JP2010086080A - Distributed information cooperation system and distributed information cooperation method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To collect a plurality of pieces of personal data managed by a plurality of data servers in real time as necessary, and to make it unnecessary to provide any large-scale facility or to perform any high level security management, and to efficiently perform registration processing of inter-user information cooperation information with high scalability. <P>SOLUTION: In user registration server USV, when a user end batch registration request is transmitted from a user terminal UT, ID cooperation information for cooperating inter-user IDs owned by each of the other servers cooperatively with an authentication server ASV is generated, and the generated ID cooperation information is transmitted to data servers DSV1 to DSVn and service cooperation servers SSV1 to SSVn, and registered. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  This invention distributes personal data related to medical care, etc. managed by a plurality of databases held by medical institutions, health-related institutions, exercise-related facilities, etc. via a communication network in response to the request of the person, etc. The present invention relates to an information linkage system and a distributed information linkage method.

  When a person becomes ill or feels anxious about his / her health, he / she may visit different medical institutions depending on the symptoms. Even if the symptoms are the same, if you are affected by a relocation or business trip, you will see a different medical institution. As a result, information related to medical treatment or the like of a single patient is distributed and managed in a plurality of medical institutions.

  By the way, EHR (Electronic Health Recode) that collects information related to medical care of a single patient managed by multiple medical institutions through a communication network recently and is useful for medical treatment and medication at remote locations. A system has been proposed. This system periodically collects various medical data related to a specific patient from, for example, databases held by a plurality of medical institutions, and stores the collected medical data in a centralized management database to enable browsing. (For example, see Patent Document 1)

Japanese Patent No. 3903588

  However, this conventionally proposed system collects each medical data managed by a plurality of institutions, for example, monthly by batch processing at night. For this reason, depending on the collection timing, the medical data may be outdated and may not correspond to the current patient condition. That is, there is a difficulty in real-time property for information collection. In addition, since medical data is the highest personal data, strict security management is required for institutions that have a centralized management database. For this reason, the burden on the facilities and management of the engine becomes large, which hinders the spread of the system. Furthermore, since the load is concentrated on the centralized management database, it is difficult to respond to the demand for an increase in the number of users and the number of data servers managing medical data, and there is a difficulty in scalability.

  The present invention has been made paying attention to the above circumstances, and the object of the present invention is to collect a plurality of personal data managed by a plurality of data servers in real time when necessary, and to provide a large-scale facility and advanced It is an object of the present invention to provide a distributed information linkage system and a distributed information linkage method that do not require security management, are scalable, and can efficiently register linkage information between user information.

  In order to achieve the above object, one aspect of the present invention is that a plurality of data servers that manage personal data for each user, a service cooperation server, an authentication server, and a user terminal can be connected via a communication network. And, in response to an information acquisition request from the user terminal, cooperation information for linking user information managed by the plurality of data servers, service cooperation server and authentication server, and the authentication server Based on the user authentication information, the service cooperation server collects the personal data of the user from the plurality of data servers, and distributes the collected personal data to the requesting user terminal via the communication network. And at least the plurality of data servers, service cooperation servers, and authentication servers. Further comprising a user registration server connectable through the communication network to. And the cooperation management means is provided in the user registration server, and in response to the user batch registration request sent from the user terminal, the cooperation management means generates cooperation information in cooperation with the authentication server. The cooperation information is transmitted to the plurality of data servers, the service cooperation server, and the authentication server via the communication network and registered.

  Therefore, when an information acquisition request is sent from the user terminal, each data server is operated by the service cooperation server based on the cooperation information for linking the registered user information and the user authentication information managed by the authentication server. From the above, personal data of the user is collected, and the collected personal data is distributed to the requesting user terminal. For this reason, the user can acquire personal data relating to the user in real time. In addition, since personal data is collected from each data server each time it is requested, a database for centrally managing personal data becomes unnecessary. This reduces the burden on facilities and management when trying to provide a distributed distribution service, and responds to requests for an increase in the number of users and the number of data servers managing medical data. This makes it possible to provide a scalable system.

However, when the service cooperation server collects personal data from a plurality of databases, user information such as a user ID for accessing the personal data in each database is required. However, if the service cooperation server manages user information such as a user ID that can directly access the database used in each database, there is a possibility that the range of data leakage becomes wide when unauthorized access is received. It is a high information security problem.
Therefore, instead of managing user information such as user IDs used in each database outside the database, a method of collecting personal data using a user ID for cooperation, that is, ID cooperation information, is considered. (For example, refer to JP 2007-299303 A). However, in order to perform such ID linkage processing, it is necessary to set linkage information in advance in each server. However, since the linkage information has to be set individually for each server, it takes time and effort to make a setting error.

  The present invention has been made paying attention to the above points, and cooperation information for linking user management information to all servers is collectively registered by a user registration server. For this reason, linkage information can be registered very efficiently, and even an unfamiliar user or operator can register without error.

