JP2014112290A - Distributed information cooperation system and method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable information transmission with an external device without modifying the external device.SOLUTION: A certificate relay server 4 is provided in an ID cooperation system SS1, and a certificate management server 5 outside the system is connected to the certificate relay server 4 through a network NW. In the certificate relay server 4, when a certificate acquisition request is transmitted from service provision servers 1 and 2 within the system, information associated with a user identifier of the own device included in the request or a user identifier of the own device is converted into a certificate DN used by the certificate management server 5 on the basis of conversion information stored in a user identifier conversion information storage unit 421. The certificate acquisition request including the certificate DN is transmitted to the certificate management server 5.

Description

  This invention is a distributed information linkage in which, for example, medical data managed by medical institutions, health-related institutions, exercise-related facilities, etc. are managed using a unique user identifier, and personal data related to medical care is shared among users via a network. The present invention relates to a system and method.

  When a patient visits a hospital, a doctor may want to confirm patient information such as the patient's past medical history, treatment history, and examination information. In such a case, it is very convenient if patient medical information managed by another medical institution can be acquired and referenced via a network. Thus, a system has been proposed that allows a plurality of medical institutions to share patient information managed by their own hospital (see, for example, Patent Document 1).

  In general, each medical institution issues and manages its own unique user identifier for the same patient. For this reason, in the above-described system for sharing patient information among a plurality of medical institutions, when a doctor at one medical institution accesses information on the same patient held by another medical institution, a user identifier between the medical institutions is converted. Mechanisms such as SAML (Security Assertion Markup Language) and ID-WSF are used (see, for example, Non-Patent Document 1 or 2). A system composed of a plurality of devices adopting such a mechanism is called an ID linkage system.

Japanese Patent No. 4848407

"Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0", [online], [October 31, 2011 search], Internet <URL: http://docs.oasis-open.org/ security / saml / v2.0 / saml-core-2.0-os.pdf> “Liberty ID-WSF Web Services Framework Overview Version: 2.0”, [online], [searched October 31, 2011], Internet <URL: http://www.projectliberty.org/liberty/content/download/889 /6243/file/liberty-idwsf-overview-v2.0.pdf>

  However, the conventionally proposed ID linkage system has the following problems to be improved. That is, in the ID linkage system, it may be necessary to transmit information not only between server devices belonging to the system but also with external server devices not belonging to the system after the operation is started. In this case, since the newly connected external server device also independently manages the user identifier, it is necessary to newly provide a module for converting the user identifier in the external server device. As a result, it is necessary to repair the external server device.

  For example, when a doctor gives a signature to a patient's referral letter and the referral doctor or patient tries to implement a service for verifying the signature in the ID linkage system, the ID linkage system uses the doctor's public key certificate. Must be obtained from an external server device. Since the doctor's public key certificate is managed by, for example, an LDAP server, the ID linkage system needs to transmit information to and from the LDAP server. However, for this purpose, an ID link module must be added to the LDAP server, and the LDAP server needs to be modified. Assuming that the LDAP server is shared with other services and users not related to the ID federation system, if the LDAP server is modified and dedicated to the ID federation system, it adversely affects other services and users. This can be very bad.

  The present invention has been made paying attention to the above circumstances, and an object of the present invention is to provide a distributed information cooperation system and method that enables information transmission to and from the external device without modifying the external device. There is.

In order to achieve the above object, a first aspect of the present invention includes a plurality of service providing apparatuses, identifier link apparatuses, and external relay apparatuses that store user personal information that can communicate with each other via a network. The plurality of service providing devices, the identifier linkage device, and the external relay device each manage a unique user identifier for identifying one user, and the identifier linkage device includes the plurality of service providing devices and the external relay device. An external information management device that manages a unique user identifier managed by each device in association with a unique user identifier managed by the own device, and the external relay device stores information related to the personal information of the user; A distributed information linkage system that is communicably connected via the network,
The service providing apparatus first acquires a user identifier specific to the external relay apparatus corresponding to a user identifier specific to the own apparatus from the identifier cooperation apparatus for the one user, and acquires the specific identifier of the acquired external relay apparatus. An external information acquisition request for acquiring information related to the personal information of the user including the user identifier is transmitted to the external relay device. On the other hand, the external relay device stores in advance user identifier conversion information indicating the correspondence between the user identifier unique to the own device and the user identifier unique to the external information management device for the one user. When the external information acquisition request transmitted from the service providing device is received, first, the user identifier unique to the own device included in the received external information acquisition request is based on the stored user identifier conversion information. To the user identifier unique to the external information management device. Then, the external information acquisition request including the converted user identifier unique to the external information management device is transmitted to the external information management device, and the external information returned from the external information management device is received. The received external information is returned to the service providing apparatus that is the acquisition request source.

  In addition, the first aspect is that when the external relay device returns external information, the user identifier unique to the external information management device included in the external information is determined based on the user identifier conversion information. It is also characterized in that the information is converted into a unique user identifier, and external information including the converted user identifier unique to the external relay device is returned to the service providing device that is the acquisition request source.

In order to achieve the above object, a second aspect of the present invention provides a plurality of service providing apparatuses, identifier linkage apparatuses, and user identifier conversion apparatuses that store personal information of users that can communicate with each other via a network. Each of the plurality of service providing devices, the identifier cooperation device, and the user identifier conversion device manages a unique user identifier for identifying one user, and the identifier cooperation device includes the plurality of service providing devices and The unique user identifier managed by the user identifier conversion device is managed in association with the unique user identifier managed by the own device, and the user identifier conversion device manages information related to the personal information of the user. A distributed information linkage system that is communicably connected via the network to an external information management device that stores data,
The service providing apparatus first acquires the user identifier unique to the user identifier conversion apparatus corresponding to the user identifier specific to the user for the one user from the identifier cooperation apparatus, and converts the acquired user identifier. A user identifier conversion request including a user identifier unique to the device is transmitted to the user identifier conversion device. On the other hand, the user identifier conversion device stores in advance user identifier conversion information representing the correspondence between the user identifier unique to the own device and the user identifier unique to the external information management device for the one user. When the user identifier conversion request transmitted from the service providing device is received, the user identifier unique to the own device included in the received user identifier conversion request is received as the stored user. Based on the identifier conversion information, the information is converted into a user identifier unique to the external information management apparatus. Then, the converted user identifier unique to the external information management apparatus is returned to the service providing apparatus that is the conversion request source. Furthermore, the service providing apparatus transmits an acquisition request for information related to the personal information of the user including the user identifier unique to the external information management apparatus returned from the user identifier conversion apparatus to the external information management apparatus. On the other hand, external information returned from the external information management device is received.

