JP2009111974A - HEALTHCARE SYSTEM, KEY MANAGEMENT SERVER AND METHOD THEREOF, ENCRYPTION DEVICE AND METHOD THEREOF - Google Patents

Abstract

A health care system capable of reducing the amount of encryption processing regardless of the number of services used by a user is provided.
A key management server 16 constituting a healthcare system 1 transmits a decryption key, and a decryption key generation unit 162 that generates a decryption key corresponding to the encryption key from first identification information for identifying a measuring device. Is received from the service providing servers 17a to 17c together with the first identification information, the second identification information, and the third identification information, the received third identification information and the fourth identification information stored in the storage unit match and are received. A control unit that transmits a decryption key to the service providing servers 17a to 17c when the second identification information matches the fifth identification information stored in the storage unit, and the service providing servers 17a to 17c receive The encrypted biometric data is decrypted using the decrypted key.
[Selection] Figure 16

Description

  The present invention receives health information such as weight and blood pressure of a measured user via a network, and provides health care service for returning health advice and the like to the user based on the health information. The present invention relates to a health care system that can protect sex.

  In recent years, interest in health has increased, and various measuring instruments that can easily measure health information such as weight, blood pressure, and body composition at home are sold and spread. Furthermore, health care services that perform health management or feed back health advice on behalf of the user have also appeared (for example, see Non-Patent Document 1).

  In such a health care service, various measuring devices transmit various measured health information to a PC (Personal Computer), a dedicated terminal, or the like via wireless communication. And PC, a dedicated terminal, etc. perform centralized management of various health information by accumulating the transmitted various health information. Furthermore, PCs, dedicated terminals, etc. periodically send various health information to the server via the network. The server provides a health care service that performs health management and feeds back health advice on behalf of the user.

  On the other hand, the user's health information is personal information private to the user. Therefore, as described above, when the user's health information is transmitted via wireless communication or the Internet, it is necessary to take measures against eavesdropping and information leakage by a third party.

As a means for protecting user health information transmitted on a communication path, data encryption is generally used. In a system in which data measured by each measuring device is once aggregated to a PC, dedicated terminal, etc., and then sent to the server via the network, the measuring device is in a state where the key is shared between the measuring device and the server. Uses the key to encrypt the measured health information. The health information is transmitted to the server via a PC or a dedicated terminal in an encrypted state. The health information is decrypted by the server using the shared key. Since the health information is not decrypted and becomes plaintext in the middle of transmission (for example, a PC or a dedicated terminal), there is no possibility that the health information is exposed due to eavesdropping, information leakage, or the like.
“TANITA Launches Healthcare Service“ Monitoring Your Health ”Using Network”, [online], March 8, 2007, [October 11, 2007 Search], Internet <URL: http: //ascii24.com/news/i/serv/article/2007/03/08/667789-000.html>

  However, the prior art has a problem that the cryptographic processing load on the measuring device side increases when the user uses a plurality of healthcare services. For example, it is assumed that the user uses three health services and needs to transmit the blood pressure information of the user to three servers. At this time, the sphygmomanometer needs to encrypt the measured blood pressure data using a server key for each server. That is, the sphygmomanometer requires three encryption processes for one blood pressure measurement. That is, if the user uses N services that require transmission of blood pressure information, the blood pressure monitor requires N encryption processes.

  As described above, it is a problem that the processing amount of the measuring device increases as the number of services to be used increases. In general, since the measuring device is a portable device driven by a battery, the processing amount of the measuring device needs to be reduced as much as possible in order to extend the life of the battery as much as possible. Therefore, it is required to reduce the number of encryption processes with a large processing amount as much as possible. That is, an increase in the number of encryption processes due to an increase in the number of services to be used is considered to be unacceptable in implementation.

  The present invention solves the above-described problems, and an object of the present invention is to provide a health care system or the like that can reduce the amount of encryption processing regardless of the number of services used by a user.

  In order to solve the conventional problems, a health care system according to the present invention acquires a measurement device that measures and encrypts biometric data, and encrypted biometric data obtained by encrypting the biometric data from the measurement device. A health care system including a server that provides a health-related service and a key management server that provides a decryption key for decrypting the encrypted biometric data to the server, wherein the measurement device measures the biometric data A first storage unit that stores first identification information for identifying the measuring device, a first key generation unit that generates a predetermined encryption key from the first identification information, and the predetermined encryption key. An encryption unit for encrypting the biometric data to generate encrypted biometric data, the first identification information, the second identification information for identifying the type of the biometric data, and the encrypted biometric data; A first communication unit that transmits data to a server, wherein the server receives the first identification information received from the measuring device, the second identification information for identifying the type of the biometric data, and the encrypted biometric data. A second storage unit for storing; a third storage unit storing third identification information for identifying the server; and a request for transmitting a predetermined decryption key corresponding to the predetermined encryption key to the server. A second communication unit that transmits to the key management server together with the first identification information, the second identification information, and the third identification information, and the key management server receives the predetermined information from the first identification information. A second key generation unit that generates a predetermined decryption key corresponding to the encryption key; fourth identification information that identifies a server that is a transmission target of the predetermined decryption key; and the server corresponding to the fourth identification information Fifth knowledge indicating the type of biometric data to be managed A fourth storage unit storing information and a request to transmit the predetermined decryption key to the server together with the first identification information, the second identification information, and the third identification information from the server Then, the received third identification information and the stored fourth identification information match, and the received second identification information and the fifth identification information stored corresponding to the fourth identification information, And a controller that transmits the predetermined decryption key to the server, the server decrypts the encrypted biometric data using the predetermined decryption key.

  This eliminates the need for the process of encrypting biometric data using a plurality of encryption keys that differ for each type of server for which the measuring device provides services, so the amount of encryption processing does not depend on the number of services used by the user. Can be reduced.

  According to the health care system of the present invention, the process of encrypting biometric data using a plurality of encryption keys that differ for each type of server that provides the service is unnecessary, so regardless of the number of services used by the user, It is possible to reduce the amount of encryption processing.

  In order to solve the conventional problem, a health care system according to an embodiment of the first invention includes a measuring device that measures and encrypts biometric data, and encrypts the biometric data. A health care system comprising: a server that obtains encrypted encrypted biometric data from the measuring device and provides a health-related service; and a key management server that provides the server with a decryption key for decrypting the encrypted biometric data. The measurement device generates a predetermined encryption key from the measurement unit that measures the biological data, the first storage unit that stores the first identification information for identifying the measurement device, and the first identification information. A first key generation unit, an encryption unit that encrypts the biometric data using the predetermined encryption key to generate encrypted biometric data, the first identification information, and the type of the biometric data are identified A first communication unit that transmits the second identification information and the encrypted biometric data to the server, and the server identifies the first identification information received from the measuring device and the type of the biometric data. A second storage unit storing second identification information and the encrypted biometric data; a third storage unit storing third identification information for identifying the server; and a predetermined decryption corresponding to the predetermined encryption key A second communication unit that transmits a request for transmitting a key to the server together with the first identification information, the second identification information, and the third identification information to the key management server, and the key management server Includes a second key generation unit that generates a predetermined decryption key corresponding to the predetermined encryption key from the first identification information, fourth identification information that identifies a server that is a transmission target of the predetermined decryption key, and Corresponding to the fourth identification information A fourth storage unit storing fifth identification information indicating the type of biometric data managed by the server, and a request for transmitting the predetermined decryption key to the server. When the second identification information and the third identification information are received from the server, the received third identification information matches the stored fourth identification information, and the received second identification information and the fourth identification A control unit that transmits the predetermined decryption key to the server when the fifth identification information stored corresponding to the information matches, the server using the predetermined decryption key The encrypted biometric data is decrypted.

  According to this aspect, the key management server generates a decryption key for decrypting the encrypted biometric data stored in the server, and the key management server determines the server to which the generated decryption key is transmitted. When the measurement device encrypts the measured biometric data using a predetermined encryption key, it is used when encrypting the biometric data depending on which service the server that is the transmission destination provides. There is no need to change the type of encryption key. That is, if the measuring device encrypts and transmits using a common encryption key regardless of which server is the destination, the key management server determines the server that transmits the decryption key. Only the server selected by can acquire the decryption key and decrypt the encrypted biometric data. As a result, the healthcare system can eliminate the load of encrypting biometric data using a plurality of different encryption keys for each type of server providing the service on the measurement device side.

  The key management server also includes fourth identification information for identifying a server to which the predetermined decryption key is to be transmitted, and fifth identification indicating the type of biometric data managed by the server corresponding to the fourth identification information. A fourth storage unit for storing information; The key management server sends a request for transmitting the predetermined decryption key to the server, first identification information for identifying the measuring device, second identification information for identifying the type of the biometric data, and the server And the received third identification information coincides with the stored fourth identification information, and the received second identification information and the stored fifth identification information, If the two match, the predetermined decryption key is transmitted to the server. Thus, the key management server only needs to store a table indicating the correspondence relationship between the fourth identification information and the fifth identification information in the fourth storage unit, so the number of tables held by the key management server can be reduced. Can be reduced.

  The health care system according to the embodiment of the second invention includes a measuring device that measures and encrypts biometric data, and obtains encrypted biometric data obtained by encrypting the biometric data from the measuring device and provides a health-related service. A health care system including a server to provide and a key management server for providing the server with a decryption key for decrypting the encrypted biometric data, wherein the measuring device measures the biometric data, A first storage unit that stores first identification information for identifying a measuring device, a first key generation unit that generates a predetermined encryption key from the first identification information, and the living body using the predetermined encryption key An encryption unit that encrypts data to generate encrypted biometric data; and a first communication unit that transmits the first identification information and the encrypted biometric data to the server. Corresponding to a second storage unit that stores first identification information and encrypted biometric data received from the device, a third storage unit that stores second identification information for identifying the server, and the predetermined encryption key A second communication unit for transmitting a request for transmitting a predetermined decryption key to the server together with the first identification information and the second identification information to the key management server, wherein the key management server Corresponding to the first identification information for identifying the measuring device, a fourth storage unit storing the type of biometric data measured by the measuring device, and the server corresponding to the second identifying information for identifying the server A fifth storage unit that stores the type of biometric data to be managed; a second key generation unit that generates a predetermined decryption key corresponding to the predetermined encryption key from the first identification information; and the predetermined decryption key A request to send to the server When received from the server together with the first identification information and the second identification information, the type of biometric data corresponding to the received first identification information stored in the fourth storage unit, and the fifth storage unit A stored control unit that transmits the predetermined decryption key to the server when the type of biometric data corresponding to the received second identification information matches, the server includes the server The encrypted biometric data is decrypted using a predetermined decryption key.

  According to this aspect, the key management server generates a decryption key for decrypting the encrypted biometric data stored in the server, and the key management server determines the server to which the generated decryption key is transmitted. When the measurement device encrypts the measured biometric data using a predetermined encryption key, it is used when encrypting the biometric data depending on which service the server that is the transmission destination provides. There is no need to change the type of encryption key. That is, if the measuring device encrypts and transmits using a common encryption key regardless of which server is the destination, the key management server determines the server that transmits the decryption key. Only the server selected by can acquire the decryption key and decrypt the encrypted biometric data. As a result, the healthcare system can eliminate the load of encrypting biometric data using a plurality of different encryption keys for each type of server providing the service on the measurement device side.

  In addition, the key management server corresponds to first identification information for identifying the measurement device, a fourth storage unit that stores the type of biometric data measured by the measurement device, and second identification information for identifying the server And a fifth storage unit for storing the type of biometric data managed by the server. When the key management server receives a request for transmitting the predetermined decryption key to the server together with the first identification information and the second identification information, the key management server responds to the received first identification information. When the type of biometric data to be matched matches the type of biometric data corresponding to the received second identification information, the predetermined decryption key is transmitted to the server. As a result, the key management server can reduce the data types received from the server to the two types of the first identification information and the second identification information, so that the amount of determination processing can be reduced accordingly.

  In the health care system according to the first and second aspects of the invention, the measuring device can be connected to a predetermined encryption device, and the predetermined encryption device is predetermined from the first identification information. The first key generation unit for generating the encryption key, the encryption unit for generating the encrypted biometric data by encrypting the biometric data using the predetermined encryption key, and the encrypted biometric data to the server The first communication unit to transmit may be included.

  According to this aspect, by providing the encryption device connected to the measurement device with the first key generation unit and the encryption unit, the measurement device itself has a configuration unnecessary for the original function of the measurement device. Generation of a predetermined encryption key, generation of encrypted biometric data using the predetermined encryption key, and transmission of the encrypted biometric data in an encryption device connected to the measurement device Since it can be realized, it is possible to receive a service related to health while simplifying the structure of the measuring device.

  Further, in the health care system according to the embodiments of the first and second inventions, the predetermined encryption device may be a memory card attached to the measuring device.

  According to this aspect, the encryption device may be a memory card attached to the measuring device.

