JP2007304823A - Information management system and information management program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information management system capable of protecting various kinds of information, and conducting authentication and verification concerning the system utilization efficiently and with a high degree of precision. <P>SOLUTION: A terminal device 7 transmits a user ID 31 and a password 32 inputted by a user to a medical information management server 5 (Step 101). The terminal device 7 photographs the user's facial image 43 by a photographing part 28 and sends it to the medical information management server 5 (Step 102). The medical information management server 5 refers to an authentication table 30 and conducts the authentication based on the user ID 31 and the password 32 (Step 103). The medical information management server 5 registers the facial image 43 in a history table 40 (Step 107). The medical information management server 5 updates the history table 40 concerning login operations (Step 108). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information management system that manages various types of information. More specifically, the present invention relates to an information management system that manages user access and the like.

Conventionally, medical information devices perform processing related to the personal information of many patients. The medical information device requests authentication information such as an ID and a password from the user, and makes the device usable when the authentication is successful.
In addition, a medical image processing apparatus that requests authentication information at the time of application activation or logoff and permits display of a medical image or access to medical image data when authentication is successful has been proposed (for example, [Patent Documents] 1]).

JP 2004-89312 A

  However, the conventional medical information device has a problem that medical information cannot be protected if authentication information such as an ID and a password is obtained illegally. In addition, there is a problem in that it is not possible to specify the cause of unauthorized acquisition or a person who uses unauthorized authentication information.

  The present invention has been made in view of the above problems, and provides an information management system that protects various types of information and enables efficient and highly accurate authentication and verification related to system use. With the goal.

  In order to achieve the above-mentioned object, the first invention is an information management system for authenticating a user and managing various information, a photographing unit for photographing a face image of the user at a predetermined operation, A history holding unit that associates and holds the face image captured by the imaging unit and the history of the predetermined operation, and searches for the history of at least one of the face image and the predetermined operation held by the history holding unit. An information management system comprising: presenting means for presenting the information.

The information management system captures a user's face image during a predetermined operation, holds the face image and the operation history in association with each other, searches for the face image and the operation history, and presents them. The “predetermined operation”, which is the timing for capturing a face image, may be the time before or after the operation as well as the operation.
Thereby, since the face image can be confirmed together with the operation history information, verification (for example, verification of impersonation and unauthorized access) regarding system use can be performed efficiently and with high accuracy.

In addition, an operation image related to the operation status may be captured and held, and the operation image may be retrieved and presented.
Thereby, confirmation of the operation content and information disclosure about the operation content can be performed.

Further, if the shooting data cannot be recognized as a face image, shooting may be performed again.
As a result, when the face image cannot be acquired, the face image is taken again without proceeding with the process, so that the face image can be taken without making the user aware of it.

Further, the photographing data may be presented to the user, and the photographing may be performed again when the user refuses to use the photographing data.
Thereby, a face image can be reliably imaged. In addition, unauthorized use can be suppressed by applying psychological pressure to those who attempt fraud.

Alternatively, the user may be authenticated by holding a face image for authentication corresponding to the photographed face image and comparing the photographed face image with the face image for authentication.
Thereby, authentication is performed by comparing a face image for authentication registered in advance with a face image obtained by photographing an actual user, so that the authentication accuracy can be improved.

Further, the authority information of the user may be held for each operation target device or for each operation, and the operation permission / rejection may be determined for each operation target device or for each operation based on this authority information. Further, authentication using a face image may be performed together, and the operation permission / denial may be determined based on the authentication result.
In this way, by determining whether or not an operation is permitted for each operation target device or for each operation, a different system usage form can be set for each user.

Further, the face image may not be stored when the authentication fails or when there is no operation authority.
Thereby, the storage area of the face image can be saved.

  A second invention is an information management program for causing a computer to function as an information management system for authenticating a user and managing various types of information, the photographing means for photographing a face image of the user at a predetermined operation, Function as history holding means for holding the captured face image and the operation history in association with each other, and as presentation means for searching and presenting the face image and the operation history held by the history holding means Information management program.

The second invention relates to a program that causes a computer to function as the information management system of the first invention.
Note that the above program may be distributed by being held on a recording medium such as a CD-ROM, or the program can be transmitted and received via a communication line.

