JP4932861B2 - Distributed information access system, distributed information access method and program - Google Patents

Description

  The present invention relates to a system, method, and program for accessing personal data related to medical care managed by a plurality of databases held by, for example, medical institutions, health-related institutions, exercise-related facilities, etc., via a communication network. About.

  When a person becomes ill or feels anxious about his / her health, he / she may visit different medical institutions depending on the symptoms. Even if the symptoms are the same, if you are affected by a relocation or business trip, you will see a different medical institution. As a result, information related to medical treatment or the like of a single patient is distributed and managed in a plurality of medical institutions.

  By the way, EHR (Electronic Health Recode) that collects information related to medical care of a single patient managed by multiple medical institutions through a communication network recently and is useful for medical treatment and medication at remote locations. A system has been proposed. This system periodically collects various medical data related to a specific patient from, for example, databases held by a plurality of medical institutions, and stores the collected medical data in a centralized management database to enable browsing. Is.

  In addition, collection source authentication is required to realize this type of system, and as a system with this authentication function, ID federated authentication is performed using an authentication proxy server, and distributed to multiple service servers. There has been proposed a system that enables access to the received data by single sign-on to a service server (see, for example, Patent Document 1).

JP 2007-299303 A

  However, in the conventional integrated service system that makes it possible to use databases of multiple data servers by a single application, it is necessary to change the interface of each familiar legacy system to a new integrated interface. This is an operational burden. Further, in practice, a process for always linking servers is necessary even though a database used for a specific job is often accessed. For this reason, system performance is lowered and communication costs are increased.

  The present invention has been made paying attention to the above circumstances. The purpose of the present invention is to make it possible to use an existing interface that is familiar to users and to perform cooperation processing between servers only when necessary. It is an object to provide a distributed information access system, a distributed information access method, and a program that reduce the operation burden of the system and reduce communication costs.

In order to achieve the above object, a first aspect of the present invention includes a plurality of data servers that manage personal data in a database in association with identification information for each user, user authentication information, and a plurality of data servers. An authentication server for managing location information and a user terminal used by a user can be connected via a communication network, and corresponding personal data is sent to the data server in response to an access request for personal data from the user terminal. In a distributed information access system for transmitting to the requesting user terminal via the communication network,
A means for managing linkage information for linking user identification information managed by each of the plurality of data servers and the authentication server to each of the plurality of data servers, and an access request for personal data from the user terminal. In this case, the means for determining whether the request destination is the own data server or another data server, and the user identification information included in the access request when the request destination is determined to be the own data server. The personal data corresponding to is searched from the database and transmitted to the requesting user terminal, and when the request destination is determined to be another data server, the authentication server Authentication processing means for executing an authentication procedure for authentication, and after completion of the authentication procedure for cooperation, the authentication server sends an access request destination data server The location information is acquired and the access request is transferred to the data server that is the access request destination based on the location information, and the personal data returned from the request destination data server is requested in response to the access request. When the access request is transferred from the data request processing means to be transferred to the original user terminal and another data server, the personal data corresponding to the user identification information included in the access request is searched from the database, Based on the cooperation information and the user authentication information when the data provision processing means returns to the data server of the transfer source, the transfer of the access request by the data request processing means, and the retrieval of personal data by the data provision processing means. To convert the user identification information between the data servers that are the transfer source and transfer destination of the access request. It is obtained so as to include and.

  Therefore, when the user of the user terminal acquires other person's personal data from the log-in data server, the desired personal data can be obtained in a short time and with a low communication cost without performing authentication linkage processing between the servers. Can be obtained. In other words, personal data acquisition processing from a specific data server that occupies most of the work, using the legacy system interface locally as before, does not impose a new operational burden on the user. realizable.

  When acquiring personal data from a data server other than the login data server, the location information of the data server that is the access destination from the authentication server is controlled under the control of the data request processing means provided in the data server. Acquired and an access request is transferred to the access destination data server based on the location information. Then, the access destination data server acquires personal data corresponding to the access request under the control of the data providing processing means, and returns the personal data to the requesting user terminal via the transfer source data server. Is done. Therefore, it is possible to refer to the personal data of another data server as necessary from the data server of the login destination without switching from the interface of each familiar legacy system to the new integrated interface.

  In addition, the local user identification information is converted based on the cooperation information for linking the local user information registered in each data server and the user authentication information managed by the authentication server. For this reason, even if the data server manages the personal data of the same user using different user identification information, the personal data of the desired user can be reliably collected in real time.

In addition, when the request destination is determined to be another data server, it is determined whether the authentication procedure for cooperation has been executed or not executed in the past, and only when it is determined that the request has not been executed. It may be controlled to execute the authentication procedure for the above cooperation.
In this way, once the authentication procedure for cooperation is performed once, this authentication procedure is omitted, so that the processing load on the data server can be reduced and the communication cost can be further reduced. Further, the user is not required to input information for the authentication procedure every time access is performed, thereby reducing the operation burden.

  In order to achieve the above object, a second aspect of the present invention is provided with a portal server, in order to link the user identification information managed by each of the plurality of data servers, the authentication server, and the own portal server. Means for managing the linkage information, means for receiving an access request for personal data from a user terminal, and executing an authentication procedure for cooperation with the authentication server when the access request is received. After the authentication processing means for cooperation and the authentication procedure for cooperation are completed, the location information of the access request destination data server is obtained from the authentication server, and the access request destination data server is obtained based on the location information. In addition to transferring the access request, the personal data returned from the requested data server in accordance with the access request Service request processing means to be transferred to the user terminal, and a data server to which the access request is transferred from the authentication server based on the linkage information managed by the server prior to the transfer of the access request by the data request processing means The link information is acquired, and the acquired link information is sent together with the access request, so that the transfer destination data server is provided with means for converting the user identification information.

  Therefore, when an access request is generated from the user terminal, the access request is transferred from the portal server to the access destination data server based on the location information acquired using the linkage information. Conversion processing of user identification information is performed based on its own cooperation information, and corresponding personal data is retrieved. For this reason, even when a plurality of data servers manage personal data of the same user using different user identification information, it is possible to reliably access the corresponding personal data.