  In the health care system according to the first and second aspects of the invention, the measuring device further includes a first master key holding unit that holds a master key, and the first key generation unit includes the first key generation unit. The predetermined encryption key is generated from one identification information and the master key, and the key management server further includes a second master key holding unit that holds the same master key as the master key, and the second key The generation unit may generate a predetermined decryption key corresponding to the predetermined encryption key from the first identification information and the master key.

  According to this aspect, the measurement device and the key management server generate the predetermined encryption key and a decryption key corresponding to the predetermined encryption key from a common master key, so that the measurement device transmits the measurement to the server. If the first identification information for identifying the device is passed, and the server passes the first identification information to the key management server, the key management server does not put the master key itself on the communication path, and the key management server A decryption key corresponding to can be generated. Therefore, the healthcare system can ensure the confidentiality of the decryption key.

  In the health care system according to the first and second aspects of the invention, the measuring device can be connected to a predetermined encryption device, and the predetermined encryption device is predetermined from the first identification information. The first key generation unit for generating the encryption key; the encryption unit for generating the encrypted biometric data by encrypting the biometric data using the predetermined encryption key; and the first master having a master key A key holding unit; and the first communication unit that transmits the encrypted biometric data to the server. The first key generation unit is configured to determine the predetermined encryption key from the first identification information and the master key. May be generated.

  According to this aspect, by providing the predetermined encryption device connected to the measurement device with the first key generation unit, the encryption unit, and the master key holding unit, the measurement device itself has the measurement device. Generation of a predetermined encryption key and generation of encrypted biometric data using the predetermined encryption key in a predetermined encryption device connected to the measurement device without significantly adding a configuration unnecessary for the original function Since the transmission of the encrypted biometric data can be realized, the service of health can be provided while simplifying the structure of the measuring device.

  Further, in the health care system according to the embodiments of the first and second inventions, the predetermined encryption device may be a memory card attached to the measuring device.

  According to this aspect, the encryption device may be a memory card attached to the measuring device.

  In the health care system according to the embodiment of the third invention, the first key generation unit of the measuring device generates the predetermined encryption key as a public key using first identification information for identifying the measuring device. The key management server further includes a master information holding unit that holds master information for generating the predetermined decryption key, and the second key generation unit includes the received first identification information and the held The predetermined decryption key is generated as a secret key corresponding to the public key using the master information.

  According to this aspect, the measuring device generates the predetermined encryption key as a public key using the first identification information for identifying the measuring device, and encrypts the biometric data using the generated public key. Therefore, there is no need to store a master key on the measuring device side. Therefore, the health care system of this aspect can prevent the secrecy of the biometric data from being impaired by analyzing the measuring device itself and leaking the master key to the outside.

  Further, since the measurement device generates the predetermined encryption key as a public key using the first identification information for identifying the measurement device, the key management server generates master information for generating the predetermined decryption key. As long as it is held, the encrypted biometric data is not decrypted even if the first identification information leaks outside. That is, the health care system can ensure the confidentiality of the biometric data.

  The key management server according to the embodiment of the first invention is a server that receives encrypted biometric data obtained by encrypting the biometric data with a predetermined encryption key from a measuring device that measures the biometric data and provides a health-related service. And a predetermined decryption key corresponding to the predetermined encryption key together with first identification information for identifying the measuring device, second identification information for identifying the biological data, and third identification information for identifying the server A communication unit that receives a request to transmit to the server from the server, a key generation unit that generates a predetermined decryption key from the first identification information, and a server that identifies a server that is the transmission target of the predetermined decryption key A storage unit storing four identification information and fifth identification information indicating the type of biometric data managed by the server corresponding to the fourth identification information, and the received third identification information and the storage. And a controller that transmits the predetermined decryption key to the server when the received second identification information matches the stored fifth identification information. To do.

  According to this aspect, the key management server generates a decryption key for decrypting the encrypted biometric data stored in the server, and the key management server determines the server to which the generated decryption key is transmitted. When the measurement device encrypts the measured biometric data using a predetermined encryption key, it is used when encrypting the biometric data depending on which service the server that is the transmission destination provides. There is no need to change the type of encryption key. That is, if the measurement device encrypts and transmits using a common encryption key regardless of which server is the destination, the key management server determines the server to which the decryption key is to be transmitted. Only the server selected by the key management server can acquire the decryption key and decrypt the encrypted biometric data. As a result, the key management server can eliminate the load of encrypting biometric data using a plurality of different encryption keys for each type of server providing the service on the measurement device side.

  The key management server also includes fourth identification information for identifying a server to which the predetermined decryption key is to be transmitted, and fifth identification indicating the type of biometric data managed by the server corresponding to the fourth identification information. A fourth storage unit for storing information; The key management server sends a request for transmitting the predetermined decryption key to the server, first identification information for identifying the measuring device, second identification information for identifying the type of the biometric data, and the server And the received third identification information coincides with the stored fourth identification information, and the received second identification information and the stored fifth identification information, If the two match, the predetermined decryption key is transmitted to the server. Thus, the key management server only needs to store a table indicating the correspondence relationship between the fourth identification information and the fifth identification information in the fourth storage unit, so the number of tables held by the key management server can be reduced. Can be reduced.

  A key management server according to an embodiment of the second invention is a server that receives encrypted biometric data obtained by encrypting the biometric data with a predetermined encryption key from a measuring device that measures the biometric data and provides a health-related service. And a request for transmitting a predetermined decryption key corresponding to the predetermined encryption key to the server together with first identification information for identifying the measuring device and second identification information for identifying the server. A communication unit for receiving, a first storage unit storing the type of biometric data measured by the measurement device in correspondence with the first identification information for identifying the measurement device, and second identification information for identifying the server Corresponding to the second storage unit storing the type of service provided by the server, the key generation unit generating the predetermined decryption key, and the biometric data corresponding to the received first identification information When associated and the type of service corresponding to the second identification information to the received the type, comprising a control unit for transmitting the predetermined decryption key to the server.

  According to this aspect, the key management server generates a decryption key for decrypting the encrypted biometric data stored in the server, and the key management server determines the server to which the generated decryption key is transmitted. When the measurement device encrypts the measured biometric data using a predetermined encryption key, it is used when encrypting the biometric data depending on which service the server that is the transmission destination provides. There is no need to change the type of encryption key. That is, if the measurement device encrypts and transmits using a common encryption key regardless of which server is the destination, the key management server determines the server to which the decryption key is to be transmitted. Only the server selected by the key management server can acquire the decryption key and decrypt the encrypted biometric data. As a result, the key management server can eliminate the load of encrypting biometric data using a plurality of different encryption keys for each type of server providing the service on the measurement device side.

  In addition, the key management server corresponds to first identification information for identifying the measurement device, a fourth storage unit that stores the type of biometric data measured by the measurement device, and second identification information for identifying the server And a fifth storage unit for storing the type of biometric data managed by the server. When the key management server receives a request for transmitting the predetermined decryption key to the server together with the first identification information and the second identification information, the key management server responds to the received first identification information. When the type of biometric data to be matched matches the type of biometric data corresponding to the received second identification information, the predetermined decryption key is transmitted to the server. As a result, the key management server can reduce the data types received from the server to the two types of the first identification information and the second identification information, so that the processing amount of the determination can be reduced accordingly.

  An encryption device according to an embodiment of the first invention is an encryption device that is attached to a measurement device that measures biological data and transmits the biological data to a server that provides a health-related service, the measurement device A first storage unit that stores biological data input from the measurement device, a second storage unit that stores unique data unique to the measurement device input from the measurement device, and a predetermined master key A key generation unit that generates a predetermined encryption key based on the unique data and the predetermined master key, and the biometrics using the generated predetermined encryption key. An encryption unit that encrypts data; and a communication unit that transmits the encrypted biometric data to the server.

  According to this aspect, by providing the encryption device attached to the measurement device with the key generation unit, the encryption unit, and the master key holding unit, the measurement device itself has the original function of the measurement device. Generation of a predetermined encryption key, generation of encrypted biometric data using the predetermined encryption key, and generation of the encrypted biometric in an encryption device attached to the measurement device without significantly adding unnecessary configuration Since data transmission can be realized, health-related services can be provided while simplifying the structure of the measuring device.

  In the encryption device according to the embodiment of the first invention, the encryption device may be a memory card attached to the measuring device.

  According to this aspect, the encryption device may be a memory card attached to the measuring device.

  In addition, the said embodiment is implement | achieved not only as an apparatus, for example, but as an integrated circuit provided with the process part with which such an apparatus is provided, or as a method of performing the process which the process part which comprises the apparatus performs It can also be realized as a program that causes a computer to execute these processes. These programs may be distributed via a recording medium such as a CD-ROM or a communication medium such as the Internet.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Embodiment 1)
<Configuration of health care system 1>
FIG. 1 is a block diagram showing an overall configuration of a health care system 1 according to Embodiment 1 of the present invention.

  As shown in the figure, the healthcare system 1 includes measuring devices 10a, 10b, and 10c, measuring device adapters 11a, 11b, and 11c attached to the measuring devices 10a, 10b, and 10c, a user terminal 13, The user terminal adapter 14 mounted on the user terminal 13, the first service providing server 17 a, the second service providing server 17 b, the third service providing server 17 c, and the key management server 16 are configured.

  The measuring devices 10a, 10b, and 10c and the measuring device adapters 11a, 11b, and 11c are examples of the measuring device and the encryption device, and measure and encrypt health information.

  The user terminal 13 and the user terminal adapter 14 are the first service providing server 17a, the second service providing server 17b, and the third service providing server that receive the encrypted health information received from the measuring instrument adapters 11a, 11b, and 11c. 17c.

  The first service providing server 17a, the second service providing server 17b, and the third service providing server 17c are examples of servers, and provide health-related services by decrypting encrypted health information.

  The key management server 16 provides a decryption key for decrypting the encrypted health information to the first service providing server 17a, the second service providing server 17b, and the third service providing server 17c.

  The health information is an example of biometric data, and indicates information related to health such as the body weight, body fat, and blood pressure of the measurement subject (user). The biological data is information related to the body of a living body such as a person to be measured and a measured animal.

  In addition, the health care system 1 uses health services provided by the first service providing server 17a, the second service providing server 17b, and the third service providing server 17c, respectively, by users who have the measuring devices 10a, 10b, and 10c. The configuration is shown. At this time, measuring instrument adapters 11a, 11b, and 11c are attached to the measuring instruments 10a, 10b, and 10c, respectively. Further, the user terminal 13 is equipped with a user terminal adapter 14 for collecting and temporarily storing measurement data measured by each measuring device and transmitting the collected data to each service providing server. Communication between the measuring instrument adapters 11 a, 11 b, 11 c and the user terminal adapter 14 is performed via the internal network 12. As the internal network 12, for example, a short-range wireless communication path such as Bluetooth (registered trademark) can be considered. Communication between the user terminal adapter 14 and the first service providing server 17a, the second service providing server 17b, and the third service providing server 17c, and the first service providing server 17a, the second service providing server 17b, and Communication between the third service providing server 17 c and the key management server 16 is performed via the external network 15. As the external network 15, for example, a wide-area communication path such as the Internet can be considered. Hereinafter, each component which comprises the healthcare system 1 is demonstrated.

<Configuration of measuring devices 10a, 10b, 10c>
Hereinafter, the configuration of the measuring device 10a will be described. Since the measuring devices 10b and 10c have basically the same configuration as the measuring device 10a, description thereof will be omitted.

  FIG. 2 is a block diagram illustrating a functional configuration of the measuring device 10a. As shown in the figure, the measurement device 10a includes a first measurement unit 100, a second measurement unit 101, a third measurement unit 102, a device information storage unit 103, an adapter I / F 104, a display unit 105, and a transmission processing unit 106. Prepare.

(First measurement unit 100, second measurement unit 101, third measurement unit 102)
The 1st measurement part 100, the 2nd measurement part 101, and the 3rd measurement part 102 measure various health information, such as a to-be-measured person (user) weight and body fat. And the 1st measurement part 100, the 2nd measurement part 101, and the 3rd measurement part 102 produce | generate various measured health information as measurement data. Here, it is assumed that the first measurement unit 100 measures body weight, the second measurement unit 101 measures body fat, and the third measurement unit 102 measures pulse. Note that the number of measurement units included in the measurement device varies depending on the number of types of health information measured by the measurement device. For example, the measuring devices 10b and 10c that measure only one type of health information have only one measuring unit.

(Equipment information storage unit 103)
The device information storage unit 103 is an example of a storage unit, and stores the device information 20 of the measurement device 10a. FIG. 3 is a diagram illustrating an example of the device information 20 stored in the device information storage unit 103. The device information 20 includes a product number, a model ID, and a data type. The product number is information indicating the type number of the measuring device, and is composed of, for example, alphanumeric characters. In FIG. 3, “KC-289B” is set as the product number. The model ID is information for identifying the measuring device. The model ID is information corresponding to the product number of the measuring device on a one-to-one basis, and is made up of only numbers, for example. In FIG. 3, “12345678” is set as the model ID corresponding to the product number “KC-289B”. The data type represents information indicating the type of health information measured by the measuring device specified by the product number or the model ID, or the type of measurement data generated by the measuring device specified by the product number or the model ID. Information. For example, “001” for “weight” and “002” for “body fat” are used to describe the data type according to rules defined in advance by the healthcare system 1. In the case of a measuring device that measures a plurality of health information, a plurality of data is set as the data type. Since the measuring device 10a has a function of measuring three pieces of health information (“weight”, “body fat”, and “pulse”), the device information 20 shown in FIG. 3 has “001” corresponding to each piece of health information. "," 002 ", and" 005 "are set as data types.

