WO2018105049A1 - Security system and authentication server - Google Patents

Security system and authentication server Download PDF

Info

Publication number
WO2018105049A1
WO2018105049A1 PCT/JP2016/086336 JP2016086336W WO2018105049A1 WO 2018105049 A1 WO2018105049 A1 WO 2018105049A1 JP 2016086336 W JP2016086336 W JP 2016086336W WO 2018105049 A1 WO2018105049 A1 WO 2018105049A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
similarity
transmission data
transmission
clinical trial
Prior art date
Application number
PCT/JP2016/086336
Other languages
French (fr)
Japanese (ja)
Inventor
太郎 上野
太祐 市川
Original Assignee
サスメド株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by サスメド株式会社 filed Critical サスメド株式会社
Priority to PCT/JP2016/086336 priority Critical patent/WO2018105049A1/en
Publication of WO2018105049A1 publication Critical patent/WO2018105049A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present invention relates to a security system and an authentication server, and is particularly suitable for application to a system configured to sequentially transmit clinical test data from a transmission terminal to a collection server and store the clinical test data in the collection server. Is.
  • clinical trials are conducted to confirm the safety and effectiveness of drugs, medical devices, and treatment methods.
  • data is usually collected in such a way that doctors listen to patient data through measurements or interviews, record them in medical records, and send the data to the clinical trial administration office.
  • CRO Contract Research Research Organization
  • a third party organization is in operation under the current mechanism, and humans visually check the data.
  • the electronic medical record recording system described in Patent Document 2 is made for the purpose of suppressing falsification of the electronic medical record without using a time stamp whose reliability is uncertain.
  • the electronic medical record transmitted from the user terminal and recorded in the electronic medical record reception memory includes the contents of the electronic medical record recorded in the storage electronic medical record database. Only when it is determined that all are included, the electronic medical record in the storage electronic medical record database is overwritten.
  • Patent Document 1 verifies the presence or absence of falsification of the electronic medical record by hand, and cannot satisfy the above-mentioned demand.
  • Patent Document 2 it is possible to prevent falsification of the electronic medical chart without intervention of human hands.
  • the electronic medical record transmitted from the user terminal is considered to be valid data only when it contains all the contents of the electronic medical record recorded in the storage electronic medical record database, the measurement results of clinical trials where the measurement results can change sequentially It cannot be applied to the use of transmitting data.
  • the present invention has been made to solve such a problem, and an object thereof is to prevent falsification of transmission data of clinical trials without human intervention by a third party organization.
  • transmission data that is personal clinical test data transmitted from the transmission terminal to the authentication server and the collection server that collects and accumulates the clinical test data are stored. Calculate the degree of similarity between the individual and the stored data that is clinical trial data of the same person, authenticate the validity of the transmission data based on the calculated degree of similarity, and only the transmission data that has been certified as valid Is provided from the authentication server to the collection server.
  • the clinical trial data transmitted this time and the clinical data transmitted up to the previous time and accumulated in the collection server Based on the similarity to the test data, the validity of the clinical test data transmitted this time is authenticated.
  • a correlation is recognized between the clinical test data that are sequentially transmitted, so that the similarity between the transmitted data and the stored data is relatively large.
  • the transmission data is tampered with, the degree of similarity with the stored data decreases. In this case, it is possible to determine that the transmission data having a low similarity to the stored data is falsified data and not provide the authentication server to the collection server. As a result, it is possible to prevent falsification of transmission data of clinical trials without intervention by a third party organization.
  • FIG. 1 is a diagram illustrating an example of the overall configuration of a security system according to the present embodiment.
  • the security system of the present embodiment includes a transmission terminal 10 that transmits clinical trial data, and collection servers 30 -1 to 30 -3 that collect and store clinical trial data (hereinafter collectively collected). And the authentication server 20 for authenticating the validity of the clinical trial data.
  • the transmission terminal 10 and the authentication server 20 are configured to be connectable via a communication network such as the Internet.
  • the authentication server 20 and the collection server 30 are configured to be connectable via a communication network such as the Internet or a dedicated line.
  • the transmission terminal 10 may be a terminal used by a doctor in a medical institution, or may be a terminal used by a patient who undergoes a clinical test. By transmitting the clinical trial data from the terminal used by the patient, it is possible to prevent the clinical trial data from being falsified by the doctor.
  • the clinical test data transmitted from the transmission terminal 10 includes measurement data measured using a medical device and inquiry data obtained by answering an inquiry.
  • the inquiry data can be transmitted directly from the terminal used by the patient. That is, it is possible to reply to an inquiry at the patient's terminal and transmit the inquiry data obtained as a result from the patient's terminal.
  • measurement data after measurement is performed at a medical institution, the patient inputs the measurement data to the patient's terminal and transmits the measurement data from the patient's terminal.
  • the collection server 30 includes a plurality of servers 30 -1 to 30 -3 connected by a distributed network.
  • a block chain technology is introduced into the plurality of collection servers 30 -1 to 30 -3 . That is, the clinical trial data transmitted from the transmission terminal 10 is shared among the plurality of collection servers 30 -1 to 30 -3 by the block chain technology. For simplicity, only three collection servers 30 -1 to 30 -3 are shown, but more than this may be used.
  • FIG. 2 is a block diagram illustrating a functional configuration example of the authentication server 20.
  • the authentication server 20 of the present embodiment includes a transmission data acquisition unit 21, a stored data acquisition unit 22, a similarity calculation unit 23, an authentication processing unit 24, and a data provision control unit 25 as functional configurations. I have. Further, the authentication server 20 includes a similarity storage unit 26 as a storage medium.
  • the functional blocks 21 to 25 can be configured by any of hardware, DSP (Digital Signal Processor), and software.
  • DSP Digital Signal Processor
  • each of the functional blocks 21 to 25 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the transmission data acquisition unit 21 acquires personal clinical test data (hereinafter referred to as transmission data) transmitted from the transmission terminal 10.
  • the accumulated data acquisition unit 22 is stored in the collection server 30 (which may be any of a plurality of collection servers 30 -1 to 30 -3 ) when the transmission data acquisition unit 21 acquires transmission data from the transmission terminal 10.
  • Acquire clinical trial data (hereinafter referred to as accumulated data) of the same person as above.
  • the latest clinical trial data accumulated last time is acquired from the clinical trial data accumulated in the collection server 30.
  • the accumulated data acquisition unit 22 acquires the latest clinical test data accumulated last time as accumulated data used as a comparison target with the current transmission data acquired by the transmission data acquisition unit 21.
  • the personal identification information is managed in association with the clinical trial data. That is, when clinical trial data is transmitted from the transmission terminal 10, it is transmitted together with personal identification information. Further, when the clinical trial data is accumulated in the collection server 30, it is stored in the database in association with personal identification information.
  • the personal identification information a uniquely set user ID, a terminal ID of the transmission terminal 10, or the like can be used.
  • the similarity calculation unit 23 relates to the personal clinical test data transmitted this time from the transmission terminal 10 (transmission data acquired by the transmission data acquisition unit 21) and the same person as the individual stored in the collection server 30. The degree of similarity with the previous clinical test data (accumulated data acquired by the accumulated data acquisition unit 22) is calculated.
  • the similarity calculation unit 23 calculates the Mahalanobis distance or the Euclidean distance as the first similarity for multi-value clinical trial data such as measurement data, and the binary type such as inquiry data.
  • the cosine similarity is calculated as the second similarity for the clinical trial data.
  • the Mahalanobis distance When the measurement data includes a plurality of types of data having different units such as blood pressure and weight, it is preferable to calculate the Mahalanobis distance after standardizing them together. On the other hand, when only measurement data having the same unit is included, the Mahalanobis distance or the Euclidean distance may be calculated without standardization. The smaller the calculated distance, the larger the similarity, and the larger the distance, the smaller the similarity.
  • a question item includes a multi-value answer in addition to a yes / no binary answer, the question answered in that multi-value answer
  • the Mahalanobis distance is calculated together with the measurement data.
  • the similarity calculation unit 23 stores the calculated similarity in the similarity storage unit 26. Each time the transmission data acquisition unit 21 acquires clinical trial data from the transmission terminal 10, the similarity calculation unit 23 calculates the similarity with the previous clinical test data acquired by the accumulated data acquisition unit 22, and the calculated similarity Is stored in the similarity storage unit 26. As a result, the similarity storage unit 26 accumulates a plurality of similarities.
  • the authentication processing unit 24 authenticates the validity of the transmission data based on the similarity calculated by the similarity calculation unit 23.
  • the similarity calculation unit 23 calculates the first similarity (Mahalanobis distance or Euclidean distance) calculated for the multivalued clinical trial data and the second similarity calculated for the binary clinical trial data.
  • the validity of the transmission data is authenticated based on the degree (cosine similarity).
  • the authentication processing unit 24 determines that the transmission data is valid when the similarity exceeds a certain level. On the other hand, when the similarity is equal to or lower than a certain level, the authentication processing unit 24 determines that the transmission data is invalid, that is, falsified. Specifically, the authentication processing unit 24 individually performs authentication processing for each of the first similarity and the second similarity, and when at least one of the similarities is below a certain level, the transmission data is invalid. Judge that it is.
  • the authentication processing unit 24 calculates the current similarity calculated for the transmission data by the similarity calculation unit 23 and the similarity calculated by the similarity calculation unit 23 for the accumulated data up to the previous time (that is, the similarity storage).
