Monitoring system, monitored terminal, information processing device, information processing method, and program

The monitoring system addresses the challenge of inactive devices by enabling identity verification and communication through QR codes or IC tags, ensuring timely protection and reducing device load, thus overcoming the limitations of conventional systems.

JP2026109590APending Publication Date: 2026-07-01MIXI INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
MIXI INC
Filing Date
2025-12-16
Publication Date
2026-07-01

Smart Images

  • Figure 2026109590000001_ABST
    Figure 2026109590000001_ABST
Patent Text Reader

Abstract

This system provides a monitoring system that allows a third party to verify the identity of the person being monitored, even when the monitored device is inactive. [Solution] The monitoring system comprises a server 30, a monitoring terminal 20, and a monitored terminal 10. The monitoring terminal 20 receives input of the monitored person's identity information and transmits it to the server 30. The server 30 comprises a data management unit that stores the identity information in a memory unit in association with the terminal identification information of the monitored terminal 10, and an identity information output unit that receives access from a client terminal 50 based on the terminal identification information and outputs the corresponding identity information. The monitored terminal 10 holds access information (two-dimensional code or URL information stored in an IC tag) used to access the server 30 in a manner that can be read from the outside even when it is not operational. As a result, even if the battery of the monitored terminal 10 is dead, a third party who finds the monitored person can confirm their identity information.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present disclosure relates to a monitoring system, a monitored terminal, an information processing device, an information processing method, and a program, and particularly relates to a technology that enables identification of the identity of a monitored person.

Background Art

[0002] Conventionally, there has been known a monitoring system including a small terminal (monitored terminal) possessed by a monitored person such as a child or an elderly person, a terminal (monitoring terminal) used by a monitor such as a guardian or a caregiver, and a server that mediates communication between these terminals. In such a monitoring system, the location information of the monitored terminal is transmitted to the monitoring terminal via the server, enabling the monitor to confirm the whereabouts of the monitored person.

[0003] There is also a monitoring system having a function of transmitting and receiving voice messages and text messages between the monitored terminal and the monitoring terminal via the server, which supports communication between the monitored person and the monitor.

Prior Art Documents

Patent Documents

[0004]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0005] Particularly in the case of the elderly, due to the decline in cognitive function associated with aging and the onset of dementia, they may get lost in places where they do not usually go or become missing due to wandering. When monitoring such a monitored person who may get lost or go missing with a monitoring system, while the monitored terminal is activated, the location information of the monitored terminal is periodically transmitted to the monitoring terminal, so that the whereabouts of the monitored person can be confirmed on the monitoring terminal.

[0006] However, if the monitoring device's battery runs out while the person being monitored is lost, causing the device to become inoperable (powered off), and the person being monitored moves around due to wandering or other reasons while in this state, it becomes difficult to ascertain the person's location from the monitoring device. Furthermore, when the monitoring device is inoperable, it is not possible to use the voice messaging function to contact the person being monitored.

[0007] In such situations, if a third party who discovers and protects the person being cared for (e.g., a police officer, medical professional, or member of the public) can confirm the person's identity, they can contact the caregiver or take the person to an appropriate location.

[0008] Therefore, one of the purposes of this disclosure is to provide a monitoring system, a monitoring terminal, an information processing device, an information processing method, and a program that enable a third party to verify the identity of the person being monitored, even when the monitoring terminal is inactive. [Means for solving the problem]

[0009] To achieve the above objective, a monitoring system according to one aspect of the present disclosure is a monitoring system comprising a server, a monitoring terminal, and a monitored terminal, wherein the monitoring terminal receives input of identity information indicating the identity of a person being monitored and transmits the identity information to the server, the server comprises a data management unit that stores the identity information received from the monitoring terminal in a storage unit in association with terminal identification information that identifies the monitored terminal, and an identity information output unit that receives access from a client terminal based on the terminal identification information and outputs the identity information corresponding to the access to the client terminal, and the monitored terminal holds access information used to access the server in a manner that can be read from the outside even when the monitored terminal is inactive. [Effects of the Invention]

[0010] According to one aspect of this disclosure, even when the monitored terminal is inactive, it is possible to obtain the identity information of the monitored person from a third-party client terminal via access information stored on the monitored terminal. This allows a third party who finds and protects a lost or missing monitored person to verify the person's identity and take appropriate protective measures, such as contacting the caregiver.

[0011] The effects described above are merely examples of effects obtainable by the embodiments of the present invention, and the effects obtainable by the present invention are not limited to these. Furthermore, in some embodiments of the present invention, some of the above effects may not be obtained, but even in such cases, the invention is not excluded from the technical scope of the present invention. [Brief explanation of the drawing]

[0012] [Figure 1] This is a conceptual diagram showing the overall configuration of the monitoring system according to this embodiment. [Figure 2] This is a block diagram showing the hardware configuration of the monitored terminal according to this embodiment. [Figure 3] This block diagram shows the hardware configuration of the server according to this embodiment. [Figure 4] This is a block diagram showing the hardware configuration of the monitoring terminal according to this embodiment. [Figure 5] This is a functional block diagram showing the functional configuration of the monitored terminal according to this embodiment. [Figure 6] This is a functional block diagram showing the functional configuration of the server according to this embodiment. [Figure 7] This is a functional block diagram showing the functional configuration of the application for the monitoring terminal according to this embodiment. [Figure 8] This figure shows the structure of the identity information management database according to this embodiment. [Figure 9] This is a sequence diagram of the identity information registration process according to this embodiment. [Figure 10] This is a sequence diagram of the identity information inquiry process according to this embodiment. [Figure 11] This is a sequence diagram of the identity verification notification process according to this embodiment. [Figure 12] This is a diagram showing an example of the appearance of the monitored terminal according to this embodiment. [Figure 13] This is a diagram showing an example of the identity information input screen of the monitoring terminal according to this embodiment. [Figure 14] This is a diagram showing an example of the identity information display screen on the client terminal according to this embodiment. [Figure 15] This is a diagram showing an example of the identity verification notification screen of the monitoring terminal according to this embodiment. [Figure 16] This is a sequence diagram of the identity information registration process using the IC tag according to this embodiment. [Figure 17] This is a conceptual diagram of the two-dimensional code method according to this embodiment. [Figure 18] This is a conceptual diagram of the IC tag method according to this embodiment. [Figure 19] This is a sequence diagram of the identity information verification process according to this embodiment. [Figure 20] This is a diagram showing the structure of the identity verification record database according to this embodiment. [Figure 21] This is a diagram showing the structure of the facility location database according to this embodiment. [Figure 22] This is a diagram showing an example of the photographed image request screen on the client terminal according to this embodiment.

Mode for Carrying Out the Invention

[0013] Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings. Note that the embodiments described below are examples of the present disclosure, and the present disclosure is not limited to these embodiments. <1. System Overview> (1.1 Basic Concept)

[0014] The monitoring system according to this embodiment is a system that supports the confirmation of the location and safety management of persons being monitored, such as children and the elderly. In particular, it provides a function that allows a third party who finds and protects a person being monitored to confirm the identity of that person, even if the monitored terminal is in an inactive state (powered off due to battery depletion, etc.).

[0015] The core technological concept of this system is to allow the monitored terminal to store access information used to access the server in a manner that is readable from the outside, even when the monitored terminal is not receiving power. This access information may be URL information encoded in a two-dimensional code (such as a QR code) printed on the casing of the monitored terminal, or it may be URL information stored in an IC tag (such as an NFC tag or RFID tag) built into the monitored terminal.

[0016] In particular, this system functions as a solution to the problem of elderly people going missing, which is estimated to affect approximately 18,000 people annually. Even if the battery of a monitoring device carried by an elderly person who has wandered off due to dementia or other reasons runs out, a third party such as a police officer or medical professional who finds and protects the person can access their identity information via the QR code or IC tag on the monitoring device and take appropriate protective measures. (1.2 Technical Effects)

[0017] This system provides the following technical benefits:

[0018] (a) Identity verification independent of the power status of the monitored device: Even when the battery of the monitored device is depleted and the power is turned off, identity information can be accessed via a 2D code or IC tag printed on the casing. This makes it possible to support the protection of the monitored person even in situations such as "going missing after the battery runs out," which was difficult to handle with conventional monitoring systems.

[0019] (b) Balancing privacy and security: Identity information is managed on the server side and output only after appropriate authentication processing (verification of terminal identification information, confirmation of location information, request for captured images, etc.), thus preventing unauthorized access. Through multi-layered security mechanisms such as two-factor authentication, location-based restrictions, and identity verification processing, identity information can be disclosed only when necessary while protecting the privacy of the person being monitored.

[0020] (c) Real-time notification to caregivers: When identity information is checked, a notification is sent to the monitoring device, allowing caregivers to quickly understand that the person being cared for has been found safe. The notification can also include the location information of the check, allowing caregivers to quickly rush to the person's location.

[0021] (d) Optimization of processing load: Since identity information is centrally managed on the server side, the processing load on the monitored terminal can be reduced. In addition, updating identity information is completed simply by changing the database on the server side, so there is no need to directly access the monitored terminal, which improves operational efficiency.

[0022] (e) Reduction of communication volume: The identity information inquiry process is completed with only an HTTP request from the client terminal to the server and a response (identity information display screen) from the server to the client terminal, thus minimizing the amount of communication. (1.3 Specific Application Examples)

[0023] The following are some specific examples of applications for this system.

