WO2021065411A1 - Système de gestion, dispositif de gestion et procédé de gestion - Google Patents

Système de gestion, dispositif de gestion et procédé de gestion Download PDF

Info

Publication number
WO2021065411A1
WO2021065411A1 PCT/JP2020/034284 JP2020034284W WO2021065411A1 WO 2021065411 A1 WO2021065411 A1 WO 2021065411A1 JP 2020034284 W JP2020034284 W JP 2020034284W WO 2021065411 A1 WO2021065411 A1 WO 2021065411A1
Authority
WO
WIPO (PCT)
Prior art keywords
position information
information
user
personal information
terminal
Prior art date
Application number
PCT/JP2020/034284
Other languages
English (en)
Japanese (ja)
Inventor
隆文 垣岡
礼壮 木村
Original Assignee
佐鳥電機株式会社
株式会社国際ヘルスケア・マネジメント機構
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 佐鳥電機株式会社, 株式会社国際ヘルスケア・マネジメント機構 filed Critical 佐鳥電機株式会社
Priority to JP2021550533A priority Critical patent/JPWO2021065411A1/ja
Publication of WO2021065411A1 publication Critical patent/WO2021065411A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices

Definitions

  • the present invention relates to a management system, a management device, and a management method for managing personal information of users.
  • Patent Document 1 a management system (hereinafter referred to as "conventional system") that manages a user's position information and a user's personal information is known. More specifically, in Patent Document 1, the user's mobile terminal (user terminal) transmits the space-time tag and the terminal ID to a predetermined storage device every time a predetermined time elapses, and the storage device sends the terminal ID.
  • the space-time tag for each.
  • the space-time tag includes position information and time information.
  • a terminal device for acquiring user's personal information is installed in a facility (for example, a hospital or a retail store), and this terminal device has an NFC (Near Field Communication) function.
  • NFC Near Field Communication
  • the latest space-time tag is acquired from the mobile terminal, the space-time tag is added to the personal information, and the information is transmitted to the storage device.
  • the storage device can aggregate personal information for each user by collating the space-time tag transmitted from the mobile terminal with the space-time tag transmitted from the terminal device.
  • a location information transmission device that transmits location information instead of a mobile terminal and a personal information acquisition device.
  • the position information transmitting device transmits the position information when the mobile terminal approaches.
  • the time (required time) required for acquiring personal information for the purpose of improving work efficiency.
  • the positions of the acquisition start time and the acquisition end time will differ depending on the type of personal information, and there are many personal information that does not include the acquisition start time and the acquisition end time.
  • the location information is transmitted only once immediately before or immediately after the acquisition of the personal information, so that the location information is referred to. And the required time cannot be calculated.
  • an object of the present invention is to provide a management system that accurately associates the personal information of the same person with the location information without modifying the existing personal information acquisition device and without causing the user terminal to acquire the location information. There is. Furthermore, an object of the present invention is to provide a management system capable of calculating the time required for acquiring personal information.
  • the management system of the present invention (hereinafter, also referred to as “the management system") is When the user terminals (20, 25) carried by the user approach, the user terminal can communicate with the user terminal, and the predetermined storage device (40) stores the preset position information indicating its own position. The position information transmitting device (10) to be transmitted to A management device (80) for associating and managing the location information and the personal information is provided.
  • the management device is Acquisition of the personal information from the candidate position information which is the position information indicating the position within a predetermined range that can be regarded as being installed in the same place as the personal information acquisition device that acquired the personal information (step 1315).
  • the position information that is the position information that was transmitted before the time point and at the time closest to the acquisition time point is transmitted at the time point that is later than the acquisition time point of the personal information and the time point closest to the acquisition time point.
  • the position information is acquired (step 1320), and the position information is acquired.
  • the personal information, the immediately preceding position information, and the immediately preceding position information are associated and managed (step 1330). It is configured as follows.
  • the position indicated by the location information belongs to a predetermined range that can be regarded as being installed in the same place as the personal information acquisition device that acquired the personal information, and is transmitted immediately before or after the acquisition time of the personal information. If so, the user whose personal information has been acquired by the personal information acquisition device and the user who has the position information transmission device transmit the position information by bringing the user terminal closer to the position information transmission device are the same. Most likely a person. This is because these users are located at the same place at the same time. Thereby, according to this management system, the location information of the same person and the personal information can be more accurately associated with each other. Further, since the immediately preceding position information and the immediately preceding position information are associated with a certain personal information, the time required for acquiring the personal information can also be calculated.
  • the existing personal information acquisition device since the existing personal information only needs to include at least the place information for specifying the installation location of the personal information acquisition device that acquired the personal information and the acquisition time, the existing personal information acquisition device can be used as it is. Yes, there is no need to make changes to the existing personal information acquisition device. Further, since the position information is not transmitted by the user terminal but is transmitted by the position information transmitting device, the position information acquisition function of the user terminal may be disabled, or the position on the user terminal side. There is no risk of the information being tampered with.
  • the position information transmitting device is When the user terminal approaches, the terminal identifier, which is the identifier of the user terminal, is acquired from the user terminal (step 1105, step 1135, step 1155, step 1185). The location information including the acquired terminal identifier is transmitted (step 1115, step 1145, step 1165, step 1195).
  • the management device is When the immediately preceding terminal identifier which is the terminal identifier included in the immediately preceding position information and the immediately preceding terminal identifier which is the immediately preceding terminal identifier included in the immediately after position information match (“Yes” in step 1325), the personal information and the personal information The immediately preceding position information and the immediately preceding position information are managed in association with each other (step 1330). It is configured as follows.
  • the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match, the personal information, the immediately preceding position information, and the immediately following position information cannot be associated with each other, so that the same person's location information and personal information can be associated more accurately.
  • the management device is When the difference between the time of transmission of the immediately preceding position information and the time of transmission of the immediately after position information is equal to or less than the threshold difference, and the immediately preceding terminal identifier and the immediately following terminal identifier match (“Yes” in step 1325). ), The personal information, the immediately preceding position information, and the immediately after position information are managed in association with each other (step 1330). It is configured as follows.
  • the personal information, the immediately before position information, and the immediately after position information cannot be associated with each other. It can be more accurately associated with personal information.
  • the management device is When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match (“No” in step 1325), the candidate position information is before the transmission time of the immediately preceding position information and at the transmission time. Select the position information immediately before the runner-up, which is the position information transmitted at the time closest to (step 1605), and When the terminal identifier included in the position information immediately after the next point and the terminal identifier immediately before the next point match (step 1610), the personal information, the position information immediately before the point, and the position information immediately after the next point are managed in association with each other (step 1330). ), It is configured as follows.
  • the management device is When the immediately preceding terminal identifier and the immediately preceding terminal identifier do not match (“No” in step 1325), the candidate position information is before the transmission time of the immediately preceding position information and at the transmission time. Select the position information immediately before the runner-up, which is the position information transmitted at the time closest to (step 1620), and When the terminal identifier included in the runner-up immediately preceding position information and the immediately preceding terminal identifier match (“Yes” in step 1630), the personal information, the runner-up point immediately preceding position information, and the immediately preceding position information are associated with each other. Manage (step 1330), It is configured as follows.
  • the personal information can be associated with the position information of the user from whom the personal information has been acquired.
  • the position information transmitting device is When the terminal identifier is newly acquired (“Yes” in step 1705), it is determined whether or not the previous terminal identifier, which is the previously acquired terminal identifier, is stored (step 1715). When it is determined that the previous terminal identifier is not stored (“Yes” in step 1715), the current terminal identifier is stored as the previous terminal identifier (step 1720), and the position information is transmitted (step 1725). , When it is determined that the previous terminal identifier is stored (“No” in step 1715), it is determined whether or not the current terminal identifier, which is the newly acquired terminal identifier, and the previous terminal identifier match.
  • Step 1730 When it is determined that the current terminal identifier and the previous terminal identifier match (“Yes” in step 1730), the position information is transmitted (step 1725), the previous terminal identifier is deleted, and the current terminal identifier is deleted. Is deleted without being stored as the terminal identifier of the previous time (step 1735). When it is determined that the current terminal identifier and the previous terminal identifier do not match (“No” in step 1730), the position information is not transmitted and the current terminal identifier is deleted without being stored as the previous terminal identifier. (Step 1738), It is configured as follows.