  ADVANTAGE OF THE INVENTION According to this invention, while protecting various information, the information management system which makes it possible to perform the authentication and verification regarding system utilization efficiently and with high precision can be provided.

  Hereinafter, a preferred embodiment of a medical information management system according to the present invention will be described in detail with reference to the accompanying drawings. In the following description and the accompanying drawings, the same reference numerals are given to components having substantially the same functional configuration, and redundant description will be omitted.

(1. Configuration)
(1-1. Configuration of medical information management system)
Initially, the structure of the medical information management system 1 which concerns on embodiment of this invention is demonstrated, referring FIG.
FIG. 1 is a configuration diagram of a medical information management system 1.

  The medical information management system 1 is configured by connecting a medical information management server 5, a terminal device 7, and a medical device 9 via a network 3. The terminal device 7 and the medical device 9 are normally connected on a one-to-one basis. In addition, about a system structure, various structures can be taken according to a use and the objective. For example, an image storage server or an imager may be connected to the network 3. A plurality of terminal devices 7 and medical devices 9 may be connected to the network 3. Further, when the terminal device 7 has the function of the medical information management server 5, the network 3 is not necessarily provided.

The medical information management server 5 is a device that manages medical information held by the medical device 9.
The terminal device 7 is an operation terminal of the medical device 9.
The medical device 9 is a device that acquires and holds various medical information. The medical device 9 is, for example, a CT (Computed Tomography) device or an MRI (Magnetic Resonance Imaging) device that acquires a captured image of a subject.
The network 3 is a network such as a LAN (local area network) or the Internet, and may be wired or wireless. Regarding the connection between the terminal device 7 and the medical device 9, the terminal device 7 and the medical device 9 may be connected via the network 3 or may be directly connected via the local interface 4.

(1-2. Hardware configuration)
Next, the hardware configuration of the medical information management server 5 and the terminal device 7 will be described with reference to FIGS. 2 and 3.
FIG. 2 is a hardware configuration diagram of the medical information management server 5.
FIG. 3 is a hardware configuration diagram of the terminal device 7.
Note that the hardware configurations in FIGS. 2 and 3 are examples, and various configurations can be adopted depending on the application and purpose.

(1-2-1. Medical Information Management Server 5)
The medical information management server 5 is configured by connecting a CPU 11, a memory 12, a storage unit 13, a display unit 14, an input unit 15, an output unit 16, and a communication unit 17 via a bus 19.

A CPU 11 (Central Processing Unit) is a device that performs arithmetic processing and operation control of hardware and software.
The memory 12 is a memory such as a RAM or a ROM. The RAM functions as a main memory and work area for the CPU 11.

  The storage unit 13 is a device that stores various data, and is, for example, a hard disk. The storage unit 13 stores a program executed by the CPU 11, data necessary for program execution, and an OS. In addition, the storage unit 13 holds an authentication table 30, a history table 40, and an authority table 50. The authentication table 30, history table 40, and authority table 50 will be described later.

The display unit 14 is a display device such as a CRT monitor or a liquid crystal panel.
The input unit 15 is an input device for various data, such as a keyboard and a mouse. The output unit 16 is an output device for various data, and is, for example, a printer. Drive devices that perform data input / output with various media can also be used as the input unit 15 and the output unit 16.

The communication unit 17 is a communication control device that connects and communicates with an external device via the network 3.
The system bus 19 is a path that mediates transmission / reception of control signals and data signals of the respective units of the terminal device 5.

  The medical information management server 5 loads a program (execution program, OS program, or application program) stored in the storage unit 13 onto the memory 12, and executes various processes shown in FIG. .

(1-2-2. Terminal device 7)
The terminal device 7 is configured by connecting a CPU 21, a memory 22, a storage unit 23, a display unit 24, an input unit 25, an output unit 26, a communication unit 27, and a photographing unit 28 via a bus 29.

  The CPU 21, the memory 22, the storage unit 23, the display unit 24, the input unit 25, the output unit 26, the communication unit 27, and the bus 29 of the terminal device 7 are the CPU 21, the memory 12, the storage unit 13, and the display unit of the medical information management server 5. 14, the input unit 15, the output unit 16, the communication unit 17, and the bus 19.