  • the validity of the transmission data is authenticated depending on whether or not the difference from the average value of the similarity degree stored in the unit 26 exceeds a threshold value.
  • the threshold value used here can be set arbitrarily. For example, the standard deviation ⁇ 2 value of the distribution estimated from a plurality of similarities is used as the threshold value.
  • the authentication processing unit 24 may authenticate the validity of the transmission data based on whether or not the current similarity calculated by the similarity calculation unit 23 exceeds a threshold value.
  • the threshold used in this case can also be set arbitrarily. When comparing the current similarity and the threshold in this way, if the threshold is set to a predetermined fixed value, it is not necessary to store the similarity history in the similarity storage unit 26.
  • the similarity with the previous data is not always constant.
  • the degree of similarity with the previous clinical trial data may be relatively small, such as when symptoms improve rapidly or worsen rapidly.
  • the calculated similarity will vary to some extent. Therefore, of the above two determination methods, the former determination method in which the threshold value is dynamically set in consideration of variations in similarity even in valid clinical test data is more preferable.
  • the authentication processing unit 24 notifies the similarity calculation unit 23 of the authentication result.
  • the similarity calculation unit 23 stores the calculated similarity in the similarity storage unit 26 only when the authentication processing unit 24 determines that the transmission data is valid. That is, when the authentication processing unit 24 determines that the transmission data is invalid, the calculated similarity is not correct and is not stored in the similarity storage unit 26.
  • the data provision control unit 25 performs control so as to provide only the transmission data authenticated by the authentication processing unit 24 to the collection server 30.
  • the data provision control unit 25 provides the transmission data authenticated by the authentication processing unit 24 to the plurality of collection servers 30 -1 to 30 -3 . In this way, by providing only the transmission data authenticated as valid to the collection server 30, for example, a doctor hijacks the patient's transmission terminal 10 and transmits unauthorized clinical test data to the collection server 30. Can be prevented.
  • FIG. 3 is a block diagram illustrating a functional configuration example of the collection server 30.
  • the plurality of collection servers 30 -1 to 30 -3 all have the same functional configuration.
  • FIG. 3 shows a functional configuration example of the collection server 30-1 as a representative.
  • the collection server 30-1 includes a provision data acquisition unit 31, a consensus processing unit 32, a storage control unit 33, and a storage data provision unit 34 as functional configurations.
  • the collection server 30-1 includes a clinical test data storage unit 35 as a storage medium.
  • the functional blocks 31 to 34 can be configured by any of hardware, DSP, and software.
  • each of the functional blocks 31 to 34 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the provided data acquisition unit 31 acquires clinical test data provided from the authentication server 20 (current transmission data determined to be valid).
  • the consensus processing unit 32 performs consensus forming processing for sharing the transmission data among the plurality of collection servers 30 -1 to 30 -3 as a whole.
  • this consensus building process it is possible to use a consensus algorithm known in the block chain technology.
  • the provided data acquisition unit 31 performs the consensus building process using a PBFT (Practical Byzantine Fault Tolerance) consensus algorithm, thereby validating the clinical trial data acquired by each of the collection servers 30 -1 to 30 -3.
  • PBFT Practical Byzantine Fault Tolerance
  • the accumulation control unit 33 performs control so that only transmission data that is consensus-formed by the consensus processing unit 32 is newly accumulated in the clinical trial data storage unit 35 as accumulated data. In this way, by storing only the transmission data verified as valid by the consensus processing unit 32 in the clinical test data storage unit 35, for example, a clinical program data can be obtained by setting a malicious program on the collection server 30. Can be prevented from being tampered with.
  • the accumulated data providing unit 34 transmits the transmission acquired by the transmission data acquiring unit 21 from the clinical test data stored in the clinical test data storage unit 35 in response to a request from the accumulated data acquiring unit 22 of the authentication server 20.
  • the previous clinical trial data relating to the same individual as the data is read and provided to the accumulated data acquisition unit 22.
  • the clinical test data stored in the clinical test data storage unit 35 is only data verified by the consensus processing unit 32 as valid. Therefore, the validity of the stored data used as a comparison target with the transmission data when the similarity calculation unit 23 of the authentication server 20 calculates the similarity is guaranteed. Thereby, the authentication precision of the transmission data by the authentication process part 24 can be ensured.
  • the validity is determined in a manner that depends on the existing clinical trial data of the same individual.
  • FIG. 4 is a flowchart showing an example of the operation of the security system according to the present embodiment configured as described above.
  • the transmission terminal 10 transmits clinical test data to the authentication server 20 (step S1).
  • the transmission data acquisition unit 21 of the authentication server 20 acquires clinical trial data (transmission data) transmitted from the transmission terminal 10 (step S2).
  • the storage data acquisition unit 22 requests the collection server 30 to acquire storage data related to the same identification information (that is, the same patient) as the identification information of the transmission data. (Step S3).
  • the accumulated data providing unit 34 of the collection server 30 reads the previous accumulated data related to the same patient as the transmission data from the clinical trial data storage unit 35 and provides it to the authentication server 20 (step S4).
  • the accumulated data acquisition unit 22 of the authentication server 20 acquires the accumulated data provided from the accumulated data providing unit 34 (step S5).
  • the similarity calculation unit 23 obtains the current clinical test data (transmission data) acquired by the transmission data acquisition unit 21 in step S2 and the previous clinical test data (accumulation data) acquired by the accumulation data acquisition unit 22 in step S5. ) Is calculated (step S6). And the authentication process part 24 authenticates the legitimacy of transmission data based on the similarity calculated by the similarity calculation part 23 (step S7).
  • the authentication processing unit 24 determines whether or not the current transmission data is valid as a result of the authentication (step S8).
  • the similarity calculation unit 23 stores the calculated similarity in the similarity storage unit 26 (step S9).
  • the data provision control part 25 provides the clinical trial data which the transmission data acquisition part 21 acquired from the transmission terminal 10 by step S2 to the collection server 30 (step S10).
  • the processing of the authentication server 20 is terminated without performing the processing of steps S9 and S10.
  • the provided data acquisition unit 31 of the collection server 30 acquires clinical trial data (current transmission data) provided from the authentication server 20 (step S11). Then, the consensus processing unit 32 performs consensus formation processing for sharing the transmission data among the plurality of collection servers 30 -1 to 30 -3 , and the transmission data acquired by the collection servers 30 -1 to 30 -3. Is verified (step S12).
  • the accumulation control unit 33 determines whether or not consensus processing unit 32 has formed consensus on transmission data (step S13).
  • the accumulation control unit 33 newly stores the transmission data in the clinical trial data storage unit 35 as accumulation data (step S14).
  • the process of step S14 is not performed, and the process of the collection server 30 ends.
  • transmission data that is personal clinical test data transmitted from the transmission terminal 10 to the authentication server 20 and the collection server 30 that collects and accumulates the clinical test data are stored.
  • the degree of similarity between the above-mentioned individual and the stored data that is the clinical trial data of the same person is calculated, the validity of the transmission data is authenticated based on the calculated degree of similarity, and the transmission that has been authenticated is verified Only the data is provided from the authentication server 20 to the collection server 30.
  • the clinical trial data transmitted this time and the previous transmission and accumulation in the collection server 30 are performed.
  • the validity of the clinical trial data transmitted this time is authenticated based on the similarity with the existing clinical trial data.
  • it is possible to determine that the clinical trial data having a small similarity to the stored data is falsified data and not provide the authentication server 20 to the collection server 30.
  • the block chain technology is introduced to the plurality of integrated servers 30 -1 to 30 -3 connected by the distributed network, and the transmission data is transmitted to the whole collection servers 30 -1 to 30 -3. Only when the consensus is formed to share the transmission data, the transmission data provided from the authentication server 20 to the collection server 30 is stored in the clinical trial data storage unit 35 as new accumulated data.
  • the similarity calculation unit 23 of the authentication server 20 can ensure the validity of the accumulated data used as a comparison target with the transmission data when calculating the similarity, the transmission data of the transmission data performed by the authentication processing unit 24 can be secured. The accuracy of the authentication process can be ensured.
  • the authentication processing unit 24 determines that the clinical test data is valid, the similarity is stored in the similarity storage unit 26.
  • the consensus processing unit 32 fails to form a consensus regarding transmission data sharing, the authentication server 20 is notified of this and the latest similarity stored in the similarity storage unit 26 is notified. It is preferable to delete them.
  • the authentication server 20 acquires the previous clinical test data from the collection server 30 has been described.
  • the present invention is not limited to this.
  • the latest clinical test data may be stored in the authentication server 20 and the previous clinical test data may be acquired from the authentication server 20 itself.
  • the authentication server 20 may also be incorporated into the block chain, and a consensus process for sharing the transmission data among the plurality of integrated servers 30 -1 to 30 -3 and the authentication server 20 may be executed. Then, only when the consensus is taken, it may be caused to store the transmission data to a plurality of integrated servers 30-1 to 30 -3 and the authentication server 20.
  • the example in which the block chain technology is introduced by connecting a plurality of servers 30 -1 to 30 -3 via a distributed network has been described, but this is not essential. That is, the authentication server 20 alone can prevent falsification of clinical trial transmission data. However, since the security level increases when combined with the block chain technology, it is more preferable to configure as in the above embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