  • the terminal identifier this time and the terminal identifier last time do not match, the location information is not transmitted, so that the location information and personal information of the same person can be associated more accurately.
  • FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention.
  • FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG.
  • FIG. 3 is an explanatory diagram of a consented terminal ID table included in the position information transmitting device shown in FIG.
  • FIG. 4 is an explanatory diagram of a consented user table included in the authentication server shown in FIG.
  • FIG. 5 is an explanatory diagram of a distribution destination table included in the authentication server shown in FIG.
  • FIG. 6 is an explanatory diagram of a regular chip ID table included in the authentication server shown in FIG.
  • FIG. 7 is an explanatory diagram of a location information table included in the location information storage server shown in FIG.
  • FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention.
  • FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG.
  • FIG. 3 is an explan
  • FIG. 8 is an explanatory diagram of a personal information table included in the personal information storage server shown in FIG.
  • FIG. 9 is a hardware configuration diagram of the management server shown in FIG.
  • FIG. 10 is a sequence diagram of device authentication and consented user registration in this management system.
  • FIG. 11 is a sequence diagram of transmission of location information and acquisition of personal information in this management system.
  • FIG. 12 is a sequence diagram of the association between the location information and the personal information in this management system.
  • FIG. 13 is a flowchart of the association process executed by the management server shown in FIG.
  • FIG. 14 is a sequence diagram of searching for personal information in this management system.
  • FIG. 15 is a sequence diagram of a first modification of the management system.
  • FIG. 16 is a flowchart of the association process in the second modification of the management system.
  • FIG. 17 is a flowchart of the position information transmission process executed by the position information transmission device in the third modification of the management system.
  • FIG. 18 is a sequence diagram of a fourth modification of the management system.
  • FIG. 19 is an explanatory diagram of a type table included in the location information storage server in the fifth modification of the management system.
  • FIG. 20 is an explanatory diagram of a location information table included in the location information storage server in the fifth modification of the management system.
  • the management system according to the embodiment of the present invention (hereinafter, may be referred to as “the management system”) will be described with reference to the drawings.
  • This management system includes location information transmission devices 10A to 10C, user terminal (mobile terminal) 20, authentication server 30, location information storage server 40, personal information acquisition devices 50B and 50C, history storage server 60, and personal information storage server 70. It also includes a management server 80.
  • position information transmitting device 10 When the position information transmitting devices 10A to 10C are not distinguished from each other, they are referred to as "position information transmitting device 10".
  • personal information acquisition devices 50B and 50C are not distinguished from each other, they are referred to as "personal information acquisition device 50".
  • the location information transmission device 10, the personal information acquisition device 50, and the history storage server 60 are installed in medical institutions such as hospitals and pharmacies, for example.
  • the installation locations of these devices 10, 50 and 60 are not limited to medical institutions, and may be installed in any facility as long as it is a facility for acquiring personal information of users (for example, retail stores and financial institutions). It may be installed in an institution, etc.).
  • FIG. 1 describes an example in which these devices 10, 50 and 60 are installed in Hospital A.
  • Hospital A a position information transmission device 10A is installed at the reception desk, a position information transmission device 10B and a personal information acquisition device 50B are installed in the examination room, and the examination room (for example, an X-ray room) is installed.
  • a position information transmission device 10C and a personal information acquisition device 50C are installed.
  • the location information transmission device 10 is connected to the authentication server 30 and the location information storage server 40 via the network NW. Further, the personal information acquisition device 50 is connected to the history storage server 60 via a LAN (Local Area Network). The history storage server 60 is connected to the personal information storage server 70 via a dedicated line EL.
  • LAN Local Area Network
  • position information is acquired from the position information transmission device 10, and personal information is acquired from the personal information acquisition device 50. That is, the location information and the personal information are acquired separately from each other and stored separately.
  • devices related to location information location information transmission device 10, user terminal 20, authentication server 30, and location information storage server 40.
  • the position information transmitting device 10 is a user who has consented to the transmission of the position information (approved use). Authenticate the user to determine whether or not the person).
  • the position information transmitting device 10 determines that the user is a consented user, the position information transmitting device 10 transmits the preset position information indicating its own position to the position information storage server 40.
  • the position information transmitting device 10 includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102, a ROM (Read Only Memory) 103, an IC (Integrated Circuit) chip 104, a network interface (I / F) 105, and GPS / It has an IMES receiver 106 and an input / output interface (I / F) 107. They are communicably connected to each other via bus 108.
  • CPU Central Processing Unit
  • RAM Random Access Memory
  • ROM Read Only Memory
  • IC Integrated Circuit
  • the CPU 101 realizes various functions by loading various programs (not shown) stored in the ROM 103 into the RAM 102 and executing the programs loaded in the RAM 102.
  • the RAM 102 is a volatile storage medium. As described above, various programs executed by the CPU 101 are loaded into the RAM 102. In addition, the RAM 102 temporarily stores data used by the CPU 101 when executing various programs.
  • ROM 103 is a non-volatile storage medium. Various programs are stored in the ROM 103.
  • the IC chip 104 stores a chip ID used for device authentication, which will be described later. The chip ID is also used as an identifier (device ID) of the position information transmitting device 10.
  • the network I / F 105 is an interface for connecting the location information transmitting device 10 to the network NW.
  • the GPS / IMES (Indoor Messaging System) receiver 106 receives a GPS positioning signal from a GPS satellite (not shown) or an IEMS positioning signal from an IEMS (Indoor Messaging System) transmitter (not shown).
  • the position information transmitting device 10 determines its own position based on the GPS positioning signal or the IMES positioning signal, and sets information indicating the determined position to itself.
  • the input / output I / F 806 is an interface for connecting to the IC card reader / writer 110.
  • the IC card reader / writer 110 has an NFC (Near Field Communication) function. This NFC function is a function capable of communicating with the other device when the distance between the device and the "other device having the NFC function" is within a predetermined distance (when the device approaches the other device).
  • NFC Near Field Communication
  • the position information transmitting devices 10A to 10C store the agreed terminal ID tables 11A to 11C (see FIG. 3) in the RAM 102, respectively.
  • the agreed terminal ID tables 11A to 11C are not distinguished, they are referred to as "agreeed terminal ID table 11".
  • a terminal identifier hereinafter, referred to as "terminal ID"
  • terminal ID is an identifier of the user terminal 20 used by the consented user
  • the location information transmitting device 10 acquires the terminal ID of the approaching user terminal 20. Then, if the acquired terminal ID is registered in the consented terminal ID table 11, the position information transmitting device 10 determines that the user is a consented user and transmits the position information.
  • This position information includes a terminal ID acquired from the user terminal 20 and information (latitude, longitude, etc.) indicating a position set in the position information transmitting device 10.
  • the location information transmitting device 10 determines that the user is not a consented user, and the position unless the user agrees to transmit the location information. Do not send information.
  • the user terminal 20 is a terminal carried by the user and has the above-mentioned NFC function.
  • the terminal ID is stored in the user terminal 20, and when the user terminal 20 approaches the position information transmitting device 10, the user terminal 20 transmits the terminal ID to the position information transmitting device 10.
  • FIG. 1 illustrates a smartphone as the user terminal 20.
  • the user terminal 20 may be, for example, an IC (Integrated Circuit) card (25) or the like.
  • the authentication server 30 is a device that stores and centrally manages the terminal ID of the user terminal 20 of the consented user (hereinafter, referred to as "agreeed terminal ID"), and is a device that centrally manages the consented user table 31. It has a distribution destination table 32 (see FIG. 5) and a regular chip ID table 33 (see FIG. 6).
  • the terminal ID field 311, the user information field 312, and the facility ID field 313 are set in the agreed user table 31.
  • the agreed terminal ID is registered in the terminal ID field 311 and the user information of the agreed user is registered in the user information field 312.
  • User information is information (name, date of birth, age, telephone number, address, insurer number, etc.) for identifying (identifying) an individual user.
  • the user inputs the user information from the user terminal 20 or the like.
  • the facility ID field 313 a facility ID indicating an identifier of the facility for which the user has consented to the transmission of location information is registered.
  • a chip ID field 321 and a facility ID field 322 are set in the distribution destination table 32.
  • the chip ID field 321 the chip ID of the position information transmitting device 10 determined to be a genuine product by the device authentication described later is registered.
  • the facility ID field 322 the facility ID of the facility where the location information transmitting device 10 is installed is registered.
  • the chip ID of the genuine position information transmitting device 10 is registered in the regular chip ID table 33.
  • the position information storage server 40 has a position information table 41 (see FIG. 7), and when receiving the position information transmitted from the position information transmitting device 10, stores the received position information in the position information table 41. ..
  • the position information table 41 includes a record ID field 411, a terminal ID field 412, a transmission time field 413, a position field 414, and a link ID field 415.
  • the record ID field 411 a unique identifier of the record in the position information table 41 is registered.