  The photographing unit 28 is a camera that photographs a face image and an operation image. The face image is an image obtained by photographing the face portion of the user. The operation image is an image obtained by photographing the operation situation. The imaging unit 28 may be provided in the medical device 9.

  The terminal device 5 loads a program (execution program, OS program, or application program) stored in the storage unit 23 onto the memory 22 and executes various processes shown in FIG.

(2. Information held in the storage unit 13)
Next, the authentication table 30, the history table 40, and the authority table 50 held by the storage unit 13 will be described with reference to FIGS.

(2-1. Authentication table 30)
FIG. 4 is a diagram illustrating an aspect of the authentication table 30.
The authentication table 30 is a table that holds information for authenticating the user of the medical device 9. The authentication table 30 includes fields for a user ID 31, a password 32, and a face image 33. The face image 33 is an authentication face image. Regarding the registration of the face image 33, it may be registered in advance like the user ID 31 and the password 32, or may be registered based on the face image 43 recorded in the history table 40. Note that face image data may be recorded in the authentication table 30, or when the face image data is stored in an image storage server or the like, a reference destination of the face image data may be recorded.

(2-2. History table 40)
FIG. 5 is a diagram illustrating an aspect of the history table 40.
The history table 40 is a table that holds information related to the operation history of the medical device 9. The history table 40 includes fields of a user ID 41, date and time 42, face image 43, operation target 44, operation 45, and operation image 46.
The face image 43 is an image taken by the terminal device 7 when the medical device 9 is operated.
The operation target 44 indicates the medical device 9 operated by the user.

  The operation 45 is an operation content in the medical device 9. The operation 45 includes, for example, “login” “start image browsing” “change and deletion of subject information” “deletion of image information” “cancel system standby state” “start application program execution” “log off” “copy image” "Imaging start". In the operation 45, not only the operation type but also input information input accompanying the operation may be recorded together.

  The operation image 46 is an image obtained by the terminal device 7 capturing the operation status of the medical device 9. The operation image 46 is, for example, an image obtained by photographing an actual interpretation situation or an image obtained by photographing an imaging situation. The operation image 46 may be a moving image as well as a still image.

  The face image data and the operation image data may be recorded in the history table 40. When the face image data and the operation image data are stored in an image storage server or the like, the face image data and the operation image data are stored. The reference destination may be recorded.

(2-3. Authority table 50)
FIG. 6 is a diagram illustrating an aspect of the authority table 50.
The authority table 50 is a table showing the authority of the user for each medical device and each operation. The authority table 50 includes fields for a user ID 51, an operation target 52, and an operation 53. The operation object 52 and the operation 52 indicate a medical device and an operation that can be operated by the user with the user ID 51, respectively. Although the authority table 50 has been described as indicating operation objects and operations that can be operated by the user, operation objects and operations that cannot be operated by the user may be registered.

(2-4. Other data structures)
The authentication table 30, the history table 40, and the authority table 50 are related by a user ID 31, a user ID 41, and a user ID 51, respectively. In addition to the data configuration shown in FIGS. 4 to 6, various configurations can be adopted depending on the purpose and application.

(3. Operation)
Next, the operation of the medical information management system 1 will be described with reference to FIGS.

(3-1. Login operation)
FIG. 7 is a flowchart showing the operation of the medical information management system 1 in the login operation.
The terminal device 7 transmits the user ID 31 and the password 32 input by the user to the medical information management server 5 (step 101). The terminal device 7 captures the face image 43 of the user by the photographing unit 28 and transmits it to the medical information management server 5 (step 102).
The medical information management server 5 refers to the authentication table 30 and performs authentication based on the user ID 31 and the password 32 (step 103).
If the authentication is successful (YES in step 104), the terminal device 7 logs in (step 105).

  When the authentication is successful (YES in step 104) or when the face image 43 is stored even if the authentication fails (NO in step 104 and YES in step 106), the medical information management server 5 stores the face image in the history table 40. 43 is registered (step 107). The medical information management server 5 updates the history table 40 for the login operation (step 108).

