WO2021065412A1 - Système de gestion - Google Patents

Système de gestion Download PDF

Info

Publication number
WO2021065412A1
WO2021065412A1 PCT/JP2020/034285 JP2020034285W WO2021065412A1 WO 2021065412 A1 WO2021065412 A1 WO 2021065412A1 JP 2020034285 W JP2020034285 W JP 2020034285W WO 2021065412 A1 WO2021065412 A1 WO 2021065412A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
terminal
position information
personal information
Prior art date
Application number
PCT/JP2020/034285
Other languages
English (en)
Japanese (ja)
Inventor
隆文 垣岡
礼壮 木村
Original Assignee
佐鳥電機株式会社
株式会社国際ヘルスケア・マネジメント機構
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 佐鳥電機株式会社, 株式会社国際ヘルスケア・マネジメント機構 filed Critical 佐鳥電機株式会社
Priority to JP2021550534A priority Critical patent/JPWO2021065412A1/ja
Publication of WO2021065412A1 publication Critical patent/WO2021065412A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention is a management system that manages user's personal information acquired by a personal information acquisition device.
  • Patent Document 1 a management system (hereinafter referred to as "conventional system") that manages a user's position information and a user's personal information is known. More specifically, in Patent Document 1, the user's mobile terminal (user terminal) transmits the space-time tag and the terminal ID to a predetermined storage device every time a predetermined time elapses, and the storage device sends the terminal ID.
  • the space-time tag for each.
  • the space-time tag includes position information and time information.
  • a terminal device for acquiring user's personal information is installed in a facility (for example, a hospital or a retail store), and this terminal device has an NFC (Near Field Communication) function.
  • NFC Near Field Communication
  • the latest space-time tag is acquired from the mobile terminal, the space-time tag is added to the personal information, and the information is transmitted to the storage device.
  • the storage device can aggregate personal information for each user by collating the space-time tag transmitted from the mobile terminal with the space-time tag transmitted from the terminal device.
  • an object of the present invention is to provide a management system that accurately associates the personal information of the same person with the location information without modifying the existing personal information acquisition device and without causing the user terminal to acquire the location information. There is. Furthermore, an object of the present invention is to provide a management system capable of associating personal information acquired when approaching a position information transmitting device of a plurality of mobile terminals used by the same user with the user. ..
  • the management system of the present invention (hereinafter, also referred to as "the management system") is When a user terminal (20, 25) carried by a user approaches, a position at which communication with the user terminal becomes possible and position information indicating a preset own position is transmitted to a predetermined storage device.
  • Information transmission device (10) and A management device (80) that associates and manages the location information and the personal information, and An authentication device (30) that stores a terminal identifier, which is an identifier of the user terminal carried by the user who has consented to the transmission of the location information, and user information that can identify the user of the user terminal. And.
  • the position information transmitting device is When the user terminal approaches, the terminal identifier is acquired from the user terminal (step 1020, step 1135, step 1155, step 1185), and the user of the user terminal agrees to transmit the location information. It is determined whether or not (step 1025, step 1110, step 1140, step 1160, step 1190). When the user consents to the transmission of the location information, the terminal identifier is included in the location information and transmitted to the storage device (step 1115, step 1145, step 1165, step 1195). If the user does not consent to the transmission of the location information, the terminal identifier and the acceptance are received when the user information of the user is accepted (step 1030, step 1035, step 1210, step 1215). A registration request including user information is transmitted to the authentication device (step 1040). It is configured as follows.
  • the authentication device is When the registration request is received (step 1040 shown in FIG. 12), when the user information included in the received registration request matches the already stored user information, the already stored user.
  • the terminal identifier associated with the information, the terminal identifier included in the received registration request, and the user information are stored in association with each other (step 1045 shown in FIG. 12). It is configured as follows.
  • the management device is It is said that the transmission time of the location information and the acquisition time of the personal information satisfy a predetermined time matching condition (step 1320), and the location information is installed at the same place as the personal information acquisition device that acquired the personal information.
  • the position information and the personal information are associated with each other (step 1330). It is configured as follows.
  • the location information Indicates a position where the transmission time of the location information and the acquisition time of the personal information satisfy the time matching condition, and the location information can be regarded as being installed at the same place as the personal information acquisition device that acquired the personal information.
  • the user who brought the user terminal closer to the location information and the user whose personal information was acquired are the same person. This is because these users are likely to be located at the same location at the same time.
  • the location information of the same person and the personal information can be more accurately associated with each other.
  • the existing personal information acquisition device can be used as it is, and the existing personal information acquisition device can be changed. No need to add. Further, since the position information is not transmitted by the user terminal but is transmitted by the position information transmitting device, the position information acquisition function of the user terminal may be disabled, or the position on the user terminal side. There is no risk of the information being tampered with.
  • terminal identifiers with matching user information are stored in association with each other. Therefore, even when the same user uses a plurality of different user terminals, the terminal identifiers of the plurality of user terminals can be associated with the user information of the user. Since the position information is transmitted from the position information transmitting device including the terminal identifier and is associated with the personal information satisfying a predetermined condition, the same user brings a plurality of user terminals close to the position information transmitting device. Even when the position information transmitting device is made to transmit the position information, the personal information acquired when the user terminal is brought close to the position information transmitting device can be associated with the same user.
  • the authentication device acquires the terminal identifier associated with the user information of the user included in the search request. (Step 1510, Step 1515), Personal information associated with the location information including the terminal identifier acquired by the authentication device is acquired as a search result (steps 1520 to 1545). It is configured as follows.
  • the personal information of the user can be searched as the personal information of the same person.
  • the authentication device is When the registration request is received, the terminal identifier included in the registration request is stored (step 1045), and the registration request is stored. The terminal identifier is transmitted to the location information transmitting device (steps 1050A to 1050C). It is configured as follows.
  • the position information transmitting device is When the terminal identifier transmitted by the authentication device is received, the received terminal identifier is stored (steps 1055A to 1055C), and the terminal identifier is stored.
  • the terminal identifier is acquired from the user terminal, and it is determined whether or not the terminal identifier is stored (step 1025, step 1110, step 1140, step 1160, step 1190).
  • the terminal identifier is included in the position information and transmitted to the storage device (step 1115, step 1145, step 1165, step 1195).
  • the registration request is transmitted to the authentication device when the user information of the user is received (step 1030, step 1035, step 1210, step 1215) (step 1040). , It is configured as follows.
  • the authentication device is When the registration request is received, a writing command, which is a command for writing the agreed information indicating that the user has consented to the transmission of the location information to the user terminal of the user, is sent to the location information transmitting device.
  • Send (step 1615), It is configured as follows.
  • the position information transmitting device is When the write command transmitted by the authentication device is received, the consented information is written to the user terminal if communication with the user terminal is possible (step 1620). When the user terminal approaches, the consented information is acquired from the user terminal, and whether or not the user of the user terminal consents to the transmission of the location information based on the acquired consented information. (Step 1630), Constructed as
  • the location information transmitting device does not need to store the consented terminal identifier. Therefore, since the position information transmitting device does not need to be equipped with a storage medium having a relatively large storage capacity, the cost of the position information transmitting device can be reduced.
  • FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention.
  • FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG.
  • FIG. 3 is an explanatory diagram of a consented terminal ID table included in the position information transmitting device shown in FIG.
  • FIG. 4 is an explanatory diagram of a consented user table included in the authentication server shown in FIG.
  • FIG. 5 is an explanatory diagram of a distribution destination table included in the authentication server shown in FIG.
  • FIG. 6 is an explanatory diagram of a regular chip ID table included in the authentication server shown in FIG.
  • FIG. 7 is an explanatory diagram of a location information table included in the location information storage server shown in FIG.
  • FIG. 1 is a schematic system configuration diagram of a management system (this management system) according to an embodiment of the present invention.
  • FIG. 2 is a hardware configuration diagram of the position information transmitting device shown in FIG.
  • FIG. 3 is an explan
  • FIG. 8 is an explanatory diagram of a personal information table included in the personal information storage server shown in FIG.
  • FIG. 9 is a hardware configuration diagram of the management server shown in FIG.
  • FIG. 10 is a sequence diagram of device authentication and consented user registration in this management system.
  • FIG. 11 is a sequence diagram of transmission of location information and acquisition of personal information in this management system.
  • FIG. 12 is a sequence diagram when users in this management system use different user terminals.
  • FIG. 13 is a sequence diagram of the association between the location information and the personal information in this management system.
  • FIG. 14 is a flowchart of the association process executed by the management server shown in FIG.
  • FIG. 15 is a sequence diagram of searching for personal information in this management system.
  • FIG. 16 is a sequence diagram of a first modification of the management system.
  • FIG. 17 is a flowchart of the association process in the second modification of the management system.
  • FIG. 18 is a flowchart of the position information transmission process executed by the position information transmission device in the third modification of the management system.
  • FIG. 19 is a flowchart of the association process in the fourth modification of the management system.