Further, in the present invention, the following specific embodiments can be considered.
The first embodiment generates a list of service types that can be accessed from the portal server among the plurality of service types when the plurality of data servers distribute and manage a plurality of personal data having different service types. If the information indicating the service type selected from the list is sent from the user terminal, the information corresponding to the selected service type is sent to the individual corresponding to the service type. It is received as a data access request.
In this way, the user can transmit an access request for personal data corresponding to the service only by selecting a desired service from the presented list.

In the second embodiment, information representing the access history for the personal data managed by the data server is updated and stored in the access history database on the portal server based on the processing result of the access request by the service request processing means. Log management processing means, and access history presenting means for transmitting information representing the access history stored in the access history database to the user terminal.
In this way, each time an access request for personal data managed by each data server is generated, access history information is generated for each personal data and stored in the access history database. Presented. For this reason, when accessing the personal data, the user can determine whether or not access is necessary with reference to the access history.

In the third embodiment, when the plurality of data servers distribute and manage a plurality of personal data of different service types, the information representing the access history is updated for each of the personal data, and the plurality of personal data The personal data corresponding to the service type accessible from the portal server is selected from the data, and information representing the access history of the selected personal data is selectively read from the access history database and transmitted to the user terminal. Is.
In this way, when a plurality of personal data of different service types are distributed and managed by a plurality of data servers, only the access history information of the personal data corresponding to the service types accessible from the portal site is stored in the user terminal. Sent. Therefore, the user can perform an operation for an access request after confirming in advance an accessible service type. Further, even if a low-function server having no log management function is included in the system, the user can grasp the access update history of all the data servers used by the user.

The fourth embodiment stores a log management function level preset for each service type when the plurality of data servers distribute and manage a plurality of personal data of different service types. Then, the stored log management stores the presence / absence of a difference between the latest access history information generated based on the processing result of the access request and information representing the past access history stored in the access history database. Detection is performed according to the function level, and information representing the access history is updated according to the detection result of the presence or absence of the difference.
In this way, the access history information of the personal data can be managed for each service type according to the log management function level set for each service type.

  That is, according to one aspect of the present invention, it is possible to use an existing interface that is familiar to users and to perform linkage processing between servers only when necessary, thereby reducing the operation burden on the user and reducing communication costs. A distributed information access system, a distributed information access method, and a program can be provided.

1 is a block diagram showing a first embodiment of a distributed information access system according to the present invention. FIG. FIG. 2 is a sequence diagram showing a processing procedure when data is acquired from a data server that is a login destination in the distributed information access system shown in FIG. 1. FIG. 2 is a sequence diagram showing a processing procedure when data is acquired from a data server other than a login destination data server in the distributed information access system shown in FIG. 1. It is a sequence diagram which shows the authentication procedure for cooperation in the sequence shown in FIG. It is a figure which shows the kind of data access route. It is a block diagram which shows 2nd Embodiment of the distributed information access system concerning this invention. FIG. 7 is a sequence diagram showing a processing procedure when data is acquired from a data server via a login destination portal server in the distributed information access system shown in FIG. 6. It is a sequence diagram which shows the authentication procedure for cooperation in the sequence shown in FIG. It is a figure which shows the processing content of the service update log | history aggregation function according to the classification of service classification. FIG. 7 is a diagram showing an example of a display screen sent from a portal server to a user terminal in the distributed information access system shown in FIG. 6.

Embodiments according to the present invention will be described below with reference to the drawings.
(First embodiment)
FIG. 1 is a block diagram showing a first embodiment of a distributed information access system according to the present invention. The distributed information access system of this embodiment includes a plurality of high-function data servers DSV1 to DSVn operated by medical institutions, health-related institutions, exercise-related facilities, and the like, and an authentication server ASV, and these servers DS1 to DSn, ASV Communication between each other and between these servers and the user terminal UT is made possible via the network NW. Note that n is the number of data servers and is a natural number (a positive integer).

  The communication network NW includes, for example, an IP (Internet Protocol) network represented by the Internet and a plurality of access networks for accessing the IP network. As the access network, for example, a LAN (Local Area Network), a wireless LAN, a mobile phone network, a wired phone network, and a CATV (Cable Television) network are used.

  The user terminal UT is used for general user terminals such as patients used at home, etc., and for doctors, public health nurses, pharmacists, etc. to obtain medical data of patients at the request of patients. And an operator console terminal (not shown) provided in the user registration server USV.

  The high-function data servers DSV1 to DSVn are obtained by connecting a program memory, various databases, and a communication interface to a central control unit (CPU) via a bus. The function modules include the following function modules. ing. The function modules are a data management processing module 11, a user operation processing module 12, an authentication collaboration processing module 13, a data provision processing module 14, and a data request processing module 15. All of these functional modules are realized by causing the CPU to execute each program stored in the program memory.

  When the user operation processing module 12 receives the data reference request transmitted from the user terminal UT via the communication interface, the user operation processing module 12 determines whether the access destination is the local server according to the service type specified by the data reference request. Or other high-function data server. When the access destination is determined to be the own server, a data reference request is given to the data management processing module 11, and the personal data retrieved by the data management processing module 11 in response to the data reference request is used as a reference request source. The user terminal UT is returned from the communication interface. On the other hand, if the access destination is another high-function data server, a cooperation authentication procedure for accessing the access-destination high-function data server with the authentication server ASV is executed, and then the service request processing module 15 A process for transferring the data acquisition request is executed.

  When the data provision processing module 14 receives a data acquisition request transferred from another high-function data server via the communication interface, the authentication cooperation processing module 13 based on the cooperation ID included in the received data acquisition request. The local user ID used in the server is acquired from the server, and a data reference request is given to the data management processing module 11. And the process which returns the personal data read from the data management processing module 11 to the high function data server used as the transfer origin of the said data acquisition request is performed.

