FR2802040A1 - Communication system and supply or services and exchange of information over the Internet in a secure manner, for a user group or profession such as medicine where all members of the profession can be given a unique identifier - Google Patents

Abstract

Data processing has a first method for enabling a user (17, 17') to have access, via the communications system, to individual information for one or more people in the group such that the first method has a communications function and a prompting function. The first method works in combination with a second method that allows members of the group to communicate in a secure fashion with other group members. The invention also relates to an operating system for such a communication system. The communication system comprises one or more servers and associated memories with an identification table for each of the group members.

Description

The invention relates to a communication and service delivery system via a network such as the Internet, which allows users of the system to access information on each of the persons belonging to a determined group of persons, and, on the other share, to communicate, securely or, with these people.

Communication systems are known via the Internet allowing communications within a group of several persons belonging to the same group of people, this group being for example a group of professionals, and more particularly the group of doctors.

Such systems offer secure messaging by encryption, using the principle of public and private keys. Each key encrypts the message which is decrypted by the other key. The process is not reversible because the key used to encrypt the message cannot be used to decrypt it. Thus, one of the complementary keys (the public key) can be disclosed, while the other (the private key) is known only to its owner.

Known systems of communication by a network provide system users with the public key of any person belonging to said set of people.

However, such a set of people generally does not bring together all the people belonging to the determined group of people. In the case where the group is the group of doctors, for example, said set of people generally includes not all doctors but only a part of them. The fact that all of the people do not fully gather all the people of the group considered very clearly limits the interest of the above communication system.

Furthermore, for the same group of people, there are a multitude of distinct sets of people belonging to said group, these sets constituting sub-groups. If we consider the group made up of all doctors, there is for example a sub-group comprising doctors located in the same geographical area, another sub-group comprising doctors having the same specialty, etc ...

The existence of a multitude of such sets or sub-groups poses two problems - each set offering its own encryption system, communication within said group, but transversely to the different sets, is not always possible; - moreover, the same person, and in particular the same doctor, can itself belong to several sets. In this case, there is generally an identifier for this person for each of the sets to which he belongs, these identifiers being different from one set to another.

fact that this person is not uniquely identified, whatever the considered set to which he belongs complicates and limits the exchange of data in which this person is involved.

The invention aims to remedy these drawbacks by providing a communication system, by Internet or equivalent, which gathers information on all the people belonging to a determined group of people, and in particular on all the doctors, each person being identified. by a unique identifier, which makes the public keys of each of these persons available to users of the system.

To this end, the communication system according to the invention comprises data processing means comprising at least one server and a memory, the memory being capable of storing for each of the people belonging to a determined group of people, such as typically the members of a profession, individual information and a unique identifier. These data processing means comprise - first means able to allow a user, such as in particular belonging to the public, to have access, through the system, to the individual information of one or more persons of the group. These first means have, on the one hand, a communication function vis-à-vis the users of the system and, on the other hand, an incentive function for people belonging to this group, in conjunction with the second means; - And in combination, second means specially designed to allow people belonging to a population including said group, such as members of a profession and people peripheral to this profession, to communicate with each other using the system. This communication can be secure.

Thanks to these means, the information can be exploited by users of the system, and, also, the people belonging to the population, in particular the people of said group, can exchange between them secure elements, while the information and the identifier relating to the people said group could only be stored once in memory for a given person in said group.

The communication system according to the invention comprises - identification table capable of storing, for each person belonging to a determined group of people, an identifier, the civil status of said person, a login or any other means of recognition for connection, and a password ; - at least one public table connected to the identification table, said public table being capable of storing, for each person belonging to the determined group of people, and in particular for any member of a profession, information intended for the public, such as that indications on the professional activity of said person; - at least one private table connected to the identification table, said private table being able to store, for each person belonging to the determined group of people, and in particular for any member of a profession, information intended for communication, such as one or more e-mail addresses of said person, one or more public keys encryption of said person.

In a preferred embodiment of the invention, the first means comprise a server connected to the public table, said server allowing a user connected to said server from a computer - to access information intended for the public, for each person belonging to the group determined of persons, said information of a given person belonging to said group being displayed by the server on the computer screen, for example in presentation which imitates a door station; - to communicate, in particular in a secure manner, with any person belonging to this group.

