as printing and screen displays, allow Local or Remote medical advice expert can conveniently make correlated judgment, last result can select for use modes such as note, phone or mail to notify patient or its family members.
Terminal node is carried by guardianship, can detect data such as subject's physiological data such as blood pressure, blood oxygen saturation, ECG electrocardiosignal and body temperature, and terminal node has the identifier ID that is used for indicating by the guardianship identity.The terminal node device is made miniaturization, light weight, low energy consumption and portability, and has the fail safe, stability, anti-interference of wireless transmission and to the adaptability under the adverse circumstances.As shown in Figure 2, terminal node mainly is made up of wireless module, CPU module, encrypting module, power module and sensing module, wireless module, encrypting module, power module and sensing module all link to each other with CPU module, and power module links to each other with sensing module with wireless module respectively provides energy.CPU module has memory, sensing module provides blood pressure, multiple physiology transducing signals such as blood oxygen saturation and ECG electrocardio, can select according to actual needs, as selecting the blood oxygen saturation module of the auspicious Electronics Co., Ltd. of sea cowry for use, sensing module can select for use the UART serial line interface to link to each other with central processor CPU, the Human Physiology data that collect are encrypted (the cryptographic algorithm flow process is seen Figure 10) by encrypting module, in node, be packaged into the packet of set form, by wireless module transmission encrypted data, other packet of node is is also received and dispatched by wireless module, CPU module links to each other by bus with wireless module, these two modules can be selected the MICAz platform of U.S. Crossbow company for use, this platform CPU selects the ATMega128L of Atmel company for use, dominant frequency is the 8-bit microprocessor of 8MHz, has the 128KB space encoder, 4KB RAM, the communication module operating frequency is 2.4GHz, and transmission rate can be up to 250kbps.The terminal node power module can adopt 2 joint AA powered battery.Terminal node operating system can be selected TinyOS for use, and transducer communication UART driving, network route and elliptic curve encryption algorithm can be selected the NesC Programming with Pascal Language for use.
Routing node is responsible for multi-hop and is transmitted the packet of terminal node to base-station node, in community or family's monitoring wireless sensor network, can be according to certain network topology structure, in the monitoring district, arrange the fixed route node of respective numbers, the rational routing node of distribution density can make and reduce the data packet loss by terminal node transceive data bag stably in the monitoring zone.As shown in Figure 3, routing node mainly is made up of wireless module, CPU module and power module, wireless module links to each other with power module respectively with CPU module, and wireless module links to each other by bus with CPU module, and CPU module has memory.The wireless module of routing node is identical with terminal node with the design of CPU module, can select the MICAz platform of U.S. Crossbow company for use.Power module can adopt 2 joint AA powered battery, perhaps can adopt powered by direct current, and long-term power supply service is provided.
As shown in Figure 4, base-station node comprises the node module and the gateway processes module that is used for computer network communication and storage that are used for the wireless receiving and dispatching data, node module mainly is made up of wireless module, second CPU module and power module, wireless module links to each other with power module respectively with second CPU module, and wireless module links to each other by bus with second CPU module; The gateway processes module mainly is made up of first CPU module, Ethernet interface/serial ports, first CPU module links to each other by bus with Ethernet interface/serial ports, the first processor module links to each other by bus with second processor module, and first CPU module links to each other with power module.First CPU module and second CPU module all have memory.Node module in the base-station node is identical with routing node hardware, can select the MICAz platform of U.S. Crossbow company for use, wireless module is used for the transceive data bag, second CPU module is used for data are handled, and power module is by direct current or adopts POE (Power Over Ethernet) technology to realize power supply.The gateway processes module is connected by bus with the node processing module, the configuration mass storage, and the packet that storage great amount of terminals node sends over can be selected the U.S. MIB600 of Crossbow company Ethernet interface plate for use.The Ethernet interface that configures can directly link to each other with this locality or long distance monitoring computer by the RJ45 cable and carry out transceive data, and Ethernet interface is supported ARP, UDP/IP, TCP/TP, Telnet, DHCP, BOOTP, agreements such as TFTP and HTTP.The gateway processes module also can provide serial line interface and local monitoring compunication, can select the U.S. MIB520 of Crossbow company USB interface plate for use.
System's monitoring networking model of the present invention has three kinds of different modes, and they are respectively local monitoring computer network pattern, long distance monitoring computer network pattern and mix monitoring computer network pattern, describe in detail below.
A. local monitoring computer network pattern
In the local monitoring network pattern of Fig. 5, wireless sensor monitoring network and local monitoring computer are formed a simple local wireless real-time digitization community medicine devices for interventional, local monitoring computer band deciphering module and local data base, data decryption is handled in this locality monitoring computer and is realized, deciphering module is by elliptic curve cryptography system specific implementation, and the decipherment algorithm flow process is seen shown in Figure 11.This system is fit to a small community and hospital internal health care monitoring network, and local monitoring computer development platform can be selected VisualStudio 2005 and PostgreSQL database for use.
