WO2018229867A1 - Système de protection d'informations personnelles - Google Patents

Système de protection d'informations personnelles Download PDF

Info

Publication number
WO2018229867A1
WO2018229867A1 PCT/JP2017/021806 JP2017021806W WO2018229867A1 WO 2018229867 A1 WO2018229867 A1 WO 2018229867A1 JP 2017021806 W JP2017021806 W JP 2017021806W WO 2018229867 A1 WO2018229867 A1 WO 2018229867A1
Authority
WO
WIPO (PCT)
Prior art keywords
public key
unit
information
node devices
encrypted
Prior art date
Application number
PCT/JP2017/021806
Other languages
English (en)
Japanese (ja)
Inventor
太郎 上野
太祐 市川
Original Assignee
サスメド株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by サスメド株式会社 filed Critical サスメド株式会社
Priority to JP2017552511A priority Critical patent/JP6245782B1/ja
Priority to PCT/JP2017/021806 priority patent/WO2018229867A1/fr
Publication of WO2018229867A1 publication Critical patent/WO2018229867A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/40ICT specially adapted for the handling or processing of patient-related medical or healthcare data for data related to laboratory analysis, e.g. patient specimen analysis

Definitions

  • the present invention relates to a personal information protection system, and in particular, is suitable for use in a system for enabling exchange between a patient and a medical institution while protecting biometric information and medical record information, which are personal information of a patient. is there.
  • Medical data recorded in the electronic medical record is a record of medical care performed for each patient, and also serves as a case database. In other words, it is expected that electronic medical records relating to various cases are accumulated in a database and shared to help improve medical quality.
  • the authenticity of the information recorded in the electronic medical record is strictly required. Therefore, it is necessary to introduce a mechanism for preventing falsification of information recorded in the electronic medical record.
  • the electronic medical record provided by the doctor is prevented from being altered, but also the patient's biological information provided by the patient to the doctor. It is also necessary to prevent falsification of information (such as information measured by a medical device placed in the patient's home).
  • the patient's biological information is personal information, the realization of confidentiality that is not disclosed to anyone other than authorized persons is also required.
  • Patent Documents 1 and 2 disclose inventions related to systems for the purpose of preventing falsification of medical record data into which patient medical data has been input.
  • the electronic medical record recording system described in Patent Document 2 is made for the purpose of suppressing falsification of the electronic medical record without using a time stamp whose reliability is uncertain.
  • the electronic medical record transmitted from the user terminal and recorded in the electronic medical record reception memory includes the contents of the electronic medical record recorded in the storage electronic medical record database. Only when it is determined that all are included, the electronic medical record in the storage electronic medical record database is overwritten.
  • Patent Documents 1 and 2 describe a mechanism for preventing falsification of an electronic medical record, but describe a mechanism for preventing falsification of patient biometric information provided from a patient to a medical institution doctor via a network. It has not been. In addition, there is no description of a mechanism for realizing confidentiality that is not disclosed to anyone other than those who are permitted to receive patient biometric information as personal information.
  • the present invention has been made in view of the circumstances described above, and is intended to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from a patient to a medical institution. Objective.
  • a personal information protection system of the present invention includes a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network.
  • the public key and the secret key are generated at the medical institution terminal and provided to one node device.
  • a consensus formation process for sharing the public key among the plurality of node devices is performed, and the public keys are stored in the plurality of node devices only when the consensus is formed.
  • the patient terminal obtains a public key from one node device, and the obtained public key encrypts patient biometric information or information that can identify an individual added to the biometric information, and is generated thereby Encrypted biometric information is provided to one node device.
  • a consensus building process for sharing the encrypted biometric information among the plurality of node devices is performed, and the encrypted biometric information is stored in the plurality of node devices only when the consensus is formed.
  • the encrypted biometric information is acquired from one node device and decrypted with the secret key generated together with the public key.
  • the patient biometric information provided from the patient to the medical institution is encrypted with the public key by itself or information that can identify an individual added to the biometric information. By doing so, it is concealed.
  • the concealed biometric information can be decrypted and used only by a medical institution having a secret key.
  • the public key is distributed and stored in each node device only when it is verified that it is valid by the consensus building process executed between the plurality of node devices, for example, the public key is malicious to the node device.
  • the public key is malicious to the node device.
  • the program it is possible to prevent the public key itself from being falsified. Since the public key is prevented from being falsified, it is possible to prevent the biometric information and the like from being encrypted with the illegal public key that has been falsified and decrypted with the illegal private key.
  • biometric information or the like encrypted with a public key is stored in a distributed manner in each node device only when it is verified that it is valid by a consensus building process executed between a plurality of node devices. For example, it is possible to prevent the encrypted biometric information from being tampered with by installing a malicious program on the node device.
  • FIG. 1 is a diagram showing an example of the overall configuration of a personal information protection system according to the first embodiment.
  • the personal information protection system according to the first embodiment includes a medical institution terminal 100 used in a medical institution, a patient terminal 200 used by a patient, and a plurality of node devices connected by a distributed network. 300 -1 to 300 -3 (hereinafter sometimes collectively referred to as the node device 300).