  According to the first aspect of the present invention, for example, when the service providing apparatus attempts to acquire external information from an external external information management apparatus, the requester-specific user included in the acquisition request transmitted from the service providing apparatus The identifier is converted into a user identifier unique to the requesting external information management device by the external relay device via the identifier linkage device, and then transferred to the external information management device. That is, the acquisition request transmitted from the service providing apparatus is relayed by the external relay apparatus. For this reason, it is not necessary to add a user identifier conversion module to the external information management apparatus, thereby making it unnecessary to modify the external information management apparatus.

  According to the first aspect, the user identifier unique to the external information management device included in the external information returned from the external information management device is converted by the external relay device into a user identifier unique to the relay device, It is converted into a user identifier unique to the data providing apparatus as a return destination by the identifier cooperation apparatus and transmitted. For this reason, the unique user identifier managed by the external relay device can be kept secret from the data providing device.

  According to the second aspect of the present invention, for example, when the service providing apparatus tries to acquire external information from an external external information management apparatus, a user identifier conversion request is first sent from the service providing apparatus to the user identifier converting apparatus. The conversion device converts the user identifier and notifies the service providing server of the user identifier of the external information management device. Next, an external information acquisition request is directly transmitted from the service providing apparatus to the requesting external information management apparatus using the notified user identifier unique to the external information management apparatus. In response to this request, the external information management apparatus External information is sent back to the service providing apparatus. That is, the user identifier managed individually by the service providing apparatus in the system and the external information management apparatus outside is converted by the user identifier conversion apparatus. For this reason, similarly to the first aspect described above, it is not necessary to add a user identifier conversion module to the external information management apparatus, and thus no modification of the external information management apparatus is required.

  That is, according to the first and second aspects of the present invention, it is possible to provide a distributed information cooperation system and method that enable information transmission with an external device without modifying the external device.

1 is a schematic configuration diagram of a distributed information cooperation system according to a first embodiment of this invention. FIG. The block diagram which shows the structure of the service provision server of the distributed information cooperation system shown in FIG. The block diagram which shows the structure of the ID cooperation server of the distributed information cooperation system shown in FIG. The block diagram which shows the structure of the certificate relay server of the distributed information cooperation system shown in FIG. The block diagram which shows the structure of the certificate management server of the distributed information cooperation system shown in FIG. The sequence diagram which shows the procedure and content of the shared information cooperation operation | movement by the shared information cooperation system shown in FIG. The figure which shows an example of the management information of each server used in the distributed information linkage operation | movement shown in FIG. The schematic block diagram of the distributed information cooperation system which concerns on 2nd Embodiment of this invention. The block diagram which shows the structure of the service provision server of the distributed information cooperation system shown in FIG. The block diagram which shows the structure of the referral letter management server of the distributed information cooperation system shown in FIG. FIG. 9 is a sequence diagram showing a procedure and contents of a shared information linkage operation by the shared information linkage system shown in FIG. The figure which shows an example of the management information of each server used in the distributed information linkage operation | movement shown in FIG.

Embodiments according to the present invention will be described below with reference to the drawings.
[First Embodiment]
(Constitution)
(1) Configuration of Entire System FIG. 1 is a schematic configuration diagram of a distributed information linkage system according to the first embodiment of the present invention. In FIG. 1, the distributed information linkage system is illustrated as an ID linkage system SS1.

  The ID linkage system SS1 includes an A hospital service provision server 1 as a service provision device operated by A hospital, a B hospital service provision server 2 as a service provision device operated by B hospital, and an ID linkage server as an identifier linkage device. 3 and a certificate relay server 4 as an external relay device. These service providing servers 1, 2, ID linkage server 3, and certificate relay server 4 can communicate with each other via a network NW.

  The network NW is composed of the Internet and an access network for accessing the Internet. As the access network, a wired telephone network, a wired LAN (Local Area Network), a mobile phone network, a wireless LAN, or the like is used.

  In addition, user terminals TMa and TMb used by doctors in hospitals A and B can be connected to the service providing servers 1 and 2 via the network NW. These user terminals TMa and TMb are composed of a fixed installation type personal computer or a portable terminal such as a tablet terminal or a smartphone.

  Further, a certificate management server 5 as an external information management apparatus can be connected to the certificate relay server 4 via a network NW. The certificate management server 5 manages a certificate for proving the signature for the signed introduction letter stored by the service providing servers 1 and 2.

(2) Configuration of Service Providing Servers 1 and 2 Each service providing server 1 and 2 operated by Hospital A and Hospital B is configured as follows. FIG. 2 is a block diagram showing the configuration. Since the service providing servers 1 and 2 have the same configuration, only the A hospital service providing server 1 is illustrated in FIG.
The service providing server 1 manages the medical treatment information of patients who have a medical history in hospital A, information on their referrals, and information on staff such as doctors using user identifiers issued independently by the device itself. A unit 11, a storage unit 12, and a communication unit 13 are provided.

  The communication unit 13 performs data communication with other servers and user terminals TMa and TMb using a protocol defined by the network NW under the control of the control unit 11.

  The storage unit 12 uses an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like as a storage medium, and a user information storage unit 121 as a storage area necessary for carrying out the first embodiment. ID linkage information storage unit 122 and introduction letter information storage unit 123 are provided.

  In the user information storage unit 121, information (for example, name) indicating a staff member such as a doctor belonging to A hospital or a patient who has visited A hospital is stored in association with a user identifier issued independently by A hospital. . In the ID link information storage unit 122, for each user, the user identifier and information representing the user's pseudonym are stored in association with each other. When the user's introduction letter is created, the introduction letter information storage unit 123 stores information representing the introduction letter in association with the introduction letter identifier and the user identifier of the doctor who created the letter of introduction. .

  The control unit 11 has a CPU (Central Processing Unit), and as a control function necessary for implementing the first embodiment, a signature verification processing unit 111, an ID linkage processing unit 112, and a data operation request processing unit 113 are provided. It has. These processing units 111 to 113 are realized by causing the CPU to execute a program stored in a program memory (not shown).