  • the terminal ID field 412 the terminal ID included in the received position information is registered.
  • the transmission time field 413 the time when the position information transmitting device 10 transmits the position information is registered.
  • the position included in the position information is registered in the position field 414.
  • the link ID field 415 a unique identifier of "a record in which personal information associated with location information is registered" in the personal information table 71 is registered.
  • the personal information acquisition device 50 is a device that acquires the personal information of the user and transmits the acquired personal information to the history storage server 60.
  • the type of personal information acquired differs depending on the type of the personal information acquisition device 50.
  • the personal information acquisition device 50B installed in the examination room is a personal computer or the like operated by a doctor or the like, and the detailed data representing the medical practice performed on the user (patient) by the doctor or the like is input to the personal information acquisition device 50B. Acquire detailed data as personal information.
  • the personal information acquisition device 50C installed in the examination room is an X-ray imaging device or the like, and X-ray image data (examination data) of the user (patient) is obtained by irradiating the user's body with X-rays. Obtained as personal information.
  • the personal information acquisition device 50C may be an MRI device or the like.
  • Personal information further includes user identification information (user's name, date of birth, medical examination ticket number, etc.) that can identify the user, acquisition time of the personal information, and location information.
  • user identification information user's name, date of birth, medical examination ticket number, etc.
  • location information is information that can identify the facility in which the personal information acquisition device 50 is installed and the room in which the personal information acquisition device 50 is installed.
  • the data format of personal information differs depending on the type. Therefore, the detailed data and the inspection data shown in FIG. 1 have different user identification information, location information, acquisition time, and other data positions.
  • the history storage server 60 When the history storage server 60 receives the personal information from the personal information acquisition device 50, the history storage server 60 refers to the user identification information included in the received personal information, encrypts the received personal information, and stores it for each user.
  • the personal information for each user stored in this way is referred to as "user history data 61".
  • the history storage server 60 transmits all the user history data 61 stored up to the present time since the last user history data 61 was transmitted at a predetermined timing (for example, on the last day of the month) via the dedicated line EL. And sends it to the personal information storage server 70.
  • the personal information storage server 70 has a personal information table 71 (see FIG. 8), and when the user history data 61 transmitted from the history storage server 60 is received, the received user history data 61 is used as personal information. Store in table 51. Specifically, the personal information storage server 70 stores one personal information included in the user history data 61 in one record of the personal information table 71.
  • the personal information table 71 includes a record ID field 711, a personal information field 712, and a link ID field 713.
  • the record ID field 711 a unique identifier of each record in the personal information table 71 is registered.
  • the personal information field 712 the personal information received by the personal information storage server 70 is registered in the encrypted state.
  • the link ID field 713 a unique identifier of the "record in which the location information associated with the personal information is registered" in the location information table 41 is registered.
  • the management server 80 is connected to the personal information storage server 70 via the dedicated line EL, and is connected to the authentication server 30 and the location information storage server 40 via the network NW.
  • the management server 80 associates the location information with the personal information. More specifically, when the location information and the personal information satisfy the matching condition, the management server 80 sets the link ID field 415 of the record corresponding to the location information in the location information table 41 to "personal information satisfying the matching condition". Register the "record identifier”. Further, the management server 80 registers the "identifier of the record of the location information satisfying the matching condition" in the link ID field 713 of the record of the personal information of the personal information table 71.
  • the management server 80 is a general computer, and is a CPU 801 and a RAM 802, a ROM 803, a network interface (I / F) 804, a dedicated line interface (I / F) 805, and an input / output interface (I / F). / F) 806. They are communicably connected to each other via bus 810.
  • the CPU 801 and the RAM 802, the ROM 803 and the network I / F 804 are the same as the CPU 101, the RAM 102, the ROM 103 and the network I / F 105 shown in FIG. 2, respectively, and thus the description thereof will be omitted.
  • the position range table 81 is stored in the RAM 802.
  • the position range table 81 includes a location information field 811 and a position range field 812.
  • place information field 811 place information that can specify the place where the personal information acquisition device 50 is installed is registered.
  • position range field 812 a predetermined position range that can be regarded as the same as the place specified by the place information (that is, the place where the personal information acquisition device 50 is installed) is registered.
  • the leased line I / F805 is an interface for connecting the management server 80 to the leased line EL.
  • the input / output I / F 806 is an interface for being connected to a keyboard and a display.
  • the authentication server 30, the location information storage server 40, the history storage server 60, and the personal information storage server 70 are also general computers like the management server 80, and are the CPU 801, RAM 802, ROM 803, network I / F 804, and the above-mentioned CPU 801 and RAM 802. It has input / output I / F806 and the like.
  • the position information transmitting devices 10A to 10C transmit the authentication request to the authentication server 30 at a predetermined timing (1005A to 1005C).
  • the predetermined timing is, for example, the initial connection timing of the position information transmitting device 10 to the network NW, and the timing at which a preset predetermined time (for example, a predetermined time before the start of business at Hospital A) is reached.
  • the authentication request transmitted by the position information transmitting device 10 includes the chip IDs (IDc1 to IDc3) of the position information transmitting device 10 and the facility ID of the position information transmitting device 10.
  • the facility ID is the identifier (IDf1) of the hospital A.
  • the facility ID is preset in each position information transmitting device 10A to 10C.
  • the authentication server 30 When the authentication server 30 receives the authentication request, it executes device authentication (1010). Specifically, the authentication server 30 determines whether or not the chip ID included in the received authentication request is registered in the regular chip ID table 33.
  • the authentication server 30 is the location information transmitting device 10 that has transmitted the authentication request. Judge that it is a genuine product.
  • the authentication server 30 registers the chip IDs (IDc1 to IDc) and the facility IDs (IDf1) included in the received authentication request in the distribution destination table 32 (1013).
  • the chip IDs (IDc1 to IDc3) and the facility ID (IDf1) are associated and registered in the distribution destination table 32.
  • the authentication server 30 transmits an authentication response (hereinafter, referred to as “authentication success response”) indicating that the device authentication has succeeded to the position information transmitting devices 10A to 10C (1015A to 1015C), respectively.
  • the authentication server 30 is the position information transmitting device 10 that has transmitted the authentication request including the chip IDs that are not registered in the regular chip ID table 33. It is determined that the product is not genuine, and an authentication response indicating that the device authentication has failed (hereinafter, referred to as "authentication failure response") is transmitted to the location information transmitting device 10.
  • the position information transmitting device 10 that has received the authentication failure response prohibits the transmission of the position information even if the user approaches the user terminal 20.
  • the location information transmitting device 10A authenticates the user (1025). In the user authentication, the location information transmitting device 10A determines whether or not the acquired terminal ID (IDt1) is registered in the agreed terminal ID table 11A. At this point, assuming that the terminal ID (“IDt1”) is not yet registered in the consented terminal ID table 11 of the location information transmitting device 10A, the user of the location information transmitting device 10A is not a consented user. Is determined, and the user is notified to that effect. For example, the location information transmitting device 10A outputs a voice message indicating that the user is not a consented user from a speaker (not shown). The message that the user is not a consented user may be displayed on the display connected to the position information transmitting device 10A or the display of the user terminal 20.
  • the user When the user agrees to transmit the location information at the hospital A, the user inputs the user information (UD1) of the user into the user terminal 20 (1030), and the user terminal 20 is sent to the location information transmission device 10A. Bring it closer.
  • the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 and the input user information (UD1) (1035).
  • the location information transmitting device 10A transmits a registration request including the "acquired terminal ID (IDt1) and user information (UD1)" and the facility ID (IDf1) to the authentication server 30 (1040). This registration request indicates that the user has consented to the transmission of location information.
  • the user agrees to send location information on a facility-by-facility basis (hospital A, hospital B (not shown), pharmacy C (not shown), etc.).
  • the authentication server 30 When the authentication server 30 receives the registration request, the authentication server 30 registers the terminal ID (IDt1), the user information (UD1), and the facility ID (IDf1) included in the received registration request in the agreed user table 31 (1045). ) (See FIG. 4). As a result, the authentication server 30 remembers that the user has consented to the transmission of the location information.
  • the authentication server 30 refers to the distribution destination table 32, and identifies the registration response including the terminal ID (IDt1) included in the received registration request by the facility ID (IDf1) included in the received registration request (A). It transmits to all the position information transmitting devices 10A to 10C installed in the hospital) (1050A to 1050C). More specifically, the authentication server 30 selects a record in which the facility ID (IDf1) included in the registration request received in the facility ID field 322 of the distribution destination table 32 is registered, and enters the chip ID field 321 of the selected record. Acquire the registered chip ID (IDt1 to IDt3). The authentication server 30 transmits a registration response including the terminal ID (IDt1) included in the received registration request to the position information transmitting devices 10A to 10C identified by the acquired chip IDs (IDt1 to IDt3).