This security system is provided with: a degree of similarity calculation unit 23 which calculates a degree of similarity between transmitted data, which are a person's clinical test data having been transmitted from a transmission terminal 10 to an authentication server 20, and accumulated data, which are the same person's clinical test data accumulated in a collection server 30 for collecting and accumulating clinical test data; an authentication processing unit 24 which attempts to authenticate the validity of the transmitted data on the basis of the calculated degree of similarity; and a data service control unit 25 which performs a control such that the authentication server 20 provides, to the collection server 30, only transmitted data that has been authenticated as valid. Clinical test data having a low degree of similarity to the corresponding accumulated data are determined to have been altered, and are not provided from the authentication server 20 to the collection server 30, thereby making it possible to prevent unauthorized clinical test data resulting from a takeover of the transmission terminal 10 from being transmitted to the collection server 30.

Description

セキュリティシステムおよび認証サーバSecurity system and authentication server
 本発明は、セキュリティシステムおよび認証サーバに関し、特に、送信端末から収集サーバに臨床試験データを逐次送信し、当該臨床試験データを収集サーバにて蓄積するように成されたシステムに適用して好適なものである。 The present invention relates to a security system and an authentication server, and is particularly suitable for application to a system configured to sequentially transmit clinical test data from a transmission terminal to a collection server and store the clinical test data in the collection server. Is.
 一般に、薬剤や医療器具、治療方法等の安全性、有効性などを確認するために、臨床試験が行われる。臨床試験では通常、患者のデータを医師が測定または問診等により聞き取り後、カルテに記載し、そのデータを臨床試験運営事務局に送るという形でデータ収集を行っている。カルテデータを送信する際、改ざんを防ぐため、現行の仕組みでは第三者機関(CRO:Contract Research Organization)が運営に入り、人間がデータを目視によりチェックしている。 Generally, clinical trials are conducted to confirm the safety and effectiveness of drugs, medical devices, and treatment methods. In clinical trials, data is usually collected in such a way that doctors listen to patient data through measurements or interviews, record them in medical records, and send the data to the clinical trial administration office. In order to prevent tampering when sending medical chart data, a third party organization (CRO: Contract Research Research Organization) is in operation under the current mechanism, and humans visually check the data.
 しかしながら、人手によるデータのチェックは非効率である。そのため、人手を介さずに送信データの改ざんを防ぐセキュアな臨床試験システムの開発が望まれていた。なお、従来、カルテデータの改ざんの防止を目的としたシステムに関する発明が提供されている(例えば、特許文献1,2参照)。 However, manual data checking is inefficient. Therefore, development of a secure clinical trial system that prevents falsification of transmitted data without human intervention has been desired. Conventionally, inventions related to systems aimed at preventing falsification of medical chart data have been provided (see, for example, Patent Documents 1 and 2).
 特許文献1に記載のセキュリティ確保方法では、医療機関は、電子カルテの新規作成・カルテ内容の追加・変更・削除事項が発生すると、それを信頼機関に通信する。信頼機関は、通信してきた医療機関に対して日付のタイムスタンプを与える。その後、医療機関は、電子カルテのデータの新規作成・変更・追加・削除事項と、信頼機関から与えられたタイムスタンプとを含む電子カルテのデータを信頼機関へ送る。信頼機関は、当該タイムスタンプとデータとを蓄積した媒体に対して定期的に公証人から確定日付をもらい、封印して保管する。 In the security ensuring method described in Patent Document 1, when a medical institution creates a new electronic chart, adds, changes, or deletes a medical chart content, the medical institution communicates the information to a trust organization. The trusting organization gives a date time stamp to the medical institution that has communicated. Thereafter, the medical institution sends the electronic medical record data including new creation / change / addition / deletion items of the electronic medical record data and the time stamp given by the trusting organization to the trusting organization. The trust organization periodically obtains a fixed date from a notary for the medium storing the time stamp and data, and seals and stores it.
 特許文献2に記載の電子カルテ記録システムは、信頼性が不確かであるタイムスタンプを利用することなく、電子カルテの改ざんを抑止することを目的として成されたものである。この特許文献2に記載の電子カルテ記録システムは、ユーザ端末から送信されて電子カルテ受信メモリに記録された電子カルテが、保存用電子カルテデータベースに記録されている電子カルテの内容を含んでいるか否かを判定し、全てを含んでいると判定した場合のみ保存用電子カルテデータベースの電子カルテを上書きする。 The electronic medical record recording system described in Patent Document 2 is made for the purpose of suppressing falsification of the electronic medical record without using a time stamp whose reliability is uncertain. In the electronic medical record recording system described in Patent Document 2, the electronic medical record transmitted from the user terminal and recorded in the electronic medical record reception memory includes the contents of the electronic medical record recorded in the storage electronic medical record database. Only when it is determined that all are included, the electronic medical record in the storage electronic medical record database is overwritten.
特開平10-320491号公報Japanese Patent Laid-Open No. 10-320491 特開2011-103055号公報JP 2011-103055 A
 上記特許文献1に記載の方法は、電子カルテの改ざんの有無を人手によって検証するものであり、上述の要望は満たせない。一方、特許文献2に記載のシステムによれば、人手を介さずに電子カルテの改ざんを防止することが可能である。しかしながら、ユーザ端末から送信された電子カルテが、保存用電子カルテデータベースに記録されている電子カルテの内容を全て含んでいる場合のみ正当なデータとみなす仕組みなので、測定結果が逐次変わり得る臨床試験のデータを送信する用途には適用することができない。 The method described in Patent Document 1 verifies the presence or absence of falsification of the electronic medical record by hand, and cannot satisfy the above-mentioned demand. On the other hand, according to the system described in Patent Document 2, it is possible to prevent falsification of the electronic medical chart without intervention of human hands. However, since the electronic medical record transmitted from the user terminal is considered to be valid data only when it contains all the contents of the electronic medical record recorded in the storage electronic medical record database, the measurement results of clinical trials where the measurement results can change sequentially It cannot be applied to the use of transmitting data.
 本発明は、このような問題を解決するために成されたものであり、第三者機関による人手を介さずに、臨床試験の送信データの改ざんを防止できるようにすることを目的とする。 The present invention has been made to solve such a problem, and an object thereof is to prevent falsification of transmission data of clinical trials without human intervention by a third party organization.
 上記した課題を解決するために、本発明では、送信端末から認証サーバに送信された個人の臨床試験データである送信データと、当該臨床試験データを収集して蓄積する収集サーバに蓄積されている上記個人と同一者の臨床試験データである蓄積データとの類似度を算出し、算出された類似度に基づいて送信データの正当性を認証して、正当であることが認証された送信データのみを認証サーバから収集サーバに提供するようにしている。 In order to solve the above-described problems, in the present invention, transmission data that is personal clinical test data transmitted from the transmission terminal to the authentication server and the collection server that collects and accumulates the clinical test data are stored. Calculate the degree of similarity between the individual and the stored data that is clinical trial data of the same person, authenticate the validity of the transmission data based on the calculated degree of similarity, and only the transmission data that has been certified as valid Is provided from the authentication server to the collection server.
 上記のように構成した本発明によれば、送信端末から収集サーバに臨床試験データを逐次送信する場合、今回送信された臨床試験データと、前回までに送信されて収集サーバに蓄積されている臨床試験データとの類似度に基づいて、今回送信された臨床試験データの正当性が認証される。ここで、同じ個人に関する臨床試験データであれば、逐次送信される臨床試験データの間に相関が認められるので、送信データと蓄積データとの類似度は比較的大きくなる。一方、送信データに改ざんが加えられると、蓄積データとの類似度は小さくなる。この場合、蓄積データとの類似度が小さくなっている送信データは改ざんされたデータであると判定し、認証サーバから収集サーバに提供しないようにすることができる。これにより、第三者機関による人手を介さずに、臨床試験の送信データの改ざんを防止することができる。 According to the present invention configured as described above, when clinical trial data is sequentially transmitted from the transmission terminal to the collection server, the clinical trial data transmitted this time and the clinical data transmitted up to the previous time and accumulated in the collection server Based on the similarity to the test data, the validity of the clinical test data transmitted this time is authenticated. Here, in the case of clinical test data related to the same individual, a correlation is recognized between the clinical test data that are sequentially transmitted, so that the similarity between the transmitted data and the stored data is relatively large. On the other hand, when the transmission data is tampered with, the degree of similarity with the stored data decreases. In this case, it is possible to determine that the transmission data having a low similarity to the stored data is falsified data and not provide the authentication server to the collection server. As a result, it is possible to prevent falsification of transmission data of clinical trials without intervention by a third party organization.
本実施形態によるセキュリティシステムの全体構成例を示す図である。It is a figure which shows the example of whole structure of the security system by this embodiment. 本実施形態による認証サーバの機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the authentication server by this embodiment. 本実施形態による収集サーバの機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the collection server by this embodiment. 本実施形態によるセキュリティシステムの動作例を示すフローチャートである。It is a flowchart which shows the operation example of the security system by this embodiment.
 以下、本発明の一実施形態を図面に基づいて説明する。図1は、本実施形態によるセキュリティシステムの全体構成例を示す図である。図1に示すように、本実施形態のセキュリティシステムは、臨床試験データを送信する送信端末10と、臨床試験データを収集して蓄積する収集サーバ30-1~30-3(以下、まとめて収集サーバ30と記すこともある)と、臨床試験データの正当性を認証する認証サーバ20とを備えて構成されている。 Hereinafter, an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a diagram illustrating an example of the overall configuration of a security system according to the present embodiment. As shown in FIG. 1, the security system of the present embodiment includes a transmission terminal 10 that transmits clinical trial data, and collection servers 30 -1 to 30 -3 that collect and store clinical trial data (hereinafter collectively collected). And the authentication server 20 for authenticating the validity of the clinical trial data.
 送信端末10との認証サーバ20との間は、インターネット等の通信ネットワークにより接続可能に構成されている。認証サーバ20と収集サーバ30との間は、インターネットまたは専用線等の通信ネットワークにより接続可能に構成されている。送信端末10は、医師が医療機関で使用する端末であってもよいし、臨床試験を受ける患者が使用する端末であってもよい。患者が使用する端末から臨床試験データを送信するようにすることで、医師による臨床試験データの改ざんを防ぐことができる。 The transmission terminal 10 and the authentication server 20 are configured to be connectable via a communication network such as the Internet. The authentication server 20 and the collection server 30 are configured to be connectable via a communication network such as the Internet or a dedicated line. The transmission terminal 10 may be a terminal used by a doctor in a medical institution, or may be a terminal used by a patient who undergoes a clinical test. By transmitting the clinical trial data from the terminal used by the patient, it is possible to prevent the clinical trial data from being falsified by the doctor.