  When the signature verification processing unit 111 receives a signature verification request for an introduction letter from the user terminal TMa, the signature verification processing unit 111 reads out the signer identifier and the signed introduction letter information from the introduction letter information storage unit 123 and transmits a certificate acquisition request. To the data operation request processing unit 113. When certificate information is sent from the certificate management server 5 in response to a certificate information acquisition request, the signature of the signed introduction letter is verified based on the certificate information, and the verification result is requested. A process of returning to the original user terminal TMa is performed.

  The data operation request processing unit 113 generates a certificate acquisition request in accordance with the instruction from the signature verification processing unit 111. Then, a process of transmitting the generated certificate acquisition request to the certificate relay server 4 is performed.

  In the process of transmitting the certificate acquisition request by the data operation request processing unit 113, the ID cooperation processing unit 112 requests the ID cooperation server 3 to convert the user identifier.

(3) Structure of ID cooperation server 3 ID cooperation server 3 is comprised as follows. FIG. 3 is a block diagram showing the configuration.
That is, the ID linkage server 3 links the user identifiers that are uniquely issued and managed by the servers 1, 2, 4 in the system to the same user. Similarly, a control unit 31, a storage unit 32, and a communication unit 33 are provided.

  The communication unit 33 performs data communication with the other servers 1, 2 and 4 in the system using the protocol defined by the network NW under the control of the control unit 31.

  The storage unit 32 uses an HDD or SSD as a storage medium, and includes an ID link information storage unit 321. In the ID linkage information storage unit 321, a pseudonym corresponding to a user identifier that is independently issued and managed by each of the servers 1, 2, and 4 in the system for the same user is issued by the own device. Stored in association with each other via a person identifier.

  The control unit 31 includes a CPU (Central Processing Unit) and includes an ID linkage processing unit 311 as a control function thereof. The ID linkage processing unit 311 is realized by causing the CPU to execute a program stored in a program memory (not shown).

  The ID linkage processing unit 311 is stored in the ID linkage information storage unit 321 when a conversion request for a pseudonym corresponding to the user identifier is sent from the service providing servers 1 and 2 and the certificate relay server 4 in the system. The kana is converted on the basis of the ID linkage information, and the converted kana is returned to the conversion requesting servers 1, 2, and 4.

(4) Configuration of Certificate Relay Server 4 The certificate relay server 4 is configured as follows. FIG. 4 is a block diagram showing the configuration.
That is, the certificate relay server 4 relays information between the service providing servers 1 and 2 in the system and the certificate management server 5 outside the system. A control unit 41, a storage unit 42, and a communication unit 43 are provided.

  The communication unit 43 performs data communication with other servers 1, 2, 3, and 5 inside and outside the system using a protocol defined by the network NW under the control of the control unit 41.

  The storage unit 42 uses an HDD or SSD as a storage medium, and includes a user identifier conversion information storage unit 421 and an ID linkage information storage unit 422 as storage areas necessary for implementing the first embodiment. ing. In the user identifier conversion information storage unit 421, the certificate identifier (certificate DN) stored in the certificate management server 5 and the user identifier issued by the own apparatus for the signer of the certificate are mutually exchanged. It is stored in association with. The ID link information storage unit 422 stores the user identifier and information representing the user's pseudonym in association with each other.

  The control unit 41 includes a CPU (Central Processing Unit), and includes an ID linkage processing unit 411 and a data relay processing unit 412 as control functions necessary for implementing the first embodiment. These processing units 411 and 412 are realized by causing the CPU to execute a program stored in a program memory (not shown).

  When the data relay processing unit 412 receives the certificate acquisition request from the service providing servers 1 and 2, the data relay processing unit 412 converts the user identifier included in the certificate acquisition request into the conversion stored in the user identifier conversion information storage unit 421. Based on the information, the certificate is converted into a corresponding certificate DN, and an acquisition request using the converted certificate DN as a parameter is transmitted to the certificate management server 5. In addition, when certificate information is returned from the certificate management server 5 in response to this acquisition request, processing is performed to transfer this certificate information to the service providing servers 1 and 2 that are requesters.

  In the process of converting the user identifier by the data operation request processing unit 113, the ID cooperation processing unit 411 uses this pseudonym when the received certificate acquisition request includes a pseudonym instead of the user identifier. A process of converting to a corresponding user identifier based on the ID linkage information is performed.

(5) Configuration of Certificate Management Server 5 The certificate management server 5 is configured as follows. FIG. 5 is a block diagram showing the configuration.
That is, the certificate management server 5 includes a control unit 51, a storage unit 52, and a communication unit 53 like the service providing servers 1 and 2.

  The communication unit 53 performs data communication with the certificate relay server 4 in the system using the protocol defined by the network NW under the control of the control unit 51.

  The storage unit 52 uses an HDD or SSD as a storage medium, and includes a certificate information storage unit 521 as a storage area necessary for carrying out the first embodiment. The certificate information storage unit 521 stores information representing a certificate and a certificate DN in association with each other.

  The control unit 51 includes a CPU (Central Processing Unit), and includes a data operation processing unit 511 as a control function necessary for implementing the first embodiment. The data operation processing unit 511 is realized by causing the CPU to execute a program stored in a program memory (not shown).

  When the data operation processing unit 511 receives a certificate acquisition request from the certificate relay server 4, the data operation processing unit 511 transmits the certificate information corresponding to the certificate DN included in the received certificate acquisition request to the certificate information storage unit. A process of reading from the certificate information 52 and returning the read certificate information to the requesting certificate relay server 4 is performed.

(Operation)
Next, the operation of the ID linkage system configured as described above will be described. FIG. 6 is a sequence diagram showing the processing procedure and processing contents of this operation.
Here, the storage units of the service providing servers 1 and 2 of the A hospital and the B hospital, the certificate relay server 4, the certificate management server 5, and the ID linkage server 3 are shown in FIGS. 7A to 7E, respectively. Such management information is stored, and in this state, a doctor “Taro Yamada” of hospital A requests a signature verification of an introduction letter issued by himself / herself as an example.

(1) Input of signature verification request When requesting signature verification of the above letter of introduction, the doctor “Taro Yamada” of hospital A first logs in to the hospital A service providing server 1 using his / her user terminal TMa, and then continues. After inputting the identifier “1111” of the introduction letter requesting verification, “signature verification” is designated as the operation content. Then, a signature verification request including the introduction letter identifier “1111” is transmitted from the user terminal TMa to the A hospital service providing server 1.

