JP2004118441A - User information use method and user information use system - Google Patents

Abstract

[PROBLEMS] To protect personal privacy.
Kind Code: A1 A user information use method for using information about a user stored in a database of a predetermined institution to provide a service to the user using a computer system, wherein different ID codes are stored between devices. Issuing the portable device to the user, performing a procedure for registering information on the user in a database of a predetermined institution selected by the user who owns the portable device, and transmitting the ID code stored in the portable device to the terminal device. A step of transmitting the read ID code to a predetermined institution where the registration procedure is performed (S103), and a step of searching the database for information on the corresponding user based on the transmitted ID code (S306). ) And provide a predetermined service using the information on the searched user. Step (S211) and a.
[Selection] Fig. 6

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a user information use method and a user information use system, and more particularly to a user information use method and a user information use system for using personal information of a user while protecting privacy.
[0002]
[Prior art]
In recent years, an IC card in which an IC is embedded in a plastic card has been known. Since this IC card can store a large amount of data, information for directly identifying the individual, such as an identification number, name, date of birth, address, telephone number, etc. assigned to the individual is stored in the IC card. Attempts have been made to provide various services by reading personal information from the IC card.
[0003]
As a reading device for reading information from the IC card, there are a contact type and a non-contact type. In a contact-type reader, the reader and the IC card are electrically connected, so it is necessary to directly contact the IC card with the reader. In a non-contact type reader, radio waves are used for communication between the IC card and the reader. As a power source of the IC card, a current induced by receiving a radio wave emitted from the reading device is used.
[0004]
Although the prior art of the present invention has been described based on general technical information obtained by the applicant, information that should be disclosed as prior art document information before the filing of the application within the scope of the applicant's storage is described. The applicant does not have
[0005]
[Problems to be solved by the invention]
However, when personal information for directly specifying an individual is stored in the IC card, it becomes possible for a person who has no relation to the individual to obtain the personal information stored in the IC card. . For example, if the IC card is lost, a person who has found the IC card can freely browse the personal information stored in the IC card. Then, once the personal information is provided to a third party for a fee, it is not known how the personal information will be used thereafter. Further, it is conceivable that a person who has found the IC card impersonates the true owner of the IC card, for example, receives a loan from a financial institution and is illegally used.
[0006]
When the IC card is read by a non-contact type reader, while the owner of the IC card reads personal information with a reader of a service organization at his / her will to receive a certain service. May be intercepted by a third party. Also in this case, it is conceivable that a third party who has illegally acquired personal information abuses the acquired personal information. In order to prevent a third party from intercepting radio waves, it is conceivable to insert an IC card into a housing that shields radio waves and read personal information inside the housing, When personal information is read from an IC card, there is a problem that the inside of the housing generates heat.
[0007]
SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problems, and an object of the present invention is to provide a user information use method and a user information use system capable of protecting personal privacy.
[0008]
Another object of the present invention is to provide a user information use method and a user information use system capable of providing a service unique to an individual using personal information.
[0009]
[Means for Solving the Problems]
According to one aspect of the present invention, there is provided a method of using user information, wherein information about a user stored in a database of a predetermined organization is used to provide a service to the user using a computer system. A user information use method, which is an apparatus for storing an ID code used to identify information on a predetermined user from information stored in a database, wherein different ID codes are stored between the apparatuses. An issuance step of issuing a portable device that is usually carried by the user to the user in the state, and the user owning the portable device issued by the issuance step selects a desired predetermined organization from a plurality of predetermined organizations; Perform a procedure for registering information on the user in the database of the predetermined institution and store the information on the user A transmitting step of causing the terminal device to read the ID code stored in the portable device, and transmitting the read ID code to a predetermined institution where the registration procedure is being performed. A search step of searching for information on a corresponding user from information stored in a database based on the obtained ID code, and a service for providing a predetermined service using the information on the user searched by the search step Providing the mobile device without storing the user-specific personal information capable of directly specifying the user, and storing the user-specific personal information on the database side.
[0010]
Preferably, the portable device uses radio waves as an information transmission medium and is always worn on the user's body.
[0011]
Preferably, the portable device transmits the encrypted ID code to the terminal device.
[0012]
Preferably, the portable device further stores a registration institution code for specifying a predetermined institution where the registration procedure has been performed, and the registration institution code transmitted from the terminal device matches the stored registration institution code. The ID code is output on the condition that this is the case.
[0013]
Preferably, the mobile device can store a plurality of types of registration institution codes, and when a request for transmitting a predetermined registration institution code is received from the terminal device, the portable device can store a plurality of types of registration institution codes. The selected registration institution code is selected from and the registered registration institution code is output to the terminal device, and the terminal device transmits the ID code received from the portable device to the predetermined institution specified by the received registration institution code.
[0014]
According to another aspect of the present invention, a user information use system is a user information use system that uses information about a user stored in a database of a predetermined institution to provide a service to the user using a computer system. A device for storing an ID code used for identifying information on a predetermined user from information stored in a database, wherein the device stores different ID codes and is usually carried by a user. User information registration processing means for performing a process of selecting a desired institution from a plurality of predetermined institutions on the side of the user owning the mobile device, performing a procedure for registering information on the user in a database of the predetermined institution, and storing the information; The ID code stored in the portable device is read and transmitted to a predetermined organization where the registration procedure is being performed. Receiving means for receiving the ID code, and using information on the user corresponding to the ID code received by the receiving means, from among information stored in a database based on the ID code. Search means for searching for information about the user, wherein the portable device does not store user-specific personal information capable of directly specifying the user, and stores the user-specific personal information on the database side.
[0015]
Preferably, the portable device uses radio waves as an information transmission medium and is always worn on the user's body.
[0016]
Preferably, the portable device further includes a decrypting unit that transmits the encrypted ID code to the terminal device and decrypts the encrypted ID code output from the portable device.
[0017]
Preferably, the portable device further stores a registration institution code for specifying the predetermined institution where the registration procedure has been performed, and certifies that the transmission destination of the ID code is the predetermined institution where the registration procedure has been performed. And transmitting a registration institution code to the portable device for prompting the portable device to output an ID code.
[0018]
Preferably, the portable device is capable of storing a plurality of types of registrar institution codes, the registrar transmission request means for outputting a transmission request of a predetermined registrar code to the portable device, and the registrar transmission request means. When the requested registration institution code is output from the portable device, the ID code of the portable device is transmitted to a predetermined institution specified by the registration institution code.
[0019]
Preferably, the terminal device is provided in an ambulance and includes a medical institution code transmission requesting unit that outputs a request for transmitting a registration institution code for specifying a medical institution for which a registration procedure is being performed on the portable device. When the registration institution code of the medical institution requested by the institution code transmission requesting means is output from the portable device, the ID code of the portable device is transmitted to the medical institution specified by the registration institution code, and When information about the user corresponding to the code is transmitted from the medical institution, the information about the user is received.
[0020]
Preferably, the terminal device includes financial institution code transmission requesting means for outputting a request for transmitting a registration institution code for specifying a financial institution for which a registration procedure is being performed on the portable device, Transmits the ID code of the portable device to the financial institution specified by the registrar code when the registrar code of the financial institution requested by the user is output from the portable device, and the user corresponding to the ID code When the information about the user is transmitted from the financial institution, the information about the user is received.
[0021]
Preferably, the medicine identification information reading means attached to the medicine to be administered to the patient and reads medicine identification information capable of specifying the type of the medicine, and the medicine is administered based on the medicine identification information read by the medicine identification information reading means. Further comprising: a dosage appropriateness determining means for determining whether or not to administer the drug to a patient; and a warning generating means for generating a warning when the dosage appropriateness determining means determines that the drug should not be administered, and Further stores, in association with the ID code, medication identification information capable of specifying the type of medicine to be administered to the patient corresponding to the ID code. The database is searched on the basis of the ID code read from the device, and the medicine identification information determined by the medicine identification information and the medicine identification information read by the medicine identification information reading means determine whether or not the medicine is appropriate. Characterized in that it constant.
[0022]
Preferably, the vehicle further includes pass permission determining means for determining whether or not the passage of the building is permitted, and the pass permission determining means is configured to register in advance an ID code that should not be permitted to pass. Prohibition ID registration means, ID code reading means for reading an ID code stored in a portable device owned by the user who wants to pass through the entrance, and ID code read by the ID code reading means, Determination means for determining whether or not there is a match among the ID codes registered in the storage device, and control for permitting the opening of the doorway on condition that the determination of the mismatch is made by the match determination means. And opening permission control means for performing the following.
[0023]
Preferably, a user agent storage means for storing a user agent for assisting the user, wherein the user agent storage means stores the user agent corresponding to the ID code based on the ID code so that the user agent can be determined. Job requesting means for determining a user agent corresponding to the transmitted ID code from a plurality of user agents stored in the user agent storage means and requesting the determined user agent for a predetermined job. And further characterized by:
[0024]
Preferably, the user agent is provided with an execution permission determining function of determining whether or not the action that the user intends to perform may be permitted.
[0025]
Preferably, the user agent has predetermined information about the user as knowledge, and when receiving a job request from the job requesting means, obtains information about the user necessary for the action that the user intends to perform. It is characterized in that a process for selecting and using the information is performed.
[0026]
Preferably, the user agent stores the action history data of the user, and when there is a request for browsing the action history data, determines whether or not to permit browsing, and may permit browsing. A function of outputting the action history data when it is determined that
[0027]
Preferably, when there is an access to the information on the user stored in the database, the information on the user to be accessed and the accessor specifying information for specifying the accessing person and the time for specifying the accessing time An access history data storage unit for storing access history data including specific information; and an ID code stored in a portable device owned by the user when a user requests browsing of access history data of information relating to the user. Indexing means for calculating the access history data of the corresponding user from the storage data of the access history data storage means based on the access history data presenting means for presenting the access history data indexed by the indexing means to the user; Is further included.
