[go: up one dir, main page]

WO2018229867A1 - Personal information protection system - Google Patents

Personal information protection system Download PDF

Info

Publication number
WO2018229867A1
WO2018229867A1 PCT/JP2017/021806 JP2017021806W WO2018229867A1 WO 2018229867 A1 WO2018229867 A1 WO 2018229867A1 JP 2017021806 W JP2017021806 W JP 2017021806W WO 2018229867 A1 WO2018229867 A1 WO 2018229867A1
Authority
WO
WIPO (PCT)
Prior art keywords
public key
unit
information
node devices
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2017/021806
Other languages
French (fr)
Japanese (ja)
Inventor
太郎 上野
太祐 市川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sustainable Medicine Inc
Original Assignee
Sustainable Medicine Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sustainable Medicine Inc filed Critical Sustainable Medicine Inc
Priority to PCT/JP2017/021806 priority Critical patent/WO2018229867A1/en
Priority to JP2017552511A priority patent/JP6245782B1/en
Publication of WO2018229867A1 publication Critical patent/WO2018229867A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/40ICT specially adapted for the handling or processing of patient-related medical or healthcare data for data related to laboratory analysis, e.g. patient specimen analysis

Definitions

  • the present invention relates to a personal information protection system, and in particular, is suitable for use in a system for enabling exchange between a patient and a medical institution while protecting biometric information and medical record information, which are personal information of a patient. is there.
  • Medical data recorded in the electronic medical record is a record of medical care performed for each patient, and also serves as a case database. In other words, it is expected that electronic medical records relating to various cases are accumulated in a database and shared to help improve medical quality.
  • the authenticity of the information recorded in the electronic medical record is strictly required. Therefore, it is necessary to introduce a mechanism for preventing falsification of information recorded in the electronic medical record.
  • the electronic medical record provided by the doctor is prevented from being altered, but also the patient's biological information provided by the patient to the doctor. It is also necessary to prevent falsification of information (such as information measured by a medical device placed in the patient's home).
  • the patient's biological information is personal information, the realization of confidentiality that is not disclosed to anyone other than authorized persons is also required.
  • Patent Documents 1 and 2 disclose inventions related to systems for the purpose of preventing falsification of medical record data into which patient medical data has been input.
  • the electronic medical record recording system described in Patent Document 2 is made for the purpose of suppressing falsification of the electronic medical record without using a time stamp whose reliability is uncertain.
  • the electronic medical record transmitted from the user terminal and recorded in the electronic medical record reception memory includes the contents of the electronic medical record recorded in the storage electronic medical record database. Only when it is determined that all are included, the electronic medical record in the storage electronic medical record database is overwritten.
  • Patent Documents 1 and 2 describe a mechanism for preventing falsification of an electronic medical record, but describe a mechanism for preventing falsification of patient biometric information provided from a patient to a medical institution doctor via a network. It has not been. In addition, there is no description of a mechanism for realizing confidentiality that is not disclosed to anyone other than those who are permitted to receive patient biometric information as personal information.
  • the present invention has been made in view of the circumstances described above, and is intended to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from a patient to a medical institution. Objective.
  • a personal information protection system of the present invention includes a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network.
  • the public key and the secret key are generated at the medical institution terminal and provided to one node device.
  • a consensus formation process for sharing the public key among the plurality of node devices is performed, and the public keys are stored in the plurality of node devices only when the consensus is formed.
  • the patient terminal obtains a public key from one node device, and the obtained public key encrypts patient biometric information or information that can identify an individual added to the biometric information, and is generated thereby Encrypted biometric information is provided to one node device.
  • a consensus building process for sharing the encrypted biometric information among the plurality of node devices is performed, and the encrypted biometric information is stored in the plurality of node devices only when the consensus is formed.
  • the encrypted biometric information is acquired from one node device and decrypted with the secret key generated together with the public key.
  • the patient biometric information provided from the patient to the medical institution is encrypted with the public key by itself or information that can identify an individual added to the biometric information. By doing so, it is concealed.
  • the concealed biometric information can be decrypted and used only by a medical institution having a secret key.
  • the public key is distributed and stored in each node device only when it is verified that it is valid by the consensus building process executed between the plurality of node devices, for example, the public key is malicious to the node device.
  • the public key is malicious to the node device.
  • the program it is possible to prevent the public key itself from being falsified. Since the public key is prevented from being falsified, it is possible to prevent the biometric information and the like from being encrypted with the illegal public key that has been falsified and decrypted with the illegal private key.
  • biometric information or the like encrypted with a public key is stored in a distributed manner in each node device only when it is verified that it is valid by a consensus building process executed between a plurality of node devices. For example, it is possible to prevent the encrypted biometric information from being tampered with by installing a malicious program on the node device.
  • FIG. 1 is a diagram showing an example of the overall configuration of a personal information protection system according to the first embodiment.
  • the personal information protection system according to the first embodiment includes a medical institution terminal 100 used in a medical institution, a patient terminal 200 used by a patient, and a plurality of node devices connected by a distributed network. 300 -1 to 300 -3 (hereinafter sometimes collectively referred to as the node device 300).
  • the medical institution terminal 100 and the node device 300 are configured to be connectable via a communication network such as the Internet.
  • FIG. 1 shows a state where the medical institution terminal 100 is connected to the node device 300-3 .
  • the medical institution terminal 100 is arbitrarily connected to any one of the node devices 300-1 to 300-3 in the distributed network. It is possible to connect.
  • the patient terminal 200 and the node device 300 are configured to be connectable via a communication network such as the Internet.
  • FIG. 1 shows a state in which the patient terminal 200 is connected to the node device 300-2 , the patient terminal 200 is arbitrarily connected to any one of the node devices 300-1 to 300-3 in the distributed network. It is possible.
  • the patient terminal 200 is a terminal capable of inputting patient's biological information, and is configured by, for example, a smartphone, a personal computer, a tablet or the like.
  • the biometric information is information measured by a medical device (not shown) placed at the patient's home, for example.
  • the medical device and the patient terminal 200 are connected by wire or wirelessly, and the biological information measured by the medical device is transmitted to the patient terminal 200 so that the patient terminal 200 inputs the biological information.
  • the patient may input biological information measured by the medical device to the patient terminal 200 by operating an operation interface such as a touch panel or a keyboard of the patient terminal 200.
  • biological information is not limited to information related to human physiology measured by medical equipment.
  • information on human psychology and behavior such as information on psychological aspects such as sensation and sensitivity, behavioral ability such as reaction and follow-up, and information on daily life behavior may be used.
  • Such biological information can be input by the patient operating an operation interface such as a touch panel or a keyboard of the patient terminal 200, for example.
  • an application program installed in the patient terminal 200 it is also possible to input information on human psychology and behavior as a function of the application program.
  • a block chain technology is introduced into a plurality of node devices 300 -1 to 300 -3 connected by a distributed network. That is, as will be described later, data such as a public key and biometric information is stored in a manner shared by a plurality of node devices 300 -1 to 300 -3 by the block chain technology. For simplicity of illustration, only three node devices 300 -1 to 300 -3 are shown in FIG. 1, but more than this may be used.
  • the medical institution terminal 100 generates a public key and a secret key, and provides them to one of the node devices 300 -1 to 300 -3 . Then, a consensus process for sharing a public key across the plurality of node devices 300 -1 to 300 -3, only if it is consensus, published in a plurality of node devices 300 -1 to 300 -3 Remember the key.
  • patient terminal 200 acquires a public key from a node device among the plurality of node devices 300 -1 to 300 -3, the public key the acquired individual being added to the biological information or the biometric information of the patient Encrypt information that can be specified. Then, the encrypted biometric information generated thereby is provided to one of the node devices 300 -1 to 300 -3 . Since the patient's biometric information is related to personal information, the biometric information is encrypted and the encrypted biometric information is provided to the node device 300 in order to ensure confidentiality.
  • the biometric information provided from the patient terminal 200 to the node device 300 is added with information that can identify the individual of the patient (information such as the patient's name, sex, age, address, etc., hereinafter referred to as patient information). Is done. Since the patient information is also related to the personal information, the patient information may be encrypted in order to ensure confidentiality.
  • the biometric information and the entire patient information added thereto may be encrypted, or only the biometric information or only the patient information may be encrypted.
  • the encrypted biometric information is provided from the patient terminal 200 to one of the node devices 300 -1 to 300 -3 , the encrypted biometric information is sent to the plurality of node devices 300 -1 to 300 -3.
  • the consensus building process for sharing the whole is performed, and the encrypted biometric information is stored in the plurality of node devices 300 -1 to 300 -3 only when the consensus is formed.
  • the medical institution terminal 100 acquires the encrypted biometric information from one of the plurality of node devices 300 -1 to 300 -3 and decrypts it with the secret key generated along with the public key.
  • the private key is held only in the medical institution terminal 100 that has generated this together with the public key. Thereby, the patient biometric information related to the personal information can be used only in the specific medical institution terminal 100 that knows the secret key.
  • FIG. 2 is a block diagram illustrating a functional configuration example of the medical institution terminal 100 according to the first embodiment.
  • the medical institution terminal 100 according to the first embodiment includes a key generation unit 11, a public key provision unit 12, a biometric information acquisition unit 13, and a decryption processing unit 14 as functional configurations.
  • the medical institution terminal 100 according to the first embodiment includes a key storage unit 10 as a storage medium.
  • the functional blocks 11 to 14 can be configured by any of hardware, DSP (Digital Signal Processor), and software.
  • each of the functional blocks 11 to 14 actually includes a CPU, RAM, ROM, etc. of a computer, and is stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the key generation unit 11 generates a public key and a secret key.
  • a known technique can be applied to the key generation.
  • a public key and a secret key (hereinafter, collectively referred to as key information) generated by the key generation unit 11 are stored in the key storage unit 10.
  • the public key providing unit 12 provides the public key generated by the key generating unit 11 to one node device among the plurality of node devices 300 -1 to 300 -3 .
  • Which node device provides the public key is arbitrary.
  • the public key provided to the node device 300 is distributed and stored in the plurality of node devices 300 -1 to 300 -3 through a consensus process described later.
  • the encrypted biometric information generated thereby is transferred from the patient terminal 200 to the node device. 300 is provided.
  • the encrypted biometric information provided to the node device 300 is distributed and stored in the plurality of node devices 300 -1 to 300 -3 through a consensus process described later.
  • the biometric information acquisition unit 13 acquires encrypted biometric information from one node device among the plurality of node devices 300 -1 to 300 -3 . That is, the biometric information acquisition unit 13 transmits a biometric information acquisition request to one node device, and acquires the encrypted biometric information transmitted from the one node device in response to this request.
  • the decryption processing unit 14 decrypts the encrypted biometric information acquired by the biometric information acquisition unit 13 with the secret key generated by the key generation unit 11 and stored in the key storage unit 10.
  • only the medical institution terminal 100 that generated the key information can decrypt the encrypted biometric information.
  • a patient's biometric information can be exchanged in the state which ensured confidentiality only between a specific medical institution and the specific patient who is receiving medical treatment, treatment, etc. of the medical institution.
  • FIG. 3 is a block diagram illustrating a functional configuration example of the patient terminal 200 according to the first embodiment.
  • the patient terminal 200 according to the first embodiment includes a biometric information input unit 21, a public key acquisition unit 22, an encryption processing unit 23, and a biometric information provision unit 24 as functional configurations.
  • the above functional blocks 21 to 24 can be configured by any of hardware, DSP, and software.
  • each of the functional blocks 21 to 24 is actually configured by including a CPU, RAM, ROM, and the like of a computer, and is stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the biometric information input unit 21 inputs patient biometric information.
  • the biological information is any one or more of information related to the patient's physiology, psychology, and behavior. For example, information measured by a medical device (not shown) placed in the patient's home is input. To do.
  • biometric information is input as a function of the application program through execution of the application program installed in the patient terminal 200.
  • This application program may be the same program as the program that executes the functions of the public key acquisition unit 22, the encryption processing unit 23, and the biometric information providing unit 24, or may be a different program.
  • the biometric information input unit 21 adds patient information that can identify an individual patient to the input biometric information.
  • the patient information to be added is input and stored in advance by the patient operating an operation interface such as a touch panel or a keyboard of the patient terminal 200.
  • the biometric information input unit 21 adds patient information stored in advance to the biometric information. Note that patient information may be input each time in accordance with the input of biometric information.
  • the public key acquisition unit 22 acquires public keys stored in the plurality of node devices 300 -1 to 300 -3 from one node device. That is, the public key acquisition unit 22 transmits a public key acquisition request to one node device, and acquires the public key transmitted from the one node device in response to this request.
  • the encryption processing unit 23 generates encrypted biometric information by encrypting at least one of the patient biometric information and the patient information added to the biometric information with the public key acquired by the public key acquiring unit 22. .
  • the biometric information providing unit 24 provides the encrypted biometric information generated by the encryption processing unit 23 to one node device among the plurality of node devices 300 -1 to 300 -3 .
  • FIG. 4 is a block diagram illustrating a functional configuration example of the node device 300 according to the first embodiment. Although here is shown an example of the functional configuration of the node device 300 -1, it is configured similarly other node devices 300 -2 to 300 -3.
  • the node device 300 -1 of the first embodiment as a functional structure, the public key reception unit 31, the first consensus processing unit 32, a public key storage control unit 33, the biological information receiving unit 34, a second consensus processing unit 35, a biological information storage control unit 36, a public key transmission unit 37, and a biological information transmission unit 38. Also, the node device 300 -1 of the first embodiment, as the storage medium, and a data storage unit 30.
  • the functional blocks 31 to 38 can be configured by any of hardware, DSP, and software.
  • each of the functional blocks 31 to 38 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.
  • the public key receiving unit 31 receives the public key provided by the public key providing unit 12 of the medical institution terminal 100.
  • the first consensus processing unit 32 shares the public key provided by the medical institution terminal 100 (the public key received by the public key receiving unit 31) among the plurality of node devices 300-1 to 300-3.
  • the consensus building process is performed. That is, the first consensus processor 32 of the node device 300 -1 transmits the public key received by the public key receiver unit 31 to the other node devices 300 -2 to 300 -3, a predetermined consensus process Do.
  • the first consensus processing unit 32 verifies the validity of the public key provided from the medical institution terminal 100 by performing consensus building processing using a PBFT (Practical Byzantine Fault Tolerance) consensus algorithm.
  • PBFT Practical Byzantine Fault Tolerance
  • the public key storage control unit 33 stores the public key in the data storage unit 30 provided in each of the plurality of node devices 300 -2 to 300 -3 only when an agreement is formed by the first consensus processing unit 32. As a result, the consensus public keys are distributed and stored in the plurality of node devices 300 -1 to 300 -3 .
  • the biometric information receiving unit 34 receives the encrypted biometric information provided by the biometric information providing unit 24 of the patient terminal 200.
  • the second consensus processing unit 35 transmits the encrypted biometric information (encrypted biometric information received by the biometric information receiving unit 34) provided from the patient terminal 200 to the plurality of node devices 300 -1 to 300 -3 as a whole. Perform consensus building process for sharing.
  • a consensus algorithm known in blockchain technology can also be used for the consensus building process performed by the second consensus processing unit 35.
  • the biometric information storage control unit 36 stores the encrypted biometric information in the data storage unit 30 provided in each of the plurality of node devices 300 -1 to 300 -3 only when an agreement is formed by the second consensus processing unit 35. . As a result, the encrypted biometric information formed in agreement is distributed and stored in the plurality of node devices 300 -1 to 300 -3 .