(Adapter I / F104)
The adapter I / F 104 transmits and receives data to and from the measuring instrument adapter 11a. For example, the adapter I / F 104 transmits the measurement device transmission data generated by the transmission processing unit 106 to the measurement device adapter 11a.

(Display unit 105)
The display unit 105 displays measurement data measured by the measurement device 10a to a person to be measured (user).

(Transmission processing unit 106)
The transmission processing unit 106 generates measurement device transmission data including measurement data, a model ID, and a data type.

<Configuration of Adapters 11a, 11b, 11c for Measuring Equipment>
Hereinafter, the configuration of the measuring instrument adapter 11a will be described. Since the measuring instrument adapters 11b and 11c have basically the same configuration as the measuring instrument adapter 11a, the description thereof is omitted. FIG. 4 is a block diagram showing a functional configuration of the measuring instrument adapter 11a. As shown in the figure, the measurement device adapter 11a includes a measurement device I / F 110, an encryption processing unit 111, a master key storage unit 112, an encryption key generation unit 113, a transmission / reception unit 114, an encryption processing determination unit 115, and a measurement device. An information storage unit 116 is provided.

(Measurement equipment I / F110)
The measurement device I / F 110 is an example of an interface unit, and performs data transmission / reception with the measurement device 10a.

(Encryption processing unit 111)
The encryption processing unit 111 is an example of an encryption unit, and generates encrypted measurement data obtained by encrypting measurement data received from the measurement device 10a. Further, the encryption processing unit 111 generates the measuring instrument adapter transmission data 21 including the model ID, the data type, and the encrypted measurement data. FIG. 5 is a diagram illustrating an example of the measurement device adapter transmission data 21 generated by the measurement device adapter 11a attached to the measurement device 10a. The measurement device adapter transmission data 21 includes a model ID of the measurement device 10a to which the measurement device adapter 11a is attached, a data type of health data measured by the measurement device 10a, and encrypted measurement data. The details of the measurement data encryption processing by the encryption processing unit 111 will be described later.

(Master key storage unit 112)
The master key storage unit 112 is an example of a master key holding unit, and stores a master key. The master key is secret information common to all measurement device adapters, and is set when the measurement device adapter is manufactured.

(Encryption key generation unit 113)
The encryption key generation unit 113 is an example of a key generation unit, and generates an encryption key based on a master key, a model ID, and a data type. Thereby, the encryption key has a different value for each model ID and data type. Details of the generation method will be described later. In this embodiment, an example in which the encryption key generation unit 113 generates an encryption key based on a master key, a model ID, and a data type will be described. However, a healthcare system to which the present invention is applied is It is not limited to a healthy healthcare system. For example, a healthcare system to which the present invention is applied may be a healthcare system in which an encryption key generation unit generates an encryption key based on a master key and a model ID.

(Transceiver 114)
The transmission / reception unit 114 is an example of a communication unit, and performs data transmission / reception with the user terminal adapter 14 via the internal network 12. For example, the transmission / reception unit 114 transmits the measurement device adapter transmission data 21 generated by the encryption processing unit 111 to the user terminal adapter 14.

(Encryption processing determination unit 115)
The encryption process determination unit 115 determines whether or not the measurement data received from the measurement device 10a is to be encrypted. The determination as to whether encryption is necessary is performed based on the measurement device information 22 stored by the measurement device information storage unit 116. Details of the determination method will be described later.

(Measurement device information storage unit 116)
The measurement device information storage unit 116 is an example of a storage unit, and stores the measurement device information 22. The measuring device information 22 includes information related to the measuring device 10a to which the measuring device adapter 11a is attached and information set by an instruction from the user terminal adapter 14. FIG. 6 is a diagram illustrating an example of the measurement device information 22. The measuring device information 22 includes a product number, a model ID, a data type, and transmission necessity. Here, the product number, model ID, and data type are the product numbers included in the device information 20 stored in the device information storage unit 103 of the measuring device 10a when the measuring device adapter 11a is attached to the measuring device 10a. , Model ID, and data type are copied. Specifically, as the product number, model ID, and data type of the measurement device information 22 shown in FIG. 6, the product number, model ID, and data type of the device information 20 shown in FIG. 3 are copied. The necessity of transmission is information set based on an instruction from the user terminal adapter 14 for each data type. Specifically, in the necessity of transmission, “1” is set and transmitted when the health information indicated by the data type needs to be transmitted from the measurement device adapter 11a to the user terminal adapter 14. If there is no need, “0” is set. In the measuring device information 22 of FIG. 3, “1” (transmission required) is set for the data types “001” (weight) and “002” (body fat), and the data type “007” (pulse) ) Is set to “0” for transmission (no transmission required).

  In the present embodiment, the measurement device adapter 11a will be described as an example of transmitting measurement data received from the measurement device 10a without storing it. However, the healthcare system to which the present invention is applied is such a case. It is not limited to health care systems. For example, the measurement device adapter 11a may include a storage unit that stores measurement data received from the measurement device 10a.

<Configuration of user terminal 13>
The user terminal 13 is a PC, a TV, or the like. A user terminal adapter 14 is attached to the user terminal 13. The user terminal 13 mainly provides a user interface for data operation in the user terminal adapter 14.

<Configuration of User Terminal Adapter 14>
FIG. 7 is a block diagram showing a functional configuration of the user terminal adapter 14. As shown in the figure, the user terminal adapter 14 includes a user terminal I / F 140, a measurement information storage unit 141, a first transmission / reception unit 142, a second transmission / reception unit 143, a connected device information storage unit 144, and a use service information storage unit. 145.

(User terminal I / F 140)
The user terminal I / F 140 is an interface for performing data transmission / reception with the user terminal 13.

(Connected device information storage unit 144)
The connected device information storage unit 144 stores the connected device information 23. The connected device information 23 is information for identifying the measuring device adapter connected to the user terminal adapter 14, information of the measuring device in which the measuring device adapter is mounted, and the measuring device measures. Contains information on whether health information needs to be stored. FIG. 8 is a diagram illustrating an example of the connected device information 23. The measurement device adapter ID, model ID, and data type included in the connection device information 23 are the measurement device adapters when the connection setting between the user terminal adapter 14 and the measurement device adapters 11a, 11b, and 11c is performed. And the model ID and data type of the measurement device information 22 stored in the measurement device information storage unit 116 of each measurement device adapter are copied. The necessity of accumulation is information set for each data type. Specifically, the necessity of accumulation is set to “1” when the user terminal adapter 14 needs to accumulate the health information specified by the data type, and when it is not necessary to accumulate, “0” is set. The connected device information 23 in FIG. 8 indicates that the user terminal adapter 14 is connected to the user terminal adapter having the measurement device adapter IDs “186512”, “392138”, and “912356”. The connected device information 23 indicates that each measurement device adapter is attached to the measurement device having the model IDs “12345678”, “2468912”, and “86442013”. Further, in the connected device information 23, the measuring device 10a having the model ID “12345678” needs to accumulate measurement data of “body weight” specified by the data type “001” and “body fat” specified by “002”. Indicates that On the other hand, the measurement device 10b with the model ID “2468912” indicates that it is necessary to accumulate measurement data of “blood pressure” specified by the data type “004”.

(Measurement information storage unit 141)
The measurement information accumulation unit 141 accumulates encrypted measurement data transmitted from each measurement device via the measurement device adapter as accumulated measurement data 24. FIG. 9 is a diagram illustrating an example of the accumulated measurement data 24. The accumulated measurement data 24 includes a model ID, a data type, and measurement data. The model ID and data type of the connected device information 23 stored by the connected device information storage unit 144 are copied as the model ID and data type, where the necessity of accumulation is “1” (accumulation required). The measurement data is data in which the encrypted measurement data transmitted from the measurement device adapter is stored for each model ID and data type.

(First transceiver 142)
The first transmission / reception unit 142 transmits / receives data to / from the measurement equipment adapters 11 a, 11 b, 11 c via the internal network 12.

(Second transceiver 143)
The second transmitting / receiving unit 143 performs data transmission / reception with the first service providing server 17a, the second service providing server 17b, and the third service providing server 17c via the external network 15. For example, the second transmitting / receiving unit 143 transmits user terminal adapter transmission data including a model ID, a data type, and encrypted measurement data to the first service providing server 17a.

(Usage service information storage unit 145)
The use service information storage unit 145 stores use service information 25 including services used by the user, health information necessary for the service, and information indicating from which measuring device the health information is acquired. FIG. 10 is a diagram showing an example of the usage service information 25. The use service ID indicates a service ID for identifying a service providing server that provides a service used by a user. The necessary data type is set for each use service ID, and indicates the data type of health information necessary for using the service indicated by the service ID. When one service requires a plurality of pieces of health information, a plurality of necessary data types are set for one service ID. The data acquisition measuring device adapter ID is information for identifying the measuring device adapter that acquires the health information specified by the necessary data type. The data acquisition model ID indicates the model ID of the measuring device to which the measuring device adapter is attached.

  For example, the use service information 25 shown in FIG. 10 indicates that the service provided by the service providing server identified by the service IDs “0002” and “0148” is being used. The used service information 25 indicates that each of the service providing servers identified by the service ID “0002” needs health information identified by the necessary data types “001” and “004”. Further, the usage service information 25 includes the health information identified by the data types “001”, “004”, and “002” based on the measurement device adapter IDs “186512”, “392138”, and “186512”. It is acquired from the adapter for the measuring instrument to be identified. The usage service information 25 indicates that the measuring device adapters identified by the measuring device adapter IDs “186512”, “392138”, and “186512” are the model IDs “12345678”, “2468912”, and “12345678”, respectively. "Indicates that measurement data is acquired from the measurement device identified by". "

<Configuration of First Service Providing Server 17a, Second Service Providing Server 17b, and Third Service Providing Server 17c>
Hereinafter, the configuration of the first service providing server 17a will be described. Since the second service providing server 17b and the third service providing server 17c have basically the same configuration as the first service providing server 17a, description thereof is omitted. FIG. 11 is a block diagram showing a functional configuration of the first service providing server 17a.

(Collecting permission information storage unit 170)
The collection permission information storage unit 170 is an example of a storage unit, and includes information identifying the first service providing server 17a and information identifying health information permitted to be collected by the first service providing server 17a. The collection permission information 26 is stored. FIG. 12 is a diagram illustrating an example of the collection permission information 26. The collection permission information 26 indicates that the first service providing server 17a is permitted to collect measurement data of data types “001” (weight) and “004” (blood pressure).

(Transceiver 171)
The transmission / reception unit 171 is an example of a communication unit, and performs data transmission / reception between the user terminal adapter 14 and the key management server 16 via the external network 15. For example, the transmission / reception unit 171 transmits the key request data 27 generated by the key request data generation unit 172 to the key management server 16.

(Key request data generation unit 172)
The key request data generation unit 172 generates key request data 27 for requesting the key management server 16 to transmit a decryption key for decrypting the encrypted measurement data received from the user terminal adapter 14. The key request data 27 includes information for identifying the measuring device, information for identifying the type of health information, and information for identifying the service providing server. FIG. 13 is a diagram illustrating an example of the key request data 27. As shown in the figure, the key request data 27 includes the service ID of the service providing server, and the model ID and data type included in the user terminal adapter transmission data. The key request data 27 shown in FIG. 13 indicates that the first service providing server 17a with the service ID “0002” requests a decryption key corresponding to the model ID “2468912” and the data type “004” of the measuring device. Show.

(Measurement data decoding unit 173)
The measurement data decryption unit 173 performs a process of decrypting the encrypted measurement data using the decryption key acquired from the key management server 16. Details will be described later.

(User measurement data storage unit 174)
The user measurement data storage unit 174 is an example of a storage unit, and stores the model ID, data type, and encrypted measurement data received from the user terminal adapter 14. Further, the user measurement data storage unit 174 stores measurement data obtained by decrypting the encrypted measurement data.

(Measurement data utilization unit 175)
The measurement data using unit 175 provides a service to the user using the measurement data decoded by the measurement data decoding unit 173.

(Decryption key storage unit 176)
The decryption key storage unit 176 stores the decryption key received from the key management server 16. FIG. 14 is a diagram illustrating an example of stored decryption key data 28 stored in the decryption key storage unit 176. As shown in the figure, the stored decryption key data 28 includes a model ID, a data type, and a decryption key. For example, in the stored decryption key data 28 shown in FIG. 14, the decryption key of the measurement data corresponding to the model ID “12345678” and the data type “001” (weight) is “9A3FDA343”.

<Configuration of Key Management Server 16>
FIG. 15 is a block diagram showing a functional configuration of the key management server 16.