  • the medical institution terminal 100 and the node device 300 are configured to be connectable via a communication network such as the Internet.
  • FIG. 1 shows a state where the medical institution terminal 100 is connected to the node device 300-3 .
  • the medical institution terminal 100 is arbitrarily connected to any one of the node devices 300-1 to 300-3 in the distributed network. It is possible to connect.
  • the patient terminal 200 and the node device 300 are configured to be connectable via a communication network such as the Internet.
  • FIG. 1 shows a state in which the patient terminal 200 is connected to the node device 300-2 , the patient terminal 200 is arbitrarily connected to any one of the node devices 300-1 to 300-3 in the distributed network. It is possible.
  • the patient terminal 200 is a terminal capable of inputting patient's biological information, and is configured by, for example, a smartphone, a personal computer, a tablet or the like.
  • the biometric information is information measured by a medical device (not shown) placed at the patient's home, for example.
  • the medical device and the patient terminal 200 are connected by wire or wirelessly, and the biological information measured by the medical device is transmitted to the patient terminal 200 so that the patient terminal 200 inputs the biological information.
  • the patient may input biological information measured by the medical device to the patient terminal 200 by operating an operation interface such as a touch panel or a keyboard of the patient terminal 200.
  • biological information is not limited to information related to human physiology measured by medical equipment.
  • information on human psychology and behavior such as information on psychological aspects such as sensation and sensitivity, behavioral ability such as reaction and follow-up, and information on daily life behavior may be used.
  • Such biological information can be input by the patient operating an operation interface such as a touch panel or a keyboard of the patient terminal 200, for example.
  • an application program installed in the patient terminal 200 it is also possible to input information on human psychology and behavior as a function of the application program.
  • a block chain technology is introduced into a plurality of node devices 300 -1 to 300 -3 connected by a distributed network. That is, as will be described later, data such as a public key and biometric information is stored in a manner shared by a plurality of node devices 300 -1 to 300 -3 by the block chain technology. For simplicity of illustration, only three node devices 300 -1 to 300 -3 are shown in FIG. 1, but more than this may be used.
  • the medical institution terminal 100 generates a public key and a secret key, and provides them to one of the node devices 300 -1 to 300 -3 . Then, a consensus process for sharing a public key across the plurality of node devices 300 -1 to 300 -3, only if it is consensus, published in a plurality of node devices 300 -1 to 300 -3 Remember the key.
  • patient terminal 200 acquires a public key from a node device among the plurality of node devices 300 -1 to 300 -3, the public key the acquired individual being added to the biological information or the biometric information of the patient Encrypt information that can be specified. Then, the encrypted biometric information generated thereby is provided to one of the node devices 300 -1 to 300 -3 . Since the patient's biometric information is related to personal information, the biometric information is encrypted and the encrypted biometric information is provided to the node device 300 in order to ensure confidentiality.
  • the biometric information provided from the patient terminal 200 to the node device 300 is added with information that can identify the individual of the patient (information such as the patient's name, sex, age, address, etc., hereinafter referred to as patient information). Is done. Since the patient information is also related to the personal information, the patient information may be encrypted in order to ensure confidentiality.
  • the biometric information and the entire patient information added thereto may be encrypted, or only the biometric information or only the patient information may be encrypted.
  • the encrypted biometric information is provided from the patient terminal 200 to one of the node devices 300 -1 to 300 -3 , the encrypted biometric information is sent to the plurality of node devices 300 -1 to 300 -3.
  • the consensus building process for sharing the whole is performed, and the encrypted biometric information is stored in the plurality of node devices 300 -1 to 300 -3 only when the consensus is formed.
  • the medical institution terminal 100 acquires the encrypted biometric information from one of the plurality of node devices 300 -1 to 300 -3 and decrypts it with the secret key generated along with the public key.
  • the private key is held only in the medical institution terminal 100 that has generated this together with the public key. Thereby, the patient biometric information related to the personal information can be used only in the specific medical institution terminal 100 that knows the secret key.
  • FIG. 2 is a block diagram illustrating a functional configuration example of the medical institution terminal 100 according to the first embodiment.
  • the medical institution terminal 100 according to the first embodiment includes a key generation unit 11, a public key provision unit 12, a biometric information acquisition unit 13, and a decryption processing unit 14 as functional configurations.
  • the medical institution terminal 100 according to the first embodiment includes a key storage unit 10 as a storage medium.
  • the functional blocks 11 to 14 can be configured by any of hardware, DSP (Digital Signal Processor), and software.
  • each of the functional blocks 11 to 14 actually includes a CPU, RAM, ROM, etc. of a computer, and is stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the key generation unit 11 generates a public key and a secret key.
  • a known technique can be applied to the key generation.
  • a public key and a secret key (hereinafter, collectively referred to as key information) generated by the key generation unit 11 are stored in the key storage unit 10.
  • the public key providing unit 12 provides the public key generated by the key generating unit 11 to one node device among the plurality of node devices 300 -1 to 300 -3 .
  • Which node device provides the public key is arbitrary.
  • the public key provided to the node device 300 is distributed and stored in the plurality of node devices 300 -1 to 300 -3 through a consensus process described later.
  • the encrypted biometric information generated thereby is transferred from the patient terminal 200 to the node device. 300 is provided.
