WO2021065411A1 - Management system, management device, and management method - Google Patents

Management system, management device, and management method Download PDF

Info

Publication number
WO2021065411A1
WO2021065411A1 PCT/JP2020/034284 JP2020034284W WO2021065411A1 WO 2021065411 A1 WO2021065411 A1 WO 2021065411A1 JP 2020034284 W JP2020034284 W JP 2020034284W WO 2021065411 A1 WO2021065411 A1 WO 2021065411A1
Authority
WO
WIPO (PCT)
Prior art keywords
position information
information
user
personal information
terminal
Prior art date
Application number
PCT/JP2020/034284
Other languages
French (fr)
Japanese (ja)
Inventor
隆文 垣岡
礼壮 木村
Original Assignee
佐鳥電機株式会社
株式会社国際ヘルスケア・マネジメント機構
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 佐鳥電機株式会社, 株式会社国際ヘルスケア・マネジメント機構 filed Critical 佐鳥電機株式会社
Priority to JP2021550533A priority Critical patent/JPWO2021065411A1/ja
Publication of WO2021065411A1 publication Critical patent/WO2021065411A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices

Definitions

  • the present invention relates to a management system, a management device, and a management method for managing personal information of users.
  • Patent Document 1 a management system (hereinafter referred to as "conventional system") that manages a user's position information and a user's personal information is known. More specifically, in Patent Document 1, the user's mobile terminal (user terminal) transmits the space-time tag and the terminal ID to a predetermined storage device every time a predetermined time elapses, and the storage device sends the terminal ID.
  • the space-time tag for each.
  • the space-time tag includes position information and time information.
  • a terminal device for acquiring user's personal information is installed in a facility (for example, a hospital or a retail store), and this terminal device has an NFC (Near Field Communication) function.
  • NFC Near Field Communication
  • the latest space-time tag is acquired from the mobile terminal, the space-time tag is added to the personal information, and the information is transmitted to the storage device.
  • the storage device can aggregate personal information for each user by collating the space-time tag transmitted from the mobile terminal with the space-time tag transmitted from the terminal device.
  • a location information transmission device that transmits location information instead of a mobile terminal and a personal information acquisition device.
  • the position information transmitting device transmits the position information when the mobile terminal approaches.
  • the time (required time) required for acquiring personal information for the purpose of improving work efficiency.
  • the positions of the acquisition start time and the acquisition end time will differ depending on the type of personal information, and there are many personal information that does not include the acquisition start time and the acquisition end time.
  • the location information is transmitted only once immediately before or immediately after the acquisition of the personal information, so that the location information is referred to. And the required time cannot be calculated.
  • an object of the present invention is to provide a management system that accurately associates the personal information of the same person with the location information without modifying the existing personal information acquisition device and without causing the user terminal to acquire the location information. There is. Furthermore, an object of the present invention is to provide a management system capable of calculating the time required for acquiring personal information.
  • the management system of the present invention (hereinafter, also referred to as “the management system") is When the user terminals (20, 25) carried by the user approach, the user terminal can communicate with the user terminal, and the predetermined storage device (40) stores the preset position information indicating its own position. The position information transmitting device (10) to be transmitted to A management device (80) for associating and managing the location information and the personal information is provided.
  • the management device is Acquisition of the personal information from the candidate position information which is the position information indicating the position within a predetermined range that can be regarded as being installed in the same place as the personal information acquisition device that acquired the personal information (step 1315).
  • the position information that is the position information that was transmitted before the time point and at the time closest to the acquisition time point is transmitted at the time point that is later than the acquisition time point of the personal information and the time point closest to the acquisition time point.
  • the position information is acquired (step 1320), and the position information is acquired.
  • the personal information, the immediately preceding position information, and the immediately preceding position information are associated and managed (step 1330). It is configured as follows.
  • the position indicated by the location information belongs to a predetermined range that can be regarded as being installed in the same place as the personal information acquisition device that acquired the personal information, and is transmitted immediately before or after the acquisition time of the personal information. If so, the user whose personal information has been acquired by the personal information acquisition device and the user who has the position information transmission device transmit the position information by bringing the user terminal closer to the position information transmission device are the same. Most likely a person. This is because these users are located at the same place at the same time. Thereby, according to this management system, the location information of the same person and the personal information can be more accurately associated with each other. Further, since the immediately preceding position information and the immediately preceding position information are associated with a certain personal information, the time required for acquiring the personal information can also be calculated.
  • the existing personal information acquisition device since the existing personal information only needs to include at least the place information for specifying the installation location of the personal information acquisition device that acquired the personal information and the acquisition time, the existing personal information acquisition device can be used as it is. Yes, there is no need to make changes to the existing personal information acquisition device. Further, since the position information is not transmitted by the user terminal but is transmitted by the position information transmitting device, the position information acquisition function of the user terminal may be disabled, or the position on the user terminal side. There is no risk of the information being tampered with.
  • the position information transmitting device is When the user terminal approaches, the terminal identifier, which is the identifier of the user terminal, is acquired from the user terminal (step 1105, step 1135, step 1155, step 1185). The location information including the acquired terminal identifier is transmitted (step 1115, step 1145, step 1165, step 1195).
  • the management device is When the immediately preceding terminal identifier which is the terminal identifier included in the immediately preceding position information and the immediately preceding terminal identifier which is the immediately preceding terminal identifier included in the immediately after position information match (“Yes” in step 1325), the personal information and the personal information The immediately preceding position information and the immediately preceding position information are managed in association with each other (step 1330). It is configured as follows.
  • the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match, the personal information, the immediately preceding position information, and the immediately following position information cannot be associated with each other, so that the same person's location information and personal information can be associated more accurately.
  • the management device is When the difference between the time of transmission of the immediately preceding position information and the time of transmission of the immediately after position information is equal to or less than the threshold difference, and the immediately preceding terminal identifier and the immediately following terminal identifier match (“Yes” in step 1325). ), The personal information, the immediately preceding position information, and the immediately after position information are managed in association with each other (step 1330). It is configured as follows.
  • the personal information, the immediately before position information, and the immediately after position information cannot be associated with each other. It can be more accurately associated with personal information.
  • the management device is When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match (“No” in step 1325), the candidate position information is before the transmission time of the immediately preceding position information and at the transmission time. Select the position information immediately before the runner-up, which is the position information transmitted at the time closest to (step 1605), and When the terminal identifier included in the position information immediately after the next point and the terminal identifier immediately before the next point match (step 1610), the personal information, the position information immediately before the point, and the position information immediately after the next point are managed in association with each other (step 1330). ), It is configured as follows.
  • the management device is When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match (“No” in step 1325), the candidate position information is before the transmission time of the immediately preceding position information and at the transmission time. Select the position information immediately before the runner-up, which is the position information transmitted at the time closest to (step 1620), and When the terminal identifier included in the runner-up immediately preceding position information and the immediately preceding terminal identifier match (“Yes” in step 1630), the personal information, the runner-up point immediately preceding position information, and the immediately preceding position information are associated with each other. Manage (step 1330), It is configured as follows.
  • the personal information can be associated with the position information of the user from whom the personal information has been acquired.
  • the position information transmitting device is When the terminal identifier is newly acquired (“Yes” in step 1705), it is determined whether or not the previous terminal identifier, which is the previously acquired terminal identifier, is stored (step 1715). When it is determined that the previous terminal identifier is not stored (“Yes” in step 1715), the current terminal identifier is stored as the previous terminal identifier (step 1720), and the position information is transmitted (step 1725). , When it is determined that the previous terminal identifier is stored (“No” in step 1715), it is determined whether or not the current terminal identifier, which is the newly acquired terminal identifier, and the previous terminal identifier match.
  • Step 1730 When it is determined that the current terminal identifier and the previous terminal identifier match (“Yes” in step 1730), the position information is transmitted (step 1725), the previous terminal identifier is deleted, and the current terminal identifier is deleted. Is deleted without being stored as the terminal identifier of the previous time (step 1735). When it is determined that the current terminal identifier and the previous terminal identifier do not match (“No” in step 1730), the position information is not transmitted and the current terminal identifier is deleted without being stored as the previous terminal identifier. (Step 1738), It is configured as follows.
  • the terminal identifier this time and the terminal identifier last time do not match, the location information is not transmitted, so that the location information and personal information of the same person can be associated more accurately.
  • FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention.
  • FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG.
  • FIG. 3 is an explanatory diagram of a consented terminal ID table included in the position information transmitting device shown in FIG.
  • FIG. 4 is an explanatory diagram of a consented user table included in the authentication server shown in FIG.
  • FIG. 5 is an explanatory diagram of a distribution destination table included in the authentication server shown in FIG.
  • FIG. 6 is an explanatory diagram of a regular chip ID table included in the authentication server shown in FIG.
  • FIG. 7 is an explanatory diagram of a location information table included in the location information storage server shown in FIG.
  • FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention.
  • FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG.
  • FIG. 3 is an explan
  • FIG. 8 is an explanatory diagram of a personal information table included in the personal information storage server shown in FIG.
  • FIG. 9 is a hardware configuration diagram of the management server shown in FIG.
  • FIG. 10 is a sequence diagram of device authentication and consented user registration in this management system.
  • FIG. 11 is a sequence diagram of transmission of location information and acquisition of personal information in this management system.
  • FIG. 12 is a sequence diagram of the association between the location information and the personal information in this management system.
  • FIG. 13 is a flowchart of the association process executed by the management server shown in FIG.
  • FIG. 14 is a sequence diagram of searching for personal information in this management system.
  • FIG. 15 is a sequence diagram of a first modification of the management system.
  • FIG. 16 is a flowchart of the association process in the second modification of the management system.
  • FIG. 17 is a flowchart of the position information transmission process executed by the position information transmission device in the third modification of the management system.
  • FIG. 18 is a sequence diagram of a fourth modification of the management system.
  • FIG. 19 is an explanatory diagram of a type table included in the location information storage server in the fifth modification of the management system.
  • FIG. 20 is an explanatory diagram of a location information table included in the location information storage server in the fifth modification of the management system.
  • the management system according to the embodiment of the present invention (hereinafter, may be referred to as “the management system”) will be described with reference to the drawings.
  • This management system includes location information transmission devices 10A to 10C, user terminal (mobile terminal) 20, authentication server 30, location information storage server 40, personal information acquisition devices 50B and 50C, history storage server 60, and personal information storage server 70. It also includes a management server 80.
  • position information transmitting device 10 When the position information transmitting devices 10A to 10C are not distinguished from each other, they are referred to as "position information transmitting device 10".
  • personal information acquisition devices 50B and 50C are not distinguished from each other, they are referred to as "personal information acquisition device 50".
  • the location information transmission device 10, the personal information acquisition device 50, and the history storage server 60 are installed in medical institutions such as hospitals and pharmacies, for example.
  • the installation locations of these devices 10, 50 and 60 are not limited to medical institutions, and may be installed in any facility as long as it is a facility for acquiring personal information of users (for example, retail stores and financial institutions). It may be installed in an institution, etc.).
  • FIG. 1 describes an example in which these devices 10, 50 and 60 are installed in Hospital A.
  • Hospital A a position information transmission device 10A is installed at the reception desk, a position information transmission device 10B and a personal information acquisition device 50B are installed in the examination room, and the examination room (for example, an X-ray room) is installed.
  • a position information transmission device 10C and a personal information acquisition device 50C are installed.
  • the location information transmission device 10 is connected to the authentication server 30 and the location information storage server 40 via the network NW. Further, the personal information acquisition device 50 is connected to the history storage server 60 via a LAN (Local Area Network). The history storage server 60 is connected to the personal information storage server 70 via a dedicated line EL.
  • LAN Local Area Network
  • position information is acquired from the position information transmission device 10, and personal information is acquired from the personal information acquisition device 50. That is, the location information and the personal information are acquired separately from each other and stored separately.
  • devices related to location information location information transmission device 10, user terminal 20, authentication server 30, and location information storage server 40.
  • the position information transmitting device 10 is a user who has consented to the transmission of the position information (approved use). Authenticate the user to determine whether or not the person).
  • the position information transmitting device 10 determines that the user is a consented user, the position information transmitting device 10 transmits the preset position information indicating its own position to the position information storage server 40.
  • the position information transmitting device 10 includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102, a ROM (Read Only Memory) 103, an IC (Integrated Circuit) chip 104, a network interface (I / F) 105, and GPS / It has an IMES receiver 106 and an input / output interface (I / F) 107. They are communicably connected to each other via bus 108.
  • CPU Central Processing Unit
  • RAM Random Access Memory
  • ROM Read Only Memory
  • IC Integrated Circuit
  • the CPU 101 realizes various functions by loading various programs (not shown) stored in the ROM 103 into the RAM 102 and executing the programs loaded in the RAM 102.
  • the RAM 102 is a volatile storage medium. As described above, various programs executed by the CPU 101 are loaded into the RAM 102. In addition, the RAM 102 temporarily stores data used by the CPU 101 when executing various programs.
  • ROM 103 is a non-volatile storage medium. Various programs are stored in the ROM 103.
  • the IC chip 104 stores a chip ID used for device authentication, which will be described later. The chip ID is also used as an identifier (device ID) of the position information transmitting device 10.
  • the network I / F 105 is an interface for connecting the location information transmitting device 10 to the network NW.
  • the GPS / IMES (Indoor Messaging System) receiver 106 receives a GPS positioning signal from a GPS satellite (not shown) or an IEMS positioning signal from an IEMS (Indoor Messaging System) transmitter (not shown).
  • the position information transmitting device 10 determines its own position based on the GPS positioning signal or the IMES positioning signal, and sets information indicating the determined position to itself.
  • the input / output I / F 806 is an interface for connecting to the IC card reader / writer 110.
  • the IC card reader / writer 110 has an NFC (Near Field Communication) function. This NFC function is a function capable of communicating with the other device when the distance between the device and the "other device having the NFC function" is within a predetermined distance (when the device approaches the other device).
  • NFC Near Field Communication
  • the position information transmitting devices 10A to 10C store the agreed terminal ID tables 11A to 11C (see FIG. 3) in the RAM 102, respectively.
  • the agreed terminal ID tables 11A to 11C are not distinguished, they are referred to as "agreeed terminal ID table 11".
  • a terminal identifier hereinafter, referred to as "terminal ID"
  • terminal ID is an identifier of the user terminal 20 used by the consented user
  • the location information transmitting device 10 acquires the terminal ID of the approaching user terminal 20. Then, if the acquired terminal ID is registered in the consented terminal ID table 11, the position information transmitting device 10 determines that the user is a consented user and transmits the position information.
  • This position information includes a terminal ID acquired from the user terminal 20 and information (latitude, longitude, etc.) indicating a position set in the position information transmitting device 10.
  • the location information transmitting device 10 determines that the user is not a consented user, and the position unless the user agrees to transmit the location information. Do not send information.
  • the user terminal 20 is a terminal carried by the user and has the above-mentioned NFC function.
  • the terminal ID is stored in the user terminal 20, and when the user terminal 20 approaches the position information transmitting device 10, the user terminal 20 transmits the terminal ID to the position information transmitting device 10.
  • FIG. 1 illustrates a smartphone as the user terminal 20.
  • the user terminal 20 may be, for example, an IC (Integrated Circuit) card (25) or the like.
  • the authentication server 30 is a device that stores and centrally manages the terminal ID of the user terminal 20 of the consented user (hereinafter, referred to as "agreeed terminal ID"), and is a device that centrally manages the consented user table 31. It has a distribution destination table 32 (see FIG. 5) and a regular chip ID table 33 (see FIG. 6).
  • the terminal ID field 311, the user information field 312, and the facility ID field 313 are set in the agreed user table 31.
  • the agreed terminal ID is registered in the terminal ID field 311 and the user information of the agreed user is registered in the user information field 312.
  • User information is information (name, date of birth, age, telephone number, address, insurer number, etc.) for identifying (identifying) an individual user.
  • the user inputs the user information from the user terminal 20 or the like.
  • the facility ID field 313 a facility ID indicating an identifier of the facility for which the user has consented to the transmission of location information is registered.
  • a chip ID field 321 and a facility ID field 322 are set in the distribution destination table 32.
  • the chip ID field 321 the chip ID of the position information transmitting device 10 determined to be a genuine product by the device authentication described later is registered.
  • the facility ID field 322 the facility ID of the facility where the location information transmitting device 10 is installed is registered.
  • the chip ID of the genuine position information transmitting device 10 is registered in the regular chip ID table 33.
  • the position information storage server 40 has a position information table 41 (see FIG. 7), and when receiving the position information transmitted from the position information transmitting device 10, stores the received position information in the position information table 41. ..
  • the position information table 41 includes a record ID field 411, a terminal ID field 412, a transmission time field 413, a position field 414, and a link ID field 415.
  • the record ID field 411 a unique identifier of the record in the position information table 41 is registered.
  • the terminal ID field 412 the terminal ID included in the received position information is registered.
  • the transmission time field 413 the time when the position information transmitting device 10 transmits the position information is registered.
  • the position included in the position information is registered in the position field 414.
  • the link ID field 415 a unique identifier of "a record in which personal information associated with location information is registered" in the personal information table 71 is registered.
  • the personal information acquisition device 50 is a device that acquires the personal information of the user and transmits the acquired personal information to the history storage server 60.
  • the type of personal information acquired differs depending on the type of the personal information acquisition device 50.
  • the personal information acquisition device 50B installed in the examination room is a personal computer or the like operated by a doctor or the like, and the detailed data representing the medical practice performed on the user (patient) by the doctor or the like is input to the personal information acquisition device 50B. Acquire detailed data as personal information.
  • the personal information acquisition device 50C installed in the examination room is an X-ray imaging device or the like, and X-ray image data (examination data) of the user (patient) is obtained by irradiating the user's body with X-rays. Obtained as personal information.
  • the personal information acquisition device 50C may be an MRI device or the like.
  • Personal information further includes user identification information (user's name, date of birth, medical examination ticket number, etc.) that can identify the user, acquisition time of the personal information, and location information.
  • user identification information user's name, date of birth, medical examination ticket number, etc.
  • location information is information that can identify the facility in which the personal information acquisition device 50 is installed and the room in which the personal information acquisition device 50 is installed.
  • the data format of personal information differs depending on the type. Therefore, the detailed data and the inspection data shown in FIG. 1 have different user identification information, location information, acquisition time, and other data positions.
  • the history storage server 60 When the history storage server 60 receives the personal information from the personal information acquisition device 50, the history storage server 60 refers to the user identification information included in the received personal information, encrypts the received personal information, and stores it for each user.
  • the personal information for each user stored in this way is referred to as "user history data 61".
  • the history storage server 60 transmits all the user history data 61 stored up to the present time since the last user history data 61 was transmitted at a predetermined timing (for example, on the last day of the month) via the dedicated line EL. And sends it to the personal information storage server 70.
  • the personal information storage server 70 has a personal information table 71 (see FIG. 8), and when the user history data 61 transmitted from the history storage server 60 is received, the received user history data 61 is used as personal information. Store in table 51. Specifically, the personal information storage server 70 stores one personal information included in the user history data 61 in one record of the personal information table 71.
  • the personal information table 71 includes a record ID field 711, a personal information field 712, and a link ID field 713.
  • the record ID field 711 a unique identifier of each record in the personal information table 71 is registered.
  • the personal information field 712 the personal information received by the personal information storage server 70 is registered in the encrypted state.
  • the link ID field 713 a unique identifier of the "record in which the location information associated with the personal information is registered" in the location information table 41 is registered.
  • the management server 80 is connected to the personal information storage server 70 via the dedicated line EL, and is connected to the authentication server 30 and the location information storage server 40 via the network NW.
  • the management server 80 associates the location information with the personal information. More specifically, when the location information and the personal information satisfy the matching condition, the management server 80 sets the link ID field 415 of the record corresponding to the location information in the location information table 41 to "personal information satisfying the matching condition". Register the "record identifier”. Further, the management server 80 registers the "identifier of the record of the location information satisfying the matching condition" in the link ID field 713 of the record of the personal information of the personal information table 71.
  • the management server 80 is a general computer, and is a CPU 801 and a RAM 802, a ROM 803, a network interface (I / F) 804, a dedicated line interface (I / F) 805, and an input / output interface (I / F). / F) 806. They are communicably connected to each other via bus 810.
  • the CPU 801 and the RAM 802, the ROM 803 and the network I / F 804 are the same as the CPU 101, the RAM 102, the ROM 103 and the network I / F 105 shown in FIG. 2, respectively, and thus the description thereof will be omitted.
  • the position range table 81 is stored in the RAM 802.
  • the position range table 81 includes a location information field 811 and a position range field 812.
  • place information field 811 place information that can specify the place where the personal information acquisition device 50 is installed is registered.
  • position range field 812 a predetermined position range that can be regarded as the same as the place specified by the place information (that is, the place where the personal information acquisition device 50 is installed) is registered.
  • the leased line I / F805 is an interface for connecting the management server 80 to the leased line EL.
  • the input / output I / F 806 is an interface for being connected to a keyboard and a display.
  • the authentication server 30, the location information storage server 40, the history storage server 60, and the personal information storage server 70 are also general computers like the management server 80, and are the CPU 801, RAM 802, ROM 803, network I / F 804, and the above-mentioned CPU 801 and RAM 802. It has input / output I / F806 and the like.
  • the position information transmitting devices 10A to 10C transmit the authentication request to the authentication server 30 at a predetermined timing (1005A to 1005C).
  • the predetermined timing is, for example, the initial connection timing of the position information transmitting device 10 to the network NW, and the timing at which a preset predetermined time (for example, a predetermined time before the start of business at Hospital A) is reached.
  • the authentication request transmitted by the position information transmitting device 10 includes the chip IDs (IDc1 to IDc3) of the position information transmitting device 10 and the facility ID of the position information transmitting device 10.
  • the facility ID is the identifier (IDf1) of the hospital A.
  • the facility ID is preset in each position information transmitting device 10A to 10C.
  • the authentication server 30 When the authentication server 30 receives the authentication request, it executes device authentication (1010). Specifically, the authentication server 30 determines whether or not the chip ID included in the received authentication request is registered in the regular chip ID table 33.
  • the authentication server 30 is the location information transmitting device 10 that has transmitted the authentication request. Judge that it is a genuine product.
  • the authentication server 30 registers the chip IDs (IDc1 to IDc) and the facility IDs (IDf1) included in the received authentication request in the distribution destination table 32 (1013).
  • the chip IDs (IDc1 to IDc3) and the facility ID (IDf1) are associated and registered in the distribution destination table 32.
  • the authentication server 30 transmits an authentication response (hereinafter, referred to as “authentication success response”) indicating that the device authentication has succeeded to the position information transmitting devices 10A to 10C (1015A to 1015C), respectively.
  • the authentication server 30 is the position information transmitting device 10 that has transmitted the authentication request including the chip IDs that are not registered in the regular chip ID table 33. It is determined that the product is not genuine, and an authentication response indicating that the device authentication has failed (hereinafter, referred to as "authentication failure response") is transmitted to the location information transmitting device 10.
  • the position information transmitting device 10 that has received the authentication failure response prohibits the transmission of the position information even if the user approaches the user terminal 20.
  • the location information transmitting device 10A authenticates the user (1025). In the user authentication, the location information transmitting device 10A determines whether or not the acquired terminal ID (IDt1) is registered in the agreed terminal ID table 11A. At this point, assuming that the terminal ID (“IDt1”) is not yet registered in the consented terminal ID table 11 of the location information transmitting device 10A, the user of the location information transmitting device 10A is not a consented user. Is determined, and the user is notified to that effect. For example, the location information transmitting device 10A outputs a voice message indicating that the user is not a consented user from a speaker (not shown). The message that the user is not a consented user may be displayed on the display connected to the position information transmitting device 10A or the display of the user terminal 20.
  • the user When the user agrees to transmit the location information at the hospital A, the user inputs the user information (UD1) of the user into the user terminal 20 (1030), and the user terminal 20 is sent to the location information transmission device 10A. Bring it closer.
  • the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 and the input user information (UD1) (1035).
  • the location information transmitting device 10A transmits a registration request including the "acquired terminal ID (IDt1) and user information (UD1)" and the facility ID (IDf1) to the authentication server 30 (1040). This registration request indicates that the user has consented to the transmission of location information.
  • the user agrees to send location information on a facility-by-facility basis (hospital A, hospital B (not shown), pharmacy C (not shown), etc.).
  • the authentication server 30 When the authentication server 30 receives the registration request, the authentication server 30 registers the terminal ID (IDt1), the user information (UD1), and the facility ID (IDf1) included in the received registration request in the agreed user table 31 (1045). ) (See FIG. 4). As a result, the authentication server 30 remembers that the user has consented to the transmission of the location information.
  • the authentication server 30 refers to the distribution destination table 32, and identifies the registration response including the terminal ID (IDt1) included in the received registration request by the facility ID (IDf1) included in the received registration request (A). It transmits to all the position information transmitting devices 10A to 10C installed in the hospital) (1050A to 1050C). More specifically, the authentication server 30 selects a record in which the facility ID (IDf1) included in the registration request received in the facility ID field 322 of the distribution destination table 32 is registered, and enters the chip ID field 321 of the selected record. Acquire the registered chip ID (IDt1 to IDt3). The authentication server 30 transmits a registration response including the terminal ID (IDt1) included in the received registration request to the position information transmitting devices 10A to 10C identified by the acquired chip IDs (IDt1 to IDt3).
  • the terminal ID (IDt1) included in the received registration response is registered in the agreed terminal ID tables 11A to 11C (1055A to 1055C).
  • the location information transmitting devices 10A to 10C will be used when the user terminal 20 identified by the terminal ID (IDt1) approaches. It can be determined whether or not the user is a consented user by referring to the consented terminal ID tables 11A to 11C without inquiring to the authentication server 30.
  • the location information transmission device 10A has a transmission time (10:10, September 1, 2019) indicating the time when the location information is transmitted. ),
  • the position information including the terminal ID (IDt1) of the user terminal 20 and the position P1 is transmitted to the position information storage server 40 (1060).
  • the location information storage server 40 When the location information storage server 40 receives the location information, the location information storage server 40 adds a new record (record ID "1" (see FIG. 7)) to the location information table 41, and registers the received location information in the added record. (1065).
  • the position information transmitting device 10 may transmit the position information not including the transmission time. In this case, the time when the location information storage server 40 receives the location information is regarded as the transmission time of the location information.
  • the user brings the user terminal 20 close to the position information transmission device 10 and causes the position information transmission device 10 to transmit the position information before and after the personal information is acquired by the personal information acquisition device 50. ..
  • the user moves from the reception desk of Hospital A to the examination room. As shown in FIG. 11, before the personal information acquisition device 50C acquires the inspection data, the user brings the user terminal 20 closer to the position information transmission device 10C installed in the examination room.
  • the position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1105) and authenticates the user (1110).
  • step 1055C shown in FIG. 10 since the terminal ID (IDt1) is registered in the consented terminal ID table 11C, in the position information transmitting device 10C, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:20 on September 1, 2019), the terminal ID (IDt1) and the position (P3) is transmitted to the position information storage server 40 (1115).
  • the location information storage server 40 registers the received location information in a new record (record ID “L2”) of the location information table 41 (1120).
  • the personal information acquisition device 50C acquires the user's inspection data as personal information (1125), and transmits the acquired personal information to the history storage server 60 (1130).
  • This personal information includes the user information of the user from whom the inspection data was acquired, the acquisition time of the inspection data of the personal information acquisition device 50C (10:25 on September 1, 2019), and the location information (inspection at Hospital A). Room) is further included.
  • the personal information acquisition device 50C transmits the acquired personal information to the history storage server 60.
  • the history storage server 60 receives the personal information
  • the history storage server 60 encrypts the received personal information and writes (stores) it in the user history data 61 of the user (1130).
  • the position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1135), authenticates the user (1140), and transmits the position information to the position information storage server 40 (1145).
  • This location information includes the transmission time (10:26 on September 1, 2019), the terminal ID (IDt1), and the location (P3).
  • the location information storage server 40 registers the received location information in a new record (record ID “L3”) of the location information table 41 (1150).
  • the user moves from the examination room to the examination room.
  • the personal information acquisition device 50B acquires personal information
  • the user brings the user terminal 20 close to the position information transmission device 10B.
  • the position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1155) and authenticates the user (1160).
  • step 1055B shown in FIG. 10 since the terminal ID (IDt1) is registered in the consented terminal ID table 11B, in the location information transmitting device 10B, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:30 on September 1, 2019), the terminal ID (IDt1) and the position (P2) is transmitted to the position information storage server 40 (1165).
  • the location information storage server 40 registers the received location information in a new record (record ID “L4”) of the location information table 41 (1170).
  • the personal information acquisition device 50B acquires the detailed data of the user as personal information (1175), and transmits the acquired personal information to the history storage server 60 (1180).
  • This personal information includes the user information of the user of the detailed data, the acquisition time of the detailed data of the personal information acquisition device 50B (10:35 on September 1, 2019), and the location information (examination room of Hospital A). Further included.
  • the position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1185), authenticates the user (1190), and transmits the position information to the position information storage server 40 (1195). ..
  • This location information includes the transmission time (10:36 on September 1, 2019), the terminal ID (IDt1), and the location (P2).
  • the location information storage server 40 registers the received location information in a new record (record ID “L5”) of the location information table 41 (1198).
  • the location information transmitting device 10 installed in the facility shares the terminal ID of the user terminal 20 of the user. Therefore, the location information transmission device 10 installed in the facility can perform user authentication inside the location information transmission device 10 without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 can be reduced, and the processing load of the authentication server 30 can also be reduced. Further, the position information transmitting devices 10B and 10C other than the position information transmitting device 10A that received the input of the user information erroneously determine that the user who once consented to the transmission of the position information does not consent to the transmission of the position information. It is possible to prevent this from happening.
  • the personal information storage server 70 When the personal information storage server 70 receives the user history data 61 from the history storage server 60, the personal information storage server 70 stores the personal information included in the received user history data 61 in the personal information table 71 (1210). More specifically, the personal information storage server 70 adds a new record to the personal information table 71 by the amount of the personal information included in the received user history data 61, and each of the added records has a unique identifier ( Record IDs "I1" and "I2”) are given, and personal information included in the received user history data 61 is registered in the added record.
  • the personal information storage server 70 sends a completion notification to that effect to the management server 80 (1215).
  • the management server 80 When the management server 80 receives the completion notification, it associates the personal information stored in the personal information table 71 with the location information stored in the location information table 41 (1220). More specifically, the management server 80 refers to the position range table 81 shown in FIG. 9, and its position is in a position range that can be regarded as the same as the place specified by the place information included in the personal information. Select the included location information (candidate location information). Then, the management server 80 sets the location information (immediately preceding location information) that is earlier than the acquisition time (acquisition time) of the personal information and is closest to the acquisition time from the selected location information, and the personal information. The position information (immediately after position information) that is later than the acquisition time and is closest to the acquisition time is acquired.
  • the management server 80 associates the personal information, the immediately preceding position information, and the immediately after position information with each other.
  • the CPU 801 of the management server 80 starts processing from step 1300 and proceeds to step 1305 every time a predetermined time elapses. In step 1305, the CPU 801 determines whether or not the completion notification has been received. If the completion notification has not been received, the CPU 801 determines "No" in step 1305, proceeds to step 1395, and temporarily ends this routine.
  • the CPU 801 determines "Yes” in step 1305 and executes the processes of steps 1310 to 1320.
  • Step 1310 The CPU 801 selects personal information to be processed (hereinafter, referred to as “processed personal information”) from personal information for which this routine has not been executed.
  • Step 1315 The CPU 801 is included in a position range that can be regarded as the same as the installation location of the personal information acquisition device 50 that has acquired the personal information to be processed from the location information that is not associated with any personal information. Select the position information indicating the position as the candidate position information.
  • the management server 80 selects a record in which the location information included in the processing target personal information is registered in the location information field 811 of the location range table 81 shown in FIG. Then, the management server 80 selects the position information including the position indicated by the position information in the position range registered in the position range field 812 of the acquired record as the candidate position information.
  • Step 1320 From the candidate position information selected in step 1315, the CPU 801 obtains the position information (that is, the acquisition of the processing target personal information) that is earlier than the acquisition time of the processing target personal information and is closest to the acquisition time.
  • the position information immediately before the time is selected as the immediately preceding position information, and the position information after the acquisition time of the personal information to be processed and closest to the acquisition time (that is, immediately after the acquisition time of the personal information to be processed) is selected.
  • Position information is selected as the position information immediately after.
  • the CPU 801 proceeds to step 1325, and the terminal ID included in the immediately preceding position information (hereinafter, referred to as “immediately preceding terminal ID”) and the terminal ID included in the immediately preceding position information (hereinafter, “immediately after terminal ID”). It is determined whether or not there is a match with (name).
  • the CPU 801 determines "Yes" in step 1325, proceeds to step 1330, and associates the processing target personal information, the immediately preceding position information, and the immediately following position information. Specifically, the CPU 801 registers the record ID of the record of the immediately preceding position information and the record ID of the immediately preceding position information of the position information table 41 in the link ID field 713 of the record of the personal information to be processed in the personal information table 71. Further, the CPU 801 registers the record ID of the personal information to be processed in the personal information table 71 in the link ID field 415 of the record of the immediately preceding position information and the immediately after position information of the position information table 41.
  • step 1335 determines whether or not there is personal information (hereinafter, referred to as "unprocessed personal information") for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes” in step 1335 and executes the process of step 1310 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1335, proceeds to step 1395, and temporarily ends this routine.
  • unprocessed personal information personal information for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes" in step 1335 and executes the process of step 1310 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1335, proceeds to step 1395, and temporarily ends this routine.
  • step 1325 the CPU 801 determines "No" in step 1325 and proceeds to step 1340.
  • step 1340 the CPU 801 determines that the personal information to be processed, the immediately preceding position information, and the immediately after position information cannot be associated with each other, and proceeds to step 1335. More specifically, the CPU 801 cannot associate with the link ID field 713 of the record of the personal information to be processed in the personal information table 71 and the link ID field 415 of the record of the immediately preceding position information and the immediately following position information of the position information table 41. Register the information indicating that.
  • the personal information of the record ID "I1" of the personal information table 71 shown in FIG. 8 and the immediately preceding position information of the personal information Is associated with the position information immediately after the personal information (record ID "L3" in the position information table 41 shown in FIG. 7).
  • the personal information of the record ID "I2" of the personal information table 71 shown in FIG. 8 the immediately preceding position information of the personal information (record ID "L4" of the position information table 41 shown in FIG. 7), and the said Immediately after the personal information, the position information (record ID “L5” in the position information table 41 shown in FIG. 7) is associated with the personal information.
  • the search terminal 90 is connected to the network NW and sends a search request including a search key to the management server 80 (1405).
  • the user of the search terminal 90 inputs a desired search key.
  • an age (50's) which is one of the user information, is input as a search key.
  • the search key includes at least one item included in the user information (name, date of birth, age, telephone number, address, insurer number, etc.). Executed if included.
  • the management server 80 When the management server 80 receives the search request, it transmits a terminal ID identification request including the search key included in the received search request to the authentication server 30 (1410).
  • the authentication server 30 receives the terminal ID identification request, the authentication server 30 refers to the agreed user table 31, and the terminal ID registered in the terminal ID field 311 of the record matching the search key included in the received terminal ID identification request. To get. Then, the authentication server 30 transmits a terminal ID specific response including the acquired terminal ID to the management server 80 (1415).
  • the management server 80 When the management server 80 receives the terminal ID specific response, it transmits a search request including the terminal ID included in the received terminal ID specific response to the location information storage server 40 (1420).
  • the location information storage server 40 When the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and obtains a record ID (link ID) of personal information associated with the location information that matches the terminal ID included in the received search request. get. More specifically, the location information storage server 40 selects a record in which the "terminal ID included in the received search request" is registered in the terminal ID field 412 of the location information table 41, and the link ID field 415 of the selected record. The link ID (record ID of the personal information table 71) registered in is acquired. Then, the location information storage server 40 transmits a search response including the acquired link ID to the management server 80 (1425).
  • a record ID link ID
  • the management server 80 When the management server 80 receives the search response, it transmits a search request including the link ID included in the received search response to the personal information storage server 70 (1430).
  • the personal information storage server 70 When the personal information storage server 70 receives the search request, the personal information storage server 70 refers to the personal information table 71 and acquires the personal information of the record in which the link ID included in the received search request is registered in the record ID field 711. Then, the personal information storage server 70 transmits a search response including the acquired personal information to the management server 80 (1435).
  • the management server 80 When the management server 80 receives the search response, the management server 80 transmits the received search response to the search terminal 90 (1440).
  • the search terminal 90 When the search terminal 90 receives the search response, the search terminal 90 displays the personal information included in the received search response as a search result on a display (not shown).
  • the personal information storage server 70 uses the personal information corresponding to the search key. It is necessary to search the entire personal information in order to find the item of personal information. Therefore, the load of the search process on the personal information storage server 70 becomes large.
  • the personal information storage server 70 is specified by the link ID included in the search request received in step 1430 from the personal information registered in the personal information table 71. All you have to do is to obtain "personal information to be provided". Therefore, since the personal information storage server 70 does not need to search the entire personal information, it is possible to prevent the load of the search process on the personal information storage server 70 from becoming large.
  • the user terminal 20 may send a search request instead of the search terminal 90. In this case, it is desirable to prohibit the search for personal information other than the user of the user terminal 20.
  • the search terminal 90 transmits a required time search request including location information (hospital A hospital examination room) as a search key to the management server 80 (step 1450).
  • the management server 80 receives the required time search request, the management server 80 refers to the position range table 81 shown in FIG. 9, and the position range (A hospital examination room) corresponding to the location information (A hospital examination room) included in the received required time search request. R3) is acquired (1455). Then, the management server 80 transmits a search request including the acquired position range (R3) to the position information storage server 40 (1460).
  • the position information storage server 40 refers to the position information table 41 and records a record (record ID “L2”, in which the position (P3) included in the position range (R3) included in the search request received in the position field 414 is registered. "L3") is acquired. Then, the location information storage server 40 transmits a search response including the acquired record to the management server 80 (1465).
  • the management server 80 identifies two records (record IDs "L2" and "L3") in which the same link ID is registered in the link ID field 415 in the records included in the search response. Then, the management server 80 calculates the difference between the transmission times of the two records as the required time of the personal information of the link ID (1470).
  • the management server 80 transmits a search response including the calculated required time to the search terminal 90 (1475).
  • the search terminal 90 displays the required time included in the received search response on a display (not shown). When there are a plurality of required times, the search terminal 90 may display the average value of the required times on the display.
  • the consented information includes the facility ID of the facility where the user has consented to the transmission of the location information.
  • the position information transmitting device 10 acquires the consented information from the user terminal 20.
  • the location information transmission device 10 has consented to the transmission of the location information by the user of the user terminal 20. Is determined.
  • the location information transmitting device 10 determines that the user does not consent to the transmission of the location information.
  • the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 (1505). Since the consented information is not stored in the user terminal 20 due to the above assumption, in step 1505, the position information transmitting device 10A cannot acquire the consented information from the user terminal 20. Therefore, the location information transmitting device 10A determines in the user authentication that the user of the user terminal 20 is not a consented user (1510).
  • the user agrees to transmit the location information at the hospital A, inputs the user information (UD1) into the user terminal 20 (1030), and brings the user terminal 20 closer to the location information transmitting device 10A again (1035).
  • the location information transmitting device 10A acquires the terminal ID (IDt1) and the user information (UD1) from the user terminal 20 (1035), and transmits the registration request (1040).
  • the authentication server 30 receives the registration request, it updates the agreed user table 31 (1045) and writes "the facility ID (IDf1) included in the received registration request to the user terminal as the agreed information”.
  • “Registration response (write command)" is transmitted to the position information transmission device 10A (1515).
  • the registration response includes the terminal ID (IDt1) included in the registration request received by the authentication server 30 as the terminal ID of the writing destination.
  • the location information transmitting device 10A When the location information transmitting device 10A receives the registration response, it outputs a voice message for bringing the user terminal 20 closer to the user from a speaker (not shown).
  • the position information transmitting device 10A acquires the terminal ID of the user terminal 20, and the acquired terminal ID matches the terminal ID of the writing destination included in the received registration response. Judge whether or not. If these terminal IDs do not match, the location information transmitting device 10A does not write (store) the consented information in the user terminal. In this case, it is considered that the user terminal 20 different from the user terminal 20 into which the user information is input in step 1030 is approaching the position information transmitting device 10. Therefore, it is possible to prevent the consent information from being written to the erroneous user terminal 20 by not writing the consent information when the terminal IDs do not match.
  • the location information transmitting device 10A writes (stores) the agreed information including the facility ID (IDf1) included in the received registration response in the user terminal 20 (1520). Then, the position information transmitting device 10A transmits the position information including the transmission time (10:10 on September 1, 2019), the position (P1), and the terminal ID (IDt1) (1060).
  • the position information transmitting device 10C acquires the terminal ID (IDt1) and the agreed information (1520), and authenticates the user (1520). 1525). Since the facility ID (IDf1) included in the consented information and the facility IDf1 set in the location information transmitting device 10C match, in this user authentication, the location information transmitting device 10C is a user who has consented to the user. Is determined to be. Then, the position information transmitting device 10C transmits the position information including the transmission time (10:20 on September 1, 2019), the position (P3), and the terminal ID (IDt1) to the position information storage server 40 (1115). ..
  • the location information transmitting device 10 can perform user authentication without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 and the processing load of the authentication server 30 can be reduced. Further, since the position information transmitting device 10 does not need to have the agreed terminal ID table 11, it is not necessary to provide a large-capacity storage medium. Therefore, the cost of the position information transmitting device 10 can be reduced.
  • the agreed information does not have to include the facility ID.
  • the location information transmitting device 10 can acquire the consented information from the user terminal 20 by the user authentication, it determines that the user is a consented user and has consented from the user terminal 20. If the information cannot be obtained, it is determined that the user is not a consented user.
  • the consented information stored in the user terminal 20 is deleted at a predetermined timing. It is desirable that the consented information stored in the user terminal 20 be deleted at the timing when the user leaves the facility where he / she has consented to the transmission of the location information.
  • the timing at which the user leaves the facility that has agreed to transmit the location information is one of the determination timings 1 and 2.
  • Timing 1 Timing when the position acquired by the user terminal 20 based on the GPS positioning signal is determined to be a predetermined distance away from the position of the facility
  • Timing 2 The user who has completed the accounting at the facility positions the user terminal 20 Timing of approaching the information transmission device 10A
  • the user brings the user terminal 20 closer to the location information transmission device 10A after the deletion button (not shown) of the location information transmission device 10A is operated by the clerk of the hospital A who performed the accounting.
  • the position information transmitting device 10A deletes the consented information stored in the approaching user terminal 20.
  • the predetermined timing may be a timing when a predetermined time has elapsed since the consented information was written.
  • another user terminal 20 approaches the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach. There is a possibility that it will end up. In this case, since the immediately preceding terminal ID and the immediately preceding terminal ID are different, it is determined as "No" in step 1325 shown in FIG. Therefore, even when the same user terminal 20 as the first time approaches another user terminal 20, the personal information, the immediately preceding position information, and the immediately after position information cannot be associated with each other.
  • step 1605 the CPU 801 selects the position information immediately after the immediately following position information (position information immediately after the next point) from the candidate position information selected in step 1315 shown in FIG. 13, and proceeds to step 1610.
  • the CPU 801 determines “Yes” in step 1610 shown in FIG. It is determined whether or not the terminal ID) immediately after the point matches.
  • the CPU 801 determines "Yes" in step 1615 and proceeds to step 1330 shown in FIG. As a result, the personal information to be processed, the immediately preceding position information, and the immediately after runner-up position information are associated with each other.
  • the CPU 801 determines "No" in step 1615 shown in FIG. 16, returns to step 1605, and immediately after the current runner-up immediately after position information.
  • the position information of is selected as the position information immediately after the new runner-up.
  • step 1610 determines “No” in step 1610 and proceeds to step 1620.
  • step 1620 the CPU 801 selects the position information immediately before the previous position information (the position information immediately before the next point) from the candidate position information selected in step 1315 shown in FIG. 13, and is shown in FIG. Proceed to step 1625.
  • the CPU 801 determines “Yes” in step 1625 shown in FIG. 16, proceeds to step 1630, and proceeds to step 1630, where the terminal ID of the position information immediately before the next point (terminal immediately before the next point). It is determined whether or not the ID) and the immediately after terminal ID match.
  • the CPU 801 determines "Yes” in step 1630 and proceeds to step 1330 shown in FIG. As a result, the personal information to be processed, the position information immediately before the runner-up, and the position information immediately after the runner are associated with each other.
  • the CPU 801 determines "No" in step 1630 shown in FIG.
  • the position information of is selected as the position information immediately before the new runner-up.
  • the CPU 801 determines “No” in step 1625 and proceeds to step 1345 shown in FIG. As a result, the personal information to be processed is not related to any location information.
  • step 1325 shown in FIG. 13 the position information immediately after the next point is selected first from the position information immediately before the next point and the position information immediately after the next point. However, the position information immediately before the runner-up may be selected first. More specifically, if "No" is determined in step 1325 shown in FIG. 13, the CPU 801 executes the processes of steps 1620 to 1630. If the CPU 801 determines "No” in step 1625, the CPU 801 proceeds to step 1605. If the CPU 801 determines "No” in step 1610, the CPU 801 proceeds to step 1345 shown in FIG.
  • the CPU 101 of the position information transmitting device 10 starts processing from step 1700 and proceeds to step 1705 every time a predetermined time elapses.
  • the CPU 101 determines whether or not the terminal ID of the user terminal 20 has been acquired.
  • step 1705 the CPU 101 determines "No" in step 1705, proceeds to step 1795, and temporarily ends this routine.
  • step 1705 the CPU 101 determines "Yes” in step 1705 and proceeds to step 1710.
  • step 1710 the CPU 101 determines whether or not the acquired terminal ID is registered in the agreed terminal ID table 11.
  • the CPU 101 determines "Yes” in step 1710 (that is, determines that the user is a consented user), and proceeds to step 1715. .. In step 1715, the CPU 101 stores the previous terminal ID, which is the terminal ID of the user terminal 20, which is stored when the position information is transmitted due to the user terminal 20 approaching for the first time. Judge whether or not.
  • step 1705 the approach of the user terminal 20 that triggered the position information transmitting device 10 to acquire the terminal ID in step 1705 is considered to be the first approach.
  • the CPU 101 determines “Yes” in step 1715 and proceeds to step 1720.
  • step 1720 the CPU 101 stores the terminal ID acquired in step 1705 (hereinafter, referred to as “this time terminal ID”) as the previous terminal ID, and proceeds to step 1725 to transmit the position information. After that, the CPU 101 proceeds to step 1795 and temporarily ends this routine.
  • step 1715 determines "No" in step 1715 and proceeds to step 1730.
  • step 1730 the CPU 101 determines whether or not the current terminal ID acquired in step 1705 this time matches the previous terminal ID.
  • step 1730 the CPU 101 determines "Yes” in step 1730 and proceeds to step 1735.
  • step 1735 the CPU 101 deletes the previous terminal ID and the current terminal ID, and proceeds to step 1725 to transmit the position information.
  • step 1730 determines "No" in step 1730, executes the processes of steps 1738 and 1740, proceeds to step 1795, and temporarily ends this routine. To do.
  • Step 1738 The CPU 101 deletes the terminal ID this time.
  • Step 1740 The CPU 101 notifies the abnormality. In this abnormality notification, for example, the CPU 101 outputs a voice message indicating that a user terminal 20 different from the previous user terminal 20 has approached from a speaker (not shown).
  • step 1710 determines "No" in step 1710 (determines that the user is not the agreed user). Proceed to step 1745.
  • step 1745 the CPU 101 notifies the non-consent user and proceeds to step 1750.
  • the CPU 101 outputs a voice message indicating that the user is not a consented user from a speaker (not shown).
  • step 1750 the CPU 101 determines whether or not the user information has been input. Specifically, when the CPU 101 acquires the user information together with the terminal ID, it determines that the user information has been input.
  • step 1750 If the user information is not input in step 1750, the CPU 101 determines "No" in step 1750, proceeds to step 1795, and temporarily ends this routine.
  • step 1750 when the user information is input in step 1750, the CPU 101 determines "Yes" in step 1750, proceeds to step 1755, and transmits a terminal ID and user information registration request to the authentication server 30. .. After that, the CPU 101 proceeds to step 1795 to temporarily end this routine.
  • the position information transmitting device 10 does not transmit the position information unless the acquired terminal ID this time and the immediately preceding acquired terminal ID match. As a result, even if another user terminal is brought close to the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach, the position information Is not sent. As a result, the personal information, the immediately preceding position information, and the immediately after position information of the same user can be more accurately associated with each other.
  • the authentication server 30 stores a plurality of user terminals 20 used by the same user in association with the user information of the user.
  • the authentication server 30 stores the terminal IDs of a plurality of user terminals 20 and 25 used (carried) by the same user in association with the user information of the user.
  • the user terminal (IC card) 25 different from the user terminal (smartphone) 20 when the user gives the consent Is brought closer to the position information transmitting device 10A.
  • the position information transmitting device 10A acquires the terminal ID (IDt2) of the user terminal 25 (1805).
  • the location information transmitting device 10A authenticates the user (1025). Assuming that the terminal ID (IDt2) is not registered in the consented terminal ID table 11A, in this user authentication, the location information transmitting device 10A determines that this user is not a consented user, and uses the above-mentioned non-consented use. Notify the person.
  • the user inputs the user information UD1 to the position information transmission device 10A via a keyboard (not shown) connected to the position information transmission device 10A (1810). Since the user shown in FIG. 10 and the user in this example are the same, the user information UD1 input in step 1810 is the same as the user information UD1 input in step 1030 shown in FIG. It is the same.
  • the position information transmitting device 10A has a touch panel type display, the user may accept input of user information via the touch panel type display.
  • the position information transmitting device 10A acquires the terminal ID (IDt2) from the user terminal 25 (1815). Then, the location information transmission device 10A transmits a registration request including the acquired terminal ID (IDt2), the input user information UD1 and the facility ID (IDf1) to the authentication server 30 (1040).
  • the authentication server 30 When the authentication server 30 receives the registration request, it associates the terminal ID t2 included in the received registration request with the user information UD1 and registers it in the agreed user table 31. As a result, the terminal ID (IDt1) and the terminal ID (IDt2) are registered in the user information UD1 (see FIG. 18). Since the subsequent processing is the same as steps 1045 to 1065 shown in FIG. 10, the description thereof will be omitted.
  • the personal information acquired when the user terminal 20 is brought close to the user terminal 20 and the personal information acquired when the user terminal 25 is brought close to the user terminal 25 are managed as personal information acquired from the same user. Will be done.
  • a user registered in the agreed user table 31 in which the user information UD1 is associated with the terminal ID (IDt1) and the terminal ID (IDt2) in FIG. A ”) will explain an example of searching for its own personal information.
  • the user A operates the search terminal 90 and inputs the user information UD1 (for example, the name and the date of birth) that can identify the user A.
  • the search terminal 90 receives the input of the user information, the search terminal 90 transmits a search request including the user information as a search key to the management server 80 in step 1405.
  • the management server 80 transmits the terminal ID identification request including the user information to the authentication server 30 in step 1410.
  • the authentication server 30 acquires the terminal ID of the record that matches the search key from the agreed user table 31. In this case, two terminal IDs (IDt1 and IDt2) are registered in the record of the user information UD1 of the user A. Therefore, the authentication server 30 transmits a terminal ID specific response including the two terminal IDs (IDt1 and IDt2) to the management server 80 in step 1515. Since the processing after step 1520 is the same as the processing described above, the description thereof will be omitted.
  • the user concerned No matter which user terminal (20 or 25) A brings the user terminal (20 or 25) close to the location information transmitting device the personal information acquired at that time can be searched as the same user A's personal information.
  • the position information transmission device 10 further includes type identification information capable of specifying a type ID indicating an identifier of the type of personal information acquired by the personal information acquisition device 50 installed at a location corresponding to itself. Information is transmitted to the location information storage server 40. As a result, the location information and the type ID are associated and managed. As a result, when the search key includes the type ID of the personal information, the management server 80 refers to the location information table 41 without referring to the personal information stored in the personal information table 71 as being encrypted. Only by itself, the personal information of the type ID included in the search key can be specified.
  • the location information storage server 40 further has a type table 42.
  • the type table 42 includes a chip ID field 421 and a type ID field 422.
  • the chip ID of the position information transmitting device 10 is registered in the chip ID field 421, and the type ID is registered in the type ID field 422.
  • the position information table 41 includes the chip ID field 2101 and the type ID field 2102 in addition to the above fields 411 to 415.
  • the chip ID is registered in the chip ID field 2101, and the type ID is registered in the type ID field 2102.
  • the position information transmitting device 10 transmits the position information including the chip ID as the type identification information to the position information storage server 40.
  • the location information storage server 40 receives the location information, the location information storage server 40 refers to the type table and acquires the type ID corresponding to the chip ID included in the location information. Then, the position information storage server 40 registers the chip ID included in the received position information in the chip ID field 2101 of the position information table, and registers the type ID corresponding to the chip ID in the type ID field 2102.
  • step 1405 the search terminal 90 transmits a search request including the age and the type ID as the search key to the management server 80.
  • the management server 80 searches including "the terminal ID of the user terminal 20 used by the user matching the age, which is one of the search keys," and "the type ID, which is one of the search keys.”
  • the request is transmitted to the location information storage server 40.
  • the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and acquires a link ID of a record that matches the terminal ID included in the received search request and that matches the type ID.
  • the location information storage server 40 transmits a search response including the acquired link ID to the management server 80. Since the subsequent processing is the same as that in FIG. 14, the description thereof will be omitted.
  • the position information matching the type ID which is the search key is specified by referring to the position information table 41, and the position information is specified from the personal information table 71. Acquire personal information associated with location information. This makes it possible to search for personal information that matches the search key without decrypting the encrypted personal information.
  • the chip ID has been described as an example of the type identification information, but the type identification information is information that can identify the position information transmitting device 10 (for example, the Mac address and the IP address of the position information transmitting device 10). May be good. Further, if the type ID of the personal information acquired by the personal information acquisition device 50 installed at the location corresponding to the position information transmission device 10 is set in advance, the type ID can be used as the type identification information. Good. In this case, the location information storage server 40 does not have to have the type table 42 shown in FIG. Further, the position information table 41 shown in FIG. 21 does not have to include the chip ID field 2101.
  • this management system has been applied to hospitals in the above embodiment, it can be applied in various situations.
  • this management system can also be applied to home-visit nursing services and retail stores.
  • the home-visit nursing service is a service in which a nurse visits a user's home and performs various treatments on the user.
  • a location information transmitting device 10 is installed at the user's home.
  • the personal information acquisition device 50 is a notebook computer, a smartphone, or the like carried by a nurse who visits the user's home.
  • the location information transmitting device 10 may be brought to the user's home each time the nurse visits the user's home.
  • the nurse who visited the user's home will carry out various treatments (body temperature measurement, blood pressure measurement, bedsore assistance, etc.) to the user according to the home-visit nursing plan planned in advance.
  • the user brings the user terminal 20 closer to the position information transmitting device 10 before and after the implementation of one treatment.
  • the nurse performs one procedure after the user first brings the user terminal 20 closer to the position information transmitting device 10.
  • the nurse After performing one treatment, the nurse inputs the execution time of the treatment into the personal information acquisition device 50D, so that the personal information acquisition device 50 acquires the detailed data of the user as personal information.
  • This personal information includes the acquisition time of the personal information, the actual personal information, and the place information.
  • This location information is information that can identify the home (service user's home) of the home-visit nursing service user. For example, personal information is specified by a service user identifier (service user ID) or the like on which the treatment is performed.
  • service user ID service user identifier
  • the user ID is registered in the location information field 811 of the position range table 81 of the management server 80, and the range of the position of the service user's house is registered in the position range field 812.
  • the personal information acquisition device 50 When the nurse finishes the home-visit nursing service and arrives at the business establishment, the personal information acquisition device 50 is connected to the history storage server 60, and the personal information is transmitted to the history storage server 60. Since the process of associating the location information with the personal information by the management server 80 is the same as the routine shown in FIG. 10, the description thereof will be omitted.
  • the personal information acquisition device 50 is a register installed in the retail store.
  • the position information transmitting device 10 is installed near this register. The user brings the user terminal 20 closer to the position information transmitting device 10 before and after the settlement of the charge.
  • the personal information in this case is the purchase history of the user acquired by the personal information acquisition device 50 which is a register.
  • the present invention is not limited to the above embodiment, and various modifications of the present invention can be adopted.
  • the location information transmitting device 10 may inquire to the authentication server 30 whether or not the user of the approaching user terminal 20 has consented to the transmission of the location information. In this case, the location information transmitting device 10 transmits a user authentication request including the terminal ID of the approaching user terminal 20 and its own facility ID to the authentication server 30. When the terminal ID and the facility ID included in the user authentication request are recorded in the same record in the consented user table 31, the authentication server 30 indicates that the user has consented to the transmission of the location information. The user authentication success response is transmitted to the location information transmitting device 10.
  • the authentication server 30 indicates that the user does not consent to the transmission of the location information.
  • the user authentication failure response is transmitted to the location information transmitting device 10.
  • the user identifier may be used instead of the terminal ID.
  • the process of associating personal information with location information may be executed by a computer other than the management server 80.
  • a computer other than the management server 80 any one of the authentication server 30, the location information storage server 40, and the personal information storage server 70 may execute the process.
  • Device authentication and user information registration are performed by the authentication server 30, but may be performed by different computers.
  • the position information transmitting device 10 acquires the position information from the GPS satellite or the IMES transmitter, but is not limited to this, and may acquire its own position information by using other means.
  • 10A to 10C ... location information transmission device, 20 ... user terminal, 30 ... authentication server, 40 ... location information storage server, 50B and 50C ... personal information acquisition device, 60 ... history storage server, 70 ... personal information storage server, 80 ... Management server.