(Master key storage unit 160)
The master key storage unit 160 is an example of a master key holding unit, and stores a master key. The master key is the same as the master key held in common by the measuring instrument adapter.

(Transceiver 161)
The transmission / reception unit 161 transmits / receives data to / from the first service providing server 17a, the second service providing server 17b, and the third service providing server 17c via the external network 15. For example, the transmission / reception unit 161 transmits the decryption key generated by the decryption key generation unit 162 to the first service providing server 17a in accordance with an instruction from the decryption key generation permission determination unit 163.

(Decryption key generation unit 162)
The decryption key generation unit 162 is an example of a key generation unit, and in response to a request from the service providing server, the master key stored in the master key storage unit 160 and the model ID and data included in the key request data 27 A decryption key is generated based on the type. That is, the decryption key generation unit 162 generates, as a decryption key, the same key as the encryption key used when the measurement data is encrypted by the measurement device adapter. Details thereof will be described later. Note that the decryption key generation unit 162 may generate a decryption key based on the master key and the model ID, similarly to the encryption key generation unit 113 provided in the measuring instrument adapter.

(Decryption key generation permission determination unit 163)
The decryption key generation permission determination unit 163 is an example of a control unit, receives a decryption key request from the service providing server, and generates a decryption key based on the collection permission database 29 stored in the collection permission database storage unit 164. Judgment is made. When it is determined that the decryption key generation is permitted, the decryption key generation permission determination unit 163 instructs the decryption key generation unit 162 and the transmission / reception unit 161 to generate and transmit the decryption key.

(Collection permission database storage unit 164)
The collection permission database storage unit 164 is an example of a storage unit, and stores the collection permission database 29. The collection permission database 29 stores data types of health information that are permitted to be collected by each service providing server. FIG. 16 is a diagram illustrating an example of the collection permission database 29. The service ID is an ID for identifying each service providing server. The permitted data type is a data type of health information that is permitted to be collected by the service providing server. In addition, it is assumed that an agreement regarding the collection permission of health information is made in advance between the key management center that manages the key management server and each healthcare service provider, and the collection permission database 29 includes the permission contents. It shall be set based on this.

  Next, various operations in the health care system 1 configured as described above will be described.

  FIG. 17 is a sequence diagram illustrating an overall processing flow in the health care system 1.

  First, the measuring device 10a measures user health information. Then, the measurement device 10a transmits measurement device transmission data including the model ID, the data type, and the measurement data to the measurement device adapter 11a (step S101).

  Next, the measurement device adapter 11a encrypts the measurement data included in the received measurement device transmission data. Then, the measuring device adapter 11a transmits the measuring device adapter transmission data 21 including the model ID, the data type, and the encrypted measurement data to the user terminal adapter 14 (step S102).

  Next, the user terminal adapter 14 specifies a service ID corresponding to the model ID and the data type included in the measuring instrument adapter transmission data 21. Then, the user terminal adapter 14 includes the user terminal adapter including the encrypted measurement data corresponding to the model ID and the data type in the service providing server (first service providing server 17a) corresponding to the specified service ID. The transmission data is transferred (step S103).

  Next, the first service providing server 17a determines whether to decrypt the encrypted measurement data. If it is determined that the data is to be decrypted, the first service providing server 17a receives the key request data 27 including the service ID indicating the server and the model ID and data type included in the received user terminal adapter transmission data. It transmits to the key management server 16 (step S104).

  Next, when the received key request data 27 satisfies a predetermined condition, the key management server 16 generates a decryption key corresponding to the key request data 27 and provides the decryption key data including the generated decryption key to the first service. It transmits to the server 17a (step S105).

  Next, the first service providing server 17a decrypts the encrypted measurement data using the decryption key included in the received decryption key data (step S106).

  Next, details of operations in the measurement device 10a, the measurement device adapter 11a, the user terminal adapter 14, the first service providing server 17a, and the key management server 16 will be described.

<Measurement process of health information by measuring instrument 10a>
FIG. 18 is a flowchart showing the flow of measurement processing in the measurement device 10a.

  First, the first measurement unit 100, the second measurement unit 101, or the third measurement unit 102 determines whether the user is measuring health information (step S201). Here, when the user has not measured the health information (No in step S201), the first measurement unit 100, the second measurement unit 101, or the third measurement unit 102 again measures the health information. It is determined whether or not there is (step S201). On the other hand, when the user is measuring the health information (Yes in step S201), the first measurement unit 100, the second measurement unit 101, or the third measurement unit 102 generates each of the measured health information as measurement data. (Step S202).

Next, the display unit 105 displays the generated measurement data (step S203).
Next, the transmission processing unit 106 acquires the model ID and the data type from the device information 20 stored in the device information storage unit 103 (step S204). For example, in the case of measurement data generated by the first measurement unit 100, the transmission processing unit 106 acquires the model ID “12345678” and the data type “001” from the device information 20 illustrated in FIG.

  Next, the transmission processing unit 106 generates measurement device transmission data including the acquired model ID and data type and the measurement data generated in step S202 (step S205). For example, when the measurement data generated by the first measurement unit 100, the second measurement unit 101, and the third measurement unit 102 are defined as first measurement data, second measurement data, and third measurement data, respectively, transmission processing The unit 106 acquires the model ID 201, the data type 202a, the data type 202b, and the data type 202c illustrated in FIG. 3 from the device information storage unit 103. And the transmission process part 106 produces | generates 1st measuring device transmission data, 2nd measuring device transmission data, and 3rd measuring device transmission data with the following data formats, and transmits to the adapter 11a for measuring devices.

First measurement device transmission data = (model ID 201, data type 202a, first measurement data)
Second measurement device transmission data = (model ID 201, data type 202b, second measurement data)
Third measurement device transmission data = (model ID 201, data type 202c, third measurement data)

  Here, D = (A, B, C) means that the data D includes data A, B, and C.

  Next, the adapter I / F 104 transmits the generated measurement device transmission data to the measurement device adapter 11a (step S206). And the measuring device 10a repeats the process from step S201 to step S206.

  As described above, the measurement device 10a transmits the measurement device transmission data including the measurement data that is the measured user health information to the measurement device adapter 11a.

<Encrypted transmission processing of measurement data by measuring instrument adapter 11a>
Next, a process in which the measurement device adapter 11a encrypts measurement data measured by the measurement device 10a and transmits the encrypted measurement data will be described.

  FIG. 19 is a flowchart showing the flow of the encrypted transmission process in the measuring instrument adapter 11a.

  First, the measurement device I / F 110 determines whether measurement device transmission data is received (step S301). Here, when the measurement device transmission data is not received (No in Step S301), the measurement device I / F 110 determines again whether the measurement device transmission data is received (Step S301). On the other hand, when the measurement device transmission data is received (Yes in step S301), the encryption processing determination unit 115 transmits the model ID, the data type, and the transmission from the measurement device information 22 stored in the measurement device information storage unit 116. Necessity is acquired (step S302).

  Next, the cryptographic process determination unit 115 determines whether or not the model ID acquired from the measurement device information 22 includes a model ID that matches the model ID included in the measurement device transmission data (step S303). Here, when there is no matching model ID (No in step S303), the cryptographic process determination unit 115 discards the measurement device transmission data. Then, the measurement device I / F 110 determines whether measurement device transmission data is received (step S301). On the other hand, if there is a matching model ID (Yes in step S303), the encryption processing determination unit 115 determines whether the data type corresponding to the model ID matches the data type included in the measurement device transmission data. (Step S304). Here, when the data type does not match the data included in the measurement device transmission data (No in step S304), the cryptographic processing determination unit 115 discards the measurement device transmission data. Then, the measurement device I / F 110 determines whether measurement device transmission data is received (step S301). On the other hand, if the data type matches the data type included in the measurement device transmission data (Yes in step S304), the cryptographic processing determination unit 115 determines whether the transmission necessity corresponding to the model ID and the data type is “1”. Is determined (step S305). Here, if the necessity of transmission is not “1” (No in step S305), the cryptographic processing determination unit 115 discards the measurement device transmission data. Then, the measurement device I / F 110 determines whether measurement device transmission data is received (step S301). On the other hand, if the transmission necessity is “1” (Yes in step S305), the encryption key generation unit 113 acquires the master key stored in the master key storage unit 112 (step S306).

  For example, in the measurement device information 22 shown in FIG. 6, the transmission necessity corresponding to the first measurement device transmission data and the second measurement device transmission data is “1” (transmission required), so the first transmission data and the second transmission It is determined that the first measurement data and the second measurement data included in the data need to be encrypted and need to be transmitted to the user terminal adapter 14. On the other hand, since the transmission necessity corresponding to the third measurement device transmission data is “0” (transmission is not required), the third measurement data does not need to be encrypted and is transmitted to the user terminal adapter 14. It is determined that there is no need to

  In the present embodiment, the encryption processing determination unit 115 encrypts measurement data that does not need to be transmitted to the user terminal adapter 14, that is, health information that does not need to be transmitted for the use of the healthcare service. However, the measurement data may be stored in the local storage means in the user terminal 13, the user terminal adapter 14 or the measurement device adapter 11a without discarding the measurement data. Note that the cryptographic processing determination unit 115 may separately determine whether or not to store in the local storage unit based on information for determination. The measurement data stored in the local storage means may be encrypted in the same manner as described above. Further, the encryption processing determination unit 115 may determine whether to encrypt the measurement data stored in the local storage unit based on the information defined for determining whether to encrypt. good. Further, the encryption processing determination unit 115 determines whether to encrypt the measurement data to be transmitted to the user terminal adapter 14 based on the information defined for determining whether to encrypt. good.

  Next, the encryption key generation unit 113 generates an encryption key from the model ID, the data type, and the master key (step S307).

  Next, the encryption processing unit 111 generates encrypted measurement data obtained by encrypting the measurement data included in the measurement device transmission data using the generated encryption key (step S308). Detailed description of the encryption of measurement data by the encryption processing unit 111 will be described later.

  Next, the encryption processing unit 111 generates the measuring instrument adapter transmission data 21 including the generated encrypted measurement data and the model ID and data type corresponding to the encrypted measurement data (step S309).

  Next, the transmission / reception unit 114 transmits the measuring instrument adapter transmission data 21 to the user terminal adapter 14 (step S310). The measuring instrument adapter 11a repeats the processing from step S301 to step S310.

  As described above, the measurement device adapter 11a generates encrypted measurement data obtained by encrypting the measurement data received from the measurement device 10a. Further, the measuring device adapter 11a includes the generated encrypted measurement data, the model ID that is information for identifying the measuring device, and the data type that is the data type that is information for identifying the type of health information. 21 is transmitted to the adapter 14 for user terminals.

  Next, details of the transmission data encryption processing (steps S307 and S308 in FIG. 19) by the encryption processing unit 111 will be described. The encryption key generation unit 113 generates the following encryption key K using the model ID and the data type included in the measurement device transmission data to be encrypted. Then, the encryption key generation unit 113 transfers the generated encryption key K to the encryption processing unit 111.

    K = F (master key, model ID included in measurement device transmission data‖data type)

  Here, F is a one-way function. C = F (A, B) means that the result of calculating the one-way function F for the data A and B is C. A‖B represents the data connection between A and B. For example, when A = 131313 and B = 2242424, A‖B = 13131324242. The master key is acquired from the master key storage unit 112.

  Next, the encryption processing unit 111 encrypts the measurement data D included in the measurement device transmission data using the encryption key K generated by the encryption key generation unit 113.

That is,
E = Enc (K, D)
Calculate At this time, Enc (K, D) is the result of encrypting the data D using the key K.

  As described above, encrypted measurement data E is generated from the measurement data.

<Transfer of Encrypted Measurement Data by User Terminal Adapter 14>
Next, a process in which the user terminal adapter 14 transfers the encrypted measurement data received from the measurement device adapter 11a to the service providing server will be described.

  FIG. 20 is a flowchart showing the flow of transfer processing in the user terminal adapter 14.

  First, the first transmitter / receiver 142 determines whether or not the measuring instrument adapter transmission data 21 is received from the measuring instrument adapter 11a via the internal network 12 (step S401). If the measuring instrument adapter transmission data 21 has not been received (No in step S401), the first transmission / reception unit 142 determines again whether or not the measuring instrument adapter transmission data 21 has been received (step S401). S401). On the other hand, when the measurement device adapter transmission data 21 is received (Yes in step S401), the first transmission / reception unit 142 transmits the measurement device adapter transmission from the connection device information 23 stored in the connection device information storage unit 144. The storage necessity corresponding to the model ID and the data type included in the data 21 is acquired (step S402).

  Next, the first transmission / reception unit 142 determines whether or not the acquired accumulation necessity is “1” (accumulation necessity) (step S403). If the accumulation necessity is “1” (Yes in step S403), the first transmission / reception unit 142 accumulates the measuring device adapter transmission data 21 in the measurement information accumulation unit 141 (step S404). On the other hand, if the accumulation necessity is not “1” (No in step S403), the first transmission / reception unit 142 proceeds to the process of step S405 without accumulating the adapter transmission data 21 for the measurement device in the measurement information accumulation unit 141. .

