KR101928519B1 - Healthcare service system using security-enhanced residential gateway device - Google Patents

Abstract

The present invention relates to a healthcare service system using a security-enhanced residential gateway device which can efficiently manage a health status of a patient and an environmental status of a hospital room by measuring health status information on the patient in the hospital room in a hospital and environmental status information of the hospital room in real time. To this end, the healthcare service system comprises at least one IV information obtaining device, at least one Internet of things (IoT) device, a residential gateway device, and a healthcare management server.

Description

[0001] HEALTHCARE SERVICE SYSTEM USING SECURITY-ENHANCED RESIDENTIAL GATEWAY DEVICE [0002]

The present invention relates to a method and system for monitoring health status of a patient in a hospital room using at least one ringer information acquisition device, at least one Internet of Things (IoT) device, and a security enhanced residential gateway device And more particularly, to a healthcare service system using a residential gateway device that is capable of efficiently managing a patient's health state and an environment state of a patient's room by measuring real-time information of the environment and information on the environment of the patient's room.

In general, the Internet of Things (hereinafter referred to as " IoT ") is an Internet at an advanced stage over the existing wired communication-based Internet and mobile Internet, and is a sensing technology for obtaining information from objects used in daily life and surrounding environments Are intelligent technologies and services that communicate information between people and objects or objects and objects.

Meanwhile, according to the conversion of communication technology, in the early wired communication period, human intervention is required as an intermediary due to occurrence of data exchange only through connection between objects such as a personal computer (PC). However, The range of communication is expanded by people and people, people and objects, objects and objects, and furthermore, it has developed into M2M, which can communicate autonomously between objects.

As the IoT technology evolves, a variety of home appliances (e.g., washing machines, refrigerators, TVs, vacuum cleaners, etc.) are being converted into IoT devices, and IoT devices are connected to each other through various network methods to form an Internet network.

In addition, a plurality of IoT devices constituting a communication network can perform specific tasks by external communication via a network connection in addition to the operation of software and hardware performed at each IoT device terminal.

Meanwhile, various IoT devices are being developed for the activation of IoT service in Korea. However, due to the problem of the home network standard which is in the process of being developed, most of the devices are performing communication / network connection devices such as Bluetooth and Wi- I have not succeeded in this.

In addition, as described above, the IoT devices installed in the home are connected by external wired and / or wireless communication through the communication / network connection device, thereby hacking from the outside or being vulnerable to abnormal external access of the communication / network.

Korean Patent No. 10-1618856

SUMMARY OF THE INVENTION The present invention has been made in order to solve the above-mentioned problems, and it is an object of the present invention to provide an apparatus and method for managing at least one ringer ring information acquisition device, at least one Internet of Things (IoT) device and a security- Residential gateway device is used to measure the health state information of the patients in the hospital room and the environmental condition information of the patient room in real time to effectively manage the health condition of the patient and the environment of the room. And a healthcare service system using the gateway device.

Another object of the present invention is to provide a comfortable and convenient home environment by performing a role as a home appliance integrated device and an IoT (Internet of Things) service interlocking device instead of a simple communication / network connection device as a general wireless AP (Access Point) The present invention also provides a healthcare service system using a residential gateway device that provides enhanced interoperability between IoT (Internet of Objects) platform / protocol.

It is another object of the present invention to provide a method and apparatus for classifying data into a channel having a different bit rate according to the type and size of information data of the ringer ring information acquiring apparatus and the IoT device to increase data processing speed, The present invention provides a healthcare service system using a residential gateway device with enhanced security.

It is still another object of the present invention to provide a method and system for providing a specific access key corresponding to a level of user access right based on user unique identification information stored in advance in an external user terminal, The present invention provides a health care service system using a residential gateway device that is capable of effectively preventing re-access of data of a device / device DB by user information having an illegal access history .

According to an aspect of the present invention, there is provided an information processing method for acquiring information data of at least one ringing device installed in a hospital room in a hospital, At least one ringing information acquiring device for transmitting device identification information; At least one IoT (Internet of Things) which is installed in advance in a hospital room to acquire environment measurement information data of the room, and transmits unique device identification information previously stored together with the obtained environment measurement information data of the room, device; The ringing ring information acquiring device and each IoT device are connected to each other in a wired or wireless manner. The ringing ring information acquiring device, the information data of each ringer ring device transmitted from each IoT device, and the environment measurement information data of the corresponding room Unique device identification information and device identification information, and encrypts the predetermined patient unique identification information corresponding to each ringer ring device, and also encrypts the information data of each encrypted ringer device and the environmental measurement of each IoT device A resident gateway device for transmitting a decryption key capable of decrypting unique device identification information, device identification information, and predetermined patient unique identification information together with information data; And a decryption key generating unit for generating a decryption key for decrypting the decryption key together with information data of each ringer ring device encrypted from the residential gateway device, environment measurement information data of each IoT device, unique device identification information, unique device identification information, Decrypts information data of each encrypted ringer device, environment measurement information data of each IoT device, unique device identification information, unique device identification information, and predetermined patient unique identification information based on the received information, The device information of each ringer ring device, environmental measurement information data of each IoT device, unique device identification information, unique device identification information, and predetermined patient unique identification information, Information data and environment measurement information data of each IoT device by each room are stored in a database (DB), and stored and managed And a health care management server for displaying on the display screen the manager's real time monitoring information data of the ringer ring device and environmental measurement information data for each patient room for each patient, And to provide a healthcare service system using the healthcare service system.

Here, the residential gateway apparatus may be connected to the ringer ring information acquiring apparatus and the respective IoT devices by wire or wirelessly, and the information of each ringer ring apparatus transmitted from each ringer ring information acquiring apparatus and each IoT device, A device / device connection module for connecting unique device identification information and device identification information together with environment measurement information data of the room so as to be received; Device identification information and device identification information together with information data of each ringer ring device received from each ringer ring information acquiring device and each IoT device received from the device / device connection module and environment measurement information data of the corresponding room, And encrypts the predetermined patient unique identification information corresponding to each ringer ring device and transmits the encrypted device unique identification information together with the information data of the encrypted ringer ring device and the environment measurement information data of the corresponding room, A data processing module for storing and transmitting a decryption key capable of decrypting unique device identification information and predetermined patient unique identification information; And an encryption unit for encrypting and decrypting the encryption key together with information data of each ringer ring device transmitted from the data processing module, environment measurement information data of the corresponding room, unique device identification information, unique device identification information, And an application service connection module for receiving the ringer ring information and transmitting the connection information to the health care application server corresponding to the ringer ring information acquisition device and the IoT device.

Preferably, the data processing module includes information data of each ringer ring device and unique device identification information for each ringer ring information acquiring device received from the device / device connection module, an environment of the corresponding room for each IoT device, The patient specific identification information set together with the measurement information data and the unique device identification information is given to the metadata through the channel encoded at different bit rates according to the type and size of the information data for each ringer ring device and each IoT device And transmits the encrypted data to the application service connection module.

Preferably, in accordance with the control of the data processing module, the device identification information unique to each ringing ring device and the information data of each ringer ring device corresponding to the predetermined patient unique identification information are stored in a database (DB) And a device / device DB for storing and managing environment measurement information data of the corresponding room for each IoT device corresponding to the device identification information unique to each IoT device in a database (DB).

Preferably, the data processing module receives information data of each ringer ring device received from the device / device connection module, environmental measurement information data of the corresponding room, unique device identification information, and device identification information, / Device DB, and the device identification information of each IoT device and the information data of each ringer ring device and each IoT device corresponding to the device identification information of each ringer ring device stored in the device DB, The information data for each ringer ring device and each IoT device received from the module is divided for each channel according to the type and size of data, and metadata is given through each channel encoded in parallel so as to have different bit rates, To the application service connection module.

The DB access control module may further include a DB access control module that monitors a query for accessing the device / device DB and controls the access to the illegal DB access.

Preferably, the DB access control module includes: a DB access monitoring unit for monitoring query information for accessing the device / device DB; The DB access monitoring unit analyzes the query information monitored by the DB access monitoring unit to check the data access commands and checks whether or not the data access commands corresponding to the corresponding query are stored in the black list DB, A DB access blocking unit for allowing or blocking data access of the device / device DB; And a DB access control unit for controlling operations of the DB access monitoring unit and the DB access blocking unit.

Preferably, when there is an unauthorized data access command matching the identified data access command in the black list DB, the DB access blocking unit controls the access to the data corresponding to the data access command according to the control of the DB access control unit The set specific code is given, the query to which the specific code is assigned is deleted, and the access user information and the access IP address information are stored in the blacklist DB so that the blacklist information is updated.

Preferably, the illegal data access command stored in advance in the blacklist DB may be a command corresponding to at least one of an illegal data creation command, an illegal data modification command, and an illegal data deletion command.