[0028]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, the same components are denoted by the same reference numerals. Their names and functions are the same. Therefore, detailed description thereof will not be repeated.
[0029]
[First Embodiment]
FIG. 1 is a configuration diagram showing a network system using broadband and showing an overall outline of a user information utilization system. Referring to FIG. 1, connection is made to electronic administration group 2, financial institution group 3, hospital group 4, shopping store group 5, user home 6, content provider group 7, and mobile telephone network 23 through a wide area / large capacity relay network 20. The configured gateway 22, the Internet 21, and the like are configured to transmit and receive information. In the figure, reference numeral 30 denotes a satellite (satellite) for relaying a broadcast wave from the broadcast station 31 and transmitting the wave to the receiving station 32.
[0030]
The electronic administration group 2 is, for example, a city hall, a tax office, or a central government office, and provides administrative services. The medical institution group 4 is a hospital, a pharmacy, or the like that provides medical services. The shopping store group provides services that accompany the consumer's shopping behavior such as shopping. The shopping store group may be an electronic mall of a virtual shop realized by a computer in addition to an actual market. The user home 6 is a home of a user who owns a mobile terminal described later. The content provider group 51 is a group of companies that provide various contents such as video, text, and sound through a network.
[0031]
The radio waves of the mobile phone 11 are transmitted to the base station 24 connected to the mobile phone network 23, and are transmitted via the base station 24, the mobile phone network 23, the gateway 22, and the wide area / large capacity relay network 20. 2, a group of financial institutions 3, a group of medical institutions 4, a group of shopping stores 5, a home 6, a group of content providers 7, and the like can be accessed. The user's private car 8, public toll bus 9, and ambulance 10 are also equipped with the same communication device as the mobile phone 11, such as a base station 24, a mobile phone network 23, a gateway 22, a wide area / large capacity relay network 20. It is configured to be able to access various institutions via the Internet.
[0032]
The portions indicated by double lines in FIG. 1 are wireless LAN, CATV, xDSL (digital subscriber line), FTTH (fiber to the home), and the like.
[0033]
In the electronic administration group 2, the financial institution group 3, the medical institution group 4, the shopping store group 5, the home 6, the content provider group 7, and the like, server devices including computers are installed. When a user receives a service at various institutions, the various institutions use personal information to provide the service.
[0034]
Next, the electronic administration group 2, financial institution group 3, medical institution group 4, shopping store group 5, home 6, and content provider group 7 will be described in more detail. Since the equipment configuration in these institutions is basically the same, the electronic administration group 2 and the medical institution group 4 will be described as examples.
[0035]
In the user information utilization system according to the present embodiment, a portable device in which different ID codes are stored among devices is issued to the user in the electronic administration group 2. This portable device is mainly composed of a ring, but may be in any other form such as a necklace, an earring, a bracelet, glasses, a belt, etc., as long as the form is always worn on the user's body. A mobile device is issued.
[0036]
On the other hand, in the above-mentioned various organizations, personal information on users is managed for the purpose of customer management or information on services for each user. As a code for identifying the personal information, an ID code stored in the portable device is used. That is, when a user receives a service provided by an institution, an ID code is read from a portable device owned by the user in a server device installed in the institution, and the read ID code and personal information of the user are read. Is stored in association with. Once this registration procedure has been executed, the registration institution can extract the user's personal information using the ID code as a key. In addition, the next time the user receives a service at the institution where the user has registered, the personal information of the user can be immediately extracted at the institution by simply reading the ID code stored in the mobile terminal. Service can be provided smoothly.
[0037]
FIG. 2A shows an example of the electronic administrative group 2 shown in FIG. In the city hall 2, a LAN (Local Area Network) 221 is constructed, and the server device 210, the terminal device 200, and the databases 211 and 220 are connected so that information can be exchanged.
[0038]
The terminal device 200 is configured by a personal computer or the like, and is connected with a display 203, a scanner 201, and a staff ID reading device 204. The display 203 is a display device such as a liquid crystal display device and a cathode ray tube (CRT).
[0039]
The staff ID reader 204 is a device for specifying a staff who uses the terminal device 200. When the terminal device 200 is used, it is required that the ID card 205 given to the employee in advance is inserted into the employee ID reading device 204 during use. Therefore, the terminal device 200 can operate only as long as the ID card inserted into the staff ID reader 204 can be read, or can function as a terminal of the server device 210, and the terminal device 200 is removed when the ID card is removed from the staff ID reader 204. , Or stops functioning as a terminal of the server device 210. Further, the terminal device 200 detects a staff member who uses the terminal device 200 based on the staff ID read by the staff ID reading device 204, and indicates to the server device 210 who is using the terminal device 200. For this purpose, the staff ID is transmitted to the server device 210. As a result, the server device 210 can detect by whom the process to be executed by the server device 210 is instructed, and furthermore, a history of when, by whom, and what process is executed. Can be created and recorded.
[0040]
The scanner 201 receives an ID code from the mobile device 1 by communicating with the mobile device 1 described below. Then, the received ID code is transmitted to the personal computer 202.
[0041]
The database 211 stores an ID code, personal information, and log history data. Here, the personal information includes face photograph data, a user's name, address, and the like, but the personal information is not limited to this, and may include information specific to an individual involved in service provision. The user's personal information is stored in association with the ID code stored in the mobile device. As described above, the personal information and the ID code are associated by the user requesting the issuance of the mobile terminal and executing the registration procedure when the mobile terminal is issued from the city hall. The log history data includes a staff ID of a person who has used the personal information and an access time to the personal data in order to identify who and when the personal information was used. The staff ID is determined based on the staff ID read from the ID card by the staff ID reader 204 described above.
[0042]
As described above, in the user information utilization system, all necessary information is stored in the database 211 without storing information in the terminal device 200. Therefore, the terminal device 200 does not need to be provided with a storage device such as a hard disk. By not providing a storage device in the terminal device 200, it is possible to centrally manage data in the database 211 and to prevent fraud such as data recalculation that occurs when data is stored in the terminal device 200. it can. Further, the terminal device 200 can be used as a WBT (Windows (R) Based Terminal).
[0043]
FIG. 2B shows an example of data stored in the usage history data 220. The use history data includes a staff ID, a use application, and a log date and time. The staff ID is determined based on the staff ID read from the ID card by the staff ID reader 204 described above. The use application indicates an application program executed on the server device 210. The log date and time indicates the date and time when the application program specified by the used application was executed by the person specified by the staff ID. Therefore, by associating the usage history data with the log history data stored in the database 211, the history of which staff member (who), when, which personal data has been used, and for what purpose (used application) can be stored later. It is possible to browse. The association between the usage history data and the log history data can be made by comparing the staff ID with the date and time. Also, which staff member is used is specified by the staff ID, when it is used is specified by the date and time of log history data or log date and time of the usage history data, and which personal data is used is specified by an ID code, What is used is specified by the application used.
[0044]
FIG. 3A shows an example of the medical institution group 4 shown in FIG. In the hospital 4, a LAN (Local Area Network) 221 is constructed, and the server device 210, the terminal device 200, and the databases 211 and 220 are connected so that information can be exchanged. The difference from the city hall 2 shown in FIG. 2A is that a terminal device 200A is added and the contents of the personal data in the database 211A are different.
[0045]
The database 211A includes an ID code, personal information, and log history data. Here, the personal information includes face photograph data, user's name, address, medical record data, and medication data. The chart data is data created by a doctor and used to record the individual's illness, treatment history, prescription, and the like. The dosing data includes the type and amount of the drug to be administered and the dosing code. The medication code is given after the result of a doctor's prescription, the type and amount of medicine, and the like are input from the terminal device 200A. The medication code is converted into a barcode, printed and output by a printer, and the output barcode or the like is attached to a medicine to be administered.
[0046]
The user's personal information is stored in association with the ID code stored in the mobile device 1. As described above, the personal information is associated with the ID code by performing the registration process when the user goes to the hospital and receives medical service such as consultation. In the registration process, the ID code stored in the mobile device 1 is read by the scanner 201. Then, a part of the personal information, for example, a name, an address, etc., is input in the terminal device 200A, and is transmitted from the terminal device 200A to the server device 210 together with the read ID code. The server device 210 stores the received ID code and the personal information in the database 211A in association with each other. This completes the registration process. As described above, in the registration procedure at the hospital 4, it is necessary to read the ID code stored in the portable device 1 owned by the user. Therefore, registration is performed only when the user desires registration. If registration is not desired, the ID code stored in the mobile device 1 may not be read. That is, the association between the ID code of the portable device 1 and the personal information is left to the user's will. Therefore, the user can select an institution that permits the association between the ID code of the portable device 1 and the personal information.
[0047]
The “user side” here is not limited to the user himself, but is a concept including a person who has a blood relationship with the user, such as the user's family and relatives, a guardian of the user, and the like. For example, when the user is elderly and suffers from dementia or the like and cannot express his / her intention clearly, the above-mentioned blood relative or guardian performs the intention display to perform the registration procedure on behalf of the user.
[0048]
The terminal device 200A is a portable scanner that combines the functions of the scanner 201 and the terminal device 200A into one. In addition, since it is portable, it is connected to the server device 210 via the LAN 221 by wirelessly communicating with the communication device 206 connected to the LAN 221 instead of being connected to the server device 210 by wire. Further, the terminal device 200A is connected to a barcode reader, and can read a barcode or the like attached to a medicine to be administered.