(2) ID Linkage Processing Between Servers 1 and 4 When the hospital verification service unit 1 receives the signature verification request by the communication unit 13, first, the signature verification processing unit 111 of the control unit 11 Based on the referral letter identifier “1111” included in the received signature verification request, the signer identifier “1001” of the doctor “Taro Yamada” and the signed referral letter “xxx” are read from the referral letter information storage unit 123. . Next, in step S12, the ID linkage processing unit 112 reads the pseudonym “AAA” corresponding to the read signer identifier “1001” from the ID linkage information storage unit 122, and sends the user identifier of the user identifier to the ID linkage server 3. Send an inquiry request. In this inquiry request, the read pseudonym “AAA”, the server ID = A of the local server 1 as the inquiry source, and the server ID = C of the certificate relay server 4 as the inquiry destination are included as parameters.

  In contrast, when the inquiry request is received by the communication unit 33, the ID association server 311 of the ID unit 311 of the control unit 31 first determines the pseudonym “AAA” included in the inquiry request in step S13. Then, the user identifier “A001” is read from the ID link information storage unit 321. Subsequently, in step S14, the signer managed by the certificate relay server 4 based on the read user identifier “A001” and the server ID = C included in the inquiry request. The pseudonym “CCC” corresponding to the identifier “1001” is read from the ID link information storage unit 321. Then, the read pseudonym “CCC” is returned to the inquiring source A hospital service providing server 1.

(3) Relay Processing in Certificate Relay Server 4 When the hospital A service providing server 1 receives the pseudonym “CCC” by the communication unit 13, the data manipulation request processing unit 113 uses the received pseudonym “CCC”. A certificate acquisition request including parameters is generated, and the generated certificate acquisition request is transmitted from the communication unit 13 to the certificate relay server 4.

  In contrast, when the certificate relay server 4 receives the certificate acquisition request by the communication unit 43, first, the ID cooperation processing unit 411 of the control unit 41 causes the pseudonym “ The user identifier “1234” corresponding to “CCC” is read from the ID link information storage unit 422. Next, the data relay processing unit 412 first reads the certificate DN “FFFF” corresponding to the read user identifier “1234” from the user identifier conversion information storage unit 421 in step S16. Subsequently, the parameter of the certificate acquisition request is replaced with the certificate DN “FFFF” from the pseudonym “CCC”, and the certificate acquisition request is transmitted to the certificate management server 5.

  In the certificate management server 5, when the certificate acquisition request is received by the communication unit 53, the data operation processing unit 511 of the control unit 51 causes the certificate included in the received certificate acquisition request in step S17. The certificate information “xxxx” corresponding to DN “FFFF” is read from the certificate information storage unit 521. The read certificate information “xxxx” is returned to the certificate relay server 4. The certificate relay server 4 transmits the returned certificate information “xxxx” from the communication unit 53 to the A hospital service providing server 1 that is the acquisition request source.

  When the certificate information “xxxx” transmitted from the certificate management server 5 is transferred to the A hospital service providing server 1 as it is, the certificate DN “FFFF” included in the certificate information “xxxx” is transferred to the A hospital service. The certificate information “xxxx” cannot be concealed because it is transferred to the providing server 1.

  In the present embodiment, certificate information is handled as information to be acquired to be returned, and the certificate DN does not need to be concealed, so that no particular problem occurs. However, if it is desired to keep the user identifier included in the information to be acquired returned, the following processing may be performed. That is, the certificate relay server 4 receives the certificate information “xxxx” transmitted from the certificate management server 5 under the control of the data relay processing unit 412 of the control unit 41 when the certificate information “xxxx” is received. The certificate DN “FFFF” included in the certificate information “xxxx” is converted into the user identifier “1234”. Then, under the control of the ID linkage processing unit 411, the ID linkage server 3 is requested to convert the user identifier, and the converted user identifier pseudonym “AAA” notified from the ID linkage server 3 is received. The certificate information “xxxx” is transferred to the hospital A service providing server 1.

(4) Signature Verification Processing in A Hospital Service Providing Server 1 When the hospital A service providing server 1 receives the certificate information “xxxx” via the communication unit 13, the signature verification processing unit 111 of the control unit 11 The signature of the signed introduction letter “xxx” is verified based on the certificate information “xxxx”. Then, information representing the verification result is returned from the communication unit 13 to the user terminal TMa which is the verification request source. When the user identifier sent together with the certificate information “xxxx” from the certificate relay server 4 is converted to the pseudonym “AAA”, the A hospital service providing server 1 controls the ID linkage processing unit 112. The signer identifier “1001” corresponding to the pseudonym “AAA” is read out from the ID association information storage unit 122. That is, the pseudonym “AAA” is converted into the signer identifier “1001”.

  In the user terminal TMa, information representing the returned verification result is displayed on the display. Therefore, the doctor “Taro Yamada” can confirm the signature of the letter of introduction based on the verification result displayed above.

(Effects of the first embodiment)
As described above in detail, in the first embodiment, the certificate relay server 4 is provided in the ID linkage system SS1, and the certificate management server 5 outside the system is connected to the certificate relay server 4 via the network NW. To do. When the certificate relay server 4 sends a certificate acquisition request from the service providing servers 1 and 2 in the system, the pseudonym “CCC” corresponding to the user identifier of the own device 4 included in this request is used. Based on the conversion information stored in the person identifier conversion information storage unit 421, the certificate management server 5 converts the certificate DN to be used, and transmits a certificate acquisition request including the certificate DN to the certificate management server 5. Like to do.

  Therefore, the certificate acquisition request transmitted from the A hospital service providing server 1 is relayed to the certificate management server 5 with the user identifier converted by the certificate relay server 4. For this reason, when the certificate management server 5 outside the system is used, it is not necessary to add a user identifier conversion module to the certificate management server 5, so that the modification of the external certificate management server 5 is unnecessary. It becomes.

  In the first embodiment, the certificate DN “FFFF” included in the certificate information “xxxx” transmitted from the certificate management server 5 is provided to the hospital A service by the ID linkage processing of the certificate relay server 4. It is converted to the pseudonym “AAA” of the user identifier used by the server 1 and transferred to the A hospital service providing server 1. Therefore, the certificate DN “FFFF” included in the certificate information “xxxx” can be concealed from the A hospital service providing server 1.

[Second Embodiment]
(Constitution)
(1) Overall System Configuration FIG. 8 is a schematic configuration diagram of a distributed information linkage system according to the second embodiment of the present invention. In FIG. 8, the distributed information linkage system is illustrated as an ID linkage system SS2. In the figure, the same parts as those in FIG.