Preferably, the DB access control unit receives the device / device DB access request message together with the user unique identification information transmitted from the external user terminal, analyzes the received message to extract the user unique identification information, A specific access key corresponding to one user access right level of the corresponding user unique identification information stored in advance in a separate license DB in accordance with whether the unique identification information and the user unique identification information previously stored in the separate user information DB match Lt; / RTI >

Preferably, the DB access control unit receives a message for accessing data stored in the device / device DB together with the specific access key transmitted from the user terminal, extracts a specific access key by analyzing the message, Device DB to allow or block data access of the device / device DB according to whether the key and the specific access key previously stored in the usage right DB match with each other.

Preferably, the DB access control unit stores, when there is a specific access key corresponding to the extracted specific access key in the usage right DB, the DB access control information stored in the device / device DB according to a user access right level assigned to the specific access key It is possible to control the operation of the DB access blocking unit such that data access is allowed.

Preferably, the DB access control unit permits access to data stored in the device / device DB according to a level of a user access right granted to the specific access key, and then checks data access result information in real time, The operation of the DB access blocking unit is controlled so that re-access of data of the corresponding device / device DB by the specific access key is allowed or blocked according to whether the result information and illegal data access result information previously stored in the security policy DB match with each other can do.

Preferably, when there is illegal data access result information matching the confirmed data access result information in the security policy DB, the DB access control unit stores data of the device / device DB corresponding to the confirmed data access result information And restores the data of the deleted device / device DB to the data before illegal data access using a separate backup device / device DB, and restores the data of the corresponding device / device DB by the specific access key It is possible to delete a user access right level of the user unique identification information corresponding to the specific access key stored in the separate user information DB so that re-access is blocked.

The illegal data access result information stored in advance in the security policy DB may be data access result information corresponding to at least one of illegal data generation, illegal data modification, and illegal data deletion.

Preferably, the DB access control unit receives the user's unique identification information through the external user terminal, and based on the user's unique identification information, the DB access control unit notifies the user information DB of the level of user access to the device / And can be controlled to be stored in a database (DB) for each user's unique identification information.

Preferably, the DB access control unit is configured to store at least one specific access key accessible to the device / device DB according to a user access right level for the device / device DB in a database (DB) Can be controlled.

Preferably, the DB access control unit may manage data stored in the device / device DB to be backed up periodically in a separate backup device / device DB.

Preferably, the data processing module decrypts predetermined patient identification information together with the encrypted information data of each ringer ring device, environment measurement information data of the corresponding room, unique device identification information, and device identification information (DB) for each ringer ring device and each IoT device for the patient and the patient room in a separate device / device DB, and store and manage the decryption key.

Preferably, the application service connection module provides a cloud computing service in response to a request from an external client terminal in cooperation with the data processing module, The patient identification information set in advance together with the information data of each ringer ring device and the unique device identification information for the acquiring device, the environment measurement information data of the corresponding room for each IoT device, and the unique device identification information are registered in real time , And can provide a client member login cloud web service to be displayed on the corresponding display screen.

Preferably, the data processing module includes information data of each ringer ring device and unique device identification information for each encrypted ringer ring information obtaining device, environment measurement information data of the corresponding room for each IoT device, It is possible to control the decryption key for decrypting the predetermined patient specific identification information together with the device identification information to be transmitted to the client terminal through the application service connection module.

Preferably, the application service connection module transmits the client member login information through the client terminal to the ringer ring information acquiring device for each ringer ring information acquiring device, which is encrypted and stored in the device / device DB using the transmitted decryption key. The device identification information, the unique device identification information, the environmental measurement information data of the corresponding room for each IoT device, and the unique device identification information, And provide the client member login cloud web service to be displayed on the corresponding display screen.

Preferably, the application service connection module includes: information data of each ringer ring device and unique device identification information for each ringer ring information acquisition device stored in the device / device DB via the client terminal; It is possible to provide a cloud web service so that a decryption key capable of decrypting predetermined patient unique identification information together with environment measurement information data of the corresponding room and unique device identification information can be downloaded.

Preferably, the application service connection module includes information data of each ringer ring device and unique device identification information for each ringer ring information acquisition device stored in the device / device DB via the client terminal, Related cloud application that can register, search, and identify a decryption key that can decrypt predetermined patient unique identification information together with environment measurement information data of the corresponding room and the unique device identification information, To provide a cloud web service for downloading.

Preferably, the application service connection module includes information data of each ringer ring device and unique device identification information for each encrypted ringer ring information acquisition device, environmental measurement information data of the corresponding room for each IoT device, The predetermined unique patient identification information together with unique device identification information may be periodically transmitted to an external cloud server that provides a cloud computing service in response to a request from an external client terminal.

Preferably, the device identification information unique to each ringer ring device for each ringer ring information acquisition device includes at least one of a name of the ringer ring device, a password of the ringer ring device, a serial number of the ringer ring device, A media access control (MAC) address of the ringer device, a unique IP (Internet Protocol) address of the ringer device, a version of the ringer device, a version of the ringer device, a secret key of the ringer device, And the authentication information of the ringer ring device generated by the private key of the ringer ring device.

Preferably, the device identification information unique to each IoT device includes at least one of a name of the IoT device, a password of the IoT device, a serial number of the IoT device, a type of the IoT device, a manufacturer of the IoT device, a MAC (Media Access Control) Address of the IoT device, a unique IP (Internet Protocol) address of the IoT device, a model of the IoT device and a version of the IoT device, authentication information of the IoT device generated by the private key of the IoT device or the PKI-based private key can do.

Preferably, the preset patient unique identification information includes at least one of a member ID / password (ID / PW) of a patient registered at the time of membership of the patient, a resident number, a telephone number, biometric characteristic information, A registration number, a public key infrastructure (PKI), an OTP (One Time Password), and an authorized certificate information.

Preferably, the healthcare management server further includes a machine learning unit for generating machine learning information, pattern recognition information, and pattern recognition information based on predetermined patient identification information together with the information data of each of the decrypted ringer ring devices and unique device identification information. ) Or Deep Learning (Deep Learning) to analyze the information data of each ringer ring device for the patient to extract the physical state pattern information of the corresponding patient, The body condition pattern information of the patient can be stored and managed in a database (DB).

Preferably, the healthcare management server includes at least one artificial intelligence engine among at least one of machine learning, pattern recognition, or deep learning based on the environment measurement information data of the corresponding room for each decoded IoT device and unique device identification information, To analyze environmental measurement information data of the corresponding room for each IoT device to extract the environmental condition pattern information of the corresponding room for each IoT device and to store the environmental condition pattern information of the room for each IoT device in a database ) Can be stored and managed.

Preferably, the health care management server further comprises health care management means for monitoring the health state of the patient in accordance with the patient's physical condition pattern information of the extracted ringer ring device and the environmental condition pattern information of the patient's room for each IoT device, Healthcare services can be provided for checking through related application services.

Preferably, the health care management server further includes a health state management server for analyzing the body state pattern information of the patient for each of the extracted ringer ring devices by using at least one artificial intelligence engine among machine learning, pattern recognition, Pattern learning can be performed to provide a healthcare service to predict and respond to the risk or emergency situation of the patient.

Preferably, the health care management server further includes an environmental state pattern of the corresponding room using at least one artificial intelligence engine among machine learning, pattern recognition, or deep learning for the extracted room condition pattern information for each of the extracted IoT devices, Learning can be performed to provide healthcare services to predict and respond to the risks or emergencies of the room.

Preferably, the health care management server performs a learning of a physical condition pattern of the patient using the artificial intelligence engine and an environmental condition pattern learning of the patient room to predict a risk or an emergency situation of the patient and the room, In case of a risk or an emergency, the healthcare service can be provided so that the position of the patient and the room and the current situation information are transmitted to the predetermined administrator terminal.

Preferably, each of the ringer ring devices of the individual ringer ring information acquiring device includes at least one of an ultrasonic sensor, a body potential measuring sensor for measuring at least one of electrocardiogram, brain wave, electromyogram, cardiac or brain evoked potential of the patient, respiration of the patient, A body composition measuring sensor for measuring at least one of blood glucose, oxygen saturation, body composition or respiratory gas of a patient, a body composition measuring sensor for measuring a motion of a patient, And at least one of the sensors.

Preferably, each IoT device includes a temperature sensor for measuring the ambient temperature, a humidity sensor for measuring the ambient humidity, a fine dust sensor for measuring fine dust having a particle diameter of 10 mu m or less, A dust sensor, a smoke sensor, a carbon monoxide sensor, a carbon dioxide sensor, an ozone sensor, a stereoscopic image sensor, or an infrared thermal image sensor for measuring dust.

According to the healthcare service system using the security gateway apparatus of the present invention as described above, at least one ringing information acquisition device, at least one Internet of Things (IoT) device, and security The system can be used to manage the patient's health condition and the environment condition of the patient's room effectively by measuring the health condition information of the patients in the hospital room and the environmental condition information of the patient's room using the enhanced residential gateway device There is an advantage.

Further, according to the present invention, a comfortable and convenient home environment is created by performing a role as a home appliance integrated device and an IoT (Internet of Things) service interlocking device instead of a simple communication / network connection device as a general wireless AP (Access Point) And an interoperability between IoT (Object Internet) platform / protocol can be provided.