[0049]
The portable terminal device 200A is carried by, for example, a nurse, reads an ID code from the portable device 1 worn on the patient's body, receives the personal information of the patient from the server device 210, and outputs the information. Thereby, the nurse can know the condition and prescription of the patient. In addition, when the nurse administers the medication, the terminal device 200A reads a barcode or the like affixed to the medication, and compares it with the medication code included in the medication data of the personal data received from the server device 210, and attempts to administer the medication. It is determined whether the drug in question is truly the drug to be administered to the patient. This can prevent a nurse from mistakenly administering a drug that should not be administered to the patient.
[0050]
FIG. 4 is a block diagram schematically illustrating functions of the mobile device 1. Referring to FIG. 4, mobile device 1 has a shape of a ring, and has a shape that can be easily worn on a user's body. Hereinafter, the portable device 1 is referred to as an ID ring 1. In principle, the ID ring 1 is always worn even when taking a bath or sleeping, so that it can be prevented from being lost or stolen. The ID ring 1 is executed by a logic 100 for controlling the entire ID ring 1, a read-only memory (ROM) 101 for storing an encrypted ID code, and a logic 100. In this case, a random access memory (RAM: random access memory) 102, an electrically erasable programmable read-only memory (EEPROM) 103, and a radio wave used for a power supply are received, and signals are transmitted and received. Loop antenna 107, a power control unit 106 for generating power from radio waves used for received power, and a demodulating received signal and modulating a signal for transmission. Including the modulation and demodulation unit 105, and input and output control unit 104 for controlling the input and output of signals to the modulation and demodulation unit 105. The logic 100, the ROM 101, the RAM 102, the EEPROM 103, and the input / output control unit 104 are connected by a data bus 108, respectively.
[0051]
The logic 100 controls the ROM 101, the RAM 102, the EEPROM 103, and the input / output control unit 104 to execute various processes described below.
[0052]
The ROM 101 stores an ID code attached to the ID ring 1 and used to identify the ID ring 1 from other ID rings. The ID code is recorded at the stage when the ID ring 1 is manufactured or before it is issued to the user, and is not deleted thereafter.
[0053]
The EEPROM 103 includes a non-rewritable area where information cannot be rewritten, and a rewritable area where information can be rewritten. The non-rewritable area stores a registration institution code and a registration date. The registered institution code refers to the code of the institution that has executed the above-described registration procedure in order for the user to desire to associate the ID code of the ID ring 1 with the personal information. Note that the EEPROM 103 alone can replace the ROM 101 and the RAM 102. Therefore, at the stage when the above-described registration procedure is executed, the code (registration institution code) of the institution that has executed the registration procedure is received from the terminal device 200A connected to the server device 210, and the date of the day is stored in the non-rewritable area of the EEPROM 103. Is stored. For example, if the registration procedure is performed on September 1, 2002 at Hospital 4, the registration institution code (eg, “AAA”) of Hospital 4 and the registration date of September 1, 2002 are stored in the non-rewritable area. Will be done. In this non-rewritable area, a plurality of registrar institution codes and registra- tion dates can be stored, and in the present embodiment, registrar institution codes of nine institutes can be stored. Therefore, the user can execute the registration procedure at a plurality of institutions.
[0054]
In the non-rewritable area of the EEPROM 103, after a registration institution code and a registration date and time are once stored, a program for prohibiting rewriting of data in the storage area is stored in the ROM 101. Become.
[0055]
In the rewritable area, for example, eco-money and points can be stored. Eco-money is a currency used instead of cash in various communities. For example, in the field of welfare, a currency that can be received by a person for service rendered to another person and then paid as a reward when the person receives service. Points are points given to services provided for each registrar, and are used for so-called point services in which various privileges are given according to the accumulated number of points. For example, when the shopping store 5 is registered as a registrar, points are given according to the price of the product purchased at the shopping store 5, and the given points are stored in the rewritable area. Then, by using the accumulated points, it is possible to receive a privilege such as purchasing another product.
[0056]
The information stored in the rewritable area can store information related to a service provided by a registrar. In the example described above, the eco-money is information related to the service provided by the city hall, and the points are information related to the service provided by the shopping store 5. When the registrar is the financial institution group 3, the registrar can be electronic money.
[0057]
The input / output control unit 104 is controlled by the CPU 100 and transmits and receives information via the modulation / demodulation unit 105 and the loop antenna 107. Thus, the ID ring 1 can communicate with the scanner 201 wirelessly. The communication between the ID ring 1 and the scanner 201 uses the same technology as the communication when a non-contact type IC card is used. Therefore, the detailed description will not be repeated here.
[0058]
Next, the encryption of the ID code will be described. SXAL / MBAL is used for encrypting the ID code. FIG. 5 is an explanatory diagram showing an outline of SXAL / MBAL. In the illustrated example, 20-byte variable-length data, which is plaintext data, is encrypted using an 8-byte (64-bit) encryption key K to obtain a 20-byte variable-length encrypted sequence. In the figure, P, E, F, G, H, I, and C are data in each conversion process, and the subscript indicates the number of bytes. Fm is a cryptographic function.
[0059]
Referring to FIG. 5, first, the exclusive OR (exclusive OR) of the leftmost 8 bytes of variable-length data P and the expanded key KO is determined, and the result of the determination is converted by a function fm. Next, data is converted by SXAL by combining the four bytes at both ends, and the rest is left as it is. Subsequently, the order of the data is reversed, and after the data is converted by the encryption function fm, the order of the data is reversed. This is subjected to data conversion by a cryptographic function fm, an exclusive OR (exclusive OR) of the leftmost 8 bytes of the converted data and the expanded key KI is determined, and an encrypted variable-length encrypted string C is obtained. .
[0060]
In this embodiment, since the encryption algorithm encrypts data or files of 16 bytes or more as one unit, it is possible to perform encryption for each megabyte of large capacity. Focus on the point that decryption becomes extremely difficult because encryption is performed multiple times, and that normal decryption of all information becomes impossible if bit corruption of about 1 bit or data falsification is encountered in the information transmission form Then, this is used for ensuring security in transmitting high-capacity information at high speed. In particular, when bit corruption or data tampering of about 1 bit is encountered, the DES type encryption algorithm does not normally decrypt only the vicinity of the bit corruption or tampered portion or other portions at the time of decryption. Abnormality detection becomes extremely difficult. On the other hand, in SXAL / MBAL, since all parts are changed to abnormal information, it is very easy to detect the abnormal information. Response is possible.
[0061]
Next, a process executed by each device will be described in detail by taking, as an example, a case where a user who has received the ID ring 1 receives an administrative service at a city hall. Here, a case where the user desires to issue an ID ring 1 having a ring shape will be described.
[0062]
FIG. 6 is a first flowchart showing the flow of processing executed in the user information utilization system according to the present embodiment. When the user who has been issued the ID ring 1 goes to the city hall 2 and wants to receive a certain administrative service, when the user goes to the service counter of the city hall, the ID ring 1 A registrar code is transmitted to 1 (S201). That is, in the terminal device 200, the scanner 201 transmits the registrar code by radio until the encrypted ID code from the ID ring 1 is received by the scanner 201 (until a YES determination is made in S202). . The registrar code transmitted here is a code given to the city hall. Therefore, it is possible to determine from the registered institution code transmitted by the scanner 201 that the institution to be provided with the service is the city hall.
[0063]
The ID ring is in a standby state until the registration institution code is received from the scanner 201 (NO in S101), and upon receiving the registration institution code (YES in S102), the process proceeds to step S102. In step S102, it is determined whether or not the received registration institution code is stored in the non-rewritable area of the EEPROM 103. If it is stored, the process proceeds to step S103, and if not, the process returns to step S101. . That is, it is determined whether or not the institution to which the user intends to receive the service is the institution that has already performed the registration procedure for associating the ID code of the ID ring 1 with the personal information. If the institution has performed the registration procedure, the ID code and the personal information have already been linked, so that the service can be provided based on the personal information described below. If the registration procedure has not been executed, the personal information cannot be used. Therefore, a new registration procedure is executed or the service is provided without using the personal information.
[0064]
If it is determined that the registration institution code received by the ID ring 1 is stored in the EEPROM 103, the ID ring 1 transmits the ID code stored in the ROM 101 to the scanner 201 in an encrypted state (S103). ).
[0065]
When receiving the encrypted ID code from ID ring 1 (YES in step S202), terminal device 200 decrypts the encrypted ID code using decryption key K (S203). Hereinafter, decryption using the decryption key K is indicated by a symbol Dk. Then, the user logs in to the server device 210 (S204). The decryption key K is predetermined and is managed in a secret state.
[0066]
In the server device 210, it is determined whether there is a login from the registered scanner (S301). If it is determined that there is a login (YES in S301), the process proceeds to step S302. (NO in S301). In the server device 210, a terminal device 200 that permits login to the server is registered in advance, and only login from the previously registered terminal device is allowed. In addition, when there is a login from the registered terminal device 200, an interrupt may be generated and the following processing may be executed.
[0067]
The server device 210 generates a session key Sk using a random number or the like in step S302, and transmits the generated session key Sk to the terminal device 200 (S303). The session key Sk is an encryption key, and all information subsequently transmitted and received with the terminal device 200 that has received the session key Sk is encrypted with the session key Sk. The above-described SXAL / MBAL can be used as the encryption algorithm, but not limited to SXAL / MBAL, but a general secret key encryption method such as DES may be used. As described above, since the session key Sk is a valid encryption key only between the server device 210 and the terminal device 200, even if a signal transmitted / received by a third party is intercepted, the third party retains the session key. Since the user does not know Sk, the intercepted signal cannot be decoded. Therefore, communication can be performed between the server device 210 and the terminal device 200 with the information to be transmitted and received kept secret. This enables a VPN (Virtual Private Network).