  Specifically, as shown in FIG. 9, in the first transmission / reception unit 142, the accumulation necessity data of the connected device information 23 is “requires accumulation” as the accumulated measurement data 24 accumulated in the measurement information accumulation unit 141. Only the encrypted measurement data is stored for each model ID and data type.

  Next, the first transmission / reception unit 142 acquires the usage service ID corresponding to the data type included in the measuring instrument adapter transmission data 21 from the usage service information 25 stored in the usage service information storage unit 145 (step S1). S405). For example, when the data type included in the measuring instrument adapter transmission data 21 is “001”, the first transmission / reception unit 142 acquires the usage service ID “0002” from the usage service information 25 shown in FIG.

  Next, the first transmission / reception unit 142 uses the user service adapter transmission data including the service ID acquired in step S405 and the model ID, data type, and encrypted measurement data included in the measurement device adapter transmission data 21. Is generated (step S406).

  Next, the second transmitting / receiving unit 143 transmits the generated user terminal adapter transmission data to the service providing server identified by the use service ID (step S407). Note that the second transmission / reception unit 143 may periodically transmit the accumulated measurement data 24 accumulated in the measurement information accumulation unit 141 to the service providing server.

  For example, the user terminal adapter 14 refers to the use service information 25 shown in FIG. 10 to transfer the health of the data type “001” (weight) to the first service providing server 17a identified by the service ID “0002”. Information and health information of data type “004” (blood pressure) are transmitted. Specifically, the user terminal adapter 14 uses a set of data (model ID, data corresponding to each of the data types “001” and “004” from the stored measurement data 24 stored in the measurement information storage unit 141. Type and set of encrypted measurement data). Then, the user terminal adapter 14 transmits the acquired data set to the first service providing server 17a as user terminal adapter transmission data.

<Decryption of encrypted measurement data by first service providing server 17a>
Next, a process for determining whether to decrypt the encrypted measurement data included in the received user terminal adapter transmission data and a process for decrypting the encrypted measurement data by the first service providing server 17a will be described. .

  FIG. 21 is a flowchart showing the flow of the decoding determination process and the decoding process in the first service providing server 17a. First, the decryption determination process in the first service providing server 17a will be described.

  First, the transmitting / receiving unit 171 determines whether user terminal adapter transmission data is received from the user terminal adapter 14 via the external network 15 (step S501). Here, when the user terminal adapter transmission data is not received (No in step S501), the transmission / reception unit 171 determines again whether the user terminal adapter transmission data is received (step S501). On the other hand, when the user terminal adapter transmission data is received (Yes in step S501), the transmission / reception unit 171 acquires the data type included in the collection permission information 26 stored in the collection permission information storage unit 170 ( Step S502). For example, the transmission / reception unit 171 acquires the data types “001” and “004” from the collection permission information 26 illustrated in FIG.

  Next, the transmission / reception unit 171 determines whether or not the data type included in the received user terminal adapter transmission data matches the data type acquired in step S502 (step S503). If the data types do not match (No in step S503), the transmission / reception unit 171 determines that the encrypted measurement data is not decrypted, and determines again whether the user terminal adapter transmission data has been received. (Step S501). On the other hand, if the data types match (Yes in step S503), the transmission / reception unit 171 determines that the encrypted measurement data is to be decrypted, and uses the stored decryption key data 28 stored in the decryption key storage unit 176 for the user terminal. A decryption key corresponding to the model ID and the data type included in the adapter transmission data is searched (step S504).

  As a result of the search in step S504, if it is determined that there is a decryption key corresponding to the model ID and the data type included in the user terminal adapter transmission data (No in step S505), the measurement data decryption unit 173 Using the decryption key, the encrypted measurement data included in the user terminal adapter transmission data is decrypted (step S514). On the other hand, when it is determined that there is no decryption key corresponding to the model ID and the data type included in the user terminal adapter transmission data (Yes in step S505), the key request data generation unit 172 includes the first service providing server. The key request data 27 including the service ID for identifying 17a and the model ID and data type included in the user terminal adapter transmission data is generated (step S506).

  Next, the transmission / reception unit 171 transmits the key request data 27 to the key management server 16 via the external network 15 (step S507).

  As described above, the transmission / reception unit 171 included in the first service providing server 17a extracts the data type from the user terminal adapter transmission data and refers to the collection permission information 26 stored in the collection permission information storage unit 170. It is checked whether or not there is an authority to decrypt the encrypted measurement data included in the received user terminal adapter transmission data. For example, the transmission / reception unit 171 of the first service providing server 17a can collect health information with data types “001” (weight) and “004” (blood pressure) by referring to the collection permission information 26 shown in FIG. Is determined. That is, when the received user terminal adapter transmission data includes health information with data types “001” (weight) and “004” (blood pressure), the transmission / reception unit 171 of the first service providing server 17a It is determined that there is an authority to decrypt and collect these health information.

  After the transmission / reception unit 171 confirms that the encrypted measurement data included in the received user terminal adapter transmission data is authorized as described above, the key request data generation unit 172 includes the user terminal adapter. Key request data is generated using the model ID and data type included in the transmission data and the service ID of the first service providing server 17a. That is, the service ID of the service providing server that generated the key request data is added to the key request data. In the key request data 27 shown in FIG. 13, the service ID “0002” of the first service providing server 17a is added. As the model ID and data type, the data included in the user terminal adapter transmission data is copied as it is. The generated key request data 27 is transmitted to the key management server 16 by the transmission / reception unit 171.

Next, the decoding process in the first service providing server 17a will be described.
First, the transmission / reception unit 171 determines whether or not decryption key data has been received from the key management server 16 via the external network 15 (step S511). Here, when the decryption key data is not received (No in Step S511), the transmission / reception unit 171 determines again whether or not the decryption key data is received (Step S511). On the other hand, when receiving the decryption key data (Yes in step S511), the transmission / reception unit 171 determines whether or not the decryption key data includes the decryption key (step S512).

  Here, when the decryption key data does not include the decryption key (No in step S512), the transmission / reception unit 171 determines again whether or not the decryption key data has been received (step S511). On the other hand, when the decryption key data includes the decryption key (Yes in step S512), the measurement data decryption unit 173 acquires the decryption key included in the decryption key data (step S513).

  Next, the measurement data decryption unit 173 decrypts the encrypted measurement data included in the user terminal adapter transmission data using the obtained decryption key (step S514). Specifically, the measurement data decryption unit 173 uses the decryption key K and the encrypted measurement data E as in the following equation.

    D = Dec (K, E)

  Next, the measurement data utilization unit 175 provides a service to the user using the decrypted measurement data (step S515). Specifically, the measurement data using unit 175 stores the measurement data D decrypted as described above in the user measurement data storage unit 174 for each user. The measurement data utilization unit 175 provides services such as health advice based on the accumulated measurement data.

  Then, the first service providing server 17a repeats the processing from step S501 to step S515.

  As described above, the first service providing server 17a requests the key management server 16 for a decryption key for decrypting the measurement data. Further, the first service providing server 17 a decrypts the measurement data using the decryption key acquired from the key management server 16.

<Generation of Decryption Key by Key Management Server 16>
Next, a process in which the key management server 16 generates a decryption key based on the received key request data 27 will be described.

  FIG. 22 is a flowchart showing the flow of the decryption key generation process in the key management server 16.

  First, the transmission / reception unit 161 determines whether or not the key request data 27 has been received from the service providing server via the external network 15 (step S601). Here, when the key request data 27 has not been received (No in step S601), the transmission / reception unit 161 determines again whether or not the key request data 27 has been received (step S601). On the other hand, when the key request data 27 has been received (Yes in step S601), the decryption key generation permission determination unit 163 acquires the service ID, the model ID, and the data type included in the key request data 27 (step S602). ).

  Next, the decryption key generation permission determination unit 163 determines whether or not the contents of the key request data 27 are valid.

  That is, first, the decryption key generation permission determination unit 163 determines whether or not the service ID included in the key request data 27 is included in the collection permission database 29 stored in the collection permission database storage unit 164 ( Step S603). If the service ID is not included in the collection permission database 29 (No in step S603), the decryption key generation unit 162 cannot decrypt the encrypted measurement data by the service providing server that transmitted the key request data 27 ( Decryption key data indicating that decryption is not possible is generated (step S609). On the other hand, when the service ID is included in the collection permission database 29 (Yes in step S603), the decryption key generation permission determination unit 163 determines from the collection permission database 29 the permission corresponding to the service ID included in the key request data 27. The data type is acquired (step S604).

  Next, the decryption key generation permission determination unit 163 determines whether or not the data type included in the key request data 27 matches the permission data type acquired in step S604 (step S605). Here, when the data type does not match the permitted data type (No in step S605), the decryption key generation unit 162 cannot decrypt the encrypted measurement data by the service providing server that transmitted the key request data 27 (impossible to decrypt). Is generated (step S609). On the other hand, when the data type matches the permitted data type (Yes in step S605), the decryption key generation unit 162 acquires the master key stored in the master key storage unit 160 (step S606).

  For example, in the key request data 27 shown in FIG. 13, since the service ID is “0002”, permission data types “001” and “004” are obtained by searching the collection permission database 29 shown in FIG. On the other hand, the key request data 27 includes “001” and “004” as data types, both of which are included in the search result. Therefore, the decryption key generation permission determination unit 163 generates the following decryption key generation permission data and notifies the decryption key generation unit 162 of the data.

Decryption key generation permission data = (permission data type, model ID)
= (001, 1235678) and (004, 2468912)

  Next, the decryption key generation unit 162 generates a decryption key from the model ID, the data type, and the master key (step S607). Specifically, the decryption key generation unit 162 generates a decryption key K based on the following expression based on the received decryption key generation permission data. Here, the data stored in the master key storage unit 160 is used as the master key.

    K = F (master key, decryption key generation permission data included model ID‖permission data type)

For example, the decryption key K for the permitted data type “004” is
K = F (master key, 2468912‖004)
Calculated by

  Next, the decryption key generation unit 162 generates decryption key data including the generated decryption key (step S608).

  Next, the transmission / reception unit 161 transmits the decryption key data generated in step S608 and step S609 to the service providing server (step S610). For example, the transmission / reception unit 161 transmits the decryption key K calculated as described above to the first service providing server 17a.

  Then, the key management server 16 repeats the processing from step S601 to step S610.

  As described above, in the health care system 1 of the present embodiment, the number of encryption processes on the measurement device side does not increase even if the health service to be used increases. That is, the encryption process is performed only once for one piece of health information regardless of the number of healthcare services to be used. That is, according to the present embodiment, it is possible to realize a healthcare system that does not require an increase in the cryptographic processing load on the measurement device side due to the addition of a use service.

  In the healthcare system 1 of the present embodiment, the key management server 16 transmits a decryption key for decrypting predetermined encrypted measurement data only to the service providing server that is the transmission target. Accordingly, when the measurement data measured by the measurement device (for example, the measurement device 10a) is encrypted using the predetermined encryption key by the measurement device adapter (for example, the measurement device adapter 11a), the final transmission destination There is no need to change the type of encryption key used when encrypting measurement data according to the service providing server. That is, if the measuring instrument adapter encrypts and transmits using the common encryption key, only the service providing server selected by the key management server 16 can acquire the decryption key and decrypt the encrypted measurement data. As a result, the health care system 1 of the present embodiment can eliminate the load of encrypting measurement data using a plurality of different encryption keys for each type of server that provides a service on the measurement device side.

  When the key management server 16 receives the key request data 27 from the service providing server (for example, the first service providing server 17a), the data type and service ID included in the key request data 27, and the collection permission database storage unit 164 It is determined whether or not the data type and service ID included in the collection permission database 29 stored in FIG. If they match, the key management server 16 transmits the decryption key to the service providing server. Thus, the key management server 16 only has to store the table (collection permission database 29) indicating the correspondence between the data type and the service ID in the collection permission database storage unit 164, and thus the table held by the key management server 16 The number can be reduced.

  Further, the measuring device adapter (for example, the measuring device adapter 11a) and the key management server 16 generate a predetermined encryption key and a decryption key corresponding to the predetermined encryption key from the common master key. Therefore, if the measuring device adapter passes a model ID for identifying the measuring device to a service providing server (for example, the first service providing server 17a), and the service providing server passes the model ID to the key management server 16, the master key itself Without being placed on the communication path, the key management server 16 can generate a decryption key corresponding to the predetermined encryption key. Therefore, the healthcare system 1 of the present embodiment can ensure the confidentiality of the decryption key.

  Further, a measurement device adapter (for example, measurement device adapter 11a) connected to a measurement device (for example, measurement device 10a) includes an encryption key generation unit 113, an encryption processing unit 111, and a master key storage unit 112. As a result, it is not necessary to significantly add a configuration unnecessary for the original function of the measuring device to the measuring device itself. In other words, the measurement device adapter can realize generation of a predetermined encryption key, generation of encrypted measurement data using the generated encryption key, and transmission of the generated encrypted biometric data. The health care system 1 can provide health-related services while simplifying the structure of the measuring device.