  The face image 43 is shot after the user ID 31 and the password 32 are input. However, the shooting timing of the face image 43 is not limited to this. The face image 43 may be taken before the user ID 31 and the password 32 are input (at the time of activation). Alternatively, the face image 43 may be taken by the terminal device 7 immediately before the medical information management server 5 registers the face image 43 in the history table 40 (step 110).

  Further, although the authentication process (step 103) has been described as being performed using the user ID 31 and the password 32, authentication using the face image 43 may be performed (step 109). Details of the face image authentication will be described later with reference to FIG.

Through the above process, the medical information management system 1 holds the login operation history and also holds the user's face image at the time of the login operation and before and after the login operation. Access verification).
Further, the medical information management system 1 can be set so that the face image 43 is stored when the authentication is successful and the face image is not stored when the authentication is unsuccessful (NO in step 104 and NO in step 106). Thereby, the storage area of the face image 43 can be saved. Note that the case of authentication failure (NO in step 104) is a case where the user cannot log in even though he / she intends to log in.

(3-2. Operation 45 for Medical Device 9)
FIG. 8 is a flowchart showing the operation of the medical information management system 1 in the operation 45 for the medical device 9.
The terminal device 7 starts an operation 45 with respect to the medical device 9 according to a user's operation instruction (step 201). The terminal device 7 captures the face image 43 of the user by the photographing unit 28 and transmits it to the medical information management server 5 (step 202).
The medical information management server 5 refers to the authority table 50 and determines whether the operation is permitted or not based on the user ID 31, the medical device 9, and the operation 45 (step 203).
When the operation is permitted (YES in Step 204), the terminal device 7 executes the operation 45 of the medical device 9 (Step 205).

  When the operation is permitted (YES in step 204) or the face image 43 is stored even when the operation is not possible (NO in step 204 and YES in step 206), the medical information management server 5 stores the face image 43 in the history table 40. Is registered (step 207). The medical information management server 5 updates the history table 40 for the operation 45 of the medical device 9 (step 208).

  Note that although it has been described that photographing of the face image 43 is performed before the operation permission / rejection determination, the photographing timing of the face image 43 is not limited to this. Immediately before the face information 43 is registered in the history table 40 in the medical information management server 5, the face image 43 may be taken in the terminal device 7 (step 210).

  Further, authentication with the face image 43 may be performed at the time of the operation permission determination process (step 203), and the operation permission / rejection may be determined in consideration of the face image authentication result (step 209). Details of the face image authentication will be described later with reference to FIG.

Through the above process, the medical information management system 1 holds the history of the operation 45 of the medical device 9 and also holds the face image of the user before and after the operation of the medical device 9. Operation verification (for example, impersonation and unauthorized access verification) can be performed.
Further, the medical information management system 1 can be set so that the face image 43 is saved when the operation is permitted and the face image is not saved when the operation is impossible (NO in step 204 and NO in step 206). Thereby, the storage area of the face image 43 can be saved. The case where the operation is impossible (NO in step 204) is a case where the operation is not actually executed even if there is an intention of the operation.

(3-3. Face image authentication)
FIG. 9 is a flowchart showing the operation of the medical information management system 1 in face image authentication (step 109 in FIG. 7).
The medical information management server 5 registers the face image 33 for authentication in the authentication table 30 (step 301).
The terminal device 7 captures the face image 43 (step 302).
The medical information management server 5 refers to the authentication table 30 and performs authentication based on the face image 43 (step 303).

The registration of the face image 33 in step 301 may be registered in advance as in the case of the user ID 31 and password 32, or may be registered based on the face image 43 recorded in the history table 40. Good.
In FIG. 9, the processing of step 301 to step 303 is illustrated to be performed in time series, but the processing of step 301 does not have to be performed immediately before the processing of step 302 and step 303. If it is before performing the process of step 303, the registration process of the face image 33 of step 301 can be performed at an arbitrary timing.