[0068]
The terminal device 200 enters a standby state until the session key Sk is received (NO in S205), and proceeds to S206 in response to the reception (YES in S205). In S206, the decrypted ID code is encrypted with the session key Sk. Hereinafter, the encryption using the encryption key Sk is indicated by a symbol ESk. Then, the encrypted ID code is transmitted to server device 210 (S207).
[0069]
The server device 210 enters a standby state until the ID code is received (NO in S304), and proceeds to step S305 in response to the reception (YES in S304). In step S305, the ID code encrypted with the session key Sk is decrypted with the session key Sk (S305). Then, the database 211 is searched using the decrypted ID code (S306). If the corresponding personal data is extracted, the personal data (search data) extracted by the search is transmitted to the terminal device 200 (S307). ). The search data transmitted at this time is data encrypted with the session key Sk.
[0070]
The terminal device 200 enters a standby state until the search data is received from the server device 210 (NO in step S208), and proceeds to step S209 in response to the reception (YES in S208). In step S209, the received search data is decrypted with the session key Sk, and the decrypted search data is displayed on the display 203 of the terminal device 200 (S210). Thus, the staff at the counter can instantly recognize who is visiting the counter. In addition, the user does not need to generate a name at the window, and does not need to provide necessary personal information, so that the staff at the window can recognize who he or she is.
[0071]
Then, in the terminal device 200, application software is started to provide a service desired by the user, and a predetermined process is executed (S211). The services desired by the user are services provided by the city hall, for example, various services such as issuance of a copy of a family register, change of family register, and change of address. Then, a treatment result (for example, the fact that a resident's card is issued) generated as a result of the provided service is encrypted with the session key Sk and transmitted to the server device 210 (S212). Although the application software related to the provision of the service is executed by the terminal device, the application software may be executed by the server device 210.
[0072]
The server device 210 is in a standby state until a treatment result is received from the terminal device 200 (NO in S308), and proceeds to step S309 in response to the reception (YES in S308). In step S309, the received treatment result is decrypted with the session key Sk. Then, based on the decrypted treatment result, it writes the log history data and the usage history data 220 of the database 211 (S310).
[0073]
On the other hand, in the ID ring 1, it is determined whether or not a request for transmitting a registration institution code has been made (S104). If there is a transmission request, the process proceeds to step S106; otherwise, the process proceeds to step S105. In step S105, the apparatus enters a standby state for a predetermined time, and returns to step S101 when the predetermined time has elapsed. The terminal device 200 may or may not require a registration institution code, and transmits a registration institution code transmission request only when necessary. Therefore, if there is no request for transmission of the registration institution code even after the lapse of the predetermined time, it is determined that the transmission request for the registration institution code is not transmitted from terminal device 200. In step S106, the requested registration institution code is read from EEPROM 103 and transmitted to terminal device 200. The transmission request of the registration institution code includes a signal indicating which type of registration institution code is requested to be transmitted, and the ID ring 1 corresponds to one of the registration institution codes stored in the EEPROM 103. Select the registration institution code and send.
[0074]
Next, a process executed by an ambulance in the user information utilization system according to the present embodiment will be described. In this case, the terminal device 200 and the scanner 201 are mounted on the ambulance. A communication device similar to the mobile phone 11 is connected to the terminal device 200. The terminal device is connected to a medical institution via a base station 24, a mobile phone network 23, a gateway 22, and a wide area / large capacity relay network 20. It is possible to communicate with the group 4.
[0075]
When the sick person is transported by ambulance, it is difficult to obtain information from the sick person because the sick person is not conscious, not in a state of speaking, or is upset and unable to speak clearly There is. In the user information utilization system according to the present embodiment, terminal device 200 mounted on an ambulance receives an ID code from ID ring 1 worn by a sick person, and personal data of the sick person, in particular, It is possible to acquire personal data stored in the hospital 4 where the registration procedure is being performed.
[0076]
FIG. 7 is a second flowchart showing the flow of processing executed in the user information utilization system according to the present embodiment. Referring to FIG. 7, in terminal device 200 mounted on ambulance 10, an ID code receiving process for receiving an ID code from ID ring 1 of a sick person conveyed by ambulance 10 is executed (S221). In this ID code receiving process, the same process as steps S201 to S203 in FIG. 6 is executed. Therefore, description will not be repeated here. On the other hand, in the ID ring 1 worn by the sick person, an ID code transmission process of transmitting an ID code to the terminal device 200 is executed (S110). In this ID code transmission processing, the same processing as steps S101 to S103 in FIG. 6 is executed. Therefore, description will not be repeated here.
[0077]
The terminal device 200 transmits a request for transmitting the registration institution code of the hospital to the ID ring (S222). This is for specifying a hospital in order to obtain personal information of the sick from a hospital where the sick has performed a registration procedure.
[0078]
On the other hand, in the ID ring 1, it is determined whether or not a request for transmitting a registration institution code has been made (S111). If there is a transmission request, the process proceeds to step S113; otherwise, the process proceeds to step S112. In step S112, a standby state is set for a predetermined time, and when the predetermined time has elapsed, the process returns to step S101. In step S113, the registration institution code of the requested hospital is read from the EEPROM 103 and transmitted to the terminal device 200.
[0079]
The terminal device 200 determines whether or not the registered institution code of the hospital has been received (S223). If it is determined that it has been received, the process proceeds to step S224; otherwise, the process waits until it is received. When receiving the registered institution code of the hospital, the user logs in to the server device 210 of the hospital 4 corresponding to the received registered institution code. In this case, the terminal device 200 mounted on the ambulance 10 is registered in the server device 210 because login to the server device 210 of the hospital 4 is permitted. Therefore, the terminal device 200 mounted on the ambulance 10 can log in to the server device 210 of the hospital 4. In addition, the terminal device 200 stores in advance a registration institution code and information necessary for logging in to the server device 210 of the hospital 4, for example, a network address.
[0080]
Hereinafter, the processes of steps S225 to S232 executed by the terminal device 200 are the same processes respectively corresponding to the processes of steps S205 to S212 in FIG. Therefore, description will not be repeated.
[0081]
The processing executed by the server device 210 of the hospital 4 is the same as the processing of the server device 210 shown in steps S301 to S310 in FIG. For this reason, the server device 210 of the hospital 4 searches for personal data, medical record data, medication data, and the like corresponding to the received ID code, and transmits it to the terminal device 200 of the ambulance 10.
[0082]
As described above, in the user information utilization system according to the present embodiment, the terminal device 200 mounted on the ambulance 10 receives the ID code and the registration institution code of the hospital from the ID ring 1 of the sick person to be transported. . Then, after logging in to the server device 210 of the hospital 4 corresponding to the received registration code of the hospital and transmitting the ID code of the sick, personal information of the sick, for example, medical chart data and medication data are received, It is displayed on the display 203. Therefore, when giving emergency treatment to a sick person in the ambulance 10, specific information such as the illness of the sick person, the current health condition, medicines that can be taken, medicines that cannot be taken, etc. can be obtained. Measures can be taken. The contents of the treatment performed in the ambulance 10 are transmitted to the server device 210 of the hospital 4 and recorded in the database 211 of the server device 210. For this reason, when the hospital examines the sick person next, it is possible to know what treatment has been performed in the ambulance.
[0083]
Also, here, the transmission of the registration institution code of the hospital 4 is requested to obtain the personal data recorded in the server 210 of the hospital 4, but the transmission of the registration institution code of the city hall 2 is requested. Alternatively, personal data recorded in the server device 210 of the city hall 2 may be obtained. As a result, the identity of the sick person can be immediately confirmed, and the sick person's relatives can be contacted. Further, if the server device 210 is installed in the sick person's home 6 and is registered as a registrar, the server device 210 installed in the home 6 is logged in and an emergency situation for the sick person occurs. The occurrence may be notified.
[0084]
Next, a description will be given of processing executed when a medicine or treatment is performed at a hospital in the user information utilization system according to the present embodiment. Here, the description will be made using the ID ring 1, the portable terminal device 200A shown in FIG. 2 and the server device 210 installed in the hospital 4. Note that the ID ring 1 can be used as a substitute for a consultation ticket. When a nurse administers or administers to a patient, the nurse administers or administers a prescribed medicine according to a doctor's instruction using a syringe, an infusion, or the like. In general, when administering medication to an inpatient at a large-scale hospital, medicines of a plurality of patients are mounted on one wagon or the like, and administered sequentially while traveling around a hospital room. According to the user information utilizing system in the present embodiment, it is possible to prevent a wrong administration of the medicine from another person during the administration. In addition, it is possible to prevent a patient from making mistakes in surgery or treatment. For example, when a doctor prescribes a drug to be administered, the content is stored in the database 211A as medication data. Then, a bar code or the like included in the medication data is output from a printer or the like, and the bar code or the like output on the medicine to be administered is attached.
[0085]
The nurse places the medicine on the wagon while carrying the terminal device 200A and heads for medication. Then, before administering the medicine to the patient, the bar code attached to the medicine to be administered is read by the bar code reader, and the ID code is received from the ID ring 1 attached to the body of the patient. Then, after transmitting the ID code to server device 210, terminal device 200 receives the medication data. The barcode of the received medication data is compared with the read barcode, and if they do not match, an alarm is issued.
[0086]
FIG. 8 is a third flowchart illustrating the flow of a process performed by the user information utilization system according to the present embodiment. The processing executed in the ID ring 1 is the same as the processing shown in steps S101 to S103 in FIG. 6, and the processing executed in the server device 210 is shown in steps S301 to S310 in FIG. This is the same as the processing. Therefore, these descriptions are omitted in FIG.