 送信端末10から送信される臨床試験データには、医療機器を用いて測定される測定データと、問診による回答によって得られる問診データとがある。問診データは、患者が使用する端末から直接送信することが可能である。すなわち、患者の端末において問診に対する回答を行い、その結果得られる問診データを患者の端末から送信するようにすることが可能である。測定データについては、医療機関で測定を行った後、患者がその測定データを患者の端末に入力して、患者の端末から測定データを送信するようにする。 The clinical test data transmitted from the transmission terminal 10 includes measurement data measured using a medical device and inquiry data obtained by answering an inquiry. The inquiry data can be transmitted directly from the terminal used by the patient. That is, it is possible to reply to an inquiry at the patient's terminal and transmit the inquiry data obtained as a result from the patient's terminal. Regarding measurement data, after measurement is performed at a medical institution, the patient inputs the measurement data to the patient's terminal and transmits the measurement data from the patient's terminal.
 収集サーバ30は、分散型ネットワークにより接続された複数のサーバ30-1~30-3により構成されている。複数の収集サーバ30-1~30-3には、ブロックチェーン技術が導入されている。すなわち、送信端末10から送信された臨床試験データが、ブロックチェーン技術によって、複数の収集サーバ30-1~30-3において共有されている。なお、図示の簡略ため3つの収集サーバ30-1~30-3のみ示しているが、これ以上であってもよい。 The collection server 30 includes a plurality of servers 30 -1 to 30 -3 connected by a distributed network. A block chain technology is introduced into the plurality of collection servers 30 -1 to 30 -3 . That is, the clinical trial data transmitted from the transmission terminal 10 is shared among the plurality of collection servers 30 -1 to 30 -3 by the block chain technology. For simplicity, only three collection servers 30 -1 to 30 -3 are shown, but more than this may be used.
 図2は、認証サーバ20の機能構成例を示すブロック図である。図2に示すように、本実施形態の認証サーバ20は、その機能構成として、送信データ取得部21、蓄積データ取得部22、類似度算出部23、認証処理部24およびデータ提供制御部25を備えている。また、認証サーバ20は、記憶媒体として、類似度記憶部26を備えている。 FIG. 2 is a block diagram illustrating a functional configuration example of the authentication server 20. As shown in FIG. 2, the authentication server 20 of the present embodiment includes a transmission data acquisition unit 21, a stored data acquisition unit 22, a similarity calculation unit 23, an authentication processing unit 24, and a data provision control unit 25 as functional configurations. I have. Further, the authentication server 20 includes a similarity storage unit 26 as a storage medium.
 上記各機能ブロック21~25は、ハードウェア、DSP(Digital Signal Processor)、ソフトウェアの何れによっても構成することが可能である。例えばソフトウェアによって構成する場合、上記各機能ブロック21~25は、実際にはコンピュータのCPU、RAM、ROMなどを備えて構成され、RAMやROM、ハードディスクまたは半導体メモリ等の記録媒体に記憶されたプログラムが動作することによって実現される。 The functional blocks 21 to 25 can be configured by any of hardware, DSP (Digital Signal Processor), and software. For example, when configured by software, each of the functional blocks 21 to 25 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
 送信データ取得部21は、送信端末10から送信された個人の臨床試験データ(以下、送信データという)を取得する。蓄積データ取得部22は、送信データ取得部21が送信端末10から送信データを取得したときに、収集サーバ30(複数の収集サーバ30-1~30-3のどれでもよい)に蓄積されている上記個人と同一者の臨床試験データ(以下、蓄積データという)を取得する。 The transmission data acquisition unit 21 acquires personal clinical test data (hereinafter referred to as transmission data) transmitted from the transmission terminal 10. The accumulated data acquisition unit 22 is stored in the collection server 30 (which may be any of a plurality of collection servers 30 -1 to 30 -3 ) when the transmission data acquisition unit 21 acquires transmission data from the transmission terminal 10. Acquire clinical trial data (hereinafter referred to as accumulated data) of the same person as above.
 本実施形態では、収集サーバ30に蓄積されている臨床試験データのうち、前回蓄積された直近の臨床試験データを取得する。患者が臨床試験を受けている場合、治療によって症状が徐々に変化していくのが通例である。そのため、臨床試験を受けている患者が定期的に測定や問診を行った場合、その測定データや問診データの内容も徐々に変化していく。よって、蓄積データ取得部22は、送信データ取得部21が取得した今回の送信データとの比較対象として用いる蓄積データとして、前回蓄積された直近の臨床試験データを取得する。 In the present embodiment, the latest clinical trial data accumulated last time is acquired from the clinical trial data accumulated in the collection server 30. When a patient is undergoing a clinical trial, symptoms usually change gradually with treatment. For this reason, when a patient undergoing a clinical trial regularly performs measurements and interviews, the contents of the measurement data and the interview data gradually change. Therefore, the accumulated data acquisition unit 22 acquires the latest clinical test data accumulated last time as accumulated data used as a comparison target with the current transmission data acquired by the transmission data acquisition unit 21.
 なお、同一個人の臨床試験データを特定するために、個人の識別情報を臨床試験データに関連付けて管理する。すなわち、送信端末10から臨床試験データを送信する際に、個人の識別情報と共に送信する。また、臨床試験データを収集サーバ30において蓄積する際に、個人の識別情報と関連付けてデータベースに記憶する。個人の識別情報は、ユニークに設定したユーザID、送信端末10の端末IDなどを用いることが可能である。 In addition, in order to specify the clinical trial data of the same individual, the personal identification information is managed in association with the clinical trial data. That is, when clinical trial data is transmitted from the transmission terminal 10, it is transmitted together with personal identification information. Further, when the clinical trial data is accumulated in the collection server 30, it is stored in the database in association with personal identification information. As the personal identification information, a uniquely set user ID, a terminal ID of the transmission terminal 10, or the like can be used.
 類似度算出部23は、送信端末10から今回送信された個人の臨床試験データ(送信データ取得部21により取得された送信データ)と、収集サーバ30に蓄積されている上記個人と同一者に係る前回の臨床試験データ(蓄積データ取得部22により取得された蓄積データ)との類似度を算出する。 The similarity calculation unit 23 relates to the personal clinical test data transmitted this time from the transmission terminal 10 (transmission data acquired by the transmission data acquisition unit 21) and the same person as the individual stored in the collection server 30. The degree of similarity with the previous clinical test data (accumulated data acquired by the accumulated data acquisition unit 22) is calculated.
 類似度の算出法としては、種々の方法を用いることが可能である。本実施形態では一例として、類似度算出部23は、測定データなどの多値型の臨床試験データについてマハラノビス距離またはユークリッド距離を第1の類似度として算出するとともに、問診データなどの二値型の臨床試験データについてコサイン類似度を第2の類似度として算出する。 Various methods can be used as a method for calculating the similarity. In the present embodiment, as an example, the similarity calculation unit 23 calculates the Mahalanobis distance or the Euclidean distance as the first similarity for multi-value clinical trial data such as measurement data, and the binary type such as inquiry data. The cosine similarity is calculated as the second similarity for the clinical trial data.
 測定データとして、例えば血圧や体重といった単位の異なる複数種類のデータが含まれる場合、それらをまとめて標準化した上で、マハラノビス距離を算出するのが好ましい。一方、単位の同じ測定データしか含まれない場合は、標準化は行わずに、マハラノビス距離またはユークリッド距離を算出するようにしてよい。算出された距離が小さいほど類似度が大きく、距離が大きいほど類似度が小さいことを示す。 When the measurement data includes a plurality of types of data having different units such as blood pressure and weight, it is preferable to calculate the Mahalanobis distance after standardizing them together. On the other hand, when only measurement data having the same unit is included, the Mahalanobis distance or the Euclidean distance may be calculated without standardization. The smaller the calculated distance, the larger the similarity, and the larger the distance, the smaller the similarity.
 問診データとしては、質問に対して「はい」または「いいえ」の何れかで回答するものを想定している。問診データとして、複数の質問項目に対する回答が含まれる場合は、それらをまとめてコサイン類似度を算出する。算出された値が“1”に近いほど類似度が大きく、“0”に近いほど類似度が小さいことを示す。 * Interview data is assumed to answer either “Yes” or “No” to the question. In the case where answers to a plurality of question items are included as the inquiry data, they are collected and the cosine similarity is calculated. The closer the calculated value is to “1”, the higher the degree of similarity, and the closer to “0”, the lower the degree of similarity.
 なお、質問項目の中に、「はい」または「いいえ」の二値型で回答するものの他に、多値型で回答するものが含まれている場合は、その多値型で回答された質問項目の問診データに関しては、測定データとまとめてマハラノビス距離を算出する。 If a question item includes a multi-value answer in addition to a yes / no binary answer, the question answered in that multi-value answer For the item interview data, the Mahalanobis distance is calculated together with the measurement data.
 類似度算出部23は、算出した類似度を類似度記憶部26に記憶させる。送信データ取得部21が送信端末10から臨床試験データを取得する都度、蓄積データ取得部22により取得される前回の臨床試験データとの類似度を類似度算出部23が算出し、算出した類似度を類似度記憶部26に記憶させる。これにより、類似度記憶部26には、複数回分の類似度が蓄積されていく。 The similarity calculation unit 23 stores the calculated similarity in the similarity storage unit 26. Each time the transmission data acquisition unit 21 acquires clinical trial data from the transmission terminal 10, the similarity calculation unit 23 calculates the similarity with the previous clinical test data acquired by the accumulated data acquisition unit 22, and the calculated similarity Is stored in the similarity storage unit 26. As a result, the similarity storage unit 26 accumulates a plurality of similarities.
 認証処理部24は、類似度算出部23により算出された類似度に基づいて、送信データの正当性を認証する。本実施形態では、類似度算出部23により多値型の臨床試験データについて算出された第1の類似度(マハラノビス距離またはユークリッド距離)および二値型の臨床試験データについて算出された第2の類似度(コサイン類似度)に基づいて、送信データの正当性を認証する。 The authentication processing unit 24 authenticates the validity of the transmission data based on the similarity calculated by the similarity calculation unit 23. In the present embodiment, the similarity calculation unit 23 calculates the first similarity (Mahalanobis distance or Euclidean distance) calculated for the multivalued clinical trial data and the second similarity calculated for the binary clinical trial data. The validity of the transmission data is authenticated based on the degree (cosine similarity).
 すなわち、認証処理部24は、類似度が一定レベルを超える場合に、送信データが正当なものであると判定する。一方、認証処理部24は、類似度が一定レベル以下の場合に、送信データが不正なもの、つまり改ざんされたものであると判定する。具体的には、認証処理部24は、第1の類似度および第2の類似度のそれぞれについて個別に認証処理を行い、少なくとも一方の類似度が一定レベル以下の場合に、送信データが不正なものであると判定する。 That is, the authentication processing unit 24 determines that the transmission data is valid when the similarity exceeds a certain level. On the other hand, when the similarity is equal to or lower than a certain level, the authentication processing unit 24 determines that the transmission data is invalid, that is, falsified. Specifically, the authentication processing unit 24 individually performs authentication processing for each of the first similarity and the second similarity, and when at least one of the similarities is below a certain level, the transmission data is invalid. Judge that it is.
 同じ個人に関する臨床試験データであれば、逐次送信される臨床試験データの間に相関が認められるので、送信データと蓄積データとの類似度は比較的大きくなる。一方、送信データに改ざんが加えられると、蓄積データとの類似度は小さくなる。よって、送信データと蓄積データとの類似度が一定レベルを超えるか否かによって、送信データが正当なものか否かを判定することが可能である。 In the case of clinical trial data relating to the same individual, a correlation is recognized between the clinical trial data transmitted sequentially, and the similarity between the transmitted data and the stored data is relatively large. On the other hand, when the transmission data is tampered with, the degree of similarity with the stored data decreases. Therefore, it is possible to determine whether or not the transmission data is valid depending on whether or not the similarity between the transmission data and the stored data exceeds a certain level.
