A management system that enables the automatic connection of wearable devices and relay devices to transmit biometric information.
The management system enhances security in automatic connections by encrypting and obfuscating biometric data transmission, ensuring only authorized devices can access and decrypt the information, addressing the issue of unauthorized access in existing systems.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- BOXYZ INC
- Filing Date
- 2024-11-29
- Publication Date
- 2026-06-10
AI Technical Summary
Existing management systems for transmitting biometric information through wearable devices lack sufficient security measures to prevent unauthorized access and leakage of personal information during automatic connections.
A management system that includes a wearable terminal, a relay device, and a server, utilizing encryption and obfuscation of identification information, along with secure communication protocols to ensure that only authorized devices can access and decrypt biometric data, thereby enhancing security during automatic connections.
The system improves the security of automatic connections by preventing unauthorized access and leakage of biometric information, ensuring that only authorized devices can decrypt and access the data, thus maintaining privacy.
Smart Images

Figure 2026094888000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a management system that can transmit biological information by automatically connecting a wearable terminal and a repeater.
Background Art
[0002] Patent Document 1 discloses a management system in which a server receives biological information transmitted from a wearable terminal via a repeater and the server manages the received biological information.
[0003] Specifically, biological information is transmitted from a wearable terminal by broadcast communication, a repeater within a short-range communication area receives the biological information, and the received biological information is transmitted by the repeater to the server.
[0004] And Patent Document 1 also discloses that when the permission conditions of preset data communication are satisfied, the wearable terminal and the repeater automatically perform a communication connection, and biological information is transmitted from the wearable terminal to the repeater in a communication connection state.
Prior Art Documents
Patent Documents
[0005]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0006] By the way, since biological information is personal information, it is important to prevent it from being known by unrelated third parties. Even when automatically performing a communication connection to transmit biological information, it is preferable to use a connection method that is less likely to cause leakage.
[0007] This invention has been made in view of these circumstances, and one of its objectives is to improve the security of automatic connection in a management system that enables the automatic connection of a wearable terminal and a relay device to transmit biometric information. [Means for solving the problem]
[0008] To achieve the above objective, the present invention is understood by the following configuration. (1) The management system of the present invention is a management system that can transmit biometric information by automatically connecting a wearable terminal and a relay, the management system comprising: a relay that relays between the wearable terminal and a server; the wearable terminal that can communicate with the relay using a connection key; and the server that transmits the connection key to the relay, the wearable terminal comprising: a biometric information acquisition unit that acquires the biometric information of the wearer; and a first short-range wireless communication unit that can communicate with devices within a short-range communication area, the relay comprising: a second communication unit that can communicate with the server; and a second short-range wireless communication unit that can communicate with the first short-range wireless communication unit within the short-range communication area, the server comprising: a third communication unit that can communicate with the relay; a biometric information storage unit that manages the biometric information; and a unit that identifies the wearable terminal in association with the wearer. The wearable terminal comprises a user management unit that registers identification information, and the wearable terminal performs a storage process to store the acquired biometric information and a request transmission process to send a communication connection request to the relay unit with the identification information attached at a predetermined timing. The server performs a connection key transmission process to send the connection key of the wearable terminal corresponding to the identification information of the communication connection request to the relay unit that has received the communication connection request. When the relay unit receives the connection key, an automatic communication connection process is performed between the wearable terminal and the relay unit. The wearable terminal performs a connection transmission process to send the stored biometric information to the server via the relay unit in a communication connection state. The server performs a storage process to store the biometric information transmitted in the connection transmission process in the biometric information storage unit, categorized by the user wearing the device.
[0009] (2) In the configuration of (1) above, the wearable terminal comprises an encryption key and an encryption unit that encrypts based on the encryption key, the server comprises a decryption unit that performs decryption corresponding to the encryption key, the wearable terminal performs a first generation process to generate encrypted biometric information by encrypting the acquired biometric information, and a first transmission process to transmit first data, which has the identification information added to the encrypted biometric information, by broadcast communication to unspecified devices within the short-range communication area, the repeater performs a transmission process to transmit the received first data to the server, the server performs a decryption process to decrypt the encrypted biometric information of the first data back into biometric information, and a storage process to store the biometric information acquired by decryption in the biometric information storage unit, for each wearer, based on the identification information.
[0010] (3) In the configuration of (2) above, the wearable terminal is equipped with a first key, and the connection key is obfuscated using the encryption key and the first key.
[0011] (4) The management system of the present invention is a management system that can transmit biometric information by automatically connecting a wearable terminal and a relay, the management system comprising: a relay that relays between the wearable terminal and a server; the wearable terminal that establishes a communication connection with the relay using a connection key; and the server that transmits the connection key to the relay that establishes a communication connection with the wearable terminal, the wearable terminal comprising: a biometric information acquisition unit that acquires biometric information of the wearer; and a first short-range wireless communication unit that can communicate with devices within a short-range communication area, the relay comprising: a second communication unit that can communicate with the server; and a second short-range wireless communication unit that can communicate with the first short-range wireless communication unit within the short-range communication area, the server comprising: a third communication unit that can communicate with the relay; a biometric information storage unit that manages the biometric information; and an identification unit that identifies the wearable terminal in association with the wearer The wearable terminal comprises a user management unit that registers obfuscated identification information obtained by obfuscating the information, and the wearable terminal performs a storage process to store the acquired biometric information, and a request transmission process to send a communication connection request to the relay at a predetermined timing, which includes the obfuscated identification information obtained by obfuscating the identification information, and the server performs a connection key transmission process to send the connection key of the wearable terminal corresponding to the obfuscated identification information of the communication connection request to the relay that has received the communication connection request, and when the relay receives the connection key, an automatic communication connection process is performed between the wearable terminal and the relay, and the wearable terminal performs a connection transmission process to send the stored biometric information to the server via the relay that is in a communication connection state, and the server performs a storage process to store the biometric information transmitted in the connection transmission process in the biometric information storage unit for each wearer.
[0012] (5) In the configuration of (4) above, the wearable terminal comprises an encryption key and an encryption unit that encrypts based on the encryption key, the server comprises a decryption unit that performs decryption corresponding to the encryption key, the wearable terminal comprises a first generation process that generates encrypted biometric information by encrypting the acquired biometric information, a first transmission process that transmits first data, which has the identification information added to the encrypted biometric information, by broadcast communication to unspecified devices within the short-range communication area, and the identification information added to the obfuscated identification information which obfuscates the identification information that identifies the wearable terminal. The relay device performs a second transmission process, which involves broadcasting the second data with the attached information to unspecified devices within the short-range communication area via broadcast communication. The relay device then performs a transmission process, which involves sending the received first data and the second data to the server. The server then performs a decryption process, which involves decrypting the encrypted biometric information of the first data back into biometric information. Based on the identification information of the first data and the obfuscated identification information of the second data, the server stores the biometric information acquired through decryption in the biometric information storage unit, for each user wearing the device.