[0087]
Referring to FIG. 8, terminal device 200A executes an ID code receiving process (S241) to receive an ID code from ID ring 1. In this ID code receiving process, the same process as steps S201 to S203 in FIG. 6 is executed. Therefore, description will not be repeated here. The ID code received in step S241 is the ID code of the ID ring 1 worn by the patient on whom the nurse is about to administer medicine. Then, an ID code encrypted transmission process (S242) is executed, and the ID code encrypted with the session key Sk is transmitted to the server device 210. In this ID code encrypted transmission processing, the same processing as steps S204 to S207 in FIG. 6 is executed. Therefore, description will not be repeated here.
[0088]
Next, it is determined whether the search data has been received from the server device 210 (S243). If it has been received, the process proceeds to step S244; otherwise, the process waits until it is received. The search data received here is personal data of a patient who is about to administer medication, and the personal data includes medication data. Further, the medication data includes data represented by a barcode or the like directly attached to the medicine.
[0089]
Then, the received search data is decrypted with the session key Sk (S244), and the decrypted search data is displayed on the display unit of the terminal device 200A (S245). The nurse can determine the medicine to be administered by looking at the displayed search data, particularly the medication data. Here, the first check is performed.
[0090]
Then, a barcode reading process is performed in which the nurse reads a barcode affixed to the medicine to be administered with a barcode reading device connected to the terminal device 200A (S246). The read barcode data is compared with the barcode data included in the search data received in step S243, and it is determined whether or not both data match (S247). If it is determined that they match, the process proceeds to step S249. If they do not match, the process proceeds to step S248. The determination in step S247 is to determine whether the medicine prescribed by the doctor and the actual medicine to be administered match, and can be said to be the second check.
[0091]
In step S248, an alarm is generated because they do not match. The warning may be any of generating a warning sound, displaying a warning message, or warning by sound and display. On the other hand, a step S249 displays characters “OK”.
[0092]
As described above, in the user information utilization system according to the present embodiment, when a nurse administers medication, it is determined whether or not the medicine to be actually administered matches the medicine prescribed by the doctor. Therefore, it is possible to prevent a different medicine from being administered due to a mistake of a nurse.
[0093]
In the embodiment shown in FIG. 8, the terminal device 200A determines whether or not the medicine to be actually administered matches the medicine prescribed by the doctor. The present invention is not limited to this. For example, the bar code data and the like read by the terminal device 200A and the ID code read from the ID ring 1 of the patient (user) are transmitted to the server device 210 of the hospital 4, and the server device 210 makes a determination. Then, the determination result may be returned to the terminal device 200A.
[0094]
Next, a case where the user information utilization system is used to prevent the elderly from wandering will be described. In this case, the server device 210 and the terminal device 200 are installed in the house 6. The scanner 201 and the electronic lock device are installed at the entrance of the house. This electronic lock device is controlled by the server device 210 to switch between a locked state and an unlocked state. This electronic lock device is maintained in a locked state by default. Therefore, the entrance is normally locked, and is switched to the unlocked state when the condition described below is satisfied.
[0095]
In the database 211 of the server device 210, data indicating that passage through an entrance is not permitted is stored in advance as personal information. Therefore, if the ID code is obtained, it is possible to determine that the person is not allowed to pass.
[0096]
Since the scanner 201 is installed at the entrance, when a person wearing the ID ring 1 goes to the entrance, communication between the scanner 201 and the ID ring 1 is started. If the registered institution code of the home is stored in the non-rewritable area of the EEPROM 103 of the ID ring 1, the ID code is transmitted from the ID ring 1 to the scanner 201.
[0097]
FIG. 9 is a fourth flowchart illustrating the flow of the process performed by the user information utilization system according to the present embodiment. Note that the processing executed in the ID ring 1 is the same as the processing shown in steps S101 to S103 in FIG. Therefore, the description is omitted in FIG. 9 and the description will not be repeated here.
[0098]
Referring to FIG. 9, terminal device 200 executes an ID code receiving process (S251) to receive an ID code from ID ring 1. In this ID code receiving process, the same process as steps S201 to S203 in FIG. 6 is executed. The ID code received in step S251 is the ID code of the ID ring 1 worn on the body by the person approaching the entrance. Then, it is determined whether the ID code has been received from ID ring 1 (S252). If the ID code has been received, the process proceeds to step S253; otherwise, the process returns to step S251. If the ID code is not received, the electronic lock device is not controlled at all and cannot pass through the entrance. Therefore, when there is no ID code, when a wanderer unintentionally removes the ID ring 1 from the body, the entrance is not switched to the unlocked state. Also, even when the ID ring 1 is worn, if the home registration institution code is not registered in the non-rewritable area of the EEPROM, the ID code is not transmitted to the terminal device 200. The entrance is not switched to the unlocked state.
[0099]
In step S253, the user logs in to server device 210 at home 6. The server device 210 determines whether there is a login from the registered scanner (S351). The processing of steps S253 to S256 of the terminal device 200 corresponds to the processing of steps S204 to S207 in FIG. 6, respectively, and is the same. The processes of steps S351 to S355 of the server device 210 correspond to and are the same as the processes of steps S301 to S305 in FIG. Therefore, description thereof will not be repeated.
[0100]
When the server device 210 receives, from the terminal device 200, the ID code of the ID ring 1 worn by the person approaching the doorway, it extracts personal data corresponding to the ID code stored in the database 211. Then, it is determined from the extracted personal data whether passage is not permitted (S356). If it is determined that the passage is not permitted, the process skips step S357 and proceeds to step S358. Otherwise, the process proceeds to step S357.
[0101]
In step S357, an entrance opening process for performing control to switch the electronic lock device to the unlocked state is executed (S357). Thereby, it is possible to pass through the entrance. Therefore, only a person who is not stored in the database 211 of the server device 210 as not being allowed to pass can pass through the entrance. In the entrance opening process, control is performed so as to switch to the locked state after a predetermined time has elapsed. Note that control may be performed so as to switch to the unlocked state only while the ID code is being received.
[0102]
In S358, the fact and date and time of the passage are written in the log history data of the database 211 when the passage has been made. Also, even if the vehicle does not pass, when the ID code is received, the fact that the user has approached the entrance and the date and time are written. Further, in step S356, when a person who is not permitted to pass approaches the entrance, an alarm may be sounded or a message for notifying the portable terminal of the fact may be transmitted wirelessly.
[0103]
In the present embodiment, the fact that the passage is not permitted is stored in the personal data of the person who does not permit the passage, but the fact that the passage is permitted is set as the personal data only for the person who permits the passage. You may make it memorize | store.
[0104]
In addition, the lock control of the doorway of the house has been described, but the present invention can be applied to the lock control of the doorway of a company, a facility, and the like in the case of a building. When applied to the doorway of a company, even if a person other than an employee approaches the doorway, the locked state is maintained so that security can be strengthened, and employees can unlock only by approaching the doorway. It is convenient because it can be switched to In addition, the present invention can be applied to door locks at doors of rooms, safes or buildings in which powerful drugs, dangerous materials or highly confidential materials, precious metals, cash, securities, and the like are stored. Thus, it can be effectively used for safety measures. Further, the present invention can be applied not only to buildings, but also to, for example, car door locks. The door lock is released only by the car owner approaching the car.
[0105]
Next, a process of storing and browsing history data performed by the user information utilization system according to the present embodiment will be described. The server device 210 is provided with usage history data 220 that stores a history of how personal data was used. The process of creating the usage history data 220 is the history data storage process.
[0106]
As described above, the database 211 of the server device 210 stores personal data and log history data corresponding to the ID data. A user or a person related to the user, such as a relative, may want to view the history data of the user. In some cases, a user may want to know how his or her personal data is being used at that institution, or may wish to perform an audit. The process that enables browsing of the history data is the browsing process.
[0107]
FIG. 10 is a flowchart illustrating the flow of the history data storage and browsing process. This processing is executed by the server device 210, and the terminal device 200 is used for the input operation. Referring to FIG. 10, first, it is determined whether or not an access request has been made to server device 210 from terminal device 200. If there is an access request, the process proceeds to step S322; otherwise, the process proceeds to step S326. In step S322, an access person is specified. The ID of the ID card read by the user ID reading device 204 of the terminal device 200 is transmitted when the server device 210 is accessed. The server device 210 specifies a person who has accessed the data based on the received ID.
[0108]
Then, in the next step S323, the application software is activated to specify which personal data has been accessed. Next, the access time is acquired (S324). Then, it writes the usage history data 220 and the log history data of the database 211 (S325). The use history data 220 stores an accesser ID, a use application, and an access date and time. In the log history data of the database 211, the access date and time and the ID of the accessor are stored.
[0109]
In step S326, it is determined whether there is a browsing request for the history data. If there is a request, the process proceeds to step S327; otherwise, the process returns to S321. In step S327, an ID code receiving process is executed. As a result, the ID code of the ID ring 1 worn by the user making the browsing request is received.
[0110]
Then, the history data corresponding to the received ID code is determined (S328). This determination is realized by a process of extracting the log history data stored in the database 211 in association with the ID code, and a process of associating the extracted log history data with the usage history data 220. Then, the determined history data is output (S329).
[0111]
As described above, the user can browse how the personal information stored in the registration institution is used, so that the user can check whether or not the information has been illegally used.
[0112]
Further, since the log history data of the database 211 can store an individual's behavior, the individual's behavior history can be browsed. For example, if the behavior of the wandering old man is stored in the server device 210 installed in the house 6, it is possible to know what kind of behavior the old man has performed. In addition, since the server device 210 installed in the shopping store 5 stores history data such as a product purchased by the user and a purchase price, such information can be checked later.
[0113]
It is also possible to use the mobile phone 11 instead of the terminal device 200 as the operation input device. In this case, since the history data is displayed on the display unit of the mobile phone 11, the history data can be browsed regardless of the location of the user.