  The data management processing module 11 includes a user database (user DB) 111, an application database (application DB) 112, and a disclosure setting database (disclosure setting DB) 113. The user DB 111 stores user information for identifying and managing each user (user). The user information includes a user ID, basic user information, user attributes, and the like. In the application DB 112, health guidance information, health diagnosis information, and the like are stored in association with the local user ID as personal data of each user. The disclosure setting DB 113 stores information representing a disclosure policy in which the personal data of the user stored in the application DB 112, that is, health guidance information and health diagnosis information, to which the information is to be disclosed.

  In response to the data reference request from the user operation processing module 12 or the data provision processing module 14, the data management processing module 11 first sets the disclosure condition set by the disclosure policy stored in the disclosure setting DB 113 by the requesting user. It is determined whether or not the above is satisfied. If the result of this determination is met, the personal data corresponding to the request content is read from the application DB 112, and this personal data is returned to the user operation processing module 12 or the data provision processing module 14 that is the transfer source of the data search request.

  When a data acquisition request is transferred from the user operation processing module 12, the data request processing module 15 receives a high access destination from the authentication server ASV based on the cooperation ID acquired from the authentication cooperation processing module 13 described later. The location information of the function data server and the cooperation ID are acquired. And based on this acquired location information, the process which transmits the data acquisition request containing the said cooperation ID acquired from the communication interface with respect to the high function data server of an access destination is performed. When the personal data returned from the high-function data server to be accessed is received via the communication interface in response to the data acquisition request, the personal data is received from the user operation processing module 12 via the communication interface. Processing to be transmitted to the user terminal UT is executed.

  The authentication cooperation processing module 13 includes a cooperation ID database (cooperation IDDB) 131. The cooperation ID database 131 stores cooperation IDs assigned to the high-function data servers DSV1 to DSVn. The authentication collaboration processing module 13 acquires authentication information from the authentication server ASV in response to a request from the data request processing module 15 or the data provision processing module 14, and uses the collaboration ID DB 131 to communicate with other data servers. Perform attribute conversion (distribution of personal data).

  Similarly to the high-function data servers DSV1 to DSVn, the authentication server ASV is formed by connecting a program memory, a database, and a communication interface to the CPU via a bus. As functional modules, an authentication processing module 21, an authentication collaboration processing module 22, and a location providing processing module 23 are provided. These functional modules are realized by causing the CPU to execute a program stored in the program memory.

  The authentication cooperation processing module 22 has a cooperation ID database (cooperation IDDB) 221. In the cooperation ID DB 221, cooperation IDs set for each high-function data server for each user are stored in association with each other. When the authentication collaboration processing module 22 receives a collaboration authentication start request sent from another high-function data server via the communication interface, the authentication collaboration processing module 22 acquires a corresponding collaboration ID from the collaboration ID DB 221 in response to the request. Then, a request for starting the authentication process for cooperation is given to the authentication processing module 21 based on the acquired cooperation ID. When a cooperation authentication result is sent from the authentication processing module 21 in response to this cooperation authentication start request, processing for returning the cooperation authentication result to the requesting high-function data server from the communication interface is executed.

  The authentication processing module 21 has a user database (user DB) 211. The user DB 211 stores user information for identifying and managing each user. Then, in response to a cooperation authentication start request from the authentication cooperation processing module 22, the authentication processing for cooperation is executed based on the user information stored in the user DB 211, and the authentication result for cooperation is obtained as the authentication cooperation processing module 22. Return to.

  The location provision processing module 23 includes a location information database (location information DB) 231 storing information indicating the location of each of the high-function data servers DSV1 to DSVn, for example, a URL (Uniform Resource Locator). When a location information acquisition request is received from another high-function data server via the communication interface, the location information of the own server is read from the location information DB 231 in response to the acquisition request, and the location information is read from the communication interface. Execute the process to return to the high-function data server.

Next, the data collection operation by the system configured as described above will be described.
It is assumed that the user DB 11 and the disclosure setting DB 113 of each of the high-function data servers DSV1 to DSVn store information representing a user ID and a disclosure policy set in advance for each user. Further, it is assumed that ID linkage information for linking user IDs held by the data servers DSV1 to DSVn is generated and stored in advance in the linkage ID DB 131 of the high function data servers DSV1 to DSVn.

(1) When acquiring personal data from a high-function data server at the login destination
Here, a case where the user terminal UT logs in to the high function data server DSV1 and acquires personal data managed by the data server DSV1 will be described as an example. FIG. 2 is a sequence diagram showing the procedure.

  The user terminal UT accesses and logs in to the high function data server DSV1 by using, for example, a Web browser. When a login request is sent from the user terminal UT, user authentication is performed by the user operation processing module 12 in the high function data server DSV1. In this user authentication process, the validity of the user is authenticated with reference to the user DB 111 based on the user information input by the user at the user terminal UT. As the authentication method, ID / password authentication, public key infrastructure (PKI) authentication, multi-factor authentication, or the like is used.

  When the validity of the user is confirmed by the user authentication process and a data reference request is sent from the user terminal UT, the high-function data server DSV1 uses the service type specified by the data reference request by the user operation processing module 12 It is determined whether the access destination is the own server DSV1 or another high function data server. If the access destination is the own server DSV1, a data reference request is given to the data management processing module 11. In response to the data reference request, the data management processing module 11 determines whether or not the requesting user satisfies the disclosure policy conditions stored in the disclosure setting DB 113. If the result of this determination is that the requesting user satisfies the disclosure conditions, personal data corresponding to the requested content is read from the application DB 112. The read personal data is transmitted from the communication interface to the requesting user terminal UT under the control of the user operation processing module 12.

  Therefore, when the user of the user terminal UT acquires personal data of another person from the high-function data server DSV1 that is the login destination, the authentication cooperation process between the servers is not performed and the communication cost is reduced in a short time. Desired personal data can be acquired. In other words, personal data acquisition processing from a specific data server that occupies most of the work, using the legacy system interface locally as before, does not impose a new operational burden on the user. realizable.

