Patent Application
20200089911
The present invention relates to an information processing system. The invention relates to an information processing system to process individual-related information.
In recent years, attention has been paid on the usefulness of the use of big data. The big data is various types and forms of unstructured data and atypical data for example and is a collection of data increasing in an accumulated manner day by day. Thus, data groups, which have been overlooked by the conventional technique because of the impossibility of managing such enormous data, are increasingly effectively used for a business purpose for example by being recorded and stored to be subjected to a quick analysis.
The big data is generated from SNSs (social networking services) such as FACEBOOK® or TWITTER® that generate big data including a great amount of information day by day and GPS information from smart phones for example.
The use of the big data can provide, for example, an appropriate understanding of the market needs for a product development purpose for example. Thus, the above-described data conventionally publicized on the Internet via SNSs for example is used and analyzed as big data.
It has been expected to use, as big data, information such as diagnosis records and prescriptions from medical examinees and patients in medical institutions such as hospitals. The use of the information including the diagnosis records and prescriptions as big data allows pharmaceutical companies to develop products more suitable for the market needs.
However, information in SNSs is publicized on the Internet so that the information can be accessed by specific persons forming a community or can be accessed by unspecified persons. The information publicized so that the information can be accessed only by specific persons is hard to be used as big data because this information provides a limited access from the outside. The information publicized so that the information can be accessed by unspecified persons can be used as big data.
The SNS information processing system 100 can be configured by one or more computers including: a processor such as a CPU; a semiconductor memory or a magnetic or optical memory; a wired or wireless communication device; an input apparatus such as a keyboard, an input pad, a mouse pointer, or a microphone; and an output apparatus such as a display, a printer, or a speaker.
The SNS information processing system 100 includes a database (DB) 102, an information publicizing server 104, a communication server 106, and an authentication server 108.
The database 102 is a database that stores information for the respective users of the SNS information processing system 100. The database 102 is retained in the memory and information is written/read therein in response to a request.
The information publicizing server 104 is implemented by allowing a processor to execute a program such as an HTML (HyperText Markup Language) server. The information publicizing server 104 can publicize the user information stored in the database 102 at a predetermined address.
The communication server 106 is implemented by a processor for executing a program to support the Internet protocol (IP) communication and a communication device for example. The communication server 106 also can be a mail server program using a protocol such as a POP (Post Office Protocol)/SMTP (Simple Mail Transfer Protocol) or an IMAP (Internet Message Access Protocol) or a server executing a short message service SMS program. The communication server 106 also can be a file server to execute a protocol such as an FTP (File Transfer Protocol). The communication server 106 can communicate with the user terminals 160 and 162, the search server 180, the information publicizing server 104, an authentication server 108, or other mail servers or SNS servers or other file servers.
The authentication server 108 provides a function to authenticate a user of the information publicizing server 104 (by password collation for example) and a function to control the access to information stored in the database 102.
However, as shown in
The present invention has been made in view of the disadvantages as described above. It is an objective of the invention to provide an information processing system to publicize the individual-related information so that the individual cannot be identified.
In order to solve the above disadvantages, an information processing system according to one embodiment of the present invention includes: a storage unit that is connected to the outside via a network and that stores individual-related information; an information publication unit; and a person meta data generation unit. The storage unit is configured to add a flag to each piece of individual-related information to show whether or not the information is publicized so that the individual cannot be identified. The person meta data generation unit is configured to generate the person meta data based on the individual-related information showing by the flag that the information is publicized so that the individual cannot be identified. The information publication unit is configured so that the person meta data can be accessed and publicized via the network.
According to the present invention, the information processing system can be provided that publicizes the individual-related information so that the individual cannot be identified.
Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings in which the same or similar reference numerals denote the same or similar components, and repeated description will be omitted. The embodiment described below is one example of the invention of this application. Thus, the invention of this application is not limited to the following embodiment and can be carried out in other embodiments without loss of generality.