  • the encrypted biometric information provided to the node device 300 is distributed and stored in the plurality of node devices 300 -1 to 300 -3 through a consensus process described later.
  • the biometric information acquisition unit 13 acquires encrypted biometric information from one node device among the plurality of node devices 300 -1 to 300 -3 . That is, the biometric information acquisition unit 13 transmits a biometric information acquisition request to one node device, and acquires the encrypted biometric information transmitted from the one node device in response to this request.
  • the decryption processing unit 14 decrypts the encrypted biometric information acquired by the biometric information acquisition unit 13 with the secret key generated by the key generation unit 11 and stored in the key storage unit 10.
  • only the medical institution terminal 100 that generated the key information can decrypt the encrypted biometric information.
  • a patient's biometric information can be exchanged in the state which ensured confidentiality only between a specific medical institution and the specific patient who is receiving medical treatment, treatment, etc. of the medical institution.
  • FIG. 3 is a block diagram illustrating a functional configuration example of the patient terminal 200 according to the first embodiment.
  • the patient terminal 200 according to the first embodiment includes a biometric information input unit 21, a public key acquisition unit 22, an encryption processing unit 23, and a biometric information provision unit 24 as functional configurations.
  • the above functional blocks 21 to 24 can be configured by any of hardware, DSP, and software.
  • each of the functional blocks 21 to 24 is actually configured by including a CPU, RAM, ROM, and the like of a computer, and is stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the biometric information input unit 21 inputs patient biometric information.
  • the biological information is any one or more of information related to the patient's physiology, psychology, and behavior. For example, information measured by a medical device (not shown) placed in the patient's home is input. To do.
  • biometric information is input as a function of the application program through execution of the application program installed in the patient terminal 200.
  • This application program may be the same program as the program that executes the functions of the public key acquisition unit 22, the encryption processing unit 23, and the biometric information providing unit 24, or may be a different program.
  • the biometric information input unit 21 adds patient information that can identify an individual patient to the input biometric information.
  • the patient information to be added is input and stored in advance by the patient operating an operation interface such as a touch panel or a keyboard of the patient terminal 200.
  • the biometric information input unit 21 adds patient information stored in advance to the biometric information. Note that patient information may be input each time in accordance with the input of biometric information.
  • the public key acquisition unit 22 acquires public keys stored in the plurality of node devices 300 -1 to 300 -3 from one node device. That is, the public key acquisition unit 22 transmits a public key acquisition request to one node device, and acquires the public key transmitted from the one node device in response to this request.
  • the encryption processing unit 23 generates encrypted biometric information by encrypting at least one of the patient biometric information and the patient information added to the biometric information with the public key acquired by the public key acquiring unit 22. .
  • the biometric information providing unit 24 provides the encrypted biometric information generated by the encryption processing unit 23 to one node device among the plurality of node devices 300 -1 to 300 -3 .
  • FIG. 4 is a block diagram illustrating a functional configuration example of the node device 300 according to the first embodiment. Although here is shown an example of the functional configuration of the node device 300 -1, it is configured similarly other node devices 300 -2 to 300 -3.
  • the node device 300 -1 of the first embodiment as a functional structure, the public key reception unit 31, the first consensus processing unit 32, a public key storage control unit 33, the biological information receiving unit 34, a second consensus processing unit 35, a biological information storage control unit 36, a public key transmission unit 37, and a biological information transmission unit 38. Also, the node device 300 -1 of the first embodiment, as the storage medium, and a data storage unit 30.
  • the functional blocks 31 to 38 can be configured by any of hardware, DSP, and software.
  • each of the functional blocks 31 to 38 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the public key receiving unit 31 receives the public key provided by the public key providing unit 12 of the medical institution terminal 100.
  • the first consensus processing unit 32 shares the public key provided by the medical institution terminal 100 (the public key received by the public key receiving unit 31) among the plurality of node devices 300-1 to 300-3.
  • the consensus building process is performed. That is, the first consensus processor 32 of the node device 300 -1 transmits the public key received by the public key receiver unit 31 to the other node devices 300 -2 to 300 -3, a predetermined consensus process Do.
  • the first consensus processing unit 32 verifies the validity of the public key provided from the medical institution terminal 100 by performing consensus building processing using a PBFT (Practical Byzantine Fault Tolerance) consensus algorithm.
  • PBFT Practical Byzantine Fault Tolerance
  • the public key storage control unit 33 stores the public key in the data storage unit 30 provided in each of the plurality of node devices 300 -2 to 300 -3 only when an agreement is formed by the first consensus processing unit 32. As a result, the consensus public keys are distributed and stored in the plurality of node devices 300 -1 to 300 -3 .
  • the biometric information receiving unit 34 receives the encrypted biometric information provided by the biometric information providing unit 24 of the patient terminal 200.
  • the second consensus processing unit 35 transmits the encrypted biometric information (encrypted biometric information received by the biometric information receiving unit 34) provided from the patient terminal 200 to the plurality of node devices 300 -1 to 300 -3 as a whole. Perform consensus building process for sharing.
  • a consensus algorithm known in blockchain technology can also be used for the consensus building process performed by the second consensus processing unit 35.
