JP2019047334A - Data processing unit, data processing method and program for data processing - Google Patents

Abstract

To provide a data processing unit capable of preventing data from being used for usage unintended by the data offerer, while allowing efficient use of the data.SOLUTION: A data processing unit 5 includes a file reception part 35 for receiving a DKP (Data Key Package) specifying a program for processing the processing object data, out of the programs stored in a program storage section 31, from the data offerer side that provided the processing object data, out of the data stored in a data storage section 30, and a data processing section 36 for processing the processing object data, by a program specified by the received DKP.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a data processing device, a data processing method, and a data processing program.

Conventionally, big data has been held in the company and often used only in the company (for example, see Non-Patent Document 1), and has not been used efficiently.
On the other hand, the inventor of the present invention has devised to share big data among a plurality of companies as a result of intensive studies in order to efficiently utilize big data. And when using this devised method and sharing big data among multiple companies, it prevents big data from being used for purposes unintended by the data provider, and makes the right holder of data right We found that protecting is important to facilitate the provision of big data.

Honda Motor Co., Ltd., “Predicted arrival time is accurate”, [online], [Search August 7, 2017], Internet (URL: http://www.honda.co.jp/internavi/time/)

  The present invention pays attention to the above-described problems, and allows data to be used for purposes unintended by the data provider while enabling efficient use of data, or a program for processing data is a program. It is an object of the present invention to provide a data processing device, a data processing method, and a data processing program that can be prevented from being used for purposes not intended by the provider.

  In order to solve the above problems, one embodiment of the present invention includes (a) a data storage unit storing a plurality of data, (b) a program storage unit storing a plurality of programs, and (c). From the data provider side that provided the data to be processed among the data stored in the data storage unit, a program for processing the data to be processed among the programs stored in the program storage unit is specified. A data processing apparatus comprising: a file receiving unit that receives a first file; and (d) a data processing unit that processes data to be processed by a program specified by the first file received by the file receiving unit. This is the gist.

  In another aspect of the present invention, (a) a data storage unit that stores a plurality of data, (b) a program storage unit that stores a plurality of programs, and (c) a program storage unit stores A second file designating data to be processed by the processing program out of the data stored in the data storage unit is received from the program provider who provided the processing program among the programs being processed The gist of the present invention is a data processing device comprising: a file receiving unit that performs processing; and (d) a processing program that processes data specified by the second file received by the file receiving unit.

  In another aspect of the present invention, (a) a plurality of programs are stored from a data provider side that provides data to be processed among data stored in a data storage unit storing a plurality of data. The processor receives a first file that specifies a program for processing data to be processed among the programs stored in the program storage unit, and (b) the data processing unit of the processor The gist of the present invention is a data processing method including a step of processing data by a program specified by the received first file.

  In another aspect of the present invention, (a) a plurality of data is stored from a program provider who provides a processing program among programs stored in a program storage unit storing a plurality of programs. The processor receives a second file designating data to be processed by the processing program among the data stored in the data storage unit, and (b) the data processing unit of the processor receives the processing program The gist of the present invention is a data processing method including a step of processing data designated by the received second file.

  In another aspect of the present invention, (a) a plurality of programs are stored from a data provider side that provides data to be processed among data stored in a data storage unit storing a plurality of data. An instruction that causes the processor to receive a first file that specifies a program for processing data to be processed among the programs stored in the program storage unit, and (b) causes the data processing unit of the processor to The gist of the present invention is a data processing program that causes a data processing apparatus including a processor to execute a series of processes including data that is processed by a program specified by the received first file.

  In another aspect of the present invention, (a) a plurality of data is stored from a program provider who provides a processing program among programs stored in a program storage unit storing a plurality of programs. An instruction that causes the processor to receive a second file that specifies data to be processed by the processing program among the data stored in the data storage unit, and (b) the processing program is sent to the data processing unit of the processor. Thus, the gist of the present invention is a data processing program for causing a data processing apparatus including a processor to execute a series of processing including an instruction for processing data specified by the received second file.

  According to the present invention, since a file specifying a program for processing data to be processed is received from the data provider side, the data provider can limit the use of the data. Further, since the file specifying the data to be processed by the processing program is received from the program provider side, the program provider can limit the use of the program. Therefore, it is possible to prevent the data from being used for an unintended use of the data provider or the processing program from being used for an unintended use of the program provider while enabling efficient use of the data. A data processing apparatus, a data processing method, and a data processing program can be provided.