  • the public key transmission unit 37 transmits the public key stored in the data storage unit 30 to the patient terminal 200 in response to the public key acquisition request sent from the public key acquisition unit 22 of the patient terminal 200.
  • the biometric information transmission unit 38 sends the encrypted biometric information stored in the data storage unit 30 to the medical institution terminal 100 in response to the biometric information acquisition request sent from the biometric information acquisition unit 13 of the medical institution terminal 100. Send.
  • FIG. 5 is a flowchart illustrating an operation example when a public key is transmitted from the medical institution terminal 100 to the node device 300 and stored.
  • the key generation unit 11 of the medical institution terminal 100 generates a public key and a secret key (step S1), and stores the generated key information in the key storage unit 10 (step S2).
  • the public key providing unit 12 provides the public key generated by the key generating unit 11 to one node device among the plurality of node devices 300 -1 to 300 -3 (step S3).
  • the first consensus processing unit 32 uses the received public key as a plurality of public keys. Consensus building processing is performed for sharing among the node devices 300 -1 to 300 -3 (step S12).
  • the public key storage control unit 33 determines whether or not the consensus formation by the first consensus processing unit 32 is successful (step S13), and only when the consensus is formed, the plurality of node devices 300 ⁇ 1 to 300 -3 stores the public key in the data storage unit 30 with each (step S14). Thereby, the process of the flowchart shown in FIG. 5 is completed.
  • FIG. 6 is a flowchart showing an operation example when the patient biometric information is encrypted, transmitted from the patient terminal 200 to the node device 300, and stored.
  • the public key acquisition unit 22 of the patient terminal 200 transmits a public key acquisition request to the node device 300 (step S21).
  • the public key transmission unit 37 of the node device 300 transmits the public key stored in the data storage unit 30 to the patient terminal 200 (step S32).
  • the public key acquisition unit 22 acquires the public key transmitted from the node device 300 (step S22).
  • the biometric information input unit 21 inputs the biometric information of the patient (Step S23). And the encryption process part 23 produces
  • the biometric information providing unit 24 provides the encrypted biometric information generated by the cryptographic processing unit 23 to one of the node devices 300 -1 to 300 -3 (Step S25).
  • the public key acquisition in steps S21, S22, S31, and S32 and the biometric information input in step S23 may be performed in the reverse order. Further, in the case where the patient repeatedly provides biometric information to the node device 300, if the public key has already been acquired, the acquisition of the public key in steps S21, S22, S31, and S32 can be omitted. It is.
  • the second consensus processing unit 35 transmits the received encrypted biometric information to a plurality of nodes.
  • a consensus building process is performed for sharing among the devices 300 -1 to 300 -3 (step S34).
  • the biological information storage control unit 36 determines whether or not the consensus formation by the second consensus processing unit 35 is successful (step S35), and only when the consensus is formed, the plurality of node devices 300 ⁇ 1 to 300 -3 stores the encrypted biometric information in the data storage unit 30 with each (step S36). Thereby, the process of the flowchart shown in FIG. 6 is completed.
  • FIG. 7 is a flowchart showing an operation example when the medical institution terminal 100 acquires the encrypted biometric information from the node device 300 and decrypts it.
  • the biometric information acquisition unit 13 of the medical institution terminal 100 transmits a biometric information acquisition request to the node device 300 (step S41).
  • the biometric information transmitting unit 38 of the node device 300 transmits the encrypted biometric information stored in the data storage unit 30 to the medical institution terminal 100.
  • Step S52 In response to this, the biometric information acquisition unit 13 acquires the encrypted biometric information transmitted from the node device 300 (step S42).
  • the decryption processing unit 14 acquires the secret key stored in the key storage unit 10 (step S43), and decrypts the encrypted biometric information acquired by the biometric information acquisition unit 13 using the secret key (step S43). S44). Thereby, the process of the flowchart shown in FIG. 7 is completed.
  • the patient biometric information provided from the patient terminal 200 to the medical institution terminal 100 is either itself or patient information added to the biometric information by a public key. It is concealed by being encrypted. The concealed biometric information can be decrypted and used only by the medical institution that generated the secret key.
  • the node device 300 since the public key is distributed and stored in each node device 300 only when it is verified that the public key is valid by the consensus building process executed between the plurality of node devices 300, for example, the node device 300 It is possible to prevent the public key itself from being falsified by setting a malicious program on the computer. Since the public key is prevented from being falsified, it is possible to prevent the biometric information and the like from being encrypted with the illegal public key that has been falsified and decrypted with the illegal private key.
  • biometric information or the like encrypted with the public key is distributed and stored in each node device 300 only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300. Therefore, for example, it is possible to prevent the encrypted biometric information from being falsified by setting a malicious program on the node device 300.
  • the first embodiment it is possible to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from the patient terminal 200 to the medical institution terminal 100.
  • FIG. 8 is a diagram showing an example of the overall configuration of the personal information protection system according to the second embodiment.
  • the same reference numerals as those shown in FIG. 1 have the same functions, and therefore redundant description is omitted here.
  • the personal information protection system includes two medical institution terminals 100A and 100B as terminals used in two medical institutions.
  • the first medical institution terminal 100A and the node device 300 'and the second medical institution terminal 100B and the node device 300' can be connected by a communication network such as the Internet.
  • FIG. 8 shows a state in which the first medical institution terminal 100A is connected to the node device 300-3 ′ and the second medical institution terminal 100B is connected to the node device 300-1 ′.
  • the engine terminals 100A and 100B can be arbitrarily connected to any one of the node devices 300-1 'to 300-3 ' in the distributed network.
  • FIG. 9 is a block diagram illustrating a functional configuration example of the first medical institution terminal 100A according to the second embodiment.
  • components having the same reference numerals as those shown in FIG. 2 have the same functions, and thus redundant description is omitted here.
  • the first medical institution terminal 100A further includes a chart information input unit 15, a chart encryption processing unit 16, and a chart information providing unit 17 as its functional configuration.
  • These functional blocks 15 to 17 can also be configured by any of hardware, DSP, and software.
  • the chart information input unit 15 inputs patient chart information.
  • the medical record information is a record of various information related to the medical treatment and treatment of the patient, and is written and stored as necessary information every time the doctor in charge of the patient performs the medical treatment and treatment.
  • the created chart information is stored in a local terminal used by the doctor in charge or a shared server in the hospital network.
  • the chart information input unit 15 inputs chart information stored in a local terminal or a shared server.
  • the medical record encryption processing unit 16 encrypts the medical record information input by the medical record information input unit 15 with the public key generated by the key generation unit 11 and stored in the key storage unit 10, thereby obtaining the encrypted medical record information. Generate. Note that the encryption of the chart information may be performed on the entire chart information or only on the part of the patient information included in the chart information.
  • the chart information providing unit 17 provides the encrypted chart information generated by the chart encryption processing unit 16 to one of the node devices 300 -1 to 300 -3 among the plurality of node devices.
  • FIG. 10 is a block diagram illustrating a functional configuration example of the second medical institution terminal 100B according to the second embodiment.
  • the second medical institution terminal 100 ⁇ / b> B includes a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43 as its functional configuration.
  • the second medical institution terminal 100B includes a secret key storage unit 40 as a storage medium.
  • These functional blocks 41 to 43 can also be configured by any of hardware, DSP, and software.
  • the medical chart information acquisition unit 41 acquires encrypted medical chart information from one of the plurality of node devices 300 -1 ′ to 300 -3 ′. That is, the chart information acquisition unit 41 transmits a chart information acquisition request to one node apparatus, and acquires encrypted chart information transmitted from the one node apparatus in response to this request.
  • the secret key acquisition unit 43 acquires the secret key generated by the first medical institution terminal 100A via another secure route that does not pass through the node device 300 '.
  • the secret key acquisition unit 43 is connected from the first medical institution terminal 100A via a VPN (Virtual Private Network) or a dedicated line set between the first medical institution terminal 100A and the second medical institution terminal 100B. It is possible to obtain a secret key. Or you may make it mail the thing which output the secret key to the paper medium or the information storage medium.
  • VPN Virtual Private Network
  • Another method may be as follows. That is, the second medical institution terminal 100B generates a set of another public key and another secret key, and discloses another public key. Then, the secret key generated by the first medical institution terminal 100A is encrypted with another public key generated by the second medical institution terminal 100B, and the encrypted secret key is transferred from the first medical institution terminal 100A to the first key. To the second medical institution terminal 100B. The secret key acquisition unit 43 decrypts the secret key acquired from the first medical institution terminal 100 ⁇ / b> A with another secret key and stores it in the secret key storage unit 40.
  • the chart decryption processing unit 42 decrypts the encrypted chart information acquired by the chart information acquisition unit 41 with the secret key stored in the secret key storage unit 40.
  • the encrypted medical record information can be decrypted only by the second medical institution terminal 100B that has acquired the secret key by a secure route from the first medical institution terminal 100A that has generated the secret key.
  • FIG. 11 is a block diagram illustrating a functional configuration example of the node device 300 ′ according to the second embodiment. Incidentally, 'it is shown an example of the functional configuration of the other nodes 300 - 2' where the node device 300 -1 to 300 -3 'are similarly constructed.
  • the node device 300 -1 ′ includes, as its functional configuration, a chart information receiving unit 51, a third consensus processing unit 52, a chart information storage control unit 53, and a chart information transmission.
  • a portion 54 is further provided.
  • These functional blocks 51 to 54 can also be configured by any of hardware, DSP, and software.
  • the chart information receiving unit 51 receives the encrypted chart information provided by the chart information providing unit 17 of the first medical institution terminal 100A.
  • the third consensus processing unit 52 uses the encrypted medical record information (the encrypted medical record information received by the medical record information receiving unit 51) provided from the first medical institution terminal 100A as a plurality of node devices 300 -1 ′ to 300. -3 'Consensus building process to share with the whole.
  • a consensus algorithm known in block chain technology can also be used for the consensus building process performed by the third consensus processing unit 52.
  • the medical record information storage control unit 53 stores the encrypted medical record information in the data storage unit 30 provided in each of the plurality of node devices 300 -1 ′ to 300 -3 ′ only when an agreement is formed by the third consensus processing unit 52.
  • consensus-formed encrypted medical record information is distributed and stored in the plurality of node devices 300 -1 ′ to 300 -3 ′.
  • the medical record information transmission unit 54 receives the encrypted medical record information stored in the data storage unit 30 in response to the medical record information acquisition request sent from the medical record information acquisition unit 41 of the second medical institution terminal 100B. To the medical institution terminal 100B.
  • the authenticity (impossibility of falsification) and confidentiality of patient chart information. It is possible to share medical chart information while ensuring the above.
  • the patient chart information provided from the first medical institution terminal 100A to the second medical institution terminal 100B is concealed by encrypting the whole or part of the patient information with the public key.
  • the confidential medical record information can be decrypted and used only by the second medical institution that has obtained the secret key from the first medical institution.
  • the public key is distributed and stored in each node device 300 ′ only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300 ′, for example, the node
  • the node By setting a malicious program on the device 300 ′, it is possible to prevent the public key itself from being falsified. Since falsification of the public key is suppressed, it is possible to prevent the chart information and the like from being encrypted by the illegal public key that has been falsified and decrypted by the illegal secret key.
  • the medical record information encrypted with the public key is also distributed to each node device 300 ′ only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300 ′. Since it is stored, for example, it is possible to prevent the encrypted medical record information from being falsified by installing a malicious program on the node device 300 ′.
  • the authenticity (impossibility of falsification) and confidentiality of patient chart information provided and shared from the first medical institution terminal 100A to the second medical institution terminal 100B. Can be realized.
  • the second medical institution terminal 100B further includes the biometric information acquisition unit 13 and the decryption processing unit 14, thereby providing the second medical institution terminal 100B with the biometric information encrypted by the patient terminal 200. You may be able to do it.
  • the second medical institution terminal 100B includes a key storage unit 10, a key generation unit 11, a public key provision unit 12, and a biometric information acquisition unit 13 in addition to the configuration shown in FIG.
  • a decryption processing unit 14, a chart information input unit 15, a chart encryption processing unit 16, and a chart information providing unit 17 may be provided.
  • the first medical institution terminal 100A may include a secret key storage unit 40, a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43 in addition to the configuration illustrated in FIG.
  • the patient terminal 200 may further include a secret key storage unit 40, a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43.
  • a secret key storage unit 40 may store data for storing medical chart information.
  • the medical record information created in the first medical institution terminal 100A is encrypted with the public key generated in the first medical institution terminal 100A, and the secret key generated in the first medical institution terminal 100A is used.
  • the first medical institution terminal 100A provides the patient terminal 200 with a safe route.
  • the patient terminal 200 generates a set of the second public key and the second secret key, and provides the second public key to the node device 300 ′.
  • the node device 300 ′ performs consensus processing on the second public key, and distributes and stores the second public key only when an agreement is formed.
  • the medical record information created in the first medical institution terminal 100A is encrypted with the second public key acquired from the node device 300 ′ by the first medical institution terminal 100A, and the encrypted medical record information is converted into the first medical institution information.
  • the node device 300 ′ performs consensus processing on the encrypted medical record information, and distributes and stores the encrypted medical record information only when an agreement is formed.
  • the patient terminal 200 obtains the encrypted medical record information from the node device 300 ′ and decrypts it with the second secret key generated together with the second public key.
  • the personal information protection system in this case is a personal information protection system comprising a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network, Specifically, it is configured as follows.
  • the patient terminal A second key generation unit for generating a second public key and a second secret key; A second public key providing unit that provides the second public key generated by the second key generating unit to one node device among the plurality of node devices; A chart information acquisition unit that acquires encrypted chart information from one of the plurality of node apparatuses; A second decryption processing unit that decrypts the encrypted medical record information acquired by the medical record information acquisition unit with the second secret key generated by the second key generation unit.
  • the plurality of node devices A fourth consensus processing unit that performs consensus building processing for sharing the second public key provided from the patient terminal with the whole of the plurality of node devices; A second public key storage control unit that stores the second public key in the data storage unit included in each of the plurality of node devices only when an agreement is formed by the fourth consensus processing unit; A fifth consensus processing unit for performing consensus formation processing for sharing the encrypted medical record information provided from the medical institution terminal with the plurality of node devices as a whole; Only when an agreement is formed by the fifth consensus processing unit, a medical record information storage control unit that stores the encrypted medical record information in the data storage unit provided in each of the plurality of node devices.
  • medical institution terminals A second public key acquisition unit that acquires the second public key stored in the plurality of node devices from one node device;
  • a second encryption processing unit that generates the encrypted medical record information by encrypting the medical record information with the second public key acquired by the second public key acquisition unit;
  • a medical record information providing unit that provides the encrypted medical record information generated by the second cryptographic processing unit to one of the plurality of node devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

A public key and a secret key are generated at a medical institute terminal 100 and are provided to one of node devices 300, and the public key is dispersed and saved only when a consensus is reached among all the node devices 300. A patient terminal 200 acquires the public key from one of the node devices 300, encrypts biological information, provides the encrypted biological information to said one of the node devices 300, and the encrypted biological information is dispersed and saved only when a consensus is reached among all the node devices 300. The medical institute terminal 100 acquires the encrypted biological information from one of the node devices 300, and decrypts the biological information by using the secret key generated together with the public key. Thus, authenticity (inability to falsify) and secrecy (inability to identify a person by somebody other than permitted person) of biological information supplied from a patient to a medical institution can be realized.