The present invention is also characterized by including various specific embodiments as follows.
In the first embodiment, when registering cooperation information, the user registration server responds to a plurality of data servers, service cooperation servers, and authentication servers in response to a user batch registration request sent from the user terminal. Inquiries are made via the communication network as to whether or not the cooperation information relating to the requesting user has been registered. As a result of this inquiry, when it is determined that the cooperation information related to the requesting user is unregistered, the user registration server requests the authentication server to generate the cooperation information, and the generated cooperation information is Obtained from the authentication server, the user registration server transmits the obtained cooperation information to the unregistered data server, service cooperation server, and authentication server via the communication network for registration.
In this way, it is possible to execute the new registration procedure for cooperation information only when the cooperation information related to the requesting user is unregistered.

In the second embodiment, when the cooperation information is registered, if it is determined that the cooperation information related to the user who has requested the inquiry is already registered, the user registration server collects the users from the user terminal. If the content of the registration request is an update, an update request including information indicating the update content is transmitted to the registered data server, service cooperation server, and authentication server via the communication network.
If it does in this way, the update process of cooperation information can be performed with respect to the registered user information.

In the third embodiment, when registering linkage information, if the content of a batch registration request from a user terminal is deleted, the user registration server sends a deletion request to the registered data via the communication network. It is transmitted to the server, the service cooperation server, and the authentication server.
In this way, it is possible to delete registered cooperation information.

In the fourth embodiment, a disclosure setting request is transmitted from a user terminal to a user registration server via a communication network, and the user registration server specifies whether to permit disclosure of personal data included in the sent disclosure setting request. The disclosure setting information for this purpose is further transmitted to the corresponding data server via the communication network together with the linkage information to be set.
If it does in this way, it will become possible to perform the disclosure setting process with respect to personal data with respect to a data server simultaneously with the collective registration process of cooperation information, and, thereby, the registration process and disclosure setting process of cooperation information can be performed efficiently.

In the fifth embodiment, a communication path used for registration of cooperation information and setting of disclosure setting information is made different from a communication path used for collection and distribution of the personal data in the communication network.
By doing so, it is possible to perform data transfer for registration of cooperation information and setting of disclosure setting information independently of data transfer for collection and distribution of personal data. As a result, it is possible to perform registration or setting processing that is stable and highly reliable under high security management without being affected by the communication traffic of the path used for collection and distribution of personal data.

  That is, according to the present invention, a plurality of pieces of information managed by a plurality of data servers can be collected in real time when necessary, and there is no need for large-scale equipment and high-level security management, and there is scalability. It is possible to provide a distributed information linkage system and a distributed information linkage method that can efficiently perform registration processing of the linkage information.

Hereinafter, an embodiment according to the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing the overall configuration of a distributed information cooperation system according to an embodiment of the present invention. The distributed information linkage system of this embodiment includes a plurality of data servers DSV1 to DSVn operated by medical institutions, health related organizations, exercise related facilities, etc., a plurality (m units) of service linkage servers SSV1 to SSVm, and a portal server PSV. And an authentication server ASV and a user registration server USV, and a communication network NW between these servers DS1 to DSn, SSV1 to SSVm, PSV, ASV, USV and between these servers and the user terminal UT It is possible to communicate via this. Note that n is the number of data servers and is a natural number (positive integer), and m is the number of server cooperation servers and is a natural number (positive integer).

  The user terminal UT is used for general user terminals such as patients used at home, etc., and for doctors, public health nurses, pharmacists, etc. to obtain medical data of patients at the request of patients. And an operator console terminal (not shown) provided in the user registration server USV.

  The communication network NW includes, for example, an IP (Internet Protocol) network represented by the Internet and a plurality of access networks for accessing the IP network. As the access network, for example, a LAN (Local Area Network), a wireless LAN, a mobile phone network, a wired phone network, and a CATV (Cable Television) network are used.

  The data servers DSV1 to DSVn are obtained by connecting a program memory, a data memory, and a communication interface to a central control unit (CPU) via a bus. As a function module thereof, a user setting processing module 11 and a database group 12, a cooperation processing module 13, and an application processing module 14.

  FIG. 2 is a block diagram showing a specific configuration of these functional modules. The database group 12 includes an ID linkage database (ID linkage DB) 121, a user database (user DB) 122, a disclosure setting database (disclosure setting DB) 123, and an application database (application DB) 124. The user DB 122 stores user information for identifying and managing each user. The user information includes a user ID, basic user information, user attributes, and the like. The application DB 124 stores each user's health guidance information and health diagnosis information in association with the user ID. The ID cooperation DB 121 stores ID cooperation information requested for registration from the user registration server USV. At this time, the ID linkage information is information for accessing personal data of a user who has the server from another server. The disclosure setting DB 123 stores disclosure setting information for setting to whom personal information of the user stored in the application DB 124, that is, health guidance information and health diagnosis information, is disclosed to whom.

  In response to a request from the user registration server USV, the user setting processing module 11 searches its own ID linkage DB 121 and user DB 122, registers or deletes ID linkage information in the ID linkage DB 121, and registers user information in the user DB 122. Or it deletes and responds the result to the user registration server USV, and includes the cooperation infrastructure distribution unit 111 and the individual custom unit 112.