[0024] (a) Protection of elderly people with dementia: A police officer who finds an elderly person with dementia who has wandered off and gotten lost will scan the QR code on the monitoring device with a smartphone to confirm their identity and contact their family. The identity information will also include medical history and medication information, so appropriate measures can be taken if medical considerations are needed.

[0025] (b) Protection of lost children: When a facility staff member finds a lost child, they hold their smartphone over the monitoring device to read the IC tag and confirm the contact information of the guardian. Even if the child is unable to communicate effectively, the appropriate contact information can be obtained from their identity information.

[0026] (c) Use in emergency medicine: Medical personnel transporting an unconscious elderly person can obtain identification information from the monitoring device, confirm medical history and emergency contact information, and take appropriate action. Including allergy information in the identification information can reduce the risk of medical errors.

[0027] (d) Safety confirmation during disasters: In the event of a large-scale disaster, local government officials who have taken custody of a person under their care at an evacuation center or similar location will obtain identification information from the person's device and contact the person under their care or register their safety status. (1.4 Definition of terms)

[0028] The main terms used in this specification are defined as follows:

[0029] "Persons requiring supervision" refers to children, the elderly, people with disabilities, and others who require or would like supervision from others. This category particularly includes individuals with dementia, intellectual disabilities, and autism spectrum disorder, who may have difficulty returning home on their own.

[0030] A "guardian" refers to a person who is in a position to look after the person being looked after, such as a guardian, caregiver, or family member. The guardian is the entity that registers the identity information of the person being looked after and receives identity verification notifications.

[0031] A "monitored device" refers to a small device possessed or carried by a person being monitored, equipped with location information transmission and communication functions. A monitored device can take the form of a child's mobile phone, a monitoring GPS device, a smartwatch, or similar.

[0032] A "monitoring device" is a device used by the caregiver, typically a smartphone or tablet. The monitoring device has a dedicated application installed and provides functions such as location tracking, message sending and receiving, and registration of identity information.

[0033] A "client terminal" is a device used by a third party who has found and protected the person under their care, and is used to verify the person's identity. Client terminals include smartphones and other devices owned by police officers, medical professionals, and members of the public.

[0034] "Identity information" refers to information used to identify or confirm the identity of the person being cared for, such as their name, age, address, emergency contact information, medical history, and any other special notes. This identity information is registered by the caregiver and stored on the server.

[0035] "Terminal identification information" refers to information used to uniquely identify a monitored terminal, and includes the manufacturing number, serial number, IMEI (International Mobile Equipment Identity), etc. Terminal identification information may be printed or engraved on the casing of the monitored terminal.

[0036] "Access information" refers to information used to access a server from a client terminal and obtain identity information, and includes URL information, etc. Access information is maintained in a manner that allows it to be read externally even when the monitored terminal is inactive.

[0037] "Non-operational state" refers to a state in which the monitored device is not receiving power and its processor is not running. This includes situations where the battery is dead or the power is off. In a non-operational state, the monitored device cannot transmit location information or send / receive messages, but the QR codes and IC tags on the device can still be read. <2. System Configuration> (2.1 Overall Structure)

[0038] Figure 1 is a conceptual diagram showing the overall configuration of the monitoring system 1 according to this embodiment. The monitoring system 1 comprises a monitoring terminal 10 held by the person being monitored, a monitoring terminal 20 used by the caregiver, and a server 30 that mediates communication between these terminals and functions as the core for data management and service provision. Furthermore, in this embodiment, a client terminal 50 used by a third party who has discovered and protected the person being monitored accesses the server 30 to inquire about the identity information of the person being monitored.

[0039] The monitored terminal 10, the monitoring terminal 20, the server 30, and the client terminal 50 are each connected to each other via the network 40 so that they can communicate with one another. The network 40 is a wide-area communication network such as the Internet, and includes public mobile communication networks such as LTE (Long Term Evolution) and 5G (5th Generation Mobile Communication System), as well as Wi-Fi (Wireless Fidelity) access points.

[0040] This configuration allows the monitored terminal 10 and the monitoring terminal 20 to send and receive data to and from each other via the network 40 and server 30, even if they are geographically separated. Based on this client-server architecture, this system provides a foundation for stable monitoring services, ensuring high scalability to accommodate a large number of terminals (clients) simultaneously, and high reliability and availability through data backup, load balancing, and redundant configurations on the server side. (2.2 Role of each device)

[0041] The monitored terminal 10 is a small, lightweight device that the monitored person carries or possesses on a daily basis. The monitored terminal 10 has the function of acquiring its own location information using a positioning function such as GPS and transmitting the location information to the monitoring terminal 20 via the server 30. It also has the function of sending and receiving messages with the monitoring terminal 20 and the function of sending an SOS signal in an emergency. Furthermore, the monitored terminal 10 according to this embodiment holds access information used to access the server 30 in a manner that can be read from the outside even when it is not in operation.

[0042] The monitoring terminal 20 is a general-purpose communication terminal used by the caregiver to check on the situation of the person being monitored and to communicate with them, and is typically a smartphone or tablet device. The monitoring terminal 20 has a dedicated application installed and provides functions such as displaying the location information of the person being monitored, sending and receiving messages, registering identity information, and receiving identity verification notifications.

[0043] Server 30 functions as the backend of the monitoring system 1, receiving, storing, and analyzing data from each terminal, and performing necessary processing to provide services. Server 30 according to this embodiment includes a data management unit that stores the terminal identification information of the monitored terminal 10 and the identity information of the monitored person in a storage unit in association with each other, and an identity information output unit that outputs identity information in response to access from the client terminal 50.

[0044] The client terminal 50 is a terminal used by a third party (police officer, medical professional, ordinary citizen, etc.) who has found and protected the person being monitored, and is typically a smartphone. The client terminal 50 reads the access information (two-dimensional code or URL information stored in an IC tag) held on the monitored terminal 10, accesses the server 30, and obtains the identity information of the person being monitored. (2.3 System Configuration Flexibility)

[0045] The system configuration in this embodiment is merely an example, and the number and arrangement of components such as the server 30, monitoring terminal 20, and client terminal 50 can be appropriately changed according to the scale of the system and the required performance. Furthermore, the functions of each device can be implemented by distributing them across multiple physically separated devices, or by integrating them into a single device.

[0046] The system of this embodiment can be implemented in an on-premises environment, a cloud environment, or a hybrid environment. In a cloud environment, various cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform can be used, and it can support various execution environments such as virtual machines, containers, and serverless architectures.

[0047] Server 30 may consist of a single physical server, or it may consist of multiple physical or virtual servers for load balancing or redundancy. Regarding the database, various types of database management systems can be used, such as relational databases, NoSQL databases, and distributed databases. <3. Detailed Configuration of Each Device> (3.1 Hardware configuration of the monitored terminal)

[0048] Figure 2 is a block diagram showing the hardware configuration of the monitoring terminal 10. The monitoring terminal 10 is designed to be carried at all times by the person being monitored, especially active children and elderly people with dementia, and consists of a small, lightweight casing that fits in the palm of the hand. The casing is provided with a strap hole and other features to facilitate attachment to bags or clothing. The casing is made of impact-resistant polycarbonate (PC) or ABS (Acrylonitrile Butadiene Styrene) resin, and is designed to protect the internal electronic components from impacts that may occur in daily life.

[0049] The monitored terminal 10 includes a control unit (CPU) 13, memory 14, communication interface 15, GPS receiver 16, acceleration sensor 17, speaker 18, microphone 19, display unit 11, switch unit 12, external interface 21, and an internal bus 22 that connects these to each other.

[0050] The control unit 13 consists of a microprocessor unit (MPU) or SoC (System-on-a-Chip) containing one or more processor cores, and comprehensively controls the operation of the entire monitored terminal 10. In particular, since battery life is extremely important for this terminal, it is desirable that the control unit 13 adopt an architecture (for example, the ARM architecture) that achieves both high processing power and extremely low power consumption.

[0051] Memory 14 is a storage device for storing data necessary for programs and processes executed by the control unit 13. Memory 14 includes non-volatile memory such as ROM (Read Only Memory) and flash memory, and volatile memory such as RAM (Random Access Memory). The non-volatile memory stores the system's startup program (boot loader) and basic settings.

[0052] The communication interface 15 is a communication module for wireless connection with the network 40. For IoT devices like this terminal, adopting a communication module that supports low-power wide-area wireless communication (LPWA) standards, such as LTE-M or NB-IoT (NarrowBand-IoT), which minimize power consumption while achieving wide coverage, is extremely effective in enabling long-term continuous operation with the built-in battery.

[0053] The GPS receiver 16 receives signals from multiple satellite positioning systems (GNSS), including GPS satellites, such as Japan's "Michibiki (QZSS)," Russia's "GLONASS," and Europe's "Galileo," and calculates the location information (latitude and longitude) of the monitored terminal 10 based on the principle of triangulation.

[0054] The accelerometer 17 is a 3-axis accelerometer typically manufactured using MEMS (Micro Electro Mechanical Systems) technology, and it highly sensitively detects the static tilt of the device (detection of gravitational acceleration) as well as dynamic movements and impacts. The output of this sensor plays a crucial role in the device's intelligent functions, such as fall detection, motion AI-assisted positioning, and power-saving control.