The second means include a server connected to the private table and allowing an authorized user, such as in particular a member of a profession or a person peripheral to this profession - to access, from a computer, the information intended for communication stored in the private table; - to access a certain number of services offered by the system, in particular to facilitate communications between people of the said population; - if the authorized user belongs to the determined group of people, to modify the individual information concerning him in order to update said information. The invention also relates to a method of operating such a communication system over a network, and in particular over the Internet.

In the operating method according to the invention, the information and the identifier relating to the persons of said group are stored only once in the memory of said system for a given person of said group.

Once this step has been carried out - a user can use the system to access individual information relating to the persons belonging to this group; - and each person belonging to the population including the said group can communicate with any other person belonging to the said population, in particular in a secure manner.

This process makes it possible to update information and identifiers of a person belonging to this group in a unique way and to authorize the two applications mentioned above.

Access to individual information is as follows - a user provides the system with a number of criteria relating to the specified group of people, via a computer; - a search engine present in one of the servers selects, from these criteria, one or more people belonging to the determined group of people; - the server displays on the computer screen, and for each of the selected persons, a section of information intended for the public in a presentation imitating a street sign; - the server allows access to another part of said information intended for the public by links from the entrance panels, for each of the persons selected.

The invention also relates to a means allowing a person of said group to associate a document with a character string containing, in scrambled form, minus the identifier of said person and a document specific characteristic, such as the checksum of said document. , said character string can only be created by the person whose identifier corresponds to the identifier contained in said character string. In a preferred version of the invention, said character string may also include the version number of the document, place of production or issue of said document, as well as the date and time of signature of said document.

Other characteristics and advantages of the invention will appear clearly on reading the description which follows, with reference to the appended drawings among which - FIG. 1 represents the data processing means of the communication system according to the invention; - Figure 2 is a schematic representation of the two applications of the system for a given person in the group; - Figure 3 illustrates the operation of affixing an electronic seal on a document; - Figure 4 illustrates the unscrambling operation of a seal affixed to a document.

An embodiment of the invention will be described, by way of nonlimiting example.

In what follows, in order to simplify, we will consider that the group of people is the group comprising all of the doctors. A person belonging to this group is therefore a doctor. With reference to FIG. 1, the communication system according to the invention comprises data processing means 1.

These data processing means 1 include an identification table 2 in which are stored, for each doctor, and before the system is implemented, a certain number of elements.

These elements are, on the one hand, a unique and universal identifier 3 for each doctor, and, on the other hand, the civil status 4 of the doctor considered (in particular his name, first name, sex, date of birth). The identification table 2 also stores, for each doctor, the login 5, or any other means of recognition for the connection, as well as the password 6 allowing privileged access to the system.

The identifier 3 of a doctor is for example an alphanumeric character string making it possible to recognize said doctor and also to find him among all the doctors.

The data processing means 1 also comprise a set of tables, connected to the identification table 2, divided into two categories, which can for example be distributed over several machines.

A first category comprises one or more public tables 7. A public table 7 contains indications intended for the public such as the specialty of the doctor, his or her places of practice and the associated timetables.

A second category of tables includes one or more private tables 9. A private table 9 contains information intended for communication 10, such as, for each subgroup of which the doctor in question belongs, his email address 11, his public encryption key 12, and any other information making it possible to offer services to doctors, in particular to facilitate communication between them. Once the identifier 3 and the individual information stored in the memory for each of the doctors, the communication system will be able to be used.

The existence of a unique identifier 3 for each doctor allows the implementation of two applications using the information 8 and 10 stored in the system.

To this end, data processing means 1 comprise - first means which allow a user 17 to have access to at least part of the individual information of any doctor (first application); - as well as second means allowing communication with doctors, in particular in a secure manner (second application).

The communication system according to the invention presents the information intended for the public 8 of a doctor, and this for each of the doctors, in the form of a virtual plate 13, which is the equivalent, on the network, of the plate of from the doctor.

