JP2022014767A - Iot device for contact trace system - Google Patents

Abstract

To provide means for recording and notifying information that a person who is diagnosed to be positive (or a person who is determined to be positive later) by an inspection of an infectious disease stayed at a site.SOLUTION: A contact trace system 100 is constituted of a notification server 101 and a plurality of terminals loading proximity communication mechanisms, and is equipped at least with: a microprocessor unit (MPU) which performs information processing; a storage device; a proximity communication mechanism similar to those of the terminals; a connection function to an Internet line; and contact notification means. The MPU receives unique identifiers generated by the respective terminals by using the proximity communication mechanisms, on the other hand, receives identifiers of positive persons from the notification server via the connection function, collates the identifiers, and notifies a preset notification destination of necessary warning information via the contact notification means when both coincide.SELECTED DRAWING: Figure 1

Description

The present invention relates to an IoT (Internet of Things) device for a contact trace system that detects and records a person-to-person contact using a proximity communication mechanism.

In order to prevent the spread of infectious diseases, a personal device such as a smartphone (hereinafter, may be referred to as a "terminal") is used to track a close contact with a person who has been confirmed to have a positive diagnosis (hereinafter, referred to as a "positive person"). A contact trace system (hereinafter referred to as "system" in the present specification) is known. The Ministry of Health, Labor and Welfare (New Coronavirus Infectious Disease Control Tech Team) of Japan has announced that "New Coronavirus Contact Confirmation App (hereinafter, in this specification," The specifications of "this application" were published on May 26, 2020, and this application was released on June 19, 2020.

When this system meets the preset "contact" conditions, specifically, when the terminals on which this application is installed are in close proximity for 15 minutes or more within a distance of approximately 1 m, they are close to each other. In both terminals, the unique identifier generated by each terminal is exchanged and recorded by using the inter-terminal communication function. The identifier is deleted after a certain period of time.
At the time of positive confirmation, after the test at the medical institution, the positive person is registered in this system at the health center, while the positive person inputs that he / she is a positive person on his / her terminal through this application. Then, the terminal of the person who has the contact record with the positive person is notified and displayed on the screen of the terminal.

New Coronavirus Infectious Disease Control Tech Team "Contact Confirmation App and Related System Specifications" May 26, 2020 Privacy-Preserving Contact Tracing https://www.apple.com/covid19/contacttracing/

However, according to an inboard infection case of the cruise ship "Diamond Princess" that called in Japan in February 2020, the infection route is not only droplet infection by direct contact with positive persons, but also toilets, cabins, and inboards. "Indirect infection through goods" in a specific "place" such as a handrail has been reported as a newly discovered fact as an important route of infection to spread the spread of infection.

In this way, in the conventional system, even if a non-infected person who does not have a terminal visits a place where a positive person stays for a certain period of time and leaves immediately after that, unless there is direct contact with the terminal of the positive person. The fact that the positives stayed is unknown. This is because in the conventional system, the contact is recorded by directly exchanging the identifier between the terminals, and the collation / judgment by comparing the contact record with the identifier of the positive person is also performed in each user's terminal. be.

That is, in the conventional system, the judgment as to whether or not the person is a "contact person" is determined only within the application of the terminal, and the person who indirectly contacts the positive person via the "place" or "thing" is a positive person ( There is no way to record the information that a person who later turns out to be positive) "stayed at the place".

In addition, since the notification (warning) to the contact person with the positive person by this application is displayed on the terminal and transmitted only to the user of the terminal, "information" that does not carry the "terminal on which this application is installed". The "weak" cannot benefit from the system.

There is a growing need for solutions to such problems, for example, in places used by an unspecified number of people, such as public transportation seats, corporate conference rooms, stores, and travel-related matters in general.