It is a block diagram showing schematic structure of the data provision system of embodiment of this invention. It is a block diagram showing the internal structure of an activation server. It is a block diagram showing the internal structure of a data provider terminal. It is explanatory drawing for demonstrating a data package. It is explanatory drawing for demonstrating DKP. It is a block diagram showing the internal structure of a program provider terminal. It is explanatory drawing for demonstrating a program package. It is explanatory drawing for demonstrating PKP. It is a block diagram showing the internal structure of a user terminal. It is a flowchart of the processed data provision process which a processor performs. It is explanatory drawing for demonstrating the determination method which determines whether the corresponding | compatible data package corresponding to reception DKP has been registered. It is explanatory drawing for demonstrating the determination method which determines whether the buffer memorize | stores the corresponding PKP corresponding to reception DKP. It is explanatory drawing for demonstrating the verification method of a response | compatibility with data ID and program ID which reception DKP contains, and data ID and program ID which correspondence PKP contains. It is explanatory drawing for demonstrating the verification method of reception DKP. It is explanatory drawing for demonstrating the verification method of corresponding | compatible PKP. It is explanatory drawing for demonstrating the decoding of a data decoding key and a program decoding key. It is explanatory drawing for demonstrating decoding of a data and a program. It is a sequence diagram showing operation | movement of the data provision system of embodiment of this invention.

  Hereinafter, a data processing apparatus, a data processing method, and a data processing program according to an embodiment of the present invention will be described in an overall manner with reference to the drawings, with respect to the entire data providing system configured by the data processing apparatus according to the embodiment. . That is, as will be described later, the data processing apparatus according to the embodiment of the present invention shares data and uses processing results obtained by processing the shared data with a program (hereinafter also referred to as “processed data”) as data. A data providing system to be provided to the user. Here, as the data, for example, data having potential value such as big data, voice assistant voice data, and data having personal information such as SNS (Social Network Service) user data can be used. The program may be any program that can process data, such as a program that reveals the potential value of big data, a program that anonymizes personal information contained in voice data or user data, etc. Programs that limit the value of the data can be used.

  In the following embodiments, an apparatus and method for embodying the technical idea of the present invention are schematically illustrated for the entire data providing system, and the technical idea of the present invention is as follows. The hardware that constitutes the data providing system, software including firmware and middleware, and specific components thereof are not specified as follows. The technical idea of the present invention can be variously modified within the technical scope defined by the claims described in the claims.

(Constitution)
As shown in FIG. 1, a data providing system 1 according to an embodiment of the present invention includes a data provider terminal that provides data (hereinafter also referred to as “data provider terminal 2”) and a program provider that provides a program. The terminal (hereinafter also referred to as “program provider terminal 3”) and the terminal of the data user who uses the data “hereinafter also referred to as“ user terminal 4 ”” are stored and stored. And an activation server 5 as a data processing device for processing and providing the processed data by a program. In the following description, “activation server 5” shown in FIGS. 1 and 18 is referred to as “data processing device 5”. The data provider terminal 2, the program provider terminal 3, the user terminal 4, and the data processing device 5 are connected to each other via a communication network 6 such as the Internet so as to be able to transmit and receive files and the like.
Here, examples of the data provider include a company having big data, an owner of a voice assistant device, an SNS operating company, and the like. Further, as the program provider, for example, the program provider may be a different person or the same person.

(Data processing device: Activation server)
As shown in FIG. 2, the data processing device 5 constituting the data providing system 1 according to the embodiment of the present invention includes hardware resources such as a communication unit 27, a storage device 28, and a processor 29. For example, it is possible to employ a secure server that is installed on the Internet and whose safety is confirmed in terms of its hardware, software, installation location, etc. by a third party organization. The communication unit 27 enables transmission and reception of files and the like between the processor 29 and the data provider terminal 2, the program provider terminal 3, and the user terminal 4 via the communication network 6. The storage device 28 logically includes hardware resources such as a data storage unit 30, a program storage unit 31, and a decrypted data storage unit (hereinafter also referred to as “storage 32”). In FIG. 2, the data storage unit 30, the program storage unit 31, and the storage 32 formally express hardware resources that focus on logical functions. The expression in FIG. 2 does not necessarily mean a storage device that exists independently as a physical area on the substrate.