  The ID cooperation system SS2 includes an A hospital service provision server 6 as a service provision apparatus operated by A hospital, a B hospital service provision server 7 as a service provision apparatus operated by B hospital, and an ID cooperation server as an identifier cooperation apparatus. 3 and a referral letter management server 8 as a user identifier conversion device. The service providing servers 6 and 7, the ID linkage server 3 and the certificate relay server 8 can communicate with each other via the network NW.

  In addition, user terminals TMa and TMb used by doctors in hospitals A and B can be connected to the service providing servers 6 and 7 via the network NW. These user terminals TMa and TMb are composed of a fixed installation type personal computer or a portable terminal such as a tablet terminal or a smartphone.

  Further, a certificate management server 5 as an external information management apparatus can be connected to the service providing servers 6 and 7 via the network NW. The certificate management server 5 manages a certificate for certifying a doctor's signature attached to an introduction letter stored by the service providing servers 6 and 7.

(2) Configuration of Service Providing Servers 6 and 7 Each service providing server 6 and 7 operated by Hospital A and Hospital B is configured as follows. FIG. 9 is a block diagram showing the configuration. Since the service providing servers 6 and 7 have the same configuration, only the A hospital service providing server 6 is illustrated in FIG.
The service providing server 6 manages the medical information of patients who have a history of consultation in hospital A, information on their letters of introduction, and information on staff such as doctors using user identifiers issued independently by the device itself. A unit 61, a storage unit 62, and a communication unit 63 are provided.

  The communication unit 63 performs data communication with other servers and user terminals TMa, TMb using a protocol defined by the network NW under the control of the control unit 61.

  The storage unit 62 uses an HDD (Hard Disk Drive) or an SSD (Solid State Drive) as a storage medium, and a user information storage unit 621 is used as a storage area necessary for carrying out the second embodiment. ID linkage information storage unit 622 is provided.

  In the user information storage unit 621, information (for example, name) indicating a staff member such as a doctor who belongs to A hospital or a patient who has visited A hospital is stored in association with a user identifier issued independently by A hospital. . The ID link information storage unit 622 stores a user identifier and information representing a pseudonym in association with each user.

  The control unit 11 has a CPU (Central Processing Unit), and signature verification processing unit 611, ID linkage processing unit 612, and data operation request processing unit 613 are necessary control functions for implementing the second embodiment. And a user identifier conversion request processing unit 614. Note that these processing units 611 to 614 are realized by causing the CPU to execute a program stored in a program memory (not shown).

  When the signature verification processing unit 611 receives a referral letter verification request from the user terminal TMa, the signature verification processing unit 611 reads the signer identifier and the signed referral information from the referral letter information storage unit 623 and transmits a certificate acquisition request. To the data operation request processing unit 613. When certificate information is sent from the certificate management server 5 in response to a certificate information acquisition request, the signature of the signed introduction letter is verified based on the certificate information, and the verification result is requested. A process of returning to the original user terminal TMa is performed.

  The user identifier conversion request processing unit 614 generates a user identifier conversion request for requesting conversion of the user identifier in response to an instruction from the signature verification processing unit 611, and sends the user identifier conversion request to the introduction letter. Processing to transmit to the management server 8 is performed.

  The data operation request processing unit 613 uses the converted user identifier notified from the referral management server 8 in response to the conversion request from the user identifier conversion request processing unit 614, that is, a certificate acquisition request using the certificate DN. Is generated. Then, a process of directly transmitting the generated certificate acquisition request to the certificate management server 5 is performed.

  The ID linkage processing unit 612 requests the ID linkage server 3 to perform a user identifier conversion process in the process of transmitting the user identifier conversion request by the user identifier conversion request processing unit 614.

(3) Configuration of ID linkage server 3 As shown in FIG. 3, the ID linkage server 3 is a user identifier that is independently issued and managed by the servers 6, 7, and 8 in the system for the same user. As with the service providing servers 6 and 7, the control unit 31, the storage unit 32, and the communication unit 33 are provided.

  The communication unit 33 performs data communication with other servers 6, 7, and 8 in the system using the protocol defined by the network NW under the control of the control unit 31.

  The storage unit 32 uses an HDD or SSD as a storage medium, and includes an ID link information storage unit 321. In the ID linkage information storage unit 321, a pseudonym corresponding to a user identifier that is independently issued and managed by each of the servers 6, 7, and 8 in the system for the same user is issued by the own device. Stored in association with each other via a person identifier.

  The control unit 31 includes a CPU (Central Processing Unit) and includes an ID linkage processing unit 311 as a control function thereof. The ID linkage processing unit 311 is realized by causing the CPU to execute a program stored in a program memory (not shown).

  The ID linkage processing unit 311 is stored in the ID linkage information storage unit 321 when a conversion request for a pseudonym corresponding to a user identifier is sent from the service providing servers 6 and 7 and the referral management server 8 in the system. The kana is converted on the basis of the ID linkage information, and the converted kana is returned to the servers 6, 7, and 8 that are the conversion request sources.

(4) Configuration of Referral Letter Management Server 8 The referral letter management server 8 is configured as follows. FIG. 10 is a block diagram showing the configuration.
That is, the referral letter management server 8 stores a referral letter information, searches for relevant referral letter information in response to an acquisition request from the service providing servers 6 and 7, and functions as a referral letter database. A function of converting between a unique user identifier used by the service providing servers 6 and 7 in the system for one user and a unique user identifier used by the certificate management server 5 outside the system is provided. As with the service providing servers 6 and 7, a control unit 81, a storage unit 82, and a communication unit 83 are provided.

  The communication unit 83 performs data communication with other servers 6, 7, 3, and 5 inside and outside the system using a protocol defined by the network NW under the control of the control unit 81.

  The storage unit 82 uses an HDD, SSD, or the like as a storage medium. As storage areas necessary for carrying out the second embodiment, a user identifier conversion information storage unit 821, an ID link information storage unit 822, , A letter of introduction information storage unit 823 is provided.

  In the user identifier conversion information storage unit 821, a certificate identifier (certificate DN) stored in the certificate management server 5 and a user identifier issued by the own apparatus with respect to the signer of the certificate are mutually exchanged. It is stored in association with. The ID link information storage unit 822 stores the user identifier and information representing the user's pseudonym in association with each other.

  In the introduction letter information storage unit 823, information representing a signed introduction letter created by doctors of hospitals A and B is stored. This introduction letter information is obtained by associating each introduction letter with an introduction letter identifier, an identifier of a signer (prepared doctor), and information indicating the signed introduction letter.