On the other hand, as a "tracking system for infected persons to a place", a tracking system using a two-dimensional code is implemented in some local governments. In this method, the operator of the facility (store, event venue, etc.) registers the facility information in the server in advance, generates a two-dimensional code corresponding to the facility information on the server side, causes the operator of the facility to download it, and then downloads it. While printing and presenting the two-dimensional code in the facility, users such as stores and event participants can read the two-dimensional code from their own terminals and enter the e-mail address on the server to register the facility later. It is a mechanism to receive a warning email when it is found that there was an infected person. Such a "tracking system using a two-dimensional code" is a mechanism that is established with the active cooperation of both the facility side and the user side, and if properly operated, a certain effect can be expected. Large-scale and efficient operation is difficult. And this system also cannot enjoy the benefits of the system at all for "information vulnerable people" who do not have terminals.

The present invention has been made in view of the above, and is a means for recording and notifying information that a person diagnosed as a positive person (or a person who is later found to be a positive person) stayed at the place by a test for an infectious disease. Is a technical issue.

The present invention is a new and inexpensive IoT device (dedicated device connected to the Internet) that can be implemented without any modification to the existing contact tracing system including the conventional contact confirmation application (this application) and the notification server. ) Is installed in various places to propose a method to solve all of these problems.

The IoT device according to the present invention is used in a contact trace system composed of a notification server and a plurality of terminals equipped with a proximity communication mechanism.
It is provided with at least a microprocessor unit (MPU) for performing information processing, a storage device, a proximity communication mechanism similar to that of the terminal, a function for connecting to an Internet line, and a contact notification means.
While the MPU receives a unique identifier generated by each terminal using the proximity communication mechanism,
Upon receiving the positive person's identifier from the notification server via the connection function,
It is characterized in that these identifiers are matched, and when they match, necessary warning information is notified to a preset notification destination via the contact notification means.

The notification means may be an e-mail, a short message, a voice announcement, or a blinking lamp. Execution of these notification means may be performed via a server connected via the connection function. Even if the IoT device itself does not have a mail sending function or a short message sending function, a notification means such as sending a text message to a chat or group chat via a mail server or short message sending server connected via the Internet line is provided. It can be done, which makes it possible to simplify the configuration of IoT devices. When driving a device for notification, it is conceivable to provide a necessary device driver to control the device side. Alternatively, it is conceivable to notify the company that implements the disinfection service or other various service companies, or call WebAPI to contact the necessary service company.

The "preset conditions for contact with the terminal" may be set in the same manner as in this application, or the IoT device may set its own standard (for example, within 10 m) according to the installation location and purpose. 1 minute or more) may be set. For example, when it is installed in a train vehicle, people who only pass between vehicles may be excluded.

By installing the above IoT devices in various facilities and places used by an unspecified number of people, such as public toilets, public transportation seats, theaters, parks, and conference rooms, it is possible to use those places in the future. Promptly notify the person who has sex, the user even after using it, the person who manages the place (facility), and other necessary people of the fact that the positive person used it. Can be done.

Since the IoT device according to the present invention does not modify the existing contact tracing system at all, it dramatically enhances the convenience, usefulness, and effectiveness of the existing contact tracing system. Moreover, since it can be realized with a device equipped with an extremely low-performance MPU, minimum communication function (TCP / IP and Bluetooth (registered trademark)), and a storage device, it can be installed at various locations because it can be implemented at extremely low cost. It is also easy to carry out on a large scale.

In addition, the notification means also had to confirm the display on the terminal by itself under the conventional system, but according to the present invention, the so-called "push type", that is, positively to all the persons to be notified. It is easy to take measures such as calling attention, disinfecting, or temporarily closing the facility until the disinfection is completed. Since the IoT device according to the present invention does not identify a positive person who is detected / judged by this device and a user who subsequently uses the facility, it changes the security policy premised on the existing system including privacy protection. There is an advantage that it is not.