[0013] (6) In the configuration of (4) above, the wearable terminal comprises an encryption key and an encryption unit that encrypts based on the encryption key, the server comprises a decryption unit that performs decryption corresponding to the encryption key, the repeater further comprises a modification processing unit that generates modified identification information by modifying the identification information, the wearable terminal comprises a first generation process that generates encrypted biometric information by encrypting the acquired biometric information, a first transmission process that transmits first data, which has the identification information added to the encrypted biometric information, by broadcast communication to unspecified devices within the short-range communication area, and second data, which has the identification information added to obfuscated identification information that obfuscates the identification information that identifies the wearable terminal, to unspecified devices within the short-range communication area. The relay performs a second transmission process to send a broadcast message to the device, and when the relay receives the first data, it performs a first transmission process to send modified first data to the server, which is the encrypted biometric information with the modified identification information added to it, and when the relay receives the second data, it performs a second transmission process to send modified second data to the server, which is the obfuscated identification information with the modified identification information added to it, and the server performs a decryption process to decrypt the encrypted biometric information of the modified first data back into the biometric information, and a storage process to store the biometric information acquired by decryption in the biometric information storage unit, for each user wearing the device, based on the modified first data, the modified identification information of the modified second data, and the obfuscated identification information of the modified second data.
[0014] (7) In the configuration of (5) or (6) above, the wearable terminal is equipped with a first key, and the connection key is obfuscated using the encryption key and the first key.
[0015] (8) In the configuration of (5) or (6) above, the wearable terminal executes the second call processing after executing the first call processing multiple times. [Effects of the Invention]
[0016] According to the present invention, in a management system capable of automatically connecting a wearable terminal and a relay and transmitting biological information, the safety of the automatic connection can be improved.
Brief Description of the Drawings
[0017] [Figure 1] It is a diagram for explaining the management system according to the first embodiment of the present invention. [Figure 2] It is a diagram for explaining the configuration of the wearable terminal according to the first embodiment of the present invention. [Figure 3] It is a diagram showing an example of the format of data transmitted by the first short-range wireless communication unit according to the first embodiment of the present invention. [Figure 4] It is a diagram for explaining the configuration of the relay according to the first embodiment of the present invention. [Figure 5] It is a diagram for explaining the configuration of the server according to the first embodiment of the present invention. [Figure 6] It is a diagram for explaining the biological information storage unit according to the first embodiment of the present invention. [Figure 7] It is a diagram for explaining the user management unit according to the first embodiment of the present invention. [Figure 8] It is a flowchart for explaining the operation of the wearable terminal according to the first embodiment of the present invention. [Figure 9] It is a flowchart for explaining the operation of the wearable terminal according to the third embodiment of the present invention.
Modes for Carrying Out the Invention
[0018] Hereinafter, with reference to the accompanying drawings, modes for carrying out the present invention (hereinafter referred to as "embodiments") will be described in detail. Throughout the description of the embodiments, the same elements are denoted by the same numbers or symbols.
[0019] <<First Embodiment>> A management system 100 that enables the automatic connection of a wearable terminal 1 and a relay 2 according to the first embodiment of the present invention and the transmission of biometric information will be described with reference to Figures 1 to 8.
[0020] Figure 1 is a diagram illustrating a management system 100 according to a first embodiment of the present invention. As shown in Figure 1, the management system 100 includes a relay 2 that relays communication between the wearable terminal 1 and the server 3, the wearable terminal 1 which can communicate with the relay 2 using a connection key (described later), the server 3 which sends the connection key (described later) to the relay 2, and a receiving permission terminal 4.
[0021] Furthermore, the repeater 2 and server 3, as well as the receiving permission terminal 4 and server 3, are able to communicate via network N. Furthermore, as will be described later, the wearable device 1 and the repeater 2 are capable of short-range communication.
[0022] [Wearable device 1] Figure 2 is a diagram illustrating the configuration of a wearable terminal 1 according to the first embodiment of the present invention. The wearable terminal 1 is a terminal worn by a user registered with the management system 100. As shown in Figure 2, it comprises a control unit 11, a storage unit 12, a biometric information acquisition unit 13, an encryption unit 14, and a first short-range wireless communication unit 15, which are connected to each other via bus BS1 for access. Furthermore, a user who wears and uses the wearable device 1 will henceforth be referred to as a wearer.
[0023] (Control Unit 11) The control unit 11 is responsible for the overall control of the wearable terminal 1. For example, the control unit 11 is a central processing unit (so-called CPU) that performs various control and calculation processes according to the control program stored in the memory unit 12.
[0024] Specifically, the control unit 11 performs calculations and other operations to determine the necessary biometric information based on the measurement data (described later) related to the wearer's biometric information acquired by the biometric information acquisition unit 13 (described later).
[0025] Furthermore, the control unit 11 is responsible for overall control of communication and other functions of the wearable terminal 1 via the first short-range wireless communication unit 15. Since the control by the control unit 11 is the same as the operation of the wearable terminal 1 itself, the wearable terminal 1 may be described as the main component.
[0026] (Storage unit 12) The memory unit 12 includes RAM, which is a volatile memory that temporarily stores various data and calculation results from the control unit 11, and ROM, which is a non-volatile memory that stores encryption keys (described later), connection keys (described later), and control programs (for example, software corresponding to the management system 100).
[0027] For example, one example of the various types of data stored in the memory unit 12 is the wearer's biometric information, which will be described later. Furthermore, the encryption key stored in the memory unit 12 is the key used for encryption by the encryption unit 14, which will be described later, and the connection key stored in the memory unit 12 is the so-called pairing key when the first short-range wireless communication unit 15 is Bluetooth®, as will be shown later as an example.
[0028] To explain the communication connection state using a connection key, using the case where the connection key is a pairing key as an example, the communication connection state using a connection key is when the pairing key of one device that wants to establish a communication connection is registered with the other device to which it is connected, resulting in a unicast communication state between the devices.
[0029] Furthermore, since the pairing key is used to establish a communication connection between devices, a communication connection cannot be established with a device that does not possess a pairing key. Therefore, a communication connection using a pairing key is a highly confidential communication state.
[0030] (Biometric information acquisition unit 13) The biometric information acquisition unit 13 is the part that acquires the biometric information of the wearer, and the biometric information acquisition unit 13 is equipped with sensors that acquire the wearer's vital data and operating status. The biological information acquisition unit 13 is equipped with, for example, a pulse sensor, temperature sensor, pulse wave sensor, gyroscope sensor, compass, acceleration sensor, etc., and measures biological information such as heart rate, blood oxygen saturation, body temperature, number of steps, sleep (autonomic nervous system recovery, REM sleep, non-REM sleep) state, number of floors climbed, distance traveled, etc. The portion of biological information acquired by the sensors provided by the biological information acquisition unit 13 is also referred to as measurement data.
[0031] Furthermore, based on the measurement data from the sensors equipped in the biological information acquisition unit 13, the control unit 11 obtains biological information such as respiratory rate, various workouts including strength training workouts, aerobic workouts, anaerobic workouts, interval training, rep count, pitch, VO2MAX, training load, stress level, recovery measurement, and fitness test results. Furthermore, the portion of biological information obtained through calculations based on the measurement data from the sensors equipped in the biological information acquisition unit 13 is also called calculated data.
[0032] Furthermore, based on the measurement data from the sensors equipped in the biological information acquisition unit 13, the control unit 11 also determines abnormal states as biological information. For example, when the control unit 11 detects abnormalities in vital data such as abnormally low temperature or decreased pulse rate, or abnormal operating conditions due to a sudden change in acceleration (e.g., falling), by comparing them with a preset threshold, it records the abnormal state as biological information (records an abnormality flag). In the first embodiment, when the abnormality status of the abnormality flag is "0", it is considered that there is no abnormality, and when it is "1", it is considered that there is an abnormality.