  The control unit 81 has a CPU (Central Processing Unit), and as a control function necessary for implementing the second embodiment, an ID linkage processing unit 811, a referral letter management processing unit 812, and a user identifier conversion A processing unit 813 is provided. Note that these processing units 811, 812, and 813 are each realized by causing the CPU to execute a program stored in a program memory (not shown).

  When a referral letter acquisition request is sent from the service providing servers 6 and 7, the referral letter management processing unit 812 receives a corresponding referral letter from the referral letter information storage unit 823 based on the referral letter identifier included in the acquisition request. The status information is searched, and the searched introduction status information is returned to the service providing servers 6 and 7 as the request sources.

  The ID linkage processing unit 811 requests the ID linkage server 3 to request a conversion of the user identifier unique to the own device included in the retrieved letter of introduction information in the process of returning the letter of introduction by the letter of introduction management processing unit 812. In response to this request, a process for receiving the pseudonym of the user identifier returned from the ID linkage server 3 is performed.

  When a user identifier conversion request is sent from the service providing servers 6 and 7, the user identifier conversion processing unit 813 converts the requesting user identifier into a certificate corresponding to the user identifier conversion information. Conversion to DN is performed, and the converted certificate DN is returned to the service provider servers 6 and 7 that are the request sources.

(5) Configuration of Certificate Management Server 5 The certificate management server 5 includes a control unit 51, a storage unit 52, and a communication unit 53 as shown in FIG.
The communication unit 53 performs data communication with the service providing servers 6 and 7 in the system using a protocol defined by the network NW under the control of the control unit 51.

  The storage unit 52 uses an HDD or SSD as a storage medium, and includes a certificate information storage unit 521 as a storage area necessary for carrying out the second embodiment. The certificate information storage unit 521 stores information representing a certificate and a certificate DN in association with each other.

  The control unit 51 includes a CPU (Central Processing Unit), and includes a data operation processing unit 511 as a control function necessary for implementing the second embodiment. The data operation processing unit 511 is realized by causing the CPU to execute a program stored in a program memory (not shown).

  When the data operation processing unit 511 receives the certificate acquisition request from the service providing servers 6 and 7, the data operation processing unit 511 stores the certificate information corresponding to the certificate DN included in the received certificate acquisition request. The data is read from the unit 52, and the read certificate information is returned to the requesting service providing servers 6 and 7.

(Operation)
Next, the operation of the ID linkage system configured as described above will be described.
FIG. 11 is a sequence diagram showing the processing procedure and processing contents of this operation. The storage units of the service providing servers 6 and 7 of the hospital A and the hospital B, the referral management server 8, the certificate management server 5 and the ID linkage server 3 are as shown in FIGS. It is also assumed that various management information is stored.
In the present embodiment, as in the first embodiment, a case where the doctor “Taro Yamada” of hospital A requests verification of the signature of the letter of introduction issued by himself / herself will be described as an example.

(1) Input of signature verification request When requesting signature verification of the above letter of introduction, the doctor “Taro Yamada” of hospital A first logs in to the hospital A service providing server 6 using his / her user terminal TMa, and then continues. After inputting the identifier “1111” of the introduction letter requesting verification, “signature verification” is designated as the operation content. Then, a signature verification request including the introduction letter identifier “1111” is transmitted from the user terminal TMa to the A hospital service providing server 6.

(2) Referral letter search processing by referral letter management server 8 When the hospital A service providing server 6 receives the signature verification request by the communication unit 63, the signature verification processing unit 611 of the control unit 61 first receives the signature verification process. A request with the referral letter identifier “1111” included in the signature verification request as a parameter is generated, and this request is transmitted to the referral letter management server 8.

  When the request is received by the communication unit 83, the referral letter management server 8 starts the referral letter management processing unit 812 of the control unit 81 based on the referral letter identifier “1111” included in the request in step S21. Then, the user identifier “1234” and the signed introduction letter “xxx” of the doctor “Taro Yamada” in the apparatus 8 are read from the introduction letter information storage unit 823. Next, in step S22, the ID linkage processing unit 812 reads the pseudonym “CCC” corresponding to the read user identifier “1234” from the ID linkage information storage unit 822, and transmits the user identifier to the ID linkage server 3. Send an inquiry request. This inquiry request includes the read pseudonym “CCC”, the server ID = C of the own server 8, and the server ID = A of the service providing server 6 as the request source as parameters.

  On the other hand, when the inquiry request is received by the communication unit 33, the ID association server 311 first starts the ID association processing unit 311 of the control unit 31 based on the pseudonym “CCC” included in the inquiry request in step S23. Then, the user identifier “A001” is read from the ID link information storage unit 321. Subsequently, in step S24, based on the read user identifier “A001” and the server ID = A included in the inquiry request, the use managed by the service providing server 6 that is the request source. The pseudonym “AAA” corresponding to the person identifier “1234” is read from the ID link information storage unit 321. Then, the read pseudonym “AAA” is returned to the referral letter management server 8 as the inquiry source.

  The referral letter management server 8 returns the pseudonym “AAA” returned from the ID linkage server 3 to the A hospital service providing server 6 together with the retrieved letter-of-sent introduction letter “xxx”.

(3) User identifier conversion process When the communication unit 63 receives the above-mentioned letter of introduction “xxx” and pseudonym “AAA” returned from the letter of introduction management server 8, the hospital A service providing server 6 controls the control unit. 61, under the control of the user identifier conversion request processing unit 614, the received pseudonym “AAA” is used as the user identifier “1001” based on the ID link information stored in the ID link information storage unit 621 in step S25. To "". Then, a user identifier inquiry request is transmitted to the ID linkage server 3. In this inquiry request, the pseudonym “AAA” corresponding to the user identifier “1001”, the server ID = A of the local server 6 that is the inquiry source, and the server ID = C of the referral letter management server 8 that is the inquiry destination. As a parameter.

  On the other hand, when the inquiry request is received by the communication unit 33, the ID association server 311 first determines that the ID association processing unit 311 of the control unit 31 uses the pseudonym “AAA” included in the inquiry request in step S26. Then, the user identifier “A001” is read from the ID link information storage unit 321. Subsequently, in step S27, the signer managed by the certificate relay server 4 based on the read user identifier “A001” and the server ID = C included in the inquiry request. The pseudonym “CCC” corresponding to the identifier “1001” is read from the ID link information storage unit 321. Then, the read pseudonym “CCC” is returned to the inquiring A hospital service providing server 6.