FIG. 1A is a conceptual diagram showing the configuration of the IoT contact trace system described in this embodiment. FIG. 1B is a schematic diagram illustrating a functional block of the IoT device 30. FIG. 2 illustrates the functional configuration and main information flow of the application during normal times and positive detection. FIG. 3A is a diagram illustrating the operation of the program including the data held by the application, the terminal-to-terminal communication by the proximity communication mechanism, the notification server, and the infected person system. FIG. 3B is a diagram showing a collation process of a contact confirmer using a key (identifier) or a code. It is a figure which shows how the contact code RPI is generated from the daily key TEK and the time ENIN, and the contact confirming person is found by the collation. FIG. 4 is a conceptual diagram schematically showing the overall configuration of a conventional system.

This embodiment can be implemented without any modification to the conventional system consisting of the notification server already implemented and the "application" installed on a plurality of terminals. Therefore, the description of the conventional system is based on the specifications. However, the various conditions defined in the specifications are only examples. In the following examples, the conventional system will be described first, and then the parts added in the system of the present invention will be described.

The terms used herein are defined as follows.
Explanation of terms (abbreviation) ・ Contact The state of continuous proximity for 15 minutes or more within a distance of approximately 1 m ・ Total number of contacts Number of contacts regardless of whether the other party is positive or not ・ Positive diagnosis by PCR test Confirmed person ・ Contact confirmer Person who meets the contact confirmation conditions ・ Contact confirmation application (this application) Contact confirmation was made to the contact confirmer based on the consent of the positive person by collecting the information necessary for contact confirmation. Terminal application that notifies the effect ・ Apple-Google Exposure Notification Framework (AGF) A function for notifying contact confirmation provided by Apple-Google at the OS level of the terminal ・ Inter-terminal communication function AGF function, Bluetooth ( A function to communicate with other terminals using (registered trademark) ・ Code management function AGF function to issue and manage a “daily key” and a “contact code” generated from the daily key ・ Contact record data Each terminal Contact information with others recorded in.
-Processing number An unintentional and temporary number issued by the infected person system on a one-to-one basis in response to a request from a positive person. It is used to confirm the authenticity of the registration of positive persons in the contact confirmation application.
-Contact code A code that is recorded as contact record data in the terminal and is used to collate contact with a positive person. The identifier in the AGF is defined separately.

FIG. 4 is a conceptual diagram schematically showing the overall configuration of a conventional system. This conventional system 200 includes a notification server 101, a contact trace server 102, and a plurality of terminals (terminal A, terminal B, terminal C, ...) In which a proximity communication mechanism is installed and the application is installed. Consists of. Strictly speaking, the contact trace server 102 is constructed as a separate system, but for convenience of explanation, it is added to the configuration of this system. This application is built using an application programming interface (API) called Exposure Notification Framework (hereinafter referred to as "AGF") jointly provided by Apple and Google. By using AGF, this application can control the proximity communication mechanism on the operating system (OS), so that this application can be used in the background even while using other applications.

The definition of a contact person in this application is a positive person as a person who is notified to the user of this application about contact information with a person whose positive diagnosis is confirmed by PCR test (hereinafter referred to as "positive person"). It is defined as a person who has been in close proximity to a positive person for 15 minutes or more continuously at a distance of approximately 1 m or more during the period when there is a risk of infection due to contact with the positive person (hereinafter referred to as "positive confirmed person"). do.

In AGF, the unique identifier UUID (Universally Unique Identifier) assigned to each user (each terminal) is used as a secret key, and the daily key TEK (Temporary Exposure Key), which is a unique identifier generated based on the UUID, and the day A contact code RPI (Rolling Proximity Identifire), which is a unique identifier that can be generated based on the next key TEK and the time information ENIN (ENinterval Number), is defined. RPI is a 16-byte sequence.

All three identifiers are generated by executing a cryptographically robust one-way function. Therefore, it is possible to generate a TEK from the UUID, but conversely, it is not possible to obtain the UUID from the TEK. Similarly, RPI can be generated from TEK and ENIN, but TEK and ENIN cannot be obtained from RPI.

The contact code RIP is a unique code based only on a random code and time, and is not linked with other information, so that an individual cannot be identified. Since the contact code RPI is a unique identifier intended to be exchanged with the contact code RPI on the terminal of the other party when the contact condition is satisfied, in the present specification, the "contact code RPI" is referred to as "contact code RPI" for convenience. It may be called "replacement ID".