[0033] Furthermore, since the calculation data and anomaly flag can be determined on the server 3 side based on the measurement data, the biometric information only needs to include at least the measurement data and the date and time that measurement data was acquired.
[0034] The wearable terminal 1 then performs a storage process to store and accumulate the acquired biometric information (measurement data, date and time of acquisition of measurement data, calculation data, and abnormality flag, etc.) in the storage unit 12.
[0035] (Encryption part 14) The encryption unit 14 is a functional component formed by the operation of the control unit 11 according to a control program, and performs a first generation process to generate encrypted biometric information by encrypting the biometric information acquired by the wearable terminal 1 (at least measurement data acquired by the biometric information acquisition unit 13, the date and time of acquisition of the measurement data, etc.) based on an encryption key.
[0036] Furthermore, if the data includes calculation data, anomaly flags, etc., the encryption unit 14 performs a first generation process to generate encrypted biometric information by encrypting the biometric information (acquisition date and time, measurement data, calculation data, anomaly flags, etc.) including the calculation data, anomaly flags, etc.
[0037] In other words, the wearable terminal 1 uses the encryption unit 14 to perform a first generation process that generates encrypted biometric information, which includes at least the measurement data acquired by the biometric information acquisition unit 13 and the date and time the measurement data was acquired.
[0038] (1st short-range wireless communication section 15) The first short-range wireless communication unit 15 is a communication interface capable of communicating with devices within the short-range communication area CA (see Figure 1), such as Bluetooth®.
[0039] The wearable terminal 1 then performs a first transmission process (details described later) in which it periodically transmits (sends) first data (details described later) with identification information added to encrypted biometric information via broadcast communication to unspecified devices within the short-range communication area CA of the first short-range wireless communication unit 15 via the first short-range wireless communication unit 15. Broadcast communication, as goes without saying, is a form of communication that can be received by any unspecified device.
[0040] For example, the identification information is unique information used to identify wearable device 1. If the identification information is a MAC address, for instance, it is automatically added when a call is made. However, the identification information may be unique to each wearable device, distinct from the MAC address, and added at the time of transmission.
[0041] Furthermore, from the standpoint of suppressing power consumption, it is preferable that the transmission period for the first data (details will be described later) be approximately once every 3 seconds. However, it is not necessary for the period to be the same at all times. For example, the wearable terminal 1 may vary the transmission period for the first data depending on the remaining power level to avoid power loss.
[0042] Furthermore, the first short-range wireless communication unit 15 receives data and other information transmitted from the server 3 via the second short-range wireless communication unit 22 of the repeater 2.
[0043] Figure 3 shows an example of the format of the first data transmitted by the first short-range wireless communication unit 15 of the first embodiment according to the present invention. As shown in Figure 3, the first data transmitted in the first transmission process described later consists of encrypted biometric information, which is obtained by encrypting biometric information by the encryption unit 14, with identification information added to it. The encrypted biometric information includes at least encrypted measurement data and acquisition date and time, and in the example in Figure 3, it also includes encrypted calculation data and an anomaly flag.
[0044] [Repeater 2] Figure 4 is a diagram illustrating the configuration of the repeater 2 of the first embodiment according to the present invention. As shown in Figure 4, the repeater 2 comprises a second communication unit 21 capable of communicating with the server 3 (described later), a second short-range wireless communication unit 22 capable of communicating with the first short-range wireless communication unit 15 within the short-range communication area CA (see Figure 1), a control unit 23 that oversees the overall control of the repeater 2, and a storage unit 24 that stores various data. These components are connected via bus BS2 for access.
[0045] (Second Communications Department 21) The second communication unit 21 is a communication interface capable of communication in accordance with standards such as LTE (registered trademark), 4G, and 5G. As shown in Figure 1, it is connected to the network N via the base station CS and is responsible for communication with the server 3.
[0046] However, since the second communication unit 21 only needs to be able to communicate with the server 3, a wired communication interface that can connect to the internet is also acceptable.
[0047] Furthermore, if the repeater 2 is used in an environment with a Wi-Fi® router, the second communication unit 21 may be a communication interface that conforms to Wi-Fi® or other standards.
[0048] (2nd short-range wireless communication section 22) The second short-range wireless communication unit 22 is a communication interface that performs short-range communication such as Bluetooth (registered trademark), and receives the first data etc. transmitted by broadcast communication from the first short-range wireless communication unit 15 of the wearable terminal 1. Furthermore, the second short-range radio communication unit 22 transmits data and other information sent from the server 3 to the first short-range radio communication unit 15.
[0049] (Control Unit 23) The control unit 23 is responsible for the overall control of the repeater 2. For example, the control unit 23 is a central processing unit (so-called CPU) that performs various control and calculation processes according to the control program stored in the memory unit 24.
[0050] (Storage unit 24) The memory unit 24 includes RAM, which is a volatile memory that temporarily stores various data and calculation results from the control unit 23, and ROM, which is a non-volatile memory that stores control programs (for example, software corresponding to the management system 100).
[0051] For example, the repeater 2 may be a device 2A such as a typical smartphone or tablet, as shown in Figure 1. Specifically, a device 2A, such as a typical smartphone or tablet, has the configuration corresponding to the second communication unit 21, second short-range wireless communication unit 22, control unit 23, and storage unit 24 described above. Therefore, it can be used as a repeater 2 by installing software compatible with the management system 100.
[0052] Furthermore, as shown in Figure 1, the repeater 2 may be a light bulb 2B used as lighting in places frequently used by the wearer on a daily basis, such as toilets and kitchens, equipped with a second communication unit 21, a second short-range wireless communication unit 22, a control unit 23, and a storage unit 24, with software compatible with the management system 100 installed. Furthermore, light bulb 2B does not need to be limited to the shape of an incandescent bulb; it may also be shaped like a fluorescent lamp.
[0053] [Server 3] Server 3 manages the biometric information of each user of the management system 100 on a user-by-user basis, and is responsible for managing the entire system, including sending the biometric information of a specific user to authorized receiving terminals 4 at pre-set timings or in accordance with requests from authorized receiving terminals 4.
[0054] Server 3 may be implemented as a physical computer, or it may be implemented as a cloud server utilizing cloud computing technology. If server 3 is a cloud server, the storage unit 34 described later may be a data storage area provided by the cloud service provider.
[0055] Figure 5 is a diagram illustrating the configuration of the server 3 of the first embodiment according to the present invention. As shown in Figure 5, the server 3 comprises a third communication unit 31 capable of communicating with the repeater 2, a control unit 32 that oversees the overall control of the server 3, a decoding unit 33, and a storage unit 34, all of which are connected via the bus BS3 for access.
[0056] Furthermore, as will be explained later, the memory unit 34 includes a biometric information memory unit 34A for managing biometric information, and a user management unit 34B that registers identification information (for example, a MAC address) to identify the wearable terminal 1 in association with the user wearing it.
[0057] Therefore, the server 3 includes a biometric information storage unit 34A for managing biometric information, and a user management unit 34B that registers identification information (for example, a MAC address) to identify the wearable terminal 1 in association with the user wearing it.
[0058] (Third Communications Section 31) The third communication unit 31 is a communication interface that communicates with the repeater 2 and the receiving permission terminal 4 via the network N, and the specific details of the communication interface may be the same as those described for the second communication unit 21.