  When the communication unit 13 receives the pseudonym “CCC”, the hospital A service providing server 6 generates a user identifier conversion request in which the data operation request processing unit 613 includes the received pseudonym “CCC” as a parameter. The generated user identifier conversion request is transmitted to the referral letter management server 8.

  In response to this, when the communication unit 83 receives the user identifier conversion request transmitted from the A hospital service providing server 6, the introduction letter management server 8 controls the user identifier conversion processing unit 813 of the control unit 81. First, in step S28, the user identifier “1234” corresponding to the pseudonym “CCC” included in the received conversion request is read from the ID link information storage unit 822. Subsequently, in step S29, the certificate DN “FFFF” corresponding to the read user identifier “1234” is read from the user identifier conversion information storage unit 821, and this certificate DN “FFFF” is read from the request source A. It returns from the communication unit 83 to the hospital service providing server 6.

(4) Certificate Acquisition Processing When the hospital A service providing server 6 receives the certificate DN “FFFF” by the communication unit 63, the data operation request processing unit 613 receives the received certificate DN “FFFF”. Is generated as a parameter, and the generated certificate acquisition request is directly transmitted from the communication unit 63 to the certificate management server 5.

  On the other hand, when the certificate management server 5 receives the certificate acquisition request by the communication unit 53, the data operation processing unit 511 of the control unit 51 includes the received certificate acquisition request in step S30. The certificate information “xxxx” corresponding to the certificate DN “FFFF” to be read is read from the certificate information storage unit 521. Then, the read certificate information “xxxx” is returned to the requesting hospital A service providing server 6.

(5) Signature verification processing in the A hospital service providing server 6 When the A hospital service providing server 6 receives the certificate information “xxxx” via the communication unit 63, the signature verification processing unit 611 of the control unit 61 performs The signature of the signed introduction letter “xxx” is verified based on the certificate information “xxxx”. Then, information representing the verification result is returned from the communication unit 63 to the user terminal TMa that is the verification request source.

  In the user terminal TMa, information representing the returned verification result is displayed on the display. Therefore, the doctor “Taro Yamada” can confirm the signature of the letter of introduction based on the verification result displayed above.

(Effect of 2nd Embodiment)
As described above in detail, in the second embodiment, the referral letter management server 8 including the user identifier conversion processing unit 813 is provided in the ID linkage system SS2, and the referral letter management server 8 provides the service providing server 6, When a user identifier conversion request is sent from 7, the unique user identifier used by the service providing servers 6 and 7 of the request source is changed to the unique user identifier used by the certificate management server 5 outside the system. The data is converted and sent back to the service provider servers 6 and 7 as the request source. Then, the service providing servers 6 and 7 directly transmit a certificate acquisition request using the converted user identifier unique to the certificate management server 5 as a parameter to the certificate management server 5. The certificate information is received.

  Therefore, the user identifiers individually managed by the service providing servers 6 and 7 in the system SS2 and the certificate management server 5 outside the system are converted by the referral letter management server 8 having a user identifier conversion function. become. For this reason, in this embodiment as well, as in the first embodiment described above, it is not necessary to add a user identifier conversion module to the certificate management server 5, and thus the certificate management server 5. No need to renovate.

  In the first embodiment, all requests to the certificate management server 5 are routed through the certificate relay server 4, so that the load is concentrated on the certificate relay server 5. In the second embodiment, each hospital service Since requests are directly sent from the providing servers 6 and 7 to the certificate management server 5, load concentration on the referral management server 8 does not occur.

[Other Embodiments]
Access control to external information stored in the external information providing apparatus can be performed by the following method.
First, when using the certificate relay server 4 described in the first embodiment, when accessing the user identifier conversion information storage unit 421 from the data relay processing unit 412 of the certificate relay server 4, the certificate By performing access control on the management server 5, it is possible to indirectly implement access control on the corresponding information in the certificate management server 5.

  When the referral letter management server 8 having the user identifier conversion function described in the second embodiment is used, the user identifier conversion processing unit 813 of the referral letter management server 8 uses the user identifier conversion information storage unit. When accessing the 821, access control to the certificate management server 5 may be performed. In this way, access control to the corresponding information managed by the certificate management server 5 can be realized indirectly.

  In any of the above access controls, the user whose user information is stored in the certificate management server 5 is notified in advance that the access control is performed by the above method. It is necessary to obtain approval.

  In the second embodiment, the case where the referral letter management server 8 having the user identifier conversion function is used has been described as an example. However, the user identifier conversion device may be provided separately from the referral letter management server 8. . In addition, the type and configuration of each server, the user identifier conversion processing procedure and its contents, the type and use of information handled by the system, and the like can be variously modified without departing from the scope of the present invention.

  In short, the present invention is not limited to the above-described embodiments as they are, and can be embodied by modifying the components without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above embodiments. For example, some components may be deleted from all the components shown in each embodiment. Furthermore, you may combine suitably the component covering different embodiment.

  SS1, SS2 ... ID linkage system, NW ... network, TMa, TMb ... user terminal, 1, 6 ... A hospital service providing server, 2, 7 ... B hospital service providing server, 3 ... ID linkage server, 4 ... certificate Relay server, 5 ... Certificate management server, 8 ... Referral letter management server, 11, 31, 41, 51, 61, 81 ... Control unit, 12, 32, 42, 52, 62, 82 ... Storage unit, 13, 33 , 43, 53, 63, 83 ... communication unit, 111, 611 ... signature verification processing unit, 112, 311, 411, 612, 811 ... ID cooperation processing unit, 113, 613 ... data operation request processing unit, 121 ... user Information storage unit 122, 321, 422 ... ID linkage information storage unit, 123 ... Referral letter information storage unit, 412 ... Data relay processing unit, 421 ... User identifier conversion information storage , 511 ... data management processor, 521 ... certificate information storage section, 614 ... user identifier translation request processing unit, 812 ... referral management processing unit, 813 ... user identifier conversion processing unit.