Abstract

A management system provided with: a location information transmission device that, when a user terminal approaches, becomes capable of communicating with the user terminal and transmits, to a prescribed storage device, location information indicating a preset location of the transmission device itself; and a management device for associating the location information and personal information with each other and managing the associated information. The management device is configured so as to acquire immediately prior location information and immediately subsequent location information from candidate location information, which is location information indicating a location within a prescribed range that can be considered to be in the same location as an personal information acquisition device that acquires the personal information, the immediately prior location information being location information that has been transmitted prior to the acquisition time of the personal information and at the point in time closest to said acquisition time, and the immediately subsequent location information being location information that has been transmitted subsequent to the acquisition time of the personal information and at the point in time closest to the acquisition time. In addition, the management device is configured so as to manage the personal information, the immediately prior location information, and the immediately subsequent location information, in association with each other.

Description

管理システム、管理装置、及び管理方法Management system, management device, and management method
 本発明は、利用者の個人情報を管理する管理システム、管理装置、及び管理方法に関する。 The present invention relates to a management system, a management device, and a management method for managing personal information of users.
 従来から特許文献1に提案されているように、利用者の位置情報と利用者の個人情報とを管理する管理システム(以下、「従来システム」と称呼する。)が知られている。より詳細には、特許文献1では、利用者の携帯端末(利用者端末)が、時空タグと端末IDとを所定時間が経過する毎に所定の記憶装置に送信し、当該記憶装置が端末ID毎に時空タグを記憶しておく。時空タグは、位置情報及び時刻情報を含む。 Conventionally, as proposed in Patent Document 1, a management system (hereinafter referred to as "conventional system") that manages a user's position information and a user's personal information is known. More specifically, in Patent Document 1, the user's mobile terminal (user terminal) transmits the space-time tag and the terminal ID to a predetermined storage device every time a predetermined time elapses, and the storage device sends the terminal ID. Remember the space-time tag for each. The space-time tag includes position information and time information.
 一方、利用者の個人情報を取得する端末装置(個人情報取得装置)が施設(一例としては、病院及び小売店等)に設置されており、この端末装置は、NFC(Near Field Communication)機能を用いて携帯端末から直近の時空タグを取得し、個人情報に時空タグを付加して上記記憶装置に送信する。上記記憶装置は、携帯端末から送信された時空タグと端末装置から送信された時空タグとを照合することによって、利用者毎の個人情報を集約することができる。 On the other hand, a terminal device (personal information acquisition device) for acquiring user's personal information is installed in a facility (for example, a hospital or a retail store), and this terminal device has an NFC (Near Field Communication) function. The latest space-time tag is acquired from the mobile terminal, the space-time tag is added to the personal information, and the information is transmitted to the storage device. The storage device can aggregate personal information for each user by collating the space-time tag transmitted from the mobile terminal with the space-time tag transmitted from the terminal device.
特開2015-99558号公報(段落0033、0045及び0172等を参照。)Japanese Unexamined Patent Publication No. 2015-99558 (see paragraphs 0033, 0045, 0172, etc.)
 従来システムにおいては、携帯端末の時空タグを常に取得するためには、携帯端末の位置情報取得機能が常に有効に設定されている必要がある。更には、携帯端末の位置情報が改ざんされる可能性も考えられる。 In the conventional system, in order to always acquire the space-time tag of the mobile terminal, it is necessary that the position information acquisition function of the mobile terminal is always enabled. Furthermore, it is possible that the location information of the mobile terminal may be falsified.
 更に、従来システムにおいては、時空タグを個人情報に付加できるようにために、既存の個人情報取得装置に改良を加える必要がある。このような既存の個人情報取得装置への改良は上記従来システムの導入を顧客に躊躇させる一因となる可能性がある。 Furthermore, in the conventional system, it is necessary to improve the existing personal information acquisition device so that the space-time tag can be added to the personal information. Such improvements to the existing personal information acquisition device may contribute to the customer's hesitation in introducing the above-mentioned conventional system.
 これらの問題を解決するために、携帯端末及び個人情報取得装置の代わりに位置情報を送信する位置情報送信装置を採用することが考えられる。位置情報送信装置は、携帯端末が接近した場合に位置情報を送信する。 In order to solve these problems, it is conceivable to adopt a location information transmission device that transmits location information instead of a mobile terminal and a personal information acquisition device. The position information transmitting device transmits the position information when the mobile terminal approaches.
 このようなシステムにおいては、個人情報取得装置が個人情報を取得する直前又は直後に、携帯端末を1回のみ位置情報送信装置に接近させることによって位置情報を送信することが考えられる。 In such a system, it is conceivable to transmit the position information by bringing the mobile terminal close to the position information transmission device only once immediately before or immediately after the personal information acquisition device acquires the personal information.
 ここで、業務効率化等を目的として個人情報の取得に要した時間(所要時間)を把握したいという要望がある。取得開始時刻と取得終了時刻とを含み、所要時間が計算可能な個人情報も存在する可能性がある。しかしながら、個人情報の種類によって取得開始時刻及び取得終了時刻の位置が異なる可能性が高く、更に、取得開始時刻及び取得終了時刻を含まない個人情報も多く存在する。 Here, there is a request to grasp the time (required time) required for acquiring personal information for the purpose of improving work efficiency. There may be personal information whose required time can be calculated, including the acquisition start time and the acquisition end time. However, there is a high possibility that the positions of the acquisition start time and the acquisition end time will differ depending on the type of personal information, and there are many personal information that does not include the acquisition start time and the acquisition end time.
 従って、位置情報を参照して所要時間を計算可能なシステムの提供が望まれるが、上記システムでは、個人情報の取得直前又は取得直後に1回のみ位置情報が送信されるため、位置情報を参照して所要時間を計算できない。 Therefore, it is desired to provide a system that can calculate the required time by referring to the location information. However, in the above system, the location information is transmitted only once immediately before or immediately after the acquisition of the personal information, so that the location information is referred to. And the required time cannot be calculated.
 本発明は上述した課題に対処するためになされたものである。即ち、本発明の目的は、既存の個人情報取得装置に変更を加えず且つ利用者端末に位置情報を取得させずに、正確に同一人の個人情報と位置情報とを関連付ける管理システムを提供することにある。更に、本発明の目的は、個人情報の取得に要した時間を計算可能な管理システムを提供することにある。 The present invention has been made to address the above-mentioned problems. That is, an object of the present invention is to provide a management system that accurately associates the personal information of the same person with the location information without modifying the existing personal information acquisition device and without causing the user terminal to acquire the location information. There is. Furthermore, an object of the present invention is to provide a management system capable of calculating the time required for acquiring personal information.
 本発明の管理システム(以下、「本管理システム」とも呼称する。)は、
 前記利用者が携帯する利用者端末(20、25)が接近した場合、当該利用者端末と通信可能になり、且つ、予め設定された自身の位置を示す位置情報を所定の記憶装置(40)に送信する位置情報送信装置(10)と、
 前記位置情報と前記個人情報とを関連付けて管理する管理装置(80)と、を備える。 The management system of the present invention (hereinafter, also referred to as "the management system") is
When the user terminals (20, 25) carried by the user approach, the user terminal can communicate with the user terminal, and the predetermined storage device (40) stores the preset position information indicating its own position. The position information transmitting device (10) to be transmitted to
A management device (80) for associating and managing the location information and the personal information is provided.
 前記管理装置は、
 前記個人情報を取得した個人情報取得装置と同じ場所に設置されたと見做すことができる所定範囲内の位置を示す位置情報である候補位置情報の中から(ステップ1315)、当該個人情報の取得時点よりも前であって且つ当該取得時点に最も近い時点にて送信された位置情報である直前位置情報及び当該個人情報の取得時点よりも後あって且つ当該取得時点に最も近い時点にて送信された位置情報である直後位置情報を取得し(ステップ1320)、
 前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する(ステップ1330)、
 ように構成されている。 The management device is
Acquisition of the personal information from the candidate position information which is the position information indicating the position within a predetermined range that can be regarded as being installed in the same place as the personal information acquisition device that acquired the personal information (step 1315). The position information that is the position information that was transmitted before the time point and at the time closest to the acquisition time point is transmitted at the time point that is later than the acquisition time point of the personal information and the time point closest to the acquisition time point. Immediately after the position information is acquired, the position information is acquired (step 1320), and the position information is acquired.
The personal information, the immediately preceding position information, and the immediately preceding position information are associated and managed (step 1330).
It is configured as follows.
 位置情報が示す位置が、個人情報を取得した個人情報取得装置と同じ場所に設置されたと見做すことができる所定範囲内に属し、且つ、当該個人情報の取得時点の直前又は直後に送信されていれば、個人情報取得装置によって個人情報が取得された利用者と、位置情報送信装置に利用者端末を接近させたことにより位置情報送信装置に位置情報を送信させた利用者と、が同一人である可能性が高い。なぜなら、これらの利用者は、同時刻にて同場所に位置しているためである。これによって、本管理システムによれば、同一人の位置情報と個人情報とより正確に関連付けることができる。更に、ある個人情報に対して直前位置情報と直後位置情報とを関連付けているため、当該個人情報の取得に要した時間も計算可能である。 The position indicated by the location information belongs to a predetermined range that can be regarded as being installed in the same place as the personal information acquisition device that acquired the personal information, and is transmitted immediately before or after the acquisition time of the personal information. If so, the user whose personal information has been acquired by the personal information acquisition device and the user who has the position information transmission device transmit the position information by bringing the user terminal closer to the position information transmission device are the same. Most likely a person. This is because these users are located at the same place at the same time. Thereby, according to this management system, the location information of the same person and the personal information can be more accurately associated with each other. Further, since the immediately preceding position information and the immediately preceding position information are associated with a certain personal information, the time required for acquiring the personal information can also be calculated.
 更に、既存の個人情報には少なくとも当該個人情報を取得した個人情報取得装置の設置場所を特定する場所情報及び取得時刻が含まれていればよいため、既存の個人情報取得装置をそのまま用いることができ、既存の個人情報取得装置に変更を加える必要はない。更に、位置情報は、利用者端末によって送信されずに位置情報送信装置によって送信されるため、利用者端末の位置情報取得機能を無効に設定しておいてもよいし、利用者端末側で位置情報が改ざんされるおそれもない。 Further, since the existing personal information only needs to include at least the place information for specifying the installation location of the personal information acquisition device that acquired the personal information and the acquisition time, the existing personal information acquisition device can be used as it is. Yes, there is no need to make changes to the existing personal information acquisition device. Further, since the position information is not transmitted by the user terminal but is transmitted by the position information transmitting device, the position information acquisition function of the user terminal may be disabled, or the position on the user terminal side. There is no risk of the information being tampered with.
 本発明の一態様において、
 前記位置情報送信装置は、
 前記利用者端末が接近した場合、前記利用者端末の識別子である端末識別子を当該利用者端末から取得し(ステップ1105、ステップ1135、ステップ1155、ステップ1185)、
 前記取得した端末識別子を含む前記位置情報を送信する(ステップ1115、ステップ1145、ステップ1165、ステップ1195)、
 ように構成され、
 前記管理装置は、
 前記直前位置情報に含まれる前記端末識別子である直前端末識別子と前記直後位置情報に含まれる前記端末識別子である直後端末識別子とが一致する場合(ステップ1325にて「Yes」)、前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する(ステップ1330)、
 ように構成されている。 In one aspect of the invention
The position information transmitting device is
When the user terminal approaches, the terminal identifier, which is the identifier of the user terminal, is acquired from the user terminal (step 1105, step 1135, step 1155, step 1185).
The location information including the acquired terminal identifier is transmitted (step 1115, step 1145, step 1165, step 1195).
Is configured as
The management device is
When the immediately preceding terminal identifier which is the terminal identifier included in the immediately preceding position information and the immediately preceding terminal identifier which is the immediately preceding terminal identifier included in the immediately after position information match (“Yes” in step 1325), the personal information and the personal information The immediately preceding position information and the immediately preceding position information are managed in association with each other (step 1330).
It is configured as follows.
 これによって、直前端末識別子と直後端末識別子とが一致しない場合、個人情報と直前位置情報と直後位置情報とを関連付けられないので、同一人の位置情報と個人情報とより正確に関連付けることができる。 As a result, if the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match, the personal information, the immediately preceding position information, and the immediately following position information cannot be associated with each other, so that the same person's location information and personal information can be associated more accurately.
 本発明の一態様において、
 前記管理装置は、
 前記直前位置情報の送信時点と前記直後位置情報の送信時点との差分が閾値差分以下であって、且つ、前記直前端末識別子と前記直後端末識別子とが一致する場合(ステップ1325にて「Yes」)、前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する(ステップ1330)、
 ように構成されている。 In one aspect of the invention
The management device is
When the difference between the time of transmission of the immediately preceding position information and the time of transmission of the immediately after position information is equal to or less than the threshold difference, and the immediately preceding terminal identifier and the immediately following terminal identifier match (“Yes” in step 1325). ), The personal information, the immediately preceding position information, and the immediately after position information are managed in association with each other (step 1330).
It is configured as follows.
 これによって、直前位置情報の送信時点と直後位置情報の送信時点との差分が閾値差分よりも大きい場合、個人情報と直前位置情報と直後位置情報とを関連付けられないので、同一人の位置情報と個人情報とより正確に関連付けることができる。 As a result, if the difference between the time when the immediately preceding position information is transmitted and the time when the immediately after position information is transmitted is larger than the threshold difference, the personal information, the immediately before position information, and the immediately after position information cannot be associated with each other. It can be more accurately associated with personal information.
 本発明の一態様において、
 前記管理装置は、
 前記直前端末識別子と前記直後端末識別子とが一致しない場合において(ステップ1325にて「No」)、前記候補位置情報の中から、前記直前位置情報の送信時点よりも前であって且つ当該送信時点に最も近い時点にて送信された位置情報である次点直前位置情報を選択し(ステップ1605)、
 前記次点直後位置情報に含まれる端末識別子と前記直前端末識別子とが一致する場合(ステップ1610)、前記個人情報と前記直前位置情報と前記次点直後位置情報とを関連付けて管理する(ステップ1330)、
 ように構成されている。 In one aspect of the invention
The management device is
When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match (“No” in step 1325), the candidate position information is before the transmission time of the immediately preceding position information and at the transmission time. Select the position information immediately before the runner-up, which is the position information transmitted at the time closest to (step 1605), and
When the terminal identifier included in the position information immediately after the next point and the terminal identifier immediately before the next point match (step 1610), the personal information, the position information immediately before the point, and the position information immediately after the next point are managed in association with each other (step 1330). ),
It is configured as follows.
 本発明の一態様において、
 前記管理装置は、
 前記直前端末識別子と前記直後端末識別子とが一致しない場合において(ステップ1325にて「No」)、前記候補位置情報の中から、前記直前位置情報の送信時点よりも前であって且つ当該送信時点に最も近い時点にて送信された位置情報である次点直前位置情報を選択し(ステップ1620)、
 前記次点直前位置情報に含まれる端末識別子と前記直前端末識別子とが一致する場合(ステップ1630にて「Yes」)、前記個人情報と前記次点直前位置情報と前記直後位置情報とを関連付けて管理する(ステップ1330)、
 ように構成されている。 In one aspect of the invention
The management device is
When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match (“No” in step 1325), the candidate position information is before the transmission time of the immediately preceding position information and at the transmission time. Select the position information immediately before the runner-up, which is the position information transmitted at the time closest to (step 1620), and
When the terminal identifier included in the runner-up immediately preceding position information and the immediately preceding terminal identifier match (“Yes” in step 1630), the personal information, the runner-up point immediately preceding position information, and the immediately preceding position information are associated with each other. Manage (step 1330),
It is configured as follows.
 上記二つの態様によれば、利用者が個人情報の取得前に利用者端末を位置情報送信装置に接近させてから個人情報の取得後に利用者端末を位置情報送信装置に接近させるまでの間に他の利用者端末を位置情報送信装置に接近させてしまった場合であっても、当該個人情報と当該個人情報が取得された利用者の位置情報とを関連付けることができる。 According to the above two aspects, between the time when the user brings the user terminal closer to the position information transmission device before the acquisition of personal information and the time when the user terminal approaches the position information transmission device after the acquisition of personal information. Even when another user terminal is brought close to the position information transmitting device, the personal information can be associated with the position information of the user from whom the personal information has been acquired.
 本発明の一態様において、
 前記位置情報送信装置は、
 前記端末識別子を新たに取得した場合(ステップ1705にて「Yes」)、前回取得した端末識別子である前回端末識別子が記憶されているか否かを判定し(ステップ1715)、
 前記前回端末識別子が記憶されていないと判定した場合(ステップ1715にて「Yes」)、前記今回端末識別子を前記前回端末識別子として記憶し(ステップ1720)、前記位置情報を送信し(ステップ1725)、
 前記前回端末識別子が記憶されていると判定した場合(ステップ1715にて「No」)、前記新たに取得した端末識別子である今回端末識別子と前記前回端末識別子とが一致するか否かを判定し(ステップ1730)、
 前記今回端末識別子と前記前回端末識別子とが一致すると判定した場合(ステップ1730にて「Yes」)、前記位置情報を送信するとともに(ステップ1725)、前記前回端末識別子を削除し、前記今回端末識別子を前記前回端末識別子として記憶せずに削除し(ステップ1735)、
 前記今回端末識別子と前記前回端末識別子とが一致しないと判定した場合(ステップ1730にて「No」)、前記位置情報を送信せず、前記今回端末識別子を前記前回端末識別子として記憶せずに削除する(ステップ1738)、
 ように構成されている。 In one aspect of the invention
The position information transmitting device is
When the terminal identifier is newly acquired (“Yes” in step 1705), it is determined whether or not the previous terminal identifier, which is the previously acquired terminal identifier, is stored (step 1715).
When it is determined that the previous terminal identifier is not stored (“Yes” in step 1715), the current terminal identifier is stored as the previous terminal identifier (step 1720), and the position information is transmitted (step 1725). ,
When it is determined that the previous terminal identifier is stored (“No” in step 1715), it is determined whether or not the current terminal identifier, which is the newly acquired terminal identifier, and the previous terminal identifier match. (Step 1730),
When it is determined that the current terminal identifier and the previous terminal identifier match (“Yes” in step 1730), the position information is transmitted (step 1725), the previous terminal identifier is deleted, and the current terminal identifier is deleted. Is deleted without being stored as the terminal identifier of the previous time (step 1735).
When it is determined that the current terminal identifier and the previous terminal identifier do not match (“No” in step 1730), the position information is not transmitted and the current terminal identifier is deleted without being stored as the previous terminal identifier. (Step 1738),
It is configured as follows.
 これによって、今回端末識別子と前回端末識別子とが一致しなければ、位置情報は送信されないので、同一人の位置情報と個人情報とより正確に関連付けることができる。 As a result, if the terminal identifier this time and the terminal identifier last time do not match, the location information is not transmitted, so that the location information and personal information of the same person can be associated more accurately.
 なお、上記説明においては、発明の理解を助けるために、後述する実施形態に対応する発明の構成に対し、その実施形態で用いた名称及び/又は符号を括弧書きで添えている。しかしながら、発明の各構成要素は、前記名称及び/又は符号によって規定される実施形態に限定されるものではない。本発明の他の目的、他の特徴及び付随する利点は、以下の図面を参照しつつ記述される本発明の実施形態についての説明から容易に理解されるであろう。 In the above description, in order to help the understanding of the invention, the name and / or the code used in the embodiment is added in parentheses to the structure of the invention corresponding to the embodiment described later. However, each component of the invention is not limited to the embodiments defined by the names and / or symbols. Other objects, other features and accompanying advantages of the invention will be readily understood from the description of embodiments of the invention described with reference to the drawings below.
図1は、本発明の実施形態に係る管理システム(本管理システム)の概略システム構成図である。FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention. 図2は、図1に示した位置情報送信装置のハードウェア構成図である。FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG. 図3は、図1に示した位置情報送信装置が有する同意済端末IDテーブルの説明図である。FIG. 3 is an explanatory diagram of a consented terminal ID table included in the position information transmitting device shown in FIG. 図4は、図1に示した認証サーバが有する同意済利用者テーブルの説明図である。FIG. 4 is an explanatory diagram of a consented user table included in the authentication server shown in FIG. 図5は、図1に示した認証サーバが有する配布先テーブルの説明図である。FIG. 5 is an explanatory diagram of a distribution destination table included in the authentication server shown in FIG. 図6は、図1に示した認証サーバが有する正規チップIDテーブルの説明図である。FIG. 6 is an explanatory diagram of a regular chip ID table included in the authentication server shown in FIG. 図7は、図1に示した位置情報記憶サーバが有する位置情報テーブルの説明図である。FIG. 7 is an explanatory diagram of a location information table included in the location information storage server shown in FIG. 図8は、図1に示した個人情報記憶サーバが有する個人情報テーブルの説明図である。FIG. 8 is an explanatory diagram of a personal information table included in the personal information storage server shown in FIG. 図9は、図1に示した管理サーバのハードウェア構成図である。FIG. 9 is a hardware configuration diagram of the management server shown in FIG. 図10は、本管理システムにおける装置認証及び同意済利用者登録のシーケンス図である。FIG. 10 is a sequence diagram of device authentication and consented user registration in this management system. 図11は、本管理システムにおける位置情報の送信及び個人情報の取得のシーケンス図である。FIG. 11 is a sequence diagram of transmission of location information and acquisition of personal information in this management system. 図12は、本管理システムにおける位置情報と個人情報との関連付けのシーケンス図である。FIG. 12 is a sequence diagram of the association between the location information and the personal information in this management system. 図13は、図1に示した管理サーバが実行する関連付け処理のフローチャートである。FIG. 13 is a flowchart of the association process executed by the management server shown in FIG. 図14は、本管理システムにおける個人情報の検索のシーケンス図である。FIG. 14 is a sequence diagram of searching for personal information in this management system. 図15は、本管理システムの第1変形例のシーケンス図である。FIG. 15 is a sequence diagram of a first modification of the management system. 図16は、本管理システムの第2変形例における関連付け処理のフローチャートである。FIG. 16 is a flowchart of the association process in the second modification of the management system. 図17は、本管理システムの第3変形例における位置情報送信装置が実行する位置情報送信処理のフローチャートである。FIG. 17 is a flowchart of the position information transmission process executed by the position information transmission device in the third modification of the management system. 図18は、本管理システムの第4変形例のシーケンス図である。FIG. 18 is a sequence diagram of a fourth modification of the management system. 図19は、本管理システムの第5変形例における位置情報記憶サーバが有する種別テーブルの説明図である。FIG. 19 is an explanatory diagram of a type table included in the location information storage server in the fifth modification of the management system. 図20は、本管理システムの第5変形例における位置情報記憶サーバが有する位置情報テーブルの説明図である。FIG. 20 is an explanatory diagram of a location information table included in the location information storage server in the fifth modification of the management system.
 以下、本発明の実施形態に係る管理システム(以下、「本管理システム」と称呼する場合がある。)について図面を用いて説明する。 Hereinafter, the management system according to the embodiment of the present invention (hereinafter, may be referred to as “the management system”) will be described with reference to the drawings.
 (システム構成)
 本管理システムは、位置情報送信装置10A乃至10C、利用者端末(携帯端末)20、認証サーバ30、位置情報記憶サーバ40、個人情報取得装置50B及び50C、履歴記憶サーバ60、個人情報記憶サーバ70並びに管理サーバ80を備える。位置情報送信装置10A乃至10Cを互いに区別しない場合、「位置情報送信装置10」と称呼する。個人情報取得装置50B及び50Cを互いに区別しない場合、「個人情報取得装置50」と称呼する。 (System configuration)
This management system includes location information transmission devices 10A to 10C, user terminal (mobile terminal) 20, authentication server 30, location information storage server 40, personal information acquisition devices 50B and 50C, history storage server 60, and personal information storage server 70. It also includes a management server 80. When the position information transmitting devices 10A to 10C are not distinguished from each other, they are referred to as "position information transmitting device 10". When the personal information acquisition devices 50B and 50C are not distinguished from each other, they are referred to as "personal information acquisition device 50".
 位置情報送信装置10、個人情報取得装置50及び履歴記憶サーバ60は、例えば、病院及び薬局等の医療機関に設置されている。なお、これらの装置10、50及び60の設置場所は医療機関に限られず、利用者の個人情報を取得する施設であればどのような施設に設置されてもよい(一例として、小売店及び金融機関等に設置されてもよい)。図1では、これらの装置10、50及び60がA病院に設置された例について説明する。図1に示すように、A病院では、受付に位置情報送信装置10Aが設置され、診察室に位置情報送信装置10B及び個人情報取得装置50Bが設置され、検査室(例えば、レントゲン室等)に位置情報送信装置10C及び個人情報取得装置50Cが設置されている。 The location information transmission device 10, the personal information acquisition device 50, and the history storage server 60 are installed in medical institutions such as hospitals and pharmacies, for example. The installation locations of these devices 10, 50 and 60 are not limited to medical institutions, and may be installed in any facility as long as it is a facility for acquiring personal information of users (for example, retail stores and financial institutions). It may be installed in an institution, etc.). FIG. 1 describes an example in which these devices 10, 50 and 60 are installed in Hospital A. As shown in FIG. 1, in Hospital A, a position information transmission device 10A is installed at the reception desk, a position information transmission device 10B and a personal information acquisition device 50B are installed in the examination room, and the examination room (for example, an X-ray room) is installed. A position information transmission device 10C and a personal information acquisition device 50C are installed.
 位置情報送信装置10はネットワークNWを介して認証サーバ30及び位置情報記憶サーバ40に接続されている。更に、個人情報取得装置50はLAN(Local Area Network)を介して履歴記憶サーバ60に接続されている。履歴記憶サーバ60は、専用回線ELを介して個人情報記憶サーバ70に接続されている。 The location information transmission device 10 is connected to the authentication server 30 and the location information storage server 40 via the network NW. Further, the personal information acquisition device 50 is connected to the history storage server 60 via a LAN (Local Area Network). The history storage server 60 is connected to the personal information storage server 70 via a dedicated line EL.
 本管理システムでは、位置情報送信装置10から位置情報が取得され、個人情報取得装置50から個人情報が取得される。即ち、位置情報と個人情報とが互いに別々に取得され、そして別々に記憶される。まず、位置情報に関連する装置(位置情報送信装置10、利用者端末20、認証サーバ30及び位置情報記憶サーバ40)を説明する。 In this management system, position information is acquired from the position information transmission device 10, and personal information is acquired from the personal information acquisition device 50. That is, the location information and the personal information are acquired separately from each other and stored separately. First, devices related to location information (location information transmission device 10, user terminal 20, authentication server 30, and location information storage server 40) will be described.