  For example, in the case of a search request, the link infrastructure distribution unit 111 searches the ID link DB 121, searches the user DB 122 via the individual custom unit 112 as necessary, and returns each search result to the user registration server USV. . The individual custom unit 112 searches the user DB 122 in response to a request from the cooperation platform distribution unit 111 and returns the search result to the cooperation platform distribution unit 111. In the case of a registration request, the cooperation infrastructure distribution unit 111 stores the ID cooperation information requested for registration in the ID cooperation DB 121 and stores the user information in the user DB 122 via the individual custom unit 112. In the case of a deletion request, the deletion target ID cooperation information and user information stored in the ID cooperation DB 121 and the user DB 122 are deleted.

  The cooperation processing module 13 acquires authentication information from the authentication server ASV, and uses the ID cooperation DB 121 to exchange attributes with other data servers DSV, service cooperation servers SSV1 to SSVm, or portal server PSV (distribution of personal data). Authentication linkage unit 131 having a function such as SP in SAML (Security Assertion Markup Language), and attribute exchange unit 132 having a function such as WSC (Web Service Consumer) in ID-WSF (Identity Web Service Framework) With. ID-WSF (Identity Web Service Framework) and SAML (Secure Assertion Markup Language) are specifications for Web Service defined by the Liberty Alliance.

  The application processing module 14 uses the user DB 122, the disclosure setting DB 123, and the application DB 124 to perform a disclosure setting process based on a disclosure setting request, a data providing process for the service cooperation servers SSV1 to SSVm, and a disclosure control. A connection unit 145, a data providing unit 144, a disclosure setting unit 142, and a disclosure control unit 143 are provided.

  The EHR PF connection unit 145 makes it easy to use the authentication cooperation unit 131 or the attribute exchange unit 132 from the application 141. The data providing unit 144 receives requests from the service cooperation servers SSV1 to SSVm through the authentication cooperation unit 131 and the attribute exchange unit 132, searches the application DB 124 for data corresponding to the request, and uses the search data as the attribute exchange unit. It is returned to the service cooperation servers SSV1 to SSVm through 132. The disclosure setting unit 142 adds, updates, or deletes the disclosure setting information in the disclosure setting DB 123 in response to a request from the user registration server USV or the service cooperation servers SSV1 to SSVm. When receiving a data collection request from the service cooperation servers SSV1 to SSVm, the disclosure control unit 143 indicates whether or not to transmit personal data to the service cooperation servers SSV1 to SSVm in the disclosure setting information stored in the disclosure setting DB 123. Control based on.

  The application processing module 14 includes an application 141 for performing specific health guidance based on personal data stored in the application DB 124, that is, health guidance information and health diagnosis information. The application 141 can use each of the functional modules in the data server according to the EHR PF connection unit 145, and can create other parts freely.

  The portal server PSV also has a program memory, a data memory, and a communication interface connected to the CPU via a bus. As its functional modules, a user setting processing module 21, an ID linkage database (ID linkage DB) 22, and linkage processing are provided. A module 23 and a user operation module 24 are provided.

  FIG. 3 is a block diagram showing a specific configuration of each functional module of the portal server PSV. The ID cooperation DB 22 stores ID cooperation information requested for registration from the user registration server USV. The user setting processing module 21 has a cooperation infrastructure distribution unit. When the request from the user registration server USV is a search request, the cooperation base distribution unit searches its own ID cooperation DB 22 and returns the search result to the user registration server USV. When the request from the user registration server USV is a registration request, the cooperation platform distribution unit stores the ID cooperation information requested for registration in the ID cooperation DB 22. On the other hand, when the request from the user registration server USV is a deletion request, the deletion target ID linkage information stored in the ID linkage DB 22 is deleted.

  The cooperation processing module 23 acquires authentication information from the authentication server ASV, and performs attribute exchange with the data servers DSV1 to DSVn, the service cooperation servers SSV1 to SSVm, or other portal servers using the ID cooperation DB22. Has an authentication collaboration unit. This authentication cooperation unit requests authentication from the authentication unit of the authentication server ASV when receiving a login request of the user through the user operation screen. The user operation module 24 includes a plurality of user operation units 241 to 24N. Each of these operation units processes user operations on the user terminal UT. N is the number of user operation units, which is a natural number (a positive integer).

  The authentication server ASV also has a program memory, a data memory, and a communication interface connected to the CPU via a bus, and as its functional modules, a user setting processing module 31, a database group 32, a cooperation processing module 33, an authentication And a processing module 34.

  FIG. 4 is a block diagram showing a specific configuration of the functional module of the authentication server ASV. The database group 32 includes an ID linkage database (ID linkage DB) 321, a user database (user DB) 322, and a directory database (directory DB) 323. The user DB 322 stores user information for identifying and managing each user. The ID cooperation DB 321 stores ID cooperation information requested to be registered by the user registration server USV. This ID linkage information is set for each server for each user. The directory DB 323 stores directory data representing the location of personal data.