  The processor 29 physically includes hardware resources such as a data package receiving unit 33, a program package receiving unit 34, a file receiving unit 35, and a data processing unit 36. In FIG. 2, the data package receiving unit 33, the program package receiving unit 34, the file receiving unit 35, the data processing unit 36, and the like formally express hardware resources focusing on logical functions. The data processing unit 36 includes a data package registration determination unit 37, a program package registration determination unit 38, a PKP (Program Key Package) storage state determination unit 39, a DKP (Data Key Package) storage state determination unit 40, and a correspondence verification unit 41. , DKP verification unit 42, PKP verification unit 43, data / program verification unit 44, data decryption key decryption unit 45, program decryption key decryption unit 46, data decryption unit 47, program decryption unit 48, process execution unit 49, processed data An encryption unit 50, a decrypted data erasing unit 51, and a processed data transmission unit 52 are included.

  When the data package 60 shown in FIG. 4 is transmitted from the data provider terminal 2 shown in FIG. 1, the data package receiving unit 33 receives the transmitted data package 60 via the communication unit 27 and receives data. The data is stored in the storage unit 30. Then, by repeatedly receiving and storing the data package 60, a plurality of data provided by the data provider is stored in the data storage unit 30. As a result, data is shared by the data processing device 5. In addition, when the program package 81 shown in FIG. 7 is transmitted from the program provider terminal 3 shown in FIG. 1, the program package receiving unit 34 receives the program package 81 via the communication unit 27 and stores the program package 81. Store in the unit 31. Then, by repeatedly receiving and storing the program package 81, the program storage unit 31 stores a plurality of programs provided by the program provider and capable of processing a plurality of data stored in the data storage unit 30.

(Data provider terminal)
The data provider terminal 2 constituting the data providing system 1 according to the embodiment of the present invention includes hardware resources such as a communication unit 7 and a processor 8 as shown in FIG. As the data provider terminal 2, for example, a personal computer can be adopted. The communication unit 7 enables transmission and reception of files and the like between the processor 8, the program provider terminal 3, the user terminal 4, and the data processing device 5 via the communication network 6. Further, the processor 8 physically includes hardware resources such as a data package generation unit 9, a data package transmission unit 10, a request reception unit 11, a DKP generation unit 12, a DKP transmission unit 13, and a request transmission unit 14. In FIG. 3, the data package generation unit 9, the data package transmission unit 10, the request reception unit 11, the DKP generation unit 12, the DKP transmission unit 13, the request transmission unit 14, and the like form hardware resources focusing on logical functions. Expressively.

  The data package generation unit 9 shown in FIG. 3 generates a data package 60 including data (for example, big data, voice assistant voice data, SNS user data) provided from the data provider to the data processing device 5. . As shown in FIG. 4, the data package 60 includes encrypted data 61, a plurality of XML files “ASSETMAP.xml” 62, “* info.xml” 63, and “* hash.xml” 64. As the encrypted data 61, for example, the data 61 encrypted with a data encryption key such as a common key of the data provider can be used. By encrypting the data, eavesdropping can be prevented and the confidentiality of the data can be secured. An XML file “ASSETMAP.xml” 62 is a file including a list of files in the data package 60, and “* info.xml” 63 is a file including various data information.

  The XML file “* hash.xml” 64 includes a hash value 65 in each file in the data package 60, a digital signature 66 of the data provider, and a public key certificate 67. Each of “ASSETMAP.xml” 62, “* info.xml” 63, and “* hash.xml” 64 includes data IDs 68, 69, and 70 indicating data. As the data IDs 68, 69, 70, for example, UUID (Universally Unique Identifier) can be adopted. Since the UUID is a 128-bit numerical value, it is an ID that does not overlap each other only by setting using a random number or the like. Therefore, for example, unlike the method of managing all the data IDs and setting a data ID different from the other data IDs, it is possible to reduce the labor for setting the data IDs.

3 transmits the data package 60 generated by the data package generation unit 9 shown in FIG. 3 to the data processing device 5 shown in FIG. 1 via the communication unit 7 shown in FIG. Send to.
In the data providing system 1 according to the embodiment of the present invention, the data provider terminal 2 displays the data package 60 via the communication unit 7 shown in FIG. 3, that is, via the communication network 6 such as the Internet. Although the example which transmits to the data processor 5 shown in 1 was shown, another structure is also employable. For example, the data provider operates the data provider terminal 2 to store the data package 60 in a storage such as a hard disk, and passes the storage to the administrator of the data processing device 5. The data package 60 stored in the storage may be operated and stored in the data storage unit 30.