 <位置情報送信装置10>
 位置情報送信装置10は、利用者が携帯する利用者端末20が接近して当該利用者端末20と通信可能となった場合、当該利用者が位置情報の送信に同意した利用者(同意済利用者)であるか否かを判定するための利用者認証を行う。位置情報送信装置10は、当該利用者が同意済利用者であると判定した場合、予め設定された自身の位置を示す位置情報を位置情報記憶サーバ40に送信する。 <Location information transmitter 10>
When the user terminal 20 carried by the user approaches and can communicate with the user terminal 20, the position information transmitting device 10 is a user who has consented to the transmission of the position information (approved use). Authenticate the user to determine whether or not the person). When the position information transmitting device 10 determines that the user is a consented user, the position information transmitting device 10 transmits the preset position information indicating its own position to the position information storage server 40.
 ここで、図2を参照しながら、位置情報送信装置10のハードウェア構成を説明する。 Here, the hardware configuration of the position information transmitting device 10 will be described with reference to FIG.
 位置情報送信装置10は、CPU(Central Processing Unit)101、RAM(Random Access Memory)102、ROM(Read Only Memory)103、IC(Integrated Circuit)チップ104、ネットワークインタフェース(I/F)105、GPS/IMES受信機106、及び入出力インタフェース(I/F)107を有する。これらは、バス108を介して互いに通信可能に接続されている。 The position information transmitting device 10 includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102, a ROM (Read Only Memory) 103, an IC (Integrated Circuit) chip 104, a network interface (I / F) 105, and GPS / It has an IMES receiver 106 and an input / output interface (I / F) 107. They are communicably connected to each other via bus 108.
 CPU101は、ROM103に記憶された図示しない各種プログラムをRAM102にロードし、RAM102にロードされたプログラムを実行することによって各種機能を実現する。RAM102は揮発性の記憶媒体である。このRAM102には、上述したようにCPU101が実行する各種プログラムがロードされる。加えて、RAM102には、CPU101が各種プログラムを実行する際に使用するデータが一時的に記憶される。ROM103は不揮発性の記憶媒体である。ROM103には、各種プログラムが記憶されている。ICチップ104には、後述する装置認証に用いられるチップIDが記憶されている。なお、チップIDは、位置情報送信装置10の識別子(装置ID)としても用いられる。 The CPU 101 realizes various functions by loading various programs (not shown) stored in the ROM 103 into the RAM 102 and executing the programs loaded in the RAM 102. The RAM 102 is a volatile storage medium. As described above, various programs executed by the CPU 101 are loaded into the RAM 102. In addition, the RAM 102 temporarily stores data used by the CPU 101 when executing various programs. ROM 103 is a non-volatile storage medium. Various programs are stored in the ROM 103. The IC chip 104 stores a chip ID used for device authentication, which will be described later. The chip ID is also used as an identifier (device ID) of the position information transmitting device 10.
 ネットワークI/F105は、位置情報送信装置10がネットワークNWに接続されるためのインタフェースである。GPS/IMES(Indoor Messaging System)受信機106は、図示しないGPS衛星からのGPS測位信号又は図示しないIMES(Indoor Messaging System)送信機からのIMES測位信号を受信する。位置情報送信装置10は、GPS測位信号又はIMES測位信号に基いて自身の位置を決定し、決定した位置を示す情報を自身に設定する。 The network I / F 105 is an interface for connecting the location information transmitting device 10 to the network NW. The GPS / IMES (Indoor Messaging System) receiver 106 receives a GPS positioning signal from a GPS satellite (not shown) or an IEMS positioning signal from an IEMS (Indoor Messaging System) transmitter (not shown). The position information transmitting device 10 determines its own position based on the GPS positioning signal or the IMES positioning signal, and sets information indicating the determined position to itself.
 入出力I/F806は、ICカードリーダライタ110に接続されるためのインタフェースである。ICカードリーダライタ110は、NFC(Near Field Communication)機能を有する。このNFC機能は、「NFC機能を有する他の装置」との間の距離が所定距離以内となったときに(他の装置と接近したときに)、当該他の装置と通信できる機能である。 The input / output I / F 806 is an interface for connecting to the IC card reader / writer 110. The IC card reader / writer 110 has an NFC (Near Field Communication) function. This NFC function is a function capable of communicating with the other device when the distance between the device and the "other device having the NFC function" is within a predetermined distance (when the device approaches the other device).
 位置情報送信装置10A乃至10Cは、それぞれ同意済端末IDテーブル11A乃至11C(図3を参照。)をRAM102に記憶している。以下、同意済端末IDテーブル11A乃至11Cを区別しない場合、「同意済端末IDテーブル11」と称呼する。図3に示したように、同意済端末IDテーブル11には、上記同意済利用者が利用する利用者端末20の識別子である端末識別子(以下、「端末ID」と称呼する。)が登録されている。  The position information transmitting devices 10A to 10C store the agreed terminal ID tables 11A to 11C (see FIG. 3) in the RAM 102, respectively. Hereinafter, when the agreed terminal ID tables 11A to 11C are not distinguished, they are referred to as "agreeed terminal ID table 11". As shown in FIG. 3, a terminal identifier (hereinafter, referred to as "terminal ID"), which is an identifier of the user terminal 20 used by the consented user, is registered in the consented terminal ID table 11. ing.
 利用者認証において、位置情報送信装置10は、接近した利用者端末20の端末IDを取得する。そして、取得した端末IDが同意済端末IDテーブル11に登録されていれば、位置情報送信装置10は、利用者が同意済利用者であると判定し、位置情報を送信する。この位置情報は、利用者端末20から取得した端末ID及び位置情報送信装置10に設定されている位置を示す情報(緯度及び経度等)を含む。 In user authentication, the location information transmitting device 10 acquires the terminal ID of the approaching user terminal 20. Then, if the acquired terminal ID is registered in the consented terminal ID table 11, the position information transmitting device 10 determines that the user is a consented user and transmits the position information. This position information includes a terminal ID acquired from the user terminal 20 and information (latitude, longitude, etc.) indicating a position set in the position information transmitting device 10.
 一方、端末IDが同意済端末IDテーブル11に登録されていなければ、位置情報送信装置10は、利用者が同意済利用者でないと判定し、当該利用者が位置情報の送信に同意しない限り位置情報を送信しない。 On the other hand, if the terminal ID is not registered in the consented terminal ID table 11, the location information transmitting device 10 determines that the user is not a consented user, and the position unless the user agrees to transmit the location information. Do not send information.
 <利用者端末20>
 図1に戻って利用者端末20について説明する。利用者端末20は利用者が携帯する端末であり、上記NFC機能を有する。利用者端末20には端末IDが記憶されており、利用者端末20が位置情報送信装置10に接近した場合、利用者端末20は当該端末IDを位置情報送信装置10に送信する。なお、図1では、利用者端末20としてスマートフォンを例示している。しかしながら、図18に示したように、利用者端末20は、例えばIC(Integrated Circuit)カード(25)等でもよい。 <User terminal 20>
Returning to FIG. 1, the user terminal 20 will be described. The user terminal 20 is a terminal carried by the user and has the above-mentioned NFC function. The terminal ID is stored in the user terminal 20, and when the user terminal 20 approaches the position information transmitting device 10, the user terminal 20 transmits the terminal ID to the position information transmitting device 10. Note that FIG. 1 illustrates a smartphone as the user terminal 20. However, as shown in FIG. 18, the user terminal 20 may be, for example, an IC (Integrated Circuit) card (25) or the like.
 <認証サーバ30>
 図1に戻って認証サーバ30について説明する。認証サーバ30は、同意済利用者の利用者端末20の端末ID(以下、「同意済端末ID」と称呼する。)を記憶し、集約管理している装置であり、同意済利用者テーブル31(図4を参照。)、配布先テーブル32(図5を参照。)及び正規チップIDテーブル33(図6を参照。)を有する。 <Authentication server 30>
Returning to FIG. 1, the authentication server 30 will be described. The authentication server 30 is a device that stores and centrally manages the terminal ID of the user terminal 20 of the consented user (hereinafter, referred to as "agreeed terminal ID"), and is a device that centrally manages the consented user table 31. It has a distribution destination table 32 (see FIG. 5) and a regular chip ID table 33 (see FIG. 6).
 図4に示したように、同意済利用者テーブル31には端末IDフィールド311、利用者情報フィールド312及び施設IDフィールド313が設定されている。端末IDフィールド311には同意済端末IDが登録され、利用者情報フィールド312には同意済利用者の利用者情報が登録されている。利用者情報は、利用者個人を特定(識別)するための情報(氏名、生年月日、年齢、電話番号、住所、及び保険者番号等)である。利用者は、位置情報の送信に同意する場合に利用者情報を利用者端末20等から入力する。施設IDフィールド313には、利用者が位置情報の送信に同意した施設の識別子を示す施設IDが登録される。 As shown in FIG. 4, the terminal ID field 311, the user information field 312, and the facility ID field 313 are set in the agreed user table 31. The agreed terminal ID is registered in the terminal ID field 311 and the user information of the agreed user is registered in the user information field 312. User information is information (name, date of birth, age, telephone number, address, insurer number, etc.) for identifying (identifying) an individual user. When the user agrees to transmit the location information, the user inputs the user information from the user terminal 20 or the like. In the facility ID field 313, a facility ID indicating an identifier of the facility for which the user has consented to the transmission of location information is registered.
 図5に示したように、配布先テーブル32にはチップIDフィールド321及び施設IDフィールド322が設定されている。チップIDフィールド321には、後述する装置認証にて正規品であると判定された位置情報送信装置10のチップIDが登録されている。施設IDフィールド322には、当該位置情報送信装置10が設置された施設の施設IDが登録されている。 As shown in FIG. 5, a chip ID field 321 and a facility ID field 322 are set in the distribution destination table 32. In the chip ID field 321, the chip ID of the position information transmitting device 10 determined to be a genuine product by the device authentication described later is registered. In the facility ID field 322, the facility ID of the facility where the location information transmitting device 10 is installed is registered.
 図6に示したように、正規チップIDテーブル33には、正規品である位置情報送信装置10のチップIDが登録されている。 As shown in FIG. 6, the chip ID of the genuine position information transmitting device 10 is registered in the regular chip ID table 33.
 <位置情報記憶サーバ40>
 図1に戻って位置情報記憶サーバ40について説明する。位置情報記憶サーバ40は、位置情報テーブル41(図7を参照。)を有し、位置情報送信装置10から送信された位置情報を受信した場合、受信した位置情報を位置情報テーブル41に記憶する。 <Location information storage server 40>
Returning to FIG. 1, the location information storage server 40 will be described. The position information storage server 40 has a position information table 41 (see FIG. 7), and when receiving the position information transmitted from the position information transmitting device 10, stores the received position information in the position information table 41. ..
 図7に示したように、位置情報テーブル41には、レコードIDフィールド411、端末IDフィールド412、送信時刻フィールド413、位置フィールド414及びリンクIDフィールド415を含む。レコードIDフィールド411には、位置情報テーブル41のレコードの一意な識別子が登録される。端末IDフィールド412には、受信した位置情報に含まれる端末IDが登録される。送信時刻フィールド413には、位置情報送信装置10が位置情報を送信した時刻が登録される。位置フィールド414には、位置情報に含まれる位置が登録される。リンクIDフィールド415には、個人情報テーブル71の「位置情報と関連付けられた個人情報が登録されたレコード」の一意な識別子が登録される。 As shown in FIG. 7, the position information table 41 includes a record ID field 411, a terminal ID field 412, a transmission time field 413, a position field 414, and a link ID field 415. In the record ID field 411, a unique identifier of the record in the position information table 41 is registered. In the terminal ID field 412, the terminal ID included in the received position information is registered. In the transmission time field 413, the time when the position information transmitting device 10 transmits the position information is registered. The position included in the position information is registered in the position field 414. In the link ID field 415, a unique identifier of "a record in which personal information associated with location information is registered" in the personal information table 71 is registered.
 次に、図1に戻って、個人情報に関連する装置(個人情報取得装置50、履歴記憶サーバ60、及び個人情報記憶サーバ70)を説明する。 Next, returning to FIG. 1, devices related to personal information (personal information acquisition device 50, history storage server 60, and personal information storage server 70) will be described.
 <個人情報取得装置50>
 個人情報取得装置50は、利用者の個人情報を取得し、取得した個人情報を履歴記憶サーバ60に送信する装置である。個人情報取得装置50の種別によって取得される個人情報の種別は異なる。診察室に設置された個人情報取得装置50Bは、医師等が操作するパーソナルコンピュータ等であり、医師等によって利用者(患者)に施された医療行為を表す明細データが入力されることにより、当該明細データを個人情報として取得する。一方、検査室に設置された個人情報取得装置50Cは、X線撮影装置等であり、利用者の身体にX線を照射することによって利用者(患者)のX線画像データ(検査データ)を個人情報として取得する。なお、個人情報取得装置50Cは、MRI装置等であってもよい。 <Personal information acquisition device 50>
The personal information acquisition device 50 is a device that acquires the personal information of the user and transmits the acquired personal information to the history storage server 60. The type of personal information acquired differs depending on the type of the personal information acquisition device 50. The personal information acquisition device 50B installed in the examination room is a personal computer or the like operated by a doctor or the like, and the detailed data representing the medical practice performed on the user (patient) by the doctor or the like is input to the personal information acquisition device 50B. Acquire detailed data as personal information. On the other hand, the personal information acquisition device 50C installed in the examination room is an X-ray imaging device or the like, and X-ray image data (examination data) of the user (patient) is obtained by irradiating the user's body with X-rays. Obtained as personal information. The personal information acquisition device 50C may be an MRI device or the like.
 個人情報は、利用者を識別可能な利用者識別情報(利用者の氏名、生年月日、及び診察券番号等)、当該個人情報の取得時刻、及び、場所情報を更に含む。例えば、場所情報は、個人情報取得装置50が設置された施設及び当該個人情報取得装置50が設置された部屋が識別可能な情報である。 Personal information further includes user identification information (user's name, date of birth, medical examination ticket number, etc.) that can identify the user, acquisition time of the personal information, and location information. For example, the location information is information that can identify the facility in which the personal information acquisition device 50 is installed and the room in which the personal information acquisition device 50 is installed.
 なお、個人情報は、その種別によってデータフォーマットが異なる。このため、図1に示す明細データと検査データとでは、利用者識別情報、場所情報、取得時刻及びその他のデータ位置がそれぞれ異なっている。 The data format of personal information differs depending on the type. Therefore, the detailed data and the inspection data shown in FIG. 1 have different user identification information, location information, acquisition time, and other data positions.
 <履歴記憶サーバ60>
 履歴記憶サーバ60は、個人情報取得装置50から個人情報を受信した場合、受信した個人情報に含まれる利用者識別情報を参照し、受信した個人情報を暗号化して利用者毎に記憶する。このように記憶された利用者毎の個人情報を「利用者履歴データ61」と称呼する。 <History storage server 60>
When the history storage server 60 receives the personal information from the personal information acquisition device 50, the history storage server 60 refers to the user identification information included in the received personal information, encrypts the received personal information, and stores it for each user. The personal information for each user stored in this way is referred to as "user history data 61".
 履歴記憶サーバ60は、所定のタイミングで(例えば、月の末日に)、前回利用者履歴データ61が送信されてから現時点までに記憶された総ての利用者履歴データ61を専用回線ELを介して個人情報記憶サーバ70に送信する。 The history storage server 60 transmits all the user history data 61 stored up to the present time since the last user history data 61 was transmitted at a predetermined timing (for example, on the last day of the month) via the dedicated line EL. And sends it to the personal information storage server 70.
 <個人情報記憶サーバ70>
 個人情報記憶サーバ70は、個人情報テーブル71(図8を参照。)を有し、履歴記憶サーバ60から送信された利用者履歴データ61を受信した場合、受信した利用者履歴データ61を個人情報テーブル51に記憶する。詳細には、個人情報記憶サーバ70は、利用者履歴データ61に含まれる一つの個人情報を個人情報テーブル71の一つのレコードに記憶する。 <Personal information storage server 70>
The personal information storage server 70 has a personal information table 71 (see FIG. 8), and when the user history data 61 transmitted from the history storage server 60 is received, the received user history data 61 is used as personal information. Store in table 51. Specifically, the personal information storage server 70 stores one personal information included in the user history data 61 in one record of the personal information table 71.
 図8に示したように、個人情報テーブル71は、レコードIDフィールド711、個人情報フィールド712及びリンクIDフィールド713を含む。レコードIDフィールド711には、個人情報テーブル71の各レコードの一意な識別子が登録される。個人情報フィールド712には、個人情報記憶サーバ70が受信した個人情報が暗号化されたまま登録される。リンクIDフィールド713には、位置情報テーブル41の「個人情報と関連付けられた位置情報が登録されたレコード」の一意な識別子が登録される。 As shown in FIG. 8, the personal information table 71 includes a record ID field 711, a personal information field 712, and a link ID field 713. In the record ID field 711, a unique identifier of each record in the personal information table 71 is registered. In the personal information field 712, the personal information received by the personal information storage server 70 is registered in the encrypted state. In the link ID field 713, a unique identifier of the "record in which the location information associated with the personal information is registered" in the location information table 41 is registered.
 <管理サーバ80>
 図1に示したように、管理サーバ80は、専用回線ELを介して個人情報記憶サーバ70に接続され、ネットワークNWを介して認証サーバ30及び位置情報記憶サーバ40に接続されている。管理サーバ80は、位置情報と個人情報とが後述する所定の一致条件を満たす場合、当該位置情報と当該個人情報とを関連付ける。より詳細に述べると、管理サーバ80は、位置情報と個人情報とが一致条件を満たす場合、位置情報テーブル41の当該位置情報に対応するレコードのリンクIDフィールド415に「一致条件を満たした個人情報のレコードの識別子」を登録する。更に、管理サーバ80は、個人情報テーブル71の個人情報のレコードのリンクIDフィールド713に「一致条件を満たした位置情報のレコードの識別子」を登録する。 <Management server 80>
As shown in FIG. 1, the management server 80 is connected to the personal information storage server 70 via the dedicated line EL, and is connected to the authentication server 30 and the location information storage server 40 via the network NW. When the location information and the personal information satisfy a predetermined matching condition described later, the management server 80 associates the location information with the personal information. More specifically, when the location information and the personal information satisfy the matching condition, the management server 80 sets the link ID field 415 of the record corresponding to the location information in the location information table 41 to "personal information satisfying the matching condition". Register the "record identifier". Further, the management server 80 registers the "identifier of the record of the location information satisfying the matching condition" in the link ID field 713 of the record of the personal information of the personal information table 71.
 図9に示したように、管理サーバ80は、一般的な計算機であり、CPU801、RAM802、ROM803、ネットワークインタフェース(I/F)804、専用回線インタフェース(I/F)805及び入出力インタフェース(I/F)806を有する。これらは、バス810を介して互いに通信可能に接続されている。CPU801、RAM802、ROM803及びネットワークI/F804は、それぞれ図2に示したCPU101、RAM102、ROM103、ネットワークI/F105と同様であるので、説明を省略する。 As shown in FIG. 9, the management server 80 is a general computer, and is a CPU 801 and a RAM 802, a ROM 803, a network interface (I / F) 804, a dedicated line interface (I / F) 805, and an input / output interface (I / F). / F) 806. They are communicably connected to each other via bus 810. The CPU 801 and the RAM 802, the ROM 803 and the network I / F 804 are the same as the CPU 101, the RAM 102, the ROM 103 and the network I / F 105 shown in FIG. 2, respectively, and thus the description thereof will be omitted.
 なお、RAM802には、位置範囲テーブル81が記憶されている。位置範囲テーブル81は、場所情報フィールド811及び位置範囲フィールド812を含む。場所情報フィールド811には、個人情報取得装置50の設置場所を特定可能な場所情報が登録されている。位置範囲フィールド812には、場所情報によって特定される場所(即ち個人情報取得装置50の設置場所)と同一と見做すことができる所定の位置範囲が登録されている。 The position range table 81 is stored in the RAM 802. The position range table 81 includes a location information field 811 and a position range field 812. In the place information field 811, place information that can specify the place where the personal information acquisition device 50 is installed is registered. In the position range field 812, a predetermined position range that can be regarded as the same as the place specified by the place information (that is, the place where the personal information acquisition device 50 is installed) is registered.
 専用回線I/F805は、管理サーバ80が専用回線ELに接続されるためのインタフェースである。入出力I/F806は、キーボード及びディスプレイに接続されるためのインタフェースである。 The leased line I / F805 is an interface for connecting the management server 80 to the leased line EL. The input / output I / F 806 is an interface for being connected to a keyboard and a display.
 なお、認証サーバ30、位置情報記憶サーバ40、履歴記憶サーバ60、個人情報記憶サーバ70も、管理サーバ80と同様に一般的な計算機であり、上述したCPU801、RAM802、ROM803、ネットワークI/F804及び入出力I/F806等を有する。 The authentication server 30, the location information storage server 40, the history storage server 60, and the personal information storage server 70 are also general computers like the management server 80, and are the CPU 801, RAM 802, ROM 803, network I / F 804, and the above-mentioned CPU 801 and RAM 802. It has input / output I / F806 and the like.
 (作動)
 本管理システムでは、以下の(1)乃至(5)の処理を実行する。
 (1)装置認証
 (2)位置情報の送信
 (3)個人情報の送信
 (4)位置情報と関連情報との関連付け
 (5)検索
 以下に(1)乃至(5)の処理を説明する。 (Operation)
In this management system, the following processes (1) to (5) are executed.
(1) Device authentication (2) Transmission of location information (3) Transmission of personal information (4) Association of location information with related information (5) Search The processes of (1) to (5) will be described below.
 <(1)装置認証>
 図10に示したように、位置情報送信装置10A乃至10Cは、所定のタイミングで認証要求を認証サーバ30に送信する(1005A乃至1005C)。なお、所定のタイミングは、例えば、位置情報送信装置10のネットワークNWへの初回接続タイミング、及び予め設定された所定時刻(一例としてA病院の業務開始前の所定時刻)になったタイミングである。 <(1) Device certification>
As shown in FIG. 10, the position information transmitting devices 10A to 10C transmit the authentication request to the authentication server 30 at a predetermined timing (1005A to 1005C). The predetermined timing is, for example, the initial connection timing of the position information transmitting device 10 to the network NW, and the timing at which a preset predetermined time (for example, a predetermined time before the start of business at Hospital A) is reached.
 位置情報送信装置10が送信する認証要求は、位置情報送信装置10のチップID(IDc1乃至IDc3)及び位置情報送信装置10の施設IDを含む。本例では、位置情報送信装置10A乃至10CはA病院に設置されているため、施設IDはA病院の識別子(IDf1)である。施設IDは各位置情報送信装置10A乃至10Cに予め設定されている。 The authentication request transmitted by the position information transmitting device 10 includes the chip IDs (IDc1 to IDc3) of the position information transmitting device 10 and the facility ID of the position information transmitting device 10. In this example, since the position information transmitting devices 10A to 10C are installed in the hospital A, the facility ID is the identifier (IDf1) of the hospital A. The facility ID is preset in each position information transmitting device 10A to 10C.
 認証サーバ30は、認証要求を受信した場合、装置認証を実行する(1010)。詳細には、認証サーバ30は、受信した認証要求に含まれるチップIDが正規チップIDテーブル33に登録されているか否かを判定する。 When the authentication server 30 receives the authentication request, it executes device authentication (1010). Specifically, the authentication server 30 determines whether or not the chip ID included in the received authentication request is registered in the regular chip ID table 33.
 図10に示した例では、総てのチップID(IDc1乃至IDc3)が正規チップIDテーブル33に登録されていると仮定すると、認証サーバ30は、当該認証要求を送信した位置情報送信装置10が正規品であると判定する。 In the example shown in FIG. 10, assuming that all chip IDs (IDc1 to IDc3) are registered in the regular chip ID table 33, the authentication server 30 is the location information transmitting device 10 that has transmitted the authentication request. Judge that it is a genuine product.
 この場合において、認証サーバ30は、受信した認証要求に含まれるチップID(IDc1乃至IDc)と施設ID(IDf1)とを配布先テーブル32に登録する(1013)。この結果、図5に示したように、配布先テーブル32には、チップID(IDc1乃至IDc3)と施設ID(IDf1)とが関連付けられて登録される。 In this case, the authentication server 30 registers the chip IDs (IDc1 to IDc) and the facility IDs (IDf1) included in the received authentication request in the distribution destination table 32 (1013). As a result, as shown in FIG. 5, the chip IDs (IDc1 to IDc3) and the facility ID (IDf1) are associated and registered in the distribution destination table 32.
 更に、認証サーバ30は、装置認証が成功した旨を示す認証応答(以下、「認証成功応答」と称呼する。)をそれぞれ位置情報送信装置10A乃至10Cに送信する(1015A乃至1015C)。 Further, the authentication server 30 transmits an authentication response (hereinafter, referred to as “authentication success response”) indicating that the device authentication has succeeded to the position information transmitting devices 10A to 10C (1015A to 1015C), respectively.
 なお、何れかのチップIDが正規チップIDテーブル33に登録されていなければ、認証サーバ30は、正規チップIDテーブル33に登録されていないチップIDを含む認証要求を送信した位置情報送信装置10が正規品でないと判定し、装置認証が失敗した旨を示す認証応答(以下、「認証失敗応答」と称呼する。)を当該位置情報送信装置10に送信する。認証失敗応答を受信した位置情報送信装置10は、利用者が利用者端末20を接近させても、位置情報の送信を禁止する。 If any of the chip IDs is not registered in the regular chip ID table 33, the authentication server 30 is the position information transmitting device 10 that has transmitted the authentication request including the chip IDs that are not registered in the regular chip ID table 33. It is determined that the product is not genuine, and an authentication response indicating that the device authentication has failed (hereinafter, referred to as "authentication failure response") is transmitted to the location information transmitting device 10. The position information transmitting device 10 that has received the authentication failure response prohibits the transmission of the position information even if the user approaches the user terminal 20.
 <(2)位置情報の送信>
 利用者がA病院の受付に到着し、利用者端末20を位置情報送信装置10Aに接近させると、位置情報送信装置10Aは当該利用者端末20の端末ID(IDt1)を取得する(1020)。 <(2) Transmission of location information>
When the user arrives at the reception desk of Hospital A and brings the user terminal 20 closer to the position information transmitting device 10A, the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 (1020).
 位置情報送信装置10Aは、利用者認証を行う(1025)。利用者認証では、位置情報送信装置10Aは、取得した端末ID(IDt1)が同意済端末IDテーブル11Aに登録されているか否かを判定する。この時点では、位置情報送信装置10Aの同意済端末IDテーブル11には端末ID(「IDt1」)が未だ登録されていないと仮定すると、位置情報送信装置10Aは、利用者が同意済利用者でないと判定し、当該利用者にその旨を報知する。例えば、位置情報送信装置10Aは、利用者が同意済利用者でない旨の音声メッセージを図示しないスピーカから出力する。なお、利用者が同意済利用者でない旨のメッセージは、位置情報送信装置10Aに接続されたディスプレイ又は利用者端末20のディスプレイに表示されてもよい。 The location information transmitting device 10A authenticates the user (1025). In the user authentication, the location information transmitting device 10A determines whether or not the acquired terminal ID (IDt1) is registered in the agreed terminal ID table 11A. At this point, assuming that the terminal ID (“IDt1”) is not yet registered in the consented terminal ID table 11 of the location information transmitting device 10A, the user of the location information transmitting device 10A is not a consented user. Is determined, and the user is notified to that effect. For example, the location information transmitting device 10A outputs a voice message indicating that the user is not a consented user from a speaker (not shown). The message that the user is not a consented user may be displayed on the display connected to the position information transmitting device 10A or the display of the user terminal 20.
 利用者は、A病院での位置情報の送信に同意する場合、当該利用者の利用者情報(UD1)を利用者端末20に入力し(1030)、利用者端末20を位置情報送信装置10Aに接近させる。位置情報送信装置10Aは、利用者端末20の端末ID(IDt1)及び入力された利用者情報(UD1)を取得する(1035)。位置情報送信装置10Aは、「取得した端末ID(IDt1)及び利用者情報(UD1)」並びに施設ID(IDf1)を含む登録要求を認証サーバ30に送信する(1040)。この登録要求は、利用者が位置情報の送信に同意したことを示す。なお、利用者は、施設単位(A病院、B病院(不図示)及びC薬局(不図示)等)で、位置情報の送信に同意するものとする。 When the user agrees to transmit the location information at the hospital A, the user inputs the user information (UD1) of the user into the user terminal 20 (1030), and the user terminal 20 is sent to the location information transmission device 10A. Bring it closer. The position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 and the input user information (UD1) (1035). The location information transmitting device 10A transmits a registration request including the "acquired terminal ID (IDt1) and user information (UD1)" and the facility ID (IDf1) to the authentication server 30 (1040). This registration request indicates that the user has consented to the transmission of location information. The user agrees to send location information on a facility-by-facility basis (hospital A, hospital B (not shown), pharmacy C (not shown), etc.).
 認証サーバ30は、登録要求を受信した場合、受信した登録要求に含まれる端末ID(IDt1)と利用者情報(UD1)と施設ID(IDf1)とを同意済利用者テーブル31に登録する(1045)(図4を参照。)。これによって、認証サーバ30は、利用者が位置情報の送信に同意したことを記憶する。 When the authentication server 30 receives the registration request, the authentication server 30 registers the terminal ID (IDt1), the user information (UD1), and the facility ID (IDf1) included in the received registration request in the agreed user table 31 (1045). ) (See FIG. 4). As a result, the authentication server 30 remembers that the user has consented to the transmission of the location information.