This plate 13, which is the graphic transposition of the information intended for the public 8, constitutes the doctor's recognition tool and the electronic entry point to said doctor.

The two applications mentioned above can be represented by the two faces of the plate 13, a public face 14, for external communication, and a professional face 15, for internal communication, as illustrated in FIG. 2.

We will first describe the first application offered by the system.

A public server 16, connected to the public table 7, allows a user 17 connected to said public server 16 via a computer 18, to access information intended for the public 8 stored in said public table 7.

user 17, such as for example a public person 20, may wish to obtain information on or contact a particular doctor 19. The user 17 can also search for a doctor with a certain specialty, or whose office is located in a certain geographical area.

Thanks to a search engine 22, the user 17 can search for the doctor or doctors corresponding to the criteria that he has defined himself.

The public server 16 displays on the screen of the computer 18, for all the doctors meeting the criteria defined by the user 17, at least part of the information intended for the public 8 in a presentation which imitates, for each of the doctors , a street sign, that is to say under a virtual sign 13.

After selecting the appropriate response from all the responses provided by the search engine 22, that is to say from all the plates 13 displayed on the computer screen, the user 17 accesses, without move, at least part of the information intended for the public 8 present on the public face 14 of the electronic plate 13 of the selected doctor 19. From said plate 13, multiple information concerning said doctor 19 is available, such as typically the name, contact details and specialty of the doctor 19.

Another part of the information intended for the public 8 can be accessible by means of links from this plate 13. Thus, the plate 13 can also provide additional information, such as a plan of access to the doctor's office 19, his hours of visit, etc ... For other professions, and according to the rules in force in these professions, the plate 13 can also give access to the CV and the photograph of the professional considered. more, the plate 13 can, still thanks to links, provide the medical advice for which the doctor 19 assumes responsibility (vaccinations, precautions to be taken before a medico-technical act ...).

From a computer 18 connected to the public server 16, a user can also exchange messages, encrypted or not, with the doctor of his choice. This function will be explained in more detail in the description below.

The plate 13 therefore allows, via the identifier 3, to access information intended for the public 8 of a doctor considered 19. This application is represented, in FIG. 2, by the face 14 facing the public 20 , in particular clients 21 and potential clients of said doctor 19.

This public face 14 of the plate 13 constitutes the support for communication from the doctor 19 to the public 20, and more particularly to his clientele 21, as is the case for the window of a merchant.

Consequently, any doctor is motivated to constantly update the information accessible thanks to this public side 14 of his plate 13. In this way, the memory of the system can have exhaustive and reliable data. Thanks to the system according to the invention, any doctor therefore has an electronic plate 13, made accessible to the public 20 via a network such as the Internet. This virtual electronic plate 13 imitates the real street sign, which makes it possible to comply with existing rules and customs and which legitimizes said electronic plate 13 as a new information medium vis-à-vis organizations of guardianship.

The invention therefore makes it possible to create a base of plates 13 accessible to the public 20.

To ensure that only the doctor concerned 19 can modify the information relating to him, access to this information for modification can be secured in particular by password, smart card or any other sufficiently effective physical or logical means 23.

The fact that the system provides reliable information, and for all the physicians, makes it possible to implement the system for its second application, which will now be described.

The identifier 3, the digital support of the plate 13, is used to allow communication with the doctor 19, and in particular professional communications between the doctors.

Documents exchanged with a doctor, whether externally (between the doctor and his client) or internally (between the doctor and other doctors or other persons peripheral to the profession), are very often confidential and engage the responsibility of the doctor drafted them.

In a known manner, scrambled exchanges of documents are most often carried out according to the principle of asymmetric keys. Each doctor has two keys (or several sets of two keys): a private key, which he keeps secret, and a public key which he distributes to his contacts. Any document scrambled with the public key can only be scrambled with the corresponding private key and vice versa.

This principle makes it possible on the one hand to carry out encryption, since the reading of the document is impossible by a third party having intercepted the message, this third party not having the private key of the real recipient of the message.

On the other hand, this principle makes it possible to authenticate the sender of the document sent, since unscrambling is only possible with the public key of the real sender, corresponding to the private key with which said sender has scrambled the message. This guarantees the origin of the document. In the following description, reference will be made to this system of public and private keys. Of course, any other encryption technology, and in particular any encryption technology using the concept of public information necessary for interference can be used without departing from the scope of the invention.

A private server 24 is connected to the private table 7 and allows access to the information intended for communication 10.

An authorized user 17 ′ can connect to said private server 24 via a computer 18. Access to the private server 24 is reserved for certain users, and in particular for doctors. To access the private server 24, a doctor must provide his login 5, more generally his means of recognition for the connection, thus password 6.

A doctor can modify the information in the private table 9 that is relative to it at any time, access to this information for modifications being secure.

This application of the communication system according to the invention, more specifically intended for professional relations, is represented schematically in FIG. 2 by the professional face 15 of the plate 13 of a doctor in question.

The professional side 15 of the plate 13 I computer support of the public encryption keys 12 that the doctor 19 makes available to his authorized contacts. Such an authorized contact can in particular be any member of the group of doctors or a person belonging to any group (27, 27 ′) peripheral to the group of doctors 26 (for example pharmacists, etc.). The professional face of the plate 13 can also group the different electronic addresses 11 of said doctor 19. The existence of the encryption system according to the key principle as well as the availability of public keys 12 of a doctor makes it possible to carry out secure information exchange.

Let us take (`example of a radiologist who must transmit to a general practitioner the results of the ultrasound of one of their common patients, said general practitioner having initially prescribed this ultrasound to said patient.

This confidential message can be treated in two ways - the message can be encrypted using the general practitioner's public key (the recipient) so that it can only be read by said general practitioner, using his private key.

The radiologist (the sender) therefore needs the "general practitioner's public. He will find it by connecting to the electronic plate 13 of said general practitioner, where all the public keys of said general practitioner are available; - the message can be encrypted using the using the radiologist's private key (the sender). The general practitioner (the recipient) will then have to do the opposite and go to the radiologist's electronic plate to find the appropriate public key for the radiologist in order to be able to access the content. of the message.

This search for a public key 12 when sending messages can be automated, one of the objectives of the invention being to provide a routine ensuring connection to the electronic plate 13 and repatriation of a public key 12.

Thus, exchanges between doctors become possible, regardless of the set to which they belong, since the system according to the invention identifies all the doctors and groups, for each doctor, the different public keys 12 specific to each of the sets to which said doctor belongs. together we mean any subgroup of doctors linked for example by the same medical specialty or by a common geographic location or by a common electronic network. The exhaustiveness and reliability of the information stored in the data processing means 1 of the communication system according to the invention make the group of doctors particularly attractive for a supplier. Consequently, the second means of the invention also make it possible to provide doctors with a certain number of services such as, for example, professional training services, targeted information, online sales services for products relating to doctors, etc.

In addition to communications between professionals, the communication system according to the invention also allows communications between the public and the doctor.

Thanks to the unique identifier 3, any member of the public 20 is able to deliver information to the doctor of their choice 19 in order to obtain a personalized response, such as, for example, the solutions that can be envisaged in the face of a diagnosis mentioned.

Communication to a given doctor 19 of a user 17 belonging to the public 20 is carried out by the public server 16, the people of the public 20 not having access to the private server 24.

The public 20 does not have access to the public keys 12 of the doctor under consideration 19, since said public keys 12 are located on the professional face 15 of the plate 13 of the doctor 19. Different solutions are then possible.

A first solution consists in providing a public key 30 of the doctor 19 available on the public face 14 of the plate 13 of said doctor 19. This public key 30, stored in the public table 7 with the information intended for the public 8 of said doctor 19, is accessible by any user 17 belonging to the public 20 via the public server 16. This specific public 30 is only intended for communications between doctor 19 and the public 20. In this way, the doctor's encrypted external exchanges 19 are possible without that said doctor 19 has to make his public keys available to the public 20.

A second solution consists in providing a routine which allows a user 17 of the public 20 connected to the public server 16 to indirectly use the public key or keys 12 of the doctor 19, but without having direct access to it. Conversely, the communication from the doctor 19 to a public user 17 can be scrambled using the public key of the user 17 that said user sent to said doctor 19 at the same time as a message. Upon receipt, the user 17 will use his private key to unscramble the message sent by the doctor 19.