In addition, according to the present invention, the data processing speed is increased by classifying channels according to the type and size of the information data of the ringer ring information obtaining apparatus and the IoT device, and metadata is given to the data transmitted from each channel There is an advantage that it can be effectively transmitted.

Also, according to the present invention, a specific access key corresponding to a user access right level is given based on user unique identification information stored in advance in an external user terminal, and data access of the device / device DB is permitted using the specific access key, It is possible to effectively prevent re-access of the device / device DB by the user information having the illegal access history.

Also, according to the present invention, it is possible to control the monitoring level through the change of the security policy DB, and to effectively prevent access to user information and access IP address information with illegal access history.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram illustrating a healthcare service system using a security gateway apparatus according to an exemplary embodiment of the present invention; FIG.
FIG. 2 is a block diagram illustrating a security-enhanced residential gateway apparatus according to an embodiment of the present invention. Referring to FIG.
FIG. 3 is a block diagram illustrating a DB access control module according to an exemplary embodiment of the present invention. Referring to FIG.
FIG. 4 is a block diagram illustrating a manager terminal, a user terminal, or a client terminal according to an exemplary embodiment of the present invention. Referring to FIG.

The above and other objects, features, and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings, which are not intended to limit the scope of the present invention. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail.

Terms including ordinals, such as first, second, etc., may be used to describe various elements, but the elements are not limited to these terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component. The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments. Also, in certain cases, there may be a term selected arbitrarily by the applicant, in which case the meaning thereof will be described in detail in the description of the corresponding invention. Therefore, the term used in the present invention should be defined based on the meaning of the term, not on the name of a simple term, but on the entire contents of the present invention.

When an element is referred to as "including" an element throughout the specification, it is to be understood that the element may include other elements as well, without departing from the spirit or scope of the present invention. Also, the terms "part," " module, "and the like described in the specification mean units for processing at least one function or operation, which may be implemented in hardware or software or a combination of hardware and software .

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, the following embodiments of the present invention may be modified into various other forms, and the scope of the present invention is not limited to the embodiments described below. The embodiments of the present invention are provided to enable those skilled in the art to more fully understand the present invention.

Each block of the accompanying block diagrams and combinations of steps of the flowcharts may be performed by computer program instructions (execution engines), which may be stored in a general-purpose computer, special purpose computer, or other processor of a programmable data processing apparatus The instructions that are executed through the processor of the computer or other programmable data processing equipment will generate means for performing the functions described in each block or flowchart of the block diagram. These computer program instructions may also be stored in a computer usable or computer readable memory capable of directing a computer or other programmable data processing apparatus to implement the functionality in a particular manner so that the computer usable or computer readable memory It is also possible for the instructions stored in the block diagram to produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of the flowchart.

Computer program instructions may also be loaded onto a computer or other programmable data processing equipment so that a series of operating steps may be performed on a computer or other programmable data processing equipment to create a computer- It is also possible that the instructions that perform the data processing equipment are capable of providing the steps for executing the functions described in each block of the block diagram and at each step of the flowchart.

Also, each block or step may represent a portion of a module, segment, or code that includes one or more executable instructions for executing the specified logical functions, and in some alternative embodiments, It should be noted that functions may occur out of order. For example, two successive blocks or steps may actually be performed substantially concurrently, and it is also possible that the blocks or steps are performed in the reverse order of the function as needed.

FIG. 1 is a block diagram of an entire system for explaining a healthcare service system using a residential gateway device with enhanced security according to an exemplary embodiment of the present invention. FIG. 2 is a block diagram illustrating a security system applied to an embodiment of the present invention. FIG. 3 is a block diagram illustrating a DB access control module according to an embodiment of the present invention. FIG. 4 is a block diagram of a DB access control module according to an embodiment of the present invention. A manager terminal, a user terminal, or a client terminal according to an embodiment of the present invention.

1 to 4, a healthcare service system using a security gateway apparatus according to an exemplary embodiment of the present invention includes at least one ringing information acquisition apparatus 100-1 to 100- N, at least one Internet of Things (IoT) devices 200-1 to 200-N, a security-enhanced residential gateway device 300, and a healthcare management server 400. [ 1 are not essential, a healthcare service system using a security-enhanced residential gateway device according to an exemplary embodiment of the present invention may have more components or fewer components .

Hereinafter, the components of the healthcare service system using the security gateway server according to an exemplary embodiment of the present invention will be described in detail.

Each of the ringing ring information acquisition devices 100-1 to 100-N acquires information data of at least one ringing device 110-1 to 110-N previously installed in a hospital room, And transmits unique device identification information previously stored together with the information data of the devices 110-1 to 110-N.

Each of the ringer ring devices 110-1 to 110-N is mounted around a ringer fluid of a patient who is hospitalized in a patient's room and / or on a body of a patient, and is linked to the IoT device via Bluetooth to monitor the amount of fluid, And a detailed technical configuration thereof is generally well known, and therefore, will not be described here.

Each of the ringer ring apparatuses 110-1 to 110-N of the respective ringing ring information acquiring apparatuses 100-1 to 100-N includes, for example, an ultrasonic sensor, a patient's electrocardiogram, an electroencephalogram, A physical physical quantity measuring sensor for measuring at least one of a patient's breathing, body temperature, blood pressure, blood flow, pulse wave or pulse wave, at least one of blood glucose, oxygen saturation, body composition or breathing gas A body composition measuring sensor for measuring the body composition of the subject, or a human body detecting sensor for measuring the movement of the patient.

On the other hand, the device identification information unique to each ringing ring device 110-1 to 110-N for each ringing ring information acquisition device 100-1 to 100-N includes, for example, the name of the ringing ring device, The serial number of the ringer ring device, the type of ringer ring device, the manufacturer of the ringer ring device, the MAC (Media Access Control) address of the ringer ring device, the unique IP (Internet Protocol) address of the ringer ring device, The version of the ringing device, the version of the ringing device, the secret key of the ringer ring device, or the authentication information of the ringer ring device generated by the PKI-based private key.

Each of the IoT devices 200-1 to 200-N is installed in a hospital room in advance to acquire environmental measurement information data of the corresponding room, and acquires environmental measurement information data of the corresponding room, And transmits information.

Each of the IoT devices 200-1 to 200-N includes, for example, a temperature sensor for measuring the ambient temperature, a humidity sensor for measuring the ambient humidity, a fine dust sensor for measuring fine dust having a particle size of 10 mu m or less , A device for at least one of an ultrafine dust sensor, a smoke sensor, a carbon monoxide sensor, a carbon dioxide sensor, an ozone sensor, a stereoscopic image sensor, or an infrared thermal image sensor for measuring ultrafine dust having a particle diameter of 2.5 μm or less Do.

Here, the temperature sensor is a sensor for measuring the temperature in the air, and a thermistor element whose internal resistance value changes according to ambient temperature change can be used. The thermistor element may be an NTC thermistor, a PTC thermistor, or a critical characteristic thermistor (CRT).

For example, the temperature sensor may be a contact type temperature sensor using a thermistor element. However, the temperature sensor may be a thermocouple sensor, a bimetal, an IC temperature sensor, or an infrared sensor, which is a noncontact type sensor.

The humidity sensor is a sensor for measuring the humidity in the air, and the humidity is usually measured using a change in the electrical property of the moisture-sensitive material.

Such a humidity sensor can be broadly classified into a resistance type humidity sensor and a capacitance type humidity sensor, and is widely applied to make an optimal state of automobile, medical device, air purification system and automatic air-conditioning system as well as household appliances and mobile .

The resistance type humidity sensor measures the humidity using a change in resistance which is changed by humidity. This resistive type humidity sensor is widely used because it is relatively cost competitive as compared with the capacitance type humidity sensor.

In recent years, however, capacitive humidity sensors can be manufactured in the form of a one chip on a semiconductor substrate, so that they can secure a price competitiveness advantage over the resistance humidity sensor and use thereof is increasing. Particularly, the capacitance type humidity sensor is more reliable than the resistance type humidity sensor, and has the advantage that the sensor characteristic is linear and the influence of temperature is small.

Such a capacitive humidity sensor is a sensor using the principle that the capacitance is changed according to the amount of water molecules adsorbed on the moisture-permeable membrane, and a moisture-permeable material such as polyimide or ceramic whose dielectric constant changes when moisture is absorbed And operates in the form of a capacitor made of a dielectric. That is, there is a humidity sensing layer, and the principle is that the moisture permeates through the humidity sensing layer, and the dielectric constant changes and the capacitance changes accordingly.

The fine dust sensor is a sensor for measuring fine dust having a particle diameter of about 10 탆 or less and can measure at least one air pollutant such as sulfur dioxide, nitrogen oxide, lead, ozone, or carbon monoxide.

The ultrafine dust sensor is a sensor for measuring ultrafine dust having a particle diameter of about 2.5 μm or less. For example, total carbon, organic carbon and element carbon contained in ultrafine dust can be measured.