  When the execution result request is transmitted from the user terminal 4 illustrated in FIG. 1, the request reception unit 11 illustrated in FIG. 3 receives the transmitted execution result request via the communication unit 7 illustrated in FIG. 3. To do. The execution result request is a request for requesting provision of processed data obtained by processing any of the data shared by the data processing device 5 with a specific program. Note that the host name of the user terminal 4 and the public key certificate are added to the execution result request.

  When the DKP generation unit 12 illustrated in FIG. 3 receives the execution result request by the request reception unit 11 illustrated in FIG. 3, among the plurality of data stored in the data processing device 5 (data storage unit 30), A first file (hereinafter also referred to as “DKP 71”) that specifies data to be processed is generated from the data provided to the data processing device 5 by the own device (data provider terminal 2). The DKP (Data Key Package) 71 includes, for example, a DKP UUID 72, a DKP issue date and time 73, a DKP expiration date 74, a corresponding data data ID 75, a corresponding data file name 76, and an encryption as shown in FIG. The data decryption key 77, the program ID 78 of the partner program, the digital signature 79 of the data provider, and the public key certificate 80 of the data provider are included.

  As the data ID 75 of the corresponding data, for example, a data ID that designates data to be processed can be used. Further, as the encrypted data decryption key 77, for example, a data decryption key encrypted with the public key of the data processing device 5 can be used. By encrypting the data decryption key, wiretapping of the data decryption key can be prevented. Further, by using the public key of the data processing device 5, the data can be decrypted only by the data processing device 5 having the secret key corresponding to the public key, and it is possible to prevent the data from being processed by an unauthorized server or the like. The data decryption key may be any key that can decrypt the encrypted data 61. For example, a common key of the data provider can be adopted. Further, as the program ID 78 of the partner program, for example, a program ID that designates a program for processing data to be processed can be used. For example, a UUID can be adopted as the program ID. By using the UUID, for example, unlike the method of managing all program IDs and setting program IDs different from other program IDs, it is possible to reduce the trouble of setting program IDs. Further, as the processing program (partner program), for example, any of a plurality of programs stored in the data processing device 5 (program storage unit 31) can be used.

  The DKP transmission unit 13 illustrated in FIG. 3 is configured to process the DKP 71 generated by the DKP generation unit 12 via the communication unit 7 illustrated in FIG. 3, that is, the data ID 75 that specifies the processing target data, and the processing target data. A file including a program ID 78 for specifying the program and an encrypted data decryption key 77 is transmitted to the data processing device 5. That is, from the data provider side that provided the data to be processed among the data stored in the data storage unit 30 illustrated in FIG. 1, the processing target of the programs stored in the program storage unit 31 is selected. A DKP 71 specifying a data processing program is transmitted to the data processing device 5. The host name of the user terminal 4 and the public key certificate added to the execution result request are added to the DKP 71.

  When the request transmission unit 14 illustrated in FIG. 3 transmits the DKP 71 by the DKP transmission unit 13 illustrated in FIG. 3, the second file (hereinafter also referred to as “PKP92”) is transmitted via the communication unit 7 illustrated in FIG. 1 is transmitted to the program provider terminal 3 shown in FIG. To the PKP request, the data ID 75 corresponding to the data included in the DKP 71 transmitted by the DKP transmitter 13 and the same data ID and program ID as the program ID 78 of the counterpart program are added. As the transmission destination of the PKP request, the program provider terminal 3 of the program provider that provided the program specified by the program ID is selected.

(Program provider terminal)
As shown in FIG. 6, the program provider terminal 3 constituting the data providing system 1 according to the embodiment of the present invention includes hardware resources such as a communication unit 15 and a processor 16. For example, a personal computer can be adopted. The communication unit 15 enables transmission and reception of files and the like between the processor 16, the data provider terminal 2, and the data processing device 5 via the communication network 6. The processor 16 physically includes hardware resources such as a program package generation unit 17, a program package transmission unit 18, a request reception unit 19, a PKP generation unit 20, and a PKP transmission unit 21. In FIG. 6, the program package generation unit 17, the program package transmission unit 18, the request reception unit 19, the PKP generation unit 20, the PKP transmission unit 21, and the like formally express hardware resources focusing on logical functions. Yes.

  The program package generation unit 17 illustrated in FIG. 6 is capable of processing a program provided from the program provider to the data processing device 5, that is, a plurality of data stored in the data processing device 5 (data storage unit 30). A program package 81 including the program is generated. The program package 81 includes an encrypted program 82, a plurality of XML files “ASSETMAP.xml” 83, “* info.xml” 84, and “* hash.xml” 85 as shown in FIG. As the encrypted program 82, for example, the program 82 encrypted with a program encryption key such as a common key of the program provider can be used. By encrypting the program, eavesdropping of the program can be prevented, and the confidentiality of the program can be secured.