[0059] (Control Unit 32) The control unit 32 is responsible for the overall control of the server 3. For example, the control unit 32 is a central processing unit (so-called CPU) that performs various control and calculation processes according to the control program stored in the memory unit 34.
[0060] (Decoding unit 33) The decryption unit 33 is a functional component formed by the operation of the control unit 32 according to the control program, and performs a decryption process to decrypt the encrypted biometric information encrypted by the wearable terminal 1 contained in the first data described above back into biometric information.
[0061] As will be described later, the user management unit 24B of the memory unit 34 has a decryption key corresponding to the encryption key of each wearable terminal 1 registered in association with identification information that identifies the wearable terminal 1, and the decryption unit 33 decrypts the encrypted biometric information of the first data back into biometric information based on that decryption key.
[0062] For example, if the encryption method is a symmetric-key cryptography method, the same encryption key as the encryption key of each wearable terminal 1 is registered as the decryption key in the user management unit 34B. If the encryption method is a public-key cryptography method, a decryption key different from the decryption-specific encryption key corresponding to the encryption key of each wearable terminal 1 is registered.
[0063] In this manner, the server 3 uses the decryption unit 33 to decrypt the encrypted biometric information of the first data using the encryption key, and performs a decryption process that decrypts the encrypted biometric information of the first data back into biometric information.
[0064] (Storage unit 34) The memory unit 34 includes RAM, which is a volatile memory for temporarily storing various data and calculation results from the control unit 32; ROM, which is a non-volatile memory for storing control programs (for example, software corresponding to the management system 100); and a storage device (for example, a hard disk) for the biological information storage unit 34A and the user management unit 34B. However, as explained earlier, in the case of cloud servers, the entire storage unit 34 may consist of a data storage area provided by the cloud service provider.
[0065] "Biological Information Storage Unit 34A" Figure 6 is a diagram illustrating the biological information storage unit 34A of the first embodiment according to the present invention. As shown in Figure 6, the biometric information storage unit 34A stores, for example, a file for each wearer containing the wearer's username and the MAC address of the wearable terminal 1, which is identification information for the wearable terminal 1. The file also records biometric information such as measurement data, calculation data, and abnormal flags in chronological order based on the date and time the measurement data was acquired.
[0066] Note that in Figure 6, the abnormal state of the abnormal flag is shown as "0," but as explained earlier, if there is an abnormality in the measurement data, etc., "1" will be recorded.
[0067] "User Management Department 34B" Figure 7 is a diagram illustrating the user management unit 34B of the first embodiment according to the present invention. As shown in Figure 7, the user management unit 34B is linked to the user wearing the device (username: AAA) and has registered the decryption key (XXX) corresponding to the encryption key of the wearable terminal 1 worn by the user, the connection key (YYY), the MAC address (00:1A:C1:SS:20:01) which is identification information, and the authorized receiving terminal information (ID, PW, MAC address, email address, etc.) of the authorized receiving terminal 4 described later. The encryption key and connection key may be provided in binary or other formats, and the ID and PW (password) of the authorized receiving terminal information are the ID and PW used by the authorized receiving terminal 4 to access the management system 100.
[0068] [Authorized Receiving Terminal 4] The authorized receiving terminal 4 can be any general PC, smartphone, or tablet device equipped with communication capabilities to communicate with server 3; a detailed explanation of its configuration is omitted.
[0069] Furthermore, this authorized receiving terminal 4 is a terminal that is authorized (registered for acquisition) to acquire biometric information about the wearer by a relative of the wearer (for example, the wearer's daughter or son, etc.) who is concerned about the wearer's safety, with the wearer's permission.
[0070] While the above discussion focused on the case of relatives, this does not prevent the registration of devices belonging to caregivers other than relatives. Furthermore, if permission has been obtained from the user wearing the device to use their biometric information, it may be provided to a legal entity or other organization that is authorized to use it. In this case, the authorized receiving terminal 4 may be a terminal that is authorized to access the device.
[0071] Next, the overall operation of the management system 100 of the first embodiment will be explained, mainly with reference to a flowchart illustrating the operation of the wearable terminal 1. In other words, while primarily explaining the operation of wearable device 1, the operation of relay device 2 and server 3, which occur in conjunction with its operation, will also be explained at various points.
[0072] Figure 8 is a flowchart illustrating the operation of the wearable terminal 1 according to the first embodiment of the present invention.
[0073] It should be assumed that the activation (initial use procedure) of wearable device 1 has already been completed before the start of Figure 8. This activation can be performed by the wearer, or by a daughter, son, or other person who is gifting the wearer device 1 to the wearer. Furthermore, if a caregiver hands the wearable device 1 to a user, the caregiver may perform the activation.
[0074] To briefly explain the state before activation, at the time of shipment, identification information (MAC address in this example) that identifies the wearable terminal 1 is obtained, and a file for the wearer with the obtained identification information registered in the biometric information storage unit 34A (see Figure 6) is prepared.
[0075] Furthermore, at the time of shipment, the user management unit 34B (see Figure 7) registers the acquired identification information, decryption key, connection key, ID of authorized receiving terminal information, password, etc., in order to manage the user wearing the device.
[0076] However, at this point, parts that cannot be determined without input from the user wearing the device, such as the user's username, remain blank.
[0077] Furthermore, even if the wearable device 1 is started to be used before activation, the management of biometric information itself begins based on the identification information of the first data.
[0078] Each shipped wearable device 1 includes instructions (for example, a QR code®) directing users to an activation site, as well as a registration ID and password for each individual wearable device. Activation is completed once the user accesses the site and registers their username and other information.
[0079] As a result, the user name and other information of the wearer, which were unknown at the time of shipment, are reflected in the files of the biometric information storage unit 34A (see Figure 6) and the user management unit 34B (see Figure 7), so that the management system 100 can manage biometric information, including data from before activation.
[0080] (S1) When processing begins for wearable device 1, in S1, wearable device 1 determines whether it can detect repeater 2. Then, if there is a repeater 2 within the short-range communication area CA (Figure 1), the repeater 2 will be detected, the determination will be YES, and the process will proceed to S2. On the other hand, if there is no repeater 2 within the short-range communication area CA (Figure 1), detection is not possible, the result is NO, and the process proceeds to S5.
[0081] (S2) In S2, the wearable device 1 determines whether it is the predetermined timing to establish a communication connection with the repeater 2 using the connection key. For example, if biometric information stored while connected to a network is to be transmitted about once a day, the predetermined timing can be determined by setting a criterion such as whether more than 24 hours have passed since the last connection with repeater 2 using the previous connection key, or whether more than a predetermined amount of time has passed since the last connection.
[0082] With these criteria in place, if repeater 2 is not detected and no biometric information has been transmitted while connected to the network for more than 24 hours, the system can prioritize the transmission of biometric information while connected to the network, as described below.
[0083] Then, if the timing is as specified, the result is YES and the process proceeds to S3; otherwise, the result is NO and the process proceeds to S6.
[0084] (S3) In S3, since the predetermined timing (S2 was YES) was met, the wearable terminal 1 sends a communication connection request. However, if the identification information is a MAC address, it is automatically added. More precisely, the request transmission process is executed to send a communication connection request with the identification information (MAC address) added to the repeater 2. After the request transmission process, the process proceeds to S4.
[0085] Furthermore, when the repeater 2 receives a communication connection request, it notifies the server 3 that a communication connection request has been made from the wearable terminal 1 by, for example, forwarding (transmitting) the received communication connection request to the server 3, using the identification information attached to the communication connection request.
[0086] Furthermore, when server 3 receives notification that a communication connection request has been made (for example, a forwarded communication connection request), it refers to user management unit 34B to obtain the connection key of wearable terminal 1 from the identification information attached to the communication connection request, and executes a connection key transmission process to send the connection key of wearable terminal 1 corresponding to the identification information of the communication connection request to relay unit 2, which received the communication connection request.
[0087] Then, when the repeater 2 receives the connection key, both the wearable terminal 1 and the repeater 2 will hold the connection key, and as explained earlier, a communication connection will be established. The automatic communication connection process between the wearable terminal 1 and the repeater 2 will then take place, and the wearable terminal 1 and the repeater 2 will be in a communication connection state.
[0088] In this case, when establishing a communication connection, a connection key is generally sent from the device requesting the connection to the device to be connected to. Therefore, if, for example, a device impersonating repeater 2 exists, there is a risk that a communication connection may be established between wearable terminal 1 and the impersonating device.
[0089] On the other hand, in the first embodiment, the connection key is not sent from the wearable terminal 1 requesting the connection to the repeater 2, but rather from the server 3 to the repeater 2. Therefore, even if there is a fraudulent device that has impersonated the repeater 2, that fraudulent device cannot access the server 3, and thus cannot obtain the connection key, and cannot establish a communication connection with the wearable terminal 1. Therefore, a high level of security is ensured for automatic connections (high security of automatic communication connections).
[0090] (S4) In S4, the wearable device 1 performs a connection transmission process to send the stored biometric information to the server 3 via the relay device 2, which is in a communication connection state, and then proceeds to S5. For example, as mentioned above, if the predetermined timing is about once a day, the connection transmission process will transmit approximately 24 hours' worth of biometric information accumulated since the last connection transmission process.
[0091] Furthermore, when transmitting the accumulated biometric information, the transmitted data is the accumulated biometric information with identification information added to it, so server 3 will receive the data with identification information added to it.
[0092] Therefore, when server 3 receives data, it records the biometric information in the biometric information storage unit 34A in the file of the wearer whose identification information is the same as the identification information of the data, based on the identification information of the data which has been added to the stored biometric information.
[0093] In other words, server 3 performs a storage process in the biometric information storage unit 34A to store the biometric information transmitted during the connection transmission process, for each user wearing the device.
[0094] (S5) In S5, wearable device 1 determines whether to perform termination processing. For example, if the wearer performs an operation such as turning off the power of wearable device 1, the determination becomes YES, the series of operations in this flowchart ends, and when the power of wearable device 1 is turned on again, the series of operations in this flowchart starts again from the beginning. On the other hand, if no action such as turning off the power of wearable device 1 is performed, the result will be NO, and the process will return to S1, repeating the series of actions.
[0095] (S6) In S6, the wearable terminal 1 uses the encryption unit 14 to perform a first generation process that generates encrypted biometric information by encrypting at least the measurement data acquired by the biometric information acquisition unit 13 and the biometric information including the date and time of acquisition of the measurement data based on the encryption key, and then proceeds to S7.
[0096] Furthermore, since the processing in S6 is based on a single measurement taken most recently, the data capacity of the biometric information to be encrypted is small, and therefore the data capacity of the encrypted biometric information is also small, for example, around 40 bytes or less.
[0097] (S7) In S7, the wearable terminal 1 performs a first transmission process, which involves broadcasting (transmitting) first data, which has identification information added to encrypted biometric information, to unspecified devices within the short-range communication area CA (see Figure 1), and then proceeds to S5.
[0098] Then, repeater 2, located within the short-range communication area CA (see Figure 1), receives the first data, and repeater 2 performs a transmission process to send the received first data to server 3.
[0099] Then, when server 3 receives the first data transmitted from relay 2, it refers to user management unit 34B to obtain the decryption key for wearable terminal 1 of the identification information of the first data, and uses the decryption unit 33 to decrypt the encrypted biometric information of the first data according to the obtained decryption key, thereby executing a decryption process that decrypts the encrypted biometric information of the first data back into biometric information.
[0100] Subsequently, based on the identification information of the first data, Server 3 records the biometric information obtained through decryption into the user's file in the biometric information storage unit 34A, where the identification information of the biometric information storage unit 34A is the same as the identification information of the data.
[0101] In other words, based on the identification information, server 3 performs a storage process to store the biometric information acquired through decryption in the biometric information storage unit 34A, for each user wearing the device.
[0102] As explained earlier, if the determination in S5 is NO, the process returns to S1 and the series of operations is repeated. Therefore, as long as it is not the predetermined timing (while S2 is NO), the first transmission process (S7) that transmits the first data will be performed repeatedly.
[0103] In the flowchart in Figure 8, since the detection of repeater 2 is determined in S1, the first generation process (S6) and the first transmission process (S7) are performed only if repeater 2 is within the short-range communication area CA (see Figure 1).
[0104] However, as explained earlier, since the first data has a small data capacity, less power is required to perform the first generation process (S6) and the first transmission process (S7). Therefore, regardless of whether the repeater 2 is detected or not, the processes S6 and S7 may be performed periodically.
[0105] Furthermore, in the first embodiment, encryption is performed in the first generation process of S6. However, since the data transmitted in the first transmission process has a small data capacity and the wearer can only be identified on the server 3 side, this encryption process may be omitted, and the first data may be biometric information with identification information added. In this case, the decryption on the server 3 described above can be omitted. However, from the perspective of achieving higher security in terms of preventing the leakage of personal information to third parties, encryption is preferable.
[0106] <<Second Embodiment>> Next, we will describe a management system 100 that enables the automatic connection of the wearable terminal 1 and the relay device 2 according to the second embodiment and the transmission of biometric information.
[0107] Since the basic configuration of the management system 100 of the second embodiment is the same as that of the management system 100 of the first embodiment, the following will mainly describe the differences from the management system 100 of the first embodiment, and will omit explanations of similar points.
[0108] The wearable terminal 1 of the second embodiment includes, in addition to the configuration shown in Figure 2, a connection key generation unit that generates a connection key.
[0109] Furthermore, instead of the connection key stored in the memory unit 12, a first key is stored that is assigned to each version of the software (application) corresponding to the management system 100 of the wearable terminal 1.
[0110] Then, the connection key generation unit generates an obfuscated connection key using the encryption key and the first key. One specific example of obfuscation is hashing based on a hash function. In the second embodiment, the connection key generation unit generates an obfuscated connection key by hashing the sum of the encryption key and the first key based on a hash function.
[0111] Furthermore, the key registered as the connection key for the user management unit 34B of server 3 is also an obfuscated key using the encryption key and the first key. In the second embodiment, as described above, the connection key for the user management unit 34B of server 3 is a key that is hashed after adding the encryption key and the first key together.
[0112] In other words, the connection key differs from the first embodiment in that it is an obfuscated key using the encryption key and the first key.
[0113] Then, when the wearable device 1 updates the software version compatible with the management system 100 of the wearable device 1, it acquires a new first key.
[0114] Furthermore, during this update, wearable device 1 obtains a new encryption key from server 3 to update the encryption key set for each wearable device 1.
[0115] In this way, since the encryption key and primary key used to generate the connection key are updated periodically, the connection key itself is also changed periodically, which enhances security compared to continuing to use the same connection key.
[0116] Furthermore, updating the encryption key enhances the security of the first outgoing process, as explained in S7.
[0117] The wearable terminal 1 may generate a connection key using the connection key generation unit when a connection key is needed. Alternatively, the connection key generation unit may generate a connection key only once when the encryption key and the first key are updated, and store the generated connection key in the storage unit 12. Then, when a connection key is needed, the connection key stored in the storage unit 12 may be used.
[0118] <<Third Embodiment>> As explained earlier, repeater 2 may be a device 2A, such as a typical smartphone or tablet, with software compatible with the management system 100 installed on it.
[0119] In the first embodiment, we have described the case where MAC addresses are used as identification information. However, in recent years, in order to prevent the tracking of user behavior and device connections and to protect privacy, some smartphone and tablet models have been developed that have a function to randomize MAC addresses.
[0120] Addresses generated by randomizing MAC addresses in this way are called random MAC addresses, etc. Incidentally, MAC addresses generated by randomizing MAC addresses are sometimes called private MAC addresses.
[0121] Therefore, depending on the model of the smartphone or tablet used as repeater 2, in addition to the configuration shown in Figure 4, repeater 2 may also be equipped with a change processing unit (e.g., a randomization function) that generates modified identification information (e.g., a random MAC address) by changing the identification information (e.g., MAC address).
[0122] In this case, if the relay device 2 is equipped with a modification processing unit, the relay device 2 sends the first data, which is encrypted biometric information transmitted by the wearable terminal 1 in the first transmission process with identification information added, to the server 3 as modified first data with modified identification information added to the encrypted identification information.
[0123] In this case, since server 3 receives the first modified data, which has modified identification information added to the encrypted identification information, even if the user management unit 34B has registered identification information to identify wearable terminal 1, a problem arises in that it cannot determine which wearable terminal 1 the first modified data is from.
[0124] Therefore, in the third embodiment, a management system 100 that addresses these problems will be described. Since the basic configuration of the management system 100 of the third embodiment is the same as that of the management system 100 of the first embodiment, the following will mainly describe the differences from the management system 100 of the first embodiment, and will omit explanations of similar points.
[0125] First, as explained earlier, the third embodiment differs from the first embodiment in that, in addition to the configuration of the repeater 2 of the first embodiment, the repeater 2 is further equipped with a change processing unit (e.g., randomization function) that generates modified identification information (e.g., random MAC address) by changing the identification information (e.g., MAC address).
[0126] Furthermore, the user management unit 34B of the third embodiment includes, in addition to identification information (e.g., MAC address) for identifying the wearable terminal 1, or, in place of the identification information for identifying the wearable terminal 1, obfuscated identification information obtained by obfuscating the identification information for identifying the wearable terminal 1.
[0127] For example, one method of obfuscation is hashing using a hash function. In this case, the obfuscated identification information is hashed identification information (e.g., a hashed MAC address) obtained by hashing the identification information that identifies wearable device 1 (e.g., a MAC address) using a hash function.
[0128] In other words, server 3 is equipped with a user management unit 34B that registers obfuscated identification information (e.g., a hashed MAC address) which is an obfuscated version of the identification information (e.g., MAC address) used to identify the wearable device 1 in association with the user wearing it.
[0129] Furthermore, in the third embodiment, the biometric information storage unit 34A's file for each wearer contains, in addition to identification information that identifies the wearable terminal 1 (e.g., MAC address), or, in place of the identification information that identifies the wearable terminal 1, obfuscated identification information (e.g., hashed MAC address) that obfuscates the identification information that identifies the wearable terminal 1.
[0130] Furthermore, the wearable terminal 1 stores obfuscated identification information (for example, a hashed MAC address) registered in the user management unit 34B during shipment in the storage unit 12. In other words, wearable device 1 is equipped with obfuscated identification information, which is an obfuscated version of the identification information used to identify wearable device 1.
[0131] Furthermore, the wearable terminal 1 may be configured to include an obfuscation unit and, if necessary, generate obfuscated identification information by obfuscating the identification information. Alternatively, as described above, if the obfuscation is hashing, the wearable terminal 1 may be configured to include a hashing unit that hashes using a hash function and, if necessary, generate hashed identification information by hashing the identification information.
[0132] Next, the overall operation of the management system 100 of the third embodiment will be explained, mainly with reference to a flowchart illustrating the operation of the wearable terminal 1. Here, as with the first embodiment, we will mainly describe the operation of the wearable terminal 1, while also explaining the operations of the repeater 2 and server 3 that occur in conjunction with its operation.
[0133] Figure 9 is a flowchart illustrating the operation of the wearable terminal 1 according to the third embodiment of the present invention, and corresponds to Figure 8. In Figure 9, the step numbers are the same as those described in the first embodiment with reference to Figure 8. The main differences are that "S3" has become "S3'" and "S8" has been added. Therefore, the following explanations will primarily focus on the differences, and explanations of similarities may be omitted.
[0134] (S3') In S3, as explained with reference to Figure 8, the wearable terminal 1 sent a communication connection request with added identification information. In the third embodiment, the wearable terminal 1 performs a request transmission process to send a communication connection request to the repeater 2 that includes obfuscated identification information (e.g., hashed identification information) obtained by obfuscating (e.g., hashing) the identification information.
[0135] More specifically, as explained earlier, in the case of a MAC address to which identification information is automatically added at the time of transmission, in S3', the wearable terminal 1 performs a request transmission process to send a communication connection request to the repeater 2 that includes a hashed MAC address (obfuscated identification information) with the MAC address (identification information) added, and then proceeds to S4. In other words, in S3', the wearable terminal 1, in the request transmission process, sends data for a communication connection request that has obfuscated identification information (hashed MAC address in this example) and a communication connection request in the data area, and identification information (MAC address in this example) in the header.
[0136] When relay 2 receives a communication connection request, it forwards (sends) the received communication connection request to server 3, thereby notifying server 3 that a communication connection request has been made from wearable terminal 1. However, since the modification processing unit (randomization function in this example) of relay 2 only changes the header's identification information (MAC address in this example) to modified identification information (random MAC address in this example), the obfuscated identification information (hashed MAC address in this example) in the data area remains unchanged when the communication connection request is sent to server 3.
[0137] Therefore, when server 3 receives a forwarded (transmitted) communication connection request, it refers to user management unit 34B to obtain the connection key of wearable terminal 1 from the obfuscated identification information included in the communication connection request, and executes a connection key transmission process to send the connection key of wearable terminal 1 corresponding to the obfuscated identification information of the communication connection request to relay unit 2, which received the communication connection request.
[0138] Then, similar to the first embodiment, in S4, the wearable terminal 1 performs a connection transmission process to send the stored biometric information to the server 3 via the relay 2, which is in a communication connection state. In this case as well, similar to the first embodiment, identification information is added to the accumulated biological information.
[0139] Here, at the repeater 2, the identification information is changed to modified identification information, and the server 3 receives data with the modified identification information added to the stored biometric information. However, the modified identification information itself does not change every time; it remains unchanged for a certain period of time. Therefore, as long as communication is ongoing while the communication connection is active, if the identification information is the same, the modified identification information will also be the same.
[0140] Therefore, based on the obfuscated identification information of the communication connection request to which the same change identification information as the change identification information attached to the received biometric information is attached, the server 3 records the biometric information in the biometric information storage unit 34A to the user's file to which the obfuscated identification information is the same as the data's obfuscated identification information. In other words, server 3 performs a storage process in the biometric information storage unit 34A to store the biometric information transmitted during the connection transmission process, for each user wearing the device.
[0141] In addition, in S4, the wearable terminal 1 may transmit biometric information that has been added to the stored biometric information, and the server 3 may record the biometric information in the biometric information storage unit 34A in a file of the wearer whose obfuscated identification information is the same as the data's obfuscated identification information, based on the obfuscated identification information added to the biometric information.
[0142] On the other hand, the above describes a case where the repeater 2 is equipped with a change processing unit that generates modified identification information by changing the identification information. However, some smartphones and tablet devices used as repeater 2 may not have a change processing unit.
[0143] In this case, since the relay 2 does not have a modification processing unit, it does not perform the process of changing the identification information to the modified identification information. Therefore, the server 3 receives data in which the identification information has been added to the information that has been stored as biometric information plus obfuscated identification information. In other words, it receives data that contains biometric information and obfuscated identification information in the data area, and identification information in the header.
[0144] Therefore, server 3 can determine, based on the identification information, which user's biometric information it belongs to.
[0145] However, if the server 3 were to determine whether or not the repeater 2 has a change processing unit and change the processing content accordingly, the system would become complicated. Therefore, it is best for the server 3 to perform the same processing as if the repeater 2 had a change processing unit, even if the repeater 2 does not.
[0146] In this case, the same processing can be performed by replacing the changed identification information in the description section of Server 3 from S3' onwards with the identification information. Specifically, Server 3 should record the biometric information in the obfuscated identification information of the communication connection request to which the same identification information as the identification information attached to the received biometric information is attached, in a file of the wearer whose obfuscated identification information in the biometric information storage unit 34A is the same as the obfuscated identification information of the data.
[0147] On the other hand, the processing of the wearable terminal 1 in S6 and S7 is the same as the processing of the wearable terminal 1 in S6 and S7 of the first embodiment. In other words, in the first transmission process of S7, the wearable terminal 1 performs a first transmission process in which it broadcasts (transmits) first data, which has identification information added to encrypted biometric information, to unspecified devices within the short-range communication area CA (see Figure 1).
[0148] However, if the repeater 2 is equipped with a modification processing unit (randomization function in this example) that generates modified identification information (random MAC address in this example) by changing the identification information (MAC address in this example), the repeater 2, upon receiving the first data, executes a first transmission process to send the modified first data, which has the modified identification information added to the encrypted biometric information, to the server 3.
[0149] Server 3 then receives the first change data, but since the identification information has been changed to the changed identification information, it is not possible to identify the wearer. Therefore, in the third embodiment, as shown in Figure 9, the wearable terminal 1 proceeds from S7 to S8.
[0150] (S8) In S8, wearable terminal 1 performs a second transmission process, which involves broadcasting second data—obfuscated identification information (hashed MAC address in this example), which is obtained by obfuscating (hashing in this example) the identification information that identifies wearable terminal 1 (MAC address)—to unspecified devices within the short-range communication area CA (see Figure 1), and then proceeds to S5.
[0151] In other words, a second data is transmitted from wearable device 1, which has obfuscated identification information (a hashed MAC address in this example) in its data area and identification information (a MAC address in this example) in its header.
[0152] When this happens, relay 2 will receive the second data. Upon receiving this second data, it will change the identification information (MAC address in this example) to modified identification information (random MAC address in this example). Therefore, relay 2 will perform a second transmission process to send the modified second data, which has the modified identification information (random MAC address in this example) added to the obfuscated identification information (hashed MAC address in this example), to server 3.
[0153] In other words, the relay 2 transmits a modified second data, which has obfuscated identification information (a hashed MAC address in this example) in the data area and modified identification information (a random MAC address in this example) in the header.
[0154] Therefore, server 3 will receive the modified second data, which has modified identification information (a random MAC address in this example) added to the obfuscated identification information (a hashed MAC address in this example).
[0155] As explained earlier, for a certain period of time, if the identification information is the same, the changed identification information will also be the same.
[0156] Therefore, Server 3 obtains the decryption key for Wearable Terminal 1 corresponding to the obfuscated identification information based on the modification identification information of the first modified data and the modification identification information of the second modified data, and executes a decryption process to decrypt the encrypted biometric information of the first modified data back into biometric information.
[0157] Furthermore, based on the change identification information of the first and second change data and the obfuscated identification information of the second change data, server 3 records biometric information in the biometric information storage unit 34A to the user's file whose obfuscated identification information is the same as the obfuscated identification information of the second change data. In other words, server 3 performs a storage process in the biometric information storage unit 34A to store biometric information obtained through decryption, for each user wearing the device.
[0158] In the above explanation, we described the case where the first transmission process is performed once, followed by the second transmission process once. However, since the second data transmitted in the second transmission process does not contain biometric information, it is also possible to perform the first transmission process multiple times before performing the second transmission process in order to improve the efficiency of data processing.
[0159] In other words, the first generation process in step S6 and the first transmission process in step S7 may be performed multiple times as a set, and after transmitting the first data multiple times, the second transmission process in S8 may be performed once to transmit the second data.
[0160] On the other hand, the above describes a case where the repeater 2 is equipped with a change processing unit that generates modified identification information by changing the identification information. However, some smartphones and tablet devices used as repeater 2 may not have a change processing unit.
[0161] In this case, since there is no modification processing unit, the relay 2 does not perform the process of changing the identification information to the modified identification information. Therefore, the relay 2 performs a transmission process that sends the received first data and second data to the server 3 as they are.
[0162] Therefore, since server 3 receives the first data transmitted by wearable terminal 1 in its original state, it is possible to determine which wearer's biometric information the first data belongs to based on the identification information of the received first data, without having to refer to the received second data.
[0163] Therefore, the server 3 can also store biometric information obtained through decryption in the biometric information storage unit 34A, based on the identification information of the first data, for each user wearing the device.
[0164] However, as explained earlier, if the server 3 were to determine whether or not the repeater 2 has a change processing unit and change the processing content accordingly, the system would become complicated. Therefore, it is best for the server 3 to perform the same processing as if the repeater 2 had a change processing unit, even if the repeater 2 does not.
[0165] In other words, even when performing a transmission process that sends the first data and second data received by the repeater 2 directly to the server 3, the same process can be performed by replacing the modified first data, modified second data, and modified identification information in the explanation section of the server 3 from S8 onwards with the first data, second data, and identification information.
[0166] Specifically, the server 3 obtains a decryption key for the wearable terminal 1 corresponding to the obfuscated identification information based on the identification information of the first data and the second data, and the obfuscated identification information of the second data, and performs a decryption process to decrypt the encrypted biometric information of the first data back into biometric information. The server 3 also records the biometric information in the biometric information storage unit 34A to the wearer's file where the obfuscated identification information is the same as the obfuscated identification information of the second data, based on the identification information of the first data and the second data, and the obfuscated identification information of the second data. In other words, server 3 performs a storage process in the biometric information storage unit 34A to store biometric information obtained through decryption, for each user wearing the device.
[0167] Although the present invention has been described above based on specific embodiments, the present invention is not limited to the above embodiments.
[0168] For example, in the third embodiment, as described in the second embodiment, the wearable terminal 1 may be equipped with a first key, and the connection key may be obfuscated using the encryption key and the first key, for example, by summing the encryption key and the first key and then hashing them.