On the other hand, the unique device identification information of each of the IoT devices 200-1 to 200-N includes, for example, the name of the IoT device, the password of the IoT device, the serial number of the IoT device, the type of the IoT device, The IoT device's MAC (Media Access Control) address, the unique IP address of the IoT device, the IoT device's model and the version of the IoT device, the IoT device's private key, or the PKI-based private key And at least one of authentication information.

The residential gateway apparatus 300 is connected to the ringer ring information obtaining apparatuses 100-1 to 100-N and the respective IoT devices 200-1 to 200-N in a wired and / or wireless manner, The ringing ring information obtaining apparatuses 100-1 to 100-N and the information data of the ring ringing apparatuses 110-1 to 110-N transmitted from the respective IoT devices 200-1 to 200-N, Unique device identification information and unique device identification information together with the environment measurement information data of the ringing devices 110-1 to 110-N, and encrypts predetermined patient unique identification information corresponding to each ringing device 110-1 to 110-N N, and the environment measurement information data of each of the IoT devices 200-1 to 200-N, unique identification information, unique identification information, And a decryption key capable of decrypting the device identification information and the predetermined patient unique identification information It performs the function of a song.

As shown in FIG. 2, the residential gateway device 300 having enhanced security includes a device / device connection module 310, a data processing module 320, and an application service connection module 330 . In addition, the security gateway 300 may include a device / device DB 340, a DB access control module 350, and the like, which are applied to an embodiment of the present invention. Meanwhile, the components shown in FIG. 2 are not essential, so that the security enhanced gateway device 300 applied to an embodiment of the present invention may have more components or have fewer components have.

Here, the device / device connection module 310 includes at least one ringing information acquisition device 100-1 to 100-N and at least one Internet of Things (IoT) device 200- 1 to 200-N from the respective ringing ring information acquisition devices 100-1 to 100-N and the respective IoT devices 200-1 to 200-N by wire and / -1 to 110-N, and environmental measurement information data of the corresponding room, so as to receive unique device identification information and unique device identification information.

The device / device connection module 310 is a module for connecting different types of ringing information acquisition devices and IoT devices to each other via wired and / or wireless communication (for example, Bluetooth, 6LoWPAN, Wi-Fi, Ethernet, A communication / network interface unit (not shown) that can be connected, and the like.

The data processing module 320 receives information data of each ringer ring device 110-1 to 110-N received from the device / device connection module 310 and unique device identification And the unique device identification information, respectively, and encrypts the predetermined patient unique identification information corresponding to each of the ringer ring devices 110-1 to 110-N. In addition, the encrypted ringer ring device 110- 1 to 110-N) and the environment measurement information data of the corresponding room to store and transmit a decryption key capable of decrypting unique device identification information, unique device identification information, and predetermined patient unique identification information .

At this time, the predetermined patient unique identification information includes, for example, a member ID / password (ID / PW) of a patient registered at the time of registering the patient in the healthcare management server 400, a resident number, A PKI (Public Key Infrastructure), an OTP (One Time Password), and an authorized certificate information.

In addition, the data processing module 320 receives data from the ringer ring devices 110-1 to 110-N for the ringer ring information acquisition devices 100-1 to 100-N received from the device / device connection module 310, And the unique device identification information together with unique device identification information, environmental measurement information data of the corresponding room for each of the IoT devices 200-1 to 200-N, and unique device identification information, Meta data is given through channels encoded at different bit rates according to the type and size of the information data for the ring devices 110-1 to 110-N and the IoT devices 200-1 to 200-N, To the application service connection module 330.

The data processing module 320 also receives information data of the ringer ring devices 110-1 to 110-N received from the device / device connection module 310, environmental measurement information data of the corresponding room, The unique device identification information of each ringer ring device 110-1 to 110-N stored in the device / device DB 340 and the unique device identification information of each IoT device 200-1 to 200- N) with the information data on each of the ringer ring devices 110-1 to 110-N and the respective IoT devices 200-1 to 200-N corresponding to the unique device identification information, Information data of each ringer ring apparatus 110-1 to 110-N and each of the IoT devices 200-1 to 200-N received from the device / device connection module 310 is divided into channels After separating the bit streams, each channel encoded in parallel so as to have a different bit rate, And encrypts and transmits the encrypted data to the application service connection module 330.

In addition, the data processing module 320, together with the encrypted information data of the ringer ring devices 110-1 to 110-N and the environment measurement information data of the corresponding room, includes unique device identification information, (DB) for each ringer ring information acquisition device, each ringer ring device, and / or each IoT device in a separate device / device DB 340, And can be stored and managed.

In addition, the data processing module 320, together with the encrypted information data of the ringer ring devices 110-1 to 110-N and the environment measurement information data of the corresponding room, includes unique device identification information, And the decryption key for decrypting the predetermined patient unique identification information are transmitted to the external administrator terminal 20, the user terminal 30 and / or the client terminal 40 through the application service connection module 330 can do.

The application service connection module 330 transmits information data of the ringer ring devices 110-1 to 110-N encrypted and transmitted from the data processing module 320 and environment measurement information data of the corresponding room to a unique device Unique device identification information, and predetermined patient unique identification information, and based on this information, the ringer ring devices 110-1 to 110-N of the ring ringing information acquisition apparatuses 100-1 to 100-N, And the healthcare application service corresponding to each of the IoT devices 200-1 to 200-N, respectively.

In addition, the application service connection module 330 may operate in conjunction with the data processing module 320 and may communicate with the cloud computing service Cloud (Cloud) in response to a request from the external administrator terminal 20, the user terminal 30 and / Computing Service) can be performed.

The application service connection module 330 is connected to each of the ringer ring information acquisition apparatuses 100 - 100 stored in the device / device DB 340 via the administrator terminal 20, the user terminal 30 and / 1 to 100-N, information on unique device identification information, information on the environment of the corresponding room for each IoT device 200-1 to 200-N, Search, and identification of the patient-specific identification information set in advance together with the measurement information data and the unique device identification information, and provide the client member login cloud web service to be displayed on the corresponding display screen.

Also, the application service connection module 330 transmits the device / device DB (user ID) to the device / device DB 30 using the decryption key transmitted together with the corresponding client member login information through the administrator terminal 20, the user terminal 30 and / Information items of the ringer ring devices 110-1 to 110-N with respect to the ringer ring information obtaining apparatuses 100-1 to 100-N encrypted and stored in the storage unit 340, unique device identification information, The patient specific identification information previously set together with the environment measurement information data of the corresponding room for the devices 200-1 to 200-N and the unique device identification information is decoded and registered in real time, You can perform the function of providing a client member login cloud web service to be displayed.

The application service connection module 330 is connected to each of the ringer ring information acquisition apparatuses 100-1 to 1003 stored in the device / device DB 340 via the administrator terminal 20, the user terminal 30 and / Information about each of the ringing ring devices 110-1 to 110-N and unique device identification information for each of the IoT devices 200-1 to 200-N, And can provide a cloud web service to download a decryption key that can decrypt predetermined patient unique identification information together with information data and unique device identification information.

The application service connection module 330 is connected to each of the ringer ring information acquisition apparatuses 100 - 100 stored in the device / device DB 340 via the administrator terminal 20, the user terminal 30 and / 1 to 100-N, information on unique device identification information, information on the environment of the corresponding room for each IoT device 200-1 to 200-N, And a gateway-related cloud application capable of displaying, on the display screen, a decryption key capable of decrypting preset patient unique identification information together with measurement information data and unique device identification information in real time, You can perform functions that provide cloud web services.

In addition, the application service connection module 330 transmits the information data of each of the ringer ring devices 110-1 to 110-N to the encrypted ringer ring information acquisition devices 100-1 to 100-N, The device identification information, the environment measurement information data of the corresponding room for each of the IoT devices 200-1 to 200-N, and the unique device identification information are stored in the external administrator terminal 20, Or to provide services to be periodically transmitted to an external cloud server 50 that provides a cloud computing service in response to a request from the terminal 30 and / or the client terminal 40. [

The application service connection module 330 is connected to the external administrator terminal 20, the user terminal 30, the client terminal 40 and / or the cloud server 50 via the communication network 10, The communication network 10 is a high speed communication network of a large communication network capable of providing a large capacity and long distance voice and data service. The communication network 10 includes a WiFi, a WiGig, and a WiBro (Wireless Broadband Internet, Wibro), World Interoperability for Microwave Access (WIMAX), and the like.

The Internet includes a plurality of services such as HTTP (Hyper Text Transfer Protocol), Telnet, File Transfer Protocol (FTP), Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP) Refers to a worldwide open computer network structure that provides a Simple Network Management Protocol (SNMP), a Network File Service (NFS), and a Network Information Service (NIS). The application service connection module 330, , The user terminal 30, the client terminal 40 and / or the cloud server 50. [ Meanwhile, the Internet may be a wired or wireless Internet, or may be a core network integrated with a wired public network, a wireless mobile communication network, or a portable Internet.