In this locality monitoring computer network pattern, all data processing and monitoring instruction are all finished dealing with in this locality, do not need to provide external network interface, the Human Physiology data are in wireless sensor network internal transmission process, the important physiological data of transmission all is a data encrypted, they deposit local data base (the decipherment algorithm flow process is seen Figure 11) in after being decrypted on this locality monitoring computer, local then monitoring computer carries out background process to data.Whole process is safe and reliable, and the monitoring personnel can guard in this locality and operate relevant information in the computer after examining by identity.
As shown in Figure 6, the specific implementation method of local monitoring computer network pattern may further comprise the steps:
At first, start base-station node, each routing node and terminal node, form a wireless sensor monitoring network.
Steps A-1, terminal node selects a random number to produce the private key of terminal node according to oval cryptographic algorithm, and this private key safety is kept in the memory of terminal node.
Steps A-2 is utilized elliptic curve cryptosystem, and terminal node is according to corresponding public key of private key regeneration of harsh one-tenth.
Steps A-3, sensing module is gathered physiological data (as signals such as human body blood oxygen, blood pressure and electrocardios), and physiological data is sent in the memory.
Steps A-4, the encrypting module in the terminal node utilizes elliptic curve cryptosystem to carry out encryption (the cryptographic algorithm flow process is seen Figure 10) to the physiological data in the memory.Can select for use simple xor operation to do cryptographic algorithm.Elliptic curve cryptosystem is used for the PKI that cryptographic algorithm need be used base-station node, and it is inserted in the terminal node memory in the burned process of terminal node program code in advance.
Steps A-5 sends terminal node PKI and data encrypted bag to base-station node by the wireless module channel.If terminal node can not directly be communicated by letter with base-station node, can communicate by letter with base-station node in the multi-hop mode by guarding in the zone other terminal node or routing node.
Steps A-6, the mass data that arrives base-station node is stored in the memory of base-station node temporarily.For accelerating the reception packet ability of base-station node, promote whole wireless sensor network data transmission speed, base-station node is not decrypted processing to enciphered data.
Steps A-7, base-station node is sent to local monitoring computer by serial ports or Ethernet interface and the communication of local monitoring computer with the data that receive.
Steps A-8, local monitoring computer utilizes base-station node private key and terminal node PKI, and the enciphered data of sending to is decrypted processing, can select for use simple xor operation to do decipherment algorithm (the decipherment algorithm flow process is seen Figure 11).
Steps A-9, local monitoring computer are extracted, are analyzed the relevant field through sensing data after the deciphering and wireless sensor network data bag and operation such as conversion, and the storage after will changing is in local data base.
Steps A-10, local monitoring computer access is positioned at the local database server on the local monitoring computer, and data are guarded, analyze, added up and background process such as alarm.
B. long distance monitoring computer network pattern
In the long distance monitoring computer network pattern of Fig. 7, one or more wireless sensor networks and a long distance monitoring computer can be formed a simple long distance wireless real-time digitization community medicine devices for interventional, and the long distance monitoring computer has deciphering module and remote data base.Deciphering module is by elliptic curve cryptography system specific implementation, and concrete decipherment algorithm FB(flow block) is seen shown in Figure 11.This pattern is characterised in that, do not need local monitoring computer, one or more families and community wireless sensor network monitoring gained physiological data are after terminal node is encrypted, data are directly delivered to the centralized and unified processing of long distance monitoring computer center by base-station node, when transmitting via computer network, because important physical data terminal node encryption (the cryptographic algorithm flow process is seen Figure 10) can transmit getting final product in the traditional computer network, network security is had not a particular requirement.Get final product so only at the long distance monitoring computer the important physiological data of receiving is carried out corresponding decryption processing, deciphering back uniform data is stored in remote data base.Long distance monitoring computer development platform can be selected VisualStudio 2005 and PostgreSQL database for use.
A plurality of radio sensor network monitorings zone is positioned at this locality, the collection in worksite physiological data; And long distance monitoring computer, deciphering module and remote data base all are deployed in remote monitoring center.The base-station node of local data acquisition zone and gateway can be selected the U.S. MIB600 of Crossbow company Ethernet interface plate for use, the Ethernet interface service is provided, this kind interface is supported ARP, UDP/IP, TCP/TP, Telnet, DHCP, BOOTP, TFTP and http protocol, can be connected on HUB, switch or the router, the remote monitoring computer is directly connected to gateway by computer network.The real-time transmission of data depends on the stability of this cable network connected mode.
The specific implementation method of long distance monitoring computer network pattern shown in Figure 8 may further comprise the steps:
At first, start base-station node, each routing node and terminal node, form wireless sensor monitoring network.
Do and steps A-1 to steps A-6 is operated equally.
Step B-7, base-station node via wired computer network and long distance monitoring compunication, is sent to long distance monitoring computer with the physiological data after the encryption that receives by the Ethernet interface on the base-station node gateway.It all is through the elliptic curve cryptosystem ciphered data that the body weight for humans of transmitting in wireless sensor monitoring network inside and computer network is wanted physiological data, has high security.The Ethernet interface of gateway provides the interface of multiple standards communication protocol, can make things convenient for long distance monitoring computer access and management, and stable connection and data transport service is provided.