 認証サーバ30は、配布先テーブル32を参照し、受信した登録要求に含まれる端末ID(IDt1)を含む登録応答を、受信した登録要求に含まれる施設ID(IDf1)によって識別される施設(A病院)に設置された総ての位置情報送信装置10A乃至10Cに送信する(1050A乃至1050C)。より詳細には、認証サーバ30は、配布先テーブル32の施設IDフィールド322に受信した登録要求に含まれる施設ID(IDf1)が登録されたレコードを選択し、選択したレコードのチップIDフィールド321に登録されたチップID(IDt1乃至IDt3)を取得する。認証サーバ30は、取得したチップID(IDt1乃至IDt3)によって識別される位置情報送信装置10A乃至10Cに、受信した登録要求に含まれる端末ID(IDt1)を含む登録応答を送信する。 The authentication server 30 refers to the distribution destination table 32, and identifies the registration response including the terminal ID (IDt1) included in the received registration request by the facility ID (IDf1) included in the received registration request (A). It transmits to all the position information transmitting devices 10A to 10C installed in the hospital) (1050A to 1050C). More specifically, the authentication server 30 selects a record in which the facility ID (IDf1) included in the registration request received in the facility ID field 322 of the distribution destination table 32 is registered, and enters the chip ID field 321 of the selected record. Acquire the registered chip ID (IDt1 to IDt3). The authentication server 30 transmits a registration response including the terminal ID (IDt1) included in the received registration request to the position information transmitting devices 10A to 10C identified by the acquired chip IDs (IDt1 to IDt3).
 各位置情報送信装置10A乃至10Cは、登録応答を受信した場合、受信した登録応答に含まれる端末ID(IDt1)を同意済端末IDテーブル11A乃至11Cに登録する(1055A乃至1055C)。当該端末ID(IDt1)が同意済端末IDテーブル11A乃至11Cに登録された後においては、位置情報送信装置10A乃至10Cは、端末ID(IDt1)によって識別される利用者端末20が接近した場合、認証サーバ30に問い合わせることなく、同意済端末IDテーブル11A乃至11Cを参照することによって当該利用者が同意済利用者であるか否かを判定できる。 When each position information transmitting device 10A to 10C receives the registration response, the terminal ID (IDt1) included in the received registration response is registered in the agreed terminal ID tables 11A to 11C (1055A to 1055C). After the terminal ID (IDt1) is registered in the agreed terminal ID tables 11A to 11C, the location information transmitting devices 10A to 10C will be used when the user terminal 20 identified by the terminal ID (IDt1) approaches. It can be determined whether or not the user is a consented user by referring to the consented terminal ID tables 11A to 11C without inquiring to the authentication server 30.
 その後、位置情報送信装置10Aは、ステップ1035にて取得した端末IDが同意済利用者テーブル31に記憶されたため、位置情報を送信した時刻を示す送信時刻(2019年9月1日10時10分)、利用者端末20の端末ID(IDt1)及び位置P1を含む位置情報を位置情報記憶サーバ40に送信する(1060)。 After that, since the terminal ID acquired in step 1035 is stored in the agreed user table 31, the location information transmission device 10A has a transmission time (10:10, September 1, 2019) indicating the time when the location information is transmitted. ), The position information including the terminal ID (IDt1) of the user terminal 20 and the position P1 is transmitted to the position information storage server 40 (1060).
 位置情報記憶サーバ40は、位置情報を受信すると、位置情報テーブル41に新たなレコード(レコードID「1」(図7を参照。))を追加し、追加したレコードに受信した位置情報を登録する(1065)。 When the location information storage server 40 receives the location information, the location information storage server 40 adds a new record (record ID "1" (see FIG. 7)) to the location information table 41, and registers the received location information in the added record. (1065).
 なお、位置情報送信装置10間で時刻情報が同期されていない場合、位置情報送信装置10は、送信時刻を含まない位置情報を送信してもよい。この場合、位置情報記憶サーバ40が位置情報を受信した時刻を当該位置情報の送信時刻と見做す。 If the time information is not synchronized between the position information transmitting devices 10, the position information transmitting device 10 may transmit the position information not including the transmission time. In this case, the time when the location information storage server 40 receives the location information is regarded as the transmission time of the location information.
 <(3)個人情報の送信>
 本例では、利用者は、個人情報取得装置50によって個人情報が取得される前と後に、利用者端末20を位置情報送信装置10に接近させて当該位置情報送信装置10に位置情報を送信させる。 <(3) Transmission of personal information>
In this example, the user brings the user terminal 20 close to the position information transmission device 10 and causes the position information transmission device 10 to transmit the position information before and after the personal information is acquired by the personal information acquisition device 50. ..
 利用者はA病院の受付から検査室へと移動する。図11に示したように、個人情報取得装置50Cが検査データを取得する前に、利用者は検査室に設置された位置情報送信装置10Cに利用者端末20を接近させる。位置情報送信装置10Cは、接近した利用者端末20から端末ID(IDt1)を取得し(1105)、利用者認証を行う(1110)。 The user moves from the reception desk of Hospital A to the examination room. As shown in FIG. 11, before the personal information acquisition device 50C acquires the inspection data, the user brings the user terminal 20 closer to the position information transmission device 10C installed in the examination room. The position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1105) and authenticates the user (1110).
 図10に示したステップ1055Cにて、同意済端末IDテーブル11Cには端末ID(IDt1)が登録されているので、位置情報送信装置10Cは、利用者端末20の利用者は同意済利用者であると判定し、送信時刻(2019年9月1日10時20分)、当該端末ID(IDt1)及び位置(P3)を含む位置情報を位置情報記憶サーバ40に送信する(1115)。位置情報記憶サーバ40は、位置情報テーブル41の新たなレコード(レコードID「L2」)に受信した位置情報を登録する(1120)。 In step 1055C shown in FIG. 10, since the terminal ID (IDt1) is registered in the consented terminal ID table 11C, in the position information transmitting device 10C, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:20 on September 1, 2019), the terminal ID (IDt1) and the position (P3) is transmitted to the position information storage server 40 (1115). The location information storage server 40 registers the received location information in a new record (record ID “L2”) of the location information table 41 (1120).
 その後、個人情報取得装置50Cは、利用者の検査データを個人情報として取得し(1125)、取得した個人情報を履歴記憶サーバ60に送信する(1130)。この個人情報は、検査データが取得された利用者の利用者情報、個人情報取得装置50Cの検査データの取得時刻(2019年9月1日10時25分)、及び場所情報(A病院の検査室)を更に含む。 After that, the personal information acquisition device 50C acquires the user's inspection data as personal information (1125), and transmits the acquired personal information to the history storage server 60 (1130). This personal information includes the user information of the user from whom the inspection data was acquired, the acquisition time of the inspection data of the personal information acquisition device 50C (10:25 on September 1, 2019), and the location information (inspection at Hospital A). Room) is further included.
 個人情報取得装置50Cは、取得した個人情報を履歴記憶サーバ60に送信する。履歴記憶サーバ60は、個人情報を受信した場合、受信した個人情報を暗号化して当該利用者の利用者履歴データ61に書き込む(記憶する)(1130)。 The personal information acquisition device 50C transmits the acquired personal information to the history storage server 60. When the history storage server 60 receives the personal information, the history storage server 60 encrypts the received personal information and writes (stores) it in the user history data 61 of the user (1130).
 個人情報取得装置50Cによって個人情報が取得された後、利用者は、利用者端末20を位置情報送信装置10Cに再度接近させる。位置情報送信装置10Cは、接近した利用者端末20から端末ID(IDt1)を取得し(1135)、利用者認証を行い(1140)、位置情報を位置情報記憶サーバ40に送信する(1145)。この位置情報は、送信時刻(2019年9月1日10時26分)、当該端末ID(IDt1)及び位置(P3)を含む。位置情報記憶サーバ40は、位置情報テーブル41の新たなレコード(レコードID「L3」)に受信した位置情報を登録する(1150)。 After the personal information is acquired by the personal information acquisition device 50C, the user brings the user terminal 20 closer to the position information transmission device 10C again. The position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1135), authenticates the user (1140), and transmits the position information to the position information storage server 40 (1145). This location information includes the transmission time (10:26 on September 1, 2019), the terminal ID (IDt1), and the location (P3). The location information storage server 40 registers the received location information in a new record (record ID “L3”) of the location information table 41 (1150).
 その後、利用者は検査室から診察室へと移動する。個人情報取得装置50Bが個人情報を取得する前に、利用者は位置情報送信装置10Bに利用者端末20を接近させる。位置情報送信装置10Bは、接近した利用者端末20から端末ID(IDt1)を取得し(1155)、利用者認証を行う(1160)。 After that, the user moves from the examination room to the examination room. Before the personal information acquisition device 50B acquires personal information, the user brings the user terminal 20 close to the position information transmission device 10B. The position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1155) and authenticates the user (1160).
 図10に示したステップ1055Bにて、同意済端末IDテーブル11Bには端末ID(IDt1)が登録されているので、位置情報送信装置10Bは、利用者端末20の利用者は同意済利用者であると判定し、送信時刻(2019年9月1日10時30分)、当該端末ID(IDt1)及び位置(P2)を含む位置情報を位置情報記憶サーバ40に送信する(1165)。位置情報記憶サーバ40は、位置情報テーブル41の新たなレコード(レコードID「L4」)に受信した位置情報を登録する(1170)。 In step 1055B shown in FIG. 10, since the terminal ID (IDt1) is registered in the consented terminal ID table 11B, in the location information transmitting device 10B, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:30 on September 1, 2019), the terminal ID (IDt1) and the position (P2) is transmitted to the position information storage server 40 (1165). The location information storage server 40 registers the received location information in a new record (record ID “L4”) of the location information table 41 (1170).
 その後、個人情報取得装置50Bは、利用者の明細データを個人情報として取得し(1175)、取得した個人情報を履歴記憶サーバ60に送信する(1180)。この個人情報は、明細データの利用者の利用者情報、個人情報取得装置50Bの明細データの取得時刻(2019年9月1日10時35分)、及び場所情報(A病院の診察室)を更に含む。 After that, the personal information acquisition device 50B acquires the detailed data of the user as personal information (1175), and transmits the acquired personal information to the history storage server 60 (1180). This personal information includes the user information of the user of the detailed data, the acquisition time of the detailed data of the personal information acquisition device 50B (10:35 on September 1, 2019), and the location information (examination room of Hospital A). Further included.
 個人情報取得装置50Bによって個人情報が取得された後、利用者は、利用者端末20を位置情報送信装置10Bに再度接近させる。位置情報送信装置10Bは、接近した利用者端末20から端末ID(IDt1)を取得し(1185)、利用者認証を行って(1190)、位置情報を位置情報記憶サーバ40に送信する(1195)。この位置情報は、送信時刻(2019年9月1日10時36分)、当該端末ID(IDt1)及び位置(P2)を含む。位置情報記憶サーバ40は、位置情報テーブル41の新たなレコード(レコードID「L5」)に受信した位置情報を登録する(1198)。 After the personal information is acquired by the personal information acquisition device 50B, the user brings the user terminal 20 closer to the position information transmission device 10B again. The position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1185), authenticates the user (1190), and transmits the position information to the position information storage server 40 (1195). .. This location information includes the transmission time (10:36 on September 1, 2019), the terminal ID (IDt1), and the location (P2). The location information storage server 40 registers the received location information in a new record (record ID “L5”) of the location information table 41 (1198).
 上記したように、利用者が施設における位置情報の送信に一旦同意すると、その施設に設置された位置情報送信装置10が当該利用者の利用者端末20の端末IDを共有する。このため、当該施設に設置された位置情報送信装置10は、認証サーバ30に問い合わせることなく、当該位置情報送信装置10の内部で利用者認証を行うことができる。これによって、位置情報送信装置10と認証サーバ30との通信負荷を軽減でき、更に、認証サーバ30の処理負荷も軽減できる。更に、利用者情報の入力を受け付けた位置情報送信装置10A以外の位置情報送信装置10B及び10Cが、位置情報の送信に一旦同意した利用者を位置情報の送信に同意していないと誤って判定してしまうことを防止できる。 As described above, once the user agrees to transmit the location information in the facility, the location information transmitting device 10 installed in the facility shares the terminal ID of the user terminal 20 of the user. Therefore, the location information transmission device 10 installed in the facility can perform user authentication inside the location information transmission device 10 without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 can be reduced, and the processing load of the authentication server 30 can also be reduced. Further, the position information transmitting devices 10B and 10C other than the position information transmitting device 10A that received the input of the user information erroneously determine that the user who once consented to the transmission of the position information does not consent to the transmission of the position information. It is possible to prevent this from happening.
 <(4)位置情報と個人情報との関連付け>
 そして、図12に示したように、所定のタイミング(月の末日のA病院の業務終了後の所定時刻、例えば、2019年9月30日23時00分)になると、履歴記憶サーバ60は、前回の利用者履歴データ61の送信時点から当該所定のタイミングとなるまでに記憶された利用者履歴データ61を個人情報記憶サーバ70に送信する(1205)。 <(4) Association of location information and personal information>
Then, as shown in FIG. 12, at a predetermined timing (a predetermined time after the end of business of Hospital A on the last day of the month, for example, 23:00 on September 30, 2019), the history storage server 60 is set. The user history data 61 stored from the time of the previous transmission of the user history data 61 to the predetermined timing is transmitted to the personal information storage server 70 (1205).
 個人情報記憶サーバ70は、履歴記憶サーバ60から利用者履歴データ61を受信した場合、受信した利用者履歴データ61に含まれる個人情報を個人情報テーブル71に記憶する(1210)。より詳細には、個人情報記憶サーバ70は、受信した利用者履歴データ61に含まれる個人情報の分だけ、個人情報テーブル71に新たなレコードを追加し、追加したレコードのそれぞれに一意な識別子(レコードID「I1」及び「I2」)を付与し、追加したレコードに受信した利用者履歴データ61に含まれる個人情報を登録する。 When the personal information storage server 70 receives the user history data 61 from the history storage server 60, the personal information storage server 70 stores the personal information included in the received user history data 61 in the personal information table 71 (1210). More specifically, the personal information storage server 70 adds a new record to the personal information table 71 by the amount of the personal information included in the received user history data 61, and each of the added records has a unique identifier ( Record IDs "I1" and "I2") are given, and personal information included in the received user history data 61 is registered in the added record.
 個人情報記憶サーバ70は、利用者履歴データ61に含まれる個人情報を個人情報テーブル71への記憶が完了した場合、その旨を示す完了通知を管理サーバ80に送信する(1215)。 When the personal information contained in the user history data 61 is stored in the personal information table 71, the personal information storage server 70 sends a completion notification to that effect to the management server 80 (1215).
 管理サーバ80は、完了通知を受信した場合、個人情報テーブル71に記憶された個人情報と位置情報テーブル41に記憶された位置情報と関連付ける(1220)。より詳細には、管理サーバ80は、図9に示した位置範囲テーブル81を参照し、個人情報に含まれる場所情報によって特定される場所と同一と見做すことができる位置範囲にその位置が含まれる位置情報(候補位置情報)を選択する。そして、管理サーバ80は、選択した位置情報の中から当該個人情報の取得時刻(取得時点)よりも前であって且つ当該取得時刻に最も近い位置情報(直前位置情報)、及び当該個人情報の取得時刻よりも後であって且つ当該取得時刻に最も近い位置情報(直後位置情報)を取得する。位置情報の送信時刻が個人情報の取得時刻の直前であるか直後である場合、位置情報の送信時刻と個人情報の取得時刻とが所定の時刻一致条件を満たすと判定される。管理サーバ80は、直前位置情報の端末IDと直後位置情報の端末IDとが一致する場合、個人情報と直前位置情報と直後位置情報とを関連付ける。 When the management server 80 receives the completion notification, it associates the personal information stored in the personal information table 71 with the location information stored in the location information table 41 (1220). More specifically, the management server 80 refers to the position range table 81 shown in FIG. 9, and its position is in a position range that can be regarded as the same as the place specified by the place information included in the personal information. Select the included location information (candidate location information). Then, the management server 80 sets the location information (immediately preceding location information) that is earlier than the acquisition time (acquisition time) of the personal information and is closest to the acquisition time from the selected location information, and the personal information. The position information (immediately after position information) that is later than the acquisition time and is closest to the acquisition time is acquired. When the transmission time of the position information is immediately before or after the acquisition time of the personal information, it is determined that the transmission time of the position information and the acquisition time of the personal information satisfy a predetermined time matching condition. When the terminal ID of the immediately preceding position information and the terminal ID of the immediately following position information match, the management server 80 associates the personal information, the immediately preceding position information, and the immediately after position information with each other.
 図13を参照しながら、この関連付け処理を詳細に説明する。 This association process will be described in detail with reference to FIG.
 管理サーバ80のCPU801は、所定時間が経過する毎に、ステップ1300から処理を開始し、ステップ1305に進む。ステップ1305にて、CPU801は完了通知を受信したか否かを判定する。完了通知を受信していない場合、CPU801は、ステップ1305にて「No」と判定し、ステップ1395に進んで本ルーチンを一旦終了する。 The CPU 801 of the management server 80 starts processing from step 1300 and proceeds to step 1305 every time a predetermined time elapses. In step 1305, the CPU 801 determines whether or not the completion notification has been received. If the completion notification has not been received, the CPU 801 determines "No" in step 1305, proceeds to step 1395, and temporarily ends this routine.
 一方、完了通知を受信した場合、CPU801は、ステップ1305にて「Yes」と判定し、ステップ1310乃至ステップ1320の処理を実行する。 On the other hand, when the completion notification is received, the CPU 801 determines "Yes" in step 1305 and executes the processes of steps 1310 to 1320.
 ステップ1310:CPU801は、本ルーチンが実行されていない個人情報の中から処理対象となる個人情報(以下、「処理対象個人情報」と称呼する。)を選択する。
 ステップ1315:CPU801は、何れの個人情報とも関連付けられていない位置情報の中から、処理対象個人情報を取得した個人情報取得装置50の設置場所と同一と見做すことができる位置範囲に含まれる位置を示す位置情報を候補位置情報として選択する。 Step 1310: The CPU 801 selects personal information to be processed (hereinafter, referred to as “processed personal information”) from personal information for which this routine has not been executed.
Step 1315: The CPU 801 is included in a position range that can be regarded as the same as the installation location of the personal information acquisition device 50 that has acquired the personal information to be processed from the location information that is not associated with any personal information. Select the position information indicating the position as the candidate position information.
 ステップ1315をより詳細に説明すると、管理サーバ80は、図9に示した位置範囲テーブル81の場所情報フィールド811に処理対象個人情報に含まれる場所情報が登録されたレコードを選択する。そして、管理サーバ80は、取得したレコードの位置範囲フィールド812に登録された位置範囲に位置情報が示す位置が含まれる位置情報を、候補位置情報として選択する。 Explaining step 1315 in more detail, the management server 80 selects a record in which the location information included in the processing target personal information is registered in the location information field 811 of the location range table 81 shown in FIG. Then, the management server 80 selects the position information including the position indicated by the position information in the position range registered in the position range field 812 of the acquired record as the candidate position information.
 ステップ1320:CPU801は、ステップ1315にて選択した候補位置情報の中から、処理対象個人情報の取得時刻よりも前であって且つ当該取得時刻に最も近い位置情報(即ち、処理対象個人情報の取得時刻の直前の位置情報)を直前位置情報として選択し、処理対象個人情報の取得時刻よりも後であって且つ当該取得時刻に最も近い位置情報(即ち、処理対象個人情報の取得時刻の直後の位置情報)を直後位置情報として選択する。 Step 1320: From the candidate position information selected in step 1315, the CPU 801 obtains the position information (that is, the acquisition of the processing target personal information) that is earlier than the acquisition time of the processing target personal information and is closest to the acquisition time. The position information immediately before the time is selected as the immediately preceding position information, and the position information after the acquisition time of the personal information to be processed and closest to the acquisition time (that is, immediately after the acquisition time of the personal information to be processed) is selected. Position information) is selected as the position information immediately after.
 続いて、CPU801は、ステップ1325に進み、直前位置情報に含まれる端末ID(以下、「直前端末ID」と称呼する。)と直後位置情報に含まれる端末ID(以下、「直後端末ID」と称呼する。)とが一致するか否かを判定する。 Subsequently, the CPU 801 proceeds to step 1325, and the terminal ID included in the immediately preceding position information (hereinafter, referred to as “immediately preceding terminal ID”) and the terminal ID included in the immediately preceding position information (hereinafter, “immediately after terminal ID”). It is determined whether or not there is a match with (name).
 直前端末IDと直後端末IDとが一致する場合、CPU801は、ステップ1325にて「Yes」と判定し、ステップ1330に進み、処理対象個人情報と直前位置情報と直後位置情報とを関連付ける。詳細には、CPU801は、個人情報テーブル71の処理対象個人情報のレコードのリンクIDフィールド713に、位置情報テーブル41の直前位置情報のレコードのレコードID及び直後位置情報のレコードIDを登録する。更に、CPU801は、位置情報テーブル41の直前位置情報及び直後位置情報のレコードのリンクIDフィールド415に、個人情報テーブル71の処理対象個人情報のレコードIDを登録する。 When the immediately preceding terminal ID and the immediately preceding terminal ID match, the CPU 801 determines "Yes" in step 1325, proceeds to step 1330, and associates the processing target personal information, the immediately preceding position information, and the immediately following position information. Specifically, the CPU 801 registers the record ID of the record of the immediately preceding position information and the record ID of the immediately preceding position information of the position information table 41 in the link ID field 713 of the record of the personal information to be processed in the personal information table 71. Further, the CPU 801 registers the record ID of the personal information to be processed in the personal information table 71 in the link ID field 415 of the record of the immediately preceding position information and the immediately after position information of the position information table 41.
 続いて、CPU801は、ステップ1335に進み、本ルーチンが未だ実行されていない個人情報(以下、「未処理の個人情報」と称呼する。)が有るか否かを判定する。未処理の個人情報が有る場合、CPU801は、ステップ1335にて「Yes」と判定し、ステップ1310の処理を再度実行する。一方、未処理の個人情報が無い場合、CPU801は、ステップ1335にて「No」と判定し、ステップ1395に進み、本ルーチンを一旦終了する。 Subsequently, the CPU 801 proceeds to step 1335 and determines whether or not there is personal information (hereinafter, referred to as "unprocessed personal information") for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes" in step 1335 and executes the process of step 1310 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1335, proceeds to step 1395, and temporarily ends this routine.
 一方、ステップ1325にて直前端末IDと直後端末IDとが一致しない場合、CPU801は、ステップ1325にて「No」と判定し、ステップ1340に進む。ステップ1340にて、CPU801は、処理対象個人情報と直前位置情報と直後位置情報とが関連付けできないと判定し、ステップ1335に進む。より詳細には、CPU801は、個人情報テーブル71の処理対象個人情報のレコードのリンクIDフィールド713並びに位置情報テーブル41の直前位置情報及び直後位置情報のレコードのリンクIDフィールド415に、関連付けができなかった旨を示す情報を登録する。 On the other hand, if the immediately preceding terminal ID and the immediately following terminal ID do not match in step 1325, the CPU 801 determines "No" in step 1325 and proceeds to step 1340. In step 1340, the CPU 801 determines that the personal information to be processed, the immediately preceding position information, and the immediately after position information cannot be associated with each other, and proceeds to step 1335. More specifically, the CPU 801 cannot associate with the link ID field 713 of the record of the personal information to be processed in the personal information table 71 and the link ID field 415 of the record of the immediately preceding position information and the immediately following position information of the position information table 41. Register the information indicating that.
 上記した関連付け処理によって、図8に示した個人情報テーブル71のレコードID「I1」の個人情報と、当該個人情報の直前位置情報(図7に示した位置情報テーブル41のレコードID「L2」)と、当該個人情報の直後位置情報(図7に示した位置情報テーブル41のレコードID「L3」)と、が関連付けられる。同様に、図8に示した個人情報テーブル71のレコードID「I2」の個人情報と、当該個人情報の直前位置情報(図7に示した位置情報テーブル41のレコードID「L4」)と、当該個人情報の直後位置情報(図7に示した位置情報テーブル41のレコードID「L5」)と、が関連付けられる。 By the above-mentioned association processing, the personal information of the record ID "I1" of the personal information table 71 shown in FIG. 8 and the immediately preceding position information of the personal information (record ID "L2" of the position information table 41 shown in FIG. 7). Is associated with the position information immediately after the personal information (record ID "L3" in the position information table 41 shown in FIG. 7). Similarly, the personal information of the record ID "I2" of the personal information table 71 shown in FIG. 8, the immediately preceding position information of the personal information (record ID "L4" of the position information table 41 shown in FIG. 7), and the said Immediately after the personal information, the position information (record ID “L5” in the position information table 41 shown in FIG. 7) is associated with the personal information.
 <(5)検索>
 次に、図14を参照ながら、上記したような位置情報との関連付けが行われた個人情報の中から検索キーと一致する個人情報を検索する検索処理を説明する。 <(5) Search>
Next, with reference to FIG. 14, a search process for searching for personal information that matches the search key from the personal information associated with the location information as described above will be described.
 検索端末90はネットワークNWに接続されており、検索キーを含む検索要求を管理サーバ80に送信する(1405)。例えば、検索端末90の利用者が、所望の検索キーを入力する。図14に示す例では、検索キーとして利用者情報の一つである年齢(50代)が入力されている。図14に示したステップ1405乃至ステップ1445の検索処理は、検索キーは、利用者情報(氏名、生年月日、年齢、電話番号、住所、及び保険者番号等)に含まれる少なくとも一つの項目が含まれる場合に実行される。 The search terminal 90 is connected to the network NW and sends a search request including a search key to the management server 80 (1405). For example, the user of the search terminal 90 inputs a desired search key. In the example shown in FIG. 14, an age (50's), which is one of the user information, is input as a search key. In the search process of steps 1405 to 1445 shown in FIG. 14, the search key includes at least one item included in the user information (name, date of birth, age, telephone number, address, insurer number, etc.). Executed if included.
 管理サーバ80は、検索要求を受信した場合、受信した検索要求に含まれる検索キーを含む端末ID特定要求を認証サーバ30に送信する(1410)。認証サーバ30は、端末ID特定要求を受信した場合、同意済利用者テーブル31を参照し、受信した端末ID特定要求に含まれる検索キーと一致するレコードの端末IDフィールド311に登録された端末IDを取得する。そして、認証サーバ30は、取得した端末IDを含む端末ID特定応答を管理サーバ80に送信する(1415)。 When the management server 80 receives the search request, it transmits a terminal ID identification request including the search key included in the received search request to the authentication server 30 (1410). When the authentication server 30 receives the terminal ID identification request, the authentication server 30 refers to the agreed user table 31, and the terminal ID registered in the terminal ID field 311 of the record matching the search key included in the received terminal ID identification request. To get. Then, the authentication server 30 transmits a terminal ID specific response including the acquired terminal ID to the management server 80 (1415).
 管理サーバ80は、端末ID特定応答を受信した場合、受信した端末ID特定応答に含まれる端末IDを含む検索要求を位置情報記憶サーバ40に送信する(1420)。 When the management server 80 receives the terminal ID specific response, it transmits a search request including the terminal ID included in the received terminal ID specific response to the location information storage server 40 (1420).
 位置情報記憶サーバ40は、検索要求を受信した場合、位置情報テーブル41を参照し、受信した検索要求に含まれる端末IDと一致する位置情報に関連付けられた個人情報のレコードID(リンクID)を取得する。より詳細には、位置情報記憶サーバ40は、位置情報テーブル41の端末IDフィールド412に「受信した検索要求に含まれる端末ID」が登録されたレコードを選択し、選択したレコードのリンクIDフィールド415に登録されたリンクID(個人情報テーブル71のレコードID)を取得する。そして、位置情報記憶サーバ40は、取得したリンクIDを含む検索応答を管理サーバ80に送信する(1425)。 When the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and obtains a record ID (link ID) of personal information associated with the location information that matches the terminal ID included in the received search request. get. More specifically, the location information storage server 40 selects a record in which the "terminal ID included in the received search request" is registered in the terminal ID field 412 of the location information table 41, and the link ID field 415 of the selected record. The link ID (record ID of the personal information table 71) registered in is acquired. Then, the location information storage server 40 transmits a search response including the acquired link ID to the management server 80 (1425).
 管理サーバ80は、検索応答を受信した場合、受信した検索応答に含まれるリンクIDを含む検索要求を個人情報記憶サーバ70に送信する(1430)。 When the management server 80 receives the search response, it transmits a search request including the link ID included in the received search response to the personal information storage server 70 (1430).