[0055] The display unit 11 consists of a liquid crystal display (LCD) or an organic light-emitting diode (OLED) panel, etc., and presents visual information such as the time, icons, and message sender information to the user. The switch unit 12 is an input device that detects physical pressing operations by the user. The speaker 18 plays voice messages and warning sounds, and the microphone 19 records the user's voice.

[0056] The external interface 21 consists of a USB (Universal Serial Bus) Type-C connector, etc., and is used for charging the built-in battery and for data communication during manufacturing and maintenance.

[0057] The monitored terminal 10 according to this embodiment further includes a configuration for holding access information in a manner that can be read from the outside even when it is not operational. Specifically, it includes either (a) or (b) below, or both.

[0058] (a) Two-dimensional code: A two-dimensional code (QR code®, etc.) containing URL information used to access the server 30 is printed or affixed to the surface of the housing of the monitored terminal 10. The two-dimensional code is provided on the housing by methods such as silk printing, laser engraving, or sticker application. The two-dimensional code can be read by the camera of the client terminal 50 even when the monitored terminal 10 is not receiving power.

[0059] (b) IC tag 23: The monitored terminal 10 has a built-in IC tag 23 (NFC tag, RFID tag, etc.) that is powered by electromagnetic induction from an external source and can read information. The IC tag 23 stores URL information used to access the server 30. Even when the monitored terminal 10 is inactive, the IC tag 23 is powered by electromagnetic induction from an external reader (client terminal 50, etc.) and can transmit the stored information. The IC tag 23 is connected to the control unit 13 of the monitored terminal 10, and the control unit 13 can write URL information to it when the terminal is operational.

[0060] Furthermore, the casing of the monitored terminal 10 may have terminal identification information (manufacturing number, serial number, etc.) printed or engraved on it. This terminal identification information will be used in the two-factor authentication method described later. (3.2 Server Hardware Configuration)

[0061] Figure 3 is a block diagram showing the hardware configuration of server 30. Server 30 comprises a CPU 31, memory 32, auxiliary storage device 33, and communication interface 34. Server 30 may be physically composed of one or more high-performance physical servers installed in a data center or the like, or it may be virtually constructed using a cloud computing environment.

[0062] The CPU 31 is a high-performance central processing unit that executes various processes on the server 30. The CPU 31 may be a multi-core processor and exhibits high processing performance through parallel processing. The memory 32 is a large-capacity main memory that serves as a working area for program execution. The auxiliary storage device 33 consists of an SSD (Solid State Drive) array or an HDD (Hard Disk Drive) array, etc., and permanently stores various data and programs. The communication interface 34 is an interface for high-speed data communication with the network 40.

[0063] When using a cloud computing environment, features such as auto-scaling that automatically increases or decreases computing resources according to the load, and improved redundancy and fault tolerance by distributing systems across multiple geographical regions are achieved. (3.3 Hardware configuration of the monitoring terminal)

[0064] Figure 4 is a block diagram showing the hardware configuration of the monitoring terminal 20. The monitoring terminal 20 is typically a commercially available smartphone or tablet device and includes a CPU 41, memory 42, storage device 43, communication interface 44, display device 45, microphone 46, speaker 47, and camera 48.

[0065] The CPU 41 is the processor responsible for executing applications. The memory 42 is the main memory, which serves as the working area during program execution. The storage device 43 is typically flash memory, used to store applications and data. The communication interface 44 is a communication module compatible with Wi-Fi and LTE / 5G. The display device 45 is a touchscreen that simultaneously provides high-definition graphic display and touch input. The microphone 46 and speaker 47 handle audio input and output. The camera 48 is used for reading the QR code on the monitored terminal 10 and for taking facial photographs when registering identity information.

[0066] The monitoring terminal 20 has a dedicated application for this monitoring system installed and provides various functions to the caregiver. (3.4 Hardware configuration of client terminals)

[0067] The hardware configuration of the client terminal 50 is similar to that of the monitoring terminal 20, being that of a typical smartphone. The client terminal 50 uses its camera function to read the QR code on the monitored terminal 10 and its NFC function to read information from the IC tag 23. It can also obtain its current location using its GPS function and transmit it to the server 30. <4. Functional Configuration of Each Device> (4.1 Functional configuration of the monitored terminal)

[0068] Figure 5 is a functional block diagram showing the functional configuration of the monitored terminal 10. The control unit 13 of the monitored terminal 10 functions as a state management unit 131, a display control unit 132, a function switching unit 133, a function execution unit 134, a learning unit 135, and a communication control unit 136 by executing a program stored in the memory 14.

[0069] The state management unit 131 is a control unit that centrally monitors and determines the internal state of the monitored terminal 10 (battery level, communication module signal strength, status of receiving messages from external sources, detection results of built-in sensors, etc.) and is in charge of the logic of state transitions.

[0070] The display control unit 132 controls the display content to be shown on the display unit 11 according to the internal state determined by the state management unit 131. The display content includes the time, message reception notification icon, battery level icon, etc.

[0071] The function switching unit 133 switches the function to be executed in response to a press operation by the switch unit 12, according to the internal state determined by the state management unit 131. For example, when a message is received, the message playback function is executed when the switch is pressed, and under normal circumstances, the SOS function is executed when the switch is pressed, so that the appropriate function is executed according to the situation.

[0072] The function execution unit 134 executes the function selected by the function switching unit 133. The functions to be executed include location information transmission, message sending and receiving, SOS function, voice message playback function, etc.

[0073] The learning unit 135 learns the behavioral patterns and usage patterns of the person being monitored and updates the machine learning model to enable more appropriate state transitions and function selections. The learning unit 135 makes it possible to provide a monitoring service customized for each person being monitored.

[0074] The communication control unit 136 transmits and receives data with the server 30 via the communication interface 15. For example, it transmits location information acquired by the GPS receiver 16 to the server 30 and receives voice messages from the server 30. In this embodiment, the communication control unit 136 also performs the process of writing URL information received from the server 30 to the IC tag 23.

[0075] Furthermore, the monitored terminal 10 is equipped with an access information storage unit 137. The access information storage unit 137 is configured to store access information in a manner that can be read from the outside even when it is not in operation, and specifically, this refers to a two-dimensional code and / or IC tag 23 provided on the housing. The access information stored by the access information storage unit 137 is information (such as URL information) that makes it possible to obtain identity information based on terminal identification information managed in association with the identity information of the monitored person by the server 30. (4.2 Server Functional Configuration)

[0076] Figure 6 is a functional block diagram showing the functional configuration of server 30. The CPU 31 of server 30 functions as a communication unit 301, a data management unit 302, a voice-to-text conversion unit 303, a location information processing unit 304, a plan management unit 305, an identity information output unit 306, an identity inquiry notification unit 307, and an identity card verification unit 308 by executing a predetermined server program.

[0077] The communication unit 301 is a communication control unit that transmits and receives data between the monitored terminal 10, the monitoring terminal 20, and the client terminal 50 via the network 40. Specifically, the communication unit 301 supports various communication protocols such as HTTP, WebSocket, and MQTT (Message Queuing Telemetry Transport), and transmits and receives data with each terminal in an appropriate manner. In addition, the communication unit 301 encrypts communications using encryption protocols such as TLS (Transport Layer Security) to ensure data confidentiality.

[0078] The data management unit 302 is a data management unit that stores and manages data received from each terminal in the auxiliary storage device 33 (storage unit). In this embodiment, the data management unit 302 stores identity information received from the monitoring terminal 20 in the storage unit in association with the terminal identification information of the monitored terminal 10. Specifically, (intermediate concept) the data management unit 302 manages the identity information management database and performs CRUD (Create, Read, Update, Delete) operations such as registration, updating, deletion, and searching for identity information. The data management unit 302 also manages the identity inquiry record database and records the history of identity information inquiries.

[0079] The voice-to-text conversion unit 303 converts text data received from the monitoring terminal 20 into voice data (speech synthesis) and converts voice data received from the monitored terminal 10 into text data (speech recognition).

[0080] The location information processing unit 304 processes the location information received from the monitored terminal 10, converts it into a format for transmission to the monitoring terminal 20, and records the history of the location information. It also provides a geofencing function (a function that detects entry into and exit from a predetermined area).

[0081] Plan Management Department 305 manages the monitoring service plans (pricing plans and feature plans) and provides services according to each user's contract details.

[0082] The identity information output unit 306 is a functional unit that receives access from the client terminal 50 and outputs identity information corresponding to the access to the client terminal 50. Specifically, the identity information output unit 306 receives access based on terminal identification information (for example, access to a URL containing terminal identification information), retrieves identity information associated with the terminal identification information from the storage unit, and transmits it to the client terminal 50. The identity information output unit 306 has a web server function and, in response to an HTTP request from the client terminal 50, generates a web page (HTML) containing identity information and sends it back as an HTTP response.

[0083] The identity verification notification unit 307 is a functional unit that sends a notification message to the monitoring terminal 20 indicating that identity information has been verified when the identity information output unit 306 outputs identity information. Specifically, the identity verification notification unit 307 works in conjunction with a push notification service (Firebase Cloud Messaging, Apple Push Notification Service, etc.) to send a push notification to the monitoring terminal 20. The notification message may include the date and time of the verification, the location information of the verification, and a photograph of the person who performed the verification.