(2) When acquiring personal data from a high-function data server other than the high-function data server at the login destination
Here, a case where the user terminal UT logs in to the high function data server DSV1 and acquires personal data managed by another high function data server DSV2 different from the data server DSV1 will be described as an example. FIG. 3 is a sequence diagram showing the procedure.

  When the validity of the user is confirmed by the user authentication process and a data reference request is sent from the user terminal UT, the high-function data server DSV1 uses the user operation processing module 12 to specify the service type specified by the data reference request. Accordingly, it is determined whether the access destination is the own server DSV1 or another high-function data server. If the access destination is another high function data server DSV2, it is determined whether or not the authentication procedure for cooperation for the high function data server DSV2 has been performed in the past. Under the control, the authentication procedure for cooperation is executed with the authentication server ASV as follows. FIG. 4 is a sequence diagram showing the procedure.

  That is, the high-function data server DSV1 transfers a cooperation authentication start request from the user operation processing module 12 to the authentication cooperation processing module 13, and the authentication cooperation processing module 13 sends the authentication start request for cooperation to the authentication server ASV. Send. Upon receiving this authentication start request for cooperation, the authentication server ASV reads the corresponding cooperation ID from the cooperation ID DB 221 in response to the request by the authentication cooperation processing module 22 and gives this cooperation ID to the authentication processing module 21. The authentication processing module 21 executes the authentication process for cooperation based on the user information stored in the user DB 211 and returns the authentication result for cooperation to the authentication cooperation processing module 22. Information representing the authentication result for cooperation is returned from the authentication cooperation processing module 22 to the requesting high-function data server DSV1. When the information representing the authentication result for cooperation is returned, the high function data server DSV1 transfers the information from the authentication cooperation processing module 13 to the user operation processing module 12.

  When the user operation processing module 12 receives the information indicating the authentication result for cooperation, the user operation processing module 12 transfers a data acquisition request to the data request processing module 15 as shown in FIG. The data request processing module 15 accesses the authentication cooperation processing module 13 to acquire the cooperation ID of its own server, generates a request for acquiring the location information of the high-function data server DSV2 to be accessed, and generates an authentication server Send to ASV. At this time, the location information acquisition request includes the cooperation ID of the own server DSV 1 acquired from the authentication collaboration processing module 13 and the designation information of the service for which the location information is desired to be acquired.

  Services include medical history data browsing service, blood pressure, pulse, weight and other vital information browsing services, medication information browsing service, exercise record data at gym and daily exercise record data such as steps A service ID preset for these services is used as the designation information.

  When the location information acquisition request is received, the authentication server ASV is accessed by the location providing processing module 23 from the authentication cooperation processing module 22 using the cooperation ID of the high-function data server DSV1 included in the received location information acquisition request. The cooperation ID of the previous high function data server DSV2 is acquired. Then, the location information of the high-function data server DSV2 to be accessed is read from the location information DB 231 using the acquired linkage ID as a key, and the location information and the linkage ID of the read-out high-function data server DSV2 are read from the request source Return to the function data server DSV1.

  When receiving the location information, the data request processing module 15 of the high function data server DSV1 transmits a data acquisition request to the high function data server DSV2 based on the location information. At this time, the data acquisition request includes the cooperation ID of the high-function data server DSV2 and the search query.

  When the high-function data server DSV2 receives the data acquisition request, the high-function data server DSV2 receives the data provision processing module 14 from the authentication cooperation processing module 13 based on the cooperation ID of the own server DSV2 included in the data acquisition request. Get local user ID. Then, the data reference request including the acquired local user ID in the own server DSV2 and the search query included in the received data acquisition request is transferred to the data management processing module 11.

  In response to the data reference request, the data management processing module 11 determines whether or not the requesting user satisfies the disclosure policy conditions stored in the disclosure setting DB 113. If the result of this determination is that the requesting user satisfies the disclosure conditions, personal data corresponding to the requested content is read from the application DB 112. The read personal data is returned from the communication interface to the data request processing module 15 of the high-function data server DSV1, which is the transfer source of the data acquisition request, under the control of the data providing processing module 14. Then, it is transferred from the data request processing module 15 of this high-function data server DSV1 to the user operation processing module 12, and is transmitted to the user terminal UT of the data reference request source under the control of this user operation processing module 12. .

  As described above, when acquiring personal data from the high function data server DSV2 other than the high function data server DSV1 at the login destination, under the control of the data request processing module 15 provided in the high function data server DSV1, The location information of the high-function data server DSV2 to be accessed is acquired from the authentication server ASV, and a data acquisition request is transferred to the high-function data server DSV2 based on this location information. In the high function data server DSV2, personal data corresponding to the data acquisition request is acquired from the data management processing module 11 under the control of the data providing processing module 14, and this personal data is transferred to the high function data server of the transfer source. It is returned to the requesting user terminal UT via DSV1.

  Therefore, it is possible to refer to the personal data of other data server DSV2 as necessary from the high-function data server DSV1 at the login destination without switching from the interface of each familiar legacy system to the new integrated interface. It becomes.

  In addition, the local user ID is converted based on the cooperation ID for linking the local user IDs registered in the high-function data servers DSV1 to DSVn and the user authentication information managed by the authentication server ASV. Is done. For this reason, even if the data servers DSV1 to DSVn manage the personal data of the same user using different user IDs, the personal data of a specific user can be reliably collected in real time.

  In the above description, the case where the high function data server DSV1 is a login destination and personal data is acquired from another high function data server DSV2 via the high function data server DSV1 has been described as an example. However, the present invention is not limited to this, and it is of course possible to use the high function data server DSV2 as a login destination and obtain personal data from the other high function data server DSV1 via the high function data server DSV2. It is also possible to acquire personal data using an access route for each type of user, for example, a general user and a medical staff such as a public health nurse. FIG. 5 shows an example of the type of the access route, and various access routes as shown in [1] to [8] below are used.