  • the terminal ID (IDt1) included in the received registration response is registered in the agreed terminal ID tables 11A to 11C (1055A to 1055C).
  • the location information transmitting devices 10A to 10C will be used when the user terminal 20 identified by the terminal ID (IDt1) approaches. It can be determined whether or not the user is a consented user by referring to the consented terminal ID tables 11A to 11C without inquiring to the authentication server 30.
  • the location information transmission device 10A has a transmission time (10:10, September 1, 2019) indicating the time when the location information is transmitted. ),
  • the position information including the terminal ID (IDt1) of the user terminal 20 and the position P1 is transmitted to the position information storage server 40 (1060).
  • the location information storage server 40 When the location information storage server 40 receives the location information, the location information storage server 40 adds a new record (record ID "1" (see FIG. 7)) to the location information table 41, and registers the received location information in the added record. (1065).
  • the position information transmitting device 10 may transmit the position information not including the transmission time. In this case, the time when the location information storage server 40 receives the location information is regarded as the transmission time of the location information.
  • the user brings the user terminal 20 close to the position information transmission device 10 and causes the position information transmission device 10 to transmit the position information before and after the personal information is acquired by the personal information acquisition device 50. ..
  • the user moves from the reception desk of Hospital A to the examination room. As shown in FIG. 11, before the personal information acquisition device 50C acquires the inspection data, the user brings the user terminal 20 closer to the position information transmission device 10C installed in the examination room.
  • the position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1105) and authenticates the user (1110).
  • step 1055C shown in FIG. 10 since the terminal ID (IDt1) is registered in the consented terminal ID table 11C, in the position information transmitting device 10C, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:20 on September 1, 2019), the terminal ID (IDt1) and the position (P3) is transmitted to the position information storage server 40 (1115).
  • the location information storage server 40 registers the received location information in a new record (record ID “L2”) of the location information table 41 (1120).
  • the personal information acquisition device 50C acquires the user's inspection data as personal information (1125), and transmits the acquired personal information to the history storage server 60 (1130).
  • This personal information includes the user information of the user from whom the inspection data was acquired, the acquisition time of the inspection data of the personal information acquisition device 50C (10:25 on September 1, 2019), and the location information (inspection at Hospital A). Room) is further included.
  • the personal information acquisition device 50C transmits the acquired personal information to the history storage server 60.
  • the history storage server 60 receives the personal information
  • the history storage server 60 encrypts the received personal information and writes (stores) it in the user history data 61 of the user (1130).
  • the position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1135), authenticates the user (1140), and transmits the position information to the position information storage server 40 (1145).
  • This location information includes the transmission time (10:26 on September 1, 2019), the terminal ID (IDt1), and the location (P3).
  • the location information storage server 40 registers the received location information in a new record (record ID “L3”) of the location information table 41 (1150).
  • the user moves from the examination room to the examination room.
  • the personal information acquisition device 50B acquires personal information
  • the user brings the user terminal 20 close to the position information transmission device 10B.
  • the position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1155) and authenticates the user (1160).
  • step 1055B shown in FIG. 10 since the terminal ID (IDt1) is registered in the consented terminal ID table 11B, in the location information transmitting device 10B, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:30 on September 1, 2019), the terminal ID (IDt1) and the position (P2) is transmitted to the position information storage server 40 (1165).
  • the location information storage server 40 registers the received location information in a new record (record ID “L4”) of the location information table 41 (1170).
  • the personal information acquisition device 50B acquires the detailed data of the user as personal information (1175), and transmits the acquired personal information to the history storage server 60 (1180).
  • This personal information includes the user information of the user of the detailed data, the acquisition time of the detailed data of the personal information acquisition device 50B (10:35 on September 1, 2019), and the location information (examination room of Hospital A). Further included.
  • the position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1185), authenticates the user (1190), and transmits the position information to the position information storage server 40 (1195). ..
  • This location information includes the transmission time (10:36 on September 1, 2019), the terminal ID (IDt1), and the location (P2).
  • the location information storage server 40 registers the received location information in a new record (record ID “L5”) of the location information table 41 (1198).
  • the location information transmitting device 10 installed in the facility shares the terminal ID of the user terminal 20 of the user. Therefore, the location information transmission device 10 installed in the facility can perform user authentication inside the location information transmission device 10 without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 can be reduced, and the processing load of the authentication server 30 can also be reduced. Further, the position information transmitting devices 10B and 10C other than the position information transmitting device 10A that received the input of the user information erroneously determine that the user who once consented to the transmission of the position information does not consent to the transmission of the position information. It is possible to prevent this from happening.
  • the personal information storage server 70 When the personal information storage server 70 receives the user history data 61 from the history storage server 60, the personal information storage server 70 stores the personal information included in the received user history data 61 in the personal information table 71 (1210). More specifically, the personal information storage server 70 adds a new record to the personal information table 71 by the amount of the personal information included in the received user history data 61, and each of the added records has a unique identifier ( Record IDs "I1" and "I2”) are given, and personal information included in the received user history data 61 is registered in the added record.
  • the personal information storage server 70 sends a completion notification to that effect to the management server 80 (1215).
  • the management server 80 When the management server 80 receives the completion notification, it associates the personal information stored in the personal information table 71 with the location information stored in the location information table 41 (1220). More specifically, the management server 80 refers to the position range table 81 shown in FIG. 9, and its position is in a position range that can be regarded as the same as the place specified by the place information included in the personal information. Select the included location information (candidate location information). Then, the management server 80 sets the location information (immediately preceding location information) that is earlier than the acquisition time (acquisition time) of the personal information and is closest to the acquisition time from the selected location information, and the personal information. The position information (immediately after position information) that is later than the acquisition time and is closest to the acquisition time is acquired.
  • the management server 80 associates the personal information, the immediately preceding position information, and the immediately after position information with each other.
  • the CPU 801 of the management server 80 starts processing from step 1300 and proceeds to step 1305 every time a predetermined time elapses. In step 1305, the CPU 801 determines whether or not the completion notification has been received. If the completion notification has not been received, the CPU 801 determines "No" in step 1305, proceeds to step 1395, and temporarily ends this routine.
  • the CPU 801 determines "Yes” in step 1305 and executes the processes of steps 1310 to 1320.
  • Step 1310 The CPU 801 selects personal information to be processed (hereinafter, referred to as “processed personal information”) from personal information for which this routine has not been executed.
  • Step 1315 The CPU 801 is included in a position range that can be regarded as the same as the installation location of the personal information acquisition device 50 that has acquired the personal information to be processed from the location information that is not associated with any personal information. Select the position information indicating the position as the candidate position information.
  • the management server 80 selects a record in which the location information included in the processing target personal information is registered in the location information field 811 of the location range table 81 shown in FIG. Then, the management server 80 selects the position information including the position indicated by the position information in the position range registered in the position range field 812 of the acquired record as the candidate position information.
  • Step 1320 From the candidate position information selected in step 1315, the CPU 801 obtains the position information (that is, the acquisition of the processing target personal information) that is earlier than the acquisition time of the processing target personal information and is closest to the acquisition time.
  • the position information immediately before the time is selected as the immediately preceding position information, and the position information after the acquisition time of the personal information to be processed and closest to the acquisition time (that is, immediately after the acquisition time of the personal information to be processed) is selected.
  • Position information is selected as the position information immediately after.
  • the CPU 801 proceeds to step 1325, and the terminal ID included in the immediately preceding position information (hereinafter, referred to as “immediately preceding terminal ID”) and the terminal ID included in the immediately preceding position information (hereinafter, “immediately after terminal ID”). It is determined whether or not there is a match with (name).