[0084] The identity verification unit 308 is a functional unit that analyzes the captured image received from the client terminal 50 and determines whether the identity document contained in the captured image conforms to a predetermined format (e.g., police ID format, medical professional ID format). Specifically, the identity verification unit 308 uses image recognition technology and machine learning models to detect the area of ​​the identity document in the captured image, classify the type of identity document, and determine its authenticity. Features used for the determination include the layout, logo, colors, fonts, and security elements (e.g., holograms) of the identity document. More specifically, the identity verification unit 308 performs image classification using a deep learning model such as a convolutional neural network (CNN). For example, the CPU 31 (or GPU) uses the parameters of a trained model deployed in memory 32 to perform inference processing on the input image and outputs the identity document classification result and confidence score. (4.3 Functional configuration of the monitoring terminal)

[0085] Figure 7 is a functional block diagram showing the functional configuration of a dedicated application that runs on the monitoring terminal 20. This application functions as a communication unit 201, a data display unit 202, an input reception unit 203, a notification reception unit 204, and an identity information registration unit 205, as the CPU 41 executes the program.

[0086] The communication unit 201 sends and receives data with the server 30. The data display unit 202 displays the data received from the server 30 (location information, messages, notifications, etc.) on the display device 45. The input receiving unit 203 accepts input from the user (text input, touch operation, voice input, etc.).

[0087] The notification receiving unit 204 receives an identity verification notification from the server 30 and displays the notification content to the caregiver via the data display unit 202. The notification content may include the date and time the identity information was verified, the location where the verification took place (location information of the client terminal 50), and a photograph taken by the person who made the verification.

[0088] The Identity Information Registration Unit 205 receives identity information input from the caregiver and transmits the entered identity information to the server 30, associating it with the terminal identification information of the monitored terminal 10. The Identity Information Registration Unit 205 displays an Identity Information Input UI (User Interface) and prompts the caregiver to input the name, age, address, emergency contact information, medical history, special notes, etc. of the person being monitored. <5. Data Structure> (5.1 Identity Information Management Database)

[0089] Figure 8 shows the structure of the identity information management database stored in the auxiliary storage device 33 (storage unit) of the server 30. The identity information management database is a database for managing the correspondence between terminal identification information and identity information, and includes the following data items.

[0090] (a) Terminal identification information (terminal ID): Information used to uniquely identify the monitored terminal 10. This includes the manufacturing number, serial number, IMEI, etc. It is used as the primary key.

[0091] (b) Monitor ID: Information to identify the monitor of the monitoring terminal 20 corresponding to the monitored terminal 10. This includes the account ID, etc. The monitor table is referenced as a foreign key.

[0092] (c) Identity information: Information that identifies the person being cared for. Specifically, this includes the following sub-items. • Name of the person being cared for: The name of the person being cared for (in Kanji, Hiragana, Katakana, Roman letters, etc.) • Age or date of birth of the person being cared for: Age or date of birth of the person being cared for • Address of the person being cared for: The address of the person being cared for (prefecture, city / ward / town / village, street number, etc.) • Emergency contact information: Phone number, email address, etc. of the caregiver. Multiple contacts can be registered. • Medical history, chronic illnesses, and medication information: Medical information such as allergies, chronic illnesses, and regularly taken medications. • Special notes: Presence or absence of dementia, communication considerations, type of disability, etc. • Photo: A photograph of the person being cared for (in BLOB format or file path)

[0093] (d) URL information: The URL corresponding to the web page for displaying identity information. In the example where the URL information is encoded in a two-dimensional code, the URL related to this URL information is a common static URL that does not differ for each individual terminal, and is the URL for accessing the server 30 and displaying the web page for searching the terminal. For example, it is in the format "https: / / example.com / identity / search". On the other hand, in the example where the URL information is written to the IC tag, it is the URL for displaying an individual (unique) web page generated for each terminal. For example, it is in the format "https: / / example.com / identity / {unique ID}". The example shown in Figure 8 is the latter type of URL.

[0094] (e) Registration date and time: The date and time (timestamp) when the personal information was registered.

[0095] (f) Update time: The date and time (timestamp) when the identity information was last updated. (5.2 Identity Verification Record Database)

[0096] The storage unit of server 30 also stores an identity verification record database. Figure 20 shows the structure of the identity verification record database. The identity verification record database is a database for managing the history of identity information inquiries and includes the following data items.

[0097] (a) Inquiry ID: An identifier used to uniquely identify each inquiry. It is automatically assigned.

[0098] (b) Terminal identification information: Terminal identification information of the monitored terminal 10 corresponding to the identity information requested. The identity information management database is referenced as an external key.

[0099] (c) Inquiry date and time: The date and time (timestamp) when the identity information was retrieved.

[0100] (d) Inquiry location information: Information indicating the location where the inquiry was made (location information of the client terminal 50). This includes latitude, longitude, precision, etc.

[0101] (e) Images taken by the inquirer: Images taken by the inquirer and submitted by the inquirer. This includes the inquirer's own photograph or an image of their identification document. These are saved in BLOB format or as a file path.

[0102] (f) Identity verification result: The result of the judgment by the identity verification unit 308. Includes a pass / fail flag, confidence score, etc.

[0103] (g) Client terminal information: Information about the client terminal 50 that made the query. This includes the IP address, user agent, etc. (5.3 Facility Location Database)

[0104] The storage unit of server 30 may also store a facility location database. Figure 21 shows the structure of the facility location database. The facility location database is a database for managing location information of facilities (police stations, police boxes, hospitals, municipal offices, etc.) that are authorized to provide personal information, and includes the following data items.

[0105] (a) Facility ID: An identifier used to uniquely identify each facility.

[0106] (b) Facility name: The name of the facility.

[0107] (c) Facility type: Type of facility (police station, police box, hospital, local government office, etc.).

[0108] (d) Location information: Information indicating the location of the facility (latitude, longitude).

[0109] (e) Permitted radius: The threshold (in meters) within which an identity information inquiry is permitted if the distance from the facility is within this radius. (5.4 Data Structure Scalability)

[0110] The database structure described above is just one example and can be extended as needed according to system requirements. For example, it is possible to add the ability to register multiple emergency contacts with priority levels, or to add language code fields for multilingual support. Furthermore, it can be implemented using various database management systems, such as relational databases, NoSQL databases, and distributed databases. <6. Examples of User Interfaces (UI)> (6.1 Appearance of the monitored device)

[0111] Figure 12 shows an example of the external appearance of the monitored terminal 10 according to this embodiment. The monitored terminal 10 has a small and lightweight housing that fits in the palm of the hand, and a display unit 11 is arranged on the main surface of the housing. The display unit 11 displays the time, icons, message reception notifications, etc.

[0112] The following elements are provided on the back or side of the enclosure. Note that either (a) a two-dimensional code or (b) an IC tag will be provided. (a) Two-dimensional code: A two-dimensional code (QR code® registered trademark) containing URL information used to access server 30 is printed on the card. The size of the two-dimensional code is small enough to be read by a smartphone camera (for example, about 15mm x 15mm). (b) Terminal identification information: The serial number of the monitored terminal 10 is printed or engraved on the terminal. Terminal identification information is required to be entered in the two-factor authentication method. (c) IC tag: An IC tag 23 (NFC tag) is built into the casing, and information can be read by bringing an NFC reader-compatible smartphone close to it. A mark indicating the location of the IC tag (such as an NFC mark) may be printed on the surface of the casing. (6.2 Identity Information Input Screen)

[0113] Figure 13 shows an example of the identity information input screen displayed on the monitoring terminal 20. The identity information input screen is a screen for the monitor to register the identity information of the person being monitored, and includes the following UI elements.

[0114] (a) Name of person under care input field: A text field for entering the name of the person under care. Includes fields for Kanji, furigana (hiragana), and Roman letters.

[0115] (b) Date of Birth Input Field: A date selection field for entering the date of birth of the person being cared for. Can be selected using the calendar UI or picker UI.

[0116] (c) Address input field: A text field for entering the address of the person being cared for. It may also have an autofill function based on the postal code.

[0117] (d) Emergency contact input field: A text field for entering a phone number or email address. Multiple contacts can be registered and their priority can be set.

[0118] (e) Medical information input field: A text area for entering medical history, chronic illnesses, medication information, allergies, etc. Both predefined selections and free-text input are possible.

[0119] (f) Special Notes Input Field: A text area for entering information such as whether or not dementia is present, communication considerations (hearing impairment, speech impairment, etc.), and other notes.

[0120] (g) Face Photo Registration Button: A button for taking or selecting a face photo of the person being monitored. Tapping it will either launch the camera or allow selection from the photo library.

[0121] (h) Terminal Identification Information Input Field: A text field for entering the terminal identification information (serial number, etc.) of the monitored terminal 10. It is also possible to automatically input this information by tapping the QR code reading button.

[0122] (i) Registration button: A button to send the entered identity information to server 30. The input content is validated, and an error message is displayed if any required fields are not filled in. (6.3 Identity Information Display Screen)

[0123] Figure 14 shows an example of the identity information display screen displayed on the client terminal 50. The identity information display screen is a screen used by a third party to verify the identity of the person being monitored, and includes the following UI elements.

[0124] (a) Photograph of the person being protected: The registered photograph is displayed prominently at the top of the screen. It is used to verify the person being protected.

[0125] (b) Name of the person being looked after: Display the name of the person being looked after, along with its phonetic spelling.

[0126] (c) Age of the person being cared for: Displays the age of the person being cared for. It is automatically calculated from the date of birth.

[0127] (d) Emergency contact: Displays the contact information of the caregiver. It is displayed as a link that can be tapped to make a phone call. If there are multiple contacts, they are listed in order of priority.