[1] A general user logs in to the data server 1 (health record self-management server), and registers and refers to daily health information and exercise information managed by the data server 1.
[2] A general user logs in to the data server 1 (health record self-management server), and refers to the health diagnosis information and specific health guidance contents managed by the data server 2.
[3] A general user logs in to the data server 2 (health guidance service server), refers to a schedule of specific health guidance managed by the data server 2, schedules interviews, and refers to health checkup information and specific health guidance contents. .
[4] A general user logs in to the data server 2 (health guidance service server) and registers and refers to daily health information and exercise information managed by the data server 1.
[5] A public health nurse user logs in to the data server 1 (health record self-management server) and refers to daily health information and exercise information of the guidance target citizen managed by the data server 1.
[6] A public health nurse user logs in to the data server 1 (health record self-management server), and registers and refers to health diagnosis information and specific health guidance contents managed by the data server 2.
[7] A health nurse user logs in to the data server 2 (health guidance service server) and registers / refers to a schedule of specific health guidance managed by the data server 2, interview reservations, and health checkup information / specific health guidance content I do.
[8] A public health nurse user logs in to the data server 2 (health guidance service server), and refers to daily health information and exercise information of the guidance target citizen managed by the data server 1.

By selectively using such an access route, general users and public health nurses can use the system for the following purposes, for example.
By logging in to the high-function data server DSV1 and performing the operations [1] and [2] above, the general user can obtain daily health information, for example, vitals such as blood pressure and weight that the person inputs in daily life. Exercise information such as information and the number of steps can be registered in the high-function data server DSV1. At that time, it is possible to check the specific health guidance while referring to the health diagnosis information and health guidance information managed by the high function data server DSV2.

  Further, by logging in to the high-function data server DSV2 and performing the operations [5] and [6] above, the public health nurse user is managed in the high-function database DSV1, and the health information of the general user he is in charge of, For example, while referring to vital information such as blood pressure and weight entered in daily life, exercise information such as the number of steps, and health checkup information and health guidance information managed by another highly functional data server DSV2, It becomes possible to give guidance.

(Second Embodiment)
FIG. 6 is a block diagram showing a second embodiment of the distributed information access system according to the present invention. In the figure, the same parts as those in FIG.
The distributed information access system of this embodiment does not have the functions of the data request processing module 15 and the log management processing module in addition to the high-function data server groups DSV1 to DSVn described in the first embodiment as data servers. A low-function data server group SV1 to SVm is provided. The high-function data servers DSV1 to DSVn and the low-function data servers SV1 to SVm can be connected to the portal server PSV and the authentication server ASV via the network NW. The personal data of the function data servers SV1 to SVm can be collected by the user terminal UT via the portal server PSV. Note that n is the number of high-function data servers, and m is the number of low-function data servers, both of which are natural numbers (positive integers).

  The low-function data servers SV1 to SVm are similar to the high-function data servers DSV1 to DSVn in that the program memory, various databases, and communication interfaces are connected to the CPU via a bus. It has a module. The functional modules are a data management processing module 31, an authentication collaboration processing module 32, and a data provision processing module 33. All of these functional modules are realized by causing the CPU to execute each program stored in the program memory.

  When receiving the data acquisition request from the portal server PSV via the data acquisition request, the data provision processing module 33 is a local user used by the authentication cooperation processing module 32 on its own server based on the cooperation ID included in the received data acquisition request. The ID is acquired and a data reference request is given to the data management processing module 31. And the process which returns the personal data read from the data management processing module 31 to the portal server PSV used as the transmission origin of the said data acquisition request is performed.

  The data management processing module 31 includes an application database (application DB) 311, a user database (user DB) 312, and a disclosure setting database (disclosure setting DB). The user DB 312 stores user information for identifying and managing each user (user). The user information includes a user ID, basic user information, user attributes, and the like. In the application DB 311, health guidance information, health diagnosis information, and the like are stored as personal data of each user in association with the user ID. In the disclosure setting DB, information representing a disclosure policy in which the personal data of the user stored in the application DB 311, that is, health guidance information and health diagnosis information is set to whom the information is disclosed is stored.

  In response to the data reference request from the data provision processing module 33, the data management processing module 31 first determines whether the requesting user satisfies the disclosure condition set by the disclosure policy stored in the disclosure setting DB. To do. If it is satisfied as a result of this determination, the personal data corresponding to the request contents is read from the application DB 311 and this personal data is returned to the data provision processing module 33 which is the transfer source of the data search request.

  The authentication cooperation processing module 32 has a cooperation ID database (cooperation IDDB) 322. In the cooperation ID database 322, cooperation IDs respectively assigned to the high function data servers DSV1 to DSVn and the low function data servers SV1 to SVm are stored. The authentication cooperation processing module 32 acquires authentication information from the authentication server ASV in response to a request from the data provision processing module 33, and performs attribute conversion (distribution of personal data) with the portal server PSV using the cooperation IDDB 322. )I do.

  Similarly to the high function data servers DSV1 to DSVn and the low function data servers SV1 to SVm, the portal server PSV is formed by connecting a program memory, a database, and a communication interface to the CPU via a bus. As functional modules, a user operation processing module 41, a log management processing module 42, and a service request processing module 43 are provided. All of these functional modules are realized by causing the CPU to execute a program stored in the program memory.

  The user operation processing module 41 includes a service selection function 411 and a service update history aggregation function 412 in addition to a function of requesting data reference / update from the service request processing module 43 in response to a request from the user terminal UT. Have. The use service selection function 411 acquires an available service list from the log management processing module 42 immediately after login, displays it on the user terminal UT, and allows the user to select a service to be used. The service update history aggregation function 412 collects update histories of each service from the service request processing module 43 and the log management processing module 42 and displays them on the user terminal UT.

  The log management processing module 42 includes an available service information database (available service information DB) 421 and an access history database (access history DB) 422. The available service information DB 421 is used for managing services available from the portal server PSV. The access history DB 422 is used for managing the access history for each service. Information of each service is classified according to the management function level of update log information possessed by each data server DSV1 to DSVn, SV1 to SVm. FIG. 9 shows an example of the classification result. Further, the last update date and time information for each of the data servers DSV1 to DSVn and SV1 to SVm requested to be saved by the access history output function 432 of the service request processing module 43 is overwritten and saved for one generation.