If the communication network 10 is a mobile communication network, it may be a synchronous mobile communication network or an asynchronous mobile communication network. As an example of the asynchronous mobile communication network, a WCDMA (Wideband Code Division Multiple Access) communication network is exemplified. In this case, although not shown in the drawing, the mobile communication network may include, for example, a radio network controller (RNC). Meanwhile, although the WCDMA network is described as an example, it may be a next generation communication network such as a 3G LTE network, a 4G network, and a 5G network, or an IP network based on other IPs. The communication network 10 transmits signals and data between the application service connection module 330 and the external administrator terminal 20, the user terminal 30, the client terminal 40, and / or the cloud server 50 .

The device / device DB 340 receives the unique device identification information of each ringer ring device 110-1 through 110-N and the corresponding ringer ring ID corresponding to the predetermined patient unique identification information under the control of the data processing module 320, (DB) of the information data of the devices 110-1 to 110-N and stores and manages the information data of the IoT devices (200-1 to 200-N) corresponding to the unique device identification information of each of the IoT devices 200-1 to 200-N) in the form of a database (DB), and stores and manages the environment measurement information data.

The DB access control module 350 monitors a query for accessing the device / device DB 340 and performs control to block the illegal DB access.

3, the DB access control module 350 includes a DB access monitoring unit 351 for monitoring query information for accessing the device / device DB 340, And then checks the data access commands by analyzing the monitored query information and then checks whether or not the corresponding device / device (s) for the query corresponds to the illegal access command stored in advance in the black list DB 352, A DB access blocking unit 353 for allowing or blocking data access of the DB 340 and a DB access control unit 354 for controlling operations of the DB access monitoring unit 351 and the DB access blocking unit 353 .

If there is an unauthorized data access command matching the identified data access command in the blacklist DB 352, the DB access blocking unit 353 controls the data access command in accordance with the control of the DB access controller 354 A predetermined code preset in the corresponding query, deletes the query to which the specific code is assigned, stores the access user information and access IP address information in the blacklist DB 352, and updates the blacklist information. So that it is possible to perform a function of controlling so that

At this time, the blacklist DB 352 stores an illegal data access instruction as a database (DB) and stores the instruction corresponding to at least one of illegal data creation instruction, illegal data modification instruction and illegal data deletion instruction And management functions.

In addition, the blacklist DB 352 may store and manage user information and IP address information that have performed illegal data access to the device / device DB 340 in a database (DB).

The DB access control unit 354 notifies the access request of the device / device DB 340 together with the user unique identification information transmitted from the external administrator terminal 20, the user terminal 30 and / or the client terminal 40 And extracts the user's unique identification information and analyzes the extracted user's unique identification information in accordance with whether the user's unique identification information stored in the user information DB 355 is stored in a separate DB (30) and / or the client terminal (40) corresponding to one level of the user access right of the corresponding user unique identification information stored in advance in the user terminal have.

At this time, the user information DB 355 preferably stores user specific identification information and IP address information accessible to the device / device DB 340 in a database (DB), and the specific access key may be stored in a database But is not limited to, a fixed unique access key that can be used each time.

Meanwhile, the user's unique identification information may include, for example, a member ID / password (ID / PW) of a registered user through a user terminal Number, biometric feature information, PKI (Public Key Infrastructure), OTP (One Time Password), and authorized certificate information.

The DB access control unit 354 also transmits a message for accessing data stored in the device / device DB 340 together with the specific access key transmitted from the administrator terminal 20, the user terminal 30 and / or the client terminal 40 The data access of the device / device DB 340 is allowed or prohibited according to whether the extracted specific access key is matched with the specific access key stored in advance in the DB 356 for use right, It is possible to control the operation of the DB access blocking unit 353 so as to be blocked.

When there is a specific access key corresponding to the extracted specific access key in the DB 356 for use right, the DB access control unit 354 accesses the device / device DB 356 according to the level of the user access right given to the specific access key 340) to allow access to data stored in the DB access blocking unit 353.

In addition, the DB access control unit 354 permits data access stored in the device / device DB 340 according to a level of the user access right granted to the specific access key, and then confirms data access result information in real time, The data access result information and the illegal data access result information previously stored in the separate security policy DB 357 are matched with each other so that the re-access of the corresponding device / device DB 340 by the specific access key is permitted or blocked And to control the operation of the DB access blocking unit 353.

At this time, illegal data access result information stored in advance in the security policy DB 357 is preferably composed of data access result information corresponding to at least one of illegal data generation, illegal data modification, and illegal data deletion .

If the illegal data access result information matching the confirmed data access result information exists in the security policy DB 357, the DB access control unit 354 updates the device / device DB corresponding to the confirmed data access result information The data of the deleted device / device DB 340 is restored to the data before illegal data access by using a separate backup device / device DB 358 after deleting the data of the device / device DB 340, A function of deleting a user access right level of the user unique identification information corresponding to the specific access key stored in the separate user information DB 355 so that the data re-access of the corresponding device / device DB 340 by the access key is blocked Can be performed.

The DB access control unit 354 receives the corresponding user unique identification information through the administrator terminal 20, the user terminal 30, and / or the client terminal 40, (DB) for each user's unique identification information in the user information DB 355 together with one level of the user's access right to the user's access right 340.

The DB access control unit 354 accesses at least one specific access key accessible to the device / device DB 340 according to one level of user access right to the device / device DB 340, So that the data can be stored.

In addition, the DB access controller 354 may manage the data stored in the device / device DB 340 to be backed up periodically in a separate backup device / device DB 358.

The administrator terminal 20, the user terminal 30 and / or the client terminal 40 applied to the embodiment of the present invention may be a smart phone, a smart phone A notebook PC, a Palm PC, a mobile play-station, a DMB (Personal Digital Assistant) having a communication function, and a mobile terminal The present invention can comprehensively mean all wired and wireless home appliances / communication devices having a user interface for connecting to the application service connection module 330 such as a digital multimedia broadcasting (VoIP) phone, a tablet PC, an iPad, and the like.

4, the administrator terminal 20, the user terminal 30 and / or the client terminal 40 include a wireless communication module 21, an A / V (audio / video) input module 22, A user input module 23, a sensing module 24, an output module 25, a storage module 26, an interface module 27, a terminal control module 28, and a power module 29. 4 are not essential, the administrator terminal 20, the user terminal 30 and / or the client terminal 40 may have more or fewer components than those shown in FIG. 4 .

Hereinafter, the components of the administrator terminal 20, the user terminal 30, and / or the client terminal 40 will be described in detail.

The wireless communication module 21 may include one or more modules that enable wireless communication between the administrative terminal 20, the user terminal 30 and / or the client terminal 40 and the application service connection module 330 . For example, the wireless communication module 21 may include a broadcast receiving module 21a, a mobile communication module 21b, a wireless Internet module 21c, a short distance communication module 21d, and a location information module 21e.

The broadcast receiving module 21a receives a broadcast signal (e.g., a TV broadcast signal, a radio broadcast signal, a data broadcast signal, etc.) from an external broadcast management server through various broadcast channels (e.g., a satellite channel and a terrestrial channel) And receives the related information.

The mobile communication module 21b transmits and receives a radio signal to at least one of a base station, an external terminal, and a server on a mobile communication network. The wireless signal may include various types of data in response to a voice call signal, a video call call signal, or a text / multimedia message transmission / reception.

The wireless Internet module 21c is a module for wireless Internet access, and may be embedded in or embedded in the client terminal 20 or the user terminal 40. [ As the wireless Internet technology, for example, WLAN (Wi-Fi), Wibro, Wimax, HSDPA, LTE and the like can be used.

The short-range communication module 21d is a module for short-range communication. The short-range communication module 21d may be a module for short-range communication, for example, Bluetooth communication, ZigBee communication, UWB communication, RFID (Radio Frequency Identification) communication, ) Communication can be used.

The location information module 21e is a module for confirming or obtaining the location of the administrator terminal 20, the user terminal 30 and / or the client terminal 40, ), The current location information of the user terminal 30 and / or the client terminal 40 can be obtained.

The application control module 28 controls the application service connection module (not shown) by using the specific application program stored in the storage module 26 through the wireless communication module 21 and / or the wired communication module And 330 of FIG.

The A / V input module 22 is a module for inputting an audio signal or a video signal, and may basically include a camera section 22a and a microphone section 22b. The camera section 22a processes an image frame such as a still image or a moving image obtained by the image sensor in the video communication mode or the photographing mode. The microphone unit 22b receives an external sound signal by a microphone in a communication mode, a recording mode, a voice recognition mode, or the like, and processes it as electrical voice data.

The user input module 23 is a module for generating input data for controlling the operation of the administrator terminal 20, the user terminal 30 and / or the client terminal 40. Particularly, the display module 25a For example, a touch panel (static pressure / static) type input by a user's touch or a separate input device (for example, a key A pad dome switch, a jog wheel, a jog switch, etc.).