(Embodiment 2)
Next, the health care system of Embodiment 2 is demonstrated, referring drawings.

  In the health care system 1 of the present embodiment, the adapter transmission data for measurement equipment and the key request data do not include the data type, and the key management server decrypts based on the model information database indicating the relationship between the model ID and the data type. It differs from the health care system of Embodiment 1 in that the key generation permission is determined. Hereinafter, illustration and description of the same points as the health care system of the first embodiment are omitted, and different points from the health care system of the first embodiment will be described.

  Since the overall configuration of the health care system 1 and the functional configuration of the measurement device 10a according to the present embodiment are the same as those of the health care system 1 and the measurement device 10a according to the first embodiment, illustration and description thereof are omitted.

<Configuration of Adapters 11a, 11b, 11c for Measuring Equipment>
(Encryption processing unit 111)
The encryption processing unit 111 is an example of an encryption unit, and generates encrypted measurement data that is encrypted using the encryption key generated by the encryption key generation unit 113 from the measurement data received from the measurement device 10a. Furthermore, the encryption processing unit 111 generates measuring instrument adapter transmission data 71 including a model ID and encrypted measurement data. FIG. 23 is a diagram illustrating an example of the adapter transmission data 71 for measurement equipment. As shown in the drawing, the measuring device adapter transmission data 71 includes a model ID of the measuring device 10a to which the measuring device adapter 11a is attached and encrypted measurement data. That is, unlike the measurement instrument adapter transmission data 21 of the first embodiment, the measurement instrument adapter transmission data 71 does not include a data type.

(Measurement device information storage unit 116)
The measuring device information storage unit 116 stores the measuring device information 72. The measuring device information 72 includes information related to the measuring device 10a to which the measuring device adapter 11a is attached and information set by an instruction from the user terminal adapter 14. FIG. 24 is a diagram illustrating an example of the measurement device information 72. As illustrated in FIG. In the measuring device information 72 according to the present embodiment, data indicating whether transmission is necessary is set so that only one data type is determined to be necessary. For example, as shown in the figure, only the transmission necessity of the data type “001” is set to “1”. Thereby, the encryption processing unit 111 encrypts only the measurement data of one data type.

<Configuration of User Terminal Adapter 14>
(Connected device information storage unit 144)
The connected device information storage unit 144 stores the connected device information 73. The connected device information 73 is information for identifying the measuring device adapter connected to the user terminal adapter 14, information of the measuring device in which the measuring device adapter is mounted, and the measuring device measures. Contains information on whether health information needs to be stored. FIG. 25 is a diagram illustrating an example of the connected device information 73. As shown in the figure, the connected device information 73 according to the present embodiment includes a measuring device adapter ID, a model ID, and necessity of accumulation. That is, the connected device information 73 does not include the data type, unlike the connected device information 23 of the first embodiment.

<Configuration of First Service Providing Server 17a, Second Service Providing Server 17b, and Third Service Providing Server 17c>
(Key request data generation unit 172)
The key request data generation unit 172 generates key request data 77 for requesting the key management server 16 for a decryption key for decrypting the encrypted measurement data received from the user terminal adapter 14. The key request data 77 includes information for identifying the measuring device and information for identifying the service providing server. FIG. 26 is a diagram illustrating an example of the key request data 77. As shown in the drawing, the key request data 77 according to the present embodiment includes a service ID of the service providing server and a model ID included in the user terminal adapter transmission data. That is, the key request data 77 is different from the key request data 27 of the first embodiment and does not include a data type.

(Decryption key storage unit 176)
The decryption key storage unit 176 stores the decryption key received from the key management server 16. FIG. 27 is a diagram illustrating an example of stored decryption key data 78 stored in the decryption key storage unit 176. As shown in the figure, the accumulated decryption key data 78 according to the present embodiment includes a model ID and a decryption key. That is, unlike the stored decryption key data 28 of the first embodiment, the stored decryption key data 78 does not include a data type.

<Configuration of Key Management Server 16>
FIG. 28 is a block diagram showing a functional configuration of the key management server 16. As shown in the figure, the key management server 16 according to the present embodiment includes a model information database storage unit 165 in addition to the components included in the key management server 16 according to the first embodiment.

(Decryption key generation permission determination unit 163)
The decryption key generation permission determination unit 163 is an example of a control unit, receives a decryption key request from the service providing server, and stores a collection permission database 29 stored in the collection permission database storage unit 164 and a model information database storage unit. Whether or not a decryption key can be generated is determined based on the model information database 80 stored in 165. When it is determined that the decryption key generation is permitted, the decryption key generation permission determination unit 163 instructs the decryption key generation unit 162 and the transmission / reception unit 161 to generate and transmit the decryption key.

(Collection permission database storage unit 164)
The collection permission database storage unit 164 is an example of a storage unit, and stores the collection permission database 29. The collection permission database 29 stores data types of health information that are permitted to be collected by each service providing server.

(Model information database storage unit 165)
The model information database storage unit 165 is an example of a storage unit, and stores the model information database 80. The model information database 80 stores the type of health information measured by the measuring device corresponding to the information for identifying the measuring device. FIG. 29 is a diagram showing an example of the model information database 80. As shown in the figure, the model information database 80 stores a model ID and a data type. For example, in the model information database 80 shown in FIG. 29, the data type corresponding to the measuring device having the model ID “12345678” is “001” (weight).

  Next, various operations in the health care system 1 of the second embodiment configured as described above will be described.

  The sequence diagram showing the overall processing flow in the health care system 1 of the present embodiment is the same as the sequence diagram shown in FIG. Hereinafter, the overall processing flow in the health care system 1 of the present embodiment will be described with reference to FIG.

  First, the measuring device 10a measures user health information. Then, the measurement device 10a transmits measurement device transmission data including the model ID, the data type, and the measurement data to the measurement device adapter 11a (step S101).

  Next, the measurement device adapter 11a encrypts the measurement data included in the received measurement device transmission data. Then, the measuring instrument adapter 11a transmits the measuring instrument adapter transmission data 71 including the model ID and the encrypted measurement data to the user terminal adapter 14 (step S102).

  Next, the user terminal adapter 14 specifies a service ID corresponding to the model ID included in the measuring instrument adapter transmission data 71. Then, the user terminal adapter 14 transmits the user terminal adapter transmission data including the encrypted measurement data corresponding to the model ID to the service providing server (first service providing server 17a) corresponding to the specified service ID. (Step S103).

  Next, the first service providing server 17a determines whether to decrypt the encrypted measurement data. If it is determined that the data is to be decrypted, the first service providing server 17a sends the key request data 77 including the service ID indicating the server and the model ID included in the received user terminal adapter transmission data to the key management server. 16 (step S104).

  Next, when the received key request data 77 satisfies a predetermined condition, the key management server 16 generates a decryption key corresponding to the key request data 77, and provides the decryption key data including the generated decryption key to the first service. It transmits to the server 17a (step S105).

  Next, the first service providing server 17a decrypts the encrypted measurement data using the decryption key included in the received decryption key data (step S106).

  As described above, in the health care system 1 of the present embodiment, the measurement device adapter transmission data 71 and the key request data 77 do not include a data type.

  Next, details of operations in the measuring instrument adapter 11a, the user terminal adapter 14, the first service providing server 17a, and the key management server 16 will be described. In addition, since the operation | movement in the measuring device 10a of this Embodiment is the same as that of the measuring device 10a of Embodiment 1, description is abbreviate | omitted. In the flowchart of the present embodiment, the same processes as those in the flowchart of the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

<Encrypted transmission processing of measurement data by measuring instrument adapter 11a>
A process in which the measurement equipment adapter 11a encrypts measurement data measured by the measurement equipment 10a and transmits the encrypted measurement data will be described.

  FIG. 30 is a flowchart showing the flow of the encrypted transmission process in the measuring instrument adapter 11a.

  The measurement device adapter 11a executes the processing from step S301 to S308, similarly to the measurement device adapter 11a of the first embodiment. Then, the encryption processing unit 111 generates measuring instrument adapter transmission data 71 including the generated encrypted measurement data and the model ID corresponding to the encrypted measurement data (step S709).

  Next, the transmission / reception unit 114 transmits the measuring instrument adapter transmission data 71 to the user terminal adapter 14 (step S310).

<Transfer of Encrypted Measurement Data by User Terminal Adapter 14>
Next, a process in which the user terminal adapter 14 transfers the encrypted measurement data received from the measurement device adapter 11a to the service providing server will be described.

  FIG. 31 is a flowchart showing the flow of transfer processing in the user terminal adapter 14.

  First, similarly to the first transmission / reception unit 142 of the first embodiment, the first transmission / reception unit 142 determines whether or not the measurement device adapter transmission data 71 is received from the measurement device adapter 11a via the internal network 12. Determination is made (step S401). If the measuring instrument adapter transmission data 71 has not been received (No in step S401), the first transmission / reception unit 142 determines again whether or not the measuring instrument adapter transmission data 71 has been received (step S401). S401). On the other hand, when the measurement device adapter transmission data 71 is received (Yes in step S401), the first transmission / reception unit 142 uses the measurement device adapter from the connection device information 73 stored in the connection device information storage unit 144. The accumulation necessity corresponding to the model ID included in the transmission data 71 is acquired (step S802).

  Next, the user terminal adapter 14 executes the processing of steps S403 to S405 in the same manner as the user terminal adapter 14 of the first embodiment.

  Next, the first transmission / reception unit 142 generates user terminal adapter transmission data including the service ID acquired in step S405 and the model ID and the encrypted measurement data included in the measurement device adapter transmission data 71. (Step S806).

  Next, the second transmitting / receiving unit 143 transmits the generated user terminal adapter transmission data to the service providing server corresponding to the use service ID (step S407).

<Decryption of encrypted measurement data by first service providing server 17a>
Next, a description will be given of a determination process for determining whether or not the first service providing server 17a decrypts the encrypted measurement data included in the received user terminal adapter transmission data and a decryption process of the encrypted measurement data. .

  FIG. 32 is a flowchart showing the flow of the decoding determination process and the decoding process in the first service providing server 17a. Since the decryption process of the encrypted measurement data is the same as the decryption process of the first embodiment, the decryption determination process in the first service providing server 17a will be described.

  The first service providing server 17a executes the processes of steps S501 to S503, like the first service providing server 17a of the first embodiment.

  Next, the transmission / reception unit 171 searches the stored decryption key data 78 stored in the decryption key storage unit 176 for a decryption key corresponding to the model ID included in the user terminal adapter transmission data (step S904).

  As a result of the search in step S904, when it is determined that there is a decryption key corresponding to the model ID included in the user terminal adapter transmission data (No in step S505), the measurement data decryption unit 173 uses the decryption key. The encrypted measurement data included in the user terminal adapter transmission data is decrypted (step S514). On the other hand, when it is determined that there is no decryption key corresponding to the model ID included in the user terminal adapter transmission data (Yes in step S505), the key request data generation unit 172 identifies the first service providing server 17a. Key request data 77 including the service ID and the model ID included in the user terminal adapter transmission data is generated (step S906).

  Next, the transmission / reception unit 171 transmits the key request data 77 to the key management server 16 via the external network 15 (step S507).

<Generation of Decryption Key by Key Management Server 16>
Next, a process in which the key management server 16 generates a decryption key based on the received key request data 77 will be described.

  FIG. 33 is a flowchart showing the flow of the decryption key generation process in the key management server 16.

  First, the transmission / reception unit 161 determines whether or not the key request data 77 has been received from the service providing server via the external network 15 (step S601). Here, when the key request data 77 has not been received (No in Step S601), the transmission / reception unit 161 determines again whether or not the key request data 77 has been received (Step S601). On the other hand, when the key request data 77 has been received (Yes in step S601), the decryption key generation permission determination unit 163 acquires the service ID and the model ID included in the key request data 77 (step S1002).

  Next, the decryption key generation permission determination unit 163 determines whether or not the model ID included in the key request data 77 is included in the model information database 80 stored in the model information database storage unit 165 (Step S1). S1011). Here, when the model ID is not included in the model information database 80 (No in Step S1011), the decryption key generation unit 162 cannot decrypt the encrypted measurement data by the service providing server that transmitted the key request data 77 ( Decryption key data indicating that decryption is not possible is generated (step S609). On the other hand, when the model ID is included in the model information database 80 (Yes in step S1011), the decryption key generation permission determination unit 163 transmits data corresponding to the service ID included in the key request data 77 from the model information database 80. The type is acquired (step S1012).

  Next, the decryption key generation permission determination unit 163 determines whether or not the service ID included in the key request data 77 is included in the collection permission database 29 stored in the collection permission database storage unit 164 (Step S1). S603). If the service ID is not included in the collection permission database 29 (No in step S603), the decryption key generation unit 162 cannot decrypt the encrypted measurement data by the service providing server that transmitted the key request data 77 ( Decryption key data indicating that decryption is not possible is generated (step S609). On the other hand, when the service ID is included in the collection permission database 29 (Yes in step S603), the decryption key generation permission determination unit 163 determines from the collection permission database 29 the permission corresponding to the service ID included in the key request data 77. The data type is acquired (step S604).