Description

個人情報保護システムPersonal information protection system

 本発明は、個人情報保護システムに関し、特に、患者の個人情報である生体情報やカルテ情報を保護しつつ患者と医療機関との間でやり取りできるようにするためのシステムに用いて好適なものである。 The present invention relates to a personal information protection system, and in particular, is suitable for use in a system for enabling exchange between a patient and a medical institution while protecting biometric information and medical record information, which are personal information of a patient. is there.

 近年、医療業界において電子カルテの普及が進みつつある。電子カルテとは、従来
1497319278228_0
が患者の診療情報を記入していた紙の
1497319278228_1
を電子データに置き換えたものである。電子カルテを採用することにより、例えば次のようなことの実現が期待されている。 In recent years, electronic medical records are spreading in the medical industry. What is an electronic medical record?
1497319278228_0
Of the paper on which the patient's medical information was written
1497319278228_1
Is replaced with electronic data. By adopting an electronic medical record, for example, the following realization is expected.

(1)電子カルテデータの2次利用
 電子カルテに記録される医療データは、個々の患者に対して行われた診療の記録であると同時に、症例データベースとしての役割も担う。すなわち、種々の症例に関する電子カルテをデータベースに蓄積して共有化することにより、医療の質の向上に役立てることが期待されている。 (1) Secondary use of electronic medical record data Medical data recorded in the electronic medical record is a record of medical care performed for each patient, and also serves as a case database. In other words, it is expected that electronic medical records relating to various cases are accumulated in a database and shared to help improve medical quality.

(2)地域医療連携
 電子カルテで患者の診療情報を共有化可能な地域医療ネットワークシステムを構築することにより、複数の医療機関で診療を受けることを希望する患者の利便性の向上を図ることが期待されている。 (2) Regional medical cooperation By building a regional medical network system that can share medical information of patients via electronic medical records, it is possible to improve the convenience of patients who wish to receive medical care at multiple medical institutions. Expected.

(3)遠隔医療
 医師間、医師と患者との間をネットワークで結び、電子カルテで患者の診療情報をやり取りできるようにすることにより、患者が医療機関に訪問しなくても診療や健康相談を受けられるようにすることが期待されている。 (3) Telemedicine Connect doctors and doctors with patients via a network, and exchange medical information on patients via electronic medical records, so that patients can visit a medical institution for medical care and health consultations. It is expected to be received.

 このように、電子カルテの応用例は様々であるが、電子カルテに記録される情報の真正性は厳格に要求される。そのために、電子カルテに記録される情報の改ざんを防止する仕組みを導入することが必要である。また、医師と患者との間をネットワークで結んだ遠隔医療システムを構築する場合には、医師から提供される電子カルテの改ざんを防止するだけでなく、患者から医師に提供される患者の生体情報(患者の自宅に置かれた医療機器等で測定される情報など)の改ざんを防止することも必要となる。また、患者の生体情報は個人情報であるため、許可された者以外には開示されない秘匿性の実現も求められる。 As described above, there are various application examples of the electronic medical record, but the authenticity of the information recorded in the electronic medical record is strictly required. Therefore, it is necessary to introduce a mechanism for preventing falsification of information recorded in the electronic medical record. In addition, when constructing a telemedicine system in which a doctor and a patient are connected via a network, not only the electronic medical record provided by the doctor is prevented from being altered, but also the patient's biological information provided by the patient to the doctor. It is also necessary to prevent falsification of information (such as information measured by a medical device placed in the patient's home). In addition, since the patient's biological information is personal information, the realization of confidentiality that is not disclosed to anyone other than authorized persons is also required.

 なお、特許文献1,2には、患者の医療データが入力されたカルテデータの改ざんの防止を目的としたシステムに関する発明が開示されている。 Note that Patent Documents 1 and 2 disclose inventions related to systems for the purpose of preventing falsification of medical record data into which patient medical data has been input.

 特許文献1に記載のセキュリティ確保方法では、医療機関は、電子カルテの新規作成・カルテ内容の追加・変更・削除事項が発生すると、それを信頼機関に通信する。信頼機関は、通信してきた医療機関に対して日付のタイムスタンプを与える。その後、医療機関は、電子カルテのデータの新規作成・変更・追加・削除事項と、信頼機関から与えられたタイムスタンプとを含む電子カルテのデータを信頼機関へ送る。信頼機関は、当該タイムスタンプとデータとを蓄積した媒体に対して定期的に公証人から確定日付をもらい、封印して保管する。 In the security ensuring method described in Patent Document 1, when a medical institution creates a new electronic chart, adds, changes, or deletes a medical chart content, the medical institution communicates the information to a trust organization. The trusting organization gives a date time stamp to the medical institution that has communicated. Thereafter, the medical institution sends the electronic medical record data including new creation / change / addition / deletion items of the electronic medical record data and the time stamp given by the trusting organization to the trusting organization. The trust organization periodically obtains a fixed date from a notary for the medium storing the time stamp and data, and seals and stores it.

 特許文献2に記載の電子カルテ記録システムは、信頼性が不確かであるタイムスタンプを利用することなく、電子カルテの改ざんを抑止することを目的として成されたものである。この特許文献2に記載の電子カルテ記録システムは、ユーザ端末から送信されて電子カルテ受信メモリに記録された電子カルテが、保存用電子カルテデータベースに記録されている電子カルテの内容を含んでいるか否かを判定し、全てを含んでいると判定した場合のみ保存用電子カルテデータベースの電子カルテを上書きする。 The electronic medical record recording system described in Patent Document 2 is made for the purpose of suppressing falsification of the electronic medical record without using a time stamp whose reliability is uncertain. In the electronic medical record recording system described in Patent Document 2, the electronic medical record transmitted from the user terminal and recorded in the electronic medical record reception memory includes the contents of the electronic medical record recorded in the storage electronic medical record database. Only when it is determined that all are included, the electronic medical record in the storage electronic medical record database is overwritten.

 しかしながら、特許文献1,2には、電子カルテの改ざんを防止する仕組みは記載されているが、患者からネットワークを介して医療機関医師に提供される患者の生体情報の改ざんを防止する仕組みは記載されていない。また、個人情報である患者の生体情報が許可された者以外には開示されない秘匿性を実現するための仕組みも記載されていない。 However, Patent Documents 1 and 2 describe a mechanism for preventing falsification of an electronic medical record, but describe a mechanism for preventing falsification of patient biometric information provided from a patient to a medical institution doctor via a network. It has not been. In addition, there is no description of a mechanism for realizing confidentiality that is not disclosed to anyone other than those who are permitted to receive patient biometric information as personal information.

特開平10-320491号公報Japanese Patent Laid-Open No. 10-320491 特開2011-103055号公報JP 2011-103055 A

 本発明は、以上説明した実情に鑑みて成されたものであり、患者から医療機関に提供される患者の生体情報の真正性(改ざん不能性)と秘匿性とを実現できるようにすることを目的とする。 The present invention has been made in view of the circumstances described above, and is intended to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from a patient to a medical institution. Objective.

 上記した課題を解決するために、本発明の個人情報保護システムは、医療機関において使用する医療機関端末と、患者が使用する患者端末と、分散型ネットワークにより接続された複数のノード装置とを備え、医療機関端末において公開鍵および秘密鍵を生成し、一のノード装置に提供する。そして、公開鍵を複数のノード装置の全体で共有するための合意形成処理を行い、合意形成された場合にのみ、複数のノード装置に公開鍵を記憶させるようにする。また、患者端末が一のノード装置から公開鍵を取得し、当該取得した公開鍵によって、患者の生体情報または当該生体情報に付加される個人を特定可能な情報を暗号化し、これにより生成された暗号化生体情報を一のノード装置に提供する。そして、暗号化生体情報を複数のノード装置の全体で共有するための合意形成処理を行い、合意形成された場合にのみ、複数のノード装置に暗号化生体情報を記憶させるようにする。医療機関端末では、一のノード装置から暗号化生体情報を取得し、公開鍵と共に生成していた秘密鍵によって復号化するようにしている。 In order to solve the above-described problems, a personal information protection system of the present invention includes a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network. The public key and the secret key are generated at the medical institution terminal and provided to one node device. Then, a consensus formation process for sharing the public key among the plurality of node devices is performed, and the public keys are stored in the plurality of node devices only when the consensus is formed. In addition, the patient terminal obtains a public key from one node device, and the obtained public key encrypts patient biometric information or information that can identify an individual added to the biometric information, and is generated thereby Encrypted biometric information is provided to one node device. Then, a consensus building process for sharing the encrypted biometric information among the plurality of node devices is performed, and the encrypted biometric information is stored in the plurality of node devices only when the consensus is formed. In the medical institution terminal, the encrypted biometric information is acquired from one node device and decrypted with the secret key generated together with the public key.

 上記のように構成した本発明によれば、患者から医療機関に提供される患者の生体情報は、それ自体または当該生体情報に付加される個人を特定可能な情報が公開鍵によって暗号化されることにより、秘匿化される。秘匿化された生体情報は、秘密鍵を有している医療機関においてのみ復号化して利用することが可能である。 According to the present invention configured as described above, the patient biometric information provided from the patient to the medical institution is encrypted with the public key by itself or information that can identify an individual added to the biometric information. By doing so, it is concealed. The concealed biometric information can be decrypted and used only by a medical institution having a secret key.

 また、公開鍵は、複数のノード装置間で実行される合意形成処理により正当であることが検証された場合にのみ、各ノード装置に分散して記憶されるので、例えば、ノード装置に悪質なプログラムが仕掛けられることにより、公開鍵自体の改ざんが行われることを防ぐことができる。公開鍵の改ざんが抑止されるので、改ざんされた不正な公開鍵によって生体情報等が暗号化され、不正な秘密鍵により復号されて生体情報が改ざんされるといったことも抑止することができる。 Moreover, since the public key is distributed and stored in each node device only when it is verified that it is valid by the consensus building process executed between the plurality of node devices, for example, the public key is malicious to the node device. By setting the program, it is possible to prevent the public key itself from being falsified. Since the public key is prevented from being falsified, it is possible to prevent the biometric information and the like from being encrypted with the illegal public key that has been falsified and decrypted with the illegal private key.

 さらに、公開鍵によって暗号化された生体情報等も、複数のノード装置間で実行される合意形成処理により正当であることが検証された場合にのみ、各ノード装置に分散して記憶されるので、例えば、ノード装置に悪質なプログラムが仕掛けられることにより、暗号化された生体情報等の改ざんが行われることを防ぐことができる。 Furthermore, biometric information or the like encrypted with a public key is stored in a distributed manner in each node device only when it is verified that it is valid by a consensus building process executed between a plurality of node devices. For example, it is possible to prevent the encrypted biometric information from being tampered with by installing a malicious program on the node device.

 以上により、本発明によれば、患者から医療機関に提供される患者の生体情報の真正性(改ざん不能性)と秘匿性とを実現することが可能となる。 As described above, according to the present invention, it is possible to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from a patient to a medical institution.

第1の実施形態による個人情報保護システムの全体構成例を示す図である。It is a figure showing the example of whole composition of the personal information protection system by a 1st embodiment. 第1の実施形態による医療機関端末の機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the medical institution terminal by 1st Embodiment. 第1の実施形態による患者端末の機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the patient terminal by 1st Embodiment. 第1の実施形態によるノード装置の機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the node apparatus by 1st Embodiment. 医療機関端末からノード装置に公開鍵を送信して記憶させる際の動作例を示すフローチャートである。It is a flowchart which shows the operation example at the time of transmitting and memorize | storing a public key from a medical institution terminal to a node apparatus. 患者の生体情報を暗号化して患者端末からノード装置に送信して記憶させる際の動作例を示すフローチャートである。It is a flowchart which shows the operation example at the time of encrypting a patient's biometric information, transmitting and storing to a node apparatus from a patient terminal. 医療機関端末がノード装置から暗号化生体情報を取得して復号化する際の動作例を示すフローチャートである。It is a flowchart which shows the operation example at the time of a medical institution terminal acquiring encrypted biometric information from a node apparatus, and decoding. 第2の実施形態による個人情報保護システムの全体構成例を示す図である。It is a figure which shows the example of whole structure of the personal information protection system by 2nd Embodiment. 第2の実施形態による第1の医療機関端末の機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the 1st medical institution terminal by 2nd Embodiment. 第2の実施形態による第2の医療機関端末の機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the 2nd medical institution terminal by 2nd Embodiment. 第2の実施形態によるノード装置の機能構成例を示すブロック図である。It is a block diagram which shows the function structural example of the node apparatus by 2nd Embodiment.

(第1の実施形態)
 以下、本発明の第1の実施形態を図面に基づいて説明する。図1は、第1の実施形態による個人情報保護システムの全体構成例を示す図である。図1に示すように、第1の実施形態による個人情報保護システムは、医療機関において使用する医療機関端末100と、患者が使用する患者端末200と、分散型ネットワークにより接続された複数のノード装置300-1~300-3(以下、まとめてノード装置300と記すこともある)とを備えて構成されている。 (First embodiment)
DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, a first embodiment of the invention will be described with reference to the drawings. FIG. 1 is a diagram showing an example of the overall configuration of a personal information protection system according to the first embodiment. As shown in FIG. 1, the personal information protection system according to the first embodiment includes a medical institution terminal 100 used in a medical institution, a patient terminal 200 used by a patient, and a plurality of node devices connected by a distributed network. 300 -1 to 300 -3 (hereinafter sometimes collectively referred to as the node device 300).