  The service request processing module 43 has an access history output function 432 in addition to the functions provided in the data request processing module 15 of the high-function data servers DSV1 to DSVn shown in FIG. The access history output function 432 requests the log management processing module 42 to save the contents and date / time when data is transmitted / received to / from each data server DSV1 to DSVn, SV1 to SVm.

  For example, when the data server DSV1 to DSVn, SV1 to SVm is requested to add, update or delete personal data, the transmission contents and the transmission date and time are stored in the access history DB 422 when the request is transmitted. Further, when the data servers DSV1 to DSVn and SV1 to SVm are requested to refer to the personal data, when the personal data is received from the data servers DSV1 to DSVn and SV1 to SVm in response to the request, the received contents and the reception date and time are received. Is stored in the access history DB 422.

  Further, when the data servers DSV1 to DSVn and SV1 to SVm request to add, update, or delete personal data, it is possible to unify them only at the time of reception when the updated data includes the updated data. Also, if you want to reduce the output load of access history log information, do not output log information for every data access, but at the same time before logout processing with other servers at the time of logout request from the user terminal UT It can also be realized by a method of acquiring the latest data and log data from all available data servers.

Next, the data collection operation by the system configured as described above will be described.
Here, a case where the user terminal UT logs in to the portal server PSV and the portal server PSV acquires personal data managed by the low function data server SV1 will be described as an example. FIG. 7 is a sequence diagram showing the procedure.

When a login request is sent from the user terminal UT, the portal server PSV first executes an authentication procedure for cooperation with the authentication server ASV by the user operation processing module 41. FIG. 8 is a sequence diagram showing the procedure.
That is, the portal server PSV transfers a cooperation authentication start request from the user operation processing module 41 to an authentication cooperation processing module (not shown), and transmits the cooperation authentication start request to the authentication server ASV from the authentication cooperation processing module. To do. Upon receiving this authentication start request for cooperation, the authentication server ASV reads the corresponding cooperation ID from the cooperation ID DB 221 in response to the request by the authentication cooperation processing module 22 and gives this cooperation ID to the authentication processing module 21. The authentication processing module 21 executes the authentication process for cooperation based on the user information stored in the user DB 211 and returns the authentication result for cooperation to the authentication cooperation processing module 22. Information representing the authentication result for cooperation is returned from the authentication cooperation processing module 22 to the requesting portal server PSV. When the information representing the authentication result for cooperation is returned, the portal server PSV transfers the information from the authentication cooperation processing module to the user operation processing module 41.

  When the user operation processing module 41 receives the information representing the authentication result for cooperation, the service update history aggregation function 412 next represents the update history of the application DBs 112 and 311 of the data servers DSV1 to DSVn and SV1 to SVm. Aggregate information. FIG. 9 is a diagram showing a service update history aggregation processing procedure and its processing contents by the service update history aggregation function 412.

For example, for the AAA service and BBB service classified as (1), “Yes” is set as the update log management function level for both the update date and the update content. For this reason, first, the last update date / time and the last update content are acquired from the data server that manages the AAA service and BBB service, and then the last update date / time and the last update content are acquired from the access history DB 422 of the portal server PSV. Next, the last update date / time and the last update content acquired from the data server are compared with the last update date / time and the last update content acquired from the access history DB 422 of the portal server PSV. Extract the difference. Finally, the last update date and time acquired from the data server is overwritten and saved as “last update date and time”, and the difference between the extracted last update contents is saved as “update location”. If there is no difference, “no update portion” is overwritten and saved.
In addition, for the BBB service to GGG service classified in (2) to (4), the procedure described in FIG. 9 is performed according to the update log management function level set for each of the classifications (2) to (4). Access history information management processing is performed according to the above.

  The user operation processing module 41 transmits the information representing the “last update date” and “update location” aggregated by the service change history aggregation function 412 to the user terminal UT in response to a user request. FIG. 10 shows an example of information displayed on the user terminal UT. That is, when the user terminal UT logs in to the portal server PSV, a top page screen as shown in FIG. 10H is first displayed on the user terminal UT. When the user selects and operates the last update history button in this state, information indicating the last update date and time and update location for each service is sent from the user operation processing module 41 to the user terminal UT as shown in I of FIG. Is displayed.

  Next, the user operation processing module 41 acquires an available service list from the log management processing module 42, and transmits the available service list to the user terminal UT for display. In this state, when the user selects a service to be referred to from the displayed list, the selection information is sent to the portal server PSV. Upon receiving the selection information, the user operation processing module 41 generates a personal data acquisition request corresponding to the selected service and sends it to the service request processing module 43.

  The service request processing module 43 accesses the authentication cooperation processing module, acquires the cooperation ID of the own server PSV, and generates a request for acquiring the location information of the data server to be accessed, for example, the low-function data server DSV1 And transmitted to the authentication server ASV. At this time, the location information acquisition request includes the cooperation ID of the own server PSV acquired from the authentication collaboration processing module and the designation information of the service for which the location information is desired to be acquired.

  When the location information acquisition request arrives, the authentication server ASV uses the location providing processing module 23 to receive the access destination from the authentication collaboration processing module 22 using the cooperation ID of the portal server PSV included in the received location information acquisition request. The cooperation ID of the low function data server SV1 is acquired. Then, the location information of the low-function data server SV1 to be accessed is read from the location information DB 231 using the obtained linkage ID as a key, and the location information and the linkage ID of the read low-function data server SV1 are read from the request source portal. Return to server PSV.

  Upon receiving the location information, the service request processing module 43 of the portal server PSV transmits a data acquisition request to the low function data server SV1 based on the location information. At this time, the data acquisition request includes the cooperation ID of the low-function data server SV1 and the search query.