[0128] (e) Special Notes: The presence or absence of dementia, communication precautions, etc., are displayed in a prominent format. Important information is highlighted using icons and color coding.

[0129] (f) Medical Information: Displays important medical information such as allergies, chronic illnesses, and medication information. Information requiring urgency (such as severe allergies) is displayed with a warning icon.

[0130] (g) Report button: A button for reporting to the police (110) or ambulance (119). Tapping it will display a confirmation dialog, and the call will be placed after confirmation. (6.4 Identity Verification Notification Screen)

[0131] Figure 15 shows an example of the identity verification notification screen displayed on the monitoring terminal 20. The identity verification notification screen is a screen that notifies the caregiver that the identity information of the person being monitored has been verified, and includes the following UI elements.

[0132] (a) Notification title: A notification title such as "Your identity information has been verified" will be displayed at the top of the screen. An icon indicating urgency (such as a bell icon) will be added.

[0133] (b) Inquiry Date and Time: Displays the date and time when the identity information was accessed. It will be displayed in the format "Today 15:30", etc.

[0134] (c) Inquiry Location: The location where the inquiry was made is displayed on the map with a pin. The address and facility name are also shown.

[0135] (d) Inquirer Image: Displays the image submitted by the inquirer (if submitted). The inquirer's face photo, identification document image, etc. will be displayed.

[0136] (e) Phone call button: A button used to make a phone call to the facility (police station, etc.) at the displayed inquiry location.

[0137] (f) Route display button: A button to display the route to the inquiry location in a map application. When tapped, a map application (such as Google Maps) will launch and the route from the current location to the inquiry location will be displayed. (6.5 Terminal Identification Information Input Screen)

[0138] In the two-dimensional code system, the terminal identification information input screen displayed on the client terminal 50 includes the following UI elements.

[0139] (a) Explanatory text: Explanatory text such as "Please enter the number printed on the monitoring device."

[0140] (b) Terminal identification information input field: A text field for entering the serial number. A numeric keyboard will be displayed.

[0141] (c) Send button: A button for sending the entered terminal identification information to the server 30.

[0142] (d) Hint display: Diagrams or explanations showing where the terminal identification information is printed on the monitored terminal. (6.6 Screen for requesting captured images)

[0143] In the authentication process using captured images, the image request screen displayed on the client terminal 50 includes the following UI elements.

[0144] (a) Explanatory text: Explanatory text such as "To display your identity information, we will need to take a photo of your face or identification document."

[0145] (b) Camera preview: A preview area that displays the camera feed from client terminal 50 in real time.

[0146] (c) Capture button: A button used to take a picture. Tapping it saves the current camera image as a still image.

[0147] (d) Send button: A button used to send the captured image to server 30. It is displayed after taking the picture. <7. Processing Sequence> (7.1 Identity Information Registration Process)

[0148] Figure 9 is a diagram showing the sequence of identity information registration processing according to this embodiment, and is a sequence diagram showing an example of identity information registration processing when URL information is encoded in a two-dimensional code. The identity information registration processing is the process by which the caregiver registers the identity information of the person being cared for with the server 30.

[0149] (Step S901) The processor (CPU 41) of the monitoring terminal 20 displays the identity information input screen on the display device 45 in response to an operation from the monitor.

[0150] (Step S902) The caregiver enters the personal information of the person being cared for (name, date of birth, address, emergency contact information, medical information, special notes, facial photograph, etc.) and the terminal identification information of the cared-for terminal 10 into the personal information input screen. The terminal identification information may be manually entered from the serial number printed on the casing of the cared-for terminal 10.

[0151] (Step S903) When the caregiver taps the registration button, the processor of the monitoring terminal 20 sends the entered identity information and terminal identification information to the server 30.

[0152] (Step S904) The processor (CPU 31) of the server 30 stores the received identity information in the auxiliary storage device 33 (storage unit) in association with the terminal identification information, using the functions of the data management unit 302. In other words, the processor of the server 30 updates the identity information management database in accordance with the registration of identity information. That is, it registers identity information on the identity information management database.

[0153] (Step S905) The processor of server 30 sends (notifies) a message to monitoring terminal 20 indicating that the registration of identity information has been completed.

[0154] (Step S906) The processor of the monitoring terminal 20 causes the registration completion message to be displayed on the display device 45.

[0155] Figure 16 is a diagram showing the sequence of identity information registration processing according to this embodiment, and is a sequence diagram showing an example of identity information registration processing when URL information is written to the IC tag 23. The identity information registration processing is the process by which the caregiver registers the identity information of the person being cared for with the server 30.

[0156] (Step S910) The processor (CPU 41) of the monitoring terminal 20 displays the identity information input screen on the display device 45 in response to an operation from the monitor.

[0157] (Step S911) The caregiver enters the personal information of the person being cared for (name, date of birth, address, emergency contact information, medical information, special notes, facial photograph, etc.) and the terminal identification information of the cared-for terminal 10 into the personal information input screen. The terminal identification information may be manually entered from the serial number printed on the casing of the cared-for terminal 10.

[0158] (Step S912) When the caregiver taps the registration button, the processor of the monitoring terminal 20 sends the entered identity information and terminal identification information to the server 30.

[0159] (Step S913) The processor of the server 30 generates a terminal-specific web page to display the identity information in response to the registration of the identity information, and generates unique URL information corresponding to this web page. For example, as described above, a URL is generated in the format "https: / / example.com / identity / {unique ID}" with the received terminal identification information substituted in the {unique ID} part. The generated URL information may be a URL containing terminal identification information, or a URL containing a randomly generated unique identifier.

[0160] (Step S914) The processor (CPU 31) of the server 30 stores the received identity information in the auxiliary storage device 33 (storage unit) in association with the terminal identification information, using the functions of the data management unit 302. In other words, the processor of the server 30 updates the identity information management database in accordance with the registration of identity information. Specifically, it registers the received identity information and the URL information generated in step S913 on the identity information management database.

[0161] (Step S915) The processor of the server 30 sends the generated URL information to the monitored terminal 10.

[0162] (Step S916) The processor (control unit 13) of the monitored terminal 10 writes the received URL information to the IC tag 23 using the functions of the communication control unit 136. As a result, even after the monitored terminal 10 becomes inactive, the client terminal 50 can read the IC tag 23 and obtain the unique URL information.

[0163] (Step S917) When the processor of the monitored terminal 10 has finished writing the URL information to the IC tag 23, it sends a message to the server 30 to that effect.

[0164] (Step S918) The processor of the server 30 sends a registration completion notification to the monitoring terminal 20 indicating that the registration of identity information has been completed. (Step S919) The processor of the monitoring terminal 20 causes the registration completion message to be displayed on the display device 45. (7.2 Overview of Identity Information Inquiry Process)

[0165] Figures 17 and 18 illustrate the concept of the identity information inquiry process according to this embodiment. In this embodiment, in order to allow the inquiry of the identity information of the person being monitored even when the monitored terminal 10 is inactive, either a two-dimensional code method (Figure 17) or an IC tag method (Figure 18) is employed.

[0166] Figure 17 is a conceptual diagram of the two-dimensional code system. In the two-dimensional code system, a two-dimensional code (such as a QR code) printed on the casing of the monitored terminal 10 is read by the camera of the client terminal 50 to obtain URL information used to access the server 30. This URL information is the URL of a web page that displays identity information corresponding to the terminal identification information verified by referring to the identity information management database. The two-dimensional code can be optically read even when the monitored terminal 10 is not receiving power (e.g., battery is dead). The client terminal 50 accesses the server 30 based on the obtained URL information and obtains the identity information of the monitored person using the terminal identification information of the monitored terminal 10. In the two-dimensional code system, in order to improve security, it is preferable to employ two-factor authentication that requires input of terminal identification information (serial number, etc.) printed on the casing of the monitored terminal 10 in addition to the URL information.

[0167] Figure 18 is a conceptual diagram of the IC tag system. In the IC tag system, URL information used to access the server 30 is obtained by reading the IC tag 23 (NFC tag, RFID tag, etc.) embedded in the monitored terminal 10 with the NFC reader of the client terminal 50. This URL information is the URL of a web page generated by the server 30 that displays unique identity information different for each terminal identification information. Since the IC tag 23 is powered and operated by electromagnetic induction from an external source, the information can be read even when the monitored terminal 10 is inactive. In the IC tag system, because the URL information stored in the IC tag 23 is unique to each terminal, security is improved compared to the two-dimensional code system, and it is also possible to omit the input of terminal identification information. In addition, since the IC tag 23 is placed inside the casing, it has the advantage of being less affected by dirt or damage on the surface of the casing.

[0168] In either method, once the client terminal 50 obtains identity information from the server 30, the server 30 sends an identity verification notification to the monitoring terminal 20. This allows the monitor to quickly understand the possibility that the person being monitored has been found and protected. The detailed processing sequence for each method is described below. (7.3 Identity Information Inquiry Processing - Two-Dimensional Code Method)

[0169] Figure 10 is a diagram showing the sequence of identity information inquiry processing according to this embodiment. Below, a method using a two-dimensional code printed on the housing of the monitored terminal 10 will be described. In this example, URL information for accessing identity information held in the server 30 is pre-encoded in the two-dimensional code.

[0170] (Step S1001) The third party who has found and protected the person being monitored activates the camera on the client terminal 50 and reads the two-dimensional code printed on the casing of the monitored terminal 10.