  In response to a request from the user registration server USV, the user setting processing module 31 searches its own ID linkage DB 321 and user DB 322, registers or deletes ID linkage information in the ID linkage DB 321, and registers user information in the user DB 322. Or it deletes and responds the search result with respect to the user registration server USV, and has the cooperation infrastructure distribution part 311 and the individual custom part 312.

  For example, in the case of a search request, the linkage infrastructure distribution unit 311 searches the ID linkage DB 321 and searches user information via the individual custom unit 312 as necessary, and returns these search results to the user registration server USV. . The individual custom unit 312 searches the user DB 322 in response to a search request from the cooperation infrastructure distribution unit 311 and returns the search result to the cooperation infrastructure distribution unit 311. In the case of a registration request, the cooperation platform distribution unit 311 stores the ID cooperation information requested for registration in the ID cooperation DB 321 and stores the user information in the user DB 322 via the individual custom unit 312. In the case of a deletion request, the deletion target ID cooperation information and user information stored in the ID cooperation DB 321 and the user DB 322 are deleted.

  The cooperation processing module 33 provides authentication information and directory service to the data servers DSV1 to DSVn, the service cooperation servers SSV1 to SSVm, and the portal server PSV using the user DB 322, the ID cooperation DB 321 and the directory DB 323. , An attribute exchange unit 331 and an authentication cooperation unit 332. The attribute exchange unit 331 has an SP (Service Provider) function in ID-WSF, for example, and provides a directory service using the directory DB 323. The authentication cooperation unit 332 has a function such as IDP (Identity Provider) in SAML.

  The authentication processing module 34 performs authentication processing for the user and has an authentication unit. The authentication unit authenticates the validity of the user by referring to the user DB 322 based on the user information input by the user at the user terminal UT. As the authentication method, ID / password authentication, public key infrastructure (PKI) authentication, multi-factor authentication, or the like is used.

  The service cooperation servers SSV1 to SSVm also have a CPU connected with a program memory, a data memory, and a communication interface via a bus. As the function modules, a user setting processing module 41, a database group 42, a cooperation processing module 43, The application processing module 44 is provided.

  FIG. 5 is a block diagram showing a specific configuration of functional modules of the service cooperation servers SSV1 to SSVm. The database group 42 is provided with an ID linkage database (ID linkage DB) 421 and a user database (user DB) 422. The ID cooperation DB 421 stores ID cooperation information requested for registration from the user registration server USV. The user DB 422 stores user information for identifying and managing each user.

  In response to a search request from the user registration server USV, the user setting processing module 41 searches its own ID linkage DB 421 and user DB 422, registers or deletes ID linkage information in the ID linkage DB 421, and stores user information in the user DB 422. Registration or deletion is performed, and the search result is returned to the user registration server USV, which includes a cooperation infrastructure distribution unit 411 and an individual custom unit 412.

  For example, in the case of a search request, the link infrastructure distribution unit 411 searches the ID link DB 421 and searches the user DB 422 via the individual custom unit 412 as necessary, and returns each search result to the user registration server USV. . The individual custom unit 412 searches the user DB 422 in response to a search request from the cooperation infrastructure distribution unit 411 and returns the search result to the cooperation infrastructure distribution unit 411. In the case of a registration request, the cooperation platform distribution unit 411 stores the ID cooperation information requested for registration in the ID cooperation DB 421 and stores the user information in the user DB 422 via the individual custom unit 412. In the case of a deletion request, the deletion target ID linkage information and user information stored in the ID linkage DB 421 and the user DB 422 are deleted.

  The cooperation processing module 43 acquires authentication information from the authentication server, and uses the ID cooperation DB 421 to exchange attributes with the data servers DSV1 to DSVn, other service cooperation servers SSV, or the portal server PSV. It has a cooperation unit 431 and an attribute exchange 432. The authentication cooperation unit 431 has a function such as SP in SAML. The attribute exchange 432 has a function such as WSC in ID-WSF.

  The application processing module 44 uses the user DB 422 to request the data server DSV1 to DSVn to set disclosure of personal data and collect personal data. The EHR platform connection unit (EHR PF connection unit) 444, A data collection unit 443 and a disclosure setting request unit 442 are provided. The EHR PF connection unit 444 makes it easy to use the authentication cooperation unit 431 or the attribute exchange unit 432 from the application 441. The data collection unit 443 sets extraction conditions for personal data collected from the data servers DSV1 to DSVn according to the user's specification, and sends a data collection request to the data servers DSV1 to DSVn through the authentication cooperation unit 431 and the attribute exchange unit 432. Send. The disclosure setting request unit 442 requests the data servers DSV1 to DSVn to add, update, or delete the disclosure setting information in the disclosure setting DB in response to a disclosure setting request from the user.

  In addition, the application processing module 44 includes an application 441 for performing a list reference service of various medical / health information related to individuals. The application 441 can use each of the functional modules in the service cooperation server according to the EHR PF connection unit 444, and can create other parts freely.