As described above, the medical information management system 1 performs authentication by comparing the face image for authentication 33 registered in advance with the face image 43 obtained by photographing an actual user, so that the authentication accuracy can be improved.
Further, it can be applied not only to authentication of a user of a medical device but also to confirmation of a subject. Thereby, it is possible to prevent the subject from being mistaken.

(3-4. Registration of Operation Image 46)
FIG. 10 is a flowchart showing the operation of the medical information management system 1 in the registration process of the operation image 46.
The terminal device 7 performs an operation 45 on the medical device 9 according to a user's operation instruction (step 401). The terminal device 7 shoots the operation image 46 related to the operation status of the medical device 9 by the photographing unit 28 and transmits it to the medical information management server 5 (step 402).
The medical information management server 5 registers the operation image 46 in the history table 40 (step 403).

  Through the above process, the medical information management system 1 captures and stores the operation status in the operation 45 of the medical device 9, so that the operation content can be confirmed and information about the operation content can be disclosed.

(3-5. History verification)
FIG. 11 is a flowchart showing the operation of the medical information management system 1 in the history verification process.

The terminal device 7 transmits the search condition of the history table 40 input by the user to the medical information management server 5 (step 501).
The medical information management server 5 searches the history table 40 based on the search condition sent from the terminal device 7 (step 502). The medical information management server 5 transmits the history information retrieved from the history table 40 to the terminal device 7 (step 503).
The terminal device 7 displays the history information sent from the medical information management server 5 (step 504).

FIG. 12 is a diagram showing an aspect of the verification screen 60 in the history verification process.
On the verification screen 60 displayed on the display unit 24 of the terminal device 7, the verifier inputs the search condition 65 and presses the search button 66.
On the verification screen 60, the face image 61, the operation date and time 62, the operation target 63, and the operation content 64 are displayed in association with each other.
The verifier checks the face image of the user who performed the operation for each medical device 9 and for each operation on the verification screen 60 and verifies the presence or absence of fraud.

Through the above process, the medical information management system 1 displays the operation history together with the face image 61 of the user.
As described above, since the face image can be confirmed together with the operation history information, verification of system use (for example, verification of impersonation and unauthorized access) can be performed efficiently and with high accuracy. For example, it is possible to verify whether or not the operation is performed by the same person by displaying face images in time series for operations performed by one user ID.

(3-6. Shooting of face image 43, part 1)
FIG. 13 is a flowchart showing one aspect of the face image 43 photographing process (step 102 in FIG. 7 and the like).
The terminal device 7 performs imaging by the imaging unit 28 and transmits the imaging data to the medical information management server 5 (step 601). The medical information management server 5 determines whether or not the shooting data sent from the terminal device 7 can be recognized as a face image (step 602). When it is determined by the medical information management server 5 that the captured data cannot be recognized as the face image 43 (NO in step 602), the processing from step 601 is repeated.

  Thus, since the terminal device 7 captures the face image 43 again without proceeding with processing when the face image 43 cannot be acquired, the face image 43 can be photographed without making the user aware of it.

(3-7. Shooting of face image 43, part 2)
FIG. 14 is a flowchart showing one aspect of the face image 43 photographing process (step 102 in FIG. 7 and the like).
The terminal device 7 captures an image using the image capturing unit 28 (step 701), and displays the captured image on the display unit 24 (step 702). When the user instructs to use the captured image displayed on the display unit 24 (YES in step 703), the terminal device 7 transmits the captured data to the medical information management server 5. The medical information management server 5 determines whether or not the shooting data sent from the terminal device 7 can be recognized as a face image (step 704).

  When it is determined by the medical information management server 5 that the captured data cannot be recognized as the face image 43 (NO in step 704), or when the user instructs not to use the captured image displayed on the display unit 24 ( Step 703 NO), the processing from Step 601 is repeated.

  Thus, since the terminal device 7 allows the user to confirm the use of the captured face image 43, the face image 43 can be reliably captured. In addition, unauthorized use can be suppressed by applying psychological pressure to those who attempt fraud.

(4. Effects, etc.)
As described above in detail, according to the medical information management system according to the embodiment of the present invention, authentication and verification relating to system use can be performed efficiently and with high accuracy. It is possible to authenticate with high accuracy by using the face image and to verify the cause of unauthorized use retrospectively by checking the operation history together with the face image. Thereby, various medical information can be protected and safety can be improved.