  • FIG. 20 is an explanatory diagram of a type table included in the location information storage server in the fifth modification of the management system.
  • FIG. 21 is an explanatory diagram of a location information table included in the location information storage server in the fifth modification of the management system.
  • the management system according to the embodiment of the present invention (hereinafter, may be referred to as “the management system”) will be described with reference to the drawings.
  • This management system includes location information transmission devices 10A to 10C, user terminal (mobile terminal) 20, authentication server 30, location information storage server 40, personal information acquisition devices 50B and 50C, history storage server 60, and personal information storage server 70. It also includes a management server 80.
  • position information transmitting device 10 When the position information transmitting devices 10A to 10C are not distinguished from each other, they are referred to as "position information transmitting device 10".
  • personal information acquisition devices 50B and 50C are not distinguished from each other, they are referred to as "personal information acquisition device 50".
  • the location information transmission device 10, the personal information acquisition device 50, and the history storage server 60 are installed in medical institutions such as hospitals and pharmacies, for example.
  • the installation locations of these devices 10, 50 and 60 are not limited to medical institutions, and may be installed in any facility as long as it is a facility for acquiring personal information of users (for example, retail stores and financial institutions). It may be installed in an institution, etc.).
  • FIG. 1 describes an example in which these devices 10, 50 and 60 are installed in Hospital A.
  • Hospital A a position information transmission device 10A is installed at the reception desk, a position information transmission device 10B and a personal information acquisition device 50B are installed in the examination room, and the examination room (for example, an X-ray room) is installed.
  • a position information transmission device 10C and a personal information acquisition device 50C are installed.
  • the location information transmission device 10 is connected to the authentication server 30 and the location information storage server 40 via the network NW. Further, the personal information acquisition device 50 is connected to the history storage server 60 via a LAN (Local Area Network). The history storage server 60 is connected to the personal information storage server 70 via a dedicated line EL.
  • LAN Local Area Network
  • position information is acquired from the position information transmission device 10, and personal information is acquired from the personal information acquisition device 50. That is, the location information and the personal information are acquired separately from each other and stored separately.
  • devices related to location information location information transmission device 10, user terminal 20, authentication server 30, and location information storage server 40.
  • the position information transmitting device 10 is a user who has consented to the transmission of the position information (approved use). Authenticate the user to determine whether or not the person).
  • the position information transmitting device 10 determines that the user is a consented user, the position information transmitting device 10 transmits the preset position information indicating its own position to the position information storage server 40.
  • the position information transmitting device 10 includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102, a ROM (Read Only Memory) 103, an IC (Integrated Circuit) chip 104, a network interface (I / F) 105, and GPS / It has an IMES receiver 106 and an input / output interface (I / F) 107. They are communicably connected to each other via bus 108.
  • CPU Central Processing Unit
  • RAM Random Access Memory
  • ROM Read Only Memory
  • IC Integrated Circuit
  • the CPU 101 realizes various functions by loading various programs (not shown) stored in the ROM 103 into the RAM 102 and executing the programs loaded in the RAM 102.
  • the RAM 102 is a volatile storage medium. As described above, various programs executed by the CPU 101 are loaded into the RAM 102. In addition, the RAM 102 temporarily stores data used by the CPU 101 when executing various programs.
  • ROM 103 is a non-volatile storage medium. Various programs are stored in the ROM 103.
  • the IC chip 104 stores a chip ID used for device authentication, which will be described later. The chip ID is also used as an identifier (device ID) of the position information transmitting device 10.
  • the network I / F 105 is an interface for connecting the location information transmitting device 10 to the network NW.
  • the GPS / IMES (Indoor Messaging System) receiver 106 receives a GPS positioning signal from a GPS satellite (not shown) or an IEMS positioning signal from an IEMS (Indoor Messaging System) transmitter (not shown).
  • the position information transmitting device 10 determines its own position based on the GPS positioning signal or the IMES positioning signal, and sets information indicating the determined position to itself.
  • the input / output I / F 806 is an interface for connecting to the IC card reader / writer 110.
  • the IC card reader / writer 110 has an NFC (Near Field Communication) function. This NFC function is a function capable of communicating with the other device when the distance between the device and the "other device having the NFC function" is within a predetermined distance (when the device approaches the other device).
  • NFC Near Field Communication
  • the position information transmitting devices 10A to 10C store the agreed terminal ID tables 11A to 11C (see FIG. 3) in the RAM 102, respectively.
  • the agreed terminal ID tables 11A to 11C are not distinguished, they are referred to as "agreeed terminal ID table 11".
  • a terminal identifier hereinafter, referred to as "terminal ID"
  • terminal ID is an identifier of the user terminal 20 used by the consented user
  • the location information transmitting device 10 acquires the terminal ID of the approaching user terminal 20. Then, if the acquired terminal ID is registered in the consented terminal ID table 11, the position information transmitting device 10 determines that the user is a consented user and transmits the position information.
  • This position information includes a terminal ID acquired from the user terminal 20 and information (latitude, longitude, etc.) indicating a position set in the position information transmitting device 10.
  • the location information transmitting device 10 determines that the user is not a consented user, and the position unless the user agrees to transmit the location information. Do not send information.
  • the user terminal 20 is a terminal carried by the user and has the above-mentioned NFC function.
  • the terminal ID is stored in the user terminal 20, and when the user terminal 20 approaches the position information transmitting device 10, the user terminal 20 transmits the terminal ID to the position information transmitting device 10.
  • FIG. 1 illustrates a smartphone as the user terminal 20.
  • the user terminal 20 may be, for example, an IC (Integrated Circuit) card (25) or the like.
  • the authentication server 30 is a device that stores and centrally manages the terminal ID of the user terminal 20 of the consented user (hereinafter, referred to as "agreeed terminal ID"), and is a device that centrally manages the consented user table 31. It has a distribution destination table 32 (see FIG. 5) and a regular chip ID table 33 (see FIG. 6).
  • the terminal ID field 311, the user information field 312, and the facility ID field 313 are set in the agreed user table 31.
  • the agreed terminal ID is registered in the terminal ID field 311 and the user information of the agreed user is registered in the user information field 312.
  • User information is information (name, date of birth, age, telephone number, address, insurer number, etc.) for identifying (identifying) an individual user.
  • the user inputs the user information from the user terminal 20 or the like.
  • the facility ID field 313 a facility ID indicating an identifier of the facility for which the user has consented to the transmission of location information is registered.
  • a chip ID field 321 and a facility ID field 322 are set in the distribution destination table 32.
  • the chip ID field 321 the chip ID of the position information transmitting device 10 determined to be a genuine product by the device authentication described later is registered.
  • the facility ID field 322 the facility ID of the facility where the location information transmitting device 10 is installed is registered.
  • the chip ID of the genuine position information transmitting device 10 is registered in the regular chip ID table 33.
  • the position information storage server 40 has a position information table 41 (see FIG. 7), and when receiving the position information transmitted from the position information transmitting device 10, stores the received position information in the position information table 41. ..
  • the position information table 41 includes a record ID field 411, a terminal ID field 412, a transmission time field 413, a position field 414, and a link ID field 415.
  • the record ID field 411 a unique identifier of the record in the position information table 41 is registered.
  • the terminal ID field 412 the terminal ID included in the received position information is registered.
  • the transmission time field 413 the time when the position information transmitting device 10 transmits the position information is registered.
  • the position included in the position information is registered in the position field 414.
  • the link ID field 415 a unique identifier of "a record in which personal information associated with location information is registered" in the personal information table 71 is registered.
  • the personal information acquisition device 50 is a device that acquires the personal information of the user and transmits the acquired personal information to the history storage server 60.
  • the type of personal information acquired differs depending on the type of the personal information acquisition device 50.
  • the personal information acquisition device 50B installed in the examination room is a personal computer or the like operated by a doctor or the like, and the detailed data representing the medical practice performed on the user (patient) by the doctor or the like is input to the personal information acquisition device 50B. Acquire detailed data as personal information.
  • the personal information acquisition device 50C installed in the examination room is an X-ray imaging device or the like, and X-ray image data (examination data) of the user (patient) is obtained by irradiating the user's body with X-rays. Obtained as personal information.
  • the personal information acquisition device 50C may be an MRI device or the like.
  • Personal information further includes user identification information (user's name, date of birth, medical examination ticket number, etc.) that can identify the user, acquisition time of the personal information, and location information.
  • user identification information user's name, date of birth, medical examination ticket number, etc.
  • location information is information that can identify the facility in which the personal information acquisition device 50 is installed and the room in which the personal information acquisition device 50 is installed.
  • the data format of personal information differs depending on the type. Therefore, the detailed data and the inspection data shown in FIG. 1 have different user identification information, location information, acquisition time, and other data positions.
  • the history storage server 60 When the history storage server 60 receives the personal information from the personal information acquisition device 50, the history storage server 60 refers to the user identification information included in the received personal information, encrypts the received personal information, and stores it for each user.
  • the personal information for each user stored in this way is referred to as "user history data 61".
  • the history storage server 60 transmits all the user history data 61 stored up to the present time since the last user history data 61 was transmitted at a predetermined timing (for example, on the last day of the month) via the dedicated line EL. And sends it to the personal information storage server 70.