In this application, two more identifiers, "diagnosis key DK (Diagnosis Key)" and "processing number S", are used. The diagnostic key DK is an identifier created based on the daily key of the positive person and the time information ENIN. In this embodiment, the process number S is assigned by the contact trace server 102 for convenience of explanation, but in actual operation, the “infected person system (new coronavirus infected person, etc. information grasping / management support system (HER-”) SYS: Hersis)) ”is an 8-digit code given to a positive person when a positive diagnosis is confirmed by another system. The mechanism for verifying the processing number S will be described later.

Table 1 shows the definition and description of the identifier. Since UUID is an identifier used inside the application, it is excluded from Table 1.

FIG. 2 illustrates the functional configuration and main information flow of the application during normal times and positive detection. FIG. 3A is a diagram illustrating the operation of the program including the data held by the application, the terminal-to-terminal communication by the proximity communication mechanism, the notification server, and the infected person system. FIG. 3B is a diagram showing a collation process of a contact confirmer using a key (identifier) or a code. It is a figure which shows how the contact code RPI is generated from the daily key TEK and the time ENIN, and the contact confirming person is found by the collation.
<Normal time>
Each terminal generates a daily key TEK that is randomly generated every day. The daily key TEK is deleted from the terminal after 14 days have passed. Each terminal generates a unique identifier "contact code RPI" from the daily key TEK and the current time (ENIN) at regular intervals (for example, every 10 minutes) and records it in each terminal. In the case of viral infections, the number of days deleted is set by the maximum incubation period of the virus.

This application generates a contact code (RPI) based on UUID every 10 minutes, combines the generated RPI and AEM (Associated Encripted Metadata), and transmits a beacon using a proximity communication mechanism. A beacon is a radio wave transmitted by a proximity communication mechanism, and an AEM is encrypted metadata used by the proximity communication mechanism. The data included in the AEM includes the version of Exposure Notification and the transmission output (+127 to -127 dBm). The transmit power can be used to estimate the distance. The beacon outputs about 3 to 5 times per second. On the other hand, on the receiving side, as contact recording data, it is possible to estimate data having a constant proximity distance of about 1 m or more from the received beacon and having an electric field strength or higher. The recorded contact code RIP generated by the own terminal and the contact record data acquired by receiving the beacon of the proximity communication mechanism are both deleted after 14 days have passed. When receiving the beacon, it is possible to receive all the beacons having a certain electric field strength or more and then hold only the contact code within a proximity distance of 1 m, or to receive only the beacons having a certain electric field strength or more. It may be a design.

<When a positive person is discovered>
When an infection test means such as a PCR test reveals that there is a suspicion of infection, the infected person system assigns a processing number S to the positive person. The processing number S is transmitted to a positive person to which the processing number S is given by means such as e-mail or short message. The positive person who received the processing number S himself / herself activates this application and inputs the processing number S received with the consent into his / her terminal. This application sends the entered document number S to the notification server. The notification server receives the processing number S directly from the infected person system and collates it with the processing number S received from the user to confirm that they match. This eliminates mischief and malicious positives.

In the present specification, for convenience, the "contact code RPI registered in the notification server 101" may be referred to as an "infected person ID". The notification server 101 transmits the registered infected person ID to each user's terminal.

For example, when the terminal A and the terminal B "contact", the exchange ID (contact code RIP) of both is recorded on each other's terminal. Here, it is assumed that the user of the terminal B is found to be a positive person. At this time, the user of the terminal B declares that he / she is an infected person by his / her own operation. Then, all the replacement IDs held in the terminal B are transmitted to the notification server 101 and registered on the notification server 101. The notification server 101 transmits the infected person ID to all terminals registered in the system.

Each terminal that receives the infected person ID from the notification server 101 compares the replacement ID held in its own terminal with the infected person ID, verifies whether there is a match, and if there is a match. For example, the date and time when the replacement ID (that is, the contact code RPI) matching the infected person ID is acquired is displayed on the terminal.