 類似度が一定レベルを超えるか否かの判定法としては、種々の方法を適用することが可能である。一例として、認証処理部24は、類似度算出部23により送信データについて算出された今回の類似度と、蓄積データについて前回までに類似度算出部23により算出された類似度(すなわち、類似度記憶部26に記憶されている複数回分の類似度)の平均値との差が閾値を超えるか否かによって、送信データの正当性を認証する。ここで用いる閾値は任意に設定可能である。例えば、複数回分の類似度から推定される分布の標準偏差×2の値を閾値として用いる。 種 々 Various methods can be applied as a method for determining whether or not the similarity exceeds a certain level. As an example, the authentication processing unit 24 calculates the current similarity calculated for the transmission data by the similarity calculation unit 23 and the similarity calculated by the similarity calculation unit 23 for the accumulated data up to the previous time (that is, the similarity storage). The validity of the transmission data is authenticated depending on whether or not the difference from the average value of the similarity degree stored in the unit 26 exceeds a threshold value. The threshold value used here can be set arbitrarily. For example, the standard deviation × 2 value of the distribution estimated from a plurality of similarities is used as the threshold value.
 別の例として、記認証処理部24は、類似度算出部23により算出された今回の類似度が閾値を超えるか否かによって、送信データの正当性を認証するようにしてもよい。この場合に用いる閾値も、任意に設定することが可能である。なお、このように今回の類似度と閾値とを比較する場合において、閾値をあらかじめ定めた固定値とする場合、類似度記憶部26に類似度の履歴を記憶することは不要となる。 As another example, the authentication processing unit 24 may authenticate the validity of the transmission data based on whether or not the current similarity calculated by the similarity calculation unit 23 exceeds a threshold value. The threshold used in this case can also be set arbitrarily. When comparing the current similarity and the threshold in this way, if the threshold is set to a predetermined fixed value, it is not necessary to store the similarity history in the similarity storage unit 26.
 なお、臨床試験データは、それが正当なものであっても、前回のデータとの類似度が毎回常に一定となるものではない。症状が急速に改善した場合あるいは急速に悪化した場合など、前回の臨床試験データとの類似度が比較的小さくなることもある。このように、算出される類似度にはある程度のバラツキが生じることが予想される。よって、上記2つの判定法のうち、正当な臨床試験データでも類似度にバラツキが生じることを考慮して閾値を動的に設定するようにした前者の判定法の方が、より好ましい。 In addition, even if the clinical trial data is valid, the similarity with the previous data is not always constant. The degree of similarity with the previous clinical trial data may be relatively small, such as when symptoms improve rapidly or worsen rapidly. Thus, it is expected that the calculated similarity will vary to some extent. Therefore, of the above two determination methods, the former determination method in which the threshold value is dynamically set in consideration of variations in similarity even in valid clinical test data is more preferable.
 認証処理部24は、認証の結果を類似度算出部23に通知する。類似度算出部23は、認証処理部24により送信データが正当なものであると判定された場合に限り、算出した類似度を類似度記憶部26に記憶させる。すなわち、認証処理部24により送信データが不正なものであると判定された場合には、算出した類似度は正しいものとは言えないので、類似度記憶部26に記憶させない。 The authentication processing unit 24 notifies the similarity calculation unit 23 of the authentication result. The similarity calculation unit 23 stores the calculated similarity in the similarity storage unit 26 only when the authentication processing unit 24 determines that the transmission data is valid. That is, when the authentication processing unit 24 determines that the transmission data is invalid, the calculated similarity is not correct and is not stored in the similarity storage unit 26.
 データ提供制御部25は、認証処理部24により正当であることが認証された送信データのみを収集サーバ30に提供するように制御する。本実施形態では、データ提供制御部25は、認証処理部24により正当であることが認証された送信データを、複数の収集サーバ30-1~30-3に対して提供する。このように、正当であることが認証された送信データのみを収集サーバ30に提供することにより、例えば医師が患者の送信端末10を乗っ取って不正な臨床試験データを収集サーバ30に送信することを防止することができる。 The data provision control unit 25 performs control so as to provide only the transmission data authenticated by the authentication processing unit 24 to the collection server 30. In the present embodiment, the data provision control unit 25 provides the transmission data authenticated by the authentication processing unit 24 to the plurality of collection servers 30 -1 to 30 -3 . In this way, by providing only the transmission data authenticated as valid to the collection server 30, for example, a doctor hijacks the patient's transmission terminal 10 and transmits unauthorized clinical test data to the collection server 30. Can be prevented.
 図3は、収集サーバ30の機能構成例を示すブロック図である。複数の収集サーバ30-1~30-3は、何れも同様の機能構成を有している。図3には、代表として収集サーバ30-1の機能構成例を示している。図3に示すように、収集サーバ30-1は、その機能構成として、提供データ取得部31、コンセンサス処理部32、蓄積制御部33および蓄積データ提供部34を備えている。また、収集サーバ30-1は、記憶媒体として、臨床試験データ記憶部35を備えている。 FIG. 3 is a block diagram illustrating a functional configuration example of the collection server 30. The plurality of collection servers 30 -1 to 30 -3 all have the same functional configuration. FIG. 3 shows a functional configuration example of the collection server 30-1 as a representative. As illustrated in FIG. 3, the collection server 30-1 includes a provision data acquisition unit 31, a consensus processing unit 32, a storage control unit 33, and a storage data provision unit 34 as functional configurations. The collection server 30-1 includes a clinical test data storage unit 35 as a storage medium.
 上記各機能ブロック31~34は、ハードウェア、DSP、ソフトウェアの何れによっても構成することが可能である。例えばソフトウェアによって構成する場合、上記各機能ブロック31~34は、実際にはコンピュータのCPU、RAM、ROMなどを備えて構成され、RAMやROM、ハードディスクまたは半導体メモリ等の記録媒体に記憶されたプログラムが動作することによって実現される。 The functional blocks 31 to 34 can be configured by any of hardware, DSP, and software. For example, when configured by software, each of the functional blocks 31 to 34 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
 提供データ取得部31は、認証サーバ20から提供された臨床試験データ(正当であると判定された今回の送信データ)を取得する。コンセンサス処理部32は、複数の収集サーバ30-1~30-3の全体で送信データを共有するための合意形成処理を行う。この合意形成処理として、ブロックチェーン技術で公知のコンセンサスアルゴリズムを用いることが可能である。例えば、提供データ取得部31は、PBFT(Practical Byzantine Fault Tolerance)のコンセンサスアルゴリズムを用いて合意形成処理を行うことにより、各収集サーバ30-1~30-3で取得した臨床試験データの正当性を検証する。 The provided data acquisition unit 31 acquires clinical test data provided from the authentication server 20 (current transmission data determined to be valid). The consensus processing unit 32 performs consensus forming processing for sharing the transmission data among the plurality of collection servers 30 -1 to 30 -3 as a whole. As this consensus building process, it is possible to use a consensus algorithm known in the block chain technology. For example, the provided data acquisition unit 31 performs the consensus building process using a PBFT (Practical Byzantine Fault Tolerance) consensus algorithm, thereby validating the clinical trial data acquired by each of the collection servers 30 -1 to 30 -3. Validate.
 蓄積制御部33は、コンセンサス処理部32により合意形成された送信データのみを、蓄積データとして新たに臨床試験データ記憶部35に蓄積するように制御する。このように、コンセンサス処理部32により正当であることが検証された送信データのみを臨床試験データ記憶部35に記憶させることにより、例えば、収集サーバ30に悪質なプログラムが仕掛けられることにより臨床試験データの改ざんが行われることを防止することができる。 The accumulation control unit 33 performs control so that only transmission data that is consensus-formed by the consensus processing unit 32 is newly accumulated in the clinical trial data storage unit 35 as accumulated data. In this way, by storing only the transmission data verified as valid by the consensus processing unit 32 in the clinical test data storage unit 35, for example, a clinical program data can be obtained by setting a malicious program on the collection server 30. Can be prevented from being tampered with.
 蓄積データ提供部34は、認証サーバ20の蓄積データ取得部22からの要求に応じて、臨床試験データ記憶部35に記憶されている臨床試験データの中から、送信データ取得部21が取得した送信データと同一個人に係る前回の臨床試験データを読み出して、蓄積データ取得部22に提供する。 The accumulated data providing unit 34 transmits the transmission acquired by the transmission data acquiring unit 21 from the clinical test data stored in the clinical test data storage unit 35 in response to a request from the accumulated data acquiring unit 22 of the authentication server 20. The previous clinical trial data relating to the same individual as the data is read and provided to the accumulated data acquisition unit 22.
 上述のように、臨床試験データ記憶部35に記憶されている臨床試験データは、コンセンサス処理部32により正当であることが検証されたデータのみである。したがって、認証サーバ20の類似度算出部23が類似度を算出する際に送信データとの比較対象として用いる蓄積データの正当性が保証される。これにより、認証処理部24による送信データの認証精度を担保することができる。 As described above, the clinical test data stored in the clinical test data storage unit 35 is only data verified by the consensus processing unit 32 as valid. Therefore, the validity of the stored data used as a comparison target with the transmission data when the similarity calculation unit 23 of the authentication server 20 calculates the similarity is guaranteed. Thereby, the authentication precision of the transmission data by the authentication process part 24 can be ensured.
 すなわち、認証処理部24による認証処理では、同一個人の既存の臨床試験データに依存する形で正当性の判定を行っている。これに対し、既存の臨床試験データが蓄積される収集サーバ30側で十分なセキュリティが確保されることで、認証処理部24による認証処理の精度を担保することが可能となる。 That is, in the authentication process by the authentication processing unit 24, the validity is determined in a manner that depends on the existing clinical trial data of the same individual. On the other hand, it is possible to ensure the accuracy of the authentication processing by the authentication processing unit 24 by ensuring sufficient security on the collection server 30 side where the existing clinical trial data is accumulated.
 図4は、上記のように構成した本実施形態によるセキュリティシステムの動作例を示すフローチャートである。まず、送信端末10は、臨床試験データを認証サーバ20に送信する(ステップS1)。認証サーバ20の送信データ取得部21は、送信端末10から送信された臨床試験データ(送信データ)を取得する(ステップS2)。 FIG. 4 is a flowchart showing an example of the operation of the security system according to the present embodiment configured as described above. First, the transmission terminal 10 transmits clinical test data to the authentication server 20 (step S1). The transmission data acquisition unit 21 of the authentication server 20 acquires clinical trial data (transmission data) transmitted from the transmission terminal 10 (step S2).
 送信データ取得部21が送信データを取得すると、蓄積データ取得部22は、当該送信データの識別情報と同一の識別情報(すなわち、同一の患者)に係る蓄積データの取得を収集サーバ30に要求する(ステップS3)。 When the transmission data acquisition unit 21 acquires transmission data, the storage data acquisition unit 22 requests the collection server 30 to acquire storage data related to the same identification information (that is, the same patient) as the identification information of the transmission data. (Step S3).
 収集サーバ30の蓄積データ提供部34は、この要求を受けて、送信データと同一患者に係る前回の蓄積データを臨床試験データ記憶部35から読み出して、認証サーバ20に提供する(ステップS4)。認証サーバ20の蓄積データ取得部22は、蓄積データ提供部34から提供された蓄積データを取得する(ステップS5)。 In response to this request, the accumulated data providing unit 34 of the collection server 30 reads the previous accumulated data related to the same patient as the transmission data from the clinical trial data storage unit 35 and provides it to the authentication server 20 (step S4). The accumulated data acquisition unit 22 of the authentication server 20 acquires the accumulated data provided from the accumulated data providing unit 34 (step S5).