The information processing system according to the embodiment of the present invention is an information processing system connected to the outside via a network. This information processing system includes a memory to store individual-related information, an information publicizing server (SV), and a person meta data generator. The memory stores each piece of individual-related information attached with a flag showing whether or not the information is publicized so that the individual cannot be identified. The person meta data generator generates the person meta data based on the individual-related information showing by the flag that the information is publicized so that the individual cannot be identified. The information publicizing server publicizes the individual-related information not shown by the flag so that the individual cannot be identified and the person meta data so that the former and the latter can be separately accessed via the network.
The person meta data includes the entirety or a part of back data of a certain person including, for example, the individual information of the person showing the nature of the person (e.g., the person's character, hobbies, blood type, height, weight, and medical history such as the one related to atopy, personal history, contact address). The person meta data can be used to represent the more-detailed nature of the person for example in addition to information generally used to identify the person (e.g., the person's individual number, name, and address). Data of information to identify a certain person (e.g., the individual number, name, and address) (hereinafter also may be referred to as main data) and the person meta data also may be configured separately and the former and the latter may be mutually associated. In another example, another configuration may be used in which the individual number is included in the main data and the person meta data includes the name and the address together with other information elements. In this case however, the information identifying the person such as a name and an address for example is generally not-publicized person meta data.
As in
The database 102 is data to store the individual-related information of the respective users of the SNS system. The database 102 is retained in a memory.
The flag 502 shows whether or not each individual-related information stored in the database 102 is publicized so that the individual cannot be identified. For example, information for which the flag is set to “1” (e.g., profiles 1 and 2) shows that the person meta data (i.e., information identifying the individual) is publicized as concealed information as described later. Information for which the flag is set to “0” (e.g., a blog article) is publicized in a conventional manner. The information for which the flag is set to “1” (e.g., profiles 1 and 2) is publicized separately from the information for which the flag is set to “0”. For example, the former and the latter are publicized in different designs/formats and on different servers or addresses, respectively. When one of the information for which the flag is set to “1” and the information for which the flag is set to “0” is accessed, the former and the latter are not provided while being associated to each other.
In the above example, the flag “1” is associated with the publicized profile but also may be associated with another information category. For example, the respective flag values may be associated with a publicized information type so that “1” is associated with publicized “medical data”, “2” is associated with publicized “hobby”, “3” is associated with publicized “foot preference” for example. This association allows the publicized information to be searched in an organized manner.
In the above description, an example was described in which a flag was used in order to identify whether the information is publicized or not and to identify the information category. Another example also may be used in which a flag can be used to identify whether the information is publicized or not and to identify those who is permitted to access the information (publication target). For example, as shown in
In the example shown in Table 1, the person meta data is prepared and publicized so that the mail, food preference (like), and favorite color can be accessed by the medical personnels, food manufacturer personnels, and sporting goods manufacturer personnels and cannot be accessed by the publishing personnels, health food manufacturer personnels, and others. Alternatively, instead of the preparation of the person meta data, when the registration information shown in Table 1 is publicized by the information publicizing server 104, it is determined to which flag a person accessing the information corresponds (or it is determined to which registration information the access authorization is allocated) to provide, based on the determined flag, an access to the registration information. For example, such information is provided that is used to allow those who trying to access the information to determine whether they have a right to access from the user terminals 160 and 162 to the search server 180 or the information publicizing server 104 (e.g., information showing the type of occupation or the industry type for example). The search server 180 provides, to the information publicizing server 104, information used to determine the access right from the user terminal. When it is determined based on the provided information that a person trying the access is a medical personnel and corresponds to the flag “1”, then the information publicizing server 104 provides information registered as the one showing the mail, the profile 1, the favorite color (like), the color preference (dislike), and the color preference. Information registered as the one showing the name, the address, and the profile 2 may be provided while being masked. In this example, the medical personnels and the food manufacturer personnels for example were shown. However, the flag is not always limited to the occupation type and the industry type for example and also can represent the authorization or type of a person trying to access the data.