  • the personal information storage server 70 has a personal information table 71 (see FIG. 8), and when the user history data 61 transmitted from the history storage server 60 is received, the received user history data 61 is used as personal information. Store in table 51. Specifically, the personal information storage server 70 stores one personal information included in the user history data 61 in one record of the personal information table 71.
  • the personal information table 71 includes a record ID field 711, a personal information field 712, and a link ID field 713.
  • the record ID field 711 a unique identifier of each record in the personal information table 71 is registered.
  • the personal information field 712 the personal information received by the personal information storage server 70 is registered in the encrypted state.
  • the link ID field 713 a unique identifier of the "record in which the location information associated with the personal information is registered" in the location information table 41 is registered.
  • the management server 80 is connected to the personal information storage server 70 via the dedicated line EL, and is connected to the authentication server 30 and the location information storage server 40 via the network NW.
  • the management server 80 associates the location information with the personal information. More specifically, when the location information and the personal information satisfy the matching condition, the management server 80 sets the link ID field 415 of the record corresponding to the location information in the location information table 41 to "personal information satisfying the matching condition". Register the "record identifier”. Further, the management server 80 registers the "identifier of the record of the location information satisfying the matching condition" in the link ID field 713 of the record of the personal information of the personal information table 71.
  • the management server 80 is a general computer, and is a CPU 801 and a RAM 802, a ROM 803, a network interface (I / F) 804, a dedicated line interface (I / F) 805, and an input / output interface (I / F). / F) 806. They are communicably connected to each other via bus 810.
  • the CPU 801 and the RAM 802, the ROM 803 and the network I / F 804 are the same as the CPU 101, the RAM 102, the ROM 103 and the network I / F 105 shown in FIG. 2, respectively, and thus the description thereof will be omitted.
  • the position range table 81 is stored in the RAM 802.
  • the position range table 81 includes a location information field 811 and a position range field 812.
  • place information field 811 place information that can specify the place where the personal information acquisition device 50 is installed is registered.
  • position range field 812 a predetermined position range that can be regarded as the same as the place specified by the place information (that is, the place where the personal information acquisition device 50 is installed) is registered.
  • the leased line I / F805 is an interface for connecting the management server 80 to the leased line EL.
  • the input / output I / F 806 is an interface for being connected to a keyboard and a display.
  • the authentication server 30, the location information storage server 40, the history storage server 60, and the personal information storage server 70 are also general computers like the management server 80, and are the CPU 801, RAM 802, ROM 803, network I / F 804, and the above-mentioned CPU 801 and RAM 802. It has input / output I / F806 and the like.
  • the position information transmitting devices 10A to 10C transmit the authentication request to the authentication server 30 at a predetermined timing (1005A to 1005C).
  • the predetermined timing is, for example, the initial connection timing of the position information transmitting device 10 to the network NW, and the timing at which a preset predetermined time (for example, a predetermined time before the start of business at Hospital A) is reached.
  • the authentication request transmitted by the position information transmitting device 10 includes the chip IDs (IDc1 to IDc3) of the position information transmitting device 10 and the facility ID of the position information transmitting device 10.
  • the facility ID is the identifier (IDf1) of the hospital A.
  • the facility ID is preset in each position information transmitting device 10A to 10C.
  • the authentication server 30 When the authentication server 30 receives the authentication request, it executes device authentication (1010). Specifically, the authentication server 30 determines whether or not the chip ID included in the received authentication request is registered in the regular chip ID table 33.
  • the authentication server 30 is the location information transmitting device 10 that has transmitted the authentication request. Judge that it is a genuine product.
  • the authentication server 30 registers the chip IDs (IDc1 to IDc) and the facility IDs (IDf1) included in the received authentication request in the distribution destination table 32 (1013).
  • the chip IDs (IDc1 to IDc3) and the facility ID (IDf1) are associated and registered in the distribution destination table 32.
  • the authentication server 30 transmits an authentication response (hereinafter, referred to as “authentication success response”) indicating that the device authentication has succeeded to the position information transmitting devices 10A to 10C (1015A to 1015C), respectively.
  • the authentication server 30 is the position information transmitting device 10 that has transmitted the authentication request including the chip IDs that are not registered in the regular chip ID table 33. It is determined that the product is not genuine, and an authentication response indicating that the device authentication has failed (hereinafter, referred to as "authentication failure response") is transmitted to the location information transmitting device 10.
  • the position information transmitting device 10 that has received the authentication failure response prohibits the transmission of the position information even if the user approaches the user terminal 20.
  • the location information transmitting device 10A authenticates the user (1025). In the user authentication, the location information transmitting device 10A determines whether or not the acquired terminal ID (IDt1) is registered in the agreed terminal ID table 11A. At this point, assuming that the terminal ID (“IDt1”) is not yet registered in the consented terminal ID table 11 of the location information transmitting device 10A, the user of the location information transmitting device 10A is not a consented user. Is determined, and the user is notified to that effect. For example, the location information transmitting device 10A outputs a voice message indicating that the user is not a consented user from a speaker (not shown). The message that the user is not a consented user may be displayed on the display connected to the position information transmitting device 10A or the display of the user terminal 20.
  • the user When the user agrees to transmit the location information at the hospital A, the user inputs the user information (UD1) of the user into the user terminal 20 (1030), and the user terminal 20 is sent to the location information transmission device 10A. Bring it closer.
  • the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 and the input user information (UD1) (1035).
  • the location information transmitting device 10A transmits a registration request including the "acquired terminal ID (IDt1) and user information (UD1)" and the facility ID (IDf1) to the authentication server 30 (1040). This registration request indicates that the user has consented to the transmission of location information.
  • the user agrees to send location information on a facility-by-facility basis (hospital A, hospital B (not shown), pharmacy C (not shown), etc.).
  • the authentication server 30 When the authentication server 30 receives the registration request, the authentication server 30 registers the terminal ID (IDt1), the user information (UD1), and the facility ID (IDf1) included in the received registration request in the agreed user table 31 (1045). ) (See FIG. 4). As a result, the authentication server 30 remembers that the user has consented to the transmission of the location information.
  • the authentication server 30 refers to the distribution destination table 32, and identifies the registration response including the terminal ID (IDt1) included in the received registration request by the facility ID (IDf1) included in the received registration request (A). It transmits to all the position information transmitting devices 10A to 10C installed in the hospital) (1050A to 1050C). More specifically, the authentication server 30 selects a record in which the facility ID (IDf1) included in the registration request received in the facility ID field 322 of the distribution destination table 32 is registered, and enters the chip ID field 321 of the selected record. Acquire the registered chip ID (IDt1 to IDt3). The authentication server 30 transmits a registration response including the terminal ID (IDt1) included in the received registration request to the position information transmitting devices 10A to 10C identified by the acquired chip IDs (IDt1 to IDt3).
  • the terminal ID (IDt1) included in the received registration response is registered in the agreed terminal ID tables 11A to 11C (1055A to 1055C).
  • the location information transmitting devices 10A to 10C will be used when the user terminal 20 identified by the terminal ID (IDt1) approaches. It can be determined whether or not the user is a consented user by referring to the consented terminal ID tables 11A to 11C without inquiring to the authentication server 30.
  • the location information transmission device 10A has a transmission time (10:10, September 1, 2019) indicating the time when the location information is transmitted. ),
  • the position information including the terminal ID (IDt1) of the user terminal 20 and the position P1 is transmitted to the position information storage server 40 (1060).
  • the location information storage server 40 When the location information storage server 40 receives the location information, the location information storage server 40 adds a new record (record ID "1" (see FIG. 7)) to the location information table 41, and registers the received location information in the added record. (1065).
  • the position information transmitting device 10 may transmit the position information not including the transmission time. In this case, the time when the location information storage server 40 receives the location information is regarded as the transmission time of the location information.
  • the user brings the user terminal 20 close to the position information transmission device 10 and causes the position information transmission device 10 to transmit the position information before and after the personal information is acquired by the personal information acquisition device 50. ..
  • the user moves from the reception desk of Hospital A to the examination room. As shown in FIG. 11, before the personal information acquisition device 50C acquires the inspection data, the user brings the user terminal 20 closer to the position information transmission device 10C installed in the examination room.
  • the position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1105) and authenticates the user (1110).
  • step 1055C shown in FIG. 10 since the terminal ID (IDt1) is registered in the consented terminal ID table 11C, in the position information transmitting device 10C, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:20 on September 1, 2019), the terminal ID (IDt1) and the position (P3) is transmitted to the position information storage server 40 (1115).
  • the location information storage server 40 registers the received location information in a new record (record ID “L2”) of the location information table 41 (1120).
  • the personal information acquisition device 50C acquires the user's inspection data as personal information (1125), and transmits the acquired personal information to the history storage server 60 (1130).
  • This personal information includes the user information of the user from whom the inspection data was acquired, the acquisition time of the inspection data of the personal information acquisition device 50C (10:25 on September 1, 2019), and the location information (inspection at Hospital A). Room) is further included.
  • the personal information acquisition device 50C transmits the acquired personal information to the history storage server 60.