 類似度算出部23は、ステップS2で送信データ取得部21により取得された今回の臨床試験データ(送信データ)と、ステップS5で蓄積データ取得部22により取得された前回の臨床試験データ(蓄積データ)との類似度を算出する(ステップS6)。そして、認証処理部24は、類似度算出部23により算出された類似度に基づいて、送信データの正当性を認証する(ステップS7)。 The similarity calculation unit 23 obtains the current clinical test data (transmission data) acquired by the transmission data acquisition unit 21 in step S2 and the previous clinical test data (accumulation data) acquired by the accumulation data acquisition unit 22 in step S5. ) Is calculated (step S6). And the authentication process part 24 authenticates the legitimacy of transmission data based on the similarity calculated by the similarity calculation part 23 (step S7).
 認証処理部24は、認証の結果、今回の送信データが正当なデータであるか否かを判定する(ステップS8)。ここで、今回の送信データが正当なデータであると認証処理部24により判定された場合、類似度算出部23は、算出した類似度を類似度記憶部26に記憶させる(ステップS9)。また、データ提供制御部25は、ステップS2で送信データ取得部21が送信端末10から取得した臨床試験データを収集サーバ30に提供する(ステップS10)。 The authentication processing unit 24 determines whether or not the current transmission data is valid as a result of the authentication (step S8). Here, when the authentication processing unit 24 determines that the current transmission data is valid data, the similarity calculation unit 23 stores the calculated similarity in the similarity storage unit 26 (step S9). Moreover, the data provision control part 25 provides the clinical trial data which the transmission data acquisition part 21 acquired from the transmission terminal 10 by step S2 to the collection server 30 (step S10).
 一方、今回の送信データが不正なデータであると認証処理部24により判定された場合、ステップS9,S10の処理は行わず、認証サーバ20の処理が終了する。 On the other hand, when the authentication processing unit 24 determines that the current transmission data is illegal data, the processing of the authentication server 20 is terminated without performing the processing of steps S9 and S10.
 認証処理部24による認証に成功した場合、収集サーバ30の提供データ取得部31は、認証サーバ20から提供された臨床試験データ(今回の送信データ)を取得する(ステップS11)。そして、コンセンサス処理部32は、複数の収集サーバ30-1~30-3の全体で送信データを共有するための合意形成処理を行い、各収集サーバ30-1~30-3で取得した送信データの正当性を検証する(ステップS12)。 When authentication by the authentication processing unit 24 is successful, the provided data acquisition unit 31 of the collection server 30 acquires clinical trial data (current transmission data) provided from the authentication server 20 (step S11). Then, the consensus processing unit 32 performs consensus formation processing for sharing the transmission data among the plurality of collection servers 30 -1 to 30 -3 , and the transmission data acquired by the collection servers 30 -1 to 30 -3. Is verified (step S12).
 次いで、蓄積制御部33は、コンセンサス処理部32により送信データの合意形成がなされたか否かを判定する(ステップS13)。送信データについて合意形成が成功した場合、蓄積制御部33は、当該送信データを蓄積データとして新たに臨床試験データ記憶部35に記憶させる(ステップS14)。一方、合意形成ができなかった場合、ステップS14の処理は行わず、収集サーバ30の処理が終了する。 Next, the accumulation control unit 33 determines whether or not consensus processing unit 32 has formed consensus on transmission data (step S13). When the consensus building is successful for the transmission data, the accumulation control unit 33 newly stores the transmission data in the clinical trial data storage unit 35 as accumulation data (step S14). On the other hand, when the consensus cannot be formed, the process of step S14 is not performed, and the process of the collection server 30 ends.
 以上詳しく説明したように、本実施形態では、送信端末10から認証サーバ20に送信された個人の臨床試験データである送信データと、当該臨床試験データを収集して蓄積する収集サーバ30に蓄積されている上記個人と同一者の臨床試験データである蓄積データとの類似度を算出し、算出された類似度に基づいて送信データの正当性を認証して、正当であることが認証された送信データのみを認証サーバ20から収集サーバ30に提供するようにしている。 As described above in detail, in the present embodiment, transmission data that is personal clinical test data transmitted from the transmission terminal 10 to the authentication server 20 and the collection server 30 that collects and accumulates the clinical test data are stored. The degree of similarity between the above-mentioned individual and the stored data that is the clinical trial data of the same person is calculated, the validity of the transmission data is authenticated based on the calculated degree of similarity, and the transmission that has been authenticated is verified Only the data is provided from the authentication server 20 to the collection server 30.
 このように構成した本実施形態によれば、送信端末10から収集サーバ30に臨床試験データを逐次送信する場合、今回送信された臨床試験データと、前回までに送信されて収集サーバ30に蓄積されている臨床試験データとの類似度に基づいて、今回送信された臨床試験データの正当性が認証される。ここで、蓄積データとの類似度が小さくなっている臨床試験データは改ざんされたデータであると判定し、認証サーバ20から収集サーバ30に提供しないようにすることができる。これにより、医師による送信端末10の乗っ取り等によって不正な臨床試験データが収集サーバ30に送信されることを防ぐことができる。 According to the present embodiment configured as described above, when clinical trial data is sequentially transmitted from the transmission terminal 10 to the collection server 30, the clinical trial data transmitted this time and the previous transmission and accumulation in the collection server 30 are performed. The validity of the clinical trial data transmitted this time is authenticated based on the similarity with the existing clinical trial data. Here, it is possible to determine that the clinical trial data having a small similarity to the stored data is falsified data and not provide the authentication server 20 to the collection server 30. Thereby, it is possible to prevent unauthorized clinical test data from being transmitted to the collection server 30 due to hijacking of the transmission terminal 10 by a doctor.
 また、本実施形態では、分散型ネットワークにより接続された複数の集積サーバ30-1~30-3にブロックチェーン技術を導入し、当該複数の収集サーバ30-1~30-3の全体で送信データを共有するための合意形成がとれた場合にのみ、認証サーバ20から収集サーバ30に提供された送信データを新たな蓄積データとして臨床試験データ記憶部35に記憶させるようにしている。 In this embodiment, the block chain technology is introduced to the plurality of integrated servers 30 -1 to 30 -3 connected by the distributed network, and the transmission data is transmitted to the whole collection servers 30 -1 to 30 -3. Only when the consensus is formed to share the transmission data, the transmission data provided from the authentication server 20 to the collection server 30 is stored in the clinical trial data storage unit 35 as new accumulated data.
 これにより、収集サーバ30に悪質なプログラムが仕掛けられることにより臨床試験データの改ざんが行われることを防止することができる。また、認証サーバ20の類似度算出部23が類似度を算出する際に送信データとの比較対象として用いる蓄積データの正当性を担保することができるので、認証処理部24によって行われる送信データの認証処理の精度を担保することができる。 Thereby, it is possible to prevent the clinical trial data from being tampered with when a malicious program is set on the collection server 30. Also, since the similarity calculation unit 23 of the authentication server 20 can ensure the validity of the accumulated data used as a comparison target with the transmission data when calculating the similarity, the transmission data of the transmission data performed by the authentication processing unit 24 can be secured. The accuracy of the authentication process can be ensured.
 以上のように、本実施形態のセキュリティシステムによれば、第三者機関による人手を介さずに、臨床試験の送信データの改ざんを効果的に防止することができる。 As described above, according to the security system of the present embodiment, it is possible to effectively prevent falsification of transmission data of clinical trials without intervention by a third party.
 なお、上記実施形態では、コンセンサスアルゴリズムの一例としてPBFTを用いる例について説明したが、本発明はこれに限定されない。例えば、Proof of Work、Proof of Stake、Paxos、Raft、Sieveなどの他のコンセンサスアルゴリズムを用いてもよい。 In the above embodiment, an example using PBFT as an example of a consensus algorithm has been described, but the present invention is not limited to this. For example, other consensus algorithms such as Proof of Work, Proof of Take, Paxos, Raft, and Sieve may be used.
 また、上記実施形態では、認証処理部24により臨床試験データが正当なものであると判定された場合に、類似度を類似度記憶部26に記憶させるようにしている。これに対し、その後、コンセンサス処理部32により送信データの共有に関する合意形成がとれなかった場合に、そのことを認証サーバ20に通知して、類似度記憶部26に記憶させた最新の類似度を削除するようにするのが好ましい。 In the above embodiment, when the authentication processing unit 24 determines that the clinical test data is valid, the similarity is stored in the similarity storage unit 26. On the other hand, when the consensus processing unit 32 fails to form a consensus regarding transmission data sharing, the authentication server 20 is notified of this and the latest similarity stored in the similarity storage unit 26 is notified. It is preferable to delete them.
 また、上記実施形態では、前回の臨床試験データを認証サーバ20が収集サーバ30から取得する例について説明したが、本発明はこれに限定されない。例えば、認証サーバ20に最新の臨床試験データを記憶させておき、認証サーバ20自身から前回の臨床試験データを取得するようにしてもよい。 In the above embodiment, the example in which the authentication server 20 acquires the previous clinical test data from the collection server 30 has been described. However, the present invention is not limited to this. For example, the latest clinical test data may be stored in the authentication server 20 and the previous clinical test data may be acquired from the authentication server 20 itself.
 この場合、認証サーバ20もブロックチェーンに組み込んで、複数の集積サーバ30-1~30-3と認証サーバ20との全体で送信データを共有するためのコンセンサス処理を実行するようにしてもよい。そして、合意形成がとれた場合にのみ、その送信データを複数の集積サーバ30-1~30-3および認証サーバ20に記憶させるようにしてもよい。 In this case, the authentication server 20 may also be incorporated into the block chain, and a consensus process for sharing the transmission data among the plurality of integrated servers 30 -1 to 30 -3 and the authentication server 20 may be executed. Then, only when the consensus is taken, it may be caused to store the transmission data to a plurality of integrated servers 30-1 to 30 -3 and the authentication server 20.
 また、上記実施形態では、複数のサーバ30-1~30-3を分散型ネットワークにより接続してブロックチェーン技術を導入する例について説明したが、これは必須ではない。すなわち、認証サーバ20だけでも、臨床試験の送信データの改ざんを防止することが可能である。ただし、ブロックチェーン技術と組み合わせた方がセキュリティレベルが上がるので、上記実施形態のように構成するのがより好ましい。 In the above embodiment, the example in which the block chain technology is introduced by connecting a plurality of servers 30 -1 to 30 -3 via a distributed network has been described, but this is not essential. That is, the authentication server 20 alone can prevent falsification of clinical trial transmission data. However, since the security level increases when combined with the block chain technology, it is more preferable to configure as in the above embodiment.
 その他、上記実施形態は、何れも本発明を実施するにあたっての具体化の一例を示したものに過ぎず、これによって本発明の技術的範囲が限定的に解釈されてはならないものである。すなわち、本発明はその要旨、またはその主要な特徴から逸脱することなく、様々な形で実施することができる。 In addition, each of the above-described embodiments is merely an example of implementation in carrying out the present invention, and the technical scope of the present invention should not be construed in a limited manner. That is, the present invention can be implemented in various forms without departing from the gist or the main features thereof.
 10 送信端末
 20 認証サーバ
 21 送信データ取得部
 22 蓄積データ取得部
 23 類似度算出部
 24 認証処理部
 25 データ提供制御部
 26 類似度記憶部
 30 収集サーバ
 31 提供データ取得部
 32 コンセンサス処理部
 33 蓄積制御部
 34 蓄積データ提供部
 35 臨床試験データ記憶部 DESCRIPTION OF SYMBOLS 10 Transmission terminal 20 Authentication server 21 Transmission data acquisition part 22 Accumulated data acquisition part 23 Similarity calculation part 24 Authentication processing part 25 Data provision control part 26 Similarity storage part 30 Collection server 31 Provision data acquisition part 32 Consensus processing part 33 Accumulation control Department 34 Accumulated data provision department 35 Clinical trial data storage section