The sensing module 24 is used to determine the open / close state of the administrator terminal 20, the user terminal 30 and / or the client terminal 40, the position of the administrator terminal 20, the user terminal 30 and / The presence or absence of user contact, the user's touch operation on a specific part, the orientation of the administrator terminal 20, the user terminal 30 and / or the client terminal 40, the administrator terminal 20, the user terminal 30 and / The user terminal 30 and / or the client terminal 40 by sensing the current state of the administrator terminal 20, the user terminal 30 and / or the client terminal 40 such as acceleration / deceleration of the client terminal 40, And generates a sensing signal for controlling the operation of the client terminal 40. The sensing signal is transmitted to the terminal control module 28, and the terminal control module 28 can be a basis for performing a specific function.

The output module 25 is a module for generating an output related to visual, auditory or tactile sense and basically includes a display portion 25a, an acoustic output portion 25b, an alarm portion 25c, a haptic portion 25d, .

The display unit 25a is for displaying and outputting information processed by the administrator terminal 20, the user terminal 30 and / or the client terminal 40. For example, the administrator terminal 20, the user terminal 30, (UI) or a GUI (Graphical User Interface) associated with a call when the client terminal 40 is in the call mode, and displays the captured and / or received image or UI, Display the GUI.

The sound output unit 25b may output audio data received from the wireless communication module 21 or stored in the storage module 26 in, for example, a call signal reception mode, a communication mode or a recording mode, a voice recognition mode, a broadcast reception mode, .

The alarm unit 25c can output a signal for notifying the occurrence of an event of the administrator terminal 20, the user terminal 30, and / or the client terminal 40. [ Examples of events generated in the administrator terminal 20, the user terminal 30 and / or the client terminal 40 include a call signal reception, a message reception, a key signal input, a touch input, and the like.

The haptic portion 25d generates various tactile effects that the user can feel. A typical example of the haptic effect generated by the haptic portion 25d is vibration. The intensity and pattern of the vibration generated by the haptic part 25d can be controlled.

The storage module 26 may store a program for operation of the terminal control module 28 and temporarily store input / output data (e.g., a phone book, a message, a still image, a moving picture, etc.).

In addition, the storage module 26 may store data related to vibration and sound of various patterns output upon touch input on the touch screen, and may store a gateway-related application program.

In addition, the storage module 26 may store source data for forming gateway-related information, such that the gateway-related data may be composed of video and sound, Results can also be stored together.

The storage module 26 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, SD or XD memory), a RAM, an SRAM, a ROM, an EEPROM, , A magnetic memory, a magnetic disk, or an optical disk.

The interface module 27 serves as a path for communication with the external device connected to the administrator terminal 20, the user terminal 30 and / or the client terminal 40. The interface module 27 receives data from an external device or receives power from the external device and transmits the data to the respective components in the administrator terminal 20, the user terminal 30 and / or the client terminal 40, So that data in the user terminal 30 and / or the client terminal 40 is transmitted to the external device.

The terminal control module 28 typically controls the overall operation of the administrator terminal 20, the user terminal 30 and / or the client terminal 40 and may be implemented as, for example, voice communication, data communication, And so on.

That is, the terminal control module 28 controls the gateway-related application program stored in the storage module 26 to be executed, requests generation of gateway-related data through execution of the gateway-related application program, and provides gateway- And the like.

In addition, the terminal control module 28 transmits auxiliary elements including at least one of video, audio, or sound to the display unit 25a and other outputs (not shown) in the process of generating the gateway related data desired by the user through execution of the gateway- And outputs it through at least one of the devices (e.g., the sound output unit 25b, the alarm unit 25c, the haptic unit 25d, and the like).

The terminal control module 28 may regularly monitor the charging current and the charging voltage of the battery unit 29a and temporarily store the monitoring value in the storage module 26. [ At this time, the storage module 26 preferably stores not only the battery charging status information such as the monitored charging current and the charging voltage, but also battery specification information (product code, rating, etc.).

The power supply module 29 receives external power and internal power under the control of the terminal control module 28 and supplies power necessary for operation of the respective components. The power module 29 supplies the power of the built-in battery unit 29a to the respective components and operates the battery, and the battery can be charged using a charging terminal (not shown).

The various embodiments described herein may be embodied in a recording medium readable by a computer or similar device using, for example, software, hardware, or a combination thereof.

According to a hardware implementation, the embodiments described herein may be implemented as application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays Microprocessors, microprocessors, and electrical units for performing functions, as will be described in more detail below. In some cases, such embodiments may be implemented by the terminal control module 28.

According to a software implementation, embodiments such as procedures or functions may be implemented with separate software modules that perform at least one function or operation. The software code may be implemented by a software application written in a suitable programming language. The software code may also be stored in the storage module 26 and executed by the terminal control module 28.

When the administrator terminal 20, the user terminal 30, and / or the client terminal 40 are configured as a smart phone, the smart phone is different from a general mobile phone (a feature phone) Application As a phone based on an open operating system that can be freely used and deleted by downloading the program, it is possible to use not only general voice / video calls, Internet data communication, but also all mobile office functions A mobile phone, or a communication device that does not have a voice call function but includes all Internet-enabled Internet phones or Tablet PCs.

Such a smart phone can be implemented as a smartphone equipped with various open operating systems. Examples of the open operating system include Nokia, Nokia, Symbian, RIMS, BlackBerry, Apple, Microsoft's Windows Mobile, Google's Android, and Samsung's ocean.

As such, since the smartphone uses an open operating system, a user can arbitrarily install and manage various application programs, unlike a mobile phone having a closed operating system.

That is, the smartphone basically includes a control unit, a memory unit, a screen output unit, a key input unit, a sound output unit, a sound input unit, a camera unit, a wireless network communication module, a short- do.

The controller is a generic term for controlling the operation of the smartphone, and includes at least one processor and an execution memory, and is connected to each functional unit provided in the smart phone through a bus.

The controller controls the operation of the smartphone by loading at least one program code included in the smart phone into the execution memory through the processor and calculating the result by transmitting the result to the at least one functional unit through the bus .

The memory unit is a general term of a nonvolatile memory included in a smartphone, and stores and maintains at least one program code executed through the control unit and at least one data set used by the program code. The memory unit basically stores a system program code and a system data set corresponding to an operating system of a smartphone, a communication program code and a communication data set for processing a wireless communication connection of the smartphone, at least one application program code and an application data set , And the program code and data set for implementing the present invention are also stored in the memory unit.

The screen output unit includes a screen output device (e.g., an LCD (Liquid Crystal Display) device) and an output module for driving the screen output device. The screen output unit is connected to the control unit through a bus, And outputs it to the screen output device.

The key input unit is composed of a key input device having at least one key button (or a touch screen device interlocked with the screen output unit) and an input module for driving the key input unit. The control unit is connected to the control unit via a bus, Or inputs data necessary for the operation of the control unit.

The sound output unit includes a speaker for outputting a sound signal and a sound module for driving the speaker. The sound output unit is connected to the control unit through a bus, and outputs a result of operation corresponding to the sound output from the various operation results of the control unit through the speaker . The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit includes a microphone for receiving a sound signal and a sound module for driving the microphone, and transmits the sound data input through the microphone to the control unit. The sound module encodes and encodes a sound signal input through the microphone.

The camera unit includes an optical unit, a CCD (Charge Coupled Device) and a camera module for driving the CCD unit, and obtains bitmap data input to the CCD through the optical unit. The bitmap data may include both still image data and moving image data.

The wireless network communication module is a collective term for communicating wireless communication and includes at least one antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving a radio frequency signal of a specific frequency band. And transmits the calculation result corresponding to the wireless communication among the various calculation results of the control unit through the wireless communication or receives the data through the wireless communication and transmits the data to the control unit, , Communication, and handoff procedures.

Also, the wireless network communication module includes a mobile communication structure for performing at least one of connection, location registration, call processing, call connection, data communication, and handoff to a mobile communication network according to the CDMA / WCDMA standard. Meanwhile, according to the intention of those skilled in the art, the wireless network communication module may further include a portable Internet communication structure for performing at least one of connection to the portable Internet, location registration, data communication, and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the communication module.

The short-range wireless communication module is composed of a short-range wireless communication module that connects a communication session using a radio frequency signal as a communication medium within a predetermined distance. Preferably, the short-range wireless communication module includes RFID communication, Bluetooth communication, Wi- And wireless communication. The short-range wireless communication module may be integrated with the wireless network communication module.

The thus configured smartphone means a terminal capable of wireless communication, and any device capable of transmitting and receiving data through a network including the Internet may be applicable as well as a smart phone. That is, the smart phone may include at least one of a notebook PC, a tablet PC, and a mobile terminal capable of carrying and moving a mobile phone having a short message transmission function and a network connection function.

The healthcare management server 400 receives the information data of each of the ringer ring devices 110-1 to 110-N encrypted by the respective gateway devices 300, the IoT devices 200-1 to 200-N, The device identification information, unique device identification information, and predetermined patient unique identification information, and receives the decryption key based on the received decryption key and transmits the decrypted key to each encrypted ringer ring device 110-1 to 110-N ), Environment measurement information data of each of the IoT devices 200-1 to 200-N, unique device identification information, unique device identification information, and predetermined patient unique identification information .