  • the CPU 801 determines "Yes" in step 1325, proceeds to step 1330, and associates the processing target personal information, the immediately preceding position information, and the immediately following position information. Specifically, the CPU 801 registers the record ID of the record of the immediately preceding position information and the record ID of the immediately preceding position information of the position information table 41 in the link ID field 713 of the record of the personal information to be processed in the personal information table 71. Further, the CPU 801 registers the record ID of the personal information to be processed in the personal information table 71 in the link ID field 415 of the record of the immediately preceding position information and the immediately after position information of the position information table 41.
  • step 1335 determines whether or not there is personal information (hereinafter, referred to as "unprocessed personal information") for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes” in step 1335 and executes the process of step 1310 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1335, proceeds to step 1395, and temporarily ends this routine.
  • unprocessed personal information personal information for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes" in step 1335 and executes the process of step 1310 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1335, proceeds to step 1395, and temporarily ends this routine.
  • step 1325 the CPU 801 determines "No" in step 1325 and proceeds to step 1340.
  • step 1340 the CPU 801 determines that the personal information to be processed, the immediately preceding position information, and the immediately after position information cannot be associated with each other, and proceeds to step 1335. More specifically, the CPU 801 cannot associate with the link ID field 713 of the record of the personal information to be processed in the personal information table 71 and the link ID field 415 of the record of the immediately preceding position information and the immediately following position information of the position information table 41. Register the information indicating that.
  • the personal information of the record ID "I1" of the personal information table 71 shown in FIG. 8 and the immediately preceding position information of the personal information Is associated with the position information immediately after the personal information (record ID "L3" in the position information table 41 shown in FIG. 7).
  • the personal information of the record ID "I2" of the personal information table 71 shown in FIG. 8 the immediately preceding position information of the personal information (record ID "L4" of the position information table 41 shown in FIG. 7), and the said Immediately after the personal information, the position information (record ID “L5” in the position information table 41 shown in FIG. 7) is associated with the personal information.
  • the search terminal 90 is connected to the network NW and sends a search request including a search key to the management server 80 (1405).
  • the user of the search terminal 90 inputs a desired search key.
  • an age (50's) which is one of the user information, is input as a search key.
  • the search key includes at least one item included in the user information (name, date of birth, age, telephone number, address, insurer number, etc.). Executed if included.
  • the management server 80 When the management server 80 receives the search request, it transmits a terminal ID identification request including the search key included in the received search request to the authentication server 30 (1410).
  • the authentication server 30 receives the terminal ID identification request, the authentication server 30 refers to the agreed user table 31, and the terminal ID registered in the terminal ID field 311 of the record matching the search key included in the received terminal ID identification request. To get. Then, the authentication server 30 transmits a terminal ID specific response including the acquired terminal ID to the management server 80 (1415).
  • the management server 80 When the management server 80 receives the terminal ID specific response, it transmits a search request including the terminal ID included in the received terminal ID specific response to the location information storage server 40 (1420).
  • the location information storage server 40 When the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and obtains a record ID (link ID) of personal information associated with the location information that matches the terminal ID included in the received search request. get. More specifically, the location information storage server 40 selects a record in which the "terminal ID included in the received search request" is registered in the terminal ID field 412 of the location information table 41, and the link ID field 415 of the selected record. The link ID (record ID of the personal information table 71) registered in is acquired. Then, the location information storage server 40 transmits a search response including the acquired link ID to the management server 80 (1425).
  • a record ID link ID
  • the management server 80 When the management server 80 receives the search response, it transmits a search request including the link ID included in the received search response to the personal information storage server 70 (1430).
  • the personal information storage server 70 When the personal information storage server 70 receives the search request, the personal information storage server 70 refers to the personal information table 71 and acquires the personal information of the record in which the link ID included in the received search request is registered in the record ID field 711. Then, the personal information storage server 70 transmits a search response including the acquired personal information to the management server 80 (1435).
  • the management server 80 When the management server 80 receives the search response, the management server 80 transmits the received search response to the search terminal 90 (1440).
  • the search terminal 90 When the search terminal 90 receives the search response, the search terminal 90 displays the personal information included in the received search response as a search result on a display (not shown).
  • the personal information storage server 70 uses the personal information corresponding to the search key. It is necessary to search the entire personal information in order to find the item of personal information. Therefore, the load of the search process on the personal information storage server 70 becomes large.
  • the personal information storage server 70 is specified by the link ID included in the search request received in step 1430 from the personal information registered in the personal information table 71. All you have to do is to obtain "personal information to be provided". Therefore, since the personal information storage server 70 does not need to search the entire personal information, it is possible to prevent the load of the search process on the personal information storage server 70 from becoming large.
  • the user terminal 20 may send a search request instead of the search terminal 90. In this case, it is desirable to prohibit the search for personal information other than the user of the user terminal 20.
  • the search terminal 90 transmits a required time search request including location information (hospital A hospital examination room) as a search key to the management server 80 (step 1450).
  • the management server 80 receives the required time search request, the management server 80 refers to the position range table 81 shown in FIG. 9, and the position range (A hospital examination room) corresponding to the location information (A hospital examination room) included in the received required time search request. R3) is acquired (1455). Then, the management server 80 transmits a search request including the acquired position range (R3) to the position information storage server 40 (1460).
  • the position information storage server 40 refers to the position information table 41 and records a record (record ID “L2”, in which the position (P3) included in the position range (R3) included in the search request received in the position field 414 is registered. "L3") is acquired. Then, the location information storage server 40 transmits a search response including the acquired record to the management server 80 (1465).
  • the management server 80 identifies two records (record IDs "L2" and "L3") in which the same link ID is registered in the link ID field 415 in the records included in the search response. Then, the management server 80 calculates the difference between the transmission times of the two records as the required time of the personal information of the link ID (1470).
  • the management server 80 transmits a search response including the calculated required time to the search terminal 90 (1475).
  • the search terminal 90 displays the required time included in the received search response on a display (not shown). When there are a plurality of required times, the search terminal 90 may display the average value of the required times on the display.
  • the consented information includes the facility ID of the facility where the user has consented to the transmission of the location information.
  • the position information transmitting device 10 acquires the consented information from the user terminal 20.
  • the location information transmission device 10 has consented to the transmission of the location information by the user of the user terminal 20. Is determined.
  • the location information transmitting device 10 determines that the user does not consent to the transmission of the location information.
  • the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 (1505). Since the consented information is not stored in the user terminal 20 due to the above assumption, in step 1505, the position information transmitting device 10A cannot acquire the consented information from the user terminal 20. Therefore, the location information transmitting device 10A determines in the user authentication that the user of the user terminal 20 is not a consented user (1510).
  • the user agrees to transmit the location information at the hospital A, inputs the user information (UD1) into the user terminal 20 (1030), and brings the user terminal 20 closer to the location information transmitting device 10A again (1035).
  • the location information transmitting device 10A acquires the terminal ID (IDt1) and the user information (UD1) from the user terminal 20 (1035), and transmits the registration request (1040).
  • the authentication server 30 receives the registration request, it updates the agreed user table 31 (1045) and writes "the facility ID (IDf1) included in the received registration request to the user terminal as the agreed information”.
  • “Registration response (write command)" is transmitted to the position information transmission device 10A (1515).
  • the registration response includes the terminal ID (IDt1) included in the registration request received by the authentication server 30 as the terminal ID of the writing destination.
  • the location information transmitting device 10A When the location information transmitting device 10A receives the registration response, it outputs a voice message for bringing the user terminal 20 closer to the user from a speaker (not shown).
  • the position information transmitting device 10A acquires the terminal ID of the user terminal 20, and the acquired terminal ID matches the terminal ID of the writing destination included in the received registration response. Judge whether or not. If these terminal IDs do not match, the location information transmitting device 10A does not write (store) the consented information in the user terminal. In this case, it is considered that the user terminal 20 different from the user terminal 20 into which the user information is input in step 1030 is approaching the position information transmitting device 10. Therefore, it is possible to prevent the consent information from being written to the erroneous user terminal 20 by not writing the consent information when the terminal IDs do not match.