Claims (11)

  1.  臨床試験データを送信する送信端末と、上記臨床試験データを収集して蓄積する収集サーバと、上記臨床試験データの正当性を認証する認証サーバとを備えて構成され、
     上記認証サーバは、
     上記送信端末から送信された個人の上記臨床試験データである送信データと、上記収集サーバに蓄積されている上記個人と同一者の上記臨床試験データである蓄積データとの類似度を算出する類似度算出部と、
     上記類似度算出部により算出された上記類似度に基づいて、上記送信データの正当性を認証する認証処理部と、
     上記認証処理部により正当であることが認証された上記送信データのみを上記収集サーバに提供するように制御するデータ提供制御部とを備えたことを特徴とするセキュリティシステム。     A transmission terminal that transmits clinical trial data; a collection server that collects and stores the clinical trial data; and an authentication server that authenticates the validity of the clinical trial data.
    The authentication server
    Similarity for calculating similarity between transmission data, which is the clinical trial data of the individual transmitted from the transmission terminal, and accumulated data, which is the clinical trial data of the same person as the individual, stored in the collection server A calculation unit;
    An authentication processor that authenticates the validity of the transmission data based on the similarity calculated by the similarity calculator;
    A security system, comprising: a data provision control unit that performs control so that only the transmission data authenticated by the authentication processing unit is provided to the collection server.
  2.  上記収集サーバは、分散型ネットワークにより接続された複数のサーバにより構成され、
     上記認証サーバの上記データ提供制御部は、上記複数の収集サーバに対して上記送信データを提供し、
     上記複数の収集サーバは、
     上記複数の収集サーバの全体で上記送信データを共有するための合意形成処理を行うコンセンサス処理部と、
     上記コンセンサス処理部により合意形成された上記送信データのみを上記蓄積データとして新たに蓄積するように制御する蓄積制御部とを備えたことを特徴とする請求項1に記載のセキュリティシステム。     The collection server is composed of a plurality of servers connected by a distributed network,
    The data provision control unit of the authentication server provides the transmission data to the plurality of collection servers,
    The multiple collection servers
    A consensus processing unit that performs consensus formation processing for sharing the transmission data across the plurality of collection servers;
    The security system according to claim 1, further comprising: an accumulation control unit that controls to newly accumulate only the transmission data that is consensus-formed by the consensus processing unit as the accumulated data.
  3.  上記認証サーバは、
     上記送信端末から送信された上記送信データを取得する送信データ取得部と、
     上記送信データ取得部が上記送信端末から上記送信データを取得したときに、上記コンセンサス処理部により合意形成されたことによって上記蓄積制御部により蓄積された上記蓄積データを上記収集サーバから取得する蓄積データ取得部とを備え、
     上記類似度算出部は、上記送信データ取得部により取得された送信データと、上記蓄積データ取得部により取得された上記蓄積データとの類似度を算出することを特徴とする請求項2に記載のセキュリティシステム。     The authentication server
    A transmission data acquisition unit for acquiring the transmission data transmitted from the transmission terminal;
    Accumulated data for acquiring, from the collection server, the accumulated data accumulated by the accumulation control unit by consensus formation by the consensus processing unit when the transmission data obtaining unit obtains the transmission data from the transmission terminal. With an acquisition unit,
    3. The similarity calculation unit according to claim 2, wherein the similarity calculation unit calculates a similarity between the transmission data acquired by the transmission data acquisition unit and the storage data acquired by the storage data acquisition unit. Security system.
  4.  上記類似度算出部は、多値型の上記臨床試験データについてマハラノビス距離またはユークリッド距離を第1の類似度として算出するとともに、二値型の上記臨床試験データについてコサイン類似度を第2の類似度として算出し、
     上記認証処理部は、上記類似度算出部により算出された上記第1の類似度および上記第2の類似度に基づいて、上記送信データの正当性を認証することを特徴とする請求項1~3の何れか1項に記載のセキュリティシステム。     The similarity calculation unit calculates the Mahalanobis distance or Euclidean distance as the first similarity for the multi-value clinical trial data, and sets the cosine similarity as the second similarity for the binary clinical trial data. As
    The authentication processing unit authenticates validity of the transmission data based on the first similarity and the second similarity calculated by the similarity calculation unit. 4. The security system according to any one of items 3.
  5.  上記類似度算出部は、上記送信端末から今回送信された上記臨床試験データである上記送信データと、上記収集サーバに上記蓄積データとして蓄積された前回の上記臨床試験データとの類似度を算出し、
     上記認証処理部は、上記類似度算出部により上記送信データについて算出された今回の類似度と、上記蓄積データについて前回までに上記類似度算出部により算出された類似度の平均値との差が閾値を超えるか否かによって、上記送信データの正当性を認証することを特徴とする請求項1~4の何れか1項に記載のセキュリティシステム。     The similarity calculation unit calculates the similarity between the transmission data, which is the clinical trial data transmitted from the transmission terminal this time, and the previous clinical trial data stored as the storage data in the collection server. ,
    The authentication processing unit has a difference between the current similarity calculated for the transmission data by the similarity calculation unit and the average value of the similarities calculated by the similarity calculation unit up to the previous time for the accumulated data. 5. The security system according to claim 1, wherein the validity of the transmission data is authenticated depending on whether or not a threshold value is exceeded.
  6.  上記認証サーバは、上記類似度算出部により算出された類似度を記憶する類似度記憶部を更に備え、
     上記認証処理部は、上記類似度記憶部に記憶されている類似度に基づいて上記前回までの類似度の平均値を算出し、当該平均値と上記今回の類似度との差が上記閾値を超えるか否かによって、上記送信データの正当性を認証し、
     上記類似度算出部は、上記認証処理部により上記送信データが正当なものであると判定された場合に限り、上記今回の類似度を上記類似度記憶部に記憶させることを特徴とする請求項5に記載のセキュリティシステム。     The authentication server further includes a similarity storage unit that stores the similarity calculated by the similarity calculation unit,
    The authentication processing unit calculates an average value of the similarities up to the previous time based on the similarity stored in the similarity storage unit, and the difference between the average value and the current similarity is set to the threshold value. Authenticates the validity of the transmission data depending on whether it exceeds,
    The similarity calculation unit stores the similarity of the current time in the similarity storage unit only when the authentication processing unit determines that the transmission data is valid. 5. The security system according to 5.
  7.  上記類似度算出部は、上記送信端末から今回送信された上記臨床試験データである上記送信データと、上記収集サーバに上記蓄積データとして蓄積された前回の上記臨床試験データとの類似度を算出し、
     上記認証処理部は、上記類似度算出部により算出された上記類似度が閾値を超えるか否かによって、上記送信データの正当性を認証することを特徴とする請求項1~4の何れか1項に記載のセキュリティシステム。     The similarity calculation unit calculates the similarity between the transmission data, which is the clinical trial data transmitted from the transmission terminal this time, and the previous clinical trial data stored as the storage data in the collection server. ,
    The authentication processing unit authenticates the validity of the transmission data depending on whether the similarity calculated by the similarity calculation unit exceeds a threshold value. The security system described in the section.
  8.  送信端末から送信された臨床試験データを収集サーバに提供する際に、上記臨床試験データの正当性を認証する認証サーバであって、
     上記送信端末から送信された個人の上記臨床試験データである送信データと、上記収集サーバに蓄積されている上記個人と同一者の上記臨床試験データである蓄積データとの類似度を算出する類似度算出部と、
     上記類似度算出部により算出された上記類似度に基づいて、上記送信データの正当性を認証する認証処理部と、
     上記認証処理部により正当であることが認証された上記送信データのみを上記収集サーバに提供するように制御するデータ提供制御部とを備えたことを特徴とする認証サーバ。     An authentication server that authenticates the validity of the clinical trial data when providing the clinical trial data transmitted from the transmission terminal to the collection server,
    Similarity for calculating similarity between transmission data, which is the clinical trial data of the individual transmitted from the transmission terminal, and accumulated data, which is the clinical trial data of the same person as the individual, stored in the collection server A calculation unit;
    An authentication processor that authenticates the validity of the transmission data based on the similarity calculated by the similarity calculator;
    An authentication server, comprising: a data provision control unit that performs control so that only the transmission data that is authenticated by the authentication processing unit is provided to the collection server.
  9.  上記データ提供制御部は、分散型ネットワークにより接続された上記収集サーバであって各々が上記送信データを共有するための合意形成処理を行う機能を有する複数の上記収集サーバに対して、上記認証処理部により正当であることが認証された上記送信データを提供することを特徴とする請求項8に記載の認証サーバ。 The data provision control unit is configured to perform the authentication process on a plurality of the collection servers connected by a distributed network and each having a function of performing an agreement formation process for sharing the transmission data. The authentication server according to claim 8, wherein the transmission data authenticated by the unit is authenticated.
  10.  上記類似度算出部は、上記送信端末から今回送信された上記臨床試験データである上記送信データと、上記収集サーバに上記蓄積データとして蓄積された前回の上記臨床試験データとの類似度を算出し、
     上記認証処理部は、上記類似度算出部により上記送信データについて算出された今回の類似度と、上記蓄積データについて前回までに上記類似度算出部により算出された類似度の平均値との差が閾値を超えるか否かによって、上記送信データの正当性を認証することを特徴とする請求項8または9に記載の認証サーバ。     The similarity calculation unit calculates the similarity between the transmission data, which is the clinical trial data transmitted from the transmission terminal this time, and the previous clinical trial data stored as the storage data in the collection server. ,
    The authentication processing unit has a difference between the current similarity calculated for the transmission data by the similarity calculation unit and the average value of the similarities calculated by the similarity calculation unit up to the previous time for the accumulated data. The authentication server according to claim 8 or 9, wherein the validity of the transmission data is authenticated depending on whether or not a threshold value is exceeded.
  11.  上記類似度算出部により算出された類似度を記憶する類似度記憶部を更に備え、
     上記認証処理部は、上記類似度記憶部に記憶されている類似度に基づいて上記前回までの類似度の平均値を算出し、当該平均値と上記今回の類似度との差が上記閾値を超えるか否かによって、上記送信データの正当性を認証し、
     上記類似度算出部は、上記認証処理部により上記送信データが正当なものであると判定された場合に限り、上記今回の類似度を上記類似度記憶部に記憶させることを特徴とする請求項10に記載の認証サーバ。     A similarity storage unit that stores the similarity calculated by the similarity calculation unit;
    The authentication processing unit calculates an average value of the similarities up to the previous time based on the similarity stored in the similarity storage unit, and the difference between the average value and the current similarity is set to the threshold value. Authenticates the validity of the transmission data depending on whether it exceeds,
    The similarity calculation unit stores the similarity of the current time in the similarity storage unit only when the authentication processing unit determines that the transmission data is valid. 10. The authentication server according to 10.
PCT/JP2016/086336 2016-12-07 2016-12-07 Security system and authentication server WO2018105049A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2016/086336 WO2018105049A1 (en) 2016-12-07 2016-12-07 Security system and authentication server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2016/086336 WO2018105049A1 (en) 2016-12-07 2016-12-07 Security system and authentication server