  The preferred embodiment of the medical information management system according to the present invention has been described above with reference to the accompanying drawings, but the present invention is not limited to such an example. It will be apparent to those skilled in the art that various changes or modifications can be conceived within the scope of the technical idea disclosed in the present application, and these are naturally within the technical scope of the present invention. Understood.

  In addition, although the medical information management system which manages various medical information was demonstrated, it is not restricted to this. Needless to say, the present invention is applicable not only to a medical information management system but also to an information management system for managing various types of information. That is, in the information management system, authentication and verification relating to system use can be performed using face images.

Configuration diagram of medical information management system 1 Hardware configuration diagram of medical information management server 5 Hardware configuration diagram of the terminal device 7 The figure which shows the one aspect | mode of the authentication table 30 The figure which shows the one aspect | mode of the history table 40 The figure which shows the one aspect | mode of the authority table 50 The flowchart which shows operation | movement of the medical information management system 1 in login operation. The flowchart which shows operation | movement of the medical information management system 1 in operation 45 with respect to the medical device 9. The flowchart which shows operation | movement of the medical information management system 1 in face image authentication (step 109 of FIG. 7). The flowchart which shows operation | movement of the medical information management system 1 in the registration process of the operation image 46 The flowchart which shows operation | movement of the medical information management system 1 in a log | history verification process The figure which shows the one aspect | mode of the verification screen 60 in log | history verification processing The flowchart which shows one aspect | mode of the imaging | photography process (step 102 of FIG. 7, etc.) of the face image 43 The flowchart which shows one aspect | mode of the imaging | photography process (step 102 of FIG. 7, etc.) of the face image 43

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ......... Medical information management system 3 ......... Network 5 ......... Medical information management server 7 ......... Terminal device 9 ......... Medical device 11, 21 ......... CPU
12, 22 ......... Memory 13, 23 ......... Storage unit 14, 24 ......... Display unit 28 ......... Photographing unit 30 ......... Authentication table 40 ......... History table 50 ......... Authority tables 33, 43 ……… Face image 46 ……… Operation image 60 ……… Verification screen

Claims (9)

An information management system for authenticating users and managing various information,
Photographing means for photographing a face image of the user at a predetermined operation;
History holding means for holding the face image photographed by the photographing means and the history of the predetermined operation in association with each other;
Presenting means for searching and presenting the history of at least one of the face image and the predetermined operation held by the history holding means;
An information management system comprising: The photographing means further photographs an operation image related to the operation status,
The history holding means further holds the operation image photographed by the photographing means in association with each other,
The information management system according to claim 1, wherein the presenting unit further retrieves and presents the operation image retained by the history retaining unit.   The information management system according to claim 1, wherein the photographing unit performs photographing again when photographing data cannot be recognized as the face image.   4. The photographing apparatus according to claim 1, wherein the photographing unit presents photographing data to the user, and performs photographing again when the user refuses to use the photographing data. Information management system described in 1. Authentication face image holding means for holding an authentication face image corresponding to the face image photographed by the photographing means;
Face image authentication means for authenticating the user by comparing the face image photographed by the photographing means and the face image for authentication;
The information management system according to any one of claims 1 to 4, further comprising: Authority information holding means for holding the authority information of the user for each operation target and each operation;
Based on the authority information held by the authority information holding means, operation permission / rejection determination means for determining operation permission / rejection for each operation target and for each operation;
The information management system according to any one of claims 1 to 5, further comprising:   The information management system according to claim 6, wherein the operation permission / rejection determination unit also performs authentication by the face image authentication unit and determines the operation permission / rejection based on the authentication result.   8. The history storage unit does not store the face image when the user authentication fails or when the operation permission determination unit determines that the operation is not possible. Information management system in any one of. An information management program that allows a computer to function as an information management system that authenticates users and manages various types of information,
Photographing means for photographing a face image of the user at a predetermined operation;
History holding means for holding the photographed face image and the operation history in association with each other;
Presenting means for searching and presenting the face image and the operation history held by the history holding means;
Information management program to function as.

Images