 個人情報記憶サーバ70は、検索要求を受信した場合、個人情報テーブル71を参照し、レコードIDフィールド711に受信した検索要求に含まれるリンクIDが登録されたレコードの個人情報を取得する。そして、個人情報記憶サーバ70は、取得した個人情報を含む検索応答を管理サーバ80に送信する(1435)。 When the personal information storage server 70 receives the search request, the personal information storage server 70 refers to the personal information table 71 and acquires the personal information of the record in which the link ID included in the received search request is registered in the record ID field 711. Then, the personal information storage server 70 transmits a search response including the acquired personal information to the management server 80 (1435).
 管理サーバ80は、検索応答を受信した場合、受信した検索応答を検索端末90に送信する(1440)。検索端末90は、検索応答を受信した場合、受信した検索応答に含まれる個人情報を検索結果として図示しないディスプレイに表示する。 When the management server 80 receives the search response, the management server 80 transmits the received search response to the search terminal 90 (1440). When the search terminal 90 receives the search response, the search terminal 90 displays the personal information included in the received search response as a search result on a display (not shown).
 個人情報の種類毎に、個人情報における利用者情報の位置が異なる可能性が高い。個人情報テーブル71に登録されている個人情報の中から検索要求に含まれる検索キー(利用者情報)と一致する個人情報を検索する方式では、個人情報記憶サーバ70は、検索キーに対応する利用者情報の項目を見つけるために各個人情報の全体を検索する必要がある。このため、個人情報記憶サーバ70にかかる検索処理の負荷が大きくなってしまう。 There is a high possibility that the position of user information in personal information will differ depending on the type of personal information. In the method of searching for personal information that matches the search key (user information) included in the search request from the personal information registered in the personal information table 71, the personal information storage server 70 uses the personal information corresponding to the search key. It is necessary to search the entire personal information in order to find the item of personal information. Therefore, the load of the search process on the personal information storage server 70 becomes large.
 これに対して、上記した検索処理による方式では、個人情報記憶サーバ70は、個人情報テーブル71に登録されている個人情報の中から「ステップ1430にて受信した検索要求に含まれるリンクIDによって特定される個人情報」を取得すればよい。このため、個人情報記憶サーバ70は、各個人情報の全体を検索する必要がないので、個人情報記憶サーバ70にかかる検索処理の負荷が大きくなることを防止できる。 On the other hand, in the above-mentioned search processing method, the personal information storage server 70 is specified by the link ID included in the search request received in step 1430 from the personal information registered in the personal information table 71. All you have to do is to obtain "personal information to be provided". Therefore, since the personal information storage server 70 does not need to search the entire personal information, it is possible to prevent the load of the search process on the personal information storage server 70 from becoming large.
 なお、上記検索処理では、検索端末90に代わって利用者端末20が検索要求を送信してもよい。この場合、利用者端末20の利用者以外の個人情報の検索を禁止することが望ましい。 In the above search process, the user terminal 20 may send a search request instead of the search terminal 90. In this case, it is desirable to prohibit the search for personal information other than the user of the user terminal 20.
 次に、図14を参照しながら、ある個人情報を取得するのに要した時間(所要時間)の検索処理を説明する。 Next, the search process of the time (required time) required to acquire a certain personal information will be described with reference to FIG.
 検索端末90は、検索キーとして場所情報(A病院診察室)を含む所要時間検索要求を管理サーバ80に送信する(ステップ1450)。管理サーバ80は、所要時間検索要求を受信した場合、図9に示した位置範囲テーブル81を参照し、受信した所要時間検索要求に含まれる場所情報(A病院診察室)に対応する位置範囲(R3)を取得する(1455)。そして、管理サーバ80は、取得した位置範囲(R3)を含む検索要求を位置情報記憶サーバ40に送信する(1460)。 The search terminal 90 transmits a required time search request including location information (hospital A hospital examination room) as a search key to the management server 80 (step 1450). When the management server 80 receives the required time search request, the management server 80 refers to the position range table 81 shown in FIG. 9, and the position range (A hospital examination room) corresponding to the location information (A hospital examination room) included in the received required time search request. R3) is acquired (1455). Then, the management server 80 transmits a search request including the acquired position range (R3) to the position information storage server 40 (1460).
 位置情報記憶サーバ40は、位置情報テーブル41を参照し、位置フィールド414に受信した検索要求に含まれる位置範囲(R3)に含まれる位置(P3)が登録されたレコード(レコードID「L2」、「L3」)を取得する。そして、位置情報記憶サーバ40は、取得したレコードを含む検索応答を管理サーバ80に送信する(1465)。 The position information storage server 40 refers to the position information table 41 and records a record (record ID “L2”, in which the position (P3) included in the position range (R3) included in the search request received in the position field 414 is registered. "L3") is acquired. Then, the location information storage server 40 transmits a search response including the acquired record to the management server 80 (1465).
 管理サーバ80は、検索応答に含まれるレコードにおいてリンクIDフィールド415に同じリンクIDが登録された二つのレコード(レコードID「L2」、「L3」)を特定する。そして、管理サーバ80は、その二つのレコードの送信時刻の差分を、当該リンクIDの個人情報の所要時間として計算する(1470)。管理サーバ80は、計算した所要時間を含む検索応答を検索端末90に送信する(1475)。検索端末90は、受信した検索応答に含まれる所要時間を図示しないディスプレイに表示する。なお、所要時間が複数存在する場合には、検索端末90は、所要時間の平均値をディスプレイに表示してもよい。 The management server 80 identifies two records (record IDs "L2" and "L3") in which the same link ID is registered in the link ID field 415 in the records included in the search response. Then, the management server 80 calculates the difference between the transmission times of the two records as the required time of the personal information of the link ID (1470). The management server 80 transmits a search response including the calculated required time to the search terminal 90 (1475). The search terminal 90 displays the required time included in the received search response on a display (not shown). When there are a plurality of required times, the search terminal 90 may display the average value of the required times on the display.
 (第1変形例)
 本変形例では、利用者が施設における位置情報の送信に一旦同意すると、その旨を示す同意済情報をその利用者の利用者端末20に記憶する。なお、同意済情報は、利用者が位置情報の送信に同意した施設の施設IDを含む。 (First modification)
In this modification, once the user consents to the transmission of the location information in the facility, the consented information indicating that fact is stored in the user terminal 20 of the user. The consented information includes the facility ID of the facility where the user has consented to the transmission of the location information.
 そして、利用者が利用者端末20を位置情報送信装置10に接近させた場合、位置情報送信装置10は、利用者端末20から同意済情報を取得する。同意済情報に含まれる施設IDが位置情報送信装置10に設定されている施設IDと一致する場合、位置情報送信装置10は、利用者端末20の利用者が位置情報の送信に同意していると判定する。一方、これらの施設IDが一致しない場合、又は、利用者端末20から同意済情報を取得できない場合、位置情報送信装置10は、利用者が位置情報の送信に同意していないと判定する。 Then, when the user brings the user terminal 20 closer to the position information transmitting device 10, the position information transmitting device 10 acquires the consented information from the user terminal 20. When the facility ID included in the agreed information matches the facility ID set in the location information transmission device 10, the location information transmission device 10 has consented to the transmission of the location information by the user of the user terminal 20. Is determined. On the other hand, if these facility IDs do not match, or if the consented information cannot be obtained from the user terminal 20, the location information transmitting device 10 determines that the user does not consent to the transmission of the location information.
 図15を参照しながら、本変形例の詳細を説明する。
 図15に示す例では、各位置情報送信装置10A乃至10Cの装置認証は既に実行されており、利用者端末20には同意済情報が未だ記憶されていないと仮定する。なお、図15では、図10及び図11に示す処理と同じ処理は同じ符号を付与し、説明を省略する。 The details of this modification will be described with reference to FIG.
In the example shown in FIG. 15, it is assumed that the device authentication of each position information transmitting device 10A to 10C has already been executed, and the consented information is not yet stored in the user terminal 20. In FIG. 15, the same processes as those shown in FIGS. 10 and 11 are given the same reference numerals, and the description thereof will be omitted.
 利用者が利用者端末20を位置情報送信装置10Aに接近させると、位置情報送信装置10Aは、当該利用者端末20の端末ID(IDt1)を取得する(1505)。上記仮定により利用者端末20には同意済情報が記憶されていないため、ステップ1505では、位置情報送信装置10Aは、利用者端末20から同意済情報を取得できない。従って、位置情報送信装置10Aは、利用者認証では、当該利用者端末20の利用者が同意済利用者でないと判定する(1510)。 When the user brings the user terminal 20 closer to the position information transmitting device 10A, the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 (1505). Since the consented information is not stored in the user terminal 20 due to the above assumption, in step 1505, the position information transmitting device 10A cannot acquire the consented information from the user terminal 20. Therefore, the location information transmitting device 10A determines in the user authentication that the user of the user terminal 20 is not a consented user (1510).
 利用者は、A病院での位置情報の送信に同意して利用者情報(UD1)を利用者端末20に入力し(1030)、利用者端末20を位置情報送信装置10Aに再度接近させる(1035)。この場合、位置情報送信装置10Aは、利用者端末20から端末ID(IDt1)及び利用者情報(UD1)を取得し(1035)、登録要求を送信する(1040)。認証サーバ30は、登録要求を受信すると、同意済利用者テーブル31を更新し(1045)、「受信した登録要求に含まれる施設ID(IDf1)を同意済情報として利用者端末に書き込む指令である登録応答(書込指令)」を位置情報送信装置10Aに送信する(1515)。なお、この登録応答は、書き込み先の端末IDとして、認証サーバ30が受信した登録要求に含まれる端末ID(IDt1)を含む。 The user agrees to transmit the location information at the hospital A, inputs the user information (UD1) into the user terminal 20 (1030), and brings the user terminal 20 closer to the location information transmitting device 10A again (1035). ). In this case, the location information transmitting device 10A acquires the terminal ID (IDt1) and the user information (UD1) from the user terminal 20 (1035), and transmits the registration request (1040). When the authentication server 30 receives the registration request, it updates the agreed user table 31 (1045) and writes "the facility ID (IDf1) included in the received registration request to the user terminal as the agreed information". "Registration response (write command)" is transmitted to the position information transmission device 10A (1515). The registration response includes the terminal ID (IDt1) included in the registration request received by the authentication server 30 as the terminal ID of the writing destination.
 位置情報送信装置10Aは、登録応答を受信した場合、利用者に利用者端末20を接近させるための音声メッセージを図示しないスピーカから出力する。利用者が利用者端末20を接近させると、位置情報送信装置10Aは、利用者端末20の端末IDを取得し、取得した端末IDが受信した登録応答に含まれる書き込み先の端末IDと一致するか否かを判定する。これらの端末IDが一致していない場合、位置情報送信装置10Aは、同意済情報を当該利用者端末に書き込まない(記憶しない)。この場合、ステップ1030にて利用者情報を入力した利用者端末20と異なる利用者端末20が位置情報送信装置10に接近していると考えられる。このため、端末IDが一致していない場合に同意済情報が書き込まれないことによって、誤った利用者端末20に同意済情報が書き込まれることを防止できる。 When the location information transmitting device 10A receives the registration response, it outputs a voice message for bringing the user terminal 20 closer to the user from a speaker (not shown). When the user brings the user terminal 20 closer, the position information transmitting device 10A acquires the terminal ID of the user terminal 20, and the acquired terminal ID matches the terminal ID of the writing destination included in the received registration response. Judge whether or not. If these terminal IDs do not match, the location information transmitting device 10A does not write (store) the consented information in the user terminal. In this case, it is considered that the user terminal 20 different from the user terminal 20 into which the user information is input in step 1030 is approaching the position information transmitting device 10. Therefore, it is possible to prevent the consent information from being written to the erroneous user terminal 20 by not writing the consent information when the terminal IDs do not match.
 一方、これらの端末IDが一致している場合、位置情報送信装置10Aは、受信した登録応答に含まれる施設ID(IDf1)を含む同意済情報を利用者端末20に書き込む(記憶させる)(1520)。そして、位置情報送信装置10Aは、送信時刻(2019年9月1日10時10分)、位置(P1)及び端末ID(IDt1)を含む位置情報を送信する(1060)。 On the other hand, when these terminal IDs match, the location information transmitting device 10A writes (stores) the agreed information including the facility ID (IDf1) included in the received registration response in the user terminal 20 (1520). ). Then, the position information transmitting device 10A transmits the position information including the transmission time (10:10 on September 1, 2019), the position (P1), and the terminal ID (IDt1) (1060).
 次に、利用者が利用者端末20を位置情報送信装置10Cに接近させると、位置情報送信装置10Cは、端末ID(IDt1)及び同意済情報を取得し(1520)、利用者認証を行う(1525)。同意済情報に含まれる施設ID(IDf1)と位置情報送信装置10Cに設定されている施設IDf1とが一致するため、この利用者認証では、位置情報送信装置10Cは、利用者が同意済利用者であると判定する。そして、位置情報送信装置10Cは、送信時刻(2019年9月1日10時20分)、位置(P3)及び端末ID(IDt1)を含む位置情報を位置情報記憶サーバ40に送信する(1115)。 Next, when the user brings the user terminal 20 closer to the position information transmitting device 10C, the position information transmitting device 10C acquires the terminal ID (IDt1) and the agreed information (1520), and authenticates the user (1520). 1525). Since the facility ID (IDf1) included in the consented information and the facility IDf1 set in the location information transmitting device 10C match, in this user authentication, the location information transmitting device 10C is a user who has consented to the user. Is determined to be. Then, the position information transmitting device 10C transmits the position information including the transmission time (10:20 on September 1, 2019), the position (P3), and the terminal ID (IDt1) to the position information storage server 40 (1115). ..
 上記したように、利用者がある施設における位置情報の送信に一旦同意すると、当該施設の施設IDを含む同意済情報が利用者端末20に書き込まれる。このため、位置情報送信装置10は、認証サーバ30に問い合わせることなく、利用者認証を行うことができる。これによって、位置情報送信装置10と認証サーバ30との通信負荷及び認証サーバ30の処理負荷も軽減できる。更に、位置情報送信装置10は同意済端末IDテーブル11を有する必要がないため、大容量の記憶媒体を備える必要がない。このため、位置情報送信装置10のコストを削減できる。 As described above, once the user consents to the transmission of location information at a certain facility, the consented information including the facility ID of the facility is written to the user terminal 20. Therefore, the location information transmitting device 10 can perform user authentication without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 and the processing load of the authentication server 30 can be reduced. Further, since the position information transmitting device 10 does not need to have the agreed terminal ID table 11, it is not necessary to provide a large-capacity storage medium. Therefore, the cost of the position information transmitting device 10 can be reduced.
 なお、同意済情報は施設IDを含まなくてもよい。この場合、位置情報送信装置10は、利用者認証にて、利用者端末20から同意済情報を取得できた場合、利用者が同意済利用者であると判定し、利用者端末20から同意済情報を取得できない場合、利用者が同意済利用者でないと判定する。 The agreed information does not have to include the facility ID. In this case, if the location information transmitting device 10 can acquire the consented information from the user terminal 20 by the user authentication, it determines that the user is a consented user and has consented from the user terminal 20. If the information cannot be obtained, it is determined that the user is not a consented user.
 なお、利用者端末20に記憶された同意済情報は、所定のタイミングで消去される。利用者端末20に記憶された同意済情報は、利用者が位置情報の送信に同意した施設から離れたタイミングで消去されることが望ましい。例えば、利用者が位置情報の送信に同意した施設から離れたタイミングは、判定タイミング1及び2の何れかのタイミングである。
 タイミング1:利用者端末20がGPS測位信号に基いて取得した位置が当該施設の位置から所定距離離れたと判定したタイミング
 タイミング2:当該施設にて会計を終了した利用者が利用者端末20を位置情報送信装置10Aに接近させたタイミング The consented information stored in the user terminal 20 is deleted at a predetermined timing. It is desirable that the consented information stored in the user terminal 20 be deleted at the timing when the user leaves the facility where he / she has consented to the transmission of the location information. For example, the timing at which the user leaves the facility that has agreed to transmit the location information is one of the determination timings 1 and 2.
Timing 1: Timing when the position acquired by the user terminal 20 based on the GPS positioning signal is determined to be a predetermined distance away from the position of the facility Timing 2: The user who has completed the accounting at the facility positions the user terminal 20 Timing of approaching the information transmission device 10A
 タイミング2では、会計を行ったA病院の事務員によって位置情報送信装置10Aが有する図示しない削除ボタンが操作された後、利用者が利用者端末20を位置情報送信装置10Aに接近させる。位置情報送信装置10Aは、接近した利用者端末20に記憶された同意済情報を削除する。 At timing 2, the user brings the user terminal 20 closer to the location information transmission device 10A after the deletion button (not shown) of the location information transmission device 10A is operated by the clerk of the hospital A who performed the accounting. The position information transmitting device 10A deletes the consented information stored in the approaching user terminal 20.
 更に、上記所定のタイミングは、同意済情報が書き込まれてから所定時間が経過したタイミングであってもよい。 Further, the predetermined timing may be a timing when a predetermined time has elapsed since the consented information was written.
 (第2変形例)
 上記実施形態によれば、1回目の利用者端末20の位置情報送信装置10への接近から2回目の接近までの間に、他の利用者端末20が当該位置情報送信装置10に接近してしまう可能性がある。この場合、直前端末IDと直後端末IDとが異なるため、図13に示したステップ1325にて「No」と判定される。従って、1回目と同じ利用者端末20が他の利用者端末20に接近した場合であっても、個人情報と直前位置情報と直後位置情報とを関連付けることができない。 (Second modification)
According to the above embodiment, another user terminal 20 approaches the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach. There is a possibility that it will end up. In this case, since the immediately preceding terminal ID and the immediately preceding terminal ID are different, it is determined as "No" in step 1325 shown in FIG. Therefore, even when the same user terminal 20 as the first time approaches another user terminal 20, the personal information, the immediately preceding position information, and the immediately after position information cannot be associated with each other.
 そこで、本変形例では、直前端末IDと直後端末IDとが異なる場合であっても、直前端末IDと直後位置情報よりも後に取得された位置情報の端末IDとが一致する場合(又は、直後端末IDと直前位置情報よりも前に取得された位置情報の端末IDとが一致する場合)、これらの「端末IDが一致する位置情報」と個人情報とを関連付ける。 Therefore, in this modification, even if the immediately preceding terminal ID and the immediately after terminal ID are different, the case where the immediately preceding terminal ID and the terminal ID of the position information acquired after the immediately after position information match (or immediately after). (When the terminal ID and the terminal ID of the position information acquired before the immediately preceding position information match), these "position information with which the terminal ID matches" are associated with personal information.
 図16を参照しながら、本変形例の詳細を説明する。
 CPU801は、図13に示したステップ1325にて「No」と判定した場合(即ち、直前端末IDと直後端末IDとが異なる場合)、図16に示したステップ1605に進む。ステップ1605にて、CPU801は、図13に示したステップ1315にて選択した候補位置情報の中から、直後位置情報の直後の位置情報(次点直後位置情報)を選択し、ステップ1610に進む。 The details of this modification will be described with reference to FIG.
When the CPU 801 determines "No" in step 1325 shown in FIG. 13 (that is, when the immediately preceding terminal ID and the immediately preceding terminal ID are different), the CPU 801 proceeds to step 1605 shown in FIG. In step 1605, the CPU 801 selects the position information immediately after the immediately following position information (position information immediately after the next point) from the candidate position information selected in step 1315 shown in FIG. 13, and proceeds to step 1610.
 ステップ1610にて、CPU801は、次点直後位置情報の取得時刻(T2)から図13に示したステップ1320にて選択した直前位置情報の取得時刻(T1)を減算することによって時間差分ΔT(=T2-T1)を取得し、取得した時間差分ΔTが閾値差分Tth以下であるか否かを判定する。 In step 1610, the CPU 801 subtracts the time difference ΔT (=) of the immediately preceding position information acquisition time (T1) selected in step 1320 shown in FIG. 13 from the acquisition time (T2) of the position information immediately after the runner-up. T2-T1) is acquired, and it is determined whether or not the acquired time difference ΔT is equal to or less than the threshold difference Tth.
 時間差分ΔTが閾値差分Tth以下である場合、CPU801は、図16に示したステップ1610にて「Yes」と判定し、ステップ1615に進み、直前端末IDと次点直後位置情報の端末ID(次点直後端末ID)とが一致するか否かを判定する。 When the time difference ΔT is equal to or less than the threshold difference Tth, the CPU 801 determines “Yes” in step 1610 shown in FIG. It is determined whether or not the terminal ID) immediately after the point matches.
 直前端末IDと次点直後端末IDとが一致する場合、CPU801は、ステップ1615にて「Yes」と判定し、図13に示したステップ1330に進む。この結果、処理対象個人情報と直前位置情報と次点直後位置情報とが関連付けられる。 When the immediately preceding terminal ID and the immediately preceding terminal ID match, the CPU 801 determines "Yes" in step 1615 and proceeds to step 1330 shown in FIG. As a result, the personal information to be processed, the immediately preceding position information, and the immediately after runner-up position information are associated with each other.
 一方、直前端末IDと次点直後端末IDとが一致しない場合、CPU801は、図16に示したステップ1615にて「No」と判定し、ステップ1605に戻り、現在の次点直後位置情報の直後の位置情報を新たな次点直後位置情報として選択する。 On the other hand, when the immediately preceding terminal ID and the immediately after runner-up terminal ID do not match, the CPU 801 determines "No" in step 1615 shown in FIG. 16, returns to step 1605, and immediately after the current runner-up immediately after position information. The position information of is selected as the position information immediately after the new runner-up.
 一方、ステップ1610にて時間差分ΔTが閾値差分Tthよりも大きい場合、CPU801は、ステップ1610にて「No」と判定し、ステップ1620に進む。ステップ1620にて、CPU801は、図13に示したステップ1315にて選択した候補位置情報の中から、直前位置情報の直前の位置情報(次点直前位置情報)を選択し、図16に示したステップ1625に進む。 On the other hand, if the time difference ΔT is larger than the threshold difference Tth in step 1610, the CPU 801 determines “No” in step 1610 and proceeds to step 1620. In step 1620, the CPU 801 selects the position information immediately before the previous position information (the position information immediately before the next point) from the candidate position information selected in step 1315 shown in FIG. 13, and is shown in FIG. Proceed to step 1625.
 ステップ1625にて、CPU801は、図13に示したステップ1320にて選択した直後位置情報の取得時刻(T2’)から次点直前位置情報の取得時刻(T1’)を減算することによって時間差分ΔT’(=T2’-T1’)を取得し、取得した時間差分ΔT’が閾値差分Tth以下であるか否かを判定する。 In step 1625, the CPU 801 subtracts the acquisition time (T1') of the position information immediately before the runner-up from the acquisition time (T2') of the position information immediately after the selection in step 1320 shown in FIG. '(= T2'-T1') is acquired, and it is determined whether or not the acquired time difference ΔT'is equal to or less than the threshold difference Tth.
 時間差分ΔT’が閾値差分Tth以下である場合、CPU801は、図16に示したステップ1625にて「Yes」と判定し、ステップ1630に進み、次点直前位置情報の端末ID(次点直前端末ID)と直後端末IDとが一致するか否かを判定する。 When the time difference ΔT'is equal to or less than the threshold difference Tth, the CPU 801 determines “Yes” in step 1625 shown in FIG. 16, proceeds to step 1630, and proceeds to step 1630, where the terminal ID of the position information immediately before the next point (terminal immediately before the next point). It is determined whether or not the ID) and the immediately after terminal ID match.
 次点直前端末IDと直後端末IDとが一致する場合、CPU801は、ステップ1630にて「Yes」と判定し、図13に示したステップ1330に進む。この結果、処理対象個人情報と次点直前位置情報と直後位置情報とが関連付けられる。 When the terminal ID immediately before the runner-up point and the terminal ID immediately after the runner-up match, the CPU 801 determines "Yes" in step 1630 and proceeds to step 1330 shown in FIG. As a result, the personal information to be processed, the position information immediately before the runner-up, and the position information immediately after the runner are associated with each other.
 一方、次点直前端末IDと直後端末IDとが一致しない場合、CPU801は、図16に示したステップ1630にて「No」と判定し、ステップ1620に戻り、現在の次点直前位置情報の直前の位置情報を新たな次点直前位置情報として選択する。 On the other hand, when the terminal ID immediately before the runner-up and the terminal ID immediately after the runner-up do not match, the CPU 801 determines "No" in step 1630 shown in FIG. The position information of is selected as the position information immediately before the new runner-up.
 一方、ステップ1625にて時間差分ΔT’が閾値差分Tthよりも大きい場合、CPU801は、ステップ1625にて「No」と判定し、図13に示したステップ1345に進む。この結果、処理対象個人情報は何れの位置情報にも関係付けられない。 On the other hand, when the time difference ΔT'is larger than the threshold difference Tth in step 1625, the CPU 801 determines “No” in step 1625 and proceeds to step 1345 shown in FIG. As a result, the personal information to be processed is not related to any location information.
 以上によって、個人情報が取得される利用者が利用者端末20を位置情報送信装置10に2回接近させるまでの期間に他の利用者が他の利用者端末を当該位置情報送信装置10に誤って接近させた場合であっても、個人情報が取得される利用者が利用者端末20を位置情報送信装置10に接近させたことにより送信された位置情報と当該個人情報とを関連付けることができる。 As a result, another user mistakenly attaches another user terminal to the position information transmitting device 10 during the period until the user for which personal information is acquired brings the user terminal 20 closer to the position information transmitting device 10 twice. Even when the personal information is brought close to the user, the personal information transmitted by the user who has acquired the personal information brought the user terminal 20 close to the position information transmitting device 10 can be associated with the personal information. ..
 なお、図16に示したルーチンでは、図13に示したステップ1325にて「No」と判定された場合、次点直前位置情報及び次点直後位置情報のうち次点直後位置情報を先に選択したが、次点直前位置情報を先に選択してもよい。より詳細に説明すると、図13に示したステップ1325にて「No」と判定されると、CPU801は、ステップ1620乃至ステップ1630の処理を実行する。CPU801は、ステップ1625にて「No」と判定すると、ステップ1605に進む。CPU801は、ステップ1610にて「No」と判定すると、図13に示したステップ1345に進む。 In the routine shown in FIG. 16, when "No" is determined in step 1325 shown in FIG. 13, the position information immediately after the next point is selected first from the position information immediately before the next point and the position information immediately after the next point. However, the position information immediately before the runner-up may be selected first. More specifically, if "No" is determined in step 1325 shown in FIG. 13, the CPU 801 executes the processes of steps 1620 to 1630. If the CPU 801 determines "No" in step 1625, the CPU 801 proceeds to step 1605. If the CPU 801 determines "No" in step 1610, the CPU 801 proceeds to step 1345 shown in FIG.
 (第3変形例)
 本変形例の位置情報送信装置10は、1回目の利用者端末20の位置情報送信装置10への接近から2回目の接近までの間に、他の利用者端末が位置情報送信装置10に接近させられたとしても、位置情報を送信しないように構成される。 (Third modification example)
In the position information transmitting device 10 of this modification, another user terminal approaches the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach. Even if it is made to do so, it is configured not to transmit the location information.
 図17を参照しながら、本変形例の詳細を説明する。
 位置情報送信装置10のCPU101は、所定時間が経過する毎に、ステップ1700から処理を開始し、ステップ1705に進む。ステップ1705にて、CPU101は利用者端末20の端末IDを取得したか否かを判定する。 The details of this modification will be described with reference to FIG.
The CPU 101 of the position information transmitting device 10 starts processing from step 1700 and proceeds to step 1705 every time a predetermined time elapses. In step 1705, the CPU 101 determines whether or not the terminal ID of the user terminal 20 has been acquired.
 利用者端末20の端末IDが取得されていない場合、CPU101は、ステップ1705にて「No」と判定し、ステップ1795に進み、本ルーチンを一旦終了する。 If the terminal ID of the user terminal 20 has not been acquired, the CPU 101 determines "No" in step 1705, proceeds to step 1795, and temporarily ends this routine.
 利用者端末20の端末IDが取得されている場合、CPU101は、ステップ1705にて「Yes」と判定し、ステップ1710に進む。ステップ1710にて、CPU101は、取得した端末IDが同意済端末IDテーブル11に登録されているか否かを判定する。 When the terminal ID of the user terminal 20 has been acquired, the CPU 101 determines "Yes" in step 1705 and proceeds to step 1710. In step 1710, the CPU 101 determines whether or not the acquired terminal ID is registered in the agreed terminal ID table 11.
 端末IDが同意済端末IDテーブル11に登録されている場合、CPU101は、ステップ1710にて「Yes」と判定し(即ち、利用者が同意済利用者であると判定し)、ステップ1715に進む。ステップ1715にて、CPU101は、「利用者端末20が1回目に接近したことによって位置情報が送信されたとき」に記憶される当該利用者端末20の端末IDである前回端末IDが記憶されているか否かを判定する。 When the terminal ID is registered in the agreed terminal ID table 11, the CPU 101 determines "Yes" in step 1710 (that is, determines that the user is a consented user), and proceeds to step 1715. .. In step 1715, the CPU 101 stores the previous terminal ID, which is the terminal ID of the user terminal 20, which is stored when the position information is transmitted due to the user terminal 20 approaching for the first time. Judge whether or not.