  The user registration server USV also has a CPU connected with a program memory, a data memory and a communication interface via a bus. As a function module thereof, a user setting processing module 51 and a user database for storing user information of each user. (User DB) 52 and a user operation processing module 53 are provided.

  FIG. 6 is a block diagram showing a specific configuration of functional modules provided in the user registration server USV. The user setting processing module 51 includes a user management unit 511, an ID linkage management unit 512, a service association management unit 513, an anonymous ID management unit 514, and a user search unit 515.

The user management unit 511 updates its own user DB 52 in accordance with an operation from the user (operator), and also registers, updates, or deletes the user from the authentication server ASV, the data servers DSV1 to DSVn, and the service cooperation servers SSV1 to SSVm. Request.
The ID linkage management unit 512 manages the user ID managed by the user DB 52 according to the operation of the user (operator) and the user IDs managed by the authentication server ASV, the data servers DSV1 to DSVn, and the service linkage servers SSV1 to SSVm, respectively. Perform the association and release processing.

The service association management unit 513 requests the authentication server ASV to register / cancel service related information in order to make the data servers DSV1 to DSVn usable / unusable in accordance with a user (operator) operation.
The anonymous ID management unit 514 uses an anonymous ID (such as SAML) as the user ID or the user ID for the authentication server ASV, the data servers DSV1 to DSVn, and the service cooperation servers SSV1 to SSVm according to the operation of the user (operator). To an anonymous ID (such as SAML).

The user search unit 515 searches the user DB 52 managed by the user (operator) according to the operation of the user (operator) and at the specified conditions for the authentication server ASV, the data servers DSV1 to DSVn, and the service cooperation servers SSV1 to SSVm. Request user search.
The user operation processing module 53 processes an operation by a user, and efficiently calls each function unit according to a business flow.

Next, the distributed information collection operation by the system configured as described above will be described.
(1) Batch registration processing of user information and associated information
Here, for example, a staff member (operator) of a local government medical information center operates a console terminal provided in the user registration server USV to designate one or more specified authentication servers ASV, data servers DSV1 to DSVn, and service cooperation server SSV1. A case where user information registration processing is performed for SSVm or portal server PSV will be described as an example.

8 to 10 are sequence diagrams showing a procedure of batch registration processing of the user information and its cooperation information.
(A) First, in the console terminal, when an operator accesses a predetermined URL (Uniform Resource Locator) of the user registration server USV, a user batch registration screen is downloaded from the user registration server USV to the console terminal and displayed. FIG. 7 shows an example of the displayed user batch registration screen.
In this state, the operator sequentially selects and designates the data servers DSV1 to DSVn, the service cooperation servers SSV1 to SSVm and the like to be registered, and inputs user information (user ID, basic user information, user attributes, etc.) to be searched. . Note that a user search screen can be used when inputting the user information.

(B) Using the user information input by the operator, the user registration server USV has already registered the corresponding user information for each of the data servers DSV1 to DSVn as shown in FIG. Make a search request for no.
(C) As a result of this search, if the user information of the user to be registered already exists in the search result list of the data servers DSV1 to DSVn and the service cooperation servers SSV1 to SSVm, the user is selected. On the other hand, if it does not exist, the operator manually inputs the user information of the user to be registered.

  (D) The operator repeats the processes (A) to (C) for all the data servers DSV1 to DSVn to be registered, and requests batch registration after all operations are completed. This batch registration request is sent from the console terminal to the user registration server USV as shown in FIG.

  (E) When the collective registration request is sent from the console terminal, the user registration server USV requests the user registration to the authentication server ASV by the user management unit 511 as shown in FIG. In response to this request, the authentication server ASV searches the ID link information and the user information by the link base distribution unit 311 and the individual custom unit 312 and returns the user ID held by itself to the user registration server USV.

  (F) The user registration server USV uses the user ID returned from the authentication server ASV to request the authentication server ASV to register ID linkage information using the ID linkage management unit 512. In response to this request, the authentication server ASV issues an anonymous ID and returns it to the user registration server USV.

  (G) Next, the user registration server USV requests user registration to one of the service cooperation servers SSV1 to SSVm as shown in FIG. In response to this request, the service cooperation servers SSV1 to SSVm search the ID cooperation information and the user information by the cooperation base distribution unit 411 and the individual custom unit 412 and return the user ID held by the service cooperation server SSV1 to the user registration server USV. .

(H) The user registration server USV uses the user ID returned from the service cooperation server SSV1 to SSVm by the ID cooperation management unit 512 and the anonymous ID acquired from the authentication server ASV in (1-6) above. The registration of ID cooperation information is requested to the service cooperation servers SSV1 to SSVm. In response to this request, the service cooperation servers SSV1 to SSVm store the ID cooperation information in the ID cooperation DB 421.
(I) The user registration server USV repeats the processes (G) and (H) for the number of service cooperation servers SSV1 to SSVm.