  At this time, under the control of the access history output function 432, the service request processing module 43 notifies the log management processing module 42 of a storage request for information indicating the transmission date and time of the data acquisition request and the transmission content. The log management processing module 42 stores the information indicating the transmission date and time and the content of the transmission in the access history DB 422. Then, a storage completion notification is returned to the service request processing module 43 after the storage is completed.

  When the low-function data server SV1 receives the data acquisition request, the data provision processing module 33 causes the authentication cooperation processing module 32 to change the local server SV1 based on the cooperation ID of the local server SV1 included in the data acquisition request. Get local user ID. Then, the data reference request including the acquired local user ID in the own server SV1 and the search query included in the received data acquisition request is transferred to the data management processing module 31.

  In response to the data reference request, the data management processing module 31 determines whether or not the requesting user satisfies the disclosure policy conditions stored in the disclosure setting DB. If the result of this determination is that the requesting user satisfies the disclosure conditions, personal data corresponding to the requested service is read from the application DB 311. The read personal data is returned to the service request processing module 43 of the portal server PSV under the control of the data provision processing module 33.

  When the personal data is returned, the service request processing module 43 notifies the log management processing module 42 of a storage request for information indicating the reception date and time of the personal data and the received content under the control of the access history output function 432. . The log management processing module 42 stores information indicating the received reception date and time and the received content in the access history DB 422. Then, a storage completion notification is returned to the service request processing module 43 after the storage is completed.

  When the access history storing process is completed, the service request processing module 43 transfers the personal data returned from the low function data server SV1 to the user operation processing module 41. The user operation processing module 41 transmits the personal data to the user terminal UT that is the data reference request source and displays it.

  As described above in detail, in the second embodiment, the service request processing module 43 is provided in the portal server PSV. Then, when a service for which data reference is desired is specified from the user terminal UT, the location information of the data server to be accessed is acquired from the authentication server ASV using the cooperation ID of the portal server PSV, and the acquired A data acquisition request is transmitted to the access destination data server based on the location information. The personal data returned from the data server in response to this data acquisition request is transferred to the requesting user terminal UT.

  That is, based on the cooperation ID for linking the local user IDs registered in the portal server PSV and each of the data servers DSV1 to DSn and SV1 to SVm, and the user authentication information managed by the authentication server ASV. The local user ID is converted. For this reason, even when the portal server PSV and each data server DSV1 to DSVn, SV1 to SVm manage the personal data of the same user with different user IDs, the personal data of a specific user can be reliably collected in real time. Can do.

  Further, when a data acquisition request is transmitted from the portal server PSV to each of the data servers DSV1 to DSVn, SV1 to SVm, and when personal data is received from each of the data servers DSV1 to DSVn, SV1 to SVm, The transmission contents, the reception date and time, and the reception contents are stored in the access history DB 422 in the log management processing module 42, and this access history information is displayed on the user terminal UT in response to a user request.

  Therefore, when a plurality of data servers DSV1 to DSVn and SV1 to SVm are used, an access log when a data acquisition request is made for a service that does not have an access log acquisition function is also an authenticated user log. It can be acquired. In the medical field, access log management is required, but there are cases where it is necessary to use a service that does not have a log acquisition function from the past. It is possible to manage the minimum access log even in a simple service.

(Other embodiments)
In the first embodiment, when a request for access to personal data is received from the user terminal UT, as a method for determining whether the request destination is the own data server or another data server, the user terminal May be transmitted by including information indicating the service classification or service name of the access destination (illustrated in FIG. 9) in the access request, and determining based on the information indicating the service classification or service name. As another method, a method of transmitting the access request including the URL of the data server to be accessed and determining based on this URL is also conceivable.

  In the second embodiment, when the portal server PSV manages access history information, personal data corresponding to a service type accessible from the portal server is selected in advance, and only the selected personal data is selected. Access history information may be managed. It also manages access history information for personal data corresponding to all service types, and only displays access history of personal data corresponding to service types accessible from the portal server when presenting access history information to user terminals. You may make it select and show to a user terminal.

In addition, the configurations of the data servers DSV1 to DSVn, SV1 to SVm, the authentication server ASV, and the portal server PSV, the procedure and contents of the data acquisition process, and the like can be variously modified without departing from the gist of the present invention.
In short, the present invention is not limited to the above-described embodiments as they are, and can be embodied by modifying the components without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above embodiments. For example, some components may be deleted from all the components shown in each embodiment. Furthermore, you may combine suitably the component covering different embodiment.

  UT ... User terminal, DSV1 to DSVn ... High function data server, SV1 to SVm ... Low function data server, ASV ... Authentication server, PSV ... Portal server, 11, 31 ... Data management processing module, 12, 41 ... User operation Processing module, 13 ... Authentication cooperation processing module, 14, 33 ... Data provision processing module, 15 ... Data request processing module, 21 ... Authentication processing module, 22,32 ... Authentication cooperation processing module, 23 ... Location provision processing module, 42 ... Log management processing module, 43 ... service request processing module, 111, 211, 312 ... user database, 112, 311 ... application database, 113 ... disclosure setting database, 114 ... update log database, 131, 221, 322, 431 ... for cooperation ID day Base, 231 ... location information database, 411 ... used service selection function, 412 ... service update history aggregator, 421 ... available service information database.