[0171] (Steps S1002, S1003) The processor of the client terminal 50 decodes the URL information encoded in the two-dimensional code and accesses the URL (sends an HTTP request).

[0172] (Step S1004) The server 30's processor, through the function of the identity information output unit 306, accepts access to the URL and sends a web page resource corresponding to the URL to the client terminal 50. This URL is the URL of a web page (HTML file) designed to accept input terminal identification information, verify the input terminal identification information, and display identity information corresponding to the successfully verified terminal identification information. When sending the web page in step S1004, the server 30 requests the client terminal 50 to send location information. The request for location information is made, for example, using the HTML5 Geolocation API.

[0173] (Step S1005) The processor of the client terminal 50 displays an input screen according to the web page, and the third party enters terminal identification information (serial number, etc.) printed on the casing of the monitored terminal 10. When displaying the input screen, the client terminal 50 may display a dialog box asking the user whether to allow the transmission of location information in response to a request from the server 30, and may only transmit location information if the user grants permission through the dialog box.

[0174] (Step S1006) The processor of the client terminal 50 transmits the input terminal identification information to the server 30. At this time, the client terminal 50 transmits its own terminal location information to the server 30. The location information is latitude and longitude information obtained by the GPS function of the client terminal 50. The server 30 receives the terminal identification information and the location information.

[0175] (Step S1007) The processor of the server 30 compares the input terminal identification information with the terminal identification information registered in the identity information management database using the function of the identity information output unit 306. If the comparison fails, that is, if no identity information associated with terminal identification information that matches the input terminal identification information is registered in the database, an error message is returned and the process is terminated.

[0176] (Step S1008) If the matching is successful, that is, if identity information associated with terminal identification information that matches the entered terminal identification information is registered in the database, the processor of the server 30 retrieves the identity information associated with the terminal identification information from the storage unit.

[0177] (Step S1009) The processor of the server 30, using the function of the identity information output unit 306, sends a resource to the client terminal 50 that displays an identity information display screen containing the acquired identity information (sends an HTTP response).

[0178] (Step S1010) The processor of the client terminal 50 displays an identity information display screen. Based on the displayed identity information, the third party can contact the caregiver or deliver the person being cared for to an appropriate location.

[0179] The two-factor authentication method described above (URL + device identification information) prevents individuals who only scan the QR code from immediately obtaining personal information, thereby improving security. (7.4 Identity Information Inquiry Processing - IC Tag Method)

[0180] Figure 19 is a diagram showing the sequence of identity information inquiry processing according to this embodiment. Below, we will describe a method using the IC tag 23 built into the monitored terminal 10.

[0181] (Step S1020) The third party brings the client terminal 50 close to the monitored terminal 10 and reads the information on the IC tag 23 using the NFC function. The IC tag 23 stores unique URL information generated by the server 30 during the identity information registration process.

[0182] (Step S1021) The processor of the client terminal 50 accesses the server 30 (sends an HTTP request) based on the URL information it has read.

[0183] (Step S1022) The processor of the server 30 requests the accessing client terminal 50 to send its current location information. The request for location information is made, for example, using the HTML5 Geolocation API.

[0184] (Step S1023) The processor of the client terminal 50 transmits the current location information of the terminal to the server 30 in response to a request from the server 30. The location information is latitude and longitude information obtained by the GPS function of the client terminal 50. At this time, the client terminal 50 may display a dialog box asking the user whether to allow the transmission of location information in response to a request from the server 30, and transmit the location information only if the user grants permission through the dialog box. The server 30 receives the location information from the client terminal 50.

[0185] (Step S1024) The processor of the server 30, through the function of the identity information output unit 306, retrieves from the storage unit a web page corresponding to the accessed URL (a web page that displays identity information corresponding to the terminal identification information of the accessed terminal) by referring to the database for identity information management.

[0186] (Step S1025) The processor of the server 30 sends the acquired web page (HTML file) to the client terminal 50.

[0187] (Step S1026) The processor of the client terminal 50 displays an identity information display screen according to the web page. Based on the displayed identity information, the third party can contact the caregiver or deliver the person being cared for to an appropriate location.

[0188] In the IC tag method, since the URL is unique to each device, it is possible to omit the input of device identification information, as is required in the two-dimensional code method. On the other hand, to further enhance security, the IC tag method may also be configured to require the input of device identification information. (7.5 Processing of Identity Verification Notification)

[0189] Figure 11 shows the sequence of the identity verification notification process according to this embodiment. The identity verification notification process is a process for notifying the caregiver that identity information has been verified, and is executed in conjunction with the identity information verification process.

[0190] (Step S1101) The processor of server 30 adds and updates the identity inquiry record database with a record of the output of identity information. Server 30 records the current location of client terminal 50 obtained from client terminal 50 in the inquiry location information item. Server 30 records the date and time information indicated by the timestamp when identity information output processing was performed for client terminal 50 in the inquiry date and time item. Server 30 records terminal identification information obtained from client terminal 50. Server 30 records information such as the IP address and browser used obtained during the process of communicating with client terminal 50 in the client terminal information item. Server 30 generates an inquiry ID according to predetermined rules and records each item in association with this inquiry ID.

[0191] (Step S1102) The processor of the server 30 generates a notification message indicating that identity information has been accessed, using the function of the identity inquiry notification unit 307. The notification message includes information on each item (inquiry date and time, inquiry location information, etc.) included in the identity inquiry record newly created in step S1101.

[0192] (Step S1103) The processor of the server 30 identifies the monitoring terminal 20 associated with the terminal identification information using the functions of the data management unit 302.

[0193] (Step S1104) The processor of the server 30 sends a notification message to the monitoring terminal 20 as a push notification using the function of the identity verification notification unit 307.

[0194] (Step S1105) The processor of the monitoring terminal 20 receives a notification message using the function of the notification receiving unit 204, and displays the notification content to the monitor using the function of the data display unit 202. Based on the inquiry location information displayed on the notification screen, the monitor can find out where the person being monitored was found and, if necessary, go to the location or contact the person who made the inquiry. (7.6 Authentication process using captured images)

[0195] As one variation of this embodiment, the identity information output unit 306 of the server 30 may be configured to request the client terminal 50 to transmit images captured by the camera before outputting identity information (steps S1009, S1025).

[0196] Specifically, after receiving access from the client terminal 50 in steps S1003 and S1021, the identity information output unit 306 sends a request to the client terminal 50 to send the captured image. The processor of the client terminal 50 activates the camera and displays a screen (Figure 22) prompting the inquirer (third party) to take a photograph of their own face or identification document. Once the inquirer takes the photograph and the captured image is sent to the server 30, the identity information output unit 306 outputs the identity information (S1009, S1025).

[0197] When the data management unit 302 records the identity verification record (step S1101), it includes the received photographed image in the "Inquirer's Photographed Image" field of the identity verification record. This makes it possible to retrospectively verify the person who requested the identity information, and is expected to have a deterrent effect against unauthorized access. (7.7 Identity Verification Process)

[0198] As a further modification, the identity verification unit 308 of the server 30 may be configured to analyze the captured image received from the client terminal 50 as described above and determine whether the identity document contained in the captured image conforms to a predetermined format.

[0199] Specifically, the identity verification unit 308 uses machine learning models and image recognition technology to determine whether the captured image conforms to a standard format such as a police ID, medical professional ID, or official identification card. The identity information output unit 306 outputs identity information only if the identity verification unit 308 determines that the image conforms to a predetermined format (steps S1009, S1025). This allows access to identity information to be limited to persons with appropriate identities, such as police officers and medical professionals. (7.8 Restriction processing based on location information)

[0200] As a further variation, the identity information output unit 306 of the server 30 may be configured to restrict the output of identity information based on location information obtained from the client terminal 50.

[0201] Specifically, the storage unit of server 30 has the locations of designated facilities (police stations, police boxes, hospitals, municipal offices, etc.) pre-registered (facility location database). The identity information output unit 306 outputs identity information only if the location indicated by the location information obtained from the client terminal 50 (steps S1006, S1023) is within a predetermined range (for example, within 100m) from the location of a designated facility that has been pre-registered. This makes it possible to limit access to identity information to inquiries made within the appropriate facility. <8. Variations and Others> (8.1 Implementation variations of access information)

[0202] In this embodiment, an example using a two-dimensional code or IC tag as access information has been described, but the implementation of access information is not limited to this. For example, the following implementation is also possible.

[0203] (a) One-dimensional barcode: One-dimensional barcodes (JAN code, CODE39, etc.) may be used instead of two-dimensional barcodes. Since one-dimensional barcodes have limited information capacity, shortened URLs, etc., should be used.

[0204] (b) OCR-enabled text: URL information may be printed on the device as human-readable text and read using OCR (Optical Character Recognition). This allows the device to be used even with client terminals that do not support reading 2D codes.

[0205] (c) Bluetooth Low Energy (BLE) beacon: The monitored terminal 10 may be equipped with a BLE beacon function, and the client terminal 50 may receive the beacon signal and obtain access information. However, it should be noted that BLE beacons require power supply and will not operate when not in operation.

[0206] (d) Combination of multiple methods: The configuration may include both a two-dimensional code and an IC tag, allowing the client terminal 50 to select either method depending on its function. Even client terminals that do not support NFC can access identity information by reading the two-dimensional code. (8.2 Variations in the content of identity information)

[0207] The content of the personal information can be customized as appropriate depending on the system's purpose and the attributes of the person being monitored. For example, the priority of information items can be changed, such as prioritizing parental contact information in a child monitoring system and prioritizing medical information in a monitoring system for the elderly.