  (J) Next, when the user information to be registered is not registered in the data servers DSV1 to DSVn by the user management unit 511, the user registration server USV corresponds to one of the data servers DSV1 to DSVn as shown in FIG. Request user registration. In response to this request, the data servers DSV1 to DSVn search the ID link information and the user information by the link base distribution unit 111 and the individual custom unit 112, and return the user ID held by the server to the user registration server USV.

  (K) Further, the user registration server USV requests the ID server ASV to register the ID link information by the ID link manager 512 using the user ID returned from the authentication server ASV in (E) above. In response to this request, the authentication server ASV issues an anonymous ID and returns it to the user registration server USV.

  (L) Next, the user registration server USV receives the user ID returned from the data servers DSV1 to DSVn by (J) and the anonymous ID acquired from the authentication server ASV in (K) by the ID cooperation management unit 512. And requests registration of ID linkage information to the data servers DSV1 to DSVn. In response to this request, the data servers DSV1 to DSVn store the ID linkage information in the ID linkage DB 121.

(M) At the same time, the user registration server USV uses the user ID returned from the authentication server ASV according to (1-5) above to the authentication server ASV by the service association management unit 513 as shown in FIG. The service association of the data servers DSV1 to DSVn is requested. Upon receiving this request, the data servers DSV1 to DSVn store information related to the service association.
(N) The user registration server USV repeats the processes (K) to (M) as many times as the number of data servers DSV1 to DSVn.
(O) When the above processing is completed, the user registration server USV transmits information indicating the user registration result to the console terminal of the registration request source as shown in FIG.

(2) User ID / anonymous ID inquiry process The process of inquiring about the anonymous ID used for cooperation between servers based on the user ID and the process of inquiring the user ID based on the anonymous ID Will be explained. By combining these processing functions, it is possible to convert user IDs between servers.
FIG. 11 is a sequence diagram showing the procedure of the user ID / anonymous ID inquiry process.

(2-1) Inquiry of anonymous ID from user ID
(A) In the console terminal, the operator displays an inquiry target server (authentication server ASV, data servers DSV1 to DSVn, service cooperation server SSV1) while the user ID / anonymous ID inquiry screen is displayed as illustrated in FIG. To SSVn, portal server PSV), and a user ID and a cooperation destination server (authentication server ASV, data servers DSV1 to DSVn, service cooperation servers SSV1 to SSVn, portal server PSV), respectively.

  (B) On the other hand, the user registration server USV transmits a user ID / anonymous ID conversion processing request to the cooperation infrastructure distribution units 111, 311, and 411 of the servers specified by the operator. If the proxy server is set in the user registration server USV, the request is transmitted via the proxy server PSV.

  (C) Upon receiving a request from the user registration server USV, the link infrastructure distribution units 111, 311 and 411 of each server refer to the ID link DBs 121, 321, and 421, and use the user ID as a key and the corresponding anonymous ID. The read anonymous ID is returned to the user registration server USV.

(D) The user registration server USV receives a conversion result for the requested user ID / anonymous ID conversion processing request from the cooperation platform distribution units 111, 311 and 411 of the server.
(E) The user registration server USV transmits the conversion result from the received user ID to the anonymous ID to the console terminal for display.

(2-2) Inquiry from anonymous ID to user ID
(A) In the console terminal, the operator displays an inquiry target server (authentication server ASV, data servers DSV1 to DSVn, service cooperation server SSV1) while the user ID / anonymous ID inquiry screen is displayed as illustrated in FIG. To SSVn, portal server PSV), and a user ID and a cooperation destination server (authentication server ASV, data servers DSV1 to DSVn, service cooperation servers SSV1 to SSVn, portal server PSV), respectively.

  (B) On the other hand, the user registration server USV transmits an anonymous ID / user ID conversion processing request to the cooperation infrastructure distribution units 111, 311 and 411 of the servers specified by the operator. If the proxy server is set in the user registration server USV, the request is transmitted via the proxy server PSV.

  (C) Upon receiving the request from the user registration server USV, the link infrastructure distribution units 111, 311 and 411 of each server refer to the ID link DBs 121, 321, and 421, and the corresponding user ID is set using the anonymous ID as a key. The read user ID is returned to the user registration server USV.

(D) The user registration server USV receives the conversion result for the requested anonymous ID / user ID conversion processing request from the cooperation platform distribution units 111, 311 and 411 of the server.
(E) The user registration server USV transmits the conversion result from the received anonymous ID to the user ID to the console terminal and displays it.

(3) Process for Performing Disclosure Setting Simultaneously with User Registration FIG. 12 is a diagram showing a sequence of a process for performing disclosure setting simultaneously with this user registration.
Additional information can be held for general use with a combination of “key = value” in the request sent from the user registration server USV to the authentication server ASV, the data servers DSV1 to DSVn, the service cooperation servers SSV1 to SSVn, and the portal server PSV. Form.