Step B-8, long distance monitoring computer receive the packet that the base-station node gateway sends, in the centralized and unified memory that is stored in the long distance monitoring computer.
Step B-9, long distance monitoring computer utilize the private key and the terminal node PKI of base-station node, and enciphered data is decrypted processing, can select for use simple xor operation to do decipherment algorithm (the decipherment algorithm flow process is seen Figure 11).
Step B-10, long distance monitoring computer are to through the physiological data after the deciphering with the relevant field of wireless sensor network data bag extracts, analyzes and operation such as conversion, and the uniform data after will changing is stored in the remote data base.
Step B-11, the long distance monitoring computer access is positioned at the remote database server on the long distance monitoring computer, and data are guarded, analyze, added up and operation is handled in alarm etc.
C. mix monitoring computer network pattern
In the mixing monitoring computer network pattern of Fig. 1, physiological data the local data base is deciphered and be stored in to one or more local monitoring computers to what obtain from community and family's surveyed area, can pass through traditional computer network security technologys such as fire compartment wall, SSL and IPSec, be sent to the centralized and unified processing of long distance monitoring computer safely, make that simultaneously each local data base and remote data base are synchronous, and data decryption is handled both can to have guarded in this locality and is realized in the computer, also can directly deliver to the long distance monitoring computer by base-station node and be decrypted processing.Deciphering module is by elliptic curve cryptography system specific implementation, and the decipherment algorithm flow process is seen shown in Figure 11.This mixed mode helps local Medical Technologist and carries out rapidly and efficiently protected activity, also can provide remote medical specialist to carry out centralized and unified protected activity, improves the flexibility of whole system.
Above-mentioned this mixing monitoring computer network pattern can be carried out operations such as fast decryption, extraction, analysis, conversion and storage earlier with a large amount of wireless sensor network data bags in this locality, improve the processing speed of whole system.Utilize traditional computer network safety prevention measure, can guarantee that physiological data is in the fail safe of computer network transmission course.This mixing monitoring computer network pattern is made up of a plurality of wireless sensor monitoring networks, one or more local monitoring computers and a long distance monitoring computer.Each local monitoring computer can independently monitor and control a certain local monitoring district, and the long distance monitoring computer is convenient to the remote medical center unification and is carried out remote real time monitoring to a plurality of by the monitoring district, medication guide is provided and sends control command.Local and remote monitoring computer development platform can be selected Visual Studio 2005 and PostgreSQL database technique for use.
The specific implementation method of mixing monitoring computer network pattern shown in Figure 9 may further comprise the steps:
At first, start base-station node, each routing node and terminal node, form wireless sensor monitoring network.
Do and steps A-1 to steps A-6 is operated equally.
Step C-7, base-station node, are sent to local monitoring computer with the data that receive, and are stored in the memory with this locality monitoring compunication by Ethernet interface on the gateway or serial line interface.
Step C-8, local monitoring computer utilizes the private key and the terminal node PKI of base-station node, and enciphered data is carried out corresponding decryption processing, can select for use simple xor operation to do decipherment algorithm (concrete decipherment algorithm flow process is seen Figure 11).
Step C-9, local monitoring computer extract, analyze the relevant field through physiological data after the deciphering and wireless sensor network data bag and operation such as conversion, and the storage after will changing is in local data base.
Step C-10, local monitoring computer access is positioned at the local database server on the local monitoring computer, and data are guarded, analyze, added up and operation is handled in alarm etc.This step is to dispose monitor system on the local monitoring computer, constitutes an independently local monitor system.
Step C-11, long distance monitoring computer be by the computer network access local database server, and it is synchronous to carry out remote database server and local database server.Local database server with all data backups to the remote database server that is arranged in central hospital or other long-range large-scale monitoring center.Local database server is only preserved the part local data in the setting-up time section, and other data beyond this time period are kept at remote database server.Local monitoring computer links to each other by wired computer network with the long distance monitoring computer, in order to improve the whole system fail safe, can guard computer security technology commonly used such as computer terminal and long distance monitoring computer terminal configuring firewalls, SSL and IPSec etc. in this locality, provide safe network to connect.
Step C-12, when carrying out above-mentioned steps C-7, base-station node without this locality monitoring computer and by Ethernet interface via wired computer network and long distance monitoring compunication, the data that receive directly are sent to the long distance monitoring computer, and uniform data is stored in the memory of long distance monitoring computer.Corresponding decrypted program in the long distance monitoring computer run elliptic curve cryptosystem, utilize the private key and the terminal node PKI of base-station node, enciphered data is decrypted processing, can selects for use simple xor operation to do decipherment algorithm (the decipherment algorithm flow process is seen Figure 11).To through the transducer physiological data after the deciphering with the dependent segment of wireless sensor network data bag extracts, analyzes and operation such as conversion, and the uniform data after will changing is stored in the remote data base.
Step C-13, the long distance monitoring computer access is positioned at the remote database server on the long distance monitoring computer, and the data that collect are guarded, analyze, added up and operation is handled in alarm etc.And each local monitoring computer can carry out operations such as corresponding local analytics, statistics and alarm.