[0169] Thus, the present invention includes modifications and improvements to its embodiments, which is evident to those skilled in the art from the claims. [Explanation of symbols]
[0170] 1... Wearable terminal, 11, 23, 32... Control unit, 12, 24, 34... Memory unit, 13... Biometric information acquisition unit, 14... Encryption unit, 15... First short-range wireless communication unit, 2... Repeater, 2A... Equipment, 2B... Light bulb, 21... Second communication unit, 22... Second short-range wireless communication unit, 3... Server, 31... Third communication unit, 33... Decryption unit, 34A... Biometric information storage unit, 34B... User management unit, 4... Reception permission terminal, 100... Management system, BS1, BS2, BS3... Bus
Claims
1. A management system that enables the automatic connection of wearable devices and relay devices to transmit biometric information, The aforementioned management system is A relay device that relays information between the wearable device and the server, The wearable terminal can communicate with the relay using a connection key, The server transmits the connection key to the relay, The aforementioned wearable device is A biometric information acquisition unit that acquires the biometric information of the wearer, It comprises a first short-range wireless communication unit capable of communicating with devices within a short-range communication area, The aforementioned repeater is, A second communication unit capable of communicating with the aforementioned server, The system comprises the first short-range wireless communication unit and the second short-range wireless communication unit capable of communicating within the short-range communication area, The aforementioned server, A third communication unit capable of communicating with the aforementioned repeater, A biological information storage unit that manages the aforementioned biological information, The system includes a user management unit that registers identification information to identify the wearable device in association with the user wearing it, The aforementioned wearable device is A storage process for storing the acquired biological information, The system performs a request transmission process that, at a predetermined timing, sends a communication connection request to the relay device to which the identification information has been added. The server executes a connection key transmission process to transmit the connection key of the wearable terminal corresponding to the identification information of the communication connection request to the relay that received the communication connection request. When the relay device receives the connection key, it automatically initiates a communication connection between the wearable terminal and the relay device. The wearable terminal performs a connection transmission process to send the stored biometric information to the server via the relay device which is in a communication connection state. The management system is characterized in that the server performs a storage process in the biometric information storage unit to store the biometric information transmitted in the connection transmission process, for each user wearing the device.
2. The aforementioned wearable device is The encryption key and The system comprises an encryption unit that encrypts based on the aforementioned encryption key, The server includes a decryption unit that performs decryption corresponding to the encryption key, The aforementioned wearable device is A first generation process that generates encrypted biometric information by encrypting the acquired biometric information, The first transmission process involves transmitting, via broadcast communication, first data obtained by adding the identification information to the encrypted biometric information, to an unspecified device within a short-range communication area. The relay device performs a transmission process to send the received first data to the server. The aforementioned server, A decryption process that decrypts the encrypted biometric information of the first data back into the biometric information, The management system according to claim 1, characterized in that, based on the identification information, it performs a storage process in the biometric information storage unit to store the biometric information obtained by decoding, for each user wearing the device.
3. The wearable device is equipped with a first key, The management system according to claim 2, characterized in that the connection key is obfuscated using the encryption key and the first key.
4. A management system that enables the automatic connection of wearable devices and relay devices to transmit biometric information, The aforementioned management system is A relay device that relays information between the wearable device and the server, The wearable terminal establishes a communication connection with the relay using a connection key, The system comprises a server that transmits the connection key to the relay that communicates with the wearable terminal, The aforementioned wearable device is A biometric information acquisition unit that acquires the biometric information of the wearer, It comprises a first short-range wireless communication unit capable of communicating with devices within a short-range communication area, The aforementioned repeater is, A second communication unit capable of communicating with the aforementioned server, The system comprises the first short-range wireless communication unit and the second short-range wireless communication unit capable of communicating within the short-range communication area, The aforementioned server, A third communication unit capable of communicating with the aforementioned repeater, A biological information storage unit that manages the aforementioned biological information, The system includes a user management unit that registers obfuscated identification information, which is an obfuscated version of the identification information used to identify the wearable device in association with the user wearing it. The aforementioned wearable device is A storage process for storing the acquired biological information, The system performs a request transmission process that, at a predetermined timing, transmits a communication connection request to the relay device, which includes obfuscated identification information obtained by obfuscating the identification information. The server executes a connection key transmission process to send the connection key of the wearable terminal corresponding to the obfuscated identification information of the communication connection request to the relay that received the communication connection request. When the relay device receives the connection key, it automatically initiates a communication connection between the wearable terminal and the relay device. The wearable terminal performs a connection transmission process to send the stored biometric information to the server via the relay device which is in a communication connection state. The management system is characterized in that the server performs a storage process in the biometric information storage unit to store the biometric information transmitted in the connection transmission process, for each user wearing the device.
5. The aforementioned wearable device is The encryption key and The system comprises an encryption unit that encrypts based on the aforementioned encryption key, The server includes a decryption unit that performs decryption corresponding to the encryption key, The aforementioned wearable device is A first generation process that generates encrypted biometric information by encrypting the acquired biometric information, A first transmission process involves transmitting, via broadcast communication, the first data, which has the identification information added to the encrypted biometric information, to an unspecified device within a short-range communication area. The process involves performing a second transmission process, which involves adding the identification information to the obfuscated identification information, which is an obfuscated version of the identification information used to identify the wearable device, and transmitting this second data via broadcast communication to an unspecified device within the short-range communication area. The relay device performs a transmission process to send the received first data and the second data to the server. The aforementioned server, A decryption process that decrypts the encrypted biometric information of the first data back into the biometric information, The management system according to claim 4, characterized in that, based on the identification information of the first data and the obfuscated identification information of the second data, a storage process is performed to store the biometric information acquired by decoding in the biometric information storage unit for each wearer.
6. The aforementioned wearable device is The encryption key and The system comprises an encryption unit that encrypts based on the aforementioned encryption key, The server includes a decryption unit that performs decryption corresponding to the encryption key, The relay further includes a change processing unit that generates modified identification information obtained by changing the identification information, The aforementioned wearable device is A first generation process that generates encrypted biometric information by encrypting the acquired biometric information, A first transmission process involves transmitting, via broadcast communication, the first data, which has the identification information added to the encrypted biometric information, to an unspecified device within a short-range communication area. The process involves performing a second transmission process, which involves adding the identification information to the obfuscated identification information, which is an obfuscated version of the identification information used to identify the wearable device, and transmitting this second data via broadcast communication to an unspecified device within the short-range communication area. The aforementioned repeater is, Upon receiving the first data, a first transmission process is performed to send modified first data, which is the encrypted biometric information with the modified identification information added, to the server. Upon receiving the second data, the system performs a second transmission process, which involves sending modified second data to the server, in which the modified identification information is added to the obfuscated identification information. The aforementioned server, A decryption process that decrypts the encrypted biometric information of the modified first data back into the biometric information, The management system according to claim 4, characterized in that it performs a storage process in the biometric information storage unit, for each user wearing the device, based on the modified first data, the modified identification information of the modified second data and the obfuscated identification information of the modified second data, and stores the biometric information obtained by decoding in the biometric information storage unit.
7. The wearable device is equipped with a first key, The management system according to claim 5 or 6, characterized in that the connection key is obfuscated using the encryption key and the first key.
8. The management system according to claim 5 or 6, characterized in that the wearable terminal performs the second transmission process after performing the first transmission process multiple times.