[0114]
[Second embodiment]
Next, a user information utilization system according to a second embodiment will be described. The user information utilization system according to the second embodiment differs from the personal information utilization system according to the first embodiment in using an agent. Hereinafter, the points different from the user information utilization system according to the first embodiment will be mainly described.
[0115]
FIG. 11 is a diagram illustrating an overall outline of a user information utilization system according to the second embodiment. Referring to FIG. 11, a help agent is stored in database 211B of city hall 2 in association with an ID code. This assisting agent is an agent for assisting the user wearing the ID ring 1 in which the ID code is stored, and is particularly useful when the user himself is elderly and suffers from dementia or the like. The assistance agent is a mobile agent that can move to another computer, and executes various activities for assisting the user at the destination computer.
[0116]
A specific example of the user information utilizing system using the agent will be described with a case where a user purchases a product at the shopping store 5 as an example.
[0117]
FIG. 12 is a flowchart illustrating a flow of processing executed in the user information utilization system according to the second embodiment. Here, when the user approaches the terminal device 200 installed at a cashier or the like of the shopping store 5, an ID code is received from the ID ring 1 worn by the user, and is received by the terminal device 200. In FIG. 12, the ID code transmission process in step S161 executed in ID ring 1 is the same as the process in steps S101 to S103 shown in FIG. 6, and thus description thereof will not be repeated here. In addition, the ID code receiving process of step S261 executed by the terminal device installed at the cash register of the shopping store or the like is the same as the process of steps S201 to S203 shown in FIG. 6, and therefore, description thereof will not be repeated here.
[0118]
The terminal device 200 of the shopping store 5 transmits a signal requesting the registration code of the city hall and the bank to the ID ring 1 (S262). Then, the system enters a standby state until the registration institution code is received (NO in S263). When the registration institution code is received (YES in S263), the process proceeds to step S264.
[0119]
On the other hand, when ID ring 1 receives the request for transmitting the registration institution code from terminal device 200 (YES in S162), the process proceeds to step S164. If not, the process proceeds to step S163, where it is determined whether a predetermined time has elapsed. If the predetermined time has elapsed, the process returns to step S161.
[0120]
In step S164, the registration institution code of the city hall and the registration institution code of the bank stored in the non-rewritable area of the EEPROM 103 are transmitted to the terminal device 200.
[0121]
Upon receiving the registration institution codes of the city hall and the bank from the ID ring 1, the terminal device 200 logs in to the city hall 2 corresponding to the received registration institution code of the city hall (S264). Then, an ID code encrypted transmission process for transmitting the ID code received in step S261 to the city hall 2 is executed (S265). This ID code encrypted transmission processing is the same processing as the processing described in S205 to S207 in FIG. Thereby, the ID code of the ID ring worn by the user is received by the server device 210 of the city hall 2.
[0122]
Next, the terminal device 200 installed in the shopping store 5 requests transmission of an agent stored in the city hall database 211B in association with the ID code transmitted to the server device 210 of the city hall 2 (S266). , And waits until an agent is received (NO in S267). When the agent is received (YES in S267), the agent asks the agent whether the purchased product and the purchase price are acceptable (S268). As will be described later with reference to FIG. 14B, the user agent stores user action history data, purchase limit data, purchase prohibited product data, and the like as agent knowledge data, and utilizes these knowledge data. It is determined whether the purchase behavior of the user is acceptable. Specifically, for example, it determines whether or not the product that the user is currently purchasing is included in the purchase-prohibited product data, and if so, outputs a determination result indicating that the purchase is not permitted. For example, if the user is under the age of 20 or has a liver, tobacco and alcohol are stored in the purchase-prohibited product data, and when the user tries to purchase them, the purchase prohibition is prohibited. Make a decision. Further, when the user is a child or an elderly person, if the purchase limit of the product is stored in the agent knowledge data as, for example, 3,000 yen, when the user tries to purchase a product of 3,000 yen or more, Determines that the agent does not permit. Further, when the user suffers from dementia or the like, he / she tried to purchase the same product again even though it has not passed much time after purchasing a certain product, for example, only about 10 minutes have passed. In this case, by utilizing the action history data in the agent knowledge data, it is determined that the product currently being purchased is a product that has already been purchased a while ago, and the purchase is determined to be prohibited.
[0123]
If an answer is received from the agent, the process proceeds to step S270; otherwise, the process proceeds to step S275 (S269). In step S275, a message indicating that the product cannot be sold is displayed on the display 203 of the terminal device 200, and the process returns to step S261. At this time, the user logs out of the server 210 of the city hall 2.
[0124]
On the other hand, in step S270, the user logs in to bank 3 corresponding to the registered institution code of the bank received in step S263. Then, an ID code encryption transmission process for transmitting the ID code received in step S261 to the bank 3 is executed (S271). While the ID code encrypted transmission processing executed in S265 transmitted the encrypted ID code to the city hall 2, the ID code encrypted transmission processing executed in step S271 performs the encrypted ID code transmission to the bank 3. The only difference is that the code is sent. The ID code of the ID ring worn by the user is received by the server device 210 of the bank 3 by executing the ID code encryption transmission process in step S271. Then, the agent transmits the personal identification number of the bank (S272). In this way, by having the agent send the password to the agent, for example, even if the user is elderly and forgets the password of his or her own bank, it is possible to make a payment using a bank account, and the user's bank The password is not detected by the terminal device 200 of the shopping store 5.
[0125]
Thereafter, the purchase amount is transmitted to the server device 210 of the bank 3 (S273). The server device 210 of the bank 3 specifies a payment account based on the ID code received from the terminal device 200 and the password transmitted by the agent, and performs payment based on the received purchase amount. Then, the terminal device 200 is notified that the settlement is completed.
[0126]
The terminal device 200 enters a standby state until it receives a notification that the payment is completed (NO in S274), and proceeds to S261 in response to the reception. At this time, the user logs out of the server device 210 of the bank 3 and the server device 210 of the city hall 2.
[0127]
As described above, in the user information utilization system according to the second embodiment, the agent of the user is stored in the database 211B of the city hall 2 in association with the ID code. Since the agent determines whether or not the behavior of the user is permissible, it is possible to restrict, for example, the behavior of a child or an elderly person having a poor ability to manage the user, for example.
[0128]
In addition, since the payment for the goods purchased at the shopping store 5 can be settled using the settlement account of the user established at the bank 3, the payment can be made without owning cash. Furthermore, since the agent transmits the password of the account required for the payment to the agent, the payment can be easily performed, and the password can be prevented from being disclosed to a third party.
[0129]
FIG. 13 is a flowchart illustrating a flow of a process executed by the agent. Referring to FIG. 13, the agent determines whether a movement request has been made (S401). If there is a movement request, the process proceeds to step S402, and moves to the destination to which the movement request has been made (S402). The agent is in a standby state until there is such a movement request (NO in S401).
[0130]
Next, it is determined whether or not there is a request to browse the action history data (S403). If there is a request, the process proceeds to step S416; otherwise, the process proceeds to step S404. In step S416, a viewer authentication process for authenticating the viewer is performed (S416). Then, in step S417, the result of the authentication process is determined. The specification of the viewer can be obtained from the destination server device 210 or terminal device 200. The authentication process for determining whether the person is allowed to browse is determined based on knowledge data previously given as knowledge to the agent. If it is determined that the user is permitted to browse, the process proceeds to step S418; otherwise, the process proceeds to S419.
[0131]
In step S418, the action history is displayed on the destination computer. The action history to be displayed is the action history stored by the agent. Thereafter, the process proceeds to step S409. In step S419, the inappropriateness is displayed on the destination computer.
[0132]
On the other hand, in step S404, it is determined whether or not knowledge data has been input. If there is an input, authentication of the input person is performed (S405), and if there is no input, the process proceeds to step S411. In step S405, authentication of the input person is performed. Authentication of the input person is performed based on the knowledge data stored by the agent. Then, the result of the authentication is determined (S406). When it is determined that the authentication is appropriate, the process proceeds to step S407, and when it is determined that the authentication is inappropriate, the process proceeds to step S419. In step S407, it is determined whether or not the input knowledge data already exists. If so, the process proceeds to step S408; otherwise, the process proceeds to step S410. In step S408, after updating the existing knowledge data to the input knowledge data, the process proceeds to step S409. In step S410, after the input knowledge data is stored, the process proceeds to step S409.
[0133]
On the other hand, in step S411, it is determined whether a request for determination has been made. If there is a request, the process proceeds to step S412; otherwise, the process proceeds to step S414. In step S412, the determination is made using the knowledge data, and the result is notified. After storing the action result of the user (S413), the process proceeds to step S409.
[0134]
In step S414, it is determined whether a job request has been made. If the request has been made, the process proceeds to step S415; otherwise, the process skips step S415 and proceeds to step S409. In step S415, the requested job is processed.
[0135]
In step S409, the process returns by moving the agent to the original computer.
[0136]
FIG. 14A is a flowchart illustrating the flow of the work process executed by the agent. Referring to FIG. 14A, the agent determines whether there is a request for transmission of a personal identification number (S421). When requested, the personal identification number in the knowledge data is transmitted (S422). If the request has not been made, it is determined whether a notification request has been made to the family and relatives (S423). This notification request is, for example, a job requested by the agent when the user (patient) is in danger such as a critical condition in the ambulance 10 or the hospital 4 described above. When there is a request, the process proceeds to step S424, and when there is no request, the process proceeds to step S425. In step S424, a call is made to the telephone number of the family or relative in the knowledge data to notify the current situation. As a specific example of the current notification, for example, a notification of a medical condition or an injury state of a patient (user), a name, an address, a telephone number, or the like of a hospital to be hospitalized can be considered. In step S425, other work processing is executed.
[0137]
FIG. 14B is a diagram illustrating an example of knowledge data stored by the agent. As shown in FIG. 14B, information on the user's individual is stored in the knowledge data as knowledge. Therefore, the agent can execute various tasks by supporting the user based on the knowledge data. For example, at the time of shopping, it is conceivable to recommend a product or content that matches the user's preference by using the preference data in the agent knowledge data. Also, when transmitting the address and name of the user required for the destination of the purchased product at the time of electronic shopping in an electronic mall or the like, the user's address and name stored in the knowledge data for the agent are replaced by the agent. May be transmitted.
[0138]
The user information use system according to the present embodiment can be used for providing various services in addition to the above-described ones. For example, it can be used for payment of a fee for boarding a toll vehicle. In this case, the terminal device installed on the vehicle side can be realized by executing the processing described with reference to FIG.
[0139]
In addition, in the case of a publicly-owned vehicle, when providing a service free of charge to only those who satisfy predetermined conditions, for example, citizens, people of a predetermined age or older, the registration process is executed at the city hall 2 If it occurs, it can be easily determined whether or not the person satisfies such a condition.
[0140]
The ID code stored in the ID ring 1 is not given to an individual in order to identify the individual. Therefore, even if the ID ring is lost, it is possible to receive the same service as before by simply reissuing the ID ring 1 and executing the registration process again at the registration organization. Further, at the time of re-registration, the correspondence between the ID code and the personal information stored in the lost ID ring 1 is lost, so that the misused ID ring 1 can be easily prevented from being misused. .
[0141]
Note that the computer system that constitutes the user information utilization system in the present embodiment preferably uses TRON (the real-time operating system nuclear) as the operating system. Since TRON is resistant to viruses and the like, it is possible to enhance security.
[0142]
[Effects of Specific Examples of Means for Solving the Problems]
(1) In the user information management method, since the ID ring 1 does not store the user identification personal information capable of directly identifying the user, even if the ID ring is lost, the personal information is not made available to another person. Since the user-specific personal information is stored in the database 211 of the registration institution, the registration institution can provide an appropriate service to the user based on the user-specific personal information.
[0143]
(2) Since the ID ring 1 transmits the ID code by radio waves, the ID code can be easily notified to the registration organization. Further, since the ID ring 1 is always worn on the body of the user, it is convenient to carry and can be easily prevented from being lost.
[0144]
(3) Since the ID ring 1 stores the encrypted ID code, even if it is lost, the ID code cannot be easily read.
[0145]
(4) The ID ring 1 further stores a registration institution code for specifying a predetermined institution where the registration procedure has been performed, and the registration institution code transmitted from the terminal device matches the stored registration institution code. Output an ID code on condition that the For this reason, since the ID code is output only to the predetermined institution where the registration procedure has been performed, the ID code is not output to the predetermined institution where the registration procedure has not been performed. As a result, the ID code can be prevented from being output unnecessarily, and the predetermined institution can determine whether or not the user has performed a registration procedure.
[0146]
(5) The ID ring 1 can store a plurality of types of registrar codes, and when a request for transmitting a predetermined registrar code is received from the terminal device, outputs the predetermined registrar code to the terminal device. I do. For this reason, it is possible to notify the registered institution of another predetermined institution where the user is performing the registration procedure. Further, the terminal device transmits the ID code received from the mobile device to a predetermined organization specified by the received registration organization code. For this reason, it is possible to cause a predetermined organization to which the terminal device has transmitted the ID code to provide a predetermined service using information on the user. As a result, the user can receive service provision from a plurality of registrars simultaneously.
[0147]
(6) Since the user information management system does not store the user identification personal information capable of directly identifying the user in the ID ring 1, even if the ID ring is lost, the personal information is not made available to others. Since the user-specific personal information is stored in the database 211 of the registration institution, the registration institution can provide an appropriate service to the user based on the user-specific personal information.
[0148]
(7) Since the ID ring 1 transmits the ID code by radio waves, the ID code can be easily notified to the registration organization. Further, since the ID ring 1 is always worn on the body of the user, it is convenient to carry and can be easily prevented from being lost.
[0149]
(8) Since the ID ring 1 stores the encrypted ID code, even if it is lost, the ID code cannot be easily read. Further, since the apparatus further includes a decryption unit for decrypting the encrypted ID code output from the ID ring 1, it is possible to transmit and receive the ID code in an encrypted state. Therefore, it is possible to prevent the ID code from being known to others.
[0150]
(9) A registration institution code for certifying that the transmission destination of the ID code is a predetermined institution for which a registration procedure has been performed is transmitted to the ID ring 1 to prompt the ID ring 1 to output the ID code. From the ring 1 side, the ID code can be output only to a predetermined organization for which a registration procedure has been performed. For this reason, unnecessary output of the ID code can be prevented. In addition, the predetermined organization can easily determine whether or not the user has been registered.
[0151]
(10) The ID ring 1 can store a plurality of types of registrar codes, a request for transmitting a predetermined registrar code is output to the ID ring, and the requested registrar code is output from the ID ring 1. In this case, the ID code of the ID ring is transmitted to the predetermined organization specified by the registration organization code. For this reason, it is possible to cause a predetermined organization that has received the ID code of the ID ring to provide a predetermined service using information on the user. As a result, the user can receive service provision from a plurality of registrars simultaneously.
[0152]
(11) The terminal device is mounted on an ambulance and outputs a request for transmission of a registration institution code for specifying a medical institution to which a user goes to the portable device, and the registration institution code of the requested medical institution is transmitted from the ID ring. When the ID code is output, the ID code of the ID ring is transmitted to the medical institution specified by the registration institution code. For this reason, it is possible to cause the medical institution that has received the ID code of the ID ring to provide a predetermined service using information on the user. As a result, when the user is transported by an ambulance, information can be provided from a medical institution where the user is performing a registration procedure.
[0153]
(12) The terminal device outputs a request to the ID ring 1 for transmitting a registration institution code for specifying the financial institution having the settlement account, and the registration institution code of the requested financial institution is output from the ID ring 1. In this case, the ID code of the portable device is transmitted to the financial institution specified by the registration institution code. For this reason, it becomes possible to cause the financial institution that has received the ID code of the ID ring to provide a predetermined service using information about the user. As a result, the user can settle the price for purchasing the product or the price for providing the service at the financial institution where the user is performing the registration procedure.
[0154]
(13) In the user information utilization system, medication identification information that is attached to a medical treatment or a medicine to be administered to a patient and that can specify the type of the medicine is read, and the patient who is administered based on the read medicine identification information is read. It is determined whether or not the drug should be administered. If it is determined that the drug should not be administered, a warning is issued. For this reason, a warning is issued when the medicine to be administered to the patient is incorrect, so that it is possible to prevent erroneous administration of a different medicine to the patient. Therefore, this system can be applied to all activities in hospitals such as various tests and treatments (surgery).
[0155]
(14) In the user information utilization system, an ID code that should not be allowed to pass is registered in advance, and the ID code stored in the ID ring 1 owned by the user who wants to pass through the entrance is read and read. It is determined whether or not the registered ID code matches any of the pre-registered ID codes, and control is performed to permit opening of the doorway on condition that it is determined that they do not match. For this reason, it is determined whether or not the opening of the entrance is permitted only by registering in advance an ID code that should not be allowed to pass. For example, the ID ring 1 owned by an elderly person having a wandering habit can be determined. Only by registering the ID code in advance, it is possible to restrict the elderly from passing through the doorway.
[0156]
(15) The user agent for assisting the user is stored so that the user agent corresponding to the ID data can be determined based on the ID code, and the user agent corresponding to the transmitted ID code is stored. Is determined from a plurality of user agents, and a request for a predetermined job is made to the determined user agent. For this reason, only by transmitting the ID code of the ID ring 1, the user agent corresponding to the ID code can execute a predetermined job.
[0157]
(16) Since the user agent determines whether or not the action that the user is trying to perform may be permitted, the action of the user can be restricted when the user is, for example, a person with poor management ability. .
[0158]
(17) The user agent has predetermined information on the user as knowledge, and when receiving a job request, selects from the knowledge the information on the user necessary for the action the user is going to perform. A process for using the information is performed. Therefore, only by giving the knowledge to the user agent, it is possible to cause the user agent to perform processing based on the knowledge.
[0159]
(18) The user agent has an action history of the user, and when there is a browsing request for the action history, determines whether or not browsing is permitted, and determines that browsing is permitted. Then, the action history data is output. For this reason, when browsing is not permitted, the action history data is not output, so that the action history of the user is not inadvertently output. As a result, the privacy of the user can be protected.
[0160]
(19) When there is an access to the information about the user stored in the database, the information about the user to be accessed and the accesser identification information for identifying the accessing person and the time for identifying the accessing time The access history data including the specific information is stored, and when a user requests browsing of the access history data of information relating to the user, the access history data corresponds to the ID code stored in the ID ring 1 owned by the user. The access history data of the user is determined from the stored data, and the determined access history data is presented to the user. Therefore, the user can know who and when information about the user was accessed. For this reason, it can be determined whether or not the information on the user has been used illegally.
[0161]
(20) The user information use method is a user information use method in which information about a user stored in a database of a predetermined organization is used to provide a service to the user using a computer system.
An apparatus for storing an ID code used for identifying information on a predetermined user from information stored in the database, wherein the apparatus stores a different ID code between the apparatuses and is usually carried by a user. The user who owns the portable device selects a desired predetermined organization from the plurality of predetermined organizations, performs a procedure for registering information on the user in a database of the predetermined organization, and stores information on the user. A registration step;
A transmitting step of causing the terminal device to read the ID code stored in the portable device and transmitting the read ID code to the predetermined organization where the registration procedure is being performed;
A search step of searching the information stored in the database for information on a corresponding user based on the ID code transmitted by the transmission step;
A service providing step of providing a predetermined service using information on the user searched by the search step,
The user information utilizing method may be characterized in that the portable device does not store user-specific personal information capable of directly specifying a user, and stores the user-specific personal information in the database.
[0162]
The embodiments disclosed this time are to be considered in all respects as illustrative and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.
[Brief description of the drawings]
FIG. 1 is a diagram showing an overall outline of a user information utilization system according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating an example of an electronic administrative group according to the present embodiment.
FIG. 3 is a diagram illustrating an example of a medical institution group according to the present embodiment.
FIG. 4 is a block diagram schematically showing functions of the mobile device.
FIG. 5 is an explanatory diagram showing an outline of SXAL / MBAL.
FIG. 6 is a first flowchart illustrating a flow of a process executed by the user information utilization system according to the first embodiment.
FIG. 7 is a second flowchart showing the flow of processing executed in the user information utilization system according to the first embodiment.
FIG. 8 is a third flowchart illustrating the flow of a process executed by the user information utilization system according to the first embodiment.
FIG. 9 is a fourth flowchart showing the flow of processing executed in the user information utilization system according to the first embodiment.
FIG. 10 is a flowchart showing a flow of storage and browsing processing of history data.
FIG. 11 is a diagram showing an overall overview of a user information utilization system according to a second embodiment.
FIG. 12 is a flowchart illustrating a flow of a process executed in the user information utilization system according to the second embodiment.
FIG. 13 is a diagram for describing processing executed by an agent.
FIG. 14 is a diagram illustrating a process executed by an agent.
[Explanation of symbols]
1 Mobile device (ID ring), 2 Electronic administration group, 3 Financial institution group, 4 Medical institution group, 5 Shopping store group, 6 Home, 7 Content provider group, 8 Private car, 9 Toll bus, 10 Ambulance, 11 Mobile phone , 20 wide area / large capacity relay network, 21 Internet, 22 gateway, 23 mobile phone network, 51 content provider group, 104 input / output control unit, 105 modulation / demodulation unit, 106 power control unit, 107 loop antenna, 108 data bus, 200, 200A terminal device, 201 scanner, 202 personal computer, 203 display, 204 reading device, 205 ID card, 206 communication device, 210 server device, 220 usage history data, 211, 211A database.

Claims (19)

A method of using user information, wherein information about a user stored in a database of a predetermined organization is used to provide a service to the user using a computer system,
An apparatus for storing an ID code used for identifying information on a predetermined user from information stored in the database, wherein the apparatus stores a different ID code between the apparatuses and is usually carried by a user. An issuance step of issuing to a user who desires a portable device
The user who owns the portable device issued in the issuing step selects a desired predetermined institution from the plurality of predetermined institutes, performs a procedure of registering information about the user in a database of the predetermined institution, and executes the user. A registration step for storing information about the
A transmitting step of causing the terminal device to read the ID code stored in the portable device and transmitting the read ID code to the predetermined organization where the registration procedure is being performed;
A search step of searching the information stored in the database for information on a corresponding user based on the ID code transmitted by the transmission step;
A service providing step of providing a predetermined service using information on the user searched by the search step,
A method of using user information, wherein the portable device does not store user-specific personal information capable of directly specifying a user, and stores the user-specific personal information in the database. The method according to claim 1, wherein the portable device uses radio waves as an information transmission medium and is always worn on a user's body. 3. The method according to claim 1, wherein the portable device transmits an encrypted ID code to the terminal device. The mobile device further stores a registration institution code for specifying the predetermined institution where the registration procedure has been performed, and the registration institution code transmitted from the terminal device is the stored registration institution code. The method according to any one of claims 1 to 3, wherein the ID code is output on condition that they match. The mobile device is capable of storing a plurality of types of the registered institution codes, and when receiving a transmission request for a predetermined registrar code from the terminal device, the mobile device stores the stored plurality of types of the registered institution codes. Select the relevant registrar code from among them and output the registrar code to the terminal device,
The method according to claim 4, wherein the terminal device transmits the ID code received from the portable device to the predetermined organization specified by the received registration organization code. A user information utilization system that uses information about a user stored in a database of a predetermined organization to provide services to the user using a computer system,
An apparatus for storing an ID code used to identify information on a predetermined user from information stored in the database, wherein the apparatus stores different ID codes and is usually carried by a user. User information registration processing means for performing a process of selecting a desired predetermined institution from a plurality of predetermined institutes by a user who owns the portable device, performing a procedure of registering information on the user in a database of the predetermined institution, and storing the information. When,
Receiving means for receiving the ID code when the ID code stored in the portable device is read and transmitted to the predetermined organization where the registration procedure is being performed;
Searching means for searching information stored in the database on the basis of the ID code for information on the corresponding user in order to use the information on the user corresponding to the ID code received by the receiving means. ,
A user information utilization system, wherein the portable device does not store user-specific personal information capable of directly specifying a user, and stores the user-specific personal information in the database. The user information utilization system according to claim 6, wherein the portable device uses radio waves as an information transmission medium and is always worn on a user's body. The mobile device transmits an encrypted ID code to the terminal device,
8. The user information use system according to claim 6, further comprising a decryption unit for decrypting the encrypted ID code output from the portable device. The mobile device further stores a registration institution code for specifying the predetermined institution where the registration procedure has been performed,
A registration institution code for transmitting a registration institution code for certifying that the ID code is transmitted to the predetermined organization for which the registration procedure has been performed to the portable device and prompting the portable device to output the ID code. The user information utilization system according to any one of claims 6 to 8, further comprising means. The mobile device is capable of storing a plurality of types of the registration agency code,
Registration institution transmission request means for outputting a transmission request for a predetermined registration institution code to the portable device;
10. When the registration institution code requested by the registration institution transmission requesting means is output from the portable device, an ID code of the portable device is transmitted to the predetermined institution specified by the registration institution code. User information utilization system described in 4. The terminal device is mounted on an ambulance, and includes a medical institution code transmission request unit that outputs a request for transmitting a registration institution code for specifying a medical institution in which the registration procedure has been performed on the portable device,
When the registered institution code of the medical institution requested by the medical institution code transmission requesting means is output from the portable device, the ID code of the portable device is transmitted to the medical institution specified by the registered institution code. The user information utilization system according to claim 10, wherein the information about the user corresponding to the ID code is received when the information about the user is transmitted from the medical institution. The terminal device includes a financial institution code transmission request unit that outputs a transmission request of a registration institution code for specifying the financial institution in which the registration procedure is being performed on the portable device,
When the registered institution code of the financial institution requested by the financial institution code transmission requesting means is output from the portable device, the ID code of the portable device is transmitted to the financial institution specified by the registered institution code. The user information utilization system according to claim 10, wherein the information about the user corresponding to the ID code is received when the information about the user is transmitted from the financial institution. Medication identification information reading means attached to a drug to be administered to a patient and reads medication identification information capable of specifying the type of the drug,
Medication suitability determination means for determining whether to administer the drug to a patient to be administered based on the medication identification information read by the medication identification information reading means,
Warning generating means for generating a warning when the medication suitability determining means determines that medication should not be performed,
The database further stores medication identification information capable of specifying a type of medicine to be administered to a patient corresponding to the ID code in association with the ID code,
The medication suitability determination means retrieves the database based on the ID code read from the portable device owned by the patient to be medication, and determines the medication identification information and the medication identification information read by the medication identification information reading means. 10. The user information use system according to claim 6, wherein the determination as to whether or not the medication is appropriate is made based on whether or not the information matches. It further includes a passage permission determining means for determining whether or not the passage of the building entrance is permitted,
The passage permission determining means includes:
Traffic-prohibited ID registration means for pre-registering ID codes that should not be allowed to pass;
ID code reading means for reading an ID code stored in a portable device owned by a user who wants to pass through the entrance,
Coincidence determining means for determining whether or not the ID code read by the ID code reading means matches any of the ID codes registered in the traffic-blocking ID registering means;
10. An opening permitting control means for performing control for permitting the opening of the entrance on condition that the coincidence judging means judges that they do not coincide with each other. User information utilization system. User agent storage means for storing a user agent for assisting a user, wherein the user agent storage means stores a user agent corresponding to the ID code based on the ID code so that the user agent can be determined;
A task of determining a user agent corresponding to the transmitted ID code from a plurality of user agents stored in the user agent storage means and requesting the determined user agent for a predetermined task. The user information use system according to claim 6, further comprising a request unit. 16. The user information use system according to claim 15, wherein the user agent has an execution permission determining function of determining whether or not the action that the user intends to execute is permitted. The user agent has predetermined information about the user as knowledge, and when receiving a job request from the job requesting means, the user agent stores information about the user necessary for the action that the user intends to perform in the knowledge. 17. The user information utilization system according to claim 15, wherein a process for selecting and using the information is performed. The user agent stores the action history data of the user, and when there is a browsing request for the action history data, determines whether browsing is permitted, and determines that browsing is permitted. The user information use system according to any one of claims 15 to 17, further comprising a function of outputting the action history data when the user has performed the action history data. When there is an access to the information about the user stored in the database, the information about the user to be accessed, the accessor identifying information for identifying the accessing person, and the time identifying information for identifying the accessing time. Access history data storage means for storing access history data including:
When a user requests access history data of information relating to the user, the access history data of the corresponding user is stored in the access history data storage unit based on the ID code stored in the portable device owned by the user. Indexing means for determining from stored data;
19. The user information use system according to claim 6, further comprising: access history data presenting means for presenting the access history data indexed by said indexing means to said user.

Images