  • the history storage server 60 receives the personal information
  • the history storage server 60 encrypts the received personal information and writes (stores) it in the user history data 61 of the user (1130).
  • the position information transmitting device 10C acquires the terminal ID (IDt1) from the approaching user terminal 20 (1135), authenticates the user (1140), and transmits the position information to the position information storage server 40 (1145).
  • This location information includes the transmission time (10:26 on September 1, 2019), the terminal ID (IDt1), and the location (P3).
  • the location information storage server 40 registers the received location information in a new record (record ID “L3”) of the location information table 41 (1150).
  • the user moves from the examination room to the examination room.
  • the personal information acquisition device 50B acquires personal information
  • the user brings the user terminal 20 close to the position information transmission device 10B.
  • the position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1155) and authenticates the user (1160).
  • step 1055B shown in FIG. 10 since the terminal ID (IDt1) is registered in the consented terminal ID table 11B, in the location information transmitting device 10B, the user of the user terminal 20 is a consented user. It is determined that there is, and the position information including the transmission time (10:30 on September 1, 2019), the terminal ID (IDt1) and the position (P2) is transmitted to the position information storage server 40 (1165).
  • the location information storage server 40 registers the received location information in a new record (record ID “L4”) of the location information table 41 (1170).
  • the personal information acquisition device 50B acquires the detailed data of the user as personal information (1175), and transmits the acquired personal information to the history storage server 60 (1180).
  • This personal information includes the user information of the user of the detailed data, the acquisition time of the detailed data of the personal information acquisition device 50B (10:35 on September 1, 2019), and the location information (examination room of Hospital A). Further included.
  • the position information transmitting device 10B acquires the terminal ID (IDt1) from the approaching user terminal 20 (1185), authenticates the user (1190), and transmits the position information to the position information storage server 40 (1195). ..
  • This location information includes the transmission time (10:36 on September 1, 2019), the terminal ID (IDt1), and the location (P2).
  • the location information storage server 40 registers the received location information in a new record (record ID “L5”) of the location information table 41 (1198).
  • the location information transmitting device 10 installed in the facility shares the terminal ID of the user terminal 20 of the user. Therefore, the location information transmission device 10 installed in the facility can perform user authentication inside the location information transmission device 10 without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 can be reduced, and the processing load of the authentication server 30 can also be reduced. Further, the position information transmitting devices 10B and 10C other than the position information transmitting device 10A that received the input of the user information erroneously determine that the user who once consented to the transmission of the position information does not consent to the transmission of the position information. It is possible to prevent this from happening.
  • the authentication server 30 stores a plurality of user terminals (smartphone 20 and IC card 25) used by the same user in association with the user information of the user.
  • the same processing as that shown in FIG. 10 is given the same reference numerals and the description thereof will be omitted.
  • the user terminal (IC card) 25 different from the user terminal (smartphone) 20 when the user gives the consent Is brought closer to the position information transmitting device 10A.
  • the position information transmitting device 10A acquires the terminal ID (IDt2) of the user terminal 25 (1205).
  • the location information transmitting device 10A authenticates the user (1025). Assuming that the terminal ID (IDt2) is not registered in the consented terminal ID table 11A, in this user authentication, the location information transmitting device 10A determines that this user is not a consented user, and the user agrees. Disagreement user notification is performed by outputting a voice message indicating that the user is not a completed user from a speaker (not shown).
  • the user inputs the user information UD1 to the position information transmission device 10A via a keyboard (not shown) connected to the position information transmission device 10A (1210). Since the user shown in FIG. 10 and the user in this example are the same, the user information UD1 input in step 1810 is the same as the user information UD1 input in step 1030 shown in FIG. It is the same.
  • the position information transmitting device 10A has a touch panel type display, the user may accept input of user information via the touch panel type display.
  • the position information transmitting device 10A acquires the terminal ID (IDt2) from the user terminal 25 (1215). Then, the location information transmission device 10A transmits a registration request including the acquired terminal ID (IDt2), the input user information UD1 and the facility ID (IDf1) to the authentication server 30 (1040).
  • the authentication server 30 When the authentication server 30 receives the registration request, it associates the terminal ID t2 included in the received registration request with the user information UD1 and registers it in the agreed user table 31. As a result, the user information UD1 and the terminal ID (IDt1) and the terminal ID (IDt2) are registered in association with each other (see FIG. 12). Since the subsequent processing is the same as steps 1045 to 1065 shown in FIG. 10, the description thereof will be omitted.
  • the personal information acquired when the user terminal 20 is brought close to the user terminal 20 and the personal information acquired when the user terminal 25 is brought close to the user terminal 25 are managed as personal information acquired from the same user. Will be done.
  • the personal information storage server 70 When the personal information storage server 70 receives the user history data 61 from the history storage server 60, the personal information storage server 70 stores the personal information included in the received user history data 61 in the personal information table 71 (1310). More specifically, the personal information storage server 70 adds a new record to the personal information table 71 by the amount of the personal information included in the received user history data 61, and each of the added records has a unique identifier ( Record IDs "I1" and "I2”) are given, and personal information included in the received user history data 61 is registered in the added record.
  • the personal information storage server 70 transmits a completion notification to that effect to the management server 80 (1315).
  • the management server 80 When the management server 80 receives the completion notification, it associates the personal information stored in the personal information table 71 with the location information stored in the location information table 41 (1320). More specifically, the management server 80 refers to the position range table 81 shown in FIG. 9, and its position is in a position range that can be regarded as the same as the place specified by the place information included in the personal information. Select the included location information (candidate location information). Then, the management server 80 sets the location information (immediately preceding location information) that is earlier than the acquisition time (acquisition time) of the personal information and is closest to the acquisition time from the selected location information, and the personal information. The position information (immediately after position information) that is later than the acquisition time and is closest to the acquisition time is acquired.
  • the management server 80 associates the personal information, the immediately preceding position information, and the immediately after position information with each other.
  • the CPU 801 of the management server 80 starts processing from step 1300 and proceeds to step 1405 every time a predetermined time elapses.
  • step 1405 the CPU 801 determines whether or not the completion notification has been received. If the completion notification has not been received, the CPU 801 determines "No" in step 1405, proceeds to step 1495, and temporarily ends this routine.
  • the CPU 801 determines "Yes” in step 1405 and executes the processes of steps 1410 to 1420.
  • Step 1410 The CPU 801 selects personal information to be processed (hereinafter, referred to as “processed personal information”) from personal information for which this routine has not been executed.
  • Step 1415 The CPU 801 is included in a position range that can be regarded as the same as the installation location of the personal information acquisition device 50 that has acquired the personal information to be processed from the location information that is not associated with any personal information. Select the position information indicating the position as the candidate position information.
  • the management server 80 selects a record in which the location information included in the processing target personal information is registered in the location information field 811 of the location range table 81 shown in FIG. Then, the management server 80 selects the position information including the position indicated by the position information in the position range registered in the position range field 812 of the acquired record as the candidate position information.
  • Step 1420 From the candidate position information selected in step 1415, the CPU 801 obtains the position information (that is, the acquisition of the processing target personal information) that is earlier than the acquisition time of the processing target personal information and is closest to the acquisition time.
  • the position information immediately before the time is selected as the immediately preceding position information, and the position information after the acquisition time of the personal information to be processed and closest to the acquisition time (that is, immediately after the acquisition time of the personal information to be processed) is selected.
  • Position information is selected as the position information immediately after.
  • the CPU 801 proceeds to step 1425, and the terminal ID included in the immediately preceding position information (hereinafter, referred to as “immediately preceding terminal ID”) and the terminal ID included in the immediately preceding position information (hereinafter, “immediately after terminal ID”). It is determined whether or not there is a match with (name).
  • the CPU 801 determines "Yes" in step 1425, proceeds to step 1430, and associates the personal information to be processed with the immediately preceding position information and the immediately after position information. Specifically, the CPU 801 registers the record ID of the record of the immediately preceding position information and the record ID of the immediately preceding position information of the position information table 41 in the link ID field 713 of the record of the personal information to be processed in the personal information table 71. Further, the CPU 801 registers the record ID of the personal information to be processed in the personal information table 71 in the link ID field 415 of the record of the immediately preceding position information and the immediately after position information of the position information table 41.
  • step 1435 determines whether or not there is personal information (hereinafter, referred to as "unprocessed personal information") for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes” in step 1435 and executes the process of step 1410 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1435, proceeds to step 1495, and temporarily ends this routine.
  • unprocessed personal information personal information for which this routine has not yet been executed. If there is unprocessed personal information, the CPU 801 determines "Yes" in step 1435 and executes the process of step 1410 again. On the other hand, if there is no unprocessed personal information, the CPU 801 determines "No" in step 1435, proceeds to step 1495, and temporarily ends this routine.