  • the biometric information storage control unit 36 stores the encrypted biometric information in the data storage unit 30 provided in each of the plurality of node devices 300 -1 to 300 -3 only when an agreement is formed by the second consensus processing unit 35. . As a result, the encrypted biometric information formed in agreement is distributed and stored in the plurality of node devices 300 -1 to 300 -3 .
  • the public key transmission unit 37 transmits the public key stored in the data storage unit 30 to the patient terminal 200 in response to the public key acquisition request sent from the public key acquisition unit 22 of the patient terminal 200.
  • the biometric information transmission unit 38 sends the encrypted biometric information stored in the data storage unit 30 to the medical institution terminal 100 in response to the biometric information acquisition request sent from the biometric information acquisition unit 13 of the medical institution terminal 100. Send.
  • FIG. 5 is a flowchart illustrating an operation example when a public key is transmitted from the medical institution terminal 100 to the node device 300 and stored.
  • the key generation unit 11 of the medical institution terminal 100 generates a public key and a secret key (step S1), and stores the generated key information in the key storage unit 10 (step S2).
  • the public key providing unit 12 provides the public key generated by the key generating unit 11 to one node device among the plurality of node devices 300 -1 to 300 -3 (step S3).
  • the first consensus processing unit 32 uses the received public key as a plurality of public keys. Consensus building processing is performed for sharing among the node devices 300 -1 to 300 -3 (step S12).
  • the public key storage control unit 33 determines whether or not the consensus formation by the first consensus processing unit 32 is successful (step S13), and only when the consensus is formed, the plurality of node devices 300 ⁇ 1 to 300 -3 stores the public key in the data storage unit 30 with each (step S14). Thereby, the process of the flowchart shown in FIG. 5 is completed.
  • FIG. 6 is a flowchart showing an operation example when the patient biometric information is encrypted, transmitted from the patient terminal 200 to the node device 300, and stored.
  • the public key acquisition unit 22 of the patient terminal 200 transmits a public key acquisition request to the node device 300 (step S21).
  • the public key transmission unit 37 of the node device 300 transmits the public key stored in the data storage unit 30 to the patient terminal 200 (step S32).
  • the public key acquisition unit 22 acquires the public key transmitted from the node device 300 (step S22).
  • the biometric information input unit 21 inputs the biometric information of the patient (Step S23). And the encryption process part 23 produces
  • the biometric information providing unit 24 provides the encrypted biometric information generated by the cryptographic processing unit 23 to one of the node devices 300 -1 to 300 -3 (Step S25).
  • the public key acquisition in steps S21, S22, S31, and S32 and the biometric information input in step S23 may be performed in the reverse order. Further, in the case where the patient repeatedly provides biometric information to the node device 300, if the public key has already been acquired, the acquisition of the public key in steps S21, S22, S31, and S32 can be omitted. It is.
  • the second consensus processing unit 35 transmits the received encrypted biometric information to a plurality of nodes.
  • a consensus building process is performed for sharing among the devices 300 -1 to 300 -3 (step S34).
  • the biological information storage control unit 36 determines whether or not the consensus formation by the second consensus processing unit 35 is successful (step S35), and only when the consensus is formed, the plurality of node devices 300 ⁇ 1 to 300 -3 stores the encrypted biometric information in the data storage unit 30 with each (step S36). Thereby, the process of the flowchart shown in FIG. 6 is completed.
  • FIG. 7 is a flowchart showing an operation example when the medical institution terminal 100 acquires the encrypted biometric information from the node device 300 and decrypts it.
  • the biometric information acquisition unit 13 of the medical institution terminal 100 transmits a biometric information acquisition request to the node device 300 (step S41).
  • the biometric information transmitting unit 38 of the node device 300 transmits the encrypted biometric information stored in the data storage unit 30 to the medical institution terminal 100.
  • Step S52 In response to this, the biometric information acquisition unit 13 acquires the encrypted biometric information transmitted from the node device 300 (step S42).
  • the decryption processing unit 14 acquires the secret key stored in the key storage unit 10 (step S43), and decrypts the encrypted biometric information acquired by the biometric information acquisition unit 13 using the secret key (step S43). S44). Thereby, the process of the flowchart shown in FIG. 7 is completed.
  • the patient biometric information provided from the patient terminal 200 to the medical institution terminal 100 is either itself or patient information added to the biometric information by a public key. It is concealed by being encrypted. The concealed biometric information can be decrypted and used only by the medical institution that generated the secret key.
  • the node device 300 since the public key is distributed and stored in each node device 300 only when it is verified that the public key is valid by the consensus building process executed between the plurality of node devices 300, for example, the node device 300 It is possible to prevent the public key itself from being falsified by setting a malicious program on the computer. Since the public key is prevented from being falsified, it is possible to prevent the biometric information and the like from being encrypted with the illegal public key that has been falsified and decrypted with the illegal private key.
  • biometric information or the like encrypted with the public key is distributed and stored in each node device 300 only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300. Therefore, for example, it is possible to prevent the encrypted biometric information from being falsified by setting a malicious program on the node device 300.
  • the first embodiment it is possible to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from the patient terminal 200 to the medical institution terminal 100.
  • FIG. 8 is a diagram showing an example of the overall configuration of the personal information protection system according to the second embodiment.
  • the same reference numerals as those shown in FIG. 1 have the same functions, and therefore redundant description is omitted here.
  • the personal information protection system includes two medical institution terminals 100A and 100B as terminals used in two medical institutions.