[0208] Furthermore, to support multiple languages, the system may be configured to display identity information in multiple languages. The identity information will be displayed in the appropriate language according to the language settings of the client terminal 50. This is useful when the person being monitored is a foreigner, or when the inquirer is a foreigner.

[0209] Furthermore, the system could be configured to allow users to set the scope of disclosure for each item of their personal information. For example, it would be possible to always disclose the name and emergency contact information, while only disclosing the address and medical information after identity verification, thus allowing for privacy-conscious settings. (8.3 Setting the Security Level)

[0210] The system may be configured to allow the caregiver to set the security level of the personal information when registering it. For example, the following security levels may be selectable:

[0211] (a) Level 1 (Low): Identity information is displayed by reading only a QR code or IC tag. It is the simplest but has the lowest level of security.

[0212] (b) Level 2 (Medium): Additional device identification information is required. Security is enhanced through two-factor authentication.

[0213] (c) Level 3 (High): Additional request for submission of captured images. Security is further enhanced by recording the inquirer.

[0214] (d) Level 4 (highest): Additional verification of identity and location information is required. Verification is only possible through official institutions.

[0215] The security level can be adjusted as needed depending on the situation of the person being monitored and the wishes of the monitor. For example, if the person being monitored goes missing, the security level could be temporarily lowered to allow more people to verify their identity. (8.4 Example of a change in the processing flow)

[0216] In the above embodiment, an example was described in which the identity information inquiry process and the identity inquiry notification process are executed in conjunction, but the processing flow can be changed as appropriate.

[0217] For example, the system can be configured to not send identity verification notifications depending on the monitor's settings. This addresses situations where users want to disable notifications due to privacy concerns or worries about frequent notifications.

[0218] Alternatively, the system may be configured to send a notification only when the number of identity information inquiries exceeds a predetermined threshold. If multiple inquiries are made in a short period of time, it is assumed that the person being monitored has been found and is being verified by multiple people, and therefore a notification will be sent. (8.5 Variations related to distributed processing)

[0219] Each process in this system can be executed on a single device or distributed across multiple devices. Distributed processing offers higher availability and performance in terms of load balancing, redundancy, and continued processing during failures. Furthermore, technologies such as microservice architecture and container orchestration (Kubernetes, etc.) can be utilized.

[0220] The present invention is not limited to the embodiments described above, and various modifications and applications are possible. For example, technical elements such as programming languages, development frameworks, database management systems, and communication protocols can be appropriately selected according to specific implementation requirements. (8.6 Integration and Decomposition of Components)

[0221] Each functional block and component described in this embodiment can be integrated or decomposed according to the requirements of implementation. Simplifying implementation can be achieved by integrating multiple functions into a single module, while conversely, improving maintainability and extensibility can be achieved by decomposing a single function into multiple modules.

[0222] For example, the identity information output unit 306 and the identity verification notification unit 307 may be integrated into a single "identity verification processing unit." Alternatively, the identity information output unit 306 may be decomposed into an "authentication processing unit," an "information acquisition unit," and a "response generation unit." <9. Summary and Notes> (9.1 General Assignments)

[0223] One of the purposes of this disclosure is to provide a monitoring system, a monitoring terminal, an information processing device, an information processing method, and a program that can verify the identity of the person being monitored even when the monitoring terminal is inactive. (10.2 Addendum)

[0224] Issues corresponding to [Appendix 1] One of the purposes of this disclosure is to provide a monitoring system that allows a third party who finds and protects a person being monitored to verify the person's identity even if the battery of the monitored device runs out and the device becomes inoperable. [Note 1] A monitoring system comprising a server, a monitoring terminal, and a monitored terminal, wherein the monitoring terminal receives input of identity information indicating the identity of the monitored person and transmits the identity information to the server, and the server comprises a data management unit that stores the identity information received from the monitoring terminal in a storage unit in association with terminal identification information that identifies the monitored terminal, and an identity information output unit that receives access from a client terminal based on the terminal identification information and outputs the identity information corresponding to the access to the client terminal, and the monitored terminal holds access information used to access the server in a manner that can be read from the outside even when the monitored terminal is inactive. [Effects of Appendix 1] According to the invention described in Appendix 1, even when the monitored terminal is inactive, identity information can be obtained via access information, thereby facilitating the protection of the monitored person.

[0225] Issues corresponding to [Appendix 2] One of the purposes of this disclosure is to provide a monitoring system that allows access information to be placed on the monitored terminal at low cost and in a simple manner. [Note 2] In the monitoring system described in Appendix 1, the access information is URL information encoded in a two-dimensional code displayed on the housing of the monitored terminal. [Effects of Appendix 2] According to the invention described in Appendix 2, access information can be provided by printing on the casing, which is a low-cost and simple method, and an identity verification function can be realized without the addition of electronic components.

[0226] Issues corresponding to [Appendix 3] One of the purposes of this disclosure is to provide a monitoring system that can reliably read access information even if the casing of the monitored terminal becomes dirty or damaged. [Note 3] In the monitoring system described in Appendix 1, the monitored terminal is equipped with an IC tag that is powered by electromagnetic induction from an external source and is capable of reading information, and the access information is URL information stored in the IC tag. [Effects of Appendix 3] According to the invention described in Appendix 3, by using an IC tag, access information can be reliably read regardless of the condition of the housing surface, and since power is supplied by electromagnetic induction, it is not affected by battery depletion.

[0227] Issues corresponding to [Appendix 4] One of the purposes of this disclosure is to provide a monitoring system with enhanced security by preventing individuals from immediately obtaining personal information simply by scanning a two-dimensional code. [Note 4] In the monitoring system described in Appendix 2, the casing of the monitored terminal further displays the terminal identification information, and the identity information output unit of the server, after receiving access from the client terminal based on the URL information, requests the client terminal to input the terminal identification information, and outputs the identity information if the matching of the input terminal identification information with the terminal identification information stored in the storage unit is successful. [Effects of Appendix 4] According to the invention described in Appendix 4, two-factor authentication (URL + terminal identification information) can be used to prevent unauthorized access and improve security.

[0228] Issues corresponding to [Appendix 5] One of the purposes of this disclosure is to provide a monitoring system that can automatically set appropriate URL information on an IC tag in conjunction with the registration of identity information. [Note 5] In the monitoring system described in Appendix 3, the server generates unique URL information corresponding to a web page for displaying the identity information in response to the registration of the identity information, transmits the URL information to the monitored terminal, and the monitored terminal writes the URL information received from the server to the IC tag. [Effects of Appendix 5] According to the invention described in Appendix 5, the URL information of the IC tag is automatically updated in conjunction with the registration of identity information, thereby improving convenience and preventing inconsistencies in URL information.

[0229] Issues corresponding to [Appendix 6] One of the purposes of this disclosure is to provide a monitoring system that allows caregivers to be quickly notified when identity information has been accessed and to understand the protection status of the person being monitored. [Note 6] The monitoring system described in Appendix 1 further comprises an identity inquiry notification unit which sends a notification message to the monitoring terminal indicating that the identity information has been inquired when the identity information output unit outputs the identity information, and the monitoring terminal notifies the monitor that the identity information has been inquired based on the notification message. [Effects of Appendix 6] According to the invention described in Appendix 6, the caregiver can quickly grasp that the person's identity information has been checked, recognize the possibility that the person being cared for has been found and protected, and take appropriate action.

[0230] Issues corresponding to [Appendix 7] One of the purposes of this disclosure is to provide a monitoring system that allows caregivers to know where the person being monitored was found and protected. [Note 7] In the monitoring system described in Appendix 6, the identity information output unit of the server obtains location information indicating the current location of the client terminal from the client terminal, and the identity inquiry notification unit transmits the location information to the monitoring terminal in the notification message. [Effects of Appendix 7] According to the invention described in Appendix 7, the caregiver can ascertain the location from which the inquiry was made, and therefore can quickly rush to the location of the person being cared for.

[0231] Issues corresponding to [Appendix 8] One of the purposes of this disclosure is to provide a monitoring system that allows for retrospective verification of those who inquire about identity information and can deter unauthorized access. [Note 8] In the monitoring system described in Appendix 1, the identity information output unit of the server requests the client terminal to transmit a captured image from the camera before outputting the identity information, outputs the identity information when it receives the captured image from the client terminal, and the data management unit records the captured image in the storage unit as an identity inquiry record in association with the terminal identification information. [Effects of Appendix 8] According to the invention described in Appendix 8, since the inquirer's captured image is recorded, it has a deterrent effect against unauthorized access and also allows for post-access verification.

[0232] Issues corresponding to [Appendix 9] One of the purposes of this disclosure is to provide a privacy-protecting monitoring system that limits access to identity information to inquiries made in appropriate locations. [Note 9] In the monitoring system described in Appendix 1, the identity information output unit of the server obtains location information indicating the current location of the client terminal from the client terminal, and outputs the identity information when the location indicated by the location information is within a predetermined range from the location of a predetermined facility that has been registered in advance. [Effects of Appendix 9] According to the invention described in Appendix 9, access to identity information can be limited to inquiries made within appropriate facilities such as police stations and hospitals, thereby protecting the privacy of the person being monitored.