  Next, the decryption key generation permission determination unit 163 determines whether or not the data type acquired from the model information database 80 in step S1012 matches the permission data type acquired from the collection permission database 29 in step S604. (Step S1005). Here, when the data type does not match the permitted data type (No in step S605), the decryption key generation unit 162 indicates that the service providing server that transmitted the key request data 77 cannot decrypt the encrypted measurement data (decryption is impossible). Is generated (step S609). On the other hand, when the data type matches the permitted data type (Yes in step S605), the decryption key generation unit 162 acquires the master key stored in the master key storage unit 160 (step S606).

  Thereafter, the key management server 16 executes the processing of steps S607 to S610 as in the first embodiment.

  As described above, in the health care system 1 according to the present embodiment, as in the health care system according to the first embodiment, on the measurement device side, a plurality of different encryption keys are used for each type of server that provides a service. This eliminates the burden of encrypting measurement data.

  In the health care system 1 of the present embodiment, when the key management server 16 receives the key request data 77 from the service providing server (for example, the first service providing server 17a), the model ID included in the key request data 77 is displayed. From this, the data type is specified. Then, whether or not the identified data type and service ID included in the key request data 77 matches the data type and service ID included in the collection permission database 29 stored in the collection permission database storage unit 164. judge. If they match, the key management server 16 transmits the decryption key to the service providing server. As a result, the key management server 16 can reduce the types of data included in the key request data 77 received from the service providing server to two types, that is, the model ID and the service ID.

(Embodiment 3)
Next, the health care system of Embodiment 3 is demonstrated, referring drawings.

  The health care system 1 of the present embodiment is different from the health care system 1 of the first embodiment that uses a shared key cryptosystem in that a public key cryptosystem is used when encrypting measurement data. Hereinafter, illustration and description of the same points as the health care system 1 of the first embodiment are omitted, and different points from the health care system of the first embodiment will be described.

  Since the functional configurations of the health care system 1, the measurement device 10a, the user terminal adapter 14, and the first service providing server 17a of the present embodiment are the same as those of the first embodiment, illustration and description thereof are omitted.

<Configuration of Adapters 11a, 11b, 11c for Measuring Equipment>
The measuring instrument adapter 11a of the present embodiment is different from the measuring instrument adapter 11a of the first embodiment in that an encryption key information storage unit 117 is provided instead of the master key storage unit 112.

  FIG. 34 is a block diagram showing a functional configuration of the measuring instrument adapter 11a.

(Encryption key information storage unit 117)
The encryption key information storage unit 117 stores encryption key information used when generating a public key as an encryption key.

(Encryption key generation unit 113)
The encryption key generation unit 113 is an example of a key generation unit, and generates a public key based on encryption key information, a model ID, and a data type. The generation method uses a known method related to an ID-based public key cryptosystem. In this embodiment, an example in which the encryption key generation unit 113 generates an encryption key based on encryption key information, a model ID, and a data type will be described. It is not limited to such a health care system. For example, a healthcare system to which the present invention is applied may be a healthcare system in which an encryption key generation unit generates an encryption key based on encryption key information and a model ID.

<Configuration of Key Management Server 16>
The key management server 16 of the present embodiment is different from the key management server 16 of the first embodiment in that a decryption key information storage unit 166 is provided instead of the master key storage unit 160.

  FIG. 35 is a block diagram showing a functional configuration of the key management server 16.

(Decryption key information storage unit 166)
The decryption key information storage unit 166 is an example of a master information holding unit, and stores decryption key information for generating a decryption key.

(Decryption key generation unit 162)
The decryption key generation unit 162 is an example of a key generation unit, and in response to a request from the service providing server, the decryption key information stored in the decryption key information storage unit 166 and the model ID included in the key request data 27 Based on the data type, a secret key corresponding to the public key generated by the measuring instrument adapter 11a is generated. The generation method uses a known method related to an ID-based public key cryptosystem. Note that, similarly to the encryption key generation unit 113 provided in the measuring instrument adapter, the decryption key generation unit 162 may generate a decryption key based on the decryption key information and the model ID.

  Next, various operations in the health care system 1 of the third embodiment configured as described above will be described.

  Details of operations in each of the measuring instrument adapter 11a and the key management server 16 will be described. The operations of the measuring device 10a, the user terminal adapter 14, and the first service providing server 17a of the present embodiment are the same as those of the measuring device 10a, the user terminal adapter 14, and the first service providing of the first embodiment. Since it is the same as that of each of the servers 17a, description thereof is omitted. In the flowchart of the present embodiment, the same processes as those in the flowchart of the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

<Encrypted transmission processing of measurement data by measuring instrument adapter 11a>
A process in which the measurement equipment adapter 11a encrypts measurement data measured by the measurement equipment 10a and transmits the encrypted measurement data will be described.

  FIG. 36 is a flowchart showing the flow of the encrypted transmission process in the measuring instrument adapter 11a.

  The measuring device adapter 11a performs the processing from step S301 to S305, similarly to the measuring device adapter 11a of the first embodiment. Then, the encryption key generation unit 113 acquires the encryption key information stored in the encryption key information storage unit 117 (step S1106).

  Next, the encryption key generation unit 113 generates an encryption key as a public key from the model ID, the data type, and the encryption key information (step S1107).

  Thereafter, the measuring instrument adapter 11a performs the processing of steps S308 to S310 as in the first embodiment.

<Generation of Decryption Key by Key Management Server 16>
Next, a process in which the key management server 16 generates a decryption key based on the received key request data 27 will be described.

  FIG. 37 is a flowchart showing the flow of the decryption key generation process in the key management server 16.

  The key management server 16 executes the processing from step S601 to S605, as with the key management server 16 of the first embodiment. Then, the decryption key generation unit 162 acquires the decryption key information stored in the decryption key information storage unit 166 (step S1206).

  Next, the decryption key generation unit 162 generates a decryption key from the model ID, the data type, and the decryption key information as a secret key corresponding to the public key generated by the measuring device adapter 11a (step S1207).

  Thereafter, the key management server 16 executes the processing of steps S608 to S610, similarly to the key management server 16 of the first embodiment.

  As described above, in the health care system 1 according to the present embodiment, as in the health care system according to the first embodiment, on the measurement device side, a plurality of different encryption keys are used for each type of server that provides a service. This eliminates the burden of encrypting measurement data.

  Further, in the health care system 1 of the present embodiment, the measurement device adapter (for example, the measurement device adapter 11a) uses the model ID as a public key to generate an encryption key used for encrypting measurement data. That is, the measuring device or the measuring device adapter does not need to store the master key. Therefore, the health care system 1 of the present embodiment can prevent the confidentiality of the measurement data from being lost by analyzing the measurement device itself or the measurement device adapter itself and outflowing the master key to the outside.

  Further, since the measuring device or the measuring device adapter generates a public key using a model ID that is information for identifying the measuring device, the key management server 16 holds master information for generating a decryption key. As long as the model ID is leaked to the outside, the encrypted measurement data is not decrypted. That is, the health care system 1 of the present embodiment can ensure the confidentiality of the measurement data.

(Other variations)
Needless to say, the present invention is not limited to the above-described embodiment. The following cases are also included in the present invention.

  (1) Each data and size is merely an example, and other data sizes may be used.

  (2) Although the part which performs an encryption process is made into adapters, such as a measuring device adapter and a user terminal adapter, these processing parts may be integrated with a measuring device and a user terminal. Further, the measuring device adapter and the user terminal adapter may be a memory card attached to the measuring device and the user terminal.

  (3) The measuring device adapter encrypts the measurement data and immediately transmits it to the user terminal adapter, but this is temporarily stored in the user terminal adapter and is once every fixed period. You may make it transmit to the adapter for user terminals.

  (4) Each time the measurement instrument adapter encrypts measurement data, it generates an encryption key from the model ID, data type, and master key. This is done by storing the generated encryption key in a cache. When measurement data of the same data type is sent again from a measurement device with the same model ID, encryption may be performed using an encryption key stored in the cache.

  (5) Communication data between the user terminal adapter and the service providing server, and communication data between the service providing server and the key management server may be encrypted using SSL (Secure Socket Layer) or the like.

  (6) Between the measuring device adapter and the user terminal adapter is not limited to wireless communication, but may be wired communication.

  (7) The unit of data for determining whether or not decryption is possible is not limited to the health information type, and whether or not decryption is possible may be determined in a more detailed unit. For example, in addition to the health information type, the period during which the health information is measured (eg, 1 = indefinite, 2 = 2007/10/1 to 2008/3/30,..., 1 = 0 to 5:00, 2 = 6-11 o'clock, 3 = 12-17 o'clock, 4 = 18-24 o'clock). This can be realized by the measurement device holding a timer, a calendar, and the like. In addition, the measuring device may perform access control based on owner information (name, nickname, age, age, sex, zip code, address). This can be realized if the measuring device has a mechanism capable of registering owner information.

  (8) The device information transmitted together with the encrypted measurement data may be encrypted or may be given a digital signature. This may be performed by a measuring device or a management device.

  (9) The master key is not limited to one. For example, even if a different master key is set for each card manufacturer, the same can be realized by transmitting the manufacturer ID together with the encrypted measurement data.

  (10) Each of the above devices is specifically a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or hard disk unit. Each device achieves its functions by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

  (11) A part or all of the components constituting each of the above devices may be configured by one system LSI (Large Scale Integration). The system LSI is a super multifunctional LSI manufactured by integrating a plurality of components on one chip, and specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. . A computer program is stored in the RAM. The system LSI achieves its functions by the microprocessor operating according to the computer program.

  (12) A part or all of the components constituting each of the above devices may be configured as an IC card that can be attached to and detached from each device or a single module. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the super multifunctional LSI described above. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.

  (13) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.

  The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. The digital signal may be recorded on these recording media.

  In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.

  The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

  In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and executed by another independent computer system. It is good.

  (14) The above embodiment and the above modifications may be combined.

  The healthcare system according to the present invention has a feature that the load of encryption processing on the measurement device side does not increase even if the number of services used by the user increases. This is useful for realizing a healthcare system when there are severe restrictions on the load.