  • the first medical institution terminal 100A and the node device 300 'and the second medical institution terminal 100B and the node device 300' can be connected by a communication network such as the Internet.
  • FIG. 8 shows a state in which the first medical institution terminal 100A is connected to the node device 300-3 ′ and the second medical institution terminal 100B is connected to the node device 300-1 ′.
  • the engine terminals 100A and 100B can be arbitrarily connected to any one of the node devices 300-1 'to 300-3 ' in the distributed network.
  • FIG. 9 is a block diagram illustrating a functional configuration example of the first medical institution terminal 100A according to the second embodiment.
  • components having the same reference numerals as those shown in FIG. 2 have the same functions, and thus redundant description is omitted here.
  • the first medical institution terminal 100A further includes a chart information input unit 15, a chart encryption processing unit 16, and a chart information providing unit 17 as its functional configuration.
  • These functional blocks 15 to 17 can also be configured by any of hardware, DSP, and software.
  • the chart information input unit 15 inputs patient chart information.
  • the medical record information is a record of various information related to the medical treatment and treatment of the patient, and is written and stored as necessary information every time the doctor in charge of the patient performs the medical treatment and treatment.
  • the created chart information is stored in a local terminal used by the doctor in charge or a shared server in the hospital network.
  • the chart information input unit 15 inputs chart information stored in a local terminal or a shared server.
  • the medical record encryption processing unit 16 encrypts the medical record information input by the medical record information input unit 15 with the public key generated by the key generation unit 11 and stored in the key storage unit 10, thereby obtaining the encrypted medical record information. Generate. Note that the encryption of the chart information may be performed on the entire chart information or only on the part of the patient information included in the chart information.
  • the chart information providing unit 17 provides the encrypted chart information generated by the chart encryption processing unit 16 to one of the node devices 300 -1 to 300 -3 among the plurality of node devices.
  • FIG. 10 is a block diagram illustrating a functional configuration example of the second medical institution terminal 100B according to the second embodiment.
  • the second medical institution terminal 100 ⁇ / b> B includes a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43 as its functional configuration.
  • the second medical institution terminal 100B includes a secret key storage unit 40 as a storage medium.
  • These functional blocks 41 to 43 can also be configured by any of hardware, DSP, and software.
  • the medical chart information acquisition unit 41 acquires encrypted medical chart information from one of the plurality of node devices 300 -1 ′ to 300 -3 ′. That is, the chart information acquisition unit 41 transmits a chart information acquisition request to one node apparatus, and acquires encrypted chart information transmitted from the one node apparatus in response to this request.
  • the secret key acquisition unit 43 acquires the secret key generated by the first medical institution terminal 100A via another secure route that does not pass through the node device 300 '.
  • the secret key acquisition unit 43 is connected from the first medical institution terminal 100A via a VPN (Virtual Private Network) or a dedicated line set between the first medical institution terminal 100A and the second medical institution terminal 100B. It is possible to obtain a secret key. Or you may make it mail the thing which output the secret key to the paper medium or the information storage medium.
  • VPN Virtual Private Network
  • Another method may be as follows. That is, the second medical institution terminal 100B generates a set of another public key and another secret key, and discloses another public key. Then, the secret key generated by the first medical institution terminal 100A is encrypted with another public key generated by the second medical institution terminal 100B, and the encrypted secret key is transferred from the first medical institution terminal 100A to the first key. To the second medical institution terminal 100B. The secret key acquisition unit 43 decrypts the secret key acquired from the first medical institution terminal 100 ⁇ / b> A with another secret key and stores it in the secret key storage unit 40.
  • the chart decryption processing unit 42 decrypts the encrypted chart information acquired by the chart information acquisition unit 41 with the secret key stored in the secret key storage unit 40.
  • the encrypted medical record information can be decrypted only by the second medical institution terminal 100B that has acquired the secret key by a secure route from the first medical institution terminal 100A that has generated the secret key.
  • FIG. 11 is a block diagram illustrating a functional configuration example of the node device 300 ′ according to the second embodiment. Incidentally, 'it is shown an example of the functional configuration of the other nodes 300 - 2' where the node device 300 -1 to 300 -3 'are similarly constructed.
  • the node device 300 -1 ′ includes, as its functional configuration, a chart information receiving unit 51, a third consensus processing unit 52, a chart information storage control unit 53, and a chart information transmission.
  • a portion 54 is further provided.
  • These functional blocks 51 to 54 can also be configured by any of hardware, DSP, and software.
  • the chart information receiving unit 51 receives the encrypted chart information provided by the chart information providing unit 17 of the first medical institution terminal 100A.
  • the third consensus processing unit 52 uses the encrypted medical record information (the encrypted medical record information received by the medical record information receiving unit 51) provided from the first medical institution terminal 100A as a plurality of node devices 300 -1 ′ to 300. -3 'Consensus building process to share with the whole.
  • a consensus algorithm known in block chain technology can also be used for the consensus building process performed by the third consensus processing unit 52.
  • the medical record information storage control unit 53 stores the encrypted medical record information in the data storage unit 30 provided in each of the plurality of node devices 300 -1 ′ to 300 -3 ′ only when an agreement is formed by the third consensus processing unit 52.
  • consensus-formed encrypted medical record information is distributed and stored in the plurality of node devices 300 -1 ′ to 300 -3 ′.