 前回端末IDが記憶されていない場合、位置情報送信装置10がステップ1705にて端末IDを取得する契機となった利用者端末20の接近は1度目の接近と考えられる。この場合、CPU101は、ステップ1715にて「Yes」と判定し、ステップ1720に進む。ステップ1720にて、CPU101は、ステップ1705にて取得した端末ID(以下、「今回端末ID」と称呼する。)を前回端末IDとして記憶し、ステップ1725に進んで位置情報を送信する。その後、CPU101は、ステップ1795に進み、本ルーチンを一旦終了する。 If the terminal ID is not stored last time, the approach of the user terminal 20 that triggered the position information transmitting device 10 to acquire the terminal ID in step 1705 is considered to be the first approach. In this case, the CPU 101 determines “Yes” in step 1715 and proceeds to step 1720. In step 1720, the CPU 101 stores the terminal ID acquired in step 1705 (hereinafter, referred to as “this time terminal ID”) as the previous terminal ID, and proceeds to step 1725 to transmit the position information. After that, the CPU 101 proceeds to step 1795 and temporarily ends this routine.
 一方、ステップ1715にて、前回端末IDが記憶されている場合、1度目の接近は既に行われていると考えられる。この場合、CPU101は、ステップ1715にて「No」と判定し、ステップ1730に進む。ステップ1730にて、CPU101は、今回ステップ1705にて取得した今回端末IDと前回端末IDとが一致するか否かを判定する。 On the other hand, if the terminal ID was stored last time in step 1715, it is considered that the first approach has already been performed. In this case, the CPU 101 determines "No" in step 1715 and proceeds to step 1730. In step 1730, the CPU 101 determines whether or not the current terminal ID acquired in step 1705 this time matches the previous terminal ID.
 今回端末IDと前回端末IDとが一致する場合、CPU101は、ステップ1730にて「Yes」と判定し、ステップ1735に進む。ステップ1735にて、CPU101は、前回端末ID及び今回端末IDを削除し、ステップ1725に進んで位置情報を送信する。 If the terminal ID this time and the terminal ID last time match, the CPU 101 determines "Yes" in step 1730 and proceeds to step 1735. In step 1735, the CPU 101 deletes the previous terminal ID and the current terminal ID, and proceeds to step 1725 to transmit the position information.
 一方、今回端末IDと前回端末IDとが一致しない場合、CPU101は、ステップ1730にて「No」と判定し、ステップ1738及びステップ1740の処理を実行し、ステップ1795に進んで本ルーチンを一旦終了する。 On the other hand, if the terminal ID does not match the previous terminal ID this time, the CPU 101 determines "No" in step 1730, executes the processes of steps 1738 and 1740, proceeds to step 1795, and temporarily ends this routine. To do.
 ステップ1738:CPU101は、今回端末IDを削除する。
 ステップ1740:CPU101は、異常報知を行う。この異常報知では、例えば、CPU101は、前回の利用者端末20と異なる利用者端末20が接近した旨の音声メッセージを図示しないスピーカから出力する。 Step 1738: The CPU 101 deletes the terminal ID this time.
Step 1740: The CPU 101 notifies the abnormality. In this abnormality notification, for example, the CPU 101 outputs a voice message indicating that a user terminal 20 different from the previous user terminal 20 has approached from a speaker (not shown).
 一方、ステップ1710にて、端末IDが同意済端末IDテーブル11に登録されていない場合、CPU101は、ステップ1710にて「No」と判定し(利用者が同意済利用者でないと判定し)、ステップ1745に進む。ステップ1745にて、CPU101は、非同意利用者報知を行い、ステップ1750に進む。非同意利用者報知では、CPU101は、利用者が同意済利用者でない旨を表す音声メッセージを図示しないスピーカから出力する。 On the other hand, if the terminal ID is not registered in the agreed terminal ID table 11 in step 1710, the CPU 101 determines "No" in step 1710 (determines that the user is not the agreed user). Proceed to step 1745. At step 1745, the CPU 101 notifies the non-consent user and proceeds to step 1750. In the non-consent user notification, the CPU 101 outputs a voice message indicating that the user is not a consented user from a speaker (not shown).
 ステップ1750にて、CPU101は、利用者情報が入力されたか否かを判定する。
 詳細には、CPU101は、端末IDとともに利用者情報を取得した場合、利用者情報が入力されたと判定する。 In step 1750, the CPU 101 determines whether or not the user information has been input.
Specifically, when the CPU 101 acquires the user information together with the terminal ID, it determines that the user information has been input.
 ステップ1750にて利用者情報が入力されていない場合、CPU101は、ステップ1750にて「No」と判定し、ステップ1795に進んで本ルーチンを一旦終了する。 If the user information is not input in step 1750, the CPU 101 determines "No" in step 1750, proceeds to step 1795, and temporarily ends this routine.
 一方、ステップ1750にて利用者情報が入力された場合、CPU101は、ステップ1750にて「Yes」と判定し、ステップ1755に進み、端末ID及び利用者情報の登録要求を認証サーバ30に送信する。その後、CPU101は、ステップ1795に進んで本ルーチンを一旦終了する。 On the other hand, when the user information is input in step 1750, the CPU 101 determines "Yes" in step 1750, proceeds to step 1755, and transmits a terminal ID and user information registration request to the authentication server 30. .. After that, the CPU 101 proceeds to step 1795 to temporarily end this routine.
 以上によって、本変形例による位置情報送信装置10は、今回取得端末IDと直前取得端末IDとが一致しなければ、位置情報を送信しない。これによって、1回目の利用者端末20の位置情報送信装置10への接近から2回目の接近までの間に、他の利用者端末が位置情報送信装置10に接近させられたとしても、位置情報は送信されない。この結果、同一の利用者の個人情報、直前位置情報及び直後位置情報をより正確に関連付けることができる。 As described above, the position information transmitting device 10 according to this modification does not transmit the position information unless the acquired terminal ID this time and the immediately preceding acquired terminal ID match. As a result, even if another user terminal is brought close to the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach, the position information Is not sent. As a result, the personal information, the immediately preceding position information, and the immediately after position information of the same user can be more accurately associated with each other.
 (第4変形例)
 本変形例では、認証サーバ30は、同一の利用者が利用する複数の利用者端末20と当該利用者の利用者情報とを関連付けて記憶する。 (Fourth modification)
In this modification, the authentication server 30 stores a plurality of user terminals 20 used by the same user in association with the user information of the user.
 図18を参照しながら、本変形例の詳細を説明する。図18では、図10に示した処理と同じ処理は同じ符号を付与して説明を省略する。本変形例では、認証サーバ30は、同一の利用者が利用する(携帯する)複数の利用者端末20及び25の端末IDと当該利用者の利用者情報とを関連付けて記憶する。 The details of this modification will be described with reference to FIG. In FIG. 18, the same processing as that shown in FIG. 10 is given the same reference numerals and the description thereof will be omitted. In this modification, the authentication server 30 stores the terminal IDs of a plurality of user terminals 20 and 25 used (carried) by the same user in association with the user information of the user.
 利用者がA病院における位置情報の送信に同意した後(図10を参照)、この利用者が、当該同意を行ったときの利用者端末(スマートフォン)20と異なる利用者端末(ICカード)25を位置情報送信装置10Aに接近させる。利用者が利用者端末25を位置情報送信装置10Aに接近させると、位置情報送信装置10Aは、利用者端末25の端末ID(IDt2)を取得する(1805)。 After the user agrees to transmit the location information in Hospital A (see FIG. 10), the user terminal (IC card) 25 different from the user terminal (smartphone) 20 when the user gives the consent. Is brought closer to the position information transmitting device 10A. When the user brings the user terminal 25 closer to the position information transmitting device 10A, the position information transmitting device 10A acquires the terminal ID (IDt2) of the user terminal 25 (1805).
 そして、位置情報送信装置10Aは利用者認証を行う(1025)。端末ID(IDt2)が同意済端末IDテーブル11Aに登録されていないと仮定すると、この利用者認証では、位置情報送信装置10Aはこの利用者が同意済利用者でないと判定し、上記非同意利用者報知を行う。 Then, the location information transmitting device 10A authenticates the user (1025). Assuming that the terminal ID (IDt2) is not registered in the consented terminal ID table 11A, in this user authentication, the location information transmitting device 10A determines that this user is not a consented user, and uses the above-mentioned non-consented use. Notify the person.
 利用者は、位置情報送信装置10Aに接続された図示しないキーボードを介して利用者情報UD1を位置情報送信装置10Aに入力する(1810)。図10に示した利用者と本例における利用者とは同じであるので、ステップ1810にて入力された利用者情報UD1は、図10に示したステップ1030にて入力された利用者情報UD1と同じである。なお、位置情報送信装置10Aがタッチパネル式のディスプレイを有する場合には、利用者は、そのタッチパネル式のディスプレイを介して利用者情報の入力を受け付けてもよい。 The user inputs the user information UD1 to the position information transmission device 10A via a keyboard (not shown) connected to the position information transmission device 10A (1810). Since the user shown in FIG. 10 and the user in this example are the same, the user information UD1 input in step 1810 is the same as the user information UD1 input in step 1030 shown in FIG. It is the same. When the position information transmitting device 10A has a touch panel type display, the user may accept input of user information via the touch panel type display.
 利用者は、利用者情報の入力が完了したとき、利用者端末25を位置情報送信装置10Aに接近させる。このとき、位置情報送信装置10Aは、利用者端末25から端末ID(IDt2)を取得する(1815)。そして、位置情報送信装置10Aは、取得した端末ID(IDt2)、入力された利用者情報UD1、及び施設ID(IDf1)を含む登録要求を認証サーバ30に送信する(1040)。 When the input of the user information is completed, the user brings the user terminal 25 closer to the position information transmitting device 10A. At this time, the position information transmitting device 10A acquires the terminal ID (IDt2) from the user terminal 25 (1815). Then, the location information transmission device 10A transmits a registration request including the acquired terminal ID (IDt2), the input user information UD1 and the facility ID (IDf1) to the authentication server 30 (1040).
 認証サーバ30は、登録要求を受信すると、受信した登録要求に含まれる端末IDt2と利用者情報UD1とを関連付けて同意済利用者テーブル31に登録する。この結果、利用者情報UD1には、端末ID(IDt1)及び端末ID(IDt2)が登録される(図18を参照。)。なお、以降の処理は、図10に示したステップ1045乃至1065と同じであるため説明を省略する。 When the authentication server 30 receives the registration request, it associates the terminal ID t2 included in the received registration request with the user information UD1 and registers it in the agreed user table 31. As a result, the terminal ID (IDt1) and the terminal ID (IDt2) are registered in the user information UD1 (see FIG. 18). Since the subsequent processing is the same as steps 1045 to 1065 shown in FIG. 10, the description thereof will be omitted.
 以上によって、利用者が「事前に端末IDを登録した利用者端末20」と異なる利用者端末25を利用する場合であっても、「利用者端末25の使用時に取得された位置情報及び個人情報」と「利用者端末20の使用時に取得された位置情報及び個人情報」とが、同じ利用者情報UD1によって関連付けられる。これによって、利用者端末20を接近させた場合に取得された個人情報、及び、利用者端末25を接近させた場合に取得された個人情報は、同一の利用者から取得された個人情報として管理される。 As described above, even when the user uses the user terminal 25 different from the "user terminal 20 in which the terminal ID is registered in advance", the "location information and personal information acquired when using the user terminal 25" "And" location information and personal information acquired when the user terminal 20 is used "are associated with the same user information UD1. As a result, the personal information acquired when the user terminal 20 is brought close to the user terminal 20 and the personal information acquired when the user terminal 25 is brought close to the user terminal 25 are managed as personal information acquired from the same user. Will be done.
 図14を参照しながら、図18で利用者情報UD1と端末ID(IDt1)及び端末ID(IDt2)とが関連付けて同意済利用者テーブル31に登録された利用者(この利用者を「利用者A」と称呼する。)が、自身の個人情報を検索する例を説明する。この場合、ステップ1505にて、利用者Aが検索端末90を操作して、当該利用者Aを特定可能な利用者情報UD1(例えば、氏名及び生年月日)を入力する。検索端末90は、上記利用者情報の入力を受け付けると、ステップ1405にて当該利用者情報を検索キーとして含む検索要求を管理サーバ80に送信する。管理サーバ80は、ステップ1410にて上記利用者情報を含む端末ID特定要求を認証サーバ30に送信する。認証サーバ30は、同意済利用者テーブル31から検索キーと一致するレコードの端末IDを取得する。この場合、利用者Aの利用者情報UD1のレコードには二つの端末ID(IDt1及びIDt2)が登録されている。このため、認証サーバ30は、ステップ1515にて当該二つの端末ID(IDt1及びIDt2)を含む端末ID特定応答を管理サーバ80に送信する。ステップ1520以降の処理は、上記した処理と同じであるので、説明を省略する。 With reference to FIG. 14, a user registered in the agreed user table 31 in which the user information UD1 is associated with the terminal ID (IDt1) and the terminal ID (IDt2) in FIG. A ”) will explain an example of searching for its own personal information. In this case, in step 1505, the user A operates the search terminal 90 and inputs the user information UD1 (for example, the name and the date of birth) that can identify the user A. When the search terminal 90 receives the input of the user information, the search terminal 90 transmits a search request including the user information as a search key to the management server 80 in step 1405. The management server 80 transmits the terminal ID identification request including the user information to the authentication server 30 in step 1410. The authentication server 30 acquires the terminal ID of the record that matches the search key from the agreed user table 31. In this case, two terminal IDs (IDt1 and IDt2) are registered in the record of the user information UD1 of the user A. Therefore, the authentication server 30 transmits a terminal ID specific response including the two terminal IDs (IDt1 and IDt2) to the management server 80 in step 1515. Since the processing after step 1520 is the same as the processing described above, the description thereof will be omitted.
 同じ利用者Aが利用する複数の利用者端末(20及び25)の端末IDを当該利用者Aの利用者情報UD1と関連付けて同意済利用者テーブル31に記憶しておくことによって、当該利用者Aがどの利用者端末(20又は25)を位置情報送信装置に接近させたとしても、そのときに取得された個人情報を同じ利用者Aの個人情報として検索できるようになる。 By associating the terminal IDs of a plurality of user terminals (20 and 25) used by the same user A with the user information UD1 of the user A and storing them in the agreed user table 31, the user concerned No matter which user terminal (20 or 25) A brings the user terminal (20 or 25) close to the location information transmitting device, the personal information acquired at that time can be searched as the same user A's personal information.
 (第5変形例)
 本変形例に係る位置情報送信装置10は、自身に対応する場所に設置された個人情報取得装置50が取得する個人情報の種別の識別子を示す種別IDを特定可能な種別特定情報を更に含む位置情報を位置情報記憶サーバ40に送信する。この結果、位置情報と種別IDとが関連付けられて管理される。これによって、検索キーに個人情報の種別IDが含まれる場合、管理サーバ80は、個人情報テーブル71に暗号化されたまま記憶されている個人情報を参照せずに、位置情報テーブル41を参照するだけで、検索キーに含まれる種別IDの個人情報を特定できる。 (Fifth modification)
The position information transmission device 10 according to this modification further includes type identification information capable of specifying a type ID indicating an identifier of the type of personal information acquired by the personal information acquisition device 50 installed at a location corresponding to itself. Information is transmitted to the location information storage server 40. As a result, the location information and the type ID are associated and managed. As a result, when the search key includes the type ID of the personal information, the management server 80 refers to the location information table 41 without referring to the personal information stored in the personal information table 71 as being encrypted. Only by itself, the personal information of the type ID included in the search key can be specified.
 図19及び図20を参照しながら、本変形例の詳細を説明する。
 本変形例に係る位置情報記憶サーバ40は、種別テーブル42を更に有する。図20に示したように、種別テーブル42は、チップIDフィールド421及び種別IDフィールド422を含む。チップIDフィールド421には位置情報送信装置10のチップIDが登録され、種別IDフィールド422には種別IDが登録される。各位置情報送信装置10の導入時に管理者等によってチップIDと種別IDとの関係がこの種別テーブル42に登録される。更に、図21に示したように、本変形例に係る位置情報テーブル41は、上記フィールド411乃至415に加えて、チップIDフィールド2101及び種別IDフィールド2102を含む。チップIDフィールド2101にはチップIDが登録され、種別IDフィールド2102には種別IDが登録される。 The details of this modification will be described with reference to FIGS. 19 and 20.
The location information storage server 40 according to this modification further has a type table 42. As shown in FIG. 20, the type table 42 includes a chip ID field 421 and a type ID field 422. The chip ID of the position information transmitting device 10 is registered in the chip ID field 421, and the type ID is registered in the type ID field 422. At the time of introduction of each position information transmitting device 10, the relationship between the chip ID and the type ID is registered in the type table 42 by an administrator or the like. Further, as shown in FIG. 21, the position information table 41 according to the present modification includes the chip ID field 2101 and the type ID field 2102 in addition to the above fields 411 to 415. The chip ID is registered in the chip ID field 2101, and the type ID is registered in the type ID field 2102.
 位置情報送信装置10は、チップIDを種別特定情報として含む位置情報を位置情報記憶サーバ40に送信する。位置情報記憶サーバ40は、位置情報を受信した場合、種別テーブルを参照し、位置情報に含まれるチップIDに対応する種別IDを取得する。そして、位置情報記憶サーバ40は、位置情報テーブルのチップIDフィールド2101に受信した位置情報に含まれるチップIDを登録し、種別IDフィールド2102に当該チップIDに対応する種別IDを登録する。 The position information transmitting device 10 transmits the position information including the chip ID as the type identification information to the position information storage server 40. When the location information storage server 40 receives the location information, the location information storage server 40 refers to the type table and acquires the type ID corresponding to the chip ID included in the location information. Then, the position information storage server 40 registers the chip ID included in the received position information in the chip ID field 2101 of the position information table, and registers the type ID corresponding to the chip ID in the type ID field 2102.
 次に、図14を参照しながら、検索キーに年齢及び個人情報の種別IDが含まれる場合の検索処理を説明する。ここでは、図14に示す例と異なり、ステップ1405にて、検索端末90は、検索キーとして年齢及び種別IDを含む検索要求を管理サーバ80に送信する。 Next, with reference to FIG. 14, the search process when the search key includes the age and the type ID of the personal information will be described. Here, unlike the example shown in FIG. 14, in step 1405, the search terminal 90 transmits a search request including the age and the type ID as the search key to the management server 80.
 ステップ1420にて、管理サーバ80は、「検索キーの一つである年齢と一致する利用者が利用する利用者端末20の端末ID」及び「検索キーの一つである種別ID」を含む検索要求を位置情報記憶サーバ40に送信する。位置情報記憶サーバ40は、検索要求を受信した場合、位置情報テーブル41を参照し、受信した検索要求に含まれる端末IDと一致し、且つ、種別IDと一致するレコードのリンクIDを取得する。そして、位置情報記憶サーバ40は、ステップ1425にて、取得したリンクIDを含む検索応答を管理サーバ80に送信する。以降の処理は図14と同じであるので、説明を省略する。 In step 1420, the management server 80 searches including "the terminal ID of the user terminal 20 used by the user matching the age, which is one of the search keys," and "the type ID, which is one of the search keys." The request is transmitted to the location information storage server 40. When the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and acquires a link ID of a record that matches the terminal ID included in the received search request and that matches the type ID. Then, in step 1425, the location information storage server 40 transmits a search response including the acquired link ID to the management server 80. Since the subsequent processing is the same as that in FIG. 14, the description thereof will be omitted.
 本変形例によれば、検索キーに種別IDが含まれる場合であっても、位置情報テーブル41を参照して検索キーである種別IDと一致する位置情報を特定し、個人情報テーブル71からその位置情報に関連付けられた個人情報を取得する。これによって、暗号化された個人情報を復号化せずとも、検索キーと一致する個人情報を検索できる。 According to this modification, even when the type ID is included in the search key, the position information matching the type ID which is the search key is specified by referring to the position information table 41, and the position information is specified from the personal information table 71. Acquire personal information associated with location information. This makes it possible to search for personal information that matches the search key without decrypting the encrypted personal information.
 上記変形例では、種別特定情報としてチップIDを例に説明したが、種別特定情報は、位置情報送信装置10を識別できる情報(例えば、位置情報送信装置10のマックアドレス及びIPアドレス)であってもよい。更に、位置情報送信装置10に、自身に対応する場所に設置された個人情報取得装置50が取得する個人情報の種別IDが予め設定されていれば、その種別IDを種別特定情報として用いてもよい。この場合、位置情報記憶サーバ40は、図20に示した種別テーブル42を有さなくてもよい。更に、図21に示した位置情報テーブル41は、チップIDフィールド2101を含まなくてもよい。 In the above modification, the chip ID has been described as an example of the type identification information, but the type identification information is information that can identify the position information transmitting device 10 (for example, the Mac address and the IP address of the position information transmitting device 10). May be good. Further, if the type ID of the personal information acquired by the personal information acquisition device 50 installed at the location corresponding to the position information transmission device 10 is set in advance, the type ID can be used as the type identification information. Good. In this case, the location information storage server 40 does not have to have the type table 42 shown in FIG. Further, the position information table 41 shown in FIG. 21 does not have to include the chip ID field 2101.
 (第6変形例)
 本管理システムは、上記実施形態では病院に適用されたが、様々な場面で適用可能である。例えば、本管理システムは、訪問看護サービス及び小売店等にも適用可能である。 (6th modification)
Although this management system has been applied to hospitals in the above embodiment, it can be applied in various situations. For example, this management system can also be applied to home-visit nursing services and retail stores.
 以下、訪問看護サービスに適用された本管理システムの例を簡単に説明する。訪問看護サービスは、看護師が利用者宅に訪問し、利用者に対して各種処置を行うサービスである。このような訪問看護サービスにおいては、利用者宅に位置情報送信装置10が設置される。個人情報取得装置50は、利用者宅を訪問する看護師が携帯するノートパソコン及びスマートフォン等である。なお、位置情報送信装置10は、看護師が利用者宅を訪問する際に利用者宅へその都度持っていってもよい。 The following is a brief explanation of an example of this management system applied to home-visit nursing services. The home-visit nursing service is a service in which a nurse visits a user's home and performs various treatments on the user. In such a home-visit nursing service, a location information transmitting device 10 is installed at the user's home. The personal information acquisition device 50 is a notebook computer, a smartphone, or the like carried by a nurse who visits the user's home. The location information transmitting device 10 may be brought to the user's home each time the nurse visits the user's home.
 利用者宅を訪問した看護師は、事前に計画された訪問看護計画に従って、利用者に各種処置(体温計測、血圧計測及び床ずれ介助等)を実施する。利用者は、一つ処置の実施前後に、利用者端末20を位置情報送信装置10に接近させる。看護師は、利用者が利用者端末20を位置情報送信装置10に最初に接近させた後、一つの処置を実施する。 The nurse who visited the user's home will carry out various treatments (body temperature measurement, blood pressure measurement, bedsore assistance, etc.) to the user according to the home-visit nursing plan planned in advance. The user brings the user terminal 20 closer to the position information transmitting device 10 before and after the implementation of one treatment. The nurse performs one procedure after the user first brings the user terminal 20 closer to the position information transmitting device 10.
 看護師は、一つの処置を実施した後、当該処置の実施時刻を個人情報取得装置50Dに入力することによって、個人情報取得装置50は、当該利用者の明細データを個人情報として取得する。この個人情報は、個人情報の取得時刻、実際の個人情報、及び場所情報を含む。この場所情報は、訪問看護サービスの利用者の自宅(サービス利用者宅)を特定可能な情報である。例えば、個人情報は、処置が実施されたサービス利用者識別子(サービス利用者ID)等によって特定される。管理サーバ80が有する位置範囲テーブル81の場所情報フィールド811には利用者IDが登録され、位置範囲フィールド812にはサービス利用者宅の位置の範囲が登録されている。 After performing one treatment, the nurse inputs the execution time of the treatment into the personal information acquisition device 50D, so that the personal information acquisition device 50 acquires the detailed data of the user as personal information. This personal information includes the acquisition time of the personal information, the actual personal information, and the place information. This location information is information that can identify the home (service user's home) of the home-visit nursing service user. For example, personal information is specified by a service user identifier (service user ID) or the like on which the treatment is performed. The user ID is registered in the location information field 811 of the position range table 81 of the management server 80, and the range of the position of the service user's house is registered in the position range field 812.
 看護師が訪問看護サービスを終えて事業所に到着した際に、個人情報取得装置50が履歴記憶サーバ60に接続され、そして個人情報を履歴記憶サーバ60に送信する。管理サーバ80による位置情報と個人情報との関連付け処理は、図10に示したルーチンと同じであるので、説明を省略する。 When the nurse finishes the home-visit nursing service and arrives at the business establishment, the personal information acquisition device 50 is connected to the history storage server 60, and the personal information is transmitted to the history storage server 60. Since the process of associating the location information with the personal information by the management server 80 is the same as the routine shown in FIG. 10, the description thereof will be omitted.
 本管理システムが小売店に適用された場合、個人情報取得装置50は小売店に設置されるレジスターである。位置情報送信装置10はこのレジスター付近に設置されている。利用者は、料金の精算の前後で利用者端末20を位置情報送信装置10に接近させる。この場合の個人情報は、レジスターである個人情報取得装置50が取得する利用者の購入履歴である。 When this management system is applied to a retail store, the personal information acquisition device 50 is a register installed in the retail store. The position information transmitting device 10 is installed near this register. The user brings the user terminal 20 closer to the position information transmitting device 10 before and after the settlement of the charge. The personal information in this case is the purchase history of the user acquired by the personal information acquisition device 50 which is a register.
 なお、上記実施形態が適用される業態として、病院、訪問看護サービス及び小売業を例示して説明したが、上記実施形態は、他の業態(例えば金融業等)に適用されてもよい。 Although the hospital, home-visit nursing service, and retail business have been described as examples of business formats to which the above embodiment is applied, the above embodiment may be applied to other business formats (for example, financial business).
 本発明は上記実施形態に限定されることはなく、本発明の種々の変形例を採用することができる。 The present invention is not limited to the above embodiment, and various modifications of the present invention can be adopted.
 利用者認証においては、位置情報送信装置10は、接近した利用者端末20の利用者が位置情報の送信に同意しているか否かを、認証サーバ30に問い合わせてもよい。この場合、位置情報送信装置10は、接近した利用者端末20の端末ID及び自身の施設IDを含む利用者認証要求を認証サーバ30に送信する。認証サーバ30は、同意済利用者テーブル31において利用者認証要求に含まれる端末ID及び上記施設IDが同じレコードに記録されている場合、利用者が位置情報の送信に同意していることを示す利用者認証成功応答を位置情報送信装置10に送信する。一方、上記端末ID及び施設IDが同じレコードに記録されていない場合、又は、上記端末IDが記録されていない場合、認証サーバ30は、利用者が位置情報の送信に同意していないことを示す利用者認証失敗応答を位置情報送信装置10に送信する。 In the user authentication, the location information transmitting device 10 may inquire to the authentication server 30 whether or not the user of the approaching user terminal 20 has consented to the transmission of the location information. In this case, the location information transmitting device 10 transmits a user authentication request including the terminal ID of the approaching user terminal 20 and its own facility ID to the authentication server 30. When the terminal ID and the facility ID included in the user authentication request are recorded in the same record in the consented user table 31, the authentication server 30 indicates that the user has consented to the transmission of the location information. The user authentication success response is transmitted to the location information transmitting device 10. On the other hand, when the terminal ID and the facility ID are not recorded in the same record, or when the terminal ID is not recorded, the authentication server 30 indicates that the user does not consent to the transmission of the location information. The user authentication failure response is transmitted to the location information transmitting device 10.
 上記実施形態では、端末IDの代わりに利用者識別子を用いてもよい。 In the above embodiment, the user identifier may be used instead of the terminal ID.
 図13に示したステップ1320の処理とステップ1325の処理との間に、CPU801は、直後位置情報の取得時刻(T2’)から直前位置情報の取得時刻(T1)を減算することによって時間差分ΔT(=T2’-T1)を取得し、取得した時間差分ΔTが閾値差分Tth以下であるか否かを判定してもよい。この場合、CPU801は、この時間差分ΔTが閾値差分Tth以下である場合にはステップ1325に進み、この時間差分ΔTが閾値差分Tthよりも大きい場合にはステップ1340に進む。 Between the process of step 1320 and the process of step 1325 shown in FIG. 13, the CPU 801 subtracts the acquisition time (T1) of the immediately preceding position information from the acquisition time (T2') of the immediately preceding position information, thereby causing a time difference ΔT. (= T2'-T1) may be acquired, and it may be determined whether or not the acquired time difference ΔT is equal to or less than the threshold difference Tth. In this case, the CPU 801 proceeds to step 1325 when the time difference ΔT is equal to or less than the threshold difference Tth, and proceeds to step 1340 when the time difference ΔT is larger than the threshold difference Tth.
 個人情報と位置情報との関連付け処理は、管理サーバ80以外の計算機によって実行されてもよい。例えば、認証サーバ30、位置情報記憶サーバ40及び個人情報記憶サーバ70のいずれか一つが当該処理を実行してもよい。 The process of associating personal information with location information may be executed by a computer other than the management server 80. For example, any one of the authentication server 30, the location information storage server 40, and the personal information storage server 70 may execute the process.
 装置認証及び利用者情報の登録は、認証サーバ30によって行われるが、別々の計算機によって行われてもよい。 Device authentication and user information registration are performed by the authentication server 30, but may be performed by different computers.
 更に、位置情報送信装置10は、GPS衛星又はIMES送信機から位置情報を取得するが、これに限定されず、他の手段を用いて自身の位置情報を取得してもよい。 Further, the position information transmitting device 10 acquires the position information from the GPS satellite or the IMES transmitter, but is not limited to this, and may acquire its own position information by using other means.
 10A乃至10C…位置情報送信装置、20…利用者端末、30…認証サーバ、40…位置情報記憶サーバ、50B及び50C…個人情報取得装置、60…履歴記憶サーバ、70…個人情報記憶サーバ、80…管理サーバ。 10A to 10C ... location information transmission device, 20 ... user terminal, 30 ... authentication server, 40 ... location information storage server, 50B and 50C ... personal information acquisition device, 60 ... history storage server, 70 ... personal information storage server, 80 … Management server.