 医療機関端末100とノード装置300との間は、インターネット等の通信ネットワークにより接続可能に構成されている。図1では、医療機関端末100がノード装置300-3に接続された状態を示しているが、医療機関端末100は分散型ネットワーク内にあるノード装置300-1~300-3の何れかと任意に接続することが可能である。 The medical institution terminal 100 and the node device 300 are configured to be connectable via a communication network such as the Internet. FIG. 1 shows a state where the medical institution terminal 100 is connected to the node device 300-3 . However, the medical institution terminal 100 is arbitrarily connected to any one of the node devices 300-1 to 300-3 in the distributed network. It is possible to connect.

 また、患者端末200とノード装置300との間も、インターネット等の通信ネットワークにより接続可能に構成されている。図1では、患者端末200がノード装置300-2に接続された状態を示しているが、患者端末200は分散型ネットワーク内にあるノード装置300-1~300-3の何れかと任意に接続することが可能である。 In addition, the patient terminal 200 and the node device 300 are configured to be connectable via a communication network such as the Internet. Although FIG. 1 shows a state in which the patient terminal 200 is connected to the node device 300-2 , the patient terminal 200 is arbitrarily connected to any one of the node devices 300-1 to 300-3 in the distributed network. It is possible.

 患者端末200は、患者の生体情報を入力可能な端末であり、例えばスマートフォン、パーソナルコンピュータ、タブレット等により構成される。生体情報は、例えば、患者の自宅に置かれた医療機器(図示せず)で測定される情報である。ここで、医療機器と患者端末200とを有線または無線で接続し、医療機器で測定された生体情報を患者端末200に送信することにより、患者端末200が生体情報を入力するようにすることが可能である。または、患者が患者端末200のタッチパネルやキーボード等の操作インタフェースを操作することにより、医療機器で測定された生体情報を患者端末200に入力するようにしてもよい。 The patient terminal 200 is a terminal capable of inputting patient's biological information, and is configured by, for example, a smartphone, a personal computer, a tablet or the like. The biometric information is information measured by a medical device (not shown) placed at the patient's home, for example. Here, the medical device and the patient terminal 200 are connected by wire or wirelessly, and the biological information measured by the medical device is transmitted to the patient terminal 200 so that the patient terminal 200 inputs the biological information. Is possible. Alternatively, the patient may input biological information measured by the medical device to the patient terminal 200 by operating an operation interface such as a touch panel or a keyboard of the patient terminal 200.

 なお、生体情報は、医療機器で測定される人間の生理に関する情報に限定されない。例えば、感覚や感性などの心理的側面に関する情報、反応や追従などの行動能力や日常生活行動に関する情報など、人間の心理や行動に関する情報であってもよい。これらの生体情報は、例えば、患者が患者端末200のタッチパネルやキーボード等の操作インタフェースを操作することによって入力することが可能である。あるいは、患者端末200にインストールされたアプリケーションプログラムを実行することによって、人間の心理や行動に関する情報をアプリケーションプログラムの機能として入力することも可能である。 Note that biological information is not limited to information related to human physiology measured by medical equipment. For example, information on human psychology and behavior such as information on psychological aspects such as sensation and sensitivity, behavioral ability such as reaction and follow-up, and information on daily life behavior may be used. Such biological information can be input by the patient operating an operation interface such as a touch panel or a keyboard of the patient terminal 200, for example. Alternatively, by executing an application program installed in the patient terminal 200, it is also possible to input information on human psychology and behavior as a function of the application program.

 分散型ネットワークにより接続された複数のノード装置300-1~300-3には、ブロックチェーン技術が導入されている。すなわち、後述するように、ブロックチェーン技術によって、公開鍵や生体情報などのデータが、複数のノード装置300-1~300-3において共有する態様で保存されている。なお、図示の簡略ため、図1では3つのノード装置300-1~300-3のみ示しているが、これ以上であってもよい。 A block chain technology is introduced into a plurality of node devices 300 -1 to 300 -3 connected by a distributed network. That is, as will be described later, data such as a public key and biometric information is stored in a manner shared by a plurality of node devices 300 -1 to 300 -3 by the block chain technology. For simplicity of illustration, only three node devices 300 -1 to 300 -3 are shown in FIG. 1, but more than this may be used.

 本実施形態の個人情報保護システムでは、医療機関端末100において公開鍵および秘密鍵を生成し、これを複数のノード装置300-1~300-3の中の一のノード装置に提供する。そして、公開鍵を複数のノード装置300-1~300-3の全体で共有するための合意形成処理を行い、合意形成された場合にのみ、複数のノード装置300-1~300-3に公開鍵を記憶させるようにする。 In the personal information protection system of this embodiment, the medical institution terminal 100 generates a public key and a secret key, and provides them to one of the node devices 300 -1 to 300 -3 . Then, a consensus process for sharing a public key across the plurality of node devices 300 -1 to 300 -3, only if it is consensus, published in a plurality of node devices 300 -1 to 300 -3 Remember the key.

 患者端末200では、複数のノード装置300-1~300-3の中の一のノード装置から公開鍵を取得し、当該取得した公開鍵によって、患者の生体情報または当該生体情報に付加される個人を特定可能な情報を暗号化する。そして、これにより生成された暗号化生体情報を複数のノード装置300-1~300-3の中の一のノード装置に提供する。患者の生体情報は個人情報に係るものであるため、その秘匿性を確保するために、生体情報を暗号化し、暗号化した生体情報をノード装置300に提供するようにしている。 In patient terminal 200, acquires a public key from a node device among the plurality of node devices 300 -1 to 300 -3, the public key the acquired individual being added to the biological information or the biometric information of the patient Encrypt information that can be specified. Then, the encrypted biometric information generated thereby is provided to one of the node devices 300 -1 to 300 -3 . Since the patient's biometric information is related to personal information, the biometric information is encrypted and the encrypted biometric information is provided to the node device 300 in order to ensure confidentiality.

 患者の生体情報を利用する医療機関では、その生体情報が誰のものであるかを把握する必要がある。そのため、患者端末200からノード装置300に提供される生体情報には、患者の個人を特定可能な情報(患者の氏名、性別、年齢、住所などの情報。以下、これを患者情報という)が付加される。患者情報も個人情報に係るものであるため、その秘匿性を確保するために、患者情報を暗号化するようにしてもよい。なお、生体情報およびこれに付加される患者情報の全体を暗号化するようにしてもよいし、生体情報のみ、または患者情報のみを暗号化するようにしてもよい。 In medical institutions that use patient biometric information, it is necessary to know who the biometric information belongs to. Therefore, the biometric information provided from the patient terminal 200 to the node device 300 is added with information that can identify the individual of the patient (information such as the patient's name, sex, age, address, etc., hereinafter referred to as patient information). Is done. Since the patient information is also related to the personal information, the patient information may be encrypted in order to ensure confidentiality. The biometric information and the entire patient information added thereto may be encrypted, or only the biometric information or only the patient information may be encrypted.

 暗号化生体情報が患者端末200から複数のノード装置300-1~300-3の中の一のノード装置に提供されると、当該暗号化生体情報を複数のノード装置300-1~300-3の全体で共有するための合意形成処理を行い、合意形成された場合にのみ、複数のノード装置300-1~300-3に暗号化生体情報を記憶させるようにする。 When the encrypted biometric information is provided from the patient terminal 200 to one of the node devices 300 -1 to 300 -3 , the encrypted biometric information is sent to the plurality of node devices 300 -1 to 300 -3. The consensus building process for sharing the whole is performed, and the encrypted biometric information is stored in the plurality of node devices 300 -1 to 300 -3 only when the consensus is formed.

 医療機関端末100では、複数のノード装置300-1~300-3の中の一のノード装置から暗号化生体情報を取得し、公開鍵と共に生成していた秘密鍵によって復号化する。秘密鍵は、これを公開鍵と共に生成した医療機関端末100においてのみ保持しているものである。これにより、個人情報に係る患者の生体情報は、秘密鍵を把握している特定の医療機関端末100においてのみ利用可能となる。 The medical institution terminal 100 acquires the encrypted biometric information from one of the plurality of node devices 300 -1 to 300 -3 and decrypts it with the secret key generated along with the public key. The private key is held only in the medical institution terminal 100 that has generated this together with the public key. Thereby, the patient biometric information related to the personal information can be used only in the specific medical institution terminal 100 that knows the secret key.

 次に、医療機関端末100、患者端末200およびノード装置300の具体的な構成について、順を追って説明する。図2は、第1の実施形態による医療機関端末100の機能構成例を示すブロック図である。図2に示すように、第1の実施形態による医療機関端末100は、その機能構成として、鍵生成部11、公開鍵提供部12、生体情報取得部13および復号処理部14を備えている。また、第1の実施形態による医療機関端末100は、記憶媒体として、鍵記憶部10を備えている。 Next, specific configurations of the medical institution terminal 100, the patient terminal 200, and the node device 300 will be described in order. FIG. 2 is a block diagram illustrating a functional configuration example of the medical institution terminal 100 according to the first embodiment. As illustrated in FIG. 2, the medical institution terminal 100 according to the first embodiment includes a key generation unit 11, a public key provision unit 12, a biometric information acquisition unit 13, and a decryption processing unit 14 as functional configurations. The medical institution terminal 100 according to the first embodiment includes a key storage unit 10 as a storage medium.

 上記各機能ブロック11~14は、ハードウェア、DSP(Digital Signal Processor)、ソフトウェアの何れによっても構成することが可能である。例えばソフトウェアによって構成する場合、上記各機能ブロック11~14は、実際にはコンピュータのCPU、RAM、ROMなどを備えて構成され、RAMやROM、ハードディスクまたは半導体メモリ等の記録媒体に記憶されたプログラムが動作することによって実現される。 The functional blocks 11 to 14 can be configured by any of hardware, DSP (Digital Signal Processor), and software. For example, when configured by software, each of the functional blocks 11 to 14 actually includes a CPU, RAM, ROM, etc. of a computer, and is stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.

 鍵生成部11は、公開鍵および秘密鍵を生成する。なお、鍵の生成には公知の技術を適用することが可能である。鍵生成部11により生成された公開鍵および秘密鍵(以下、これらをまとめて鍵情報という)は、鍵記憶部10に記憶される。 The key generation unit 11 generates a public key and a secret key. A known technique can be applied to the key generation. A public key and a secret key (hereinafter, collectively referred to as key information) generated by the key generation unit 11 are stored in the key storage unit 10.

 公開鍵提供部12は、鍵生成部11により生成された公開鍵を、複数のノード装置300-1~300-3のうち一のノード装置に提供する。どのノード装置に公開鍵を提供するかは任意である。ノード装置300に提供された公開鍵は、後述するコンセンサス処理を経て、複数のノード装置300-1~300-3にて分散保存される。そして、ノード装置300に保存された公開鍵が患者端末200にて取得され、公開鍵によって患者の生体情報が暗号化された後、それにより生成された暗号化生体情報が患者端末200からノード装置300に提供される。ノード装置300に提供された暗号化生体情報は、後述するコンセンサス処理を経て、複数のノード装置300-1~300-3にて分散保存される。 The public key providing unit 12 provides the public key generated by the key generating unit 11 to one node device among the plurality of node devices 300 -1 to 300 -3 . Which node device provides the public key is arbitrary. The public key provided to the node device 300 is distributed and stored in the plurality of node devices 300 -1 to 300 -3 through a consensus process described later. Then, after the public key stored in the node device 300 is acquired by the patient terminal 200 and the patient's biometric information is encrypted with the public key, the encrypted biometric information generated thereby is transferred from the patient terminal 200 to the node device. 300 is provided. The encrypted biometric information provided to the node device 300 is distributed and stored in the plurality of node devices 300 -1 to 300 -3 through a consensus process described later.

 生体情報取得部13は、複数のノード装置300-1~300-3のうち一のノード装置から暗号化生体情報を取得する。すなわち、生体情報取得部13は、一のノード装置に対して生体情報の取得要求を送信し、この要求に応じて一のノード装置から送信されてくる暗号化生体情報を取得する。 The biometric information acquisition unit 13 acquires encrypted biometric information from one node device among the plurality of node devices 300 -1 to 300 -3 . That is, the biometric information acquisition unit 13 transmits a biometric information acquisition request to one node device, and acquires the encrypted biometric information transmitted from the one node device in response to this request.

 復号処理部14は、生体情報取得部13により取得された暗号化生体情報を、鍵生成部11により生成されて鍵記憶部10に記憶された秘密鍵によって復号化する。本実施形態において、暗号化生体情報を復号化できるのは、鍵情報を生成した医療機関端末100だけである。これにより、特定の医療機関と、その医療機関の診療や治療等を受けている特定の患者との間のみで、秘匿性を担保した状態で患者の生体情報をやり取りすることができる。 The decryption processing unit 14 decrypts the encrypted biometric information acquired by the biometric information acquisition unit 13 with the secret key generated by the key generation unit 11 and stored in the key storage unit 10. In the present embodiment, only the medical institution terminal 100 that generated the key information can decrypt the encrypted biometric information. Thereby, a patient's biometric information can be exchanged in the state which ensured confidentiality only between a specific medical institution and the specific patient who is receiving medical treatment, treatment, etc. of the medical institution.

 図3は、第1の実施形態による患者端末200の機能構成例を示すブロック図である。図3に示すように、第1の実施形態による患者端末200は、その機能構成として、生体情報入力部21、公開鍵取得部22、暗号処理部23および生体情報提供部24を備えている。 FIG. 3 is a block diagram illustrating a functional configuration example of the patient terminal 200 according to the first embodiment. As shown in FIG. 3, the patient terminal 200 according to the first embodiment includes a biometric information input unit 21, a public key acquisition unit 22, an encryption processing unit 23, and a biometric information provision unit 24 as functional configurations.

 上記各機能ブロック21~24は、ハードウェア、DSP、ソフトウェアの何れによっても構成することが可能である。例えばソフトウェアによって構成する場合、上記各機能ブロック21~24は、実際にはコンピュータのCPU、RAM、ROMなどを備えて構成され、RAMやROM、ハードディスクまたは半導体メモリ等の記録媒体に記憶されたプログラムが動作することによって実現される。 The above functional blocks 21 to 24 can be configured by any of hardware, DSP, and software. For example, when configured by software, each of the functional blocks 21 to 24 is actually configured by including a CPU, RAM, ROM, and the like of a computer, and is stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.