Alternatively, publicized information can be identified so that an individual cannot be identified without the use of a flag. For example, a specific data item of a database record is predetermined as the one to be publicized so that an individual cannot be identified. In this case, the person meta data generator generates the person meta data including the contents of the data item that is publicized by the information publicizing server. For example, a method may be used to set in advance, on a program, that the profile 1 and the profile 2 of
In the example shown in Table 1, it was described that the flag 502 is set, for each piece of individual-related information stored in the database 102, whether or not the individual cannot be identified. However, as described above, the main data including a data item for identifying a certain person having an individual number, a name, and an address for example is configured separately from the person meta data that can be used to represent the more detailed nature of the person to associate the former and the latter. For example, when a certain person has an individual number 0001, an identifier A001 is given to the main data of the person and an identifier B001 is given to the person meta data to store them in the database 102 so that the information publicizing server 104 publicizes the person meta data having B001 only. In this case, only the contents of the person meta data having B001 are publicized and the individual number 0001 included in the main data having A001 may be concealed.
Any method may be used so long as the method can store the main data and the person meta data separately and can associate the former and the latter. For example, a method may be used to separately store the main data and the person meta data in a tabular format to prepare another tabular format data that associates the main data and the person meta data having a tabular format as information of the same person. Instead of another tabular format data, another method may be used to connect and store an identifier A001 and an identifier B001 so that the series of identifiers can be used to identify the information of a certain person. The tabular format data and the series of identifiers function as a map showing a position where the data is stored for example.
As described above, the main data is associated with the person meta data by another tabular format data or the series of identifiers. This association allows, even in the case of data leakage, the leakage can occur only in the main data, the person meta data, or another tabular format data, or the series of identifiers. Thus, the leaked data has a little significance and is hard to be utilized for unauthorized users, thus causing a reduced damage and providing a safe security. The person meta data may be further divided to provide divided pieces of the person meta data to correspond to an individual number, the name(s), or the address(s) (or a combination of the name and the address). This is safer because the respective pieces of the individual information are divided to pieces of the person meta data. Alternatively, another tabular format data or the series of identifiers may include a flag that shows whether or not the person meta data is publicized. By doing this, whether the person meta data is publicized or concealed can be specified not by the person meta data but by another tabular format data or the series of identifiers.
The person meta data generator 402 can be implemented by a processor executing a program stored in the memory. The person meta data generator 402 generates the person meta data based on the individual-related information to be publicized by a flag so that the individual cannot be identified.
As shown in
In the above embodiment, a configuration was described in which the SNS information processing system 100 is connected to the search server 180 at the outside via a network. Alternatively, the SNS information processing system 100 may include the search server 180.
Alternatively, the above-described flag may be substituted with a configuration in which a specific region stored in the database 102 is specified in advance and the person meta data is generated.
Alternatively, the above region that can be activated to present the user interface may be substituted with an address to which a message or a comment is sent (address information not belonging to the individual (e.g., an address exclusively used to send a message)).
As described above, this embodiment can provide the SNS information processing system that publicizes the individual-related information so that the individual cannot be identified. The individual-related information publicized so that the individual cannot be identified promotes, for example, the publicization of physical feature information such as the one for a physical condition or health or medical history-related information. For example, if a need arises to know information regarding a medical history or a special hobby, a conventional case requires the notification of the existence of the medical history or special hobby, thus causing a risk where such a medical history or special hobby may be known to others for example. On the other hand, the SNS information processing system of this embodiment reduces such a risk by publicizing the person meta data. Specifically, the publicization of information is promoted, thus providing the improved use of big data. Furthermore, a message or a comment can be provided for the publicized person meta data, thus increasing the feedback for the information regarding the medical history or special hobby.
In the above embodiment, an example of the SNS information processing system was described. The invention of this application is not limited to the SNS information processing system. The invention of this application also can be used in many other embodiments so long as the person meta data can be separately retained. For example, the invention of this application applied to the individual-related information owned by companies, institutions, and public offices may provide the use of the person meta data as big data in such a manner that only the person meta data is publicized or shared or exchanged with others. For example, the invention of this application can be carried out as a medical or nursing-related information system. The following section will describe an example in which the invention of this application is carried out as a hospital-related information processing system (hereinafter will be called a hospital information processing system).
The hospital information processing system 800 can be connected to the user terminals 160 and 162 as well as the search server 180 via the network 190. The hospital information processing system 800 can be configured by one or more computers including: a processor such as a CPU; a semiconductor memory or a magnetic or optical memory; a wired or wireless communication device; an input apparatus such as a keyboard, an input pad, a mouse pointer, or a microphone; and an output apparatus such as a display, a printer, or a speaker.
The hospital information processing system 800 includes: the information publicizing server 104; the communication server 106; and the authentication server 108. The hospital information processing system 800 includes: the patient information database 802; the person meta data generator 804; and the person meta data database 806.
The patient information database 802 is a database to store patient information. The patient information database 802 is retained in a memory.
The person meta data generator 804 can be implemented by a processor executing a program stored in the memory. The person meta data generator 804 generates the person meta data based on the individual-related information to be publicized by a flag so that the individual cannot be identified (the diagnosis record information 901 and the prescription information 902 to 904 of the patient). For example, the person meta data generator 804 can generate the person meta data by deleting, from the patient information, such information that identifies the individual (name, date of birth, mail address). The person meta data generator 804 also can generate the person meta data by substituting the information identifying the individual (name) with a character string of alphanumeric characters.
The person meta data database 806 stores the generated person meta data. The person meta data database 806 is retained in the memory.
As has been described with reference to
As described above, the information publicizing server 104 or another element may determine the theme or classification of the contents of the person meta data 1001 to 1004 to be publicized through an analysis (e.g., morphological analysis) and a decision (a hard decision or a soft decision) to select matching server and address from the list. In this case, the same server and address collects and publicizes the person meta data of the same or similar theme or classification of a plurality of users (a plurality of individuals). For example, atopy-related person meta data is collected by the server (ccc). As described above, the server and the address selected based on the theme or classification provides the collection of the person meta data of the same theme or classification at the same server and address. However, the same server may include a plurality of different regions in which the person meta data having different themes or classifications may be collected.
As shown in
In the above description, an example was described in which the hospital information processing systems 800, 812, and 814 include the person meta data databases 806, respectively. However, the search server 180 at the outside also may include the person meta data database 806 and the person meta data generator 804 of each hospital information processing system may store the generated person meta data in the person meta data database 806 at the outside. In this case, the hospital information processing systems 800, 812, and 814 can additionally store contact address (mail address) so that a notification regarding the provided meta data can be received from the search server 180 at the outside. The search server 180 at the outside provides a search service in the person meta data database 806 to provide the person meta data as a search result. When a message or a comment regarding the person meta data is generated, the search server 180 at the outside can acquire a contact address stored together with the person meta data to notify the address to the hospital information processing system. For example, the notification can include an identification number included in the person meta data. The notification may include a message or a comment or may include a procedure to access the message or the comment. The communication server 106 of the hospital information processing system can acquire, from the patient information database 802, a patient contact address from which the person meta data is originated (e.g., a mail address) to notify the patient of the existence of a message or a comment regarding the person meta data. As described above, the person meta data generator 804 of each hospital information processing system can store the generated person meta data in the person meta data database 806 of the search server 180 at the outside. Each hospital information processing system may include the search server 180 and the person meta data generator 804 may store the person meta data in a different space in the search server. The search server 180 at the outside may store the person meta data database 806 so that the person meta data is attached with string-type additional information obtained by combining an identifier for identifying the theme or classification of a data item and an identifier for identifying whether or not the publication is permitted and for identifying a publication target. The search server 180 can use the additional information as a substitute of the above-described flag or as a combination therewith. For example, the registration information of Table 1 and the additional information corresponding to the flag can be configured in a string-like manner in the manner described below: A:Yamada Taro:0; B:Kanagawa-Ken:0; B:a@bbb.jp:125; C:Tennis:12345; D:atopy:34; E:eel:125; F:parsley:125; G:Yellow:125. The data can be stored in the person meta data database 806. The reference numerals A to G show an example of an identifier to identify a theme or a classification. The reference numeral A shows an identifier corresponding to the name. The reference numeral B shows an identifier corresponding to contact information. The reference numeral C shows an identifier corresponding to a hobby. The reference numeral D shows an identifier corresponding to a physical condition. The reference numerals E to G show an identifier corresponding to like/dislike. The additional information has a string “D:atopy:34” that shows that the third data item in the data record has a theme or classification corresponding to a physical condition, the data value is “atopy”, and the publicization to “publishing personnels” and “health food personnels” is permitted. In order to permit the publicization of the information for physical condition-related theme or classification only to medical personnels, the string in the additional information corresponding to the third data item in the data record may be set as “D:atopy:1”. Alternatively, instead of storing a data value in each string of the additional information, an address (pointer) in a recording medium may be stored in which the data value is stored. This approach allows, even when a place where the data is stored is known, a system having the person meta data database 806 in which the person meta data is stored (e.g., hospital information management systems 800, 812, and 814, the search server 180) to also refer to a string in the additional information to deny or limit the access to the person meta data. Thus, the person meta data can be publicized or concealed in a more free manner. Even when the string in additional information is attacked from the outside, more safety is secured because the contents is not a data value but an address (pointer) in the recording medium in which the data value is stored.