Publications (1)

Publication Number Publication Date
WO2018105049A1 true WO2018105049A1 (en) 2018-06-14

Family

ID=62490834

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/086336 WO2018105049A1 (en) 2016-12-07 2016-12-07 Security system and authentication server

Country Status (1)

Country Link
WO (1) WO2018105049A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020079788A1 (en) * 2018-10-17 2020-04-23 サスメド株式会社 Fraud detection system and fraud detection device
CN111478957A (en) * 2020-04-02 2020-07-31 深圳市人工智能与机器人研究院 Experimental data processing method and device based on block chain and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002336203A (en) * 2001-05-17 2002-11-26 Yokogawa Electric Corp Medical information management system
JP2011523473A (en) * 2008-03-26 2011-08-11 セラノス, インコーポレイテッド Methods and systems for assessing clinical outcome
WO2012104949A1 (en) * 2011-01-31 2012-08-09 パナソニック株式会社 Disease case study search device and disease case study search method
JP2015204038A (en) * 2014-04-15 2015-11-16 日本電信電話株式会社 Vital information processing server, method for processing vital information, and program
JP2016532349A (en) * 2013-10-03 2016-10-13 クアルコム,インコーポレイテッド Physically non-clonal function pattern matching for device identification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002336203A (en) * 2001-05-17 2002-11-26 Yokogawa Electric Corp Medical information management system
JP2011523473A (en) * 2008-03-26 2011-08-11 セラノス, インコーポレイテッド Methods and systems for assessing clinical outcome
WO2012104949A1 (en) * 2011-01-31 2012-08-09 パナソニック株式会社 Disease case study search device and disease case study search method
JP2016532349A (en) * 2013-10-03 2016-10-13 クアルコム,インコーポレイテッド Physically non-clonal function pattern matching for device identification
JP2015204038A (en) * 2014-04-15 2015-11-16 日本電信電話株式会社 Vital information processing server, method for processing vital information, and program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CASTRO, MIGUEL ET AL.: "Byzantine Fault Tolerance Can Be Fast", INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, 1 July 2001 (2001-07-01), pages 513 - 518, XP031172842, Retrieved from the Internet <URL:http://ieeexplore.ieee.org/document/941437> [retrieved on 20170228] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020079788A1 (en) * 2018-10-17 2020-04-23 サスメド株式会社 Fraud detection system and fraud detection device
CN111478957A (en) * 2020-04-02 2020-07-31 深圳市人工智能与机器人研究院 Experimental data processing method and device based on block chain and computer equipment
CN111478957B (en) * 2020-04-02 2023-09-08 深圳市人工智能与机器人研究院 Experimental data processing method and device based on block chain and computer equipment

Similar Documents

Publication Publication Date Title
US11055419B2 (en) Decentralized data authentication system for creation of integrated lifetime health records
KR102193644B1 (en) Facility verification method and device
Benil et al. Cloud based security on outsourcing using blockchain in E-health systems
CN107508812B (en) Industrial control network data storage method, calling method and system
CN110931093B (en) Medical information sharing system and method
US9553858B2 (en) Hardware-based credential distribution
US8145520B2 (en) Method and system for verifying election results
US20200374300A1 (en) Database malicious peer identification
US20200374301A1 (en) Malicious peer identification for database block sequence
US20070260484A1 (en) System and method for implementing healthcare fraud countermeasures
CN110995751B (en) Big data intelligent medical treatment and old age care service method and system based on block chain
CN101443775A (en) Biometric authentication system and method with vulnerability verification
CN111881481A (en) Block chain-based medical data processing method, device, equipment and storage medium
WO2020083629A1 (en) Issuing device and method for issuing and requesting device and method for requesting a digital certificate
WO2018105049A1 (en) Security system and authentication server
AU2023201756A1 (en) Biometric digital signature generation for identity verification
CN114257376A (en) Digital certificate updating method and device, computer equipment and storage medium
CN110535958B (en) Health information storage method and related equipment
Alansari et al. Efficient and privacy-preserving contact tracing system for COVID-19 using blockchain
KR102168682B1 (en) Authenticating method and apparatus
US20220385653A1 (en) Methods and devices for granting temporary remote access via biometric data
US20200160943A1 (en) Security system and node device used in same
US20230239154A1 (en) Secure communication of user device data
Yoon-Su et al. RETRACTED ARTICLE: Staganography-based healthcare model for safe handling of multimedia health care information using VR
Sahoo et al. Dual-encrypted privacy preservation in Blockchain-enabled IoT healthcare system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16923180

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16923180

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP