JP2019033450A - Information processing system, data transmission device, data reception device, information processing method, and program - Google Patents

Abstract

An information processing apparatus for performing communication in which data security requiring confidentiality is ensured in one-way communication. An information processing apparatus (data transmission apparatus 100) generates an encryption key based on first data transmitted in a first packet used in one-way communication, and uses the encryption key, An encryption unit 12 that encrypts biometric information that is data, and a data transmission unit that transmits the encrypted biometric information in a second packet used in one-way communication transmitted after transmission of the first packet 13. [Selection] Figure 1

Description

  The present invention relates to an information processing system that encrypts or decrypts data, a data transmission device, a data reception device, an information processing method, and a program thereof.

  With the recent development of wireless communication technology, there are an increasing number of cases where confidential data such as biological information is transmitted between different devices. At that time, it is necessary to ensure the confidentiality of the data in order to ensure the security of the data. An encryption / decryption technique is well known as a technique for ensuring the confidentiality of data. For example, in a public key encryption method using a public key and a private key, a public key and a private key are generated on the receiver side, and the public key is sent to the sender side. For this reason, when adopting the public key encryption method, it is necessary to perform pairing processing. In addition, when the common key encryption method is adopted, the same key is used for encryption and decryption, so it is necessary to exchange keys.

  For example, among wireless communication standards represented by Bluetooth (registered trademark), there is a method of transmitting data without performing pairing processing in order to reduce power consumption of the apparatus.

  Patent Document 1 discloses that arbitrary communication data is included in a margin part of a data field of an advertisement packet used in BLE (Bluetooth Low Energy).

Japanese Patent No. 5852620

  However, when a packet used for one-way communication such as a BLE advertisement packet is transmitted including data, pairing processing is not performed between devices, so the public key encryption method and the common key encryption described above are not performed. The method cannot be applied. For this reason, it becomes difficult to ensure the confidentiality of data.

  The present invention has been made in view of the above circumstances, and in one-way communication, an information processing system, a data transmission device, a data reception device, and a data transmission device capable of performing communication that ensures security of data that requires confidentiality. An object is to provide an information processing method and a program thereof.

  In order to solve the above-described problem, a first aspect of the present invention is an information processing system that transmits data from a data transmission device to a data reception device using one-way communication, wherein the data transmission device is in the one-way communication. An encryption key is generated based on the first data transmitted by the first packet used, the encryption unit encrypts the data using the encryption key, and the encrypted data is A data transmission unit that transmits a second packet used in the one-way communication after transmitting the first packet, and the data reception device includes the first packet and a reception unit that receives the second packet; , Generating a decryption key based on the first data included in the received first packet, and using the decryption key, the decryption method corresponding to the encryption method, Comprising a decoding unit to decode the encrypted data included in the second packet signal, an information processing system.

  According to the information processing system of the first aspect, the encryption unit generates an encryption key based on the first data transmitted by the first packet used in the one-way communication, and uses the encryption key. Encrypt data. Then, the data transmission unit transmits the encrypted data by the second packet used in the one-way communication after transmitting the first packet. When the receiving unit receives the first packet and the second packet, the data receiving device generates a decryption key based on the first data included in the received first packet and uses the decryption key Then, the encrypted data included in the received second packet is decrypted by the decryption method corresponding to the encryption method. As a result, in one-way communication, it is possible to perform communication that ensures the security of data that requires confidentiality.

  According to a second aspect of the present invention, in the information processing system according to the first aspect, the data transmitting unit transmits the first packet when receiving a transmission instruction from the user. According to the information processing apparatus of the second aspect, for example, data can be transmitted only in a place where a user can ensure security, such as at home.

According to a third aspect of the present invention, in the information processing system according to the first aspect, the information processing system further includes a position measurement unit that measures a position of the data transmission device, and the data transmission unit includes the measured information processing device. Whether to transmit the first packet is determined according to the position.
According to the information processing system of the third aspect, data can be transmitted only at the position of the data transmission device registered by the user, so that data security can be ensured.

According to a fourth aspect of the present invention, in the information processing system according to the first aspect, the first packet and the second packet are BLE (Bluetooth Low Energy) advertisement packets.
According to the information processing system of the fourth aspect, data can be transmitted without performing a pairing process by transmitting data using a BLE advertisement packet. It is possible to perform data transmission with ensured performance.

According to a fifth aspect of the present invention, there is provided the data transmission device in a system for transmitting data from a data transmission device to a data reception device using one-way communication, which is transmitted by a first packet used in the one-way communication. An encryption key is generated based on the first data to be encrypted, and the data is encrypted using the encryption key, and the encrypted data is transmitted to the fragment after the first packet is transmitted. And a data transmission unit that transmits a second packet used in direction communication.
According to the data transmission device of the fifth aspect, the encryption unit generates an encryption key based on the first data transmitted by the first packet used in the one-way communication, and uses the encryption key. Encrypt the data. Since the encrypted data is transmitted by the data transmission unit by the second packet used in the one-way communication after the transmission of the first packet, the security of data requiring confidentiality in the one-way communication is increased. Secured communication can be performed.

  According to a sixth aspect of the present invention, there is provided the data receiving device in a system for transmitting data from the data transmitting device to the data receiving device using one-way communication, which is transmitted from the data transmitting device by the one-way communication. Receiving a first packet including first data; and a second packet including encrypted data transmitted by the one-way communication after the transmission of the first packet from the data transmission device; A decryption key is generated based on the first data included in the received first packet, and the encrypted data included in the received second packet is decrypted using the decryption key. A data receiving apparatus including a decoding unit.

According to the data reception device of the sixth aspect, the reception unit transmits the first packet including the first data transmitted from the data transmission device by the one-way communication, and the one-way after the transmission of the first packet from the data transmission device. A second packet including encrypted data transmitted by communication is received. Then, the decryption unit generates a decryption key based on the first data included in the received first packet, and uses the decryption key to encrypt data included in the received second packet. Therefore, in one-way communication, communication that ensures the security of data that requires confidentiality can be performed.
A seventh aspect of the present invention is an information processing method executed by the data transmission device in a system for transmitting data from the data transmission device to the data reception device using one-way communication, and is used in the one-way communication. An encryption key is generated based on the first data transmitted by the first packet, the data is encrypted using the encryption key, and the encrypted data is transmitted after the transmission of the first packet. It is the information processing method in the data transmitter which transmits with the 2nd packet used in the said one-way communication.

  According to an eighth aspect of the present invention, there is provided an information processing method executed by the data receiving apparatus in a system for transmitting data from the data transmitting apparatus to the data receiving apparatus using one-way communication. A first packet including first data, transmitted by unidirectional communication, and a second packet including encrypted data transmitted by the one-way communication after transmitting the first packet from the data transmitting apparatus. Receiving, generating a decryption key based on the first data included in the received first packet, and using the decryption key, encrypting data included in the received second packet It is the information processing method in a data receiver which decodes.

  According to a ninth aspect of the present invention, there is provided a program used in the data transmitting device in a system for transmitting data from the data transmitting device to the data receiving device using one-way communication. An encryption key is generated based on the first data transmitted by the first packet used in the direction communication, the data is encrypted using the encryption key, and the encrypted data is A program for transmitting in a second packet used in the one-way communication after transmitting a first packet.

  According to a tenth aspect of the present invention, there is provided a program used in the data receiving device in a system for transmitting data of a person to be measured using a one-way communication from a data transmitting device to a data receiving device, the data receiving device In addition, the first packet including the first data transmitted from the data transmission device by the one-way communication and the first packet transmitted from the data transmission device by the one-way communication after the transmission of the first packet are encrypted. Receiving a second packet including the received data, generating a decryption key based on the first data included in the received first packet, and using the decryption key, A program that decrypts the encrypted data contained in it. It is.

  Accordingly, also in the seventh to tenth aspects, in the one-way communication, it is possible to perform communication that ensures the security of data that requires confidentiality.

  ADVANTAGE OF THE INVENTION According to this invention, the communication which ensured the security of the data for which confidentiality is required can be performed in one-way communication.

It is a figure which shows typically the example of application of the data transmitter 100 which concerns on this embodiment. It is a figure which shows typically the example of application of the data receiver 200 which concerns on this embodiment. 2 is a diagram schematically illustrating an example of a hardware configuration of a data transmission device 100. FIG. FIG. 3 is a diagram schematically illustrating an example of a hardware configuration of a data reception device 200. 3 is a diagram schematically illustrating an example of a software functional configuration of a data transmission device 100. FIG. It is explanatory drawing of the advertising performed in BLE. It is a figure which shows the basic structure of a BLE radio | wireless communication packet. It is explanatory drawing about the PDU field of an advertisement packet. It is a figure which shows the data stored in the PDU field of an advertisement packet. FIG. 3 is a diagram schematically illustrating an example of a software function configuration of a data reception device 200. 1 is a diagram illustrating an encryption / decryption system including a data transmission device 100 and a data reception device 200. FIG. 3 is a flowchart illustrating an example of the operation of the data transmission device 100. 5 is a flowchart showing an example of the operation of the data receiving apparatus 200. It is a flowchart which shows an example of operation | movement of the data receiver 200 which waits for the transmission instruction | indication from a user and performs transmission. It is a figure which shows the hardware constitutions of the data transmitter 100 in which the position measurement part 118 was provided. It is a figure which shows the function of the software of the data transmitter 100 in which the position measurement part 118 was provided. 5 is a flowchart for explaining the operation of the data transmission device 100 provided with a position measurement unit 118.

  Hereinafter, an embodiment according to an aspect of the present invention (hereinafter, also referred to as “this embodiment”) will be described with reference to the drawings. However, this embodiment described below is only an illustration of the present invention in all respects. It goes without saying that various improvements and modifications can be made without departing from the scope of the present invention. That is, in implementing the present invention, a specific configuration according to the embodiment may be adopted as appropriate. Although data appearing in this embodiment is described in a natural language, more specifically, it is specified by a pseudo language, a command, a parameter, a machine language, or the like that can be recognized by a computer.

Hereinafter, elements that are the same as or similar to elements already described are denoted by the same or similar reference numerals, and redundant descriptions are basically omitted.
§1 Application example
First, an application example of the present invention will be described with reference to FIGS. 1 and 2. FIG. 1 schematically illustrates an application example of the data transmission apparatus 100 according to the present embodiment. The data transmission device 100 includes at least a data storage unit 11, an encryption unit 12, and a transmission unit 13.

  The data storage unit 11 stores data transmitted in a packet used in one-way communication.

  The encryption unit 12 encrypts the data stored in the data storage unit 11 and outputs the encrypted data to the transmission unit 13. Specifically, it is transmitted in the second and subsequent packets used for one-way communication using unencrypted data transmitted in the first packet used for one-way communication as an encryption key. Encrypt unencrypted data.

  The transmission unit 13 uses the packet used for one-way communication to store the data (unencrypted data) stored in the data storage unit 11 or the data encrypted by the encryption unit 12 using a packet used for one-way communication. 2 is output to the data receiving apparatus 200 shown in FIG. Specifically, the transmission unit 13 transmits unencrypted data in the first packet used for one-way communication, and the encrypted data in the second and subsequent packets used for one-way communication. Send.

  In the embodiment, the transmission unit 13 transmits the first data that is not encrypted in the first packet used for one-way communication, and the encryption unit 12 in the packet that is used for the second and subsequent one-way communication. It is assumed that the encrypted data is transmitted, but the present invention is not limited to this. For example, the unencrypted data is transmitted in the first packet and the second packet, and the encrypted data transmitted in the second packet is transmitted in the third and subsequent one-way communication packets. Encrypted data may be transmitted using no data.

  FIG. 2 schematically shows an application example of the data receiving apparatus 200 according to the present embodiment. The data receiving device 200 includes at least a receiving unit 21, a data storage unit 22, and a decoding unit 23.

  The receiving unit 21 receives unencrypted data transmitted in the first packet used for one-way communication, and stores the data included in the packet in the data storage unit 202. The receiving unit 21 transmits the encrypted data transmitted in the packet used for one-way communication to the decrypting unit 23.

  The decryption unit 23 uses the unencrypted data transmitted in the first packet stored in the data storage unit 22 as a decryption key, and transmits it in the second and subsequent packets used for one-way communication. The encrypted data that has been encrypted is decrypted. When unencrypted data is transmitted in the first packet and the second packet, the decryption unit 23 transmits the encrypted data transmitted in the second packet stored in the data storage unit 22. Using the unencrypted data as a decryption key, the encrypted data transmitted in the third and subsequent packets used for one-way communication is decrypted.

  As a result, the data transmitting apparatus 100 and the data receiving apparatus 200 recognize both of the unencrypted data transmitted in the first packet, so that the data in the first packet is used as a key. Can be encrypted and decrypted, and as a result, data security can be ensured.

§2 Configuration example
[Hardware configuration]
<Data transmission device>
Next, an example of a hardware configuration of the data transmission device 100 according to the present embodiment will be described with reference to FIG. FIG. 3 schematically illustrates an example of a hardware configuration of the data transmission device 100.

  As shown in FIG. 3, the data transmission device 100 includes a control unit 111, a storage unit 112, a communication interface 113, an input device 114, an output device 115, an external interface 116, and a battery 117. A connected computer, typically a sphygmomanometer, a thermometer, an activity meter, a pedometer, a body composition meter, a weight scale, or the like, is a sensor device that routinely measures a quantity related to a user's biological information or activity information. In FIG. 3, the communication interface and the external interface are described as “communication I / F” and “external I / F”, respectively.

  The control unit 111 includes a CPU, RAM, ROM, and the like. The CPU expands the program stored in the storage unit 112 in the RAM. When the CPU interprets and executes this program, the control unit 111 can execute various information processing, for example, processing of functional blocks described in the item of software function configuration.

  The storage unit 112 is a so-called auxiliary storage device, and may be, for example, a semiconductor memory such as a built-in or external flash memory, an HDD, or an SSD. The storage unit 112 stores a program executed by the control unit 111, data used by the control unit 111 (for example, date data and sensor data), and the like.

  The communication interface 113 includes at least a wireless module capable of one-way communication such as BLE. The input device 114 includes a device for receiving user input such as a touch screen, a button, and a switch, and a sensor for detecting an amount related to the user's biological information or activity information. The output device 115 is a device for outputting, for example, a display or a speaker.

  The external interface 116 is a USB port, a memory card slot, or the like, and is an interface for connecting to an external device.

  The battery 117 supplies a power supply voltage for the data transmission device 100. The battery 117 may be replaceable. Note that it is not essential that the data transmission device 100 be battery-driven, and the data transmission device 100 may be connectable to a commercial power supply via an AC (Alternating Current) adapter. In this case, the battery 117 can be omitted.

  It should be noted that regarding the specific hardware configuration of the data transmission device 100, the components can be omitted, replaced, and added as appropriate according to the embodiment. For example, the control unit 111 may include a plurality of processors. The data transmission device 100 may be composed of a plurality of sensor devices.

<Data receiving device>
Next, an example of a hardware configuration of the data receiving apparatus 200 according to the present embodiment will be described with reference to FIG. FIG. 4 schematically shows an example of the hardware configuration of the data receiving apparatus 200.

  As shown in FIG. 4, the data receiving device 200 is a computer in which a control unit 211, a storage unit 212, a communication interface 213, an input device 214, an output device 215, and an external interface 216 are electrically connected. Typically, a smartphone. In FIG. 4, the communication interface and the external interface are described as “communication I / F” and “external I / F”, respectively.

  The controller 211 includes a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. The CPU expands the program stored in the storage unit 212 in the RAM. Then, when the CPU interprets and executes this program, the control unit 211 can execute various information processing, for example, processing of functional blocks described in the item of software function configuration.

  The storage unit 212 is a so-called auxiliary storage device, and can be, for example, a semiconductor memory such as a built-in or external flash memory. The storage unit 212 stores a program executed by the control unit 211, data used by the control unit 211 (for example, identifier, date / time data, and sensor data). When the data receiving apparatus 200 is a laptop or a desktop computer, the storage unit 212 can be a hard disk drive (HDD), a solid state drive (SSD), or the like.

  The communication interface 213 is various wireless communication modules mainly for BLE, mobile communication (3G, 4G, etc.), wireless LAN (Local Area Network), and the like, and is an interface for performing wireless communication via a network. is there. Note that the communication interface 213 may further include a wired communication module such as a wired LAN module.

  The input device 214 is a device for receiving user input (user operation information) such as a touch screen, a keyboard, and a mouse. The output device 215 is a device for outputting, for example, a display or a speaker.

  The external interface 216 is a USB (Universal Serial Bus) port, a memory card slot, or the like, and is an interface for connecting to an external device.

  It should be noted that regarding the specific hardware configuration of the data receiving apparatus 200, the components can be omitted, replaced, and added as appropriate according to the embodiment. For example, the control unit 211 may include a plurality of processors. The data receiving device 200 may be composed of a plurality of information processing devices. The data receiving apparatus 200 may be a general-purpose desktop PC (Personal Computer), a tablet PC, or the like, in addition to an information processing apparatus designed exclusively for the provided service.

[Software function configuration]
<Data transmission device>
Next, an example of a software function configuration of the data transmission apparatus 100 according to the present embodiment will be described with reference to FIG. FIG. 5 schematically illustrates an example of a software function configuration of the data transmission device 100.

  The control unit 111 illustrated in FIG. 3 expands the program stored in the storage unit 112 in the RAM. Then, the control unit 111 interprets and executes this program by the CPU, and controls various hardware elements shown in FIG. Thereby, as shown in FIG. 5, the data transmission device 100 includes a biological sensor 101, a motion sensor 102, a clock unit 103, an input unit 104, a data management unit 105, a data storage unit 106, and a transmission / transmission unit. It functions as a computer including an encryption control unit 107, a transmission unit 108, a display control unit 109, a display unit 110, and a position measurement unit 118.

  The biometric sensor 101 measures an amount related to the biometric information of the user. The operation of the biosensor 101 is controlled by a sensor control unit (not shown), for example. The biometric sensor 101 associates the amount related to the biometric information with the date / time data received from the clock unit 103 and sends it to the data management unit 105. The biosensor 101 typically includes a blood pressure sensor that obtains blood pressure data by measuring the blood pressure of the user. In this case, the biological information includes blood pressure data. The blood pressure data can include, for example, values of systolic blood pressure and diastolic blood pressure and pulse rate, but is not limited thereto. In addition, the biological information can include electrocardiogram data, pulse wave data, body temperature data, and the like.

  The blood pressure sensor can include a blood pressure sensor (hereinafter referred to as a continuous blood pressure sensor) that can continuously measure a user's blood pressure for each beat. The continuous blood pressure sensor may continuously measure a user's blood pressure from a pulse wave transit time (PTT), or may realize continuous measurement by a tonometry method or other techniques.

  The blood pressure sensor may include a blood pressure sensor that cannot be continuously measured (hereinafter referred to as a discontinuous blood pressure sensor) instead of or in addition to the continuous blood pressure sensor. For example, a discontinuous blood pressure sensor measures a user's blood pressure using a cuff as a pressure sensor (oscillometric method).

  Discontinuous blood pressure sensors (particularly oscillometric blood pressure sensors) tend to have higher measurement accuracy than continuous blood pressure sensors. Therefore, for example, the blood pressure sensor is replaced with a continuous blood pressure sensor triggered by the fact that some condition is satisfied (for example, the blood pressure data of the user measured by the continuous blood pressure sensor indicates a predetermined state). Blood pressure data may be measured with higher accuracy by operating a discontinuous blood pressure sensor.

  The motion sensor 102 can be, for example, an acceleration sensor or a gyro sensor. The motion sensor 102 obtains triaxial acceleration / angular velocity data by detecting the acceleration / angular velocity received by the motion sensor 102. The operation of the motion sensor 102 is controlled by, for example, a sensor control unit (not shown). This acceleration / angular velocity data can be used to estimate the activity state (posture and / or movement) of the user wearing the data transmission device 100. The motion sensor 102 sends the acceleration / angular velocity data to the data management unit 105 in association with the date / time data received from the clock unit 103.

  One of the biological sensor 101 and the motion sensor 102 may be omitted. In addition to or instead of the biosensor 101 and the motion sensor 102, an environment sensor may be provided. The environmental sensor can include, for example, a temperature sensor, a humidity sensor, an atmospheric pressure sensor, and the like. That is, the sensor data may be any data generated by the sensor measuring a predetermined physical quantity and generating based on the measurement result.

  The clock unit 103 instructs the date and time. The clock unit 103 includes, for example, a crystal oscillator that vibrates at a fixed frequency, a frequency dividing circuit that divides the output to obtain a signal of 1 Hz, and a counter that counts this signal to obtain a serial value indicating the date and time. . The clock unit 103 sends date / time data (for example, the serial value) indicating the current date / time to the biological sensor 101 and the motion sensor 102. The date / time data can be used as the date / time of measurement of the amount related to biological information by the biological sensor 101, the date / time of measurement of acceleration / angular velocity data by the motion sensor 102, or the like.

  The clock unit 103 (the serial value held by the clock unit 103) may be designed to be adjustable (time adjustment) by user input, for example. Data can be rewritten as appropriate. Therefore, the input device 114 may be simplified (reduction of the number of buttons, etc.) by deliberately not using such a design. In this case, for example, it is possible to present the user with a relative date and time based on the current date and time such as “10 minutes ago”, “2 hours ago”, “Yesterday”, “1 week ago”, etc. It is.

  The input unit 104 receives user input. The user input is, for example, for controlling data transmission by the transmission unit 108, for controlling data display by the display unit 110, or for starting measurement by the biological sensor 101 or the motion sensor 102. Or for.

  The user input for controlling data transmission by the transmission unit 108 may be, for example, an instruction that explicitly or implicitly instructs transmission of a specific date / time data and sensor data set.

  The input unit 104 sends user input for controlling data transmission by the transmission unit 108 to the transmission / encryption control unit 107, and sends user input for controlling data display by the display unit 110 to the display control unit 109. A user input for starting measurement by the biological sensor 101 or the motion sensor 102 is sent to a sensor control unit (not shown).

  The data management unit 105 receives sensor data (amount related to biological information or acceleration / angular velocity data) associated with the date / time data from the biological sensor 101 or the motion sensor 102 and writes them in the data storage unit 106. The data management unit 105 may automatically send the date / time data and the sensor data to the transmission / encryption control unit 107 or the display control unit 109 when they are newly received. In addition, the data management unit 105 reads a set of date / time data and sensor data stored in the data storage unit 106 by using a command from the transmission / encryption control unit 107 or the display control unit 109 as a trigger, and transmits / encrypts the data. You may send to the control part 107 or the display control part 109. FIG.

  The data storage unit 106 reads / writes the date / time data and the set of sensor data by the data management unit 105.

  The transmission / encryption control unit 107 receives the date / time data and the set of sensor data from the data management unit 105, and generates the BLE advertisement packet shown in FIGS. The BLE advertisement packet will be described later.

The transmission / encryption control unit 107 stores the date / time data and the sensor data set to be transmitted first in the payload field of the BLE advertisement packet. The transmission / encryption control unit 107 encrypts the date / time data and the sensor data set transmitted from the second time onward using the date / time data and the sensor data set transmitted first as an encryption key. The encrypted date / time data and sensor data set are stored in the payload field of the second and subsequent BLE advertisement packets. Then, the transmission / encryption control unit 107 sends the generated advertisement packet to the transmission unit 108.
More specifically, the transmission / encryption control unit 107 uses the unencrypted date / time data and the sensor data set transmitted first as the encryption key, and based on a predetermined encryption algorithm, The set of date / time data and sensor data transmitted thereafter is encrypted and stored in the payload field of the second and subsequent BLE advertisement packets.
The encryption algorithm may be any encryption algorithm and is not limited to a specific encryption algorithm. For example, DES (Data Encryption Standard), Triple DES, FEAL (the Fast Encryption Algorithm), and IDEA (International Data Encryption Algorithm) may be used as the encryption algorithm.
When the sensor data used as the encryption key stored in the payload of the advertisement packet is different from the key length used in the encryption algorithm, the transmission / encryption control unit 107 is used as the encryption key. The length of the sensor data may be adjusted. For example, in the DES encryption algorithm, a 56-bit encryption key is used. If the sensor data is less than 56 bits long, a predetermined bit is added to the sensor data, and the encryption algorithm is used. May be used.

  The transmission / encryption control unit 107 may receive a user input from the input unit 104 for controlling data transmission by the transmission unit 108. In this case, the transmission / encryption control unit 107 requests the data management unit 105 to set specific date / time data and sensor data based on the user input.

  The transmission unit 108 receives the BLE advertisement packet from the transmission / encryption control unit 107 and transmits (advertises) it.

  The display control unit 109 receives the date / time data and the set of sensor data from the data management unit 105, and generates display data of the display unit 110 based on these. In addition, the display control unit 109 may generate display data for causing the display unit 110 to display date and time data held by the clock unit 103 with reference to the clock unit 103. The display control unit 109 sends the generated display data to the display unit 110.

  The display control unit 109 may receive a user input for controlling data display by the display unit 110 from the input unit 104. In this case, the display control unit 109 requests a specific date / time data and sensor data set from the data management unit 105 based on a user input, or requests the clock unit 103 for substantially the latest date / time data.

  The display unit 110 receives display data from the display control unit 109 and displays it.

Here, the advertisement of BLE will be schematically described.
In the passive scan method employed in BLE, as illustrated in FIG. 6, the new node periodically transmits an advertisement packet informing its existence. This new node can save power consumption by entering a low power consumption sleep state between the transmission of one advertisement packet and the next transmission. Further, since the advertisement packet receiving side also operates intermittently, power consumption associated with transmission / reception of the advertisement packet is very small.

  FIG. 7 shows the basic structure of a BLE wireless communication packet. The BLE wireless communication packet includes a 1-byte preamble, a 4-byte access address, a 2-39-byte (variable) protocol data unit (PDU: Protocol Data Unit), and a 3-byte cyclic redundancy checksum (CRC: Cyclic). Redundancy Checksum). The length of the BLE wireless communication packet depends on the length of the PDU and is 10 to 47 bytes. A 10-byte BLE wireless communication packet (a PDU is 2 bytes) is also called an Empty PDU packet and is periodically exchanged between the master and the slave.

  The preamble field is prepared for synchronization of BLE wireless communication and stores repetition of “01” or “10”. The access address stores a fixed numerical value in the advertising channel and a random access address in the data channel. In the present embodiment, an advertisement packet that is a BLE wireless communication packet transmitted on the advertising channel is targeted. The CRC field is used for detection of reception errors. The CRC calculation range is only the PDU field.

  Next, the PDU field of the advertisement packet will be described with reference to FIG. Note that the PDU field of the data communication packet, which is a BLE wireless communication packet transmitted on the data channel, has a data structure different from that in FIG. 8, but the description thereof is omitted because the data communication packet is not targeted in this embodiment.

  The PDU field of the advertisement packet includes a 2-byte header and a 0-37 byte (variable) payload. The header further includes a 4-bit PDU Type field, a 2-bit unused field, a 1-bit TxAdd field, a 1-bit RxAdd field, a 6-bit Length field, and a 2-bit unused field. Including.

  A value indicating the type of this PDU is stored in the PDU Type field. Some values such as “connectable advertising” and “non-connecting advertising” are defined. A flag indicating whether or not there is a transmission address in the payload is stored in the TxAdd field. Similarly, a flag indicating whether or not there is a reception address in the payload is stored in the RxAdd field. In the Length field, a value indicating the byte size of the payload is stored.

  Arbitrary data can be stored in the payload. Therefore, the data transmitting apparatus 100 stores the sensor data and the date / time data in the payload by using a data structure as exemplified in FIG. 9, for example. The data structure of FIG. 9 can be used to transmit sensor data for one blood pressure and pulse of one user. Note that the data structure of FIG. 9 may be modified to transmit sensor data for a plurality of times of blood pressure and pulse of one user.

  In the User ID field, an identifier for specifying a user is stored. Note that an identifier for specifying the data transmitting device 100 or the data receiving device 200 may be stored instead of or in addition to the user identifier.

  Date / time data is stored in the Time field. The Sys, Dia, and Pulse fields respectively store systolic blood pressure (systolic blood pressure), diastolic blood pressure (pulse pressure) data, and pulse rate data associated with date and time data. Thus, the sensor data associated with the date / time data is not limited to one type, and may be a plurality of types.

<Data receiving device>
Next, an example of a software functional configuration of the data receiving apparatus 200 according to the present embodiment will be described with reference to FIG. FIG. 10 schematically shows an example of the software functional configuration of the data receiving apparatus 200.

  The control unit 211 illustrated in FIG. 4 expands the program stored in the storage unit 212 in the RAM. Then, the control unit 211 interprets and executes this program by the CPU, and controls various hardware elements shown in FIG. Accordingly, as illustrated in FIG. 10, the data reception device 200 functions as a computer including the reception unit 302, the decoding unit 303, and the transmission unit 304.

  The receiving unit 302 receives a packet including sensor data and date / time data associated with the sensor data from the data transmission device 100. This packet is, for example, an advertisement packet in BLE. However, there is a possibility that BLE will be replaced with another communication standard capable of low power consumption and one-way communication in the future. In that case, the following description may be read as appropriate.

For example, the reception unit 302 extracts the PDU payload from the BLE advertisement packet. Then, the receiving unit 302 may discard the received packet if the value of the User ID field in FIG. 9 is inappropriate. The case where the value of the User ID field is inappropriate is a case where the user ID stored in the PDU payload of the received packet does not match the user ID stored in advance in the receiving apparatus 200.
On the other hand, if the value of the User ID field in FIG. 9 is appropriate (matches the value of its own user), the receiving unit 302 stores the date / time data stored in the Time field and the Sys, Dia, and Pulse fields. The sensor data thus transmitted is sent to the decoding unit 303 or the data storage unit 301.

  In the embodiment, the reception unit 302 stores the unencrypted date / time data and the set of sensor data in the first advertisement packet in the data storage unit 301. In addition, the reception unit 302 sends the encrypted date / time data and the set of sensor data in the second and subsequent advertisement packets to the decryption unit 303. Whether or not it is the first advertisement packet is determined by, for example, a decryption unit 303 described later using a set of unencrypted date / time data and sensor data in the advertisement packet received first in time as a decryption key, When the encrypted date / time data and sensor data set in the second and subsequent advertisement packets is decrypted, the encrypted date / time data and sensor data set can be successfully decrypted. Identifies it as the first advertisement packet.

The decryption unit 303 uses the set of unencrypted date / time data and sensor data stored in the data storage unit 301 as a decryption key, and encrypts the date / time data encrypted in the second and subsequent advertisement packets, and Decode the set of sensor data. Then, the decryption unit 303 stores the encrypted date / time data and the set of sensor data in the decrypted second and subsequent advertisement packets in the data storage unit 301.
More specifically, the decryption unit 303 uses a set of unencrypted date / time data and sensor data in the first advertisement packet as a decryption key, and uses it for encryption in the transmission / encryption control unit 107. On the basis of the decryption algorithm corresponding to the encrypted encryption algorithm, the set of date / time data and sensor data stored in the payload field of the second and subsequent advertisement packets is decrypted.
When the sensor data used as the decryption key stored in the payload of the advertisement packet is different from the key length used in the decryption algorithm, the decryption unit 303 determines the length of the sensor data used as the decryption key. You may adjust the thickness. For example, a DES encryption algorithm uses a 56-bit decryption key. If the sensor data is less than 56 bits long, a predetermined bit is added to the sensor data, and the decryption algorithm is used. May be used.

  The transmitting unit 304 receives the first to nth unencrypted date / time data and sensor data sets stored in the data storage unit 301 and transmits them to the server 300 via the network (FIG. 11). reference). The transmission unit 304 uses, for example, mobile communication or WLAN. In the example of FIG. 11, the appearance of a wristwatch-type wearable sphygmomanometer is shown as the data transmission device 100, but the appearance of the data transmission device 100 is not limited to this and may be a stationary sphygmomanometer. It may be a sensor device that measures the amount related to other biological information or activity information.

  The server 300 corresponds to a database that manages sensor data (mainly related to biological information) of a large number of users. In addition to the user himself / herself, the server 300 responds to access from, for example, a health instructor, an insurance company or a program operator's PC in order to provide user health guidance, insurance enrollment assessment, health promotion program performance evaluation, etc. The biometric information of the user may be transmitted.

§3 Example of operation
FIG. 12 is a flowchart illustrating an example of the operation of the data transmission device 100. Note that the processing procedure described below is merely an example, and each processing may be changed as much as possible. Further, in the processing procedure described below, steps can be omitted, replaced, and added as appropriate according to the embodiment.

  The operation example of FIG. 12 starts when a sensor control unit (not shown) gives a command for starting measurement to the biosensor 101. The data transmitting apparatus 100 is not limited to the operation example of FIG. 12, and the data transmission apparatus 100 advertises the BLE date and time data (which can be used for associating date and time) of the clock unit 103 according to various predetermined triggers. Can be stored and transmitted in the packet. The substantially latest date / time data may be transmitted in association with the sensor data, or may be transmitted independently of the sensor data.

  The biometric sensor 101 generates sensor data by measuring an amount related to biometric information that is personal information of the user. This sensor data is sent to the data management unit 105 in association with the date / time data of the clock unit 103. The data management unit 105 writes the date / time data and the set of sensor data to the data storage unit 106.

  That is, the first set including date and time data and sensor data transmitted in the first advertising packet transmitted first, and the date and time data and sensor data transmitted in the second advertising packet transmitted after the second are included. The second set is written into the data storage unit 106 (S11).

  Next, the transmission / encryption control unit 107 reads the first set stored in the data storage unit 106 via the data management unit 105 (S12). Then, the first advertising packet transmitted first storing the first set including the date and time data and the sensor data is generated and output to the transmitting unit 108 (S13). The transmitting unit 108 transmits the first advertising packet storing the first set to the data receiving apparatus 200 via the network (S14).

Thereafter, the transmission / encryption control unit 107 reads out the second set stored in the data storage unit 106 via the data management unit 105 (S15). Next, the transmission / encryption control unit 107 encrypts the second set using the encryption key generated based on the first set (S16).
At this time, the encryption key is generated as follows, for example. That is, when the biological information as sensor data is blood pressure information, the total value or difference value of the systolic blood pressure value and the diastolic blood pressure value, or the total of the systolic blood pressure value, the diastolic blood pressure value, and the pulse value A cryptographic key is generated using a value or the like. That is, the encryption key is generated based on values obtained by calculating the systolic blood pressure value, the diastolic blood pressure value, and the pulse value according to a predetermined calculation rule. When the sensor data includes other information such as body temperature, number of steps, activity amount, etc. in addition to blood pressure information, these multiple types of sensor data are combined according to a predetermined rule, and the encryption key is based on each value. May be generated.

  Then, a second advertising packet including the encrypted second set is generated and output to the transmitting unit 108 (S17). The transmitting unit 108 transmits the second advertising packet storing the second set to the data receiving device 200 via the network (S18).

  In this way, the second set stored in the second advertising packet transmitted after the second uses the encryption key generated based on the first set included in the first advertising packet transmitted first. Encrypted and transmitted as a second advertising packet.

  FIG. 13 is a flowchart showing an example of the operation of the data receiving apparatus 200. As shown in the figure, first, the receiving unit 302 receives the first advertising packet (S21).

  Next, the receiving unit 302 stores the unencrypted first data set of the first advertising packet in the data storage unit 301 (S22), and the transmitting unit 304 stores the first advertising packet stored in the data storage unit 301. The first unencrypted first data set is transmitted to the server 300 (S23).

  Next, when the receiving unit 302 receives the second advertising packet (S24), the receiving unit 302 transmits the encrypted second data set of the second advertising packet to the decrypting unit 303 (S25).

  The decryption unit 303 decrypts the encrypted second data set of the second advertising packet using the decryption key generated based on the first data set stored in the data storage unit 301 ( S26). The composite key is also generated based on the same rule as that used when generating the encryption key described above.

  Then, the decoding unit 303 stores the second data set of the decoded second advertising packet in the data storage unit 301 (S27), and the transmission unit 304 stores the second advertising packet stored in the data storage unit 301. The decrypted second data set is transmitted to the server 300 (S28).

  In the above-described embodiment, when the data transmission device 100 receives the first sensor data and the second sensor data, the data transmission device 100 sequentially transmits the sensor data using the first advertising packet and the second advertising packet. The transmission / encryption control unit 107 may transmit the first advertising packet after waiting for a transmission instruction from the user.

  In the operation example of FIG. 12, since the first sensor data transmitted by the first advertisement packet is not encrypted, from the viewpoint of ensuring the confidentiality of the data, the transmission of the first advertisement packet is also in the vicinity. This should be done in the absence of others. FIG. 14 is a flowchart for explaining the operation of the data transmission apparatus 100 when the transmission timing is determined after waiting for a transmission instruction from the user.

  As described above, in S11, the date / time data transmitted in the first advertising packet transmitted first and the date / time data transmitted in the second advertising packet transmitted after the first set including the sensor data and the second set. And a second set including sensor data is written to the data storage unit 106.

Thereafter, it is determined whether the transmission / encryption control unit 107 has received an instruction from the user (S31). If it is determined that the instruction from the user has been received, the process proceeds to S12 shown in FIG. .
As described above, when a user inputs a transmission instruction in a situation where there is no other person in the vicinity, and transmits the first advertisement packet including the first data set in response to the input of the transmission instruction, for example, Users can send data only at home, avoiding data transmission in crowds such as hospitals. As a result, it is possible to transmit the first unencrypted data set without being intercepted by other terminals of the surroundings, thereby increasing the security of the first data set.

  Further, the transmission timing may be determined based on the position information of the data transmission device 100. For example, the data transmission device 100 is provided with a position measurement unit 118 as shown in FIG. 15, and the position measurement unit 118 detects the position of the data transmission device 100, and the detected position is, for example, in a home or office. Thus, when an unspecified other person corresponds to a place that does not exist in the vicinity, the first advertisement packet including the first data set is transmitted. In this way, even if the user does not input a transmission instruction, the first data set that is not encrypted can be transmitted without being intercepted by an unspecified other person's terminal or the like. Data set security can be increased.

  Note that the position measurement unit 118 uses, for example, GPS (Global Positioning System), and calculates the current position of the data transmission device 100 as latitude and longitude.

  Further, as shown in FIG. 16, the transmission / encryption control unit 107 receives position information of the data transmission device 100 from the position measurement unit 118. The transmission / encryption control unit 107 determines the transmission timing of the first advertising packet and the second advertising packet based on the position information of the data transmitting apparatus 100 from the position measuring unit 118.

  FIG. 17 is a flowchart for explaining the operation of the data transmitting apparatus 100 when the transmission timing is determined using the position information.

  As described above, in S11, the date / time data transmitted in the first advertising packet transmitted first and the date / time data transmitted in the second advertising packet transmitted after the first set including the sensor data and the second set. And a second set including sensor data is written to the data storage unit 106.

  Thereafter, the transmission / encryption control unit 107 receives the position information of the data transmission device 100 from the position measurement unit 118 (S41). Based on the received position information of the data transmitting apparatus 100, it is determined whether the position of the data transmitting apparatus 100 is a predetermined position (S42). The predetermined position can be set by a user, for example, and the position of a home or a hospital is set.

  If it is determined in S42 that the position of the data transmission device 100 is the predetermined position, the process proceeds to S12 shown in FIG.

[Action / Effect]
Therefore, according to the present embodiment, the data transmission device 100 uses the encryption key generated based on the first data transmitted in the first advertisement packet of BLE, to obtain the biological information of the measurement subject. Encrypt. Then, the encrypted biometric information is transmitted in the second advertisement packet transmitted after the transmission of the first BLE advertisement packet transmitted in the first advertisement packet. Therefore, pairing processing is not required in one-way communication, and the confidentiality is ensured by encrypting the biometric information transmitted in the second advertisement packet transmitted after the transmission of the first advertisement packet. can do.

  The data receiving apparatus 200 receives the first advertisement packet and the second advertisement packet, and uses a decryption key generated based on the first data included in the received first advertisement packet. The encrypted biometric information included in the second advertisement packet is decrypted. Therefore, since the data receiving apparatus 200 can decrypt the biometric information using the unencrypted first data, the pairing process is not required in the one-way communication. Moreover, since the encrypted biometric information transmitted by the 2nd advertisement packet transmitted after transmission of the 1st advertisement packet can be decoded, confidentiality can be ensured.

  As mentioned above, although embodiment of this invention has been described in detail, the above description is only illustration of this invention in all the points. It goes without saying that various improvements and modifications can be made without departing from the scope of the present invention. For example, the following changes are possible. In the following, the same reference numerals are used for the same components as in the above embodiment, and the description of the same points as in the above embodiment is omitted as appropriate. The following modifications can be combined as appropriate.

§4 Modification
<4.1>
For example, the transmission unit 108 transmits the first unencrypted data in the first packet used for one-way communication, and the transmission / encryption control unit in the second and subsequent packets used for one-way communication. The data encrypted according to 107 is transmitted, but the data not encrypted in the packet in any order is transmitted regardless of the first packet, and the data in the arbitrary order is used to transmit the data. The encrypted data may be transmitted in a packet after packets in an arbitrary order are transmitted.

  In this case, the decryption unit 303 decrypts the data in the packet after the packet in the arbitrary order is transmitted using the unencrypted data in the packet in the arbitrary order.

  Further, unencrypted data may be periodically transmitted in a packet used for one-way communication. As a result, even if the data in the first packet used for one-way communication cannot be received, the data is decrypted by using the non-encrypted data periodically transmitted thereafter. can do.