  • step 1440 the CPU 801 determines that the personal information to be processed, the immediately preceding position information, and the immediately after position information cannot be associated with each other, and proceeds to step 1435. More specifically, the CPU 801 cannot associate with the link ID field 713 of the record of the personal information to be processed in the personal information table 71 and the link ID field 415 of the record of the immediately preceding position information and the immediately following position information of the position information table 41. Register the information indicating that.
  • the personal information of the record ID "I1" of the personal information table 71 shown in FIG. 8 and the immediately preceding position information of the personal information Is associated with the position information immediately after the personal information (record ID "L3" in the position information table 41 shown in FIG. 7).
  • the personal information of the record ID "I2" of the personal information table 71 shown in FIG. 8 the immediately preceding position information of the personal information (record ID "L4" of the position information table 41 shown in FIG. 7), and the said Immediately after the personal information, the position information (record ID “L5” in the position information table 41 shown in FIG. 7) is associated with the personal information.
  • the search terminal 90 is connected to the network NW and sends a search request including a search key to the management server 80 (1505).
  • the user of the search terminal 90 inputs a desired search key.
  • an age (50's) which is one of the user information, is input as a search key.
  • the search key includes at least one item included in the user information (name, date of birth, age, telephone number, address, insurer number, etc.). Executed if included.
  • the management server 80 When the management server 80 receives the search request, it transmits a terminal ID identification request including the search key included in the received search request to the authentication server 30 (1510).
  • the authentication server 30 receives the terminal ID identification request, the authentication server 30 refers to the agreed user table 31, and the terminal ID registered in the terminal ID field 311 of the record matching the search key included in the received terminal ID identification request. To get. Then, the authentication server 30 transmits a terminal ID specific response including the acquired terminal ID to the management server 80 (1515).
  • the management server 80 When the management server 80 receives the terminal ID specific response, it transmits a search request including the terminal ID included in the received terminal ID specific response to the location information storage server 40 (1520).
  • the location information storage server 40 When the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and obtains a record ID (link ID) of personal information associated with the location information that matches the terminal ID included in the received search request. get. More specifically, the location information storage server 40 selects a record in which the "terminal ID included in the received search request" is registered in the terminal ID field 412 of the location information table 41, and the link ID field 415 of the selected record. The link ID (record ID of the personal information table 71) registered in is acquired. Then, the location information storage server 40 transmits a search response including the acquired link ID to the management server 80 (1525).
  • a record ID link ID
  • the management server 80 When the management server 80 receives the search response, it transmits a search request including the link ID included in the received search response to the personal information storage server 70 (1530).
  • the personal information storage server 70 When the personal information storage server 70 receives the search request, the personal information storage server 70 refers to the personal information table 71 and acquires the personal information of the record in which the link ID included in the received search request is registered in the record ID field 711. Then, the personal information storage server 70 transmits a search response including the acquired personal information to the management server 80 (1535).
  • the management server 80 When the management server 80 receives the search response, the management server 80 transmits the received search response to the search terminal 90 (1540).
  • the search terminal 90 When the search terminal 90 receives the search response, the search terminal 90 displays the personal information included in the received search response as a search result on a display (not shown).
  • the personal information storage server 70 uses the personal information corresponding to the search key. It is necessary to search the entire personal information in order to find the item of personal information. Therefore, the load of the search process on the personal information storage server 70 becomes large.
  • the personal information storage server 70 is specified by the link ID included in the search request received in step 1530 from the personal information registered in the personal information table 71. All you have to do is to obtain "personal information to be provided". Therefore, since the personal information storage server 70 does not need to search the entire personal information, it is possible to prevent the load of the search process on the personal information storage server 70 from becoming large.
  • a user registered in the agreed user table 31 in which the user information UD1 is associated with the terminal ID (IDt1) and the terminal ID (IDt2) in FIG. A ”) will explain an example of searching for its own personal information.
  • the user A operates the search terminal 90 and inputs the user information UD1 (for example, the name and the date of birth) that can identify the user A.
  • the search terminal 90 receives the input of the user information, the search terminal 90 transmits a search request including the user information as a search key to the management server 80 in step 1505.
  • the management server 80 transmits the terminal ID identification request including the user information to the authentication server 30.
  • the authentication server 30 acquires the terminal ID of the record that matches the search key from the agreed user table 31. In this case, two terminal IDs (IDt1 and IDt2) are registered in the record of the user information UD1 of the user A. Therefore, the authentication server 30 transmits a terminal ID specific response including the two terminal IDs (IDt1 and IDt2) to the management server 80 in step 1515. Since the processing after step 1520 is the same as the processing described above, the description thereof will be omitted.
  • the user concerned No matter which user terminal (20 or 25) A brings the user terminal (20 or 25) close to the location information transmitting device the personal information acquired at that time can be searched as the same user A's personal information.
  • the user terminal 20 may send a search request instead of the search terminal 90.
  • the search terminal 90 transmits a required time search request including location information (hospital A hospital examination room) as a search key to the management server 80 (step 1550).
  • the management server 80 receives the required time search request, the management server 80 refers to the position range table 81 shown in FIG. 9, and the position range (A hospital examination room) corresponding to the location information (A hospital examination room) included in the received required time search request. R3) is acquired (1555). Then, the management server 80 transmits a search request including the acquired position range (R3) to the position information storage server 40 (1560).
  • the position information storage server 40 refers to the position information table 41 and records a record (record ID “L2”, in which the position (P3) included in the position range (R3) included in the search request received in the position field 414 is registered. "L3") is acquired. Then, the location information storage server 40 transmits a search response including the acquired record to the management server 80 (1565).
  • the management server 80 identifies two records (record IDs "L2" and "L3") in which the same link ID is registered in the link ID field 415 in the records included in the search response. Then, the management server 80 calculates the difference between the transmission times of the two records as the required time of the personal information of the link ID (1570). The management server 80 transmits a search response including the calculated required time to the search terminal 90 (1575). The search terminal 90 displays the required time included in the received search response on a display (not shown). When there are a plurality of required times, the search terminal 90 may display the average value of the required times on the display.
  • the consented information includes the facility ID of the facility where the user has consented to the transmission of the location information.
  • the position information transmitting device 10 acquires the consented information from the user terminal 20.
  • the location information transmission device 10 has consented to the transmission of the location information by the user of the user terminal 20. Is determined.
  • the location information transmitting device 10 determines that the user does not consent to the transmission of the location information.
  • the position information transmitting device 10A acquires the terminal ID (IDt1) of the user terminal 20 (1605). Since the consented information is not stored in the user terminal 20 due to the above assumption, in step 1605, the position information transmitting device 10A cannot acquire the consented information from the user terminal 20. Therefore, the location information transmitting device 10A determines in the user authentication that the user of the user terminal 20 is not a consented user (1610).
  • the user agrees to transmit the location information at the hospital A, inputs the user information (UD1) into the user terminal 20 (1030), and brings the user terminal 20 closer to the location information transmitting device 10A again (1035).
  • the location information transmitting device 10A acquires the terminal ID (IDt1) and the user information (UD1) from the user terminal 20 (1035), and transmits the registration request (1040).
  • the authentication server 30 receives the registration request, it updates the agreed user table 31 (1045) and writes "the facility ID (IDf1) included in the received registration request to the user terminal as the agreed information”.
  • “Registration response (write command)" is transmitted to the position information transmission device 10A (1515).
  • the registration response includes the terminal ID (IDt1) included in the registration request received by the authentication server 30 as the terminal ID of the writing destination.
  • the location information transmitting device 10A When the location information transmitting device 10A receives the registration response, it outputs a voice message for bringing the user terminal 20 closer to the user from a speaker (not shown).
  • the position information transmitting device 10A acquires the terminal ID of the user terminal 20, and the acquired terminal ID matches the terminal ID of the writing destination included in the received registration response. Judge whether or not. If these terminal IDs do not match, the location information transmitting device 10A does not write (store) the consented information in the user terminal. In this case, it is considered that the user terminal 20 different from the user terminal 20 into which the user information is input in step 1030 is approaching the position information transmitting device 10. Therefore, it is possible to prevent the consent information from being written to the erroneous user terminal 20 by not writing the consent information when the terminal IDs do not match.
  • the location information transmitting device 10A writes (stores) the agreed information including the facility ID (IDf1) included in the received registration response in the user terminal 20 (1620). Then, the position information transmitting device 10A transmits the position information including the transmission time (10:10 on September 1, 2019), the position (P1), and the terminal ID (IDt1) (1060).