  • the location information transmitting device 10A writes (stores) the agreed information including the facility ID (IDf1) included in the received registration response in the user terminal 20 (1520). Then, the position information transmitting device 10A transmits the position information including the transmission time (10:10 on September 1, 2019), the position (P1), and the terminal ID (IDt1) (1060).
  • the position information transmitting device 10C acquires the terminal ID (IDt1) and the agreed information (1520), and authenticates the user (1520). 1525). Since the facility ID (IDf1) included in the consented information and the facility IDf1 set in the location information transmitting device 10C match, in this user authentication, the location information transmitting device 10C is a user who has consented to the user. Is determined to be. Then, the position information transmitting device 10C transmits the position information including the transmission time (10:20 on September 1, 2019), the position (P3), and the terminal ID (IDt1) to the position information storage server 40 (1115). ..
  • the location information transmitting device 10 can perform user authentication without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 and the processing load of the authentication server 30 can be reduced. Further, since the position information transmitting device 10 does not need to have the agreed terminal ID table 11, it is not necessary to provide a large-capacity storage medium. Therefore, the cost of the position information transmitting device 10 can be reduced.
  • the agreed information does not have to include the facility ID.
  • the location information transmitting device 10 can acquire the consented information from the user terminal 20 by the user authentication, it determines that the user is a consented user and has consented from the user terminal 20. If the information cannot be obtained, it is determined that the user is not a consented user.
  • the consented information stored in the user terminal 20 is deleted at a predetermined timing. It is desirable that the consented information stored in the user terminal 20 be deleted at the timing when the user leaves the facility where he / she has consented to the transmission of the location information.
  • the timing at which the user leaves the facility that has agreed to transmit the location information is one of the determination timings 1 and 2.
  • Timing 1 Timing when the position acquired by the user terminal 20 based on the GPS positioning signal is determined to be a predetermined distance away from the position of the facility
  • Timing 2 The user who has completed the accounting at the facility positions the user terminal 20 Timing of approaching the information transmission device 10A
  • the user brings the user terminal 20 closer to the location information transmission device 10A after the deletion button (not shown) of the location information transmission device 10A is operated by the clerk of the hospital A who performed the accounting.
  • the position information transmitting device 10A deletes the consented information stored in the approaching user terminal 20.
  • the predetermined timing may be a timing when a predetermined time has elapsed since the consented information was written.
  • another user terminal 20 approaches the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach. There is a possibility that it will end up. In this case, since the immediately preceding terminal ID and the immediately preceding terminal ID are different, it is determined as "No" in step 1325 shown in FIG. Therefore, even when the same user terminal 20 as the first time approaches another user terminal 20, the personal information, the immediately preceding position information, and the immediately after position information cannot be associated with each other.
  • step 1605 the CPU 801 selects the position information immediately after the immediately following position information (position information immediately after the next point) from the candidate position information selected in step 1315 shown in FIG. 13, and proceeds to step 1610.
  • the CPU 801 determines “Yes” in step 1610 shown in FIG. It is determined whether or not the terminal ID) immediately after the point matches.
  • the CPU 801 determines "Yes" in step 1615 and proceeds to step 1330 shown in FIG. As a result, the personal information to be processed, the immediately preceding position information, and the immediately after runner-up position information are associated with each other.
  • the CPU 801 determines "No" in step 1615 shown in FIG. 16, returns to step 1605, and immediately after the current runner-up immediately after position information.
  • the position information of is selected as the position information immediately after the new runner-up.
  • step 1610 determines “No” in step 1610 and proceeds to step 1620.
  • step 1620 the CPU 801 selects the position information immediately before the previous position information (the position information immediately before the next point) from the candidate position information selected in step 1315 shown in FIG. 13, and is shown in FIG. Proceed to step 1625.
  • the CPU 801 determines “Yes” in step 1625 shown in FIG. 16, proceeds to step 1630, and proceeds to step 1630, where the terminal ID of the position information immediately before the next point (terminal immediately before the next point). It is determined whether or not the ID) and the immediately after terminal ID match.
  • the CPU 801 determines "Yes” in step 1630 and proceeds to step 1330 shown in FIG. As a result, the personal information to be processed, the position information immediately before the runner-up, and the position information immediately after the runner are associated with each other.
  • the CPU 801 determines "No" in step 1630 shown in FIG.
  • the position information of is selected as the position information immediately before the new runner-up.
  • the CPU 801 determines “No” in step 1625 and proceeds to step 1345 shown in FIG. As a result, the personal information to be processed is not related to any location information.
  • step 1325 shown in FIG. 13 the position information immediately after the next point is selected first from the position information immediately before the next point and the position information immediately after the next point. However, the position information immediately before the runner-up may be selected first. More specifically, if "No" is determined in step 1325 shown in FIG. 13, the CPU 801 executes the processes of steps 1620 to 1630. If the CPU 801 determines "No” in step 1625, the CPU 801 proceeds to step 1605. If the CPU 801 determines "No” in step 1610, the CPU 801 proceeds to step 1345 shown in FIG.
  • the CPU 101 of the position information transmitting device 10 starts processing from step 1700 and proceeds to step 1705 every time a predetermined time elapses.
  • the CPU 101 determines whether or not the terminal ID of the user terminal 20 has been acquired.
  • step 1705 the CPU 101 determines "No" in step 1705, proceeds to step 1795, and temporarily ends this routine.
  • step 1705 the CPU 101 determines "Yes” in step 1705 and proceeds to step 1710.
  • step 1710 the CPU 101 determines whether or not the acquired terminal ID is registered in the agreed terminal ID table 11.
  • the CPU 101 determines "Yes” in step 1710 (that is, determines that the user is a consented user), and proceeds to step 1715. .. In step 1715, the CPU 101 stores the previous terminal ID, which is the terminal ID of the user terminal 20, which is stored when the position information is transmitted due to the user terminal 20 approaching for the first time. Judge whether or not.
  • step 1705 the approach of the user terminal 20 that triggered the position information transmitting device 10 to acquire the terminal ID in step 1705 is considered to be the first approach.
  • the CPU 101 determines “Yes” in step 1715 and proceeds to step 1720.
  • step 1720 the CPU 101 stores the terminal ID acquired in step 1705 (hereinafter, referred to as “this time terminal ID”) as the previous terminal ID, and proceeds to step 1725 to transmit the position information. After that, the CPU 101 proceeds to step 1795 and temporarily ends this routine.
  • step 1715 determines "No" in step 1715 and proceeds to step 1730.
  • step 1730 the CPU 101 determines whether or not the current terminal ID acquired in step 1705 this time matches the previous terminal ID.
  • step 1730 the CPU 101 determines "Yes” in step 1730 and proceeds to step 1735.
  • step 1735 the CPU 101 deletes the previous terminal ID and the current terminal ID, and proceeds to step 1725 to transmit the position information.
  • step 1730 determines "No" in step 1730, executes the processes of steps 1738 and 1740, proceeds to step 1795, and temporarily ends this routine. To do.
  • Step 1738 The CPU 101 deletes the terminal ID this time.
  • Step 1740 The CPU 101 notifies the abnormality. In this abnormality notification, for example, the CPU 101 outputs a voice message indicating that a user terminal 20 different from the previous user terminal 20 has approached from a speaker (not shown).
  • step 1710 determines "No" in step 1710 (determines that the user is not the agreed user). Proceed to step 1745.
  • step 1745 the CPU 101 notifies the non-consent user and proceeds to step 1750.
  • the CPU 101 outputs a voice message indicating that the user is not a consented user from a speaker (not shown).
  • step 1750 the CPU 101 determines whether or not the user information has been input. Specifically, when the CPU 101 acquires the user information together with the terminal ID, it determines that the user information has been input.
  • step 1750 If the user information is not input in step 1750, the CPU 101 determines "No" in step 1750, proceeds to step 1795, and temporarily ends this routine.
  • step 1750 when the user information is input in step 1750, the CPU 101 determines "Yes" in step 1750, proceeds to step 1755, and transmits a terminal ID and user information registration request to the authentication server 30. .. After that, the CPU 101 proceeds to step 1795 to temporarily end this routine.
  • the position information transmitting device 10 does not transmit the position information unless the acquired terminal ID this time and the immediately preceding acquired terminal ID match. As a result, even if another user terminal is brought close to the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach, the position information Is not sent. As a result, the personal information, the immediately preceding position information, and the immediately after position information of the same user can be more accurately associated with each other.
  • the authentication server 30 stores a plurality of user terminals 20 used by the same user in association with the user information of the user.
  • the authentication server 30 stores the terminal IDs of a plurality of user terminals 20 and 25 used (carried) by the same user in association with the user information of the user.
  • the user terminal (IC card) 25 different from the user terminal (smartphone) 20 when the user gives the consent Is brought closer to the position information transmitting device 10A.
  • the position information transmitting device 10A acquires the terminal ID (IDt2) of the user terminal 25 (1805).
  • the location information transmitting device 10A authenticates the user (1025). Assuming that the terminal ID (IDt2) is not registered in the consented terminal ID table 11A, in this user authentication, the location information transmitting device 10A determines that this user is not a consented user, and uses the above-mentioned non-consented use. Notify the person.
  • the user inputs the user information UD1 to the position information transmission device 10A via a keyboard (not shown) connected to the position information transmission device 10A (1810). Since the user shown in FIG. 10 and the user in this example are the same, the user information UD1 input in step 1810 is the same as the user information UD1 input in step 1030 shown in FIG. It is the same.
  • the position information transmitting device 10A has a touch panel type display, the user may accept input of user information via the touch panel type display.
  • the position information transmitting device 10A acquires the terminal ID (IDt2) from the user terminal 25 (1815). Then, the location information transmission device 10A transmits a registration request including the acquired terminal ID (IDt2), the input user information UD1 and the facility ID (IDf1) to the authentication server 30 (1040).
  • the authentication server 30 When the authentication server 30 receives the registration request, it associates the terminal ID t2 included in the received registration request with the user information UD1 and registers it in the agreed user table 31. As a result, the terminal ID (IDt1) and the terminal ID (IDt2) are registered in the user information UD1 (see FIG. 18). Since the subsequent processing is the same as steps 1045 to 1065 shown in FIG. 10, the description thereof will be omitted.
  • the personal information acquired when the user terminal 20 is brought close to the user terminal 20 and the personal information acquired when the user terminal 25 is brought close to the user terminal 25 are managed as personal information acquired from the same user. Will be done.
  • a user registered in the agreed user table 31 in which the user information UD1 is associated with the terminal ID (IDt1) and the terminal ID (IDt2) in FIG. A ”) will explain an example of searching for its own personal information.
  • the user A operates the search terminal 90 and inputs the user information UD1 (for example, the name and the date of birth) that can identify the user A.
  • the search terminal 90 receives the input of the user information, the search terminal 90 transmits a search request including the user information as a search key to the management server 80 in step 1405.
  • the management server 80 transmits the terminal ID identification request including the user information to the authentication server 30 in step 1410.
  • the authentication server 30 acquires the terminal ID of the record that matches the search key from the agreed user table 31. In this case, two terminal IDs (IDt1 and IDt2) are registered in the record of the user information UD1 of the user A. Therefore, the authentication server 30 transmits a terminal ID specific response including the two terminal IDs (IDt1 and IDt2) to the management server 80 in step 1515. Since the processing after step 1520 is the same as the processing described above, the description thereof will be omitted.
  • the user concerned No matter which user terminal (20 or 25) A brings the user terminal (20 or 25) close to the location information transmitting device the personal information acquired at that time can be searched as the same user A's personal information.
  • the position information transmission device 10 further includes type identification information capable of specifying a type ID indicating an identifier of the type of personal information acquired by the personal information acquisition device 50 installed at a location corresponding to itself. Information is transmitted to the location information storage server 40. As a result, the location information and the type ID are associated and managed. As a result, when the search key includes the type ID of the personal information, the management server 80 refers to the location information table 41 without referring to the personal information stored in the personal information table 71 as being encrypted. Only by itself, the personal information of the type ID included in the search key can be specified.
  • the location information storage server 40 further has a type table 42.
  • the type table 42 includes a chip ID field 421 and a type ID field 422.
  • the chip ID of the position information transmitting device 10 is registered in the chip ID field 421, and the type ID is registered in the type ID field 422.
  • the position information table 41 includes the chip ID field 2101 and the type ID field 2102 in addition to the above fields 411 to 415.
  • the chip ID is registered in the chip ID field 2101, and the type ID is registered in the type ID field 2102.
  • the position information transmitting device 10 transmits the position information including the chip ID as the type identification information to the position information storage server 40.
  • the location information storage server 40 receives the location information, the location information storage server 40 refers to the type table and acquires the type ID corresponding to the chip ID included in the location information. Then, the position information storage server 40 registers the chip ID included in the received position information in the chip ID field 2101 of the position information table, and registers the type ID corresponding to the chip ID in the type ID field 2102.
  • step 1405 the search terminal 90 transmits a search request including the age and the type ID as the search key to the management server 80.
  • the management server 80 searches including "the terminal ID of the user terminal 20 used by the user matching the age, which is one of the search keys," and "the type ID, which is one of the search keys.”
  • the request is transmitted to the location information storage server 40.
  • the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and acquires a link ID of a record that matches the terminal ID included in the received search request and that matches the type ID.
  • the location information storage server 40 transmits a search response including the acquired link ID to the management server 80. Since the subsequent processing is the same as that in FIG. 14, the description thereof will be omitted.
  • the position information matching the type ID which is the search key is specified by referring to the position information table 41, and the position information is specified from the personal information table 71. Acquire personal information associated with location information. This makes it possible to search for personal information that matches the search key without decrypting the encrypted personal information.
  • the chip ID has been described as an example of the type identification information, but the type identification information is information that can identify the position information transmitting device 10 (for example, the Mac address and the IP address of the position information transmitting device 10). May be good. Further, if the type ID of the personal information acquired by the personal information acquisition device 50 installed at the location corresponding to the position information transmission device 10 is set in advance, the type ID can be used as the type identification information. Good. In this case, the location information storage server 40 does not have to have the type table 42 shown in FIG. Further, the position information table 41 shown in FIG. 21 does not have to include the chip ID field 2101.
  • this management system has been applied to hospitals in the above embodiment, it can be applied in various situations.
  • this management system can also be applied to home-visit nursing services and retail stores.
  • the home-visit nursing service is a service in which a nurse visits a user's home and performs various treatments on the user.
  • a location information transmitting device 10 is installed at the user's home.
  • the personal information acquisition device 50 is a notebook computer, a smartphone, or the like carried by a nurse who visits the user's home.
  • the location information transmitting device 10 may be brought to the user's home each time the nurse visits the user's home.
  • the nurse who visited the user's home will carry out various treatments (body temperature measurement, blood pressure measurement, bedsore assistance, etc.) to the user according to the home-visit nursing plan planned in advance.
  • the user brings the user terminal 20 closer to the position information transmitting device 10 before and after the implementation of one treatment.
  • the nurse performs one procedure after the user first brings the user terminal 20 closer to the position information transmitting device 10.
  • the nurse After performing one treatment, the nurse inputs the execution time of the treatment into the personal information acquisition device 50D, so that the personal information acquisition device 50 acquires the detailed data of the user as personal information.
  • This personal information includes the acquisition time of the personal information, the actual personal information, and the place information.
  • This location information is information that can identify the home (service user's home) of the home-visit nursing service user. For example, personal information is specified by a service user identifier (service user ID) or the like on which the treatment is performed.
  • service user ID service user identifier
  • the user ID is registered in the location information field 811 of the position range table 81 of the management server 80, and the range of the position of the service user's house is registered in the position range field 812.
  • the personal information acquisition device 50 When the nurse finishes the home-visit nursing service and arrives at the business establishment, the personal information acquisition device 50 is connected to the history storage server 60, and the personal information is transmitted to the history storage server 60. Since the process of associating the location information with the personal information by the management server 80 is the same as the routine shown in FIG. 10, the description thereof will be omitted.
  • the personal information acquisition device 50 is a register installed in the retail store.
  • the position information transmitting device 10 is installed near this register. The user brings the user terminal 20 closer to the position information transmitting device 10 before and after the settlement of the charge.
  • the personal information in this case is the purchase history of the user acquired by the personal information acquisition device 50 which is a register.
  • the present invention is not limited to the above embodiment, and various modifications of the present invention can be adopted.
  • the location information transmitting device 10 may inquire to the authentication server 30 whether or not the user of the approaching user terminal 20 has consented to the transmission of the location information. In this case, the location information transmitting device 10 transmits a user authentication request including the terminal ID of the approaching user terminal 20 and its own facility ID to the authentication server 30. When the terminal ID and the facility ID included in the user authentication request are recorded in the same record in the consented user table 31, the authentication server 30 indicates that the user has consented to the transmission of the location information. The user authentication success response is transmitted to the location information transmitting device 10.
  • the authentication server 30 indicates that the user does not consent to the transmission of the location information.
  • the user authentication failure response is transmitted to the location information transmitting device 10.
  • the user identifier may be used instead of the terminal ID.
  • the process of associating personal information with location information may be executed by a computer other than the management server 80.
  • a computer other than the management server 80 any one of the authentication server 30, the location information storage server 40, and the personal information storage server 70 may execute the process.
  • Device authentication and user information registration are performed by the authentication server 30, but may be performed by different computers.
  • the position information transmitting device 10 acquires the position information from the GPS satellite or the IMES transmitter, but is not limited to this, and may acquire its own position information by using other means.
  • 10A to 10C ... location information transmission device, 20 ... user terminal, 30 ... authentication server, 40 ... location information storage server, 50B and 50C ... personal information acquisition device, 60 ... history storage server, 70 ... personal information storage server, 80 ... Management server.

Landscapes

  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Engineering & Computer Science (AREA)
  • Primary Health Care (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Biomedical Technology (AREA)
  • Public Health (AREA)
  • Epidemiology (AREA)
  • Economics (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un système de gestion comprenant : un dispositif de transmission d'informations de position qui, lorsqu'un terminal utilisateur s'approche, devient capable de communiquer avec le terminal utilisateur et transmet, à un dispositif de stockage prescrit, des informations de position indiquant une position prédéfinie du dispositif de transmission lui-même; et un dispositif de gestion pour associer les informations de position et les informations personnelles les unes aux autres et gérer les informations associées. Le dispositif de gestion est conçu pour acquérir des informations de position immédiatement antérieures et des informations de position immédiatement postérieures par rapport à des informations de position candidates, qui sont des informations de position indiquant une position dans une plage prescrite qui peut être considérée comme étant dans la même position qu'un dispositif d'acquisition d'informations personnelles qui acquiert les informations personnelles, les informations de position immédiatement antérieures étant des informations de position qui ont été transmises avant le moment d'acquisition des informations personnelles et au moment le plus proche dudit moment d'acquisition, et les informations de position immédiatement postérieures étant des informations de position qui ont été transmises après le moment d'acquisition des informations personnelles et au moment le plus proche du moment d'acquisition. De plus, le dispositif de gestion est conçu pour gérer les informations personnelles, les informations de position immédiatement antérieures et les informations de position immédiatement postérieures, en association les unes avec les autres.
PCT/JP2020/034284 2019-10-01 2020-09-10 Système de gestion, dispositif de gestion et procédé de gestion WO2021065411A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2021550533A JPWO2021065411A1 (fr) 2019-10-01 2020-09-10

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019181668 2019-10-01
JP2019-181668 2019-10-01

Publications (1)

Publication Number Publication Date
WO2021065411A1 true WO2021065411A1 (fr) 2021-04-08

Family

ID=75337415

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/034284 WO2021065411A1 (fr) 2019-10-01 2020-09-10 Système de gestion, dispositif de gestion et procédé de gestion

Country Status (2)

Country Link
JP (1) JPWO2021065411A1 (fr)
WO (1) WO2021065411A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002351974A (ja) * 2001-05-22 2002-12-06 Ribaabire:Kk 診療情報処理システム
JP2016122426A (ja) * 2014-12-25 2016-07-07 シャープ株式会社 情報処理装置、および情報処理装置の制御方法
US20180367179A1 (en) * 2017-02-22 2018-12-20 Deborah T. Bullington Lighting system for medical appointment progress tracking by wireless detection
JP2019139740A (ja) * 2018-10-11 2019-08-22 Pinmicro株式会社 Icカード利用システム、icカード利用方法、サーバおよびその制御方法と制御プログラム
JP2019185282A (ja) * 2018-04-06 2019-10-24 佐鳥電機株式会社 管理システム及び管理方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002351974A (ja) * 2001-05-22 2002-12-06 Ribaabire:Kk 診療情報処理システム
JP2016122426A (ja) * 2014-12-25 2016-07-07 シャープ株式会社 情報処理装置、および情報処理装置の制御方法
US20180367179A1 (en) * 2017-02-22 2018-12-20 Deborah T. Bullington Lighting system for medical appointment progress tracking by wireless detection
JP2019185282A (ja) * 2018-04-06 2019-10-24 佐鳥電機株式会社 管理システム及び管理方法
JP2019139740A (ja) * 2018-10-11 2019-08-22 Pinmicro株式会社 Icカード利用システム、icカード利用方法、サーバおよびその制御方法と制御プログラム

Also Published As

Publication number Publication date
JPWO2021065411A1 (fr) 2021-04-08

Similar Documents

Publication Publication Date Title
US11106818B2 (en) Patient identification systems and methods
US9386005B2 (en) Method and system for data communication over network
US8291085B2 (en) Value information transfer system and value information transfer method
EP2648148A2 (fr) Procédé de paiement par l'intermédiaire d'un instrument de paiement et serveur et terminal mobile mettant en ýuvre celui-ci
US11587076B2 (en) Systems and methods for responsive data transfer and anonymizing data using tokenizing and encrypting
US10129030B2 (en) Information delivery system, information delivery method, short-range communication device, information delivery apparatus, and server
US10148658B2 (en) Information processing apparatus and method, and program
US10748134B2 (en) System and method for management of payee information
US9331964B2 (en) System, method, and apparatus for using a virtual bucket to transfer electronic data
US8375057B2 (en) Database system, server device, terminal device, and data presentation method
US20090015374A1 (en) User authentication system and method
JP7057969B2 (ja) 管理システム及び管理方法
US8885827B2 (en) System and method for enabling a host device to securely connect to a peripheral device
JP2010181988A (ja) 利用者登録システム、リーダ・ライタ、サーバ、利用者登録方法、及びプログラム
WO2021065411A1 (fr) Système de gestion, dispositif de gestion et procédé de gestion
WO2021065412A1 (fr) Système de gestion
WO2021065410A1 (fr) Système et procédé de gestion
JP2006244381A (ja) 電子商取引システム、電子商取引サーバ、及び電子商取引管理プログラム
WO2015051449A1 (fr) Procédé d'envoi automatique d'un signal indiquant une position dans une file d'attente
US20140379569A1 (en) Method and apparatus for combining different kinds of wallets on a mobile device
US20110145300A1 (en) Database system, server apparatus, terminal apparatus, and database updating method
US11687643B2 (en) Information linkage system and information linkage method
JP5686865B2 (ja) サーバ、サービス情報送信方法、及びプログラム
US20230360781A1 (en) Method and system for managing medical consultation content
JP7217768B2 (ja) 個人情報利用システム、携帯型の読み取り端末、及び個人情報利用方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20872128

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021550533

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20872128

Country of ref document: EP

Kind code of ref document: A1