 生体情報入力部21は、患者の生体情報を入力する。上述のように、生体情報は、患者の生理、心理、行動に関する情報の何れか1つまたは複数であり、例えば患者の自宅に置かれた医療機器(図示せず)で測定された情報を入力する。あるいは、患者端末200にインストールされたアプリケーションプログラムの実行を通じて、当該アプリケーションプログラムの機能として生体情報を入力する。このアプリケーションプログラムは、公開鍵取得部22、暗号処理部23および生体情報提供部24の機能を実行するプログラムと同じプログラムであってもよいし、別のプログラムであってもよい。 The biometric information input unit 21 inputs patient biometric information. As described above, the biological information is any one or more of information related to the patient's physiology, psychology, and behavior. For example, information measured by a medical device (not shown) placed in the patient's home is input. To do. Alternatively, biometric information is input as a function of the application program through execution of the application program installed in the patient terminal 200. This application program may be the same program as the program that executes the functions of the public key acquisition unit 22, the encryption processing unit 23, and the biometric information providing unit 24, or may be a different program.

 生体情報入力部21は、入力した生体情報に対して、患者の個人を特定可能な患者情報を付加する。付加する患者情報は、患者が患者端末200のタッチパネルやキーボード等の操作インタフェースを操作することにより、あらかじめ入力して記憶しておく。生体情報入力部21は、あらかじめ記憶されている患者情報を生体情報に付加する。なお、生体情報の入力時に合わせて、患者情報を都度入力するようにしてもよい。 The biometric information input unit 21 adds patient information that can identify an individual patient to the input biometric information. The patient information to be added is input and stored in advance by the patient operating an operation interface such as a touch panel or a keyboard of the patient terminal 200. The biometric information input unit 21 adds patient information stored in advance to the biometric information. Note that patient information may be input each time in accordance with the input of biometric information.

 公開鍵取得部22は、複数のノード装置300-1~300-3に記憶されている公開鍵を一のノード装置から取得する。すなわち、公開鍵取得部22は、一のノード装置に対して公開鍵の取得要求を送信し、この要求に応じて一のノード装置から送信されてくる公開鍵を取得する。 The public key acquisition unit 22 acquires public keys stored in the plurality of node devices 300 -1 to 300 -3 from one node device. That is, the public key acquisition unit 22 transmits a public key acquisition request to one node device, and acquires the public key transmitted from the one node device in response to this request.

 暗号処理部23は、公開鍵取得部22により取得された公開鍵によって、患者の生体情報および当該生体情報に付加される患者情報の少なくとも一方を暗号化することにより、暗号化生体情報を生成する。生体情報提供部24は、暗号処理部23により生成された暗号化生体情報を、複数のノード装置300-1~300-3のうち一のノード装置に提供する。 The encryption processing unit 23 generates encrypted biometric information by encrypting at least one of the patient biometric information and the patient information added to the biometric information with the public key acquired by the public key acquiring unit 22. . The biometric information providing unit 24 provides the encrypted biometric information generated by the encryption processing unit 23 to one node device among the plurality of node devices 300 -1 to 300 -3 .

 図4は、第1の実施形態によるノード装置300の機能構成例を示すブロック図である。なお、ここではノード装置300-1の機能構成例を示しているが、他のノード装置300-2~300-3も同様に構成されている。 FIG. 4 is a block diagram illustrating a functional configuration example of the node device 300 according to the first embodiment. Although here is shown an example of the functional configuration of the node device 300 -1, it is configured similarly other node devices 300 -2 to 300 -3.

 図4に示すように、第1の実施形態によるノード装置300-1は、その機能構成として、公開鍵受信部31、第1のコンセンサス処理部32、公開鍵記憶制御部33、生体情報受信部34、第2のコンセンサス処理部35、生体情報記憶制御部36、公開鍵送信部37および生体情報送信部38を備えている。また、第1の実施形態によるノード装置300-1は、記憶媒体として、データ記憶部30を備えている。 As shown in FIG. 4, the node device 300 -1 of the first embodiment, as a functional structure, the public key reception unit 31, the first consensus processing unit 32, a public key storage control unit 33, the biological information receiving unit 34, a second consensus processing unit 35, a biological information storage control unit 36, a public key transmission unit 37, and a biological information transmission unit 38. Also, the node device 300 -1 of the first embodiment, as the storage medium, and a data storage unit 30.

 上記各機能ブロック31~38は、ハードウェア、DSP、ソフトウェアの何れによっても構成することが可能である。例えばソフトウェアによって構成する場合、上記各機能ブロック31~38は、実際にはコンピュータのCPU、RAM、ROMなどを備えて構成され、RAMやROM、ハードディスクまたは半導体メモリ等の記録媒体に記憶されたプログラムが動作することによって実現される。 The functional blocks 31 to 38 can be configured by any of hardware, DSP, and software. For example, when configured by software, each of the functional blocks 31 to 38 is actually configured by including a CPU, RAM, ROM, etc. of a computer, and a program stored in a recording medium such as RAM, ROM, hard disk, or semiconductor memory. Is realized by operating.

 公開鍵受信部31は、医療機関端末100の公開鍵提供部12により提供された公開鍵を受信する。第1のコンセンサス処理部32は、医療機関端末100から提供された公開鍵(公開鍵受信部31により受信された公開鍵)を複数のノード装置300-1~300-3の全体で共有するための合意形成処理を行う。すなわち、ノード装置300-1の第1のコンセンサス処理部32は、公開鍵受信部31により受信された公開鍵を他のノード装置300-2~300-3に送信し、所定の合意形成処理を行う。 The public key receiving unit 31 receives the public key provided by the public key providing unit 12 of the medical institution terminal 100. The first consensus processing unit 32 shares the public key provided by the medical institution terminal 100 (the public key received by the public key receiving unit 31) among the plurality of node devices 300-1 to 300-3. The consensus building process is performed. That is, the first consensus processor 32 of the node device 300 -1 transmits the public key received by the public key receiver unit 31 to the other node devices 300 -2 to 300 -3, a predetermined consensus process Do.

 第1のコンセンサス処理部32が行う合意形成処理として、ブロックチェーン技術で公知のコンセンサスアルゴリズムを用いることが可能である。例えば、第1のコンセンサス処理部32は、PBFT(Practical Byzantine Fault Tolerance)のコンセンサスアルゴリズムを用いて合意形成処理を行うことにより、医療機関端末100から提供された公開鍵の正当性を検証する。 As the consensus building process performed by the first consensus processing unit 32, it is possible to use a consensus algorithm known in the blockchain technology. For example, the first consensus processing unit 32 verifies the validity of the public key provided from the medical institution terminal 100 by performing consensus building processing using a PBFT (Practical Byzantine Fault Tolerance) consensus algorithm.

 公開鍵記憶制御部33は、第1のコンセンサス処理部32により合意形成された場合にのみ、複数のノード装置300-2~300-3がそれぞれ備えるデータ記憶部30に公開鍵を記憶させる。これにより、複数のノード装置300-1~300-3において、合意形成された公開鍵が分散して保存される。 The public key storage control unit 33 stores the public key in the data storage unit 30 provided in each of the plurality of node devices 300 -2 to 300 -3 only when an agreement is formed by the first consensus processing unit 32. As a result, the consensus public keys are distributed and stored in the plurality of node devices 300 -1 to 300 -3 .

 生体情報受信部34は、患者端末200の生体情報提供部24により提供された暗号化生体情報を受信する。第2のコンセンサス処理部35は、患者端末200から提供された暗号化生体情報(生体情報受信部34により受信された暗号化生体情報)を複数のノード装置300-1~300-3の全体で共有するための合意形成処理を行う。この第2のコンセンサス処理部35が行う合意形成処理にも、ブロックチェーン技術で公知のコンセンサスアルゴリズムを用いることが可能である。 The biometric information receiving unit 34 receives the encrypted biometric information provided by the biometric information providing unit 24 of the patient terminal 200. The second consensus processing unit 35 transmits the encrypted biometric information (encrypted biometric information received by the biometric information receiving unit 34) provided from the patient terminal 200 to the plurality of node devices 300 -1 to 300 -3 as a whole. Perform consensus building process for sharing. A consensus algorithm known in blockchain technology can also be used for the consensus building process performed by the second consensus processing unit 35.

 生体情報記憶制御部36は、第2のコンセンサス処理部35により合意形成された場合にのみ、複数のノード装置300-1~300-3がそれぞれ備えるデータ記憶部30に暗号化生体情報を記憶させる。これにより、複数のノード装置300-1~300-3において、合意形成された暗号化生体情報が分散して保存される。 The biometric information storage control unit 36 stores the encrypted biometric information in the data storage unit 30 provided in each of the plurality of node devices 300 -1 to 300 -3 only when an agreement is formed by the second consensus processing unit 35. . As a result, the encrypted biometric information formed in agreement is distributed and stored in the plurality of node devices 300 -1 to 300 -3 .

 公開鍵送信部37は、患者端末200の公開鍵取得部22から送られてくる公開鍵の取得要求に応じて、データ記憶部30に記憶されている公開鍵を患者端末200に送信する。生体情報送信部38は、医療機関端末100の生体情報取得部13から送られてくる生体情報の取得要求に応じて、データ記憶部30に記憶されている暗号化生体情報を医療機関端末100に送信する。 The public key transmission unit 37 transmits the public key stored in the data storage unit 30 to the patient terminal 200 in response to the public key acquisition request sent from the public key acquisition unit 22 of the patient terminal 200. The biometric information transmission unit 38 sends the encrypted biometric information stored in the data storage unit 30 to the medical institution terminal 100 in response to the biometric information acquisition request sent from the biometric information acquisition unit 13 of the medical institution terminal 100. Send.

 次に、以上のように構成した第1の実施形態による個人情報保護システムの動作を説明する。図5は、医療機関端末100からノード装置300に公開鍵を送信して記憶させる際の動作例を示すフローチャートである。 Next, the operation of the personal information protection system according to the first embodiment configured as described above will be described. FIG. 5 is a flowchart illustrating an operation example when a public key is transmitted from the medical institution terminal 100 to the node device 300 and stored.

 まず、医療機関端末100の鍵生成部11が、公開鍵および秘密鍵を生成し(ステップS1)、生成した鍵情報を鍵記憶部10に記憶させる(ステップS2)。次いで、公開鍵提供部12が、鍵生成部11により生成された公開鍵を、複数のノード装置300-1~300-3のうち一のノード装置に提供する(ステップS3)。 First, the key generation unit 11 of the medical institution terminal 100 generates a public key and a secret key (step S1), and stores the generated key information in the key storage unit 10 (step S2). Next, the public key providing unit 12 provides the public key generated by the key generating unit 11 to one node device among the plurality of node devices 300 -1 to 300 -3 (step S3).

 一方、ノード装置300では、医療機関端末100から送信されてきた公開鍵を公開鍵受信部31が受信すると(ステップS11)、第1のコンセンサス処理部32が、当該受信された公開鍵を複数のノード装置300-1~300-3の全体で共有するための合意形成処理を行う(ステップS12)。 On the other hand, in the node device 300, when the public key receiving unit 31 receives the public key transmitted from the medical institution terminal 100 (step S11), the first consensus processing unit 32 uses the received public key as a plurality of public keys. Consensus building processing is performed for sharing among the node devices 300 -1 to 300 -3 (step S12).

 次いで、公開鍵記憶制御部33は、第1のコンセンサス処理部32による合意形成が成功したか否かを判定し(ステップS13)、合意形成された場合にのみ、複数のノード装置300-1~300-3がそれぞれ備えるデータ記憶部30に公開鍵を記憶させる(ステップS14)。これにより、図5に示すフローチャートの処理が終了する。 Next, the public key storage control unit 33 determines whether or not the consensus formation by the first consensus processing unit 32 is successful (step S13), and only when the consensus is formed, the plurality of node devices 300 −1 to 300 -3 stores the public key in the data storage unit 30 with each (step S14). Thereby, the process of the flowchart shown in FIG. 5 is completed.

 図6は、患者の生体情報を暗号化して患者端末200からノード装置300に送信して記憶させる際の動作例を示すフローチャートである。まず、患者端末200の公開鍵取得部22は、公開鍵の取得要求をノード装置300に送信する(ステップS21)。ノード装置300の公開鍵送信部37は、公開鍵の取得要求を患者端末200から受信すると(ステップS31)、データ記憶部30に保存されている公開鍵を患者端末200に送信する(ステップS32)。これに応じて、公開鍵取得部22は、ノード装置300から送信されてきた公開鍵を取得する(ステップS22)。 FIG. 6 is a flowchart showing an operation example when the patient biometric information is encrypted, transmitted from the patient terminal 200 to the node device 300, and stored. First, the public key acquisition unit 22 of the patient terminal 200 transmits a public key acquisition request to the node device 300 (step S21). When receiving the public key acquisition request from the patient terminal 200 (step S31), the public key transmission unit 37 of the node device 300 transmits the public key stored in the data storage unit 30 to the patient terminal 200 (step S32). . In response to this, the public key acquisition unit 22 acquires the public key transmitted from the node device 300 (step S22).

 また、生体情報入力部21は、患者の生体情報を入力する(ステップS23)。そして、暗号処理部23は、公開鍵取得部22により取得された公開鍵によって、患者の生体情報および患者情報の少なくとも一方を暗号化することにより、暗号化生体情報を生成する(ステップS24)。生体情報提供部24は、暗号処理部23により生成された暗号化生体情報を、複数のノード装置300-1~300-3のうち一のノード装置に提供する(ステップS25)。 The biometric information input unit 21 inputs the biometric information of the patient (Step S23). And the encryption process part 23 produces | generates encryption biometric information by encrypting at least one of a patient's biometric information and patient information with the public key acquired by the public key acquisition part 22 (step S24). The biometric information providing unit 24 provides the encrypted biometric information generated by the cryptographic processing unit 23 to one of the node devices 300 -1 to 300 -3 (Step S25).

 なお、ステップS21,S22,S31,S32による公開鍵の取得と、ステップS23による生体情報の入力は、処理の順番を逆としてもよい。また、患者が生体情報を繰り返しノード装置300に提供するような場合において、既に公開鍵を取得済みである場合には、ステップS21,S22,S31,S32による公開鍵の取得を省略することが可能である。 The public key acquisition in steps S21, S22, S31, and S32 and the biometric information input in step S23 may be performed in the reverse order. Further, in the case where the patient repeatedly provides biometric information to the node device 300, if the public key has already been acquired, the acquisition of the public key in steps S21, S22, S31, and S32 can be omitted. It is.

 ノード装置300では、患者端末200から送信された暗号化生体情報を生体情報受信部34において受信すると(ステップS33)、第2のコンセンサス処理部35が、当該受信した暗号化生体情報を複数のノード装置300-1~300-3の全体で共有するための合意形成処理を行う(ステップS34)。 In the node device 300, when the encrypted biometric information transmitted from the patient terminal 200 is received by the biometric information receiving unit 34 (step S33), the second consensus processing unit 35 transmits the received encrypted biometric information to a plurality of nodes. A consensus building process is performed for sharing among the devices 300 -1 to 300 -3 (step S34).