  • the position information transmitting device 10C acquires the terminal ID (IDt1) and the agreed information (1620), and authenticates the user (1620). 1625). Since the facility ID (IDf1) included in the consented information and the facility IDf1 set in the location information transmitting device 10C match, in this user authentication, the location information transmitting device 10C is a user who has consented to the user. Is determined to be. Then, the position information transmitting device 10C transmits the position information including the transmission time (10:20 on September 1, 2019), the position (P3), and the terminal ID (IDt1) to the position information storage server 40 (1115). ..
  • the location information transmitting device 10 can perform user authentication without inquiring to the authentication server 30. As a result, the communication load between the location information transmitting device 10 and the authentication server 30 and the processing load of the authentication server 30 can be reduced. Further, since the position information transmitting device 10 does not need to have the agreed terminal ID table 11, it is not necessary to provide a large-capacity storage medium. Therefore, the cost of the position information transmitting device 10 can be reduced.
  • the agreed information does not have to include the facility ID.
  • the location information transmitting device 10 can acquire the consented information from the user terminal 20 by the user authentication, it determines that the user is a consented user and has consented from the user terminal 20. If the information cannot be obtained, it is determined that the user is not a consented user.
  • the consented information stored in the user terminal 20 is deleted at a predetermined timing. It is desirable that the consented information stored in the user terminal 20 be deleted at the timing when the user leaves the facility where he / she has consented to the transmission of the location information.
  • the timing at which the user leaves the facility that has agreed to transmit the location information is one of the determination timings 1 and 2.
  • Timing 1 Timing when the position acquired by the user terminal 20 based on the GPS positioning signal is determined to be a predetermined distance away from the position of the facility
  • Timing 2 The user who has completed the accounting at the facility positions the user terminal 20 Timing of approaching the information transmission device 10A
  • the user brings the user terminal 20 closer to the location information transmission device 10A after the deletion button (not shown) of the location information transmission device 10A is operated by the clerk of the hospital A who performed the accounting.
  • the position information transmitting device 10A deletes the consented information stored in the approaching user terminal 20.
  • the predetermined timing may be a timing when a predetermined time has elapsed since the consented information was written.
  • another user terminal 20 approaches the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach. There is a possibility that it will end up. In this case, since the immediately preceding terminal ID and the immediately preceding terminal ID are different, it is determined as "No" in step 1425 shown in FIG. Therefore, even when the same user terminal 20 as the first time approaches another user terminal 20, the personal information, the immediately preceding position information, and the immediately after position information cannot be associated with each other.
  • step 1705 the CPU 801 selects the position information immediately after the immediately following position information (position information immediately after the next point) from the candidate position information selected in step 1415 shown in FIG. 14, and proceeds to step 1710.
  • T2-T1) is acquired, and it is determined whether or not the acquired time difference ⁇ T is equal to or less than the threshold difference Tth.
  • the CPU 801 determines “Yes” in step 1710 shown in FIG. 17, proceeds to step 1715, and proceeds to the immediately preceding terminal ID and the terminal ID of the position information immediately after the next point (next). It is determined whether or not the terminal ID) immediately after the point matches.
  • the CPU 801 determines "Yes" in step 1715 and proceeds to step 1430 shown in FIG. As a result, the personal information to be processed, the immediately preceding position information, and the immediately after runner-up position information are associated with each other.
  • the CPU 801 determines "No" in step 1715 shown in FIG. 17, returns to step 1705, and immediately after the current runner-up immediately after position information.
  • the position information of is selected as the position information immediately after the new runner-up.
  • step 1710 determines “No” in step 1710 and proceeds to step 1720.
  • step 1720 the CPU 801 selects the position information immediately before the previous position information (the position information immediately before the next point) from the candidate position information selected in step 1415 shown in FIG. 14, and is shown in FIG. Proceed to step 1725.
  • the CPU 801 determines “Yes” in step 1725 shown in FIG. 17, proceeds to step 1730, and proceeds to step 1730, where the terminal ID of the position information immediately before the next point (terminal immediately before the next point) It is determined whether or not the ID) and the immediately after terminal ID match.
  • the CPU 801 determines "Yes” in step 1730 and proceeds to step 1430 shown in FIG. As a result, the personal information to be processed, the position information immediately before the runner-up, and the position information immediately after the runner are associated with each other.
  • the CPU 801 determines "No" in step 1730 shown in FIG.
  • the position information of is selected as the position information immediately before the new runner-up.
  • the CPU 801 determines “No” in step 1725 and proceeds to step 1445 shown in FIG. As a result, the personal information to be processed is not related to any location information.
  • step 1425 shown in FIG. 14 when "No" is determined in step 1425 shown in FIG. 14, the position information immediately after the next point is selected first from the position information immediately before the next point and the position information immediately after the next point. However, the position information immediately before the runner-up may be selected first. More specifically, if "No" is determined in step 1425 shown in FIG. 14, the CPU 801 executes the processes of steps 1720 to 1730. If the CPU 801 determines "No" in step 1725, the CPU 801 proceeds to step 1705. If the CPU 801 determines "No" in step 1710, the CPU 801 proceeds to step 1445 shown in FIG.
  • the CPU 101 of the position information transmitting device 10 starts processing from step 1800 and proceeds to step 1805 every time a predetermined time elapses.
  • the CPU 101 determines whether or not the terminal ID of the user terminal 20 has been acquired.
  • step 1805 the CPU 101 determines "No" in step 1805, proceeds to step 1895, and temporarily ends this routine.
  • step 1805 the CPU 101 determines "Yes” in step 1805 and proceeds to step 1810.
  • step 1810 the CPU 101 determines whether or not the acquired terminal ID is registered in the agreed terminal ID table 11.
  • the CPU 101 determines "Yes” in step 1810 (that is, determines that the user is a consented user), and proceeds to step 1815. .. In step 1815, the CPU 101 stores the previous terminal ID, which is the terminal ID of the user terminal 20, which is stored when the position information is transmitted due to the user terminal 20 approaching for the first time. Judge whether or not.
  • step 1805 the approach of the user terminal 20 that triggered the position information transmitting device 10 to acquire the terminal ID in step 1805 is considered to be the first approach.
  • the CPU 101 determines “Yes” in step 1815 and proceeds to step 1820.
  • step 1820 the CPU 101 stores the terminal ID acquired in step 1805 (hereinafter, referred to as “this time terminal ID”) as the previous terminal ID, and proceeds to step 1825 to transmit the position information. After that, the CPU 101 proceeds to step 1895 and temporarily ends this routine.
  • step 1815 determines "No" in step 1815 and proceeds to step 1830.
  • step 1830 the CPU 101 determines whether or not the current terminal ID acquired in step 1805 this time matches the previous terminal ID.
  • step 1830 the CPU 101 determines "Yes” in step 1830 and proceeds to step 1835.
  • step 1835 the CPU 101 deletes the previous terminal ID and the current terminal ID, and proceeds to step 1825 to transmit the position information.
  • step 1830 determines "No" in step 1830, executes the processes of steps 1838 and 1840, proceeds to step 1895, and temporarily ends this routine. To do.
  • Step 1838 The CPU 101 deletes the terminal ID this time.
  • Step 1840 The CPU 101 notifies the abnormality. In this abnormality notification, for example, the CPU 101 outputs a voice message indicating that a user terminal 20 different from the previous user terminal 20 has approached from a speaker (not shown).
  • step 1810 determines "No" in step 1810 (determines that the user is not the agreed user). Proceed to step 1845. In step 1845, the CPU 101 notifies the non-consent user and proceeds to step 1850.
  • step 1850 the CPU 101 determines whether or not the user information has been input. Specifically, when the CPU 101 acquires the user information together with the terminal ID, it determines that the user information has been input.
  • step 1850 If the user information is not input in step 1850, the CPU 101 determines "No" in step 1850, proceeds to step 1895, and temporarily ends this routine.
  • step 1850 when the user information is input in step 1850, the CPU 101 determines "Yes" in step 1850, proceeds to step 1855, and transmits a terminal ID and user information registration request to the authentication server 30. .. After that, the CPU 101 proceeds to step 1895 to temporarily end this routine.
  • the position information transmitting device 10 does not transmit the position information unless the acquired terminal ID this time and the immediately preceding acquired terminal ID match. As a result, even if another user terminal is brought close to the position information transmitting device 10 between the first approach of the user terminal 20 to the position information transmitting device 10 and the second approach, the position information Is not sent. As a result, the personal information, the immediately preceding position information, and the immediately after position information of the same user can be more accurately associated with each other.
  • the management system according to the above embodiment employs a method (double approach method) in which the user approaches the user terminal 20 immediately before the acquisition of personal information and immediately after the acquisition of the personal information.
  • the management system according to this modification employs a method in which the user approaches the user terminal 20 only after the user acquires personal information (one-time immediate approach method).
  • the CPU 801 of the management server 80 of this modification starts processing from step 1900 every time a predetermined time elapses, and proceeds to step 1405 shown in FIG.
  • the CPU 801 determines "No" in this step 1405, proceeds to step 1995, and temporarily ends this routine.
  • step 1405 shown in FIG. 19 the processes of steps 1410 and 1415 shown in FIG. 19 are executed, and the processes of steps 1905 and 1910 are executed.
  • Step 1905 The CPU 801 selects the position information immediately after.
  • Step 1910 The CPU 801 associates the processing target personal information with the immediately after position information. After executing the process of step 1910, the CPU 801 proceeds to step 1435.
  • the CPU 801 determines that the immediately after position information associated with the processing target personal information does not exist. Further, the CPU 801 may determine that the immediately after position information associated with the processing target personal information does not exist when the difference between the acquisition time of the immediately after position information and the acquisition time of the processing target personal information is larger than the threshold value.
  • the management system of this modified example may adopt a method (one-time immediately preceding approach method) in which the user approaches the user terminal 20 only before the user acquires personal information, instead of the one-time immediate approach method. ..