  • the medical record information transmission unit 54 receives the encrypted medical record information stored in the data storage unit 30 in response to the medical record information acquisition request sent from the medical record information acquisition unit 41 of the second medical institution terminal 100B. To the medical institution terminal 100B.
  • the authenticity (impossibility of falsification) and confidentiality of patient chart information. It is possible to share medical chart information while ensuring the above.
  • the patient chart information provided from the first medical institution terminal 100A to the second medical institution terminal 100B is concealed by encrypting the whole or part of the patient information with the public key.
  • the confidential medical record information can be decrypted and used only by the second medical institution that has obtained the secret key from the first medical institution.
  • the public key is distributed and stored in each node device 300 ′ only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300 ′, for example, the node
  • the node By setting a malicious program on the device 300 ′, it is possible to prevent the public key itself from being falsified. Since falsification of the public key is suppressed, it is possible to prevent the chart information and the like from being encrypted by the illegal public key that has been falsified and decrypted by the illegal secret key.
  • the medical record information encrypted with the public key is also distributed to each node device 300 ′ only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300 ′. Since it is stored, for example, it is possible to prevent the encrypted medical record information from being falsified by installing a malicious program on the node device 300 ′.
  • the authenticity (impossibility of falsification) and confidentiality of patient chart information provided and shared from the first medical institution terminal 100A to the second medical institution terminal 100B. Can be realized.
  • the second medical institution terminal 100B further includes the biometric information acquisition unit 13 and the decryption processing unit 14, thereby providing the second medical institution terminal 100B with the biometric information encrypted by the patient terminal 200. You may be able to do it.
  • the second medical institution terminal 100B includes a key storage unit 10, a key generation unit 11, a public key provision unit 12, and a biometric information acquisition unit 13 in addition to the configuration shown in FIG.
  • a decryption processing unit 14, a chart information input unit 15, a chart encryption processing unit 16, and a chart information providing unit 17 may be provided.
  • the first medical institution terminal 100A may include a secret key storage unit 40, a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43 in addition to the configuration illustrated in FIG.
  • the patient terminal 200 may further include a secret key storage unit 40, a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43.
  • a secret key storage unit 40 may store data for storing medical chart information.
  • the medical record information created in the first medical institution terminal 100A is encrypted with the public key generated in the first medical institution terminal 100A, and the secret key generated in the first medical institution terminal 100A is used.
  • the first medical institution terminal 100A provides the patient terminal 200 with a safe route.
  • the patient terminal 200 generates a set of the second public key and the second secret key, and provides the second public key to the node device 300 ′.
  • the node device 300 ′ performs consensus processing on the second public key, and distributes and stores the second public key only when an agreement is formed.
  • the medical record information created in the first medical institution terminal 100A is encrypted with the second public key acquired from the node device 300 ′ by the first medical institution terminal 100A, and the encrypted medical record information is converted into the first medical institution information.
  • the node device 300 ′ performs consensus processing on the encrypted medical record information, and distributes and stores the encrypted medical record information only when an agreement is formed.
  • the patient terminal 200 obtains the encrypted medical record information from the node device 300 ′ and decrypts it with the second secret key generated together with the second public key.
  • the personal information protection system in this case is a personal information protection system comprising a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network, Specifically, it is configured as follows.
  • the patient terminal A second key generation unit for generating a second public key and a second secret key; A second public key providing unit that provides the second public key generated by the second key generating unit to one node device among the plurality of node devices; A chart information acquisition unit that acquires encrypted chart information from one of the plurality of node apparatuses; A second decryption processing unit that decrypts the encrypted medical record information acquired by the medical record information acquisition unit with the second secret key generated by the second key generation unit.
  • the plurality of node devices A fourth consensus processing unit that performs consensus building processing for sharing the second public key provided from the patient terminal with the whole of the plurality of node devices; A second public key storage control unit that stores the second public key in the data storage unit included in each of the plurality of node devices only when an agreement is formed by the fourth consensus processing unit; A fifth consensus processing unit for performing consensus formation processing for sharing the encrypted medical record information provided from the medical institution terminal with the plurality of node devices as a whole; Only when an agreement is formed by the fifth consensus processing unit, a medical record information storage control unit that stores the encrypted medical record information in the data storage unit provided in each of the plurality of node devices.
  • medical institution terminals A second public key acquisition unit that acquires the second public key stored in the plurality of node devices from one node device;
  • a second encryption processing unit that generates the encrypted medical record information by encrypting the medical record information with the second public key acquired by the second public key acquisition unit;
  • a medical record information providing unit that provides the encrypted medical record information generated by the second cryptographic processing unit to one of the plurality of node devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