  The XML file “ASSETMAP.xml” 83 is a file including a file list in the program package 81. Furthermore, “* info.xml” 84 is a file containing various pieces of program information. “* Hash.xml” 85 is a file including a hash value 86 in each file in the program package 81, a digital signature 87 of the program provider, and a public key certificate 88. Each of “ASSETMAP.xml” 83, “* info.xml” 84, and “* hash.xml” 85 includes program IDs 89, 90, and 91 indicating programs.

6 transmits the program package 81 generated by the program package generation unit 17 shown in FIG. 6 via the communication unit 15 shown in FIG. 6 to the data processing device 5 shown in FIG. Send to.
In the data providing system 1 according to the embodiment of the present invention, the program provider terminal 3 displays the program package 81 via the communication unit 15 shown in FIG. 6, that is, via the communication network 6 such as the Internet. Although the example which transmits to the data processor 5 shown in 1 was shown, another structure is also employable. For example, the program provider operates the program provider terminal 3 to store the program package 81 in the storage, passes the storage to the administrator of the data processing device 5, and the administrator operates the data processing device 5. The program package 81 stored in the storage may be stored in the program storage unit 31.

When the PKP request for requesting transmission of the PKP 92 is transmitted from the data provider terminal 2 illustrated in FIG. 1, the request reception unit 19 illustrated in FIG. 6 is transmitted via the communication unit 15 illustrated in FIG. 6. Receive a PKP request.
When the request receiving unit 19 receives the PKP request, the PKP generation unit 20 illustrated in FIG. 6 among the plurality of programs stored in the data processing device 5 (program storage unit 31) (the program provider) A PKP 92 for specifying a program for processing data to be processed is generated from the data provided by the terminal 3). The PKP (Program Key Package) 92 includes, for example, a PKP UUID 93, a PKP issue date 94, a PKP expiration date 95, a program ID 96 of the corresponding program, a file name 97 of the corresponding program, as shown in FIG. The program decryption key 98, the data ID 99 of the partner data, the digital signature 100 of the program provider, and the public key certificate 101 of the program provider are included.

  As the program ID 96 of the corresponding program, for example, a program ID that designates a program for processing data to be processed can be used. Further, as the encrypted program decryption key 98, for example, a program decryption key encrypted with the public key of the data processing device 5 can be used. By encrypting the program decryption key, eavesdropping of the program decryption key can be prevented. In addition, by using the public key of the data processing device 5, the program can be decrypted only by the data processing device 5 having a secret key corresponding to the public key, and the program can be prevented from being used by an unauthorized server or the like. The program decryption key may be any key that can decrypt the encrypted program 82. For example, a common key of the program provider can be adopted. As the data ID 99 of the partner data, for example, a data ID that designates data to be processed that is processed by a processing program can be used. Further, as the processing target data (partner data), for example, any of a plurality of data stored in the data processing device 5 (data storage unit 30) can be used. As a method for setting the program ID 96 of the corresponding program and the data ID 99 of the partner data, a method using the program ID and the data ID added to the PKP request can be employed.

  The PKP transmission unit 21 shown in FIG. 6 has the PKP generated by the PKP generation unit 20 shown in FIG. 6 via the communication unit 15 shown in FIG. 1 is transmitted to the data processing apparatus 5 shown in FIG. 1 including a data ID for designating data to be processed in step 1 and an encrypted program decryption key. That is, from the program provider side that provided the processing program among the programs stored in the program storage unit 31 shown in FIG. 1, the processing data out of the data stored in the data storage unit 30 is processed. A PKP 92 specifying data to be processed by the program is transmitted to the data processing device 5.

(User terminal)
As shown in FIG. 9, the user terminal 4 constituting the data providing system 1 according to the embodiment of the present invention includes hardware resources such as a communication unit 22 and a processor 23. For example, a personal computer can be adopted. The communication unit 22 enables transmission / reception of files and the like between the processor 23, the data provider terminal 2, and the data processing device 5 via the communication network 6. The processor 23 physically includes hardware resources such as a request transmission unit 24, a processed data reception unit 25, and a processed data decoding unit 26. In FIG. 9, the request transmitting unit 24, the processed data receiving unit 25, the processed data decoding unit 26, and the like formally express hardware resources focusing on logical functions.