  • the CPU 801 may acquire the immediately preceding position information instead of the immediately following position information, and may use the immediately preceding position information instead of the immediately after position information.
  • a management system in which a position information transmitting device 10 adopting a one-time approaching method, a position information transmitting device 10 adopting a one-time approaching method, and a position information transmitting device 10 adopting a two-time approaching method coexist is also considered. Be done.
  • a method identifier which is a unique identifier of the approach method adopted by the position information transmission device 10 among the approach methods, is set in advance in the position information transmission device 10, and the position information transmission device 10 is used.
  • the position information including the method identifier is transmitted to the position information storage server 40.
  • the process branches into three based on the method identifier included in the candidate position information selected in step 1415.
  • the CPU 801 proceeds to the process after step 1420.
  • the CPU 801 proceeds to the process after step 1905 shown in FIG.
  • the CPU 801 proceeds to the process after step 1905 shown in FIG. 19 and uses the immediately preceding position information instead of the immediately preceding position information.
  • the position information transmission device 10 further includes type identification information capable of specifying a type ID indicating an identifier of the type of personal information acquired by the personal information acquisition device 50 installed at a location corresponding to itself. Information is transmitted to the location information storage server 40. As a result, the location information and the type ID are associated and managed. As a result, when the search key includes the type ID of the personal information, the management server 80 refers to the location information table 41 without referring to the personal information stored in the personal information table 71 as being encrypted. Only by itself, the personal information of the type ID included in the search key can be specified.
  • the location information storage server 40 further has a type table 42.
  • the type table 42 includes a chip ID field 421 and a type ID field 422.
  • the chip ID of the position information transmitting device 10 is registered in the chip ID field 421, and the type ID is registered in the type ID field 422.
  • the position information table 41 includes the chip ID field 2101 and the type ID field 2102 in addition to the above fields 411 to 415.
  • the chip ID is registered in the chip ID field 2101, and the type ID is registered in the type ID field 2102.
  • the position information transmitting device 10 transmits the position information including the chip ID as the type identification information to the position information storage server 40.
  • the location information storage server 40 receives the location information, the location information storage server 40 refers to the type table and acquires the type ID corresponding to the chip ID included in the location information. Then, the position information storage server 40 registers the chip ID included in the received position information in the chip ID field 2101 of the position information table, and registers the type ID corresponding to the chip ID in the type ID field 2102.
  • step 1505 the search terminal 90 transmits a search request including the age and the type ID as the search key to the management server 80.
  • the management server 80 searches including "the terminal ID of the user terminal 20 used by the user matching the age, which is one of the search keys," and "the type ID, which is one of the search keys.”
  • the request is transmitted to the location information storage server 40.
  • the location information storage server 40 receives the search request, the location information storage server 40 refers to the location information table 41 and acquires a link ID of a record that matches the terminal ID included in the received search request and that matches the type ID.
  • the location information storage server 40 transmits a search response including the acquired link ID to the management server 80. Since the subsequent processing is the same as that in FIG. 15, the description thereof will be omitted.
  • the position information matching the type ID which is the search key is specified by referring to the position information table 41, and the position information is specified from the personal information table 71. Acquire personal information associated with location information. This makes it possible to search for personal information that matches the search key without decrypting the encrypted personal information.
  • the chip ID has been described as an example of the type identification information, but the type identification information is information that can identify the position information transmitting device 10 (for example, the Mac address and the IP address of the position information transmitting device 10). May be good. Further, if the type ID of the personal information acquired by the personal information acquisition device 50 installed at the location corresponding to the position information transmission device 10 is set in advance, the type ID can be used as the type identification information. Good. In this case, the location information storage server 40 does not have to have the type table 42 shown in FIG. Further, the position information table 41 shown in FIG. 21 does not have to include the chip ID field 2101.
  • this management system has been applied to hospitals in the above embodiment, it can be applied in various situations.
  • this management system can also be applied to home-visit nursing services and retail stores.
  • the home-visit nursing service is a service in which a nurse visits a user's home and performs various treatments on the user.
  • a location information transmitting device 10 is installed at the user's home.
  • the personal information acquisition device 50 is a notebook computer, a smartphone, or the like carried by a nurse who visits the user's home.
  • the location information transmitting device 10 may be brought to the user's home each time the nurse visits the user's home.
  • the nurse who visited the user's home will carry out various treatments (body temperature measurement, blood pressure measurement, bedsore assistance, etc.) to the user according to the home-visit nursing plan planned in advance.
  • the user brings the user terminal 20 closer to the position information transmitting device 10 before and after the implementation of one treatment.
  • the nurse performs one procedure after the user first brings the user terminal 20 closer to the position information transmitting device 10.
  • the nurse After performing one treatment, the nurse inputs the execution time of the treatment into the personal information acquisition device 50D, so that the personal information acquisition device 50 acquires the detailed data of the user as personal information.
  • This personal information includes the acquisition time of the personal information, the actual personal information, and the place information.
  • This location information is information that can identify the home (service user's home) of the home-visit nursing service user. For example, personal information is specified by a service user identifier (service user ID) or the like on which the treatment is performed.
  • service user ID service user identifier
  • the user ID is registered in the location information field 811 of the position range table 81 of the management server 80, and the range of the position of the service user's house is registered in the position range field 812.
  • the personal information acquisition device 50 When the nurse finishes the home-visit nursing service and arrives at the business establishment, the personal information acquisition device 50 is connected to the history storage server 60, and the personal information is transmitted to the history storage server 60. Since the process of associating the location information with the personal information by the management server 80 is the same as the routine shown in FIG. 10, the description thereof will be omitted.
  • the personal information acquisition device 50 is a register installed in the retail store.
  • the position information transmitting device 10 is installed near this register. The user brings the user terminal 20 closer to the position information transmitting device 10 before and after the settlement of the charge.
  • the personal information in this case is the purchase history of the user acquired by the personal information acquisition device 50 which is a register.
  • the present invention is not limited to the above embodiment, and various modifications of the present invention can be adopted.
  • the location information transmitting device 10 may inquire to the authentication server 30 whether or not the user of the approaching user terminal 20 has consented to the transmission of the location information. In this case, the location information transmitting device 10 transmits a user authentication request including the terminal ID of the approaching user terminal 20 and its own facility ID to the authentication server 30. When the terminal ID and the facility ID included in the user authentication request are recorded in the same record in the consented user table 31, the authentication server 30 indicates that the user has consented to the transmission of the location information. The user authentication success response is transmitted to the location information transmitting device 10.
  • the authentication server 30 indicates that the user does not consent to the transmission of the location information.
  • the user authentication failure response is transmitted to the location information transmitting device 10.
  • the user identifier may be used instead of the terminal ID.
  • the process of associating personal information with location information may be executed by a computer other than the management server 80.
  • a computer other than the management server 80 any one of the authentication server 30, the location information storage server 40, and the personal information storage server 70 may execute the process.
  • Device authentication and user information registration are performed by the authentication server 30, but may be performed by different computers.
  • the position information transmitting device 10 acquires the position information from the GPS satellite or the IMES transmitter, but is not limited to this, and may acquire its own position information by using other means.
  • 10A to 10C ... location information transmission device, 20 ... user terminal, 30 ... authentication server, 40 ... location information storage server, 50B and 50C ... personal information acquisition device, 60 ... history storage server, 70 ... personal information storage server, 80 ... Management server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Tourism & Hospitality (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Primary Health Care (AREA)
  • Marketing (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Selon la présente invention, un dispositif d'authentification stocke, en association, un identifiant de terminal qui est l'identifiant d'un terminal utilisateur porté par un utilisateur qui a accepté la transmission d'informations de position et d'informations d'utilisateur par lesquelles l'utilisateur du terminal utilisateur peut être identifié. Lorsque l'utilisateur a accepté la transmission des informations de position, un dispositif de transmission d'informations de position transmet les informations de position à un dispositif de stockage, l'identifiant de terminal étant compris dans les informations de position. Lorsque l'utilisateur n'a pas accepté la transmission des informations de position, le dispositif de transmission d'informations de position transmet, à un dispositif d'authentification, une demande d'enregistrement qui comprend l'identifiant de terminal et des informations d'utilisateur acceptées. Le dispositif d'authentification, lors de la réception de la demande d'enregistrement, stocke l'identifiant de terminal associé à des informations d'utilisateur déjà stockées, l'identifiant de terminal compris dans la demande d'enregistrement reçue, et les informations d'utilisateur en association lorsque les informations d'utilisateur comprises dans la demande d'enregistrement reçue correspondent aux informations d'utilisateur déjà stockées.
PCT/JP2020/034285 2019-10-01 2020-09-10 Système de gestion WO2021065412A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2021550534A JPWO2021065412A1 (fr) 2019-10-01 2020-09-10