Selon la présente invention, une clé publique et une clé secrète sont générées au niveau d'un terminal d'institut médical (100) et sont fournies à un dispositif choisi parmi plusieurs dispositifs de nœuds (300), et la clé publique est dispersée et sauvegardée uniquement lorsqu'un consensus est atteint parmi tous les dispositifs de nœuds (300). Un terminal de patient (200) acquiert la clé publique à partir de l'un des dispositifs de nœuds (300), crypte des informations biologiques, fournit les informations biologiques cryptées audit dispositif choisi parmi plusieurs dispositifs de nœuds (300), et les informations biologiques cryptées sont dispersées et sauvegardées uniquement lorsqu'un consensus est atteint parmi tous les dispositifs de nœuds (300). Le terminal d'institut médical (100) acquiert les informations biologiques cryptées à partir de l'un des dispositifs de nœuds (300), et décrypte les informations biologiques à l'aide de la clé secrète générée conjointement avec la clé publique. Ainsi, l'authenticité (incapacité à falsifier) et la confidentialité (incapacité à identifier une personne par quelqu'un d'autre que la personne autorisée) d'informations biologiques fournies par un patient à une institution médicale peuvent être obtenues.
PCT/JP2017/021806 2017-06-13 2017-06-13 Système de protection d'informations personnelles WO2018229867A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2017552511A JP6245782B1 (ja) 2017-06-13 2017-06-13 個人情報保護システム
PCT/JP2017/021806 WO2018229867A1 (fr) 2017-06-13 2017-06-13 Système de protection d'informations personnelles