It is a block diagram which shows the whole structure of the health care system which concerns on Embodiment 1-3 of this invention. It is a block diagram which shows the function structure of the measuring device which concerns on Embodiment 1-3 of this invention. It is a figure which shows an example of the apparatus information which concerns on Embodiment 1-3 of this invention. It is a block diagram which shows the function structure of the adapter for measuring devices which concerns on Embodiment 1 and 2 of this invention. It is a figure which shows an example of the adapter transmission data for measuring devices which concerns on Embodiment 1 and 3 of this invention. It is a figure which shows an example of the measuring device information which concerns on Embodiment 1 and 3 of this invention. It is a block diagram which shows the function structure of the adapter for user terminals which concerns on Embodiment 1-3 of this invention. It is a figure which shows an example of the connection apparatus information which concerns on Embodiment 1 and 3 of this invention. It is a figure which shows an example of the accumulation | storage measurement data which concern on Embodiment 1-3 of this invention. It is a figure which shows an example of the utilization service information which concerns on Embodiment 1 and 3 of this invention. It is a block diagram which shows the function structure of the 1st service provision server which concerns on Embodiment 1-3 of this invention. It is a block diagram which shows an example of the collection permission information which concerns on Embodiment 1-3 of this invention. It is a block diagram which shows an example of the key request data which concern on Embodiment 1 and 3 of this invention. It is a figure which shows an example of the accumulation | storage decoding key data which concern on Embodiment 1 and 3 of this invention. It is a block diagram which shows the function structure of the key management server which concerns on Embodiment 1 of this invention. It is a figure which shows an example of the collection permission database which concerns on Embodiment 1-3 of this invention. It is a sequence diagram which shows the flow of the whole process in the health care system which concerns on Embodiment 1-3 of this invention. It is a flowchart which shows the flow of the measurement process in the measuring device which concerns on Embodiment 1-3 of this invention. It is a flowchart which shows the flow of the encryption transmission process in the adapter for measuring devices which concerns on Embodiment 1 of this invention. It is a flowchart which shows the flow of the transfer process in the adapter for user terminals which concerns on Embodiment 1 and 3 of this invention. It is a flowchart which shows the flow of the decoding judgment process in the 1st service provision server which concerns on Embodiment 1 and 3 of this invention, and a decoding process. It is a flowchart which shows the flow of the decoding key production | generation process in the key management server which concerns on Embodiment 1 of this invention. It is a figure which shows an example of the adapter transmission data for measuring devices which concerns on Embodiment 2 of this invention. It is a figure which shows an example of the measuring device information which concerns on Embodiment 2 of this invention. It is a figure which shows an example of the connection apparatus information which concerns on Embodiment 2 of this invention. It is a figure which shows an example of the key request data which concerns on Embodiment 2 of this invention. It is a figure which shows an example of the accumulation | storage decryption key data which concerns on Embodiment 2 of this invention. It is a block diagram which shows the function structure of the key management server which concerns on Embodiment 2 of this invention. It is a figure which shows an example of the model information database which concerns on Embodiment 2 of this invention. It is a flowchart which shows the flow of the encryption transmission process in the adapter for measuring devices which concerns on Embodiment 2 of this invention. It is a flowchart which shows the flow of the transfer process in the adapter for user terminals which concerns on Embodiment 2 of this invention. It is a flowchart which shows the flow of the decoding judgment process in the 1st service provision server which concerns on Embodiment 2 of this invention, and a decoding process. It is a flowchart which shows the flow of the decoding key production | generation process in the key management server which concerns on Embodiment 2 of this invention. It is a block diagram which shows the function structure of the adapter for measuring devices which concerns on Embodiment 3 of this invention. It is a block diagram which shows the function structure of the key management server which concerns on Embodiment 3 of this invention. It is a flowchart which shows the flow of the encryption transmission process in the adapter for measuring devices which concerns on Embodiment 3 of this invention. It is a flowchart which shows the flow of the decoding key production | generation process in the key management server which concerns on Embodiment 3 of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Healthcare system 10a, 10b, 10c Measuring device 11a, 11b, 11c Measuring device adapter 12 Internal network 13 User terminal 14 User terminal adapter 15 External network 16 Key management server 17a 1st service provision server 17b 2nd service provision server 17c Third service providing server 20 Device information 21, 71 Measuring device adapter transmission data 22, 72 Measuring device information 23, 73 Connected device information 24 Accumulated measurement data 25 Usage service information 26 Collection permission information 27, 77 Key request data 28, 78 Accumulated Decryption Key Data 29 Collection Permission Database 80 Model Information Database 100 First Measurement Unit 101 Second Measurement Unit 102 Third Measurement Unit 103 Device Information Storage Unit 104 Adapter I / F
105 Display Unit 106 Transmission Processing Unit 110 Measuring Device I / F
111 Encryption Processing Unit 112 Master Key Storage Unit 113 Encryption Key Generation Unit 114 Transmission / Reception Unit 115 Encryption Process Determination Unit 116 Measurement Device Information Storage Unit 117 Encryption Key Information Storage Unit 140 User Terminal I / F
141 Measurement information storage unit 142 First transmission / reception unit 143 Second transmission / reception unit 144 Connected device information storage unit 145 Usage service information storage unit 160 Master key storage unit 161 Transmission / reception unit 162 Decryption key generation permission unit 163 Decryption key generation permission determination unit 164 Collection permission Database storage unit 165 Model information database storage unit 166 Decryption key information storage unit 170 Collection permission information storage unit 171 Transmission / reception unit 172 Key request data generation unit 173 Measurement data decryption unit 174 User measurement data storage unit

Claims (15)

A measuring device that measures and encrypts biometric data, a server that obtains encrypted biometric data obtained by encrypting the biometric data from the measuring device and provides a health-related service, and a decryption key that decrypts the encrypted biometric data A key management server that provides the server with a key management server,
The measuring instrument is
A measurement unit for measuring the biological data;
A first storage unit storing first identification information for identifying the measuring device;
A first key generation unit that generates a predetermined encryption key from the first identification information;
An encryption unit that encrypts the biometric data using the predetermined encryption key to generate encrypted biometric data;
A first communication unit for transmitting the first identification information, second identification information for identifying the type of the biometric data, and the encrypted biometric data to the server;
The server
A second storage unit for storing the first identification information received from the measuring device, second identification information for identifying the type of the biometric data, and the encrypted biometric data;
A third storage unit storing third identification information for identifying the server;
Second communication for transmitting a request for transmitting a predetermined decryption key corresponding to the predetermined encryption key to the server together with the first identification information, the second identification information, and the third identification information to the key management server And comprising
The key management server
A second key generation unit that generates a predetermined decryption key corresponding to the predetermined encryption key from the first identification information;
The fourth identification information for identifying the server that is the transmission target of the predetermined decryption key and the fifth identification information indicating the type of biometric data managed by the server corresponding to the fourth identification information are stored. 4 storage units,
When a request for transmitting the predetermined decryption key to the server is received from the server together with the first identification information, the second identification information, and the third identification information, the received third identification information and the storage are stored. If the received second identification information matches the fifth identification information stored in correspondence with the fourth identification information, the predetermined decryption key is assigned to the server. A control unit for transmitting to
The health care system, wherein the server decrypts the encrypted biometric data using the predetermined decryption key. A measuring device that measures and encrypts biometric data, a server that obtains encrypted biometric data obtained by encrypting the biometric data from the measuring device and provides a health-related service, and a decryption key that decrypts the encrypted biometric data A key management server that provides the server with a key management server,
The measuring instrument is
A measurement unit for measuring the biological data;
A first storage unit storing first identification information for identifying the measuring device;
A first key generation unit that generates a predetermined encryption key from the first identification information;
An encryption unit that encrypts the biometric data using the predetermined encryption key to generate encrypted biometric data;
A first communication unit that transmits the first identification information and the encrypted biometric data to the server;
The server
A second storage unit for storing the first identification information and the encrypted biometric data received from the measuring device;
A third storage unit storing second identification information for identifying the server;
A second communication unit that transmits to the key management server a request for transmitting a predetermined decryption key corresponding to the predetermined encryption key to the server together with the first identification information and the second identification information. ,
The key management server
A fourth storage unit storing the type of biometric data measured by the measuring device in correspondence with the first identification information for identifying the measuring device;
A fifth storage unit storing the type of biometric data managed by the server corresponding to the second identification information for identifying the server;
A second key generation unit that generates a predetermined decryption key corresponding to the predetermined encryption key from the first identification information;
When the request to transmit the predetermined decryption key to the server is received from the server together with the first identification information and the second identification information, the received first identification stored in the fourth storage unit When the type of biometric data corresponding to the information matches the type of biometric data stored in the fifth storage unit and corresponding to the received second identification information, the predetermined decryption key is assigned to the server A control unit for transmitting to
The health care system, wherein the server decrypts the encrypted biometric data using the predetermined decryption key. The measuring device can be connected to a predetermined encryption device, and the predetermined encryption device generates a predetermined encryption key from the first identification information; and the predetermined encryption device The encryption unit that encrypts the biometric data using a key to generate encrypted biometric data, and the first communication unit that transmits the encrypted biometric data to the server. The health care system according to claim 1 or 2. The healthcare system according to claim 3, wherein the predetermined encryption device is a memory card attached to the measuring device. The measuring device further includes:
A first master key holding unit for holding a master key;
The first key generation unit generates the predetermined encryption key from the first identification information and the master key,
The key management server further includes:
A second master key holding unit that holds the same master key as the master key;
The said 2nd key production | generation part produces | generates the predetermined | prescribed decoding key corresponding to the said predetermined | prescribed encryption key from the said 1st identification information and the said master key, Either of Claim 1 or Claim 2 characterized by the above-mentioned. Health care system. The measuring device can be connected to a predetermined encryption device, and the predetermined encryption device generates a predetermined encryption key from the first identification information; and the predetermined encryption device The encryption unit that encrypts the biometric data using a key to generate encrypted biometric data, the first master key holding unit that holds a master key, and the first that transmits the encrypted biometric data to the server 1 communication unit,
The health care system according to claim 5, wherein the first key generation unit generates the predetermined encryption key from the first identification information and the master key. The healthcare system according to claim 6, wherein the predetermined encryption device is a memory card attached to the measurement device. The first key generation unit of the measurement device generates the predetermined encryption key as a public key using first identification information for identifying the measurement device,
The key management server further includes:
A master information holding unit that holds master information for generating the predetermined decryption key;
The second key generation unit generates the predetermined decryption key as a secret key corresponding to the public key using the received first identification information and the held master information. The health care system according to claim 2. First identification information for receiving the encrypted biometric data obtained by encrypting the biometric data with a predetermined encryption key from a measurement device that measures the biometric data and connected to a server that provides a service related to health, and for identifying the measurement device; A communication unit that receives, from the server, a request to transmit a predetermined decryption key corresponding to the predetermined encryption key together with second identification information for identifying the biometric data and third identification information for identifying the server. When,
A key generation unit for generating a predetermined decryption key from the first identification information;
Memory storing fourth identification information for identifying a server to which the predetermined decryption key is to be transmitted, and fifth identification information indicating the type of biometric data managed by the server corresponding to the fourth identification information And
When the received third identification information matches the stored fourth identification information, and the received second identification information matches the stored fifth identification information, the predetermined decryption key A control unit for transmitting to the server;
A key management server. First identification information for receiving the encrypted biometric data obtained by encrypting the biometric data with a predetermined encryption key from a measuring device that measures the biometric data and connected to a server that provides a health-related service; A communication unit that receives a request from the server to transmit a predetermined decryption key corresponding to the predetermined encryption key to the server together with second identification information for identifying the server;
A first storage unit storing the type of biometric data measured by the measuring device in correspondence with the first identification information for identifying the measuring device;
A second storage unit that stores a type of service provided by the server in correspondence with second identification information for identifying the server;
A key generation unit for generating the predetermined decryption key;
A control unit that transmits the predetermined decryption key to the server when the type of biometric data corresponding to the received first identification information and the type of service corresponding to the received second identification information are related;
A key management server. A measuring device that measures and encrypts biometric data, a server that obtains encrypted biometric data obtained by encrypting the biometric data from the measuring device and provides a health-related service, and a decryption key that decrypts the encrypted biometric data A key management method in a health care system, including a key management server that provides the server with
In the measuring instrument,
Measuring the biological data,
Generating a predetermined encryption key from the first identification information for identifying the measuring device;
Encrypting the biometric data using the predetermined encryption key to generate encrypted biometric data,
Transmitting the first identification information, the second identification information for identifying the type of the biometric data, and the encrypted biometric data to the server;
In the server,
Storing the first identification information received from the measuring device, the second identification information for identifying the type of the biometric data, and the encrypted biometric data;
A request for transmitting a predetermined decryption key corresponding to the predetermined encryption key to the server is transmitted to the key management server together with the first identification information, the second identification information, and the third identification information for identifying the server. And
In the key management server,
When a request for transmitting the predetermined decryption key to the server is received from the server together with the first identification information, the second identification information, and the third identification information, the request is stored as the received third identification information. The fourth identification information for identifying the server that is the transmission target of the predetermined decryption key matches, and is stored corresponding to the received second identification information and the fourth identification information, When the fifth identification information indicating the type of biometric data managed by the server matches, a predetermined decryption key corresponding to the predetermined encryption key generated based on the first identification information is transmitted to the server,
The key management method, wherein the server decrypts the encrypted biometric data using the predetermined decryption key. A measuring device that measures and encrypts biometric data, a server that obtains encrypted biometric data obtained by encrypting the biometric data from the measuring device and provides a health-related service, and a decryption key that decrypts the encrypted biometric data An information management method in a healthcare system including a key management server for providing the server with a key management server,
In the measuring instrument,
Measuring the biological data,
Generating a predetermined encryption key from the first identification information for identifying the measuring device;
Encrypting the biometric data using the predetermined encryption key to generate encrypted biometric data,
In the server,
Receiving the first identification information and the encrypted biometric data from the measuring device;
A request to transmit a predetermined decryption key corresponding to the predetermined encryption key to the server is transmitted to the key management server together with the first identification information and the second identification information for identifying the server;
In the key management server,
Storing the type of biometric data measured by the measuring device corresponding to the first identification information for identifying the measuring device;
Storing the type of service provided by the server corresponding to the second identification information for identifying the server;
When a request for transmitting the predetermined decryption key to the server is received from the server together with the first identification information and the second identification information, biometric data stored corresponding to the received first identification information And a predetermined decryption key corresponding to the predetermined encryption key generated based on the first identification information when the type of service stored in association with the received second identification information is related To the server,
The information management method, wherein the server decrypts the encrypted biometric data using the predetermined decryption key. An encryption device that is attached to a measuring device that measures biometric data and that transmits the biometric data to a server that provides services related to health,
An interface unit with the measuring device;
A first storage unit for storing biological data input from the measuring device;
A second storage unit for storing unique data unique to the measuring device input from the measuring device;
A master key holding unit that stores a predetermined master key in advance;
A key generation unit that generates a predetermined encryption key based on the unique data and the predetermined master key;
An encryption unit for encrypting the biometric data using the generated predetermined encryption key;
A communication unit for transmitting the encrypted biometric data to the server;
An encryption device comprising: The encryption apparatus according to claim 13, wherein the encryption apparatus is a memory card attached to the measuring device. An encryption method for encrypting the biometric data when transmitting the biometric data output from a measuring instrument that measures biometric data to a server that provides a service related to health,
Input the biological data from the measuring device,
Input unique data specific to the measuring device from the measuring device,
Generating a predetermined encryption key based on the unique data and a predetermined master key held in advance;
Encrypt the biometric data using the generated predetermined encryption key,
An encryption method comprising transmitting the encrypted biometric data to the server.

Images