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019181677 2019-10-01
JP2019-181677 2019-10-01

Publications (1)

Publication Number Publication Date
WO2021065412A1 true WO2021065412A1 (fr) 2021-04-08

Family

ID=75337232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/034285 WO2021065412A1 (fr) 2019-10-01 2020-09-10 Système de gestion

Country Status (2)

Country Link
JP (1) JPWO2021065412A1 (fr)
WO (1) WO2021065412A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013054485A1 (fr) * 2011-10-11 2013-04-18 オリンパスメディカルシステムズ株式会社 Système de gestion d'informations médicales et dispositif de gestion
JP2015524956A (ja) * 2012-05-30 2015-08-27 コヴィディエン リミテッド パートナーシップ 透過的医療を提供するシステムおよび方法
JP2017538222A (ja) * 2014-12-04 2017-12-21 カタリナ マーケティング コーポレーション 購入取引に関与したユーザのモバイル機器を識別するシステム及び方法
JP2019185282A (ja) * 2018-04-06 2019-10-24 佐鳥電機株式会社 管理システム及び管理方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013054485A1 (fr) * 2011-10-11 2013-04-18 オリンパスメディカルシステムズ株式会社 Système de gestion d'informations médicales et dispositif de gestion
JP2015524956A (ja) * 2012-05-30 2015-08-27 コヴィディエン リミテッド パートナーシップ 透過的医療を提供するシステムおよび方法
JP2017538222A (ja) * 2014-12-04 2017-12-21 カタリナ マーケティング コーポレーション 購入取引に関与したユーザのモバイル機器を識別するシステム及び方法
JP2019185282A (ja) * 2018-04-06 2019-10-24 佐鳥電機株式会社 管理システム及び管理方法

Also Published As

Publication number Publication date
JPWO2021065412A1 (fr) 2021-04-08

Similar Documents

Publication Publication Date Title
US10789555B2 (en) Mobile device-based system for automated, real time health record exchange
US11106818B2 (en) Patient identification systems and methods
US9692769B2 (en) Method and system for data communication over network
US20100011212A1 (en) Radio frequency identification (rfid) based authentication methodology using standard and private frequency rfid tags
US10129030B2 (en) Information delivery system, information delivery method, short-range communication device, information delivery apparatus, and server
US10277592B2 (en) Apparatus management system, information terminal, apparatus management apparatus, and apparatus management method
US10148658B2 (en) Information processing apparatus and method, and program
US20170270511A1 (en) System and method for management of payee information
US9331964B2 (en) System, method, and apparatus for using a virtual bucket to transfer electronic data
JP2013191001A (ja) 操作管理システムならびに制御システムおよびその動作制御方法
US8375057B2 (en) Database system, server device, terminal device, and data presentation method
JP7057969B2 (ja) 管理システム及び管理方法
US20090015374A1 (en) User authentication system and method
US8885827B2 (en) System and method for enabling a host device to securely connect to a peripheral device
AU2014234005A1 (en) A method and system for transferring data
WO2021065412A1 (fr) Système de gestion
WO2021065410A1 (fr) Système et procédé de gestion
WO2021065411A1 (fr) Système de gestion, dispositif de gestion et procédé de gestion
US11521250B2 (en) Method and apparatus for providing digital product using user account synchronization
JP2006244381A (ja) 電子商取引システム、電子商取引サーバ、及び電子商取引管理プログラム
US20140379569A1 (en) Method and apparatus for combining different kinds of wallets on a mobile device
KR20120115438A (ko) 건강 기록 교환 방법 및 그를 위한 메타데이터 저장 시스템
WO2015051449A1 (fr) Procédé d'envoi automatique d'un signal indiquant une position dans une file d'attente
EP3690694A1 (fr) Système et procédé de liaison d'informations
JPH11345263A (ja) 個人情報を扱う情報処理システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20872555

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021550534

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20872555

Country of ref document: EP

Kind code of ref document: A1