As described above, this embodiment can provide the hospital information processing system that publicizes patient (individual)-related information so that the patient cannot be identified. Thus, the use of big data may be considered because the patient information can be publicized so that the patient cannot be identified. Furthermore, the publicized person meta data can receive a message or a comment, thus providing an increased feedback to the patient.
In the embodiment of the hospital information processing system, an example was described in which a data item (main data) to identify a certain person such as a name and a data item (person meta data) that can be used to represent the person in a more detailed manner are included in one tabular format data. However, the main data and the person meta data may be separately configured and may be associated to each other. As described above, the main data and the person meta data for example may be separately stored in a tabular format. Then, tabular format data may be prepared and stored that has an association showing that these two pieces of tabular-format main data and tabular-format person meta data are information related to the same person. Alternatively, another tabular format data may be substituted with a combination of the identifier of the main data connected to the identifier of the person meta data. This combination is stored so that the series of identifiers identify the information of a certain person.
In S1101, the information processing system (communication server) receives and stores input data. For example, the SNS information processing system 400 communicates with the user terminal 160 operated by a user to receive the inputted profile data and the flag setting regarding the profile. The hospital information processing system 800 communicates with the user terminal 160 operated by a physician to receive inputted patient information (the diagnosis record information or the prescription information) and also receives the flag setting as required.
In S1103, based on the input data, the information processing system (the person meta data generator) generates person meta data. In S1105, the information processing system (information publicizing server) publicizes the generated person meta data.
In S1107, the user terminal sends a search request to a search server. In S1109, the search server executes the requested search. In S1111, the search server returns a search result to the user terminal. In S1113, the user terminal accesses the person meta data to generate and send a message or a comment via a user interface presented on the terminal.
In S1115, the information processing system (communication server or another element) extracts an address of a person who has provided input data corresponding to the person meta data having received the message or comment. The extraction of the address of the person having provided the input data can be performed in response to the reception by the information processing system (communication server or another element) of the message sent to the address of the information processing system or the detection of a record of the comment as a log in the server publicizing the person meta data.
In S1117, the information processing system (communication server) notifies that a message or a comment can be used.
In S1119, the user terminal accesses the message or the comment destined for the person meta data.
The information processing system (information publicizing server) may be configured, in response to the receipt of the request to access the publicized person meta data, to execute the authentication of a user associated with the request. The user authentication can be an authentication using an authorization child including a password authentication or biometrics authentication for example. The authorization child can be associated with information showing the occupation or industry type for example in advance. Similarly, the search server can authenticate a user associated with the search request prior to the execution of the requested search.
As described above, the invention of this application also can be carried out as an information processing method to publicize individual-related information so that the individual cannot be identified. the invention of this application also can be carried out as a computer program to allow a computer to execute this information processing method.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2017090532 | Apr 2017 | JP | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/JP2018/013972 | 3/30/2018 | WO | 00 |