[0233] Issues corresponding to [Appendix 10] One of the purposes of this disclosure is to provide a monitoring system that protects privacy by limiting access to identity information to those with the appropriate identity. [Note 10] In the monitoring system described in Appendix 1, the server further comprises an identity verification unit, The identity information output unit of the server requests the client terminal to transmit the image captured by the camera before outputting the identity information. The aforementioned identity verification unit analyzes the captured image received from the client terminal and determines whether the identity document contained in the captured image conforms to a predetermined format. The identity information output unit outputs the identity information when the identity verification unit determines that it matches the predetermined format, in a monitoring system. [Effects of Appendix 10] According to the invention described in Appendix 10, access to identity information can be limited to persons with legitimate identification cards, such as police officers and medical professionals, thereby protecting the privacy of the person being monitored.

[0234] Issues corresponding to [Appendix 11] One of the purposes of this disclosure is to provide a monitored terminal equipped with a configuration that enables identity verification even when it is not operational. [Note 11] A monitored terminal used in a monitoring system, comprising an information holding unit that holds access information used to access a server in a manner that can be read from the outside even when the monitored terminal is in a non-operational state, wherein the access information is information that enables the acquisition of identity information based on terminal identification information managed in the server in association with the identity information of the monitored person who possesses the monitored terminal. [Effects of Appendix 11] According to the invention described in Appendix 11, even when the monitored terminal is inactive, identity information can be obtained via access information, thereby facilitating the protection of the monitored person.

[0235] Issues corresponding to [Appendix 12] One of the purposes of this disclosure is to provide an information processing device for verifying the identity of a person being monitored in a monitoring system. [Note 12] An information processing apparatus for verifying the identity of a person under guardianship in a guardianship system, comprising: a data management unit that associates and stores in a storage unit terminal identification information for identifying a terminal under guardianship and identity information indicating the identity of the person under guardianship who holds the terminal under guardianship; and an identity information output unit that receives an access from a client terminal based on the terminal identification information and outputs the identity information corresponding to the access to the client terminal. [Effect of Supplementary Note 12] According to the invention related to Supplementary Note 12, an information processing apparatus that manages and outputs identity information based on the terminal identification information of a terminal under guardianship is provided, and the identity verification function in the guardianship system is realized.

[0236] [Problems corresponding to Supplementary Note 13] One of the objects of the present disclosure is to provide an information processing method for verifying the identity of a person under guardianship in a guardianship system. [Supplementary Note 13] A processor receives identity information indicating the identity of a person under guardianship from a terminal under guardianship, stores the identity information in a storage unit in association with terminal identification information for identifying the terminal under guardianship, receives an access from a client terminal based on access information held by the terminal under guardianship in a manner readable from the outside even when the terminal under guardianship is in a non-operating state, and outputs the identity information corresponding to the access to the client terminal. [Effect of Supplementary Note 13] According to the invention related to Supplementary Note 13, an information processing method for outputting identity information even when the terminal under guardianship is in a non-operating state is provided, and the identity verification function in the guardianship system is realized.

[0237] [Problems corresponding to Supplementary Note 14] One of the objects of the present disclosure is to provide a program for registering identity information and receiving identity inquiry notifications in a terminal under guardianship. [Supplementary Note 14] A program that causes a processor to perform the following processes: receiving input of identity information indicating the identity of the person being monitored; sending the input identity information to a server in association with terminal identification information that identifies the monitored terminal; and, when the program receives a notification from the server indicating that the identity information has been queried by a client terminal, displaying the notification on the display unit. [Effects of Appendix 14] According to the invention described in Appendix 14, it becomes possible to register identity information and receive identity verification notifications on the monitoring terminal, thereby realizing an identity verification function in the monitoring system. [Explanation of symbols]

[0238] 1…Monitoring system 10…Monitored device 11...Display section 12…Switch section 13…Control Unit (CPU) 14…Memory 15…Communication Interface 16…GPS receiver 17…Accelerometer 18…Speaker 19... Mike 21…External Interface 22...Internal bus 23…IC tag 20... Monitoring device 41…CPU 42...memory 43…Storage device 44…Communication Interface 45...Display device 46... Mike 47...Speaker 48... Camera 30… Server 31…CPU 32...memory 33…Auxiliary storage device 34…Communication Interface 40…Network 50…Client terminals 131...Status Management Department 132...Display Control Unit 133...Function switching section 134...Function Execution Unit 135…Learning Department 136...Communication Control Unit 137... Access information storage unit 201... Communications Department 202...Data display section 203... Input Reception Section 204...Notification receiving unit 205…Identity Information Registration Department 301... Communications Department 302...Data Management Department 303...Speech-to-text conversion unit 304...Location Information Processing Unit 305... Plan Management Department 306...Identity Information Output Unit 307…Identity Verification Notification Department 308...Identity Verification Department

Claims

1. A monitoring system comprising a server, a monitoring terminal, and a monitored terminal, The aforementioned monitoring terminal is The system accepts input of identity information indicating the identity of the person being monitored, and transmits the said identity information to the server. The aforementioned server, A data management unit stores the identity information received from the monitoring terminal in a storage unit, in association with terminal identification information that identifies the monitored terminal. An identity information output unit that receives access from a client terminal based on the aforementioned terminal identification information and outputs the identity information corresponding to the access to the client terminal, Equipped with, The aforementioned monitoring terminal is The monitored terminal retains access information used to access the server in a manner that allows it to be read from the outside, even when the terminal is not operational. A monitoring system.

2. In the monitoring system described in claim 1, The aforementioned access information is URL information encoded in a two-dimensional code displayed on the casing of the monitored terminal. A monitoring system.

3. In the monitoring system described in claim 1, The monitored terminal is equipped with an IC tag that is powered by electromagnetic induction from an external source and is capable of reading information. The aforementioned access information is the URL information stored in the IC tag. A monitoring system.

4. In the monitoring system described in claim 2, The housing of the monitored terminal further displays the terminal identification information. The identity information output unit of the server is: After receiving access from the client terminal based on the URL information, the system requests the client terminal to input the terminal identification information. If the input terminal identification information is successfully matched with the terminal identification information stored in the storage unit, the identity information associated with the terminal identification information is output. A monitoring system.

5. In the monitoring system described in claim 3, The server generates URL information for a web page that displays the identity information and is unique to the terminal identification information used for the registration, in response to the registration of the identity information, and transmits the URL information to the monitored terminal. The monitored terminal writes the URL information received from the server to the IC tag. A monitoring system.

6. In the monitoring system described in claim 1, The server further includes an identity inquiry notification unit that, when the identity information output unit outputs the identity information, sends a notification message to the monitoring terminal indicating that the identity information has been inquired about. The monitoring terminal notifies the caregiver that the identity information has been verified based on the notification message. A monitoring system.

7. In the monitoring system described in claim 6, The identity information output unit of the server acquires location information indicating the current location of the client terminal from the client terminal, The identity verification notification unit includes the location information in the notification message and transmits it to the monitoring terminal. A monitoring system.

8. In the monitoring system described in claim 1, The identity information output unit of the server is: Before outputting the aforementioned identity information, the client terminal is requested to send the image captured by the camera. When the captured image is received from the client terminal, the identity information is output. The data management unit records the captured image in the storage unit as an identity verification record, associating it with the terminal identification information. A monitoring system.

9. In the monitoring system described in claim 1, The identity information output unit of the server is: Location information indicating the current location of the client terminal is obtained from the aforementioned client terminal. If the location indicated by the location information is within a predetermined range from the location of a predetermined facility that has been registered in advance, the identity information is output. A monitoring system.

10. In the monitoring system described in claim 1, The aforementioned server further includes an identity verification unit, The identity information output unit of the server requests the client terminal to transmit the image captured by the camera before outputting the identity information. The identity verification unit analyzes the captured image received from the client terminal and determines whether the identity document included in the captured image conforms to a predetermined format. The identity information output unit outputs the identity information when the identity verification unit determines that it matches the predetermined format. A monitoring system.

11. A monitoring terminal used in a monitoring system, The monitored terminal is equipped with an information storage unit that holds access information used to access the server in a manner that can be read from the outside even when the terminal is not operational. The aforementioned access information is information that enables the acquisition of the identity information of the person being monitored, based on terminal identification information managed in the server in association with the identity information of the person possessing the monitored terminal. A monitoring device.

12. An information processing device for verifying the identity of a person being monitored in a monitoring system, A data management unit stores in a storage unit terminal identification information that identifies the monitored terminal and identity information that indicates the identity of the person who possesses the monitored terminal, in association with each other. An identity information output unit that receives access from a client terminal based on the aforementioned terminal identification information and outputs the identity information corresponding to the access to the client terminal, An information processing device equipped with the following features.

13. The processor, The monitoring device receives identity information that identifies the person being monitored. The aforementioned identity information is stored in the memory unit in association with terminal identification information that identifies the monitored terminal. Even if the monitored terminal is in a non-operational state, the client terminal can accept access based on access information stored in the monitored terminal in a manner that is readable from the outside. The identity information corresponding to the access is output to the client terminal. Information processing methods.

14. In the processor, A process for receiving input of identity information that identifies the person being monitored. A process of sending the input identity information to a server, associated with terminal identification information that identifies the monitored terminal. When the server receives a notification indicating that the identity information has been accessed by the client terminal, the process of displaying the notification on the display unit. A program that executes the command.