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2017/021806 WO2018229867A1 (fr) 2017-06-13 2017-06-13 Système de protection d'informations personnelles

Publications (1)

Publication Number Publication Date
WO2018229867A1 true WO2018229867A1 (fr) 2018-12-20

Family

ID=60658994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/021806 WO2018229867A1 (fr) 2017-06-13 2017-06-13 Système de protection d'informations personnelles

Country Status (2)

Country Link
JP (1) JP6245782B1 (fr)
WO (1) WO2018229867A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111737340A (zh) * 2020-03-11 2020-10-02 西安电子科技大学 一种基于属性加密的区块链上存储加密方法
JP2022551013A (ja) * 2019-11-26 2022-12-06 ライカ・バイオシステムズ・メルボルン・プロプライエタリー・リミテッド 患者サンプルに対する不変台帳ベースのワークフロー管理
JP7329437B2 (ja) 2019-12-26 2023-08-18 アイホン株式会社 ナースコールシステム

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7312425B2 (ja) * 2018-01-31 2023-07-21 シビラ株式会社 データ送受信方法
JP6721903B2 (ja) * 2018-01-31 2020-07-15 シビラ株式会社 データ送受信方法、データ送受信システム、処理装置及びコンピュータプログラム
KR101882207B1 (ko) * 2018-03-23 2018-07-26 주식회사 아이라이즈 블록체인 기반으로 환자 정보를 저장하는 병의원 보안 시스템
WO2019187040A1 (fr) * 2018-03-30 2019-10-03 株式会社Eyes, JAPAN Système de gestion d'informations biologiques
KR102048804B1 (ko) * 2018-04-13 2019-11-26 김예원 블록체인을 이용한 스마트 방사선량 측정 관리 시스템
US20210183486A1 (en) * 2018-06-19 2021-06-17 Sony Corporation Biological information processing method, biological information processing apparatus, and biological information processing system
JP6566278B1 (ja) * 2018-08-08 2019-08-28 株式会社DataSign パーソナルデータ管理システム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007025918A (ja) * 2005-07-13 2007-02-01 Ada:Kk 電子カルテ公開システム
JP2014109826A (ja) * 2012-11-30 2014-06-12 International Business Maschines Corporation 広域分散医療情報ネットワークの緊急時のためのデータ管理機構
JP2017059913A (ja) * 2015-09-14 2017-03-23 株式会社リコー 情報処理システム、サーバ装置及び情報処理プログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007025918A (ja) * 2005-07-13 2007-02-01 Ada:Kk 電子カルテ公開システム
JP2014109826A (ja) * 2012-11-30 2014-06-12 International Business Maschines Corporation 広域分散医療情報ネットワークの緊急時のためのデータ管理機構
JP2017059913A (ja) * 2015-09-14 2017-03-23 株式会社リコー 情報処理システム、サーバ装置及び情報処理プログラム

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2022551013A (ja) * 2019-11-26 2022-12-06 ライカ・バイオシステムズ・メルボルン・プロプライエタリー・リミテッド 患者サンプルに対する不変台帳ベースのワークフロー管理
JP7303385B2 (ja) 2019-11-26 2023-07-04 ライカ・バイオシステムズ・メルボルン・プロプライエタリー・リミテッド 患者サンプルに対する不変台帳ベースのワークフロー管理
JP7329437B2 (ja) 2019-12-26 2023-08-18 アイホン株式会社 ナースコールシステム
CN111737340A (zh) * 2020-03-11 2020-10-02 西安电子科技大学 一种基于属性加密的区块链上存储加密方法
CN111737340B (zh) * 2020-03-11 2024-04-02 西安电子科技大学 一种基于属性加密的区块链上存储加密方法

Also Published As

Publication number Publication date
JPWO2018229867A1 (ja) 2019-06-27
JP6245782B1 (ja) 2017-12-13

Similar Documents

Publication Publication Date Title
JP6245782B1 (ja) 個人情報保護システム
Fabian et al. Collaborative and secure sharing of healthcare data in multi-clouds
Lounis et al. Healing on the cloud: Secure cloud architecture for medical wireless sensor networks
US9246683B2 (en) Re-encryption key generator, re-encryption apparatus, and program
US10164950B2 (en) Controlling access to clinical data analyzed by remote computing resources
US20020124177A1 (en) Methods for encrypting and decrypting electronically stored medical records and other digital documents for secure storage, retrieval and sharing of such documents
Garkoti et al. Detection of insider attacks in cloud based e-healthcare environment
US20080028214A1 (en) Secure flash media for medical records
JPWO2009084573A1 (ja) 情報流通システム及びそのためのプログラム
Sharma et al. RSA based encryption approach for preserving confidentiality of big data
Zala et al. PRMS: design and development of patients’ E-healthcare records management system for privacy preservation in third party cloud platforms
KR101022213B1 (ko) 멀티 프록시 재암호화 기반 의료데이터 공유 방법 및 장치
CN114065261A (zh) 基于区块链的分布式可信数据分享平台、方法及系统
CN102057379A (zh) 保健数据处理的方法和系统
EP3219048A1 (fr) Système et procédé de stockage et de partage d'information de manière sécurisée
JP2000331101A (ja) 医療関連情報管理システム及びその方法
Nait Hamoud et al. Implementing a secure remote patient monitoring system
JP4521514B2 (ja) 医療情報流通システム及びその情報アクセス制御方法、コンピュータプログラム
WO2023076467A1 (fr) Chiffrement de données générées à partir de dispositifs médicaux
Chondamrongkul et al. Secure mobile cloud architecture for healthcare application
JP2007080041A (ja) 電子カルテシステム
JPWO2018203382A1 (ja) セキュリティシステムおよびこれに用いるノード装置
Dakhel et al. A secure wireless body area network for E-health application using blockchain
Vivas et al. Mechanisms of security based on digital certificates applied in a telemedicine network
Ray et al. Design of RSA-CA based E-health system for supporting HIPAA privacy-security regulations

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2017552511

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17913170

Country of ref document: EP

Kind code of ref document: A1