The following procedure is added to the procedure for batch registration processing of user information and associated information described in (1) above.
First, when the corresponding user is a user registered in the data servers DSV1 to DSVn, the user registration server USV requests the service cooperation servers SSV1 to SSVn to provide the disclosure setting information of the corresponding user, and the result is displayed. Send to console terminal. In the console terminal, the operator inputs additional disclosure setting information for the user. When the user registration server USV makes a user registration request to the data servers DSV1 to DSVn, “disclosure setting information = add: userA” is embedded in the request as additional information.

  When the data servers DSV1 to DSVn receive a request for user registration, update, or deletion from the user registration server USV, the data servers DSV1 to DSVn determine whether or not the disclosure setting information is included in the additional information embedded in the request. If the user attribute is included in the additional information, based on this information, a process for adding, updating, or deleting the disclosure setting information to its own disclosure setting DB 123 is performed.

  The user registration process, the ID conversion process, and the disclosure setting process described in (1) to (3) are all performed by the service cooperation servers SSV1 to SSVn from the data servers DSV1 to DSVn on the communication network NW. This is performed via a communication channel dedicated for registration and setting, which is different from the communication channel used for collecting and distributing to the user terminal UT.

  As described above, in this embodiment, in the user registration server USV, when a user batch registration request is sent from the user terminal UT, user IDs held by other servers in cooperation with the authentication server ASV. ID linkage information for linking each other is generated, and the generated ID linkage information is transmitted and registered to the data servers DSV1 to DSVn and the service linkage servers SSV1 to SSVn, respectively.

  Therefore, based on the ID linkage information for linking user IDs registered in each server and the user authentication information managed by the authentication server ASV, the service linkage servers SSV1 to SSVn perform the data servers DSV1 to DSVn. The personal data of the user is collected from this, and the collected personal data is distributed to the requesting user terminal UT. For this reason, the user can acquire personal data relating to the user in real time. In addition, since personal data is collected from each data server each time it is requested, a database for centrally managing personal data becomes unnecessary. This reduces the burden on facilities and management when trying to provide a distributed distribution service, and responds to requests for an increase in the number of users and the number of data servers managing medical data. This makes it possible to provide a scalable system.

  In addition, the ID registration information for linking user information to all servers is collectively registered by the user registration server USV. For this reason, ID linkage information can be registered very efficiently, and even an unfamiliar user or operator can register without error.

  Furthermore, in this embodiment, the disclosure setting process of personal data for each of the data servers DSV1 to DSVn is performed simultaneously with the user batch registration process. For this reason, the disclosure setting process can be performed more efficiently than when the disclosure setting process is performed separately from the user batch registration process.

  The present invention is not limited to the above embodiment. For example, the portal server PSV may or may not be provided, and the service cooperation server may be a plurality or one. In addition, the configuration of the user registration server, data server, service cooperation server, and authentication server, the procedure and contents of the user batch registration process, the procedure and contents of the disclosure setting process, and the like can be variously within the scope of the present invention. It can be implemented with deformation.

  In short, the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Further, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, you may combine suitably the component covering different embodiment.

1 is a block diagram showing an overall configuration of a distributed information cooperation system according to an embodiment of the present invention. It is a block diagram which shows the function structure of the data server in the distributed information cooperation system shown in FIG. It is a block diagram which shows the function structure of the portal server in the distributed information cooperation system shown in FIG. It is a block diagram which shows the function structure of the authentication server in the distributed information cooperation system shown in FIG. It is a block diagram which shows the function structure of the service cooperation server in the distributed information cooperation system shown in FIG. It is a block diagram which shows the function structure of the user registration server USV in the distributed information cooperation system shown in FIG. It is a figure which shows an example of the user operation screen used in a user's batch registration process. It is a sequence diagram which shows the process sequence and process content of the first half part of a user's batch registration process. It is a sequence diagram which shows the process sequence and process content of the intermediate part of a user's batch registration process. It is a sequence diagram which shows the process sequence and process content of the latter half part of a user's batch registration process. It is a sequence diagram which shows the process sequence and process content of a user ID / anonymous ID inquiry process. It is a sequence diagram which shows the process sequence and process content when performing disclosure setting simultaneously with user registration.

Explanation of symbols

  DSV1 to DSVn ... data server, PSV ... portal server, ASV ... authentication server, SSV1-SSVm ... service cooperation server, USV ... user registration server USV, UT ... user terminal, NW ... communication network, 11, 21, 31, 41 , 51 ... User setting module, 12, 22, 32, 42, 52 ... Database group, 13, 23, 33, 43 ... Cooperation processing module, 14, 44 ... Application processing module, 24, 53 ... User operation processing module, 34 ... Authentication processing module, 111, 211, 311, 411 ... Cooperation infrastructure distribution part, 112, 312, 412 ... Individual custom part, 121, 22, 321, 421 ... ID cooperation database, 122, 322, 422, 52 ... User Database, 123 ... Disclosure setting database, 124 ... Application ,..., Directory database, 131, 231, 332, 431, authentication cooperation unit, 132, 331, 432, attribute exchange unit, 141, 441, application, 142, disclosure setting unit, 143, disclosure control unit, 144 ... Data providing unit, 241 to 24n ... User operation unit, 341 ... Authentication unit, 442 ... Disclosure setting request unit, 443 ... Data collection unit, 444 ... EHR PF connection unit, 511 ... User management unit, 512 ... ID linkage Management unit, 513... Service association management unit, 514... Anonymous ID management unit, 515.