<4.2>
The transmission / encryption control unit 107 uses the encryption key generated based on the date / time data and the sensor data included in the BLE advertisement packet transmitted first, in the second and subsequent advertisement packets. The case of encrypting the transmitted date / time data and sensor data has been described, but the encryption key may be generated using either the date / time data or the sensor data, or the date / time data and the sensor data are determined in advance. It may be generated by using a part of the information.

  Similarly, the decryption unit 303 transmits the second and subsequent advertisement packets using the decryption key generated based on the date / time data and the sensor data included in the BLE advertisement packet transmitted first. However, the decryption key may be generated using either the date data or the sensor data, or a part of the date data and the sensor data may be used. May be generated.

Therefore, although the case where a set of date / time data and sensor data is stored in the payload field of the BLE advertisement packet has been described, the present invention is not limited to this. For example, only sensor data may be stored, or only part of the sensor data may be stored.
In short, the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Further, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, you may combine suitably the component covering different embodiment.

A part or all of the above embodiment can be described as in the following supplementary notes, but is not limited thereto.
(Appendix 1)
The data transmission device in a system for transmitting data from a data transmission device to a data reception device using one-way communication,
Memory,
A processor connected to the memory,
The processor is
Generating an encryption key based on the first data transmitted by the first packet used in the one-way communication, encrypting the data using the encryption key;
A data transmission device configured to transmit the encrypted data by a second packet used in the one-way communication after the transmission of the first packet.

(Appendix 2)
The data receiving device in a system for transmitting data from a data transmitting device to a data receiving device using one-way communication,
Memory,
A processor connected to the memory,
The processor is
The first packet including the first data transmitted from the data transmission device by the one-way communication and the encrypted data transmitted from the data transmission device by the one-way communication after the transmission of the first packet. Receiving a second packet containing data;
A decryption key is generated based on the first data included in the received first packet, and the encrypted personal information included in the received second packet is decrypted using the decryption key. A data receiving device configured to:

DESCRIPTION OF SYMBOLS 11, 22 ... Data memory | storage part 12 ... Encryption part 13 ... Transmission part 21 ... Reception part 23 ... Decryption part 100 ... Data transmission apparatus 101 ... Biosensor 102. .... Motion sensor 103 ... Clock unit 104 ... Input unit 105, 204 ... Data management unit 106, 205 ... Data storage unit 107 ... Transmission / encryption control unit 108, 206 ... Transmission unit 109 ... Display control unit 110 ... Display unit 111, 211 ... Control unit 112,212 ... Storage unit 113,213 ... Communication interface 114,214 ... Input device 115,215 ... Output devices 116, 216 ... External interface 117 ... Battery 300 ... Server 301 ... Data storage unit 302 ... Receiving unit 303 ... Decoding unit 3 4 ... the transmission unit.

Claims (10)

In an information processing system that transmits data using a one-way communication from a data transmission device to a data reception device,
The data transmission device includes:
An encryption unit that generates an encryption key based on first data transmitted by the first packet used in the one-way communication, and encrypts the data using the encryption key;
A data transmission unit that transmits the encrypted data using a second packet used in the one-way communication after the transmission of the first packet;
The data receiving device is:
A receiving unit for receiving the first packet and the second packet;
Based on the first data included in the received first packet, a decryption key is generated, and the received decryption key is used by the decryption method corresponding to the encryption method. An information processing system comprising: a decrypting unit that decrypts encrypted data included in the second packet.   The information processing system according to claim 1, wherein the data transmission unit transmits the first packet when receiving a transmission instruction from the user. A position measuring unit for measuring the position of the data transmission device;
The data transmission unit determines whether to transmit the first packet according to the measured position of the information processing apparatus;
The information processing system according to claim 1.   The information processing system according to claim 1, wherein the first packet and the second packet are BLE (Bluetooth Low Energy) advertisement packets. The data transmission device in a system for transmitting data from a data transmission device to a data reception device using one-way communication,
An encryption unit that generates an encryption key based on first data transmitted by the first packet used in the one-way communication, and encrypts the data using the encryption key;
A data transmission device comprising: a data transmission unit configured to transmit the encrypted data by a second packet used in the one-way communication after the transmission of the first packet. The data receiving device in a system for transmitting data from a data transmitting device to a data receiving device using one-way communication,
The first packet including the first data transmitted from the data transmission device by the one-way communication and the encrypted data transmitted from the data transmission device by the one-way communication after the transmission of the first packet. A receiving unit for receiving a second packet including data;
A decryption key is generated based on the first data included in the received first packet, and the encrypted data included in the received second packet is decrypted using the decryption key. A data receiving apparatus comprising: a decoding unit. An information processing method executed by the data transmission device in a system for transmitting data from the data transmission device to the data reception device using one-way communication,
Generating an encryption key based on the first data transmitted by the first packet used in the one-way communication, and encrypting the data using the encryption key;
Transmitting the encrypted data in a second packet used in the one-way communication after transmitting the first packet;
Information processing method in data transmission apparatus. An information processing method executed by the data receiving apparatus in a system for transmitting data from a data transmitting apparatus to a data receiving apparatus using one-way communication,
The first packet including the first data transmitted from the data transmission device by the one-way communication and the encrypted data transmitted from the data transmission device by the one-way communication after the transmission of the first packet. Receiving a second packet containing data;
A decryption key is generated based on the first data included in the received first packet, and the encrypted data included in the received second packet is decrypted using the decryption key. ,
Information processing method in data receiving apparatus. A program used in the data transmission device in a system for transmitting data from the data transmission device to the data reception device using one-way communication,
In the data transmission device,
Generating an encryption key based on the first data transmitted by the first packet used in the one-way communication, and encrypting the data using the encryption key;
Transmitting the encrypted data in a second packet used in the one-way communication after transmission of the first packet;
program. A program used in the data receiving apparatus in a system for transmitting data of a person to be measured using one-way communication from a data transmitting apparatus to a data receiving apparatus,
In the data receiving device,
The first packet including the first data transmitted from the data transmission device by the one-way communication and the encrypted data transmitted by the one-way communication after the transmission of the first packet from the data transmission device. Receive a second packet containing
A decryption key is generated based on the first data included in the received first packet, and the encrypted data included in the received second packet is decrypted using the decryption key. ,
program.