 次いで、生体情報記憶制御部36は、第2のコンセンサス処理部35による合意形成が成功したか否かを判定し(ステップS35)、合意形成された場合にのみ、複数のノード装置300-1~300-3がそれぞれ備えるデータ記憶部30に暗号化生体情報を記憶させる(ステップS36)。これにより、図6に示すフローチャートの処理が終了する。 Next, the biological information storage control unit 36 determines whether or not the consensus formation by the second consensus processing unit 35 is successful (step S35), and only when the consensus is formed, the plurality of node devices 300 −1 to 300 -3 stores the encrypted biometric information in the data storage unit 30 with each (step S36). Thereby, the process of the flowchart shown in FIG. 6 is completed.

 図7は、医療機関端末100がノード装置300から暗号化生体情報を取得して復号化する際の動作例を示すフローチャートである。まず、医療機関端末100の生体情報取得部13は、生体情報の取得要求をノード装置300に送信する(ステップS41)。ノード装置300の生体情報送信部38は、生体情報の取得要求を医療機関端末100から受信すると(ステップS51)、データ記憶部30に保存されている暗号化生体情報を医療機関端末100に送信する(ステップS52)。これに応じて、生体情報取得部13は、ノード装置300から送信されてきた暗号化生体情報を取得する(ステップS42)。 FIG. 7 is a flowchart showing an operation example when the medical institution terminal 100 acquires the encrypted biometric information from the node device 300 and decrypts it. First, the biometric information acquisition unit 13 of the medical institution terminal 100 transmits a biometric information acquisition request to the node device 300 (step S41). When receiving the biometric information acquisition request from the medical institution terminal 100 (step S51), the biometric information transmitting unit 38 of the node device 300 transmits the encrypted biometric information stored in the data storage unit 30 to the medical institution terminal 100. (Step S52). In response to this, the biometric information acquisition unit 13 acquires the encrypted biometric information transmitted from the node device 300 (step S42).

 次いで、復号処理部14は、鍵記憶部10に記憶されている秘密鍵を取得し(ステップS43)、生体情報取得部13により取得された暗号化生体情報を当該秘密鍵によって復号化する(ステップS44)。これにより、図7に示すフローチャートの処理が終了する。 Next, the decryption processing unit 14 acquires the secret key stored in the key storage unit 10 (step S43), and decrypts the encrypted biometric information acquired by the biometric information acquisition unit 13 using the secret key (step S43). S44). Thereby, the process of the flowchart shown in FIG. 7 is completed.

 以上詳しく説明したように、第1の実施形態によれば、患者端末200から医療機関端末100に提供される患者の生体情報は、それ自体または当該生体情報に付加される患者情報が公開鍵によって暗号化されることにより、秘匿化される。秘匿化された生体情報は、秘密鍵を生成した医療機関においてのみ復号化して利用することが可能である。 As described above in detail, according to the first embodiment, the patient biometric information provided from the patient terminal 200 to the medical institution terminal 100 is either itself or patient information added to the biometric information by a public key. It is concealed by being encrypted. The concealed biometric information can be decrypted and used only by the medical institution that generated the secret key.

 また、公開鍵は、複数のノード装置300間で実行される合意形成処理により正当であることが検証された場合にのみ、各ノード装置300に分散して記憶されるので、例えば、ノード装置300に悪質なプログラムが仕掛けられることにより、公開鍵自体の改ざんが行われることを防ぐことができる。公開鍵の改ざんが抑止されるので、改ざんされた不正な公開鍵によって生体情報等が暗号化され、不正な秘密鍵により復号されて生体情報が改ざんされるといったことも抑止することができる。 In addition, since the public key is distributed and stored in each node device 300 only when it is verified that the public key is valid by the consensus building process executed between the plurality of node devices 300, for example, the node device 300 It is possible to prevent the public key itself from being falsified by setting a malicious program on the computer. Since the public key is prevented from being falsified, it is possible to prevent the biometric information and the like from being encrypted with the illegal public key that has been falsified and decrypted with the illegal private key.

 さらに、公開鍵によって暗号化された生体情報等も、複数のノード装置300間で実行される合意形成処理により正当であることが検証された場合にのみ、各ノード装置300に分散して記憶されるので、例えば、ノード装置300に悪質なプログラムが仕掛けられることにより、暗号化された生体情報等の改ざんが行われることを防ぐことができる。 Furthermore, biometric information or the like encrypted with the public key is distributed and stored in each node device 300 only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300. Therefore, for example, it is possible to prevent the encrypted biometric information from being falsified by setting a malicious program on the node device 300.

 以上により、第1の実施形態によれば、患者端末200から医療機関端末100に提供される患者の生体情報の真正性(改ざん不能性)と秘匿性とを実現することができる。 As described above, according to the first embodiment, it is possible to realize the authenticity (impossibility of falsification) and confidentiality of patient biometric information provided from the patient terminal 200 to the medical institution terminal 100.

(第2の実施形態)
 次に、本発明の第2の実施形態を図面に基づいて説明する。図8は、第2の実施形態による個人情報保護システムの全体構成例を示す図である。なお、この図8において、図1に示した符号と同一の符号を付したものは同一の機能を有するものであるので、ここでは重複する説明を省略する。 (Second Embodiment)
Next, a second embodiment of the present invention will be described with reference to the drawings. FIG. 8 is a diagram showing an example of the overall configuration of the personal information protection system according to the second embodiment. In FIG. 8, the same reference numerals as those shown in FIG. 1 have the same functions, and therefore redundant description is omitted here.

 図8に示すように、第2の実施形態による個人情報保護システムは、2つの医療機関において使用する端末として、2つの医療機関端末100A,100Bを備えている。第1の医療機関端末100Aとノード装置300’との間および第2の医療機関端末100Bとノード装置300’との間は、それぞれインターネット等の通信ネットワークにより接続可能に構成されている。 As shown in FIG. 8, the personal information protection system according to the second embodiment includes two medical institution terminals 100A and 100B as terminals used in two medical institutions. The first medical institution terminal 100A and the node device 300 'and the second medical institution terminal 100B and the node device 300' can be connected by a communication network such as the Internet.

 なお、図8では、第1の医療機関端末100Aがノード装置300-3’に接続され、第2の医療機関端末100Bがノード装置300-1’に接続された状態を示しているが、医療機関端末100A,100Bは何れも分散型ネットワーク内にあるノード装置300-1’~300-3’の何れかと任意に接続することが可能である。 FIG. 8 shows a state in which the first medical institution terminal 100A is connected to the node device 300-3 ′ and the second medical institution terminal 100B is connected to the node device 300-1 ′. The engine terminals 100A and 100B can be arbitrarily connected to any one of the node devices 300-1 'to 300-3 ' in the distributed network.

 図9は、第2の実施形態による第1の医療機関端末100Aの機能構成例を示すブロック図である。なお、この図9において、図2に示した符号と同一の符号を付したものは同一の機能を有するものであるので、ここでは重複する説明を省略する。 FIG. 9 is a block diagram illustrating a functional configuration example of the first medical institution terminal 100A according to the second embodiment. In FIG. 9, components having the same reference numerals as those shown in FIG. 2 have the same functions, and thus redundant description is omitted here.

 図9に示すように、第1の医療機関端末100Aは、その機能構成として、カルテ情報入力部15、カルテ暗号処理部16およびカルテ情報提供部17を更に備えている。これらの機能ブロック15~17も、ハードウェア、DSP、ソフトウェアの何れによっても構成することが可能である。 As shown in FIG. 9, the first medical institution terminal 100A further includes a chart information input unit 15, a chart encryption processing unit 16, and a chart information providing unit 17 as its functional configuration. These functional blocks 15 to 17 can also be configured by any of hardware, DSP, and software.

 カルテ情報入力部15は、患者のカルテ情報を入力する。カルテ情報は、患者の診療や治療等に関する種々の情報を記録したものであり、患者の担当医師が診療や治療等を行う都度、必要な情報を書き込んで保存したものである。作成されたカルテ情報は、担当医師が使用するローカル端末または病院内ネットワークの共有サーバ等に保存される。カルテ情報入力部15は、ローカル端末または共有サーバ等に保存されているカルテ情報を入力する。 The chart information input unit 15 inputs patient chart information. The medical record information is a record of various information related to the medical treatment and treatment of the patient, and is written and stored as necessary information every time the doctor in charge of the patient performs the medical treatment and treatment. The created chart information is stored in a local terminal used by the doctor in charge or a shared server in the hospital network. The chart information input unit 15 inputs chart information stored in a local terminal or a shared server.

 カルテ暗号処理部16は、鍵生成部11により生成されて鍵記憶部10に記憶された公開鍵によって、カルテ情報入力部15により入力されたカルテ情報を暗号化することにより、暗号化カルテ情報を生成する。なお、カルテ情報の暗号化は、カルテ情報の全体に対して行ってもよいし、カルテ情報内に含まれる患者情報の部分に対してのみ行ってもよい。 The medical record encryption processing unit 16 encrypts the medical record information input by the medical record information input unit 15 with the public key generated by the key generation unit 11 and stored in the key storage unit 10, thereby obtaining the encrypted medical record information. Generate. Note that the encryption of the chart information may be performed on the entire chart information or only on the part of the patient information included in the chart information.

 カルテ情報提供部17は、カルテ暗号処理部16により生成された暗号化カルテ情報を、複数のノード装置のうち一のノード装置300-1~300-3に提供する。 The chart information providing unit 17 provides the encrypted chart information generated by the chart encryption processing unit 16 to one of the node devices 300 -1 to 300 -3 among the plurality of node devices.

 図10は、第2の実施形態による第2の医療機関端末100Bの機能構成例を示すブロック図である。図10に示すように、第2の医療機関端末100Bは、その機能構成として、カルテ情報取得部41、カルテ復号処理部42および秘密鍵取得部43を備えている。また、第2の医療機関端末100Bは、記憶媒体として、秘密鍵記憶部40を備えている。これらの機能ブロック41~43も、ハードウェア、DSP、ソフトウェアの何れによっても構成することが可能である。 FIG. 10 is a block diagram illustrating a functional configuration example of the second medical institution terminal 100B according to the second embodiment. As shown in FIG. 10, the second medical institution terminal 100 </ b> B includes a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43 as its functional configuration. Further, the second medical institution terminal 100B includes a secret key storage unit 40 as a storage medium. These functional blocks 41 to 43 can also be configured by any of hardware, DSP, and software.

 カルテ情報取得部41は、複数のノード装置300-1’~300-3’のうち一のノード装置から暗号化カルテ情報を取得する。すなわち、カルテ情報取得部41は、一のノード装置に対してカルテ情報の取得要求を送信し、この要求に応じて一のノード装置から送信されてくる暗号化カルテ情報を取得する。 The medical chart information acquisition unit 41 acquires encrypted medical chart information from one of the plurality of node devices 300 -1 ′ to 300 -3 ′. That is, the chart information acquisition unit 41 transmits a chart information acquisition request to one node apparatus, and acquires encrypted chart information transmitted from the one node apparatus in response to this request.

 秘密鍵取得部43は、第1の医療機関端末100Aにて生成された秘密鍵を、ノード装置300’を経由しない別の安全なルートを介して取得する。例えば、第1の医療機関端末100Aと第2の医療機関端末100Bとの間に設定したVPN(Virtual Private Network)または専用線を介して、秘密鍵取得部43が第1の医療機関端末100Aから秘密鍵を取得するようにすることが可能である。または、秘密鍵を紙媒体または情報記憶媒体に出力したものを郵送するようにしてもよい。 The secret key acquisition unit 43 acquires the secret key generated by the first medical institution terminal 100A via another secure route that does not pass through the node device 300 '. For example, the secret key acquisition unit 43 is connected from the first medical institution terminal 100A via a VPN (Virtual Private Network) or a dedicated line set between the first medical institution terminal 100A and the second medical institution terminal 100B. It is possible to obtain a secret key. Or you may make it mail the thing which output the secret key to the paper medium or the information storage medium.

 別の方法として、以下のようにしてもよい。すなわち、第2の医療機関端末100Bにて別の公開鍵と別の秘密鍵との組を生成し、別の公開鍵を公開する。そして、第1の医療機関端末100Aで生成した秘密鍵を、第2の医療機関端末100Bで生成された別の公開鍵で暗号化し、暗号化した秘密鍵を第1の医療機関端末100Aから第2の医療機関端末100Bに送信する。秘密鍵取得部43は、第1の医療機関端末100Aから取得した秘密鍵を別の秘密鍵で復号化し、秘密鍵記憶部40に記憶させる。 Another method may be as follows. That is, the second medical institution terminal 100B generates a set of another public key and another secret key, and discloses another public key. Then, the secret key generated by the first medical institution terminal 100A is encrypted with another public key generated by the second medical institution terminal 100B, and the encrypted secret key is transferred from the first medical institution terminal 100A to the first key. To the second medical institution terminal 100B. The secret key acquisition unit 43 decrypts the secret key acquired from the first medical institution terminal 100 </ b> A with another secret key and stores it in the secret key storage unit 40.

 カルテ復号処理部42は、カルテ情報取得部41により取得された暗号化カルテ情報を、秘密鍵記憶部40に記憶された秘密鍵によって復号化する。本実施形態において、暗号化カルテ情報を復号化できるのは、秘密鍵を生成した第1の医療機関端末100Aから安全なルートで秘密鍵を取得した第2の医療機関端末100Bだけである。 The chart decryption processing unit 42 decrypts the encrypted chart information acquired by the chart information acquisition unit 41 with the secret key stored in the secret key storage unit 40. In the present embodiment, the encrypted medical record information can be decrypted only by the second medical institution terminal 100B that has acquired the secret key by a secure route from the first medical institution terminal 100A that has generated the secret key.

 図11は、第2の実施形態によるノード装置300’の機能構成例を示すブロック図である。なお、ここではノード装置300-1’の機能構成例を示しているが、他のノード装置300-2’~300-3’も同様に構成されている。 FIG. 11 is a block diagram illustrating a functional configuration example of the node device 300 ′ according to the second embodiment. Incidentally, 'it is shown an example of the functional configuration of the other nodes 300 - 2' where the node device 300 -1 to 300 -3 'are similarly constructed.

 図11に示すように、第2の実施形態によるノード装置300-1’は、その機能構成として、カルテ情報受信部51、第3のコンセンサス処理部52、カルテ情報記憶制御部53およびカルテ情報送信部54を更に備えている。これらの機能ブロック51~54も、ハードウェア、DSP、ソフトウェアの何れによっても構成することが可能である。 As illustrated in FIG. 11, the node device 300 -1 ′ according to the second embodiment includes, as its functional configuration, a chart information receiving unit 51, a third consensus processing unit 52, a chart information storage control unit 53, and a chart information transmission. A portion 54 is further provided. These functional blocks 51 to 54 can also be configured by any of hardware, DSP, and software.