Claims (8)

  1.  個人情報取得装置が取得した利用者に関する個人情報を管理するための管理システムであって、
     前記利用者が携帯する利用者端末が接近した場合、当該利用者端末と通信可能になり、且つ、予め設定された自身の位置を示す位置情報を所定の記憶装置に送信する位置情報送信装置と、
     前記位置情報と前記個人情報とを関連付けて管理する管理装置と、を備え、
     前記管理装置は、
     前記個人情報を取得した個人情報取得装置と同じ場所に設置されたと見做すことができる所定範囲内の位置を示す位置情報である候補位置情報の中から、当該個人情報の取得時点よりも前であって且つ当該取得時点に最も近い時点にて送信された位置情報である直前位置情報及び当該個人情報の取得時点よりも後あって且つ当該取得時点に最も近い時点にて送信された位置情報である直後位置情報を取得し、
     前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する、
     ように構成された、
     管理システム。     It is a management system for managing personal information about users acquired by the personal information acquisition device.
    When a user terminal carried by the user approaches, a position information transmitting device that enables communication with the user terminal and transmits preset position information indicating its own position to a predetermined storage device. ,
    A management device for associating and managing the location information and the personal information is provided.
    The management device is
    From the candidate position information which is the position information indicating the position within the predetermined range which can be regarded as being installed in the same place as the personal information acquisition device which acquired the personal information, before the acquisition time of the personal information. The position information immediately before, which is the position information transmitted at the time closest to the acquisition time, and the position information transmitted after the acquisition time of the personal information and at the time closest to the acquisition time. Immediately after getting the position information,
    The personal information, the immediately preceding position information, and the immediately preceding position information are associated and managed.
    Constructed as
    Management system.
  2.  請求項1に記載の管理システムであって、
     前記位置情報送信装置は、
     前記利用者端末が接近した場合、前記利用者端末の識別子である端末識別子を当該利用者端末から取得し、
     前記取得した端末識別子を含む前記位置情報を送信する、
     ように構成され、
     前記管理装置は、
     前記直前位置情報に含まれる前記端末識別子である直前端末識別子と前記直後位置情報に含まれる前記端末識別子である直後端末識別子とが一致する場合、前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する、
     ように構成された、
     管理システム。     The management system according to claim 1.
    The position information transmitting device is
    When the user terminal approaches, the terminal identifier, which is the identifier of the user terminal, is acquired from the user terminal.
    The location information including the acquired terminal identifier is transmitted.
    Is configured as
    The management device is
    When the immediately preceding terminal identifier, which is the terminal identifier included in the immediately preceding position information, and the immediately preceding terminal identifier, which is the terminal identifier included in the immediately after position information, match, the personal information, the immediately preceding position information, and the immediately following position information And manage in association with
    Constructed as
    Management system.
  3.  請求項2に記載の管理システムであって、
     前記管理装置は、
     前記直前位置情報の送信時点と前記直後位置情報の送信時点との差分が閾値差分以下であって、且つ、前記直前端末識別子と前記直後端末識別子とが一致する場合、前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する、
     ように構成された、管理システム。     The management system according to claim 2.
    The management device is
    When the difference between the time of transmission of the immediately preceding position information and the time of transmission of the immediately after position information is equal to or less than the threshold difference, and the immediately preceding terminal identifier and the immediately preceding terminal identifier match, the personal information and the immediately preceding position Manage the information in association with the location information immediately after the above.
    A management system configured to.
  4.  請求項2に記載の管理システムであって、
     前記管理装置は、
     前記直前端末識別子と前記直後端末識別子とが一致しない場合において、前記候補位置情報の中から、前記直後位置情報の送信時点よりも後であって且つ当該送信時点に最も近い時点に送信された位置情報である次点直後位置情報を選択し、
     前記次点直後位置情報に含まれる端末識別子と前記直前端末識別子とが一致する場合、前記個人情報と前記直前位置情報と前記次点直後位置情報とを関連付けて管理する、
     ように構成された、管理システム。     The management system according to claim 2.
    The management device is
    When the immediately preceding terminal identifier and the immediately after terminal identifier do not match, the position among the candidate position information transmitted at a time after the transmission time of the immediately after position information and closest to the transmission time. Select the location information immediately after the runner-up, which is the information,
    When the terminal identifier included in the position information immediately after the runner-up point and the terminal identifier immediately before the runner-up match, the personal information, the position information immediately before the runner-up, and the position information immediately after the runner-up point are managed in association with each other.
    A management system configured to.
  5.  請求項2に記載の管理システムであって、
     前記管理装置は、
     前記直前端末識別子と前記直後端末識別子とが一致しない場合において、前記候補位置情報の中から、前記直前位置情報の送信時点よりも前であって且つ当該送信時点に最も近い時点にて送信された位置情報である次点直前位置情報を選択し、
     前記次点直前位置情報に含まれる端末識別子と前記直前端末識別子とが一致する場合、前記個人情報と前記次点直前位置情報と前記直後位置情報とを関連付けて管理する、
     ように構成された、管理システム。     The management system according to claim 2.
    The management device is
    When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match, the candidate position information was transmitted before the transmission time of the immediately preceding position information and at the time closest to the transmission time. Select the position information immediately before the runner-up, which is the position information,
    When the terminal identifier included in the runner-up immediately preceding position information and the immediately preceding terminal identifier match, the personal information, the runner-up immediately preceding position information, and the immediately preceding position information are managed in association with each other.
    A management system configured to.
  6.  請求項2に記載の管理システムであって、
     前記位置情報送信装置は、
     前記端末識別子を新たに取得した場合、前回取得した端末識別子である前回端末識別子が記憶されているか否かを判定し、
     前記前回端末識別子が記憶されていないと判定した場合、前記今回端末識別子を前記前回端末識別子として記憶し、前記位置情報を送信し、
     前記前回端末識別子が記憶されていると判定した場合、前記新たに取得した端末識別子である今回端末識別子と前記前回端末識別子とが一致するか否かを判定し、
     前記今回端末識別子と前記前回端末識別子とが一致すると判定した場合、前記位置情報を送信するとともに、前記前回端末識別子を削除し、前記今回端末識別子を前記前回端末識別子として記憶せずに削除し、
     前記今回端末識別子と前記前回端末識別子とが一致しないと判定した場合、前記位置情報を送信せず、前記今回端末識別子を前記前回端末識別子として記憶せずに削除する、
     ように構成された、管理システム。     The management system according to claim 2.
    The position information transmitting device is
    When the terminal identifier is newly acquired, it is determined whether or not the previous terminal identifier, which is the previously acquired terminal identifier, is stored.
    When it is determined that the previous terminal identifier is not stored, the current terminal identifier is stored as the previous terminal identifier, and the location information is transmitted.
    When it is determined that the previous terminal identifier is stored, it is determined whether or not the current terminal identifier, which is the newly acquired terminal identifier, and the previous terminal identifier match.
    When it is determined that the current terminal identifier and the previous terminal identifier match, the position information is transmitted, the previous terminal identifier is deleted, and the current terminal identifier is deleted without being stored as the previous terminal identifier.
    When it is determined that the current terminal identifier and the previous terminal identifier do not match, the position information is not transmitted and the current terminal identifier is deleted without being stored as the previous terminal identifier.
    A management system configured to.
  7.  個人情報取得装置が取得した利用者に関する個人情報を管理するための管理装置であって、
     前記利用者が携帯する利用者端末が接近した場合に当該利用者端末と通信可能になり且つ予め設定された自身の位置を示す位置情報を所定の記憶装置に送信する位置情報送信装置が送信した前記位置情報を前記記憶装置から取得し、
     前記個人情報取得装置が取得した個人情報を取得し、
     前記個人情報を取得した個人情報取得装置と同じ場所に設置されたと見做すことができる位置を示す位置情報である候補位置情報の中から、当該個人情報の取得時点よりも前であって且つ当該取得時点に最も近い時点にて送信された位置情報である直前位置情報及び当該個人情報の取得時点よりも後あって且つ当該取得時点に最も近い時点にて送信された位置情報である直後位置情報を取得し、
     前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理する、
     ように構成された、管理装置。     It is a management device for managing personal information about users acquired by the personal information acquisition device.
    When the user terminal carried by the user approaches, the position information transmitting device that enables communication with the user terminal and transmits preset position information indicating its own position to a predetermined storage device has transmitted. The position information is acquired from the storage device, and the position information is acquired from the storage device.
    The personal information acquired by the personal information acquisition device is acquired, and the personal information is acquired.
    From the candidate position information which is the position information indicating the position which can be regarded as being installed in the same place as the personal information acquisition device which acquired the personal information, it is before the acquisition time of the personal information and Immediately before the position information transmitted at the time closest to the acquisition time and the position immediately after the position information transmitted at the time after the acquisition time of the personal information and closest to the acquisition time. Get information,
    The personal information, the immediately preceding position information, and the immediately preceding position information are associated and managed.
    A management device configured to.
  8.  個人情報取得装置が取得した利用者に関する個人情報を管理システムが管理するための管理方法であって、
     前記管理システムは、
     前記利用者が携帯する利用者端末が接近した場合、当該利用者端末と通信可能になり、且つ、予め設定された自身の位置を示す位置情報を所定の記憶装置に送信する位置情報送信装置と、
     前記位置情報と前記個人情報とを関連付けて管理する管理装置と、を備え、
     前記管理方法は、
     前記管理装置が、前記個人情報を取得した個人情報取得装置と同じ場所に設置されたと見做すことができる位置を示す位置情報である候補位置情報の中から、当該個人情報の取得時点よりも前であって且つ当該取得時点に最も近い時点にて送信された位置情報である直前位置情報及び当該個人情報の取得時点よりも後あって且つ当該取得時点に最も近い時点にて送信された位置情報である直後位置情報を取得するステップと、
     前記管理装置が、前記個人情報と前記直前位置情報と前記直後位置情報とを関連付けて管理するステップと、
     を含む、管理方法。     It is a management method for the management system to manage the personal information about the user acquired by the personal information acquisition device.
    The management system
    When a user terminal carried by the user approaches, a position information transmitting device that enables communication with the user terminal and transmits preset position information indicating its own position to a predetermined storage device. ,
    A management device for associating and managing the location information and the personal information is provided.
    The management method is
    From the candidate position information which is the position information indicating the position where the management device can be regarded as being installed at the same place as the personal information acquisition device which acquired the personal information, the personal information is not acquired at the time of acquisition. The position transmitted before and after the acquisition time of the personal information and the position information immediately before the position information transmitted at the time closest to the acquisition time and at the time closest to the acquisition time. Immediately after the information, the step to acquire the location information and
    A step in which the management device manages the personal information, the immediately preceding position information, and the immediately preceding position information in association with each other.
    Management methods, including.
PCT/JP2020/034284 2019-10-01 2020-09-10 Management system, management device, and management method WO2021065411A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2021550533A JPWO2021065411A1 (en) 2019-10-01 2020-09-10