Claims (11)

A plurality of data servers that manage personal data for each user, a service cooperation server, an authentication server, and a user terminal can be connected via a communication network, and in response to an information acquisition request from the user terminal Based on the cooperation information for linking user information each managed by the plurality of data servers, the service cooperation server and the authentication server, and the user authentication information managed by the authentication server, the service cooperation server A distributed information cooperation system that collects personal data of the user from the plurality of data servers, and distributes the collected personal data to the requesting user terminal via the communication network,
A user registration server connectable to at least the plurality of data servers, service cooperation server and authentication server via the communication network;
In response to a user batch registration request issued from the user terminal, the user registration server generates cooperation information in cooperation with the authentication server, and the cooperation information is transmitted to the plurality of data servers via the communication network. What is claimed is: 1. A distributed information linkage system comprising linkage management means for transmitting and registering to a service linkage server and an authentication server, respectively. The linkage management means includes
In response to a user batch registration request from the user terminal, whether or not cooperation information related to the requesting user has been registered for a plurality of data servers, service cooperation servers and authentication servers via the communication network. Means to contact,
As a result of the inquiry, when it is determined that the cooperation information related to the requesting user is unregistered, the authentication information is generated by requesting the authentication server to generate the cooperation information. 2. The distributed information cooperation system according to claim 1, further comprising: means for transmitting and registering to the unregistered data server, service cooperation server, and authentication server via the communication network.   If the content of the user batch registration request from the user terminal is updated when it is determined that the cooperation information related to the requesting user is registered as a result of the inquiry, the cooperation management means The distributed information cooperation system according to claim 2, further comprising means for transmitting an update request including information representing the information to the registered data server, service cooperation server, and authentication server via the communication network.   If the content of the batch registration request from the user terminal is deleted, the cooperation management means transmits a deletion request to the registered data server, service cooperation server, and authentication server via the communication network. The distributed information cooperation system according to claim 2, further comprising: The user registration server
In response to a disclosure setting request sent from the user terminal, the disclosure setting information for designating whether or not to disclose personal data included in the request is transmitted to the corresponding data server via the communication network together with the linkage information. The distributed information cooperation system according to claim 1, further comprising means for setting and setting.   6. The distributed information according to claim 5, wherein a communication path used for registration of the cooperation information and setting of disclosure setting information is different from a communication path used for collecting and distributing the personal data in the communication network. Cooperation system. A plurality of data servers that manage personal data for each user, a service cooperation server, an authentication server, and a user terminal can be connected via a communication network, and in response to an information acquisition request from the user terminal Based on the cooperation information for linking user information each managed by the plurality of data servers, the service cooperation server and the authentication server, and the user authentication information managed by the authentication server, the service cooperation server A distributed information linkage method used in a distributed information linkage system that collects personal data of the user from the plurality of data servers and distributes the collected personal data to the requesting user terminal via the communication network. There,
Sending a user batch registration request from the user terminal to a user registration server;
In response to the sent user batch registration request, the user registration server generates cooperation information in cooperation with the authentication server, and the generated cooperation information is sent to the plurality of data servers via the communication network, And a process for transmitting and registering to a service cooperation server and an authentication server, respectively. The process of registering the cooperation information includes:
In response to the user batch registration request sent from the user terminal, whether or not the user registration server has registered the cooperation information related to the requesting user with the plurality of data servers, service cooperation server and authentication server. A process of inquiring through the communication network,
As a result of the inquiry, when it is determined that the cooperation information related to the requesting user is unregistered, the user registration server requests the authentication server to generate cooperation information, and the generated cooperation information is sent from the authentication server. The process of acquiring,
8. The process of transmitting and registering the acquired cooperation information to the unregistered data server, service cooperation server and authentication server via the communication network by the user registration server. The distributed information linkage method described.   In the process of registering the cooperation information, when it is determined that the cooperation information related to the requesting user is already registered as a result of the inquiry, the user registration server receives the contents of the user batch registration request from the user terminal. If it is an update, the method further comprises a step of transmitting an update request including information indicating the update content to the registered data server, service cooperation server, and authentication server via the communication network. 8. The distributed information linkage method according to 8.   In the process of registering the cooperation information, if the content of the batch registration request from the user terminal is deleted, the user registration server sends a deletion request to the registered data server, service cooperation server via the communication network. The distributed information cooperation method according to claim 8, further comprising means for transmitting to the authentication server. A process of transmitting a disclosure setting request from the user terminal to the user registration server;
The user registration server sends and sets disclosure setting information for designating whether or not to disclose personal data included in the sent disclosure setting request to the corresponding data server via the communication network together with the linkage information. The distributed information cooperation method according to claim 7, further comprising the step of:

Images