The healthcare management server 400 also receives information data of the decrypted ringer ring devices 110-1 to 110-N, environment measurement information data of the IoT devices 200-1 to 200-N, The information data of the ringer ring devices 110-1 to 110-N for each patient based on the unique device identification information, the unique device identification information, and the predetermined patient unique identification information, and the information data of each IoT device 200- 1 to 200-N) in the form of a database (DB), and stores and manages the environment measurement information data.

In addition, the health care management server 400 may be configured to allow the administrator to monitor the information data of the ringer ring devices 110-1 to 110-N for each patient and environmental measurement information data for each room in real time And performs display function on the display screen.

Further, the health care management server 400 may perform the machine learning (e.g., the operation of the machine) on the basis of the predetermined patient identification information together with the information data of the decrypted ringer ring devices 110-1 to 110- (110-1 to 110-N) for the patient by using at least one artificial intelligence engine, such as machine learning, machine learning, pattern recognition or deep learning, Extracts the physical condition pattern information of the patient and performs a function of storing and managing the physical condition pattern information of the patient in a database (DB) for each ringer ring device.

In addition, the healthcare management server 400 may perform machine learning, pattern recognition, or pattern recognition based on the environment measurement information data of the corresponding room for each of the decoded IoT devices 200-1 to 200-N, The at least one artificial intelligence engine is used to analyze the environmental measurement information data of the corresponding room for each of the IoT devices 200-1 to 200-N to determine the IoT devices 200-1 to 200-N Extracting the environmental condition pattern information of the corresponding room, and storing and managing the environmental condition pattern information of the corresponding room in the database (DB) for each IoT device.

In addition, the health care management server 400 may determine the physical condition pattern information of the patient and the IoT devices 200-1 to 200-N for the extracted ringer rings 110-1 to 110-N, The healthcare service can be provided so that it can be confirmed through the healthcare-related application service installed in advance in the external administrator terminal 20, the user terminal 30 and / or the client terminal 40 with respect to the environmental condition pattern information of the corresponding room have.

In addition, the health care management server 400 may determine at least one of artificial running, pattern recognition, or deep running of the patient's physical condition pattern information for the extracted ringer rings 110-1 to 110-N A function of providing a healthcare service to predict and cope with a risk or an emergency of the patient by performing a physical condition pattern learning of the patient using the intelligent engine can be performed.

In addition, the health care management server 400 may determine at least one of artificial intelligence (AI) among machine learning, pattern recognition, or deep learning about the environmental condition pattern information of the corresponding room in the extracted IoT devices 200-1 to 200- It is possible to perform the function of providing the health care service to predict and cope with the risk and / or emergency situation of the ward by performing the environmental condition pattern learning of the ward using the engine.

In addition, the health care management server 400 predicts the risk and / or emergency situation of the patient and the room by performing the body state pattern learning of the patient using the artificial intelligence engine and the environmental condition pattern learning of the room, And the healthcare service so that the position and the current state information of the patient and the room are transmitted to the predetermined administrator terminal 20, the user terminal 30 and / or the client terminal 40 when the patient and the room are in a dangerous and / And the like.

Although the preferred embodiment of the healthcare service system using the residential gateway apparatus with enhanced security according to the present invention has been described above, the present invention is not limited thereto, And various modifications may be made within the scope of the drawings, which also belong to the present invention.

100-1 to 100-N: Ringing ring information acquisition device,
110-1 to 110-N: ringer ring device,
200-1 to 200-N: IoT devices,
300: a residential gateway device,
310: device / device connection module,
320: data processing module,
330: application service connection module,
340: device / device DB,
350: DB access control module,
351: DB access monitoring section,
352: Blacklist DB,
353: DB access blocking part,
354: DB access control unit,
355: User information DB,
356: License DB,
357: security policy DB,
358: backup device / device DB,
400: Health care management server

Claims (19)