Claims (10)

A plurality of data servers that manage personal data in a database in association with identification information for each user, an authentication server that manages user authentication information and location information of the plurality of data servers, and a user terminal used by the user Can be connected via a communication network, and corresponding personal data is transmitted from the data server to the requesting user terminal via the communication network in response to a personal data access request from the user terminal. A distributed information access system,
Each of the plurality of data servers includes:
Means for managing linkage information for linking user identification information managed by each of a plurality of data servers and authentication servers;
Means for determining whether the request destination is its own data server or another data server when receiving an access request for personal data from the user terminal;
If it is determined that the request destination is its own data server, the personal data corresponding to the user identification information included in the access request is retrieved from the database, and transmitted to the requesting user terminal;
An authentication processing means for cooperation for executing an authentication procedure for cooperation with the authentication server when the request destination is determined to be another data server;
After completion of the authentication procedure for the cooperation, the location information of the data server that is the access request destination is acquired from the authentication server, and the access request is transferred to the data server that is the access request destination based on the location information. A data request processing means for transferring the personal data returned from the requested data server in response to the access request to the requesting user terminal;
Data provision processing means for retrieving, from the database, personal data corresponding to the user identification information included in the access request and returning it to the data server of the transfer source when the access request is transferred from another data server; ,
Each data server serving as a transfer source and a transfer destination of the access request based on the cooperation information and the user authentication information when transferring the access request by the data request processing unit and searching for personal data by the data providing processing unit A distributed information access system comprising: means for converting user identification information therebetween.   When the request destination is determined to be another data server, the authentication processing unit for cooperation determines whether the authentication procedure for cooperation has been executed or not executed in the past, 2. The distributed information access system according to claim 1, wherein the authentication procedure for the cooperation is executed only when it is determined. Used by a plurality of data servers that manage personal data in a database in association with identification information for each user, an authentication server that manages user authentication information and location information of the plurality of data servers, a portal server, and a user A user terminal that can be connected via a communication network, and in response to an access request for personal data from the user terminal, the portal server acquires corresponding personal data from the data server, and the acquired individual A distributed information access system for transmitting data to the requesting user terminal via the communication network,
The portal server
Means for managing linkage information for linking user identification information managed by each of the plurality of data servers, the authentication server and the portal server;
Means for receiving an access request for personal data from the user terminal;
An authentication processing means for cooperation for executing an authentication procedure for cooperation with the authentication server when the access request is received;
After completion of the authentication procedure for the cooperation, the location information of the access request destination data server is acquired from the authentication server and the access request is transferred to the access request destination data server based on the location information. Service request processing means for transferring the personal data returned from the requested data server in response to the access request to the requesting user terminal;
Prior to the transfer of the access request by the data request processing means, the link information of the data server that is the transfer destination of the access request is acquired from the authentication server based on the link information managed by the server, and the acquired link A distributed information access system, comprising: means for transmitting a user data to a transfer destination data server by sending information together with the access request. The means for receiving the access request includes:
When the plurality of data servers distribute and manage a plurality of personal data having different service types, a list of service types that can be accessed from the portal server among the plurality of service types is generated and transmitted to the user terminal. Means,
When information representing a service type selected from the list is sent from the user terminal, the information representing the selected service type is received as an access request to personal data corresponding to the service type. The distributed information access system according to claim 3, further comprising: means. The portal server
Log management processing means for updating the information representing the access history for the personal data managed by the data server and storing it in the access history database based on the processing result of the access request by the service request processing means;
5. The distributed information access system according to claim 3, further comprising access history presenting means for transmitting information representing an access history stored in the access history database to a user terminal. The log management processing means updates the information representing the access history for each of the personal data when the plurality of data servers distribute and manage a plurality of personal data of different service types,
The access history presentation means selects personal data corresponding to a service type accessible from the portal server from the plurality of personal data, and obtains information representing an access history of the selected personal data from the access history database. 6. The distributed information access system according to claim 5, wherein the distributed information access system is selectively read out and transmitted to a user terminal. The log management processing means includes:
Means for storing a log management function level set in advance for each service type when the plurality of data servers distribute and manage a plurality of personal data of different service types;
Generates information representing the latest access history based on the processing result of the access request by the service request processing means, and stores the information representing the latest access history and the access history database according to the stored log management function level And means for detecting the presence / absence of a difference from the information representing the past access history being updated, and updating the information representing the access history in accordance with the detection result of the presence / absence of the difference. Item 7. The distributed information access system according to Item 5 or 6. A plurality of data servers that manage personal data in a database in association with identification information for each user, an authentication server that manages user authentication information and location information of the plurality of data servers, and a user terminal used by the user Can be connected via a communication network, and corresponding personal data is obtained from the data server in response to an access request for personal data from the user terminal, and the personal data is obtained from the request source via the communication network. A distributed information linkage method used in a distributed information access system that transmits to a user terminal of
When an access request for personal data is transmitted from the user terminal, the first data server that has received the access request is the own data server or another second data server. The process of determining
When it is determined that the request destination is its own data server, the first data server retrieves personal data corresponding to the user identification information included in the access request from its own database, and the request source user Sending to the terminal,
When the request destination is determined to be another data server, the first data server executes an authentication procedure for cooperation with the authentication server;
The location of the second data server that is the access request destination from the authentication server, based on linkage information that the first data server manages in order to link user identification information between the data servers. Acquiring information and linkage information, and transferring an access request to the second data server based on the location information;
The second data server acquires corresponding user identification information managed by its own data server based on the cooperation information included in the transferred access request, and personal data corresponding to the acquired user identification information Reading from its own database and returning it to the first data server of the transfer source;
The distributed data access method, wherein the first data server includes a step of transferring the personal data returned from the second data server to the user terminal of the request source. Used by a plurality of data servers that manage personal data in a database in association with identification information for each user, an authentication server that manages user authentication information and location information of the plurality of data servers, a portal server, and a user A user terminal that can be connected via a communication network, and in response to an access request for personal data from the user terminal, the portal server acquires corresponding personal data from the data server, and the acquired individual A distributed information access method used in a distributed information access system for transmitting data to the requesting user terminal via the communication network,
When the portal server receives an access request for personal data from the user terminal, the portal server executes an authentication procedure for cooperation with the authentication server;
The portal server acquires location information and linkage information of the data server that is the access request destination from the authentication server based on linkage information managed by the portal server in order to link user identification information between the servers. Transferring an access request to the data server based on the location information;
The data server acquires the corresponding user identification information managed by the data server based on the cooperation information included in the transferred access request, and stores the personal data corresponding to the acquired user identification information Reading from the database and returning to the portal server of the transfer source;
The distributed information access method, wherein the portal server comprises a step of transferring personal data returned from the data server to the requesting user terminal.   A program for causing a processor included in the data server or portal server to execute the process of the distributed information access method according to claim 8 or 9.

Images