The system according to the invention also provides another service is a means of electronically signing documents 31, in order to certify both the authenticity of the transmitter 32 and that of the document 31 issued.

This means makes it possible to authenticate any document 31, whether it is stored or sent. In the case of a document 31 sent, this means is intended to prevent, once the document 31 decoded using the public key of the issuer, said document 31 from being trivialized and nothing remains of its authorship if it is thus transmitted to a third party.

This means consists in affixing an electronic seal 33 to the document 31. This operation is only possible if the doctor is identified reliably, in particular by providing his login 5 to said signature means, by the same physical or logical means 23 as that allowing said doctor to modify the information concerning him. Once the doctor, or more generally the sender 32, has drawn up a document (preliminary step), the operation of affixing the seal 33 takes place in several steps, as shown in FIG. 3.

First of all, in a first step A, the system develops a sufficiently specific characteristic of the document, such as the checksum of said document 31 for example.

The checksum 34 of the document 31 can for example be a digest of the message contained in the document 31, obtained from a conversion of the message binary digits. The checksum 34 is similar to a fingerprint used to detect counterfeits. The operation of carrying out the checksum 34 is one-way, since it is almost impossible to find the original message from its digest. In addition, two messages almost always give different digest and therefore it is almost impossible to find another message with the same digest.

The second step B consists in making the seal 33 proper, this seal 33 being a character string produced from the checksum 34, the identifier 3 of the transmitter 32 and possibly other data, such as the place and date of issue of the document, version number, etc.

This character string is then scrambled (third step C). A scrambled seal 33 ′ is thus obtained which is added to the document 31 (fourth step D), either directly on the document 31, that is to say in the form of a discreet seal, or in the form of a link.

Seal 33 therefore indicates whether the document 31 on which it is present has been modified since said seal 33 was affixed. It also indicates which transmitter 32, and in particular which doctor, has affixed it. On the other hand, it does not certify that it is indeed the editor of document 31 who has affixed the seal. When the recipient, or more generally the reader 35 document 31 receives said document 31, accompanied by a seal 33 ', he can, thanks to the system according to the invention, consult the information stored in the seal 33 ′, after having passed or not an access code.

This unscrambling operation of a seal 33 ′ is also carried out in several stages, as illustrated in FIG. 4.

In a preliminary step E, the document set 31 + scrambled seal 33 ′ is copied, in order to apply the following steps to it.

In a first step F, the document 31 + scrambled seal 33 'assembly is separated, so that the document 31 is obtained on the one hand and the scrambled seal 33' on the other hand. This step F is carried out as well if the seal 33 ′ is discreet or if it is linked to the document 31.

The second step G consists in unscrambling said scrambled seal 33 ', so that the reader 35 can have access to the information contained in said seal 33'. During the third step H, the checksum 34 ′ of the document 31 (or the specific characteristic of the document 31 chosen in the operation for manufacturing the seal 33) is compared to the checksum 34 contained in the seal 33.

Two cases can then arise - if the two checksums 34 and 34 'are identical, the reader 35 actually has access to the information contained in the seal 33, namely, that of the transmitter 32 of the document 31, and possibly other data such as the place and date of issue of the document 31, its version number, etc; - If the two checksums 34 and 34 'are different, the reader 35 receives a falsification message. Thanks to the electronic seal 33, electronic document exchanges 31, both internal and external, can be carried out in complete security.

Indeed, the seal 33 guarantees that it is indeed the doctor who affixed said seal 33 to the document 31, said doctor being the only one who can manufacture a seal containing his identifier 3. In addition, the seal 33 being specific to the document, since 'it contains its checksum 34, said seal guarantees that document 31 has not been modified subsequent to its signature that a third party has not added said seal 33 to another document of which the doctor in question is not the author.

Of course, the invention as just described, with reference to the group of doctors, can be applied to any other group of people, in particular, but not only, to any group of professionals with street signs (architects, lawyers, notaries, consulting firms ...).

