零信任架构在医疗物联网安全建设中的应用

摘要：提出了一种基于零信任架构和技术的医疗物联网（IoMT）融生安全框架。该安全框架利用零信任控制平台、物联网安全接入网关、医疗终端、医疗业务系统、相关辅助支撑系统等组件，实现访问主体、运行环境、访问客体的融合共生，能够形成以身份可信管理为中心，全面融合业务安全访问、持续风险评估和动态访问控制的安全能力，支撑IoMT 的设备统一管理、安全准入控制、设备行为分析、终端安全检测、动态可信接入、安全加密通道等安全应用。

关键词：IoMT；智能医疗设备；零信任架构；融生安全框架

Abstract: A security framework for the Internet of Medical Things (IoMT) based on zero trust architecture and technology is proposed. Using the zero trust control platform, Internet of Things security access gateway, medical terminal, medical business system, and relevant auxiliary support system components, the security framework realizes the access subject, operating environment, and access object fusion symbiosis, which can form a security capability that takes identity trusted management as the center, fully integrate business security access, continuous risk assessment and dynamic access control, and support IoMT equipment unified management, security access control, device behavior analysis, terminal security detection, dynamic trusted access, secure encryption channel, and other security applications.

Keywords: IoMT; intelligent medical equipment; zero trust architecture; fusion-symbiosis security framework