<IoT Contact Trace System>
FIG. 1A is a schematic diagram showing the configuration of the IoT contact trace system 100 described in this embodiment. As shown in the figure, in this embodiment, dedicated IoT devices 30 capable of receiving the beacon transmitted by the terminal are installed in various places. The IoT device 30 is premised on an existing contact trace system, and is further configured by adding a dedicated IoT device 30 installed in a large number of places.

FIG. 1B is a schematic diagram illustrating a functional block of the IoT device 30. The IoT device 30 includes at least a microprocessor unit (MPU) that performs information processing, a storage device, a proximity communication mechanism similar to a terminal used in the system, a connection function to an Internet line, and a contact notification means. Equipped. The MPU can execute a program for receiving the beacon of the proximity communication mechanism and receive a unique identifier (AEM and RPI) generated by each terminal. Then, while acquiring a unique identifier that satisfies the condition of contact with the terminal set in advance, the identifier of the positive person is received from the notification server via the connection function, and these identifiers are matched, and both match. In that case, the necessary warning information is notified to the preset notification destination via the contact notification means.

Like the terminal on which the application for the contact trace system is installed, the IoT device 30 is provided with a proximity communication mechanism such as Bluetooth (registered trademark) in addition to the MPU, and also has a connection function to an Internet line. .. A display device or the like is not required, and an external server (cloud) connected via an internet line can be used as a contact notification means. Of course, a mail server or a short message sending server may be configured in the IoT device 30 itself. In addition, it may be used as a notification means by controlling the device such as voice announcement and hand-out of the lamp.

Since the contact condition depends on the reception of the beacon, it can be set to the same condition as the terminal, but the IoT device may set its own standard. For example, instead of setting the contact to "within 1 m and 15 minutes or more", "within 10 m and 1 minute or more" may be used.

(Other examples)
In the above embodiment, the contact trace system implemented in Japan is described on the premise of the specifications defined by the Apple-Google Exposure Notification Framework (AGF), but there are many systems that use APIs different from this. .. All systems, including those that acquire location information and those that use identifiers associated with personal information, are basically intended to track contact with infected persons physically. As long as the identifier (exchange ID) of the other party is directly exchanged between adjacent terminals by wireless communication, it is included in the category of "contact trace system". With respect to these, the same effects as those in the above embodiment can be obtained by installing IoT devices capable of receiving beacons and other radio waves transmitted by terminals at a large number of places.

It is expected to effectively prevent the spread of infectious diseases, and its industrial applicability as well as its public interest effect is extremely large. In particular, in a contact trace system, it is said that it functions effectively only when the number of users exceeds a certain level, but by installing a large number of IoT devices of this embodiment, the effectiveness of the system is further enhanced. it is conceivable that.

100 Contact Trace System of Embodiment 200 Conventional Contact Trace System 101 Notification Server 102 Contact Trace Server 30 IoT Device

Claims (4)

Used in a contact trace system consisting of a notification server and multiple terminals equipped with a proximity communication mechanism.
It is provided with at least a microprocessor unit (MPU) for performing information processing, a storage device, a proximity communication mechanism similar to that of the terminal, a function for connecting to an Internet line, and a contact notification means.
While the MPU receives a unique identifier generated by each terminal using the proximity communication mechanism,
Upon receiving the positive person's identifier from the notification server via the connection function,
An IoT device characterized in that these identifiers are matched, and when the two match, necessary warning information is notified to a preset notification destination via the contact notification means. The IoT device according to claim 1, wherein the notification means is an e-mail, a short message, a voice announcement, and a blinking lamp. Claim 1 is characterized in that the preset contact condition with the terminal is the same condition as the application executed on the terminal or a condition set with an original standard on the IoT device side. Or the IoT device according to 2. An IoT contact tracing system including a notification server, a plurality of terminals provided with a proximity communication mechanism, and the IoT device according to any one of claims 1 to 3.

Images