Claims (10)

1. Communication system via a network such as the Internet, comprising data processing means (1) comprising at least one server and a memory, the memory being capable of storing for each of the persons belonging to a determined group of persons, such as typically the members of a profession, individual information and a unique identifier, characterized in that said data processing means comprise - first means capable of enabling a user 17 ′), such as in particular belonging to the public (20), d '' have access, thanks to the system, to individual information from one or more people in the group, these first means having, on the one hand, a communication function and, on the other hand, an incentive function for people belonging to said group , in conjunction with the second means, - and in combination, second means specially designed to allow persons belonging to a population included said group, such as the members of a profession and the persons peripheral to this profession, to communicate with each other using the system, this communication being able to be secure, so that the information can be exploited by users (17, 17 ') system, and also that the people belonging to the population, in particular the people of the said group, can exchange secure elements with each other, while the information and the identifier (3) relating to the people of the said group could have been stored only once in memory for a given person in the group. 2. Network communication system according to claim 1, characterized in that it comprises an identification table (2) capable of storing, for each person belonging to the determined group of people, an identifier (3), the state civil (4) of said person, a login or any other means of recognition for the connection, and a password (6). 3. Network communication system according to claim 1 or 2, characterized in that it comprises at least one public table connected to the identification table (2), said public table (7) being capable of storing, for each person belonging to the determined group of persons, and in particular for any member of a profession, information intended for the public (8), such as indications of the professional activity of said person. 4. Network communication system according to any one of claims 1 to 3, characterized in that it comprises at least one private table (9) connected to the identification table (2), said private table (9 ) being able to store, for each person belonging to the determined group of persons, and in particular for any member of a profession, information intended for communication (10), such as a plurality of electronic addresses (11) of said person , one or more public keys (12) for encrypting said person. 5. Network communication system according to any one of claims 1 to 4, characterized in that the first means comprise a server (16) connected to the public table (7), allowing a user (17, 17 ' ) connected to said server (16) from a computer (18) - to access information intended for the public (8), for each of the persons belonging to the determined group of persons, said information (8) of a given person belonging to said group being displayed by the server (16) on the computer (18), for example in a presentation which imitates a door panel; - to communicate, in particular in a secure manner, with any person belonging to this group. 6. Network communication system according to any one of claims 1 to 5, characterized in that the second means include a server (24) connected to the private table (9) and allowing authorized user (17 '), such as in particular a member of a profession a person peripheral to this profession - to access, from a computer (18), the information intended for communication (10) stored in the private table (9); - access a certain number of services offered by the system, in particular to facilitate communications between people from the said population; - if the authorized user (17 ') belongs to the determined group of people, to modify the individual information concerning him in order to update said information. 7. A method of operating a network communication system according to any one of claims 1 to 6, in which information and the identifier relating to the persons of said group are stored only once in the memory of said system for a person. data of said group, and, having done this - a user (17, 17 ') implements the system to have access to individual information relating to the persons belonging to said group; - and each person belonging to the population including the said group communicates with any other person belonging to the said population, in particular in a secure manner, the updating of the information and identifiers (3) of a person belonging to the said group being effected unique and authorizing the two applications mentioned. 8. A method of operating a communication system over a network according to claim 7, in which - a user (17, 17 ') provides the system with a certain number of criteria relating to the determined group of people, via a computer (18); - a search engine (22) present in one of the servers (16) selects, from these criteria, one or more persons belonging to the determined group of persons; - the server (16) displays on the computer (18), and for each of the persons selected, part of the information intended for the public (8) in a presentation imitating a street sign; - The server (16) allows access to another part of said information intended for the public (8) by links from the plates of, for each of the persons selected. 9. Network communication system according to any one of claims 1 to 6, characterized in that it comprises means allowing a person of said group to associate with a document (31) a character string (33) containing, in scrambled form, at least the identifier (3) of said person and a specific characteristic (34) of the document (31), such as the checksum (34) of said document, said character string (33) does not can be created only by the person whose identifier (3) corresponds to the identifier (3) contained in said character string (33). 10. Network communication system according to claim 9, characterized in that the character string (33) includes the document version number (31), the place of production or of transmission of said document (31), the date and the time of signature of said document (31).