delete At least one ringing information acquiring device for acquiring information data of at least one ringing device preliminarily installed in a hospital room in a hospital and transmitting unique device identification information previously stored together with the obtained information data of each ringer ring device, ;
At least one IoT (Internet of Things) which is installed in advance in a hospital room to acquire environment measurement information data of the room, and transmits unique device identification information previously stored together with the obtained environment measurement information data of the room, device;
The ringing ring information acquiring device and each IoT device are connected to each other in a wired or wireless manner. The ringing ring information acquiring device, the information data of each ringer ring device transmitted from each IoT device, and the environment measurement information data of the corresponding room Unique device identification information and device identification information, and encrypts the predetermined patient unique identification information corresponding to each ringer ring device, and also encrypts the information data of each encrypted ringer device and the environmental measurement of each IoT device A resident gateway device for transmitting a decryption key capable of decrypting unique device identification information, device identification information, and predetermined patient unique identification information together with information data; And
A decryption key, together with information data of each ringer ring device encrypted by the residential gateway device, environmental measurement information data of each IoT device, unique device identification information, unique device identification information, Decrypts the information data of each encrypted ringer device, environment measurement information data of each IoT device, unique device identification information, unique device identification information, and predetermined patient unique identification information based on the received information, Based on the information data of each ringer ring device decrypted, environment measurement information data of each IoT device, unique device identification information, unique device identification information, and predetermined patient unique identification information, Data and environment measurement information data of each IoT device according to each room are stored in a database (DB) But ulreo managers, including health care management server that appears on the display screen to allow real-time monitoring of environmental data, measurement information for the information data and each ward ring ringer device for each patient,
The residential gateway apparatus comprises:
The ringing ring information acquiring device and each IoT device are connected to each other in a wired or wireless manner, and the ringing ring information acquiring device, the information data of each ringer ring device transmitted from each IoT device and the environment measurement information data of the corresponding room A device / device connection module for connecting unique device identification information and device identification information so as to be received;
Device identification information and device identification information together with information data of each ringer ring device received from each ringer ring information acquiring device and each IoT device received from the device / device connection module and environment measurement information data of the corresponding room, And encrypts the predetermined patient unique identification information corresponding to each ringer ring device and transmits the encrypted device unique identification information together with the information data of the encrypted ringer ring device and the environment measurement information data of the corresponding room, A data processing module for storing and transmitting a decryption key capable of decrypting unique device identification information and predetermined patient unique identification information; And
A decryption key together with information data of each ringer ring device encrypted and transmitted from the data processing module, environmental measurement information data of the corresponding room, unique device identification information, unique device identification information, And an application service connection module for receiving and providing connection to the respective ringing ring information acquisition device and the health care application service corresponding to each IoT device so as to be transmitted to the healthcare management server, A healthcare service system using a residential gateway device.
3. The method of claim 2,
The data processing module may include information data of each ringer ring device and unique device identification information for each ringer ring information acquisition device received from the device / device connection module, environment measurement information data of the corresponding room for each IoT device And the unique device identification information, metadata is given through the channel encoded at different bit rates according to the type and size of the information data for each ringer ring device and each IoT device, To the application service connection module, and transmits the connection request message to the application service connection module.
3. The method of claim 2,
(DB) of each ringer ring device corresponding to the device identification information unique to each ringer ring device and the predetermined patient unique identification information under the control of the data processing module and stores and manages the database, Further comprising a device / device DB for storing and managing environment measurement information data of the corresponding room for each IoT device corresponding to the unique device identification information of the IoT device,
The data processing module receives the information data of each ringer ring device received from the device / device connection module, environment measurement information data of the corresponding room, unique device identification information, and device identification information, And the device identification information of each IoT device and information data for each ringer ring device and each IoT device corresponding to the device identification information of each IoT device stored in the device / device connection module And the information data for each IoT device is divided for each channel according to the type and size of data, and the metadata is assigned through each channel encoded in parallel so as to have different bit rates, To the service connection module. The security-enhanced residential gateway Health care service system using value.
5. The method of claim 4,
Further comprising a DB access control module that monitors a query for accessing the device / device DB and controls the access to the illegal DB access,
Wherein the DB access control module comprises:
A DB access monitoring unit for monitoring query information for accessing the device / device DB;
The DB access monitoring unit analyzes the query information monitored by the DB access monitoring unit to check the data access commands and checks whether or not the data access commands corresponding to the corresponding query are stored in the black list DB, A DB access blocking unit for allowing or blocking data access of the device / device DB; And
And a DB access control unit for controlling operations of the DB access monitoring unit and the DB access blocking unit,
The DB access blocking unit, when there is an illegal data access command matching the confirmed data access command in the black list DB, generates a specific code And the blacklist information is updated by storing the access user information and the access IP address information in the blacklist DB,
Wherein the illegal data access instruction stored in advance in the blacklist DB includes at least one of an illegal data generation instruction, an illegal data modification instruction, and an illegal data erasing instruction. Healthcare service system using residential gateway device.
6. The method of claim 5,
The DB access control unit,
A message for requesting access to the device / device DB together with the user unique identification information transmitted from an external user terminal, extracts the user unique identification information from the received message, analyzes the extracted user unique identification information, Transmits a specific access key corresponding to one user access right level of the corresponding user unique identification information stored in advance in a separate license DB to the corresponding user terminal according to whether or not the user unique identification information stored in advance is stored in the user DB,
A message for accessing data stored in the device / device DB together with a specific access key transmitted from the user terminal is analyzed and analyzed to extract a specific access key, and the extracted specific access key and the usage right DB The operation of the DB access blocking unit is controlled so that data access of the device / device DB is permitted or blocked according to whether or not a specific access key is matched,
If there is a specific access key corresponding to the extracted specific access key in the DB for use right, the data access control unit controls the DB access blocking unit such that data access stored in the device / device DB is permitted according to a level of the user access right granted to the specific access key Wherein the control unit controls the operation of the subscriber unit in accordance with the operation of the subscriber unit.
The method according to claim 6,
The DB access control unit permits access to data stored in the device / device DB according to a level of a user access right given to the specific access key, and then confirms data access result information in real time, The operation of the DB access blocking unit is controlled so that re-access of data of the corresponding device / device DB by the specific access key is allowed or blocked according to whether the illegal data access result information previously stored in the separate security policy DB matches or not,
If the illegal data access result information matching the confirmed data access result information exists in the security policy DB, deletes data of the device / device DB corresponding to the confirmed data access result information, / Device DB to restore the data of the deleted device / device DB to data before illegal data access and to prevent the data of the corresponding device / device DB from being accessed again by the specific access key Deletes one level of user access right of the user unique identification information corresponding to the specific access key stored in the DB,
Wherein illegal data access result information stored in advance in the security policy DB is composed of data access result information corresponding to at least one of illegal data modification, illegal data modification, and illegal data deletion. A healthcare service system using a residential gateway device.
The method according to claim 6,
The DB access control unit,
(DB) for each user unique identification information in the user information DB together with one level of user access right to the device / device DB provided by the administrator based on the user unique ID information received through the external user terminal, To be stored,
Device DB in accordance with one level of user access right to the device / device DB, and stores the at least one specific access key in a database (DB)
And the data stored in the device / device DB is periodically backed up and stored in a separate backup device / device DB.
3. The method of claim 2,
The data processing module includes a decryption unit that decrypts predetermined patient unique identification information together with the encrypted information data of each ringer ring device, environment measurement information data of the corresponding room, unique device identification information, Key to a database (DB) for each ringer ring device and each IoT device for the patient and the patient room in a separate device / device DB to be stored and managed,
The application service connection module provides a cloud computing service in response to a request from an external client terminal in cooperation with the data processing module, and transmits the cloud computing service to each ringer ring information acquiring device stored in the device / Searching and registering the patient specific identification information set in advance together with the information data of each ringer ring device and unique device identification information, environment measurement information data of the corresponding room for each IoT device and unique device identification information, And provides the client member login cloud web service to be displayed on the corresponding display screen.
10. The method of claim 9,
Wherein the data processing module includes information data of each ringer ring device and unique device identification information for each encrypted ringer ring information acquisition device, environment measurement information data of the corresponding room for each IoT device, And a decryption key for decrypting predetermined patient unique identification information together with the information to be transmitted to the client terminal through the application service connection module,
The application service connection module transmits information of each ringer ring device to each ringer ring information acquisition device encrypted and stored in the device / device DB using the transmitted decryption key together with corresponding client member login information through the client terminal Data, and unique device identification information, environment measurement information data of the corresponding room for each IoT device, and unique device identification information, and registers, searches, and identifies it in real time, And the client member login cloud web service is provided so that the client member login cloud web service is displayed on the screen.
10. The method of claim 9,
The application service connection module may include information data of each ringer ring device and unique device identification information for each ringer ring information acquisition device stored in the device / device DB via the client terminal, Wherein the mobile terminal provides the cloud web service to download the decryption key that can decrypt predetermined patient unique identification information together with the environment measurement information data and the unique device identification information. Healthcare service system using.
10. The method of claim 9,
The application service connection module may include information data of each ringer ring device and unique device identification information for each ringer ring information acquisition device stored in the device / device DB via the client terminal, Related cloud application that can register, search, and identify a decryption key capable of decrypting predetermined patient unique identification information together with environment measurement information data of the environment-related information and unique device identification information, and display the corresponding gateway-related cloud application on the corresponding display screen Wherein the web service is provided by a security gateway.
3. The method of claim 2,
Wherein the application service connection module comprises information data of each ringer ring device and unique device identification information for each encrypted ringer ring information acquisition device, environment measurement information data of the corresponding room for each IoT device, Wherein the server provides the service such that the patient specific identification information set in advance together with the identification information is periodically transmitted to an external cloud server that provides the cloud computing service in response to a request from an external client terminal A healthcare service system using a gateway device.
3. The method of claim 2,
The device identification information unique to each ringing ring device for each ringing ring information obtaining device includes the name of the ringing ring device, the password of the ringing ring device, the serial number of the ringing ring device, the kind of the ringer ring device, A media access control (MAC) address of a ringing device, a unique IP (Internet Protocol) address of a ringing device, a version of a ringer device model and a ringer device, a secret key of a ringer device, or a PKI- And authentication information of the ringing ring device generated by the ringing ring device,
The unique device identification information of each IoT device includes the name of the IoT device, the password of the IoT device, the serial number of the IoT device, the type of the IoT device, the maker of the IoT device, the MAC (Media Access Control) address of the IoT device, At least one of the unique IP (Internet Protocol) address of the device, the model of the IoT device and the version of the IoT device, the authentication information of the IoT device generated by the private key of the IoT device or the PKI-based private key,
The predetermined patient unique identification information includes at least one of a member ID / password (ID / PW) of a patient registered at the time of membership of the patient, a resident number, a telephone number, biometric characteristic information, Wherein the information includes at least one of a Public Key Infrastructure (PKI), One Time Password (OTP), and Authorized Certificate Information.
3. The method of claim 2,
The health care management server may perform a machine learning, a pattern recognition, or a dip analysis based on predetermined decoded patient unique identification information together with the decoded information of each ringer ring device and unique device identification information, And at least one artificial intelligence engine is used to analyze the information data of each ringer ring device for the corresponding patient to extract the physical state pattern information of the patient and to determine the body state of the patient Stores and manages state pattern information into a database (DB)
The at least one artificial intelligence engine, such as machine learning, pattern recognition, or deep learning, based on the environment measurement information data of the corresponding room for each of the decoded IoT devices and unique device identification information, The environment condition information of the corresponding room is analyzed for each IoT device, and the environment condition pattern information of the corresponding room is stored in a database (DB) for each IoT device, and the stored information is stored and managed A healthcare service system using a residential gateway device with enhanced security.
16. The method of claim 15,
The healthcare management server may further include a healthcare-related application service installed in advance in an external user terminal to the extracted physical condition pattern information of the patient for each of the ringer ring devices and environmental condition pattern information of the corresponding room for each IoT device, And the health care service is provided so that the healthcare service can be confirmed through the healthcare service system.
16. The method of claim 15,
The health care management server may be configured to perform a physical state pattern learning of the patient using at least one artificial intelligence engine among machine learning, pattern recognition, or deep learning for the extracted body state pattern information of the patient for each ringer ring device To provide healthcare services to predict and respond to the patient's risk or emergency situation,
Performing environmental condition pattern learning of the corresponding room using at least one artificial intelligence engine among machine learning, pattern recognition, or deep learning with respect to the environmental condition pattern information of the corresponding room for each of the extracted IoT devices, And a healthcare service is provided so as to predict and respond to a situation of the healthcare service system using the security gateway.
18. The method of claim 17,
The health care management server performs a learning of a physical state pattern of a patient using the artificial intelligence engine and an environment state pattern learning of the room to predict a risk or an emergency situation of the patient and the room, And provides the healthcare service so that the location of the patient and the room and the current situation information are transmitted to the predetermined administrator terminal when the terminal is in an emergency situation.
3. The method of claim 2,
Each ringer ring device of each ringer ring information acquiring device includes at least one of an ultrasonic sensor, a body potential measuring sensor for measuring at least one of a patient's electrocardiogram, an electroencephalogram, an electromyogram, a heart or a brain evoked potential, a patient's respiratory body temperature, blood pressure, At least one of a body physical quantity measuring sensor for measuring at least one of a pulse wave or a pulse wave, a body composition measuring sensor for measuring at least one of blood sugar, oxygen saturation, body composition or respiratory gas of the patient, Of the sensor,
Each IoT device has a temperature sensor for measuring the ambient temperature, a humidity sensor for measuring the ambient humidity, a fine dust sensor for measuring fine dust having a particle diameter of 10 μm or less, an ultra fine dust having a particle diameter of 2.5 μm or less Wherein the at least one device comprises at least one of a super fine dust sensor, a smoke sensor, a carbon monoxide sensor, a carbon dioxide sensor, an ozone sensor, a stereoscopic image sensor, or an infrared thermal image sensor. Healthcare service system using.

Images