 カルテ情報受信部51は、第1の医療機関端末100Aのカルテ情報提供部17により提供された暗号化カルテ情報を受信する。第3のコンセンサス処理部52は、第1の医療機関端末100Aから提供された暗号化カルテ情報(カルテ情報受信部51により受信された暗号化カルテ情報)を複数のノード装置300-1’~300-3’の全体で共有するための合意形成処理を行う。この第3のコンセンサス処理部52が行う合意形成処理にも、ブロックチェーン技術で公知のコンセンサスアルゴリズムを用いることが可能である。 The chart information receiving unit 51 receives the encrypted chart information provided by the chart information providing unit 17 of the first medical institution terminal 100A. The third consensus processing unit 52 uses the encrypted medical record information (the encrypted medical record information received by the medical record information receiving unit 51) provided from the first medical institution terminal 100A as a plurality of node devices 300 -1 ′ to 300. -3 'Consensus building process to share with the whole. A consensus algorithm known in block chain technology can also be used for the consensus building process performed by the third consensus processing unit 52.

 カルテ情報記憶制御部53は、第3のコンセンサス処理部52により合意形成された場合にのみ、複数のノード装置300-1’~300-3’がそれぞれ備えるデータ記憶部30に暗号化カルテ情報を記憶させる。これにより、複数のノード装置300-1’~300-3’において、合意形成された暗号化カルテ情報が分散して保存される。 The medical record information storage control unit 53 stores the encrypted medical record information in the data storage unit 30 provided in each of the plurality of node devices 300 -1 ′ to 300 -3 ′ only when an agreement is formed by the third consensus processing unit 52. Remember me. As a result, consensus-formed encrypted medical record information is distributed and stored in the plurality of node devices 300 -1 ′ to 300 -3 ′.

 カルテ情報送信部54は、第2の医療機関端末100Bのカルテ情報取得部41から送られてくるカルテ情報の取得要求に応じて、データ記憶部30に記憶されている暗号化カルテ情報を第2の医療機関端末100Bに送信する。 The medical record information transmission unit 54 receives the encrypted medical record information stored in the data storage unit 30 in response to the medical record information acquisition request sent from the medical record information acquisition unit 41 of the second medical institution terminal 100B. To the medical institution terminal 100B.

 以上のように構成した第2の実施形態によれば、第1の医療機関端末100Aと第2の医療機関端末100Bとの間で、患者のカルテ情報の真正性(改ざん不能性)と秘匿性とを担保しながら、カルテ情報の共有を実現することができる。 According to the second embodiment configured as described above, between the first medical institution terminal 100A and the second medical institution terminal 100B, the authenticity (impossibility of falsification) and confidentiality of patient chart information. It is possible to share medical chart information while ensuring the above.

 すなわち、第1の医療機関端末100Aから第2の医療機関端末100Bに提供される患者のカルテ情報は、その全体または患者情報の部分が公開鍵によって暗号化されることにより、秘匿化される。秘匿化されたカルテ情報は、第1の医療機関から秘密鍵を取得した第2の医療機関においてのみ復号化して利用することが可能である。 That is, the patient chart information provided from the first medical institution terminal 100A to the second medical institution terminal 100B is concealed by encrypting the whole or part of the patient information with the public key. The confidential medical record information can be decrypted and used only by the second medical institution that has obtained the secret key from the first medical institution.

 また、公開鍵は、複数のノード装置300’間で実行される合意形成処理により正当であることが検証された場合にのみ、各ノード装置300’に分散して記憶されるので、例えば、ノード装置300’に悪質なプログラムが仕掛けられることにより、公開鍵自体の改ざんが行われることを防ぐことができる。公開鍵の改ざんが抑止されるので、改ざんされた不正な公開鍵によってカルテ情報等が暗号化され、不正な秘密鍵により復号されてカルテ情報が改ざんされるといったことも抑止することができる。 Also, since the public key is distributed and stored in each node device 300 ′ only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300 ′, for example, the node By setting a malicious program on the device 300 ′, it is possible to prevent the public key itself from being falsified. Since falsification of the public key is suppressed, it is possible to prevent the chart information and the like from being encrypted by the illegal public key that has been falsified and decrypted by the illegal secret key.

 さらに、公開鍵によって暗号化されたカルテ情報等も、複数のノード装置300’間で実行される合意形成処理により正当であることが検証された場合にのみ、各ノード装置300’に分散して記憶されるので、例えば、ノード装置300’に悪質なプログラムが仕掛けられることにより、暗号化されたカルテ情報等の改ざんが行われることを防ぐことができる。 Furthermore, the medical record information encrypted with the public key is also distributed to each node device 300 ′ only when it is verified that it is valid by the consensus building process executed between the plurality of node devices 300 ′. Since it is stored, for example, it is possible to prevent the encrypted medical record information from being falsified by installing a malicious program on the node device 300 ′.

 以上により、第2の実施形態によれば、第1の医療機関端末100Aから第2の医療機関端末100Bに提供されて共有される患者のカルテ情報の真正性(改ざん不能性)と秘匿性とを実現することができる。 As described above, according to the second embodiment, the authenticity (impossibility of falsification) and confidentiality of patient chart information provided and shared from the first medical institution terminal 100A to the second medical institution terminal 100B. Can be realized.

 なお、ここでは、第1の医療機関端末100Aにて暗号化されたカルテ情報を第2の医療機関端末100Bに提供する例を説明したが、これに限定されない。例えば、第2の医療機関端末100Bが生体情報取得部13および復号処理部14を更に備えることにより、患者端末200にて暗号化された生体情報を第2の医療機関端末100Bに提供することができるようにしてもよい。 In addition, although the example which provides the 2nd medical institution terminal 100B with the medical chart information encrypted with the 1st medical institution terminal 100A was demonstrated here, it is not limited to this. For example, the second medical institution terminal 100B further includes the biometric information acquisition unit 13 and the decryption processing unit 14, thereby providing the second medical institution terminal 100B with the biometric information encrypted by the patient terminal 200. You may be able to do it.

 また、上記第2の実施形態において、第2の医療機関端末100Bは、図10に示した構成に加えて、鍵記憶部10、鍵生成部11、公開鍵提供部12、生体情報取得部13、復号処理部14、カルテ情報入力部15、カルテ暗号処理部16およびカルテ情報提供部17を備えてもよい。また、第1の医療機関端末100Aは、図9に示した構成に加えて、秘密鍵記憶部40、カルテ情報取得部41、カルテ復号処理部42および秘密鍵取得部43を備えてもよい。 In the second embodiment, the second medical institution terminal 100B includes a key storage unit 10, a key generation unit 11, a public key provision unit 12, and a biometric information acquisition unit 13 in addition to the configuration shown in FIG. A decryption processing unit 14, a chart information input unit 15, a chart encryption processing unit 16, and a chart information providing unit 17 may be provided. The first medical institution terminal 100A may include a secret key storage unit 40, a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43 in addition to the configuration illustrated in FIG.

 また、上記第2の実施形態において、秘密鍵記憶部40、カルテ情報取得部41、カルテ復号処理部42および秘密鍵取得部43を患者端末200が更に備えるようにしてもよい。このようにすれば、第1の医療機関端末100Aと患者端末200との間で、患者のカルテ情報の真正性(改ざん不能性)と秘匿性とを担保しながら、カルテ情報の共有を実現することができる。 In the second embodiment, the patient terminal 200 may further include a secret key storage unit 40, a chart information acquisition unit 41, a chart decryption processing unit 42, and a secret key acquisition unit 43. In this way, sharing of medical chart information is realized between the first medical institution terminal 100A and the patient terminal 200 while ensuring the authenticity (impossibility of falsification) and confidentiality of the patient's medical chart information. be able to.

 この場合、第1の医療機関端末100Aにおいて作成されたカルテ情報を、同じく第1の医療機関端末100Aにおいて生成した公開鍵によって暗号化するとともに、第1の医療機関端末100Aに生成した秘密鍵を安全なルートで第1の医療機関端末100Aから患者端末200に提供することになる。これに対し、以下のように構成してもよい。 In this case, the medical record information created in the first medical institution terminal 100A is encrypted with the public key generated in the first medical institution terminal 100A, and the secret key generated in the first medical institution terminal 100A is used. The first medical institution terminal 100A provides the patient terminal 200 with a safe route. On the other hand, you may comprise as follows.

 すなわち、患者端末200にて第2の公開鍵と第2の秘密鍵との組を生成し、第2の公開鍵をノード装置300’に提供する。ノード装置300’では、第2の公開鍵についてコンセンサス処理を行い、合意形成された場合にのみ第2の公開鍵を分散保存する。そして、第1の医療機関端末100Aにおいて作成されたカルテ情報を、第1の医療機関端末100Aがノード装置300’から取得した第2の公開鍵で暗号化し、暗号化カルテ情報を第1の医療機関端末100Aからノード装置300’に提供する。ノード装置300’では、暗号化カルテ情報についてコンセンサス処理を行い、合意形成された場合にのみ当該暗号化カルテ情報を分散保存する。患者端末200では、暗号化カルテ情報をノード装置300’から取得し、第2の公開鍵と共に生成しておいた第2の秘密鍵で復号化する。 That is, the patient terminal 200 generates a set of the second public key and the second secret key, and provides the second public key to the node device 300 ′. The node device 300 ′ performs consensus processing on the second public key, and distributes and stores the second public key only when an agreement is formed. Then, the medical record information created in the first medical institution terminal 100A is encrypted with the second public key acquired from the node device 300 ′ by the first medical institution terminal 100A, and the encrypted medical record information is converted into the first medical institution information. Provided from the engine terminal 100A to the node device 300 ′. The node device 300 ′ performs consensus processing on the encrypted medical record information, and distributes and stores the encrypted medical record information only when an agreement is formed. The patient terminal 200 obtains the encrypted medical record information from the node device 300 ′ and decrypts it with the second secret key generated together with the second public key.

 この場合における個人情報保護システムは、医療機関において使用する医療機関端末と、患者が使用する患者端末と、分散型ネットワークにより接続された複数のノード装置とを備えた個人情報保護システムであって、具体的には以下のように構成される。 The personal information protection system in this case is a personal information protection system comprising a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network, Specifically, it is configured as follows.

 患者端末は、
 第2の公開鍵および第2の秘密鍵を生成する第2の鍵生成部と、
 上記第2の鍵生成部により生成された上記第2の公開鍵を、上記複数のノード装置のうち一のノード装置に提供する第2の公開鍵提供部と、
 上記複数のノード装置のうち一のノード装置から暗号化カルテ情報を取得するカルテ情報取得部と、
 上記カルテ情報取得部により取得された上記暗号化カルテ情報を、上記第2の鍵生成部により生成された上記第2の秘密鍵によって復号化する第2の復号処理部とを備える。 The patient terminal
A second key generation unit for generating a second public key and a second secret key;
A second public key providing unit that provides the second public key generated by the second key generating unit to one node device among the plurality of node devices;
A chart information acquisition unit that acquires encrypted chart information from one of the plurality of node apparatuses;
A second decryption processing unit that decrypts the encrypted medical record information acquired by the medical record information acquisition unit with the second secret key generated by the second key generation unit.

 また、複数のノード装置は、
 上記患者端末から提供された上記第2の公開鍵を上記複数のノード装置の全体で共有するための合意形成処理を行う第4のコンセンサス処理部と、
 上記第4のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備える上記データ記憶部に上記第2の公開鍵を記憶させる第2の公開鍵記憶制御部と、
 上記医療機関端末から提供された上記暗号化カルテ情報を上記複数のノード装置の全体で共有するための合意形成処理を行う第5のコンセンサス処理部と、
 上記第5のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備える上記データ記憶部に上記暗号化カルテ情報を記憶させるカルテ情報記憶制御部とを備える。 In addition, the plurality of node devices
A fourth consensus processing unit that performs consensus building processing for sharing the second public key provided from the patient terminal with the whole of the plurality of node devices;
A second public key storage control unit that stores the second public key in the data storage unit included in each of the plurality of node devices only when an agreement is formed by the fourth consensus processing unit;
A fifth consensus processing unit for performing consensus formation processing for sharing the encrypted medical record information provided from the medical institution terminal with the plurality of node devices as a whole;
Only when an agreement is formed by the fifth consensus processing unit, a medical record information storage control unit that stores the encrypted medical record information in the data storage unit provided in each of the plurality of node devices.

 また、医療機関端末は、
 上記複数のノード装置に記憶されている上記第2の公開鍵を一のノード装置から取得する第2の公開鍵取得部と、
 上記第2の公開鍵取得部により取得された上記第2の公開鍵によってカルテ情報を暗号化することにより、上記暗号化カルテ情報を生成する第2の暗号処理部と、
 上記第2の暗号処理部により生成された上記暗号化カルテ情報を、上記複数のノード装置のうち一のノード装置に提供するカルテ情報提供部とを備える。 In addition, medical institution terminals
A second public key acquisition unit that acquires the second public key stored in the plurality of node devices from one node device;
A second encryption processing unit that generates the encrypted medical record information by encrypting the medical record information with the second public key acquired by the second public key acquisition unit;
And a medical record information providing unit that provides the encrypted medical record information generated by the second cryptographic processing unit to one of the plurality of node devices.

 また、上記各実施形態では、コンセンサスアルゴリズムの一例としてPBFTを用いる例について説明したが、本発明はこれに限定されない。例えば、Proof of Work、Proof of Stake、Paxos、Raft、Sieveなどの他のコンセンサスアルゴリズムを用いてもよい。 In each of the above embodiments, an example using PBFT as an example of a consensus algorithm has been described, but the present invention is not limited to this. For example, other consensus algorithms such as Proof of Work, Proof of Stake, Paxos, Raft, and Sieve may be used.

 その他、上述した各実施形態は、何れも本発明を実施するにあたっての具体化の一例を示したものに過ぎず、これらによって本発明の技術的範囲が限定的に解釈されてはならないものである。すなわち、本発明はその要旨、またはその主要な特徴から逸脱することなく、様々な形で実施することができる。 In addition, each of the above-described embodiments is merely an example of a specific example for carrying out the present invention, and the technical scope of the present invention should not be construed as being limited thereto. . That is, the present invention can be implemented in various forms without departing from the gist or the main features thereof.