Claims (6)

A plurality of service providing devices, identifier linkage devices, and external relay devices that store user personal information that can communicate with each other via a network, the plurality of service provision devices, identifier linkage devices, and external relay devices are Each device manages a unique user identifier for identifying one user, and the identifier linkage device has a unique user identifier that is managed by the device itself and is managed by the plurality of service providing devices and external relay devices. Distributed information managed in association with a user identifier, and further connected so that the external relay device can communicate with the external information management device that stores information related to the user's personal information via the network A collaborative system,
The service providing apparatus includes:
Means for acquiring a user identifier unique to the external relay device corresponding to a user identifier unique to the own device from the identifier cooperation device for the one user;
Means for transmitting an external information acquisition request for acquiring information related to the personal information of the user, including the acquired user identifier unique to the external relay device, to the external relay device;
The external relay device is
Means for storing user identifier conversion information representing a correspondence relationship between a user identifier unique to the own device and a user identifier unique to the external information management device for the one user;
When the external information acquisition request transmitted from the service providing apparatus is received, the user identifier unique to the own apparatus included in the received external information acquisition request is determined based on the stored user identifier conversion information. Means for converting to a user identifier unique to the external information management device;
Means for transmitting an external information acquisition request including a user identifier unique to the converted external information management device to the external information management device;
A distribution means for receiving external information returned from the external information management apparatus in response to the external information acquisition request, and returning the received external information to the service providing apparatus that is the acquisition request source. Information linkage system. The return means of the external relay device is
When external information returned from the external information management device is received, a user identifier specific to the external information management device included in the external information is converted into a user specific to the own device based on the user identifier conversion information. Means for converting to an identifier;
2. The distributed information cooperation system according to claim 1, further comprising means for returning external information including the converted user identifier unique to the external relay device to a service providing device that is an acquisition request source. A plurality of service providing apparatuses, identifier linkage apparatuses, and user identifier conversion apparatuses that store user personal information that can communicate with each other via a network, the plurality of service provision apparatuses, identifier linkage apparatuses, and users Each of the identifier conversion devices manages a unique user identifier for identifying one user, and the identifier linkage device has a unique user identifier managed by each of the plurality of service providing devices and the user identifier conversion device. Management is performed in association with a unique user identifier managed by the device, and the user identifier conversion device is connected to the external information management device that stores information related to the personal information of the user via the network. A distributed information linkage system that is communicably connected,
The service providing apparatus includes:
Means for obtaining a user identifier unique to the user identifier conversion device corresponding to a user identifier unique to the own device for the one user from the identifier cooperation device;
Means for transmitting a user identifier conversion request including the acquired user identifier unique to the user identifier conversion device to the user identifier conversion device;
The user identifier conversion device includes:
Means for storing user identifier conversion information representing a correspondence relationship between a user identifier unique to the own device and a user identifier unique to the external information management device for the one user;
When the user identifier conversion request transmitted from the service providing device is received, the user identifier unique to the own device included in the received user identifier conversion acquisition request is stored in the stored user identifier conversion information. Means for converting to a user identifier unique to the external information management device based on:
Means for returning the converted user identifier unique to the external information management device to the service providing device of the conversion request source,
Further, the service providing device includes:
Means for transmitting an acquisition request for information related to the personal information of the user, including a user identifier unique to the external information management device returned from the user identifier conversion device, to the external information management device;
And a means for receiving external information returned from the external information management device in response to the external information acquisition request. A plurality of service providing devices, identifier linkage devices, and external relay devices that store user personal information that can communicate with each other via a network, the plurality of service provision devices, identifier linkage devices, and external relay devices are Each device manages a unique user identifier for identifying one user, and the identifier linkage device has a unique user identifier that is managed by the device itself and is managed by the plurality of service providing devices and external relay devices. A system in which the external relay device is connected in association with a user identifier, and is communicably connected to the external information management device that stores information related to the user's personal information via the network. There is a distributed information linkage method used,
For the one user, obtaining a user identifier unique to the external relay device corresponding to a user identifier unique to the own device from the identifier cooperation device;
The service providing apparatus transmits, to the external relay apparatus, an external information acquisition request for acquiring information related to the personal information of the user including a user identifier unique to the acquired external relay apparatus. Process,
A process in which the external relay device stores, in a storage medium, user identifier conversion information representing a correspondence relationship between a user identifier unique to the user and a user identifier unique to the external information management device for the one user; ,
When the external relay device receives the external information acquisition request transmitted from the service providing device, the user identifier unique to the own device included in the received external information acquisition request is stored as the stored user identifier. Converting the external information management device specific user identifier based on conversion information;
The external relay device transmits an external information acquisition request including a user identifier unique to the converted external information management device to the external information management device;
The external relay device includes a return process of receiving external information returned from the external information management device in response to the external information acquisition request, and returning the received external information to the service providing device that is the acquisition request source. A distributed information linkage method characterized by that. The return process of the external relay device is:
When external information returned from the external information management device is received, a user identifier specific to the external information management device included in the external information is converted into a user specific to the own device based on the user identifier conversion information. The process of converting to an identifier;
5. The distributed information cooperation method according to claim 4, further comprising a step of returning the external information including the converted user identifier unique to the external relay device to a service providing device that is a request source. A plurality of service providing apparatuses, identifier linkage apparatuses, and user identifier conversion apparatuses that store user personal information that can communicate with each other via a network, the plurality of service provision apparatuses, identifier linkage apparatuses, and users Each of the identifier conversion devices manages a unique user identifier for identifying one user, and the identifier linkage device has a unique user identifier managed by each of the plurality of service providing devices and the user identifier conversion device. Management is performed in association with a unique user identifier managed by the device, and the user identifier conversion device is connected to the external information management device that stores information related to the personal information of the user via the network. A distributed information linkage method used in a system that is communicably connected,
The service providing device acquires, from the identifier cooperation device, a user identifier unique to the user identifier conversion device corresponding to a user identifier unique to the own device for the one user;
The service providing device transmitting a user identifier conversion request including the acquired user identifier unique to the user identifier conversion device to the user identifier conversion device;
The user identifier conversion device stores, for the one user, user identifier conversion information representing a correspondence relationship between a user identifier specific to the user device and a user identifier specific to the external information management device; ,
When the user identifier conversion device receives a user identifier conversion request transmitted from the service providing device, the user identifier unique to the own device included in the received user identifier conversion acquisition request is stored in the memory. A process of converting to a user identifier unique to the external information management device based on the user identifier conversion information that has been made,
A process in which the user identifier conversion device returns the converted user identifier unique to the external information management device to the service provider device of the request source;
The service providing apparatus transmits an acquisition request for information related to personal information of the user to the external information management apparatus using the user identifier unique to the external information management apparatus returned from the user identifier conversion apparatus. The process of
The service providing apparatus comprises a step of receiving external information returned from the external information management apparatus in response to the external information acquisition request.

Images