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019-181668 2019-10-01
JP2019181668 2019-10-01

Publications (1)

Publication Number Publication Date
WO2021065411A1 true WO2021065411A1 (en) 2021-04-08

Family

ID=75337415

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/034284 WO2021065411A1 (en) 2019-10-01 2020-09-10 Management system, management device, and management method

Country Status (2)

Country Link
JP (1) JPWO2021065411A1 (en)
WO (1) WO2021065411A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002351974A (en) * 2001-05-22 2002-12-06 Ribaabire:Kk Consultation information processing system
JP2016122426A (en) * 2014-12-25 2016-07-07 シャープ株式会社 Information processing device and information processing device control method
US20180367179A1 (en) * 2017-02-22 2018-12-20 Deborah T. Bullington Lighting system for medical appointment progress tracking by wireless detection
JP2019139740A (en) * 2018-10-11 2019-08-22 Pinmicro株式会社 Ic card use system, ic card use method, server and control method thereof, and control program
JP2019185282A (en) * 2018-04-06 2019-10-24 佐鳥電機株式会社 Management system and management method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002351974A (en) * 2001-05-22 2002-12-06 Ribaabire:Kk Consultation information processing system
JP2016122426A (en) * 2014-12-25 2016-07-07 シャープ株式会社 Information processing device and information processing device control method
US20180367179A1 (en) * 2017-02-22 2018-12-20 Deborah T. Bullington Lighting system for medical appointment progress tracking by wireless detection
JP2019185282A (en) * 2018-04-06 2019-10-24 佐鳥電機株式会社 Management system and management method
JP2019139740A (en) * 2018-10-11 2019-08-22 Pinmicro株式会社 Ic card use system, ic card use method, server and control method thereof, and control program

Also Published As

Publication number Publication date
JPWO2021065411A1 (en) 2021-04-08

Similar Documents

Publication Publication Date Title
US11106818B2 (en) Patient identification systems and methods
US9692769B2 (en) Method and system for data communication over network
US8291085B2 (en) Value information transfer system and value information transfer method
EP2648148A2 (en) Payment method through a payment instrument and server and mobile terminal performing the same
US10129030B2 (en) Information delivery system, information delivery method, short-range communication device, information delivery apparatus, and server
US11587076B2 (en) Systems and methods for responsive data transfer and anonymizing data using tokenizing and encrypting
US10148658B2 (en) Information processing apparatus and method, and program
EP2648126A1 (en) Method of authenticating user, server and mobile terminal performing the same
US20170270511A1 (en) System and method for management of payee information
US9331964B2 (en) System, method, and apparatus for using a virtual bucket to transfer electronic data
US8375057B2 (en) Database system, server device, terminal device, and data presentation method
US20090015374A1 (en) User authentication system and method
JP7057969B2 (en) Management system and management method
US8885827B2 (en) System and method for enabling a host device to securely connect to a peripheral device
JP2010181988A (en) User registration system, reader/writer, server, user registration method, and program
CN101714920A (en) Authority management system centralizing a plurality of service account numbers and method thereof
WO2021065411A1 (en) Management system, management device, and management method
WO2021065412A1 (en) Management system
WO2021065410A1 (en) Management system and management method
JP2006244381A (en) Electronic transaction system, electronic transaction server, and electronic transaction management program
WO2015051449A1 (en) Method for automatically sending a signal indicative of a position in a queue
US20140379569A1 (en) Method and apparatus for combining different kinds of wallets on a mobile device
US11687643B2 (en) Information linkage system and information linkage method
JP5686865B2 (en) Server, service information transmission method, and program
US20230360781A1 (en) Method and system for managing medical consultation content

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20872128

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021550533

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20872128

Country of ref document: EP

Kind code of ref document: A1