 11 鍵生成部
 12 公開鍵提供部
 13 生体情報取得部
 14 復号処理部
 15 カルテ情報入力部
 16 カルテ暗号処理部
 17 カルテ情報提供部
 21 生体情報入力部
 22 公開鍵取得部
 23 暗号処理部
 24 生体情報提供部
 30 データ記憶部
 31 公開鍵受信部
 32 第1のコンセンサス処理部
 33 公開鍵記憶制御部
 34 生体情報受信部
 35 第2のコンセンサス処理部
 36 生体情報記憶制御部
 37 公開鍵送信部
 38 生体情報送信部
 41 カルテ情報取得部
 42 カルテ復号処理部
 43 秘密鍵取得部
 51 カルテ情報受信部
 52 第3のコンセンサス処理部
 53 カルテ情報記憶制御部
 54 カルテ情報出力部
 100,100A,100B 医療機関端末
 200 患者端末
 300,300’ ノード装置 DESCRIPTION OF SYMBOLS 11 Key generation part 12 Public key provision part 13 Biometric information acquisition part 14 Decryption processing part 15 Medical record information input part 16 Medical record encryption process part 17 Medical record information provision part 21 Biometric information input part 22 Public key acquisition part 23 Cryptographic process part 24 Biometric information Providing unit 30 Data storage unit 31 Public key receiving unit 32 First consensus processing unit 33 Public key storage control unit 34 Biometric information receiving unit 35 Second consensus processing unit 36 Biometric information storage control unit 37 Public key transmitting unit 38 Biometric information Transmission unit 41 Medical record information acquisition unit 42 Medical record decryption processing unit 43 Secret key acquisition unit 51 Medical record information reception unit 52 Third consensus processing unit 53 Medical record information storage control unit 54 Medical record information output unit 100, 100A, 100B Medical institution terminal 200 Patient Terminal 300, 300 'node device

Claims (3)

 医療機関において使用する医療機関端末と、患者が使用する患者端末と、分散型ネットワークにより接続された複数のノード装置とを備えた個人情報保護システムであって、
 上記医療機関端末は、
 公開鍵および秘密鍵を生成する鍵生成部と、
 上記鍵生成部により生成された上記公開鍵を、上記複数のノード装置のうち一のノード装置に提供する公開鍵提供部と、
 上記複数のノード装置のうち一のノード装置から暗号化生体情報を取得する生体情報取得部と、
 上記生体情報取得部により取得された上記暗号化生体情報を、上記鍵生成部により生成された上記秘密鍵によって復号化する復号処理部とを備え、
 上記複数のノード装置は、
 上記医療機関端末から提供された上記公開鍵を上記複数のノード装置の全体で共有するための合意形成処理を行う第1のコンセンサス処理部と、
 上記第1のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備えるデータ記憶部に上記公開鍵を記憶させる公開鍵記憶制御部と、
 上記患者端末から提供された上記暗号化生体情報を上記複数のノード装置の全体で共有するための合意形成処理を行う第2のコンセンサス処理部と、
 上記第2のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備える上記データ記憶部に上記暗号化生体情報を記憶させる生体情報記憶制御部とを備え、
 上記患者端末は、
 上記複数のノード装置に記憶されている上記公開鍵を一のノード装置から取得する公開鍵取得部と、
 上記公開鍵取得部により取得された上記公開鍵によって、患者の生体情報または当該生体情報に付加される個人を特定可能な情報を暗号化することにより、上記暗号化生体情報を生成する暗号処理部と、
 上記暗号処理部により生成された上記暗号化生体情報を、上記複数のノード装置のうち一のノード装置に提供する生体情報提供部とを備えた
ことを特徴とする個人情報保護システム。 A personal information protection system comprising a medical institution terminal used in a medical institution, a patient terminal used by a patient, and a plurality of node devices connected by a distributed network,
The medical institution terminal
A key generation unit for generating a public key and a private key;
A public key providing unit that provides the public key generated by the key generating unit to one of the plurality of node devices;
A biometric information acquisition unit that acquires encrypted biometric information from one of the plurality of node devices;
A decryption processing unit that decrypts the encrypted biometric information acquired by the biometric information acquisition unit with the secret key generated by the key generation unit;
The plurality of node devices are:
A first consensus processing unit that performs consensus building processing for sharing the public key provided from the medical institution terminal with the entirety of the plurality of node devices;
A public key storage control unit that stores the public key in a data storage unit included in each of the plurality of node devices only when an agreement is formed by the first consensus processing unit;
A second consensus processing unit that performs consensus building processing for sharing the encrypted biometric information provided from the patient terminal with the whole of the plurality of node devices;
A biometric information storage control unit that stores the encrypted biometric information in the data storage unit provided in each of the plurality of node devices only when an agreement is formed by the second consensus processing unit,
The patient terminal
A public key acquisition unit for acquiring the public key stored in the plurality of node devices from one node device;
An encryption processing unit that generates the encrypted biometric information by encrypting the patient's biometric information or information that can identify an individual added to the biometric information with the public key acquired by the public key acquiring unit. When,
A personal information protection system, comprising: a biometric information providing unit that provides the encrypted biometric information generated by the cryptographic processing unit to one of the plurality of node devices.  上記医療機関端末は、
 上記鍵生成部により生成された上記公開鍵によってカルテ情報を暗号化することにより、暗号化カルテ情報を生成するカルテ暗号処理部と、
 上記カルテ暗号処理部により生成された上記暗号化カルテ情報を、上記複数のノード装置のうち一のノード装置に提供するカルテ情報提供部とを備え、
 上記複数のノード装置は、
 上記医療機関端末から提供された上記暗号化カルテ情報を上記複数のノード装置の全体で共有するための合意形成処理を行う第3のコンセンサス処理部と、
 上記第3のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備える上記データ記憶部に上記暗号化カルテ情報を記憶させるカルテ情報記憶制御部とを備えたことを特徴とする請求項1に記載の個人情報保護システム。 The medical institution terminal
A chart encryption processing section for generating encrypted chart information by encrypting chart information with the public key generated by the key generation section;
A chart information providing unit that provides the encrypted chart information generated by the chart encryption processing unit to one of the plurality of node devices;
The plurality of node devices are:
A third consensus processing unit that performs consensus building processing for sharing the encrypted medical record information provided from the medical institution terminal with the plurality of node devices as a whole;
A medical record information storage control unit that stores the encrypted medical record information in the data storage unit provided in each of the plurality of node devices only when an agreement is formed by the third consensus processing unit. The personal information protection system according to claim 1.  上記患者端末は、
 第2の公開鍵および第2の秘密鍵を生成する第2の鍵生成部と、
 上記第2の鍵生成部により生成された上記第2の公開鍵を、上記複数のノード装置のうち一のノード装置に提供する第2の公開鍵提供部と、
 上記複数のノード装置のうち一のノード装置から暗号化カルテ情報を取得するカルテ情報取得部と、
 上記カルテ情報取得部により取得された上記暗号化カルテ情報を、上記第2の鍵生成部により生成された上記第2の秘密鍵によって復号化する第2の復号処理部とを備え、
 上記複数のノード装置は、
 上記患者端末から提供された上記第2の公開鍵を上記複数のノード装置の全体で共有するための合意形成処理を行う第4のコンセンサス処理部と、
 上記第4のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備える上記データ記憶部に上記第2の公開鍵を記憶させる第2の公開鍵記憶制御部と、
 上記医療機関端末から提供された上記暗号化カルテ情報を上記複数のノード装置の全体で共有するための合意形成処理を行う第5のコンセンサス処理部と、
 上記第5のコンセンサス処理部により合意形成された場合にのみ、上記複数のノード装置がそれぞれ備える上記データ記憶部に上記暗号化カルテ情報を記憶させるカルテ情報記憶制御部とを備え、
 上記医療機関端末は、
 上記複数のノード装置に記憶されている上記第2の公開鍵を一のノード装置から取得する第2の公開鍵取得部と、
 上記第2の公開鍵取得部により取得された上記第2の公開鍵によってカルテ情報を暗号化することにより、上記暗号化カルテ情報を生成する第2の暗号処理部と、
 上記第2の暗号処理部により生成された上記暗号化カルテ情報を、上記複数のノード装置のうち一のノード装置に提供するカルテ情報提供部とを備えたことを特徴とする請求項1に記載の個人情報保護システム。 The patient terminal
A second key generation unit for generating a second public key and a second secret key;
A second public key providing unit that provides the second public key generated by the second key generating unit to one node device among the plurality of node devices;
A chart information acquisition unit that acquires encrypted chart information from one of the plurality of node apparatuses;
A second decryption processing unit that decrypts the encrypted medical record information acquired by the medical record information acquisition unit with the second secret key generated by the second key generation unit;
The plurality of node devices are:
A fourth consensus processing unit that performs consensus building processing for sharing the second public key provided from the patient terminal with the whole of the plurality of node devices;
A second public key storage control unit that stores the second public key in the data storage unit included in each of the plurality of node devices only when an agreement is formed by the fourth consensus processing unit;
A fifth consensus processing unit for performing consensus formation processing for sharing the encrypted medical record information provided from the medical institution terminal with the plurality of node devices as a whole;
A medical record information storage control unit that stores the encrypted medical record information in the data storage unit provided in each of the plurality of node devices only when an agreement is formed by the fifth consensus processing unit,
The medical institution terminal
A second public key acquisition unit that acquires the second public key stored in the plurality of node devices from one node device;
A second encryption processing unit that generates the encrypted medical record information by encrypting the medical record information with the second public key acquired by the second public key acquisition unit;
The medical record information providing unit that provides the encrypted medical record information generated by the second cryptographic processing unit to one of the plurality of node devices. Personal information protection system.
PCT/JP2017/021806 2017-06-13 2017-06-13 Personal information protection system Ceased WO2018229867A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2017/021806 WO2018229867A1 (en) 2017-06-13 2017-06-13 Personal information protection system
JP2017552511A JP6245782B1 (en) 2017-06-13 2017-06-13 Personal information protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2017/021806 WO2018229867A1 (en) 2017-06-13 2017-06-13 Personal information protection system

Publications (1)

Publication Number Publication Date
WO2018229867A1 true WO2018229867A1 (en) 2018-12-20

Family

ID=60658994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/021806 Ceased WO2018229867A1 (en) 2017-06-13 2017-06-13 Personal information protection system

Country Status (2)

Country Link
JP (1) JP6245782B1 (en)
WO (1) WO2018229867A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111737340A (en) * 2020-03-11 2020-10-02 西安电子科技大学 A storage encryption method on blockchain based on attribute encryption
JP2021106303A (en) * 2019-12-26 2021-07-26 アイホン株式会社 Nurse call system
JP2022551013A (en) * 2019-11-26 2022-12-06 ライカ・バイオシステムズ・メルボルン・プロプライエタリー・リミテッド Immutable ledger-based workflow management for patient samples

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6721903B2 (en) * 2018-01-31 2020-07-15 シビラ株式会社 Data transmitting/receiving method, data transmitting/receiving system, processing device, and computer program
JP7312425B2 (en) * 2018-01-31 2023-07-21 シビラ株式会社 Data transmission/reception method
KR101882207B1 (en) * 2018-03-23 2018-07-26 주식회사 아이라이즈 Hospital security system that stores patient information on a blockchain basis
WO2019187040A1 (en) * 2018-03-30 2019-10-03 株式会社Eyes, JAPAN Biological information management system
KR102048804B1 (en) * 2018-04-13 2019-11-26 김예원 Smart radiation measurement and management system using block chain
US20210183486A1 (en) * 2018-06-19 2021-06-17 Sony Corporation Biological information processing method, biological information processing apparatus, and biological information processing system
JP6566278B1 (en) * 2018-08-08 2019-08-28 株式会社DataSign Personal data management system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007025918A (en) * 2005-07-13 2007-02-01 Ada:Kk Electronic medical chart publication system
JP2014109826A (en) * 2012-11-30 2014-06-12 International Business Maschines Corporation Data management mechanism in emergency for wide-area distributed medical information network
JP2017059913A (en) * 2015-09-14 2017-03-23 株式会社リコー Information processing system, server device, and information processing program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007025918A (en) * 2005-07-13 2007-02-01 Ada:Kk Electronic medical chart publication system
JP2014109826A (en) * 2012-11-30 2014-06-12 International Business Maschines Corporation Data management mechanism in emergency for wide-area distributed medical information network
JP2017059913A (en) * 2015-09-14 2017-03-23 株式会社リコー Information processing system, server device, and information processing program

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2022551013A (en) * 2019-11-26 2022-12-06 ライカ・バイオシステムズ・メルボルン・プロプライエタリー・リミテッド Immutable ledger-based workflow management for patient samples
JP7303385B2 (en) 2019-11-26 2023-07-04 ライカ・バイオシステムズ・メルボルン・プロプライエタリー・リミテッド Immutable ledger-based workflow management for patient samples
JP2021106303A (en) * 2019-12-26 2021-07-26 アイホン株式会社 Nurse call system
JP7329437B2 (en) 2019-12-26 2023-08-18 アイホン株式会社 nurse call system
CN111737340A (en) * 2020-03-11 2020-10-02 西安电子科技大学 A storage encryption method on blockchain based on attribute encryption
CN111737340B (en) * 2020-03-11 2024-04-02 西安电子科技大学 Method for encrypting storage on blockchain based on attribute encryption

Also Published As

Publication number Publication date
JP6245782B1 (en) 2017-12-13
JPWO2018229867A1 (en) 2019-06-27

Similar Documents

Publication Publication Date Title
JP6245782B1 (en) Personal information protection system
Zala et al. PRMS: design and development of patients’ E-healthcare records management system for privacy preservation in third party cloud platforms
Fabian et al. Collaborative and secure sharing of healthcare data in multi-clouds
Sharma et al. RSA based encryption approach for preserving confidentiality of big data
Thilakanathan et al. A platform for secure monitoring and sharing of generic health data in the Cloud
US9246683B2 (en) Re-encryption key generator, re-encryption apparatus, and program
US10164950B2 (en) Controlling access to clinical data analyzed by remote computing resources
CN101919202B (en) Information distribution system and program for the same
US20020124177A1 (en) Methods for encrypting and decrypting electronically stored medical records and other digital documents for secure storage, retrieval and sharing of such documents
Garkoti et al. Detection of insider attacks in cloud based e-healthcare environment
KR101022213B1 (en) Method and apparatus for sharing and secondary use of medical data based on multi-proxy re-encryption
KR101220160B1 (en) Secure data management method based on proxy re-encryption in mobile cloud environment
CN104468496B (en) Encrypting and decrypting method, information providing system and the recording medium of information
Nait Hamoud et al. Implementing a secure remote patient monitoring system
US20080028214A1 (en) Secure flash media for medical records
JP6245783B1 (en) Security system and node device used therefor
CN102057379A (en) Method and a system of healthcare data handling
EP3219048A1 (en) System and method for securely storing and sharing information
JP4521514B2 (en) Medical information distribution system, information access control method thereof, and computer program
CN114065261A (en) Block chain-based distributed trusted data sharing platform, method and system
Bermad et al. Pseudonym revocation system for IoT-based medical applications
Chondamrongkul et al. Secure mobile cloud architecture for healthcare application
JPWO2008156107A1 (en) Electronic data encryption and encryption data decryption system and method
Vivas et al. Mechanisms of security based on digital certificates applied in a telemedicine network
Dakhel et al. A secure wireless body area network for E-health application using blockchain

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2017552511

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17913170

Country of ref document: EP

Kind code of ref document: A1