The request transmission unit 24 illustrated in FIG. 9 transmits an execution result request to the data provider terminal 2 illustrated in FIG. 1 via the communication unit 22 illustrated in FIG. To the execution result request, the host name of the user terminal 4, that is, the own terminal device and the public key certificate are added.
The processed data receiving unit 25 shown in FIG. 9 receives the encrypted processed data from the data processing device 5 shown in FIG. 1 via the communication unit 22 shown in FIG. Receive encrypted encrypted processed data. An arbitrary common key is used for encrypting the processed data. Further, the encrypted processed data is added with the common key used for encryption encrypted with the user terminal 4, that is, the public key of the own terminal device.
The processed data decryption unit 26 shown in FIG. 9 uses the encrypted common key added to the encrypted processed data received by the processed data reception unit 25 shown in FIG. 4 is decrypted with a private key corresponding to the public key of 4, that is, a private key corresponding to the public key of the terminal device itself. Subsequently, the encrypted processed data is decrypted with the decrypted common key to obtain the processed data that has been decrypted.

(Data processing method)
Next, processed data providing processing executed by the processor 29 of the data processing device 5 according to the embodiment of the present invention will be described. The processed data providing process is realized by a program that causes the data processing device 5 to execute a series of processes including various instructions to the processor 29.
In the processed data providing process, as shown in FIG. 10, first, in step S101, the file receiving unit 35 shown in FIG. 2 until the DKP 71 is transmitted from the data provider terminal 2 shown in FIG. The standby state is maintained until the PKP 92 is transmitted from the program provider terminal 3 shown in FIG. And if it determines with DKP71 or PKP92 having been transmitted, a standby state will be complete | finished and it will transfer to step S102.

In step S102, the file receiving unit 35 shown in FIG. 2 receives DKP from the data provider terminal 2 shown in FIG. 1 via the communication unit 27 shown in FIG. 2, or the program shown in FIG. A PKP 92 is received from the provider terminal 3. That is, in step S102, the file receiving unit 35 is caused to execute a command for causing the processor 29 to receive the DKP 71.
Subsequently, the process proceeds to step S103, and the file reception unit 35 illustrated in FIG. 2 determines whether the file received in step S102 is the DKP 71. If it is determined that the file is DKP 71 (Yes), the process proceeds to step S104. On the other hand, if it is determined that the file is not DKP 71 (No), it is determined that the file is PKP 92, and the process proceeds to step S119.

  In step S104, the data package 60 (hereinafter also referred to as “corresponding data package 60”) corresponding to the DKP 71 (hereinafter also referred to as “reception DKP 71”) received by the data package registration determination unit 37 illustrated in FIG. It is determined whether or not it has been registered in the data processing device 5. For example, as shown in FIG. 11, when it is determined that the data package 60 including the same data ID as the data ID 75 of the corresponding data included in the reception DKP 71 is stored in the data storage unit 30, the corresponding data package 60 is registered. It is determined that it has been completed. Note that the data ID 69 included in the XML file “* info.xml” 63 is referred to as the data ID of the data package 60. If it is determined that the corresponding data package 60 has been registered (Yes), the process proceeds to step S105. If it is determined that the corresponding data package 60 has not been registered (No), the process returns to step S101. .

  In step S105, the PKP storage state determination unit 39 shown in FIG. 2 determines whether or not the storage 32 stores a PKP 92 corresponding to the reception DKP 71 (hereinafter also referred to as “corresponding PKP 92”). For example, as shown in FIG. 12, when it is determined that the storage 32 stores the PKP 92 including the same program ID as the program ID 78 of the partner program included in the reception DKP 71, the storage 32 stores the corresponding PKP 92. judge. If it is determined that the storage 32 stores the corresponding PKP 92 (Yes), the process proceeds to step S106. If it is determined that the storage 32 does not store the corresponding PKP 92 (No), step S110 is performed. Migrate to

  In step S106, the correspondence verification unit 41 shown in FIG. 2 receives the data ID 75 of the corresponding data included in the received DKP 71 and the program ID 78 of the counterpart program, the data ID 99 of the counterpart data included in the corresponding PKP 92, and the program ID 96 of the corresponding program. Verify the correspondence. For example, as shown in FIG. 13, the data ID of the corresponding data included in the reception DKP 71 and the data ID 99 of the partner data included in the corresponding PKP 92 are the same as each other, and the program ID 78 of the partner program included in the reception DKP 71 and the corresponding PKP 92 are When it is determined that the program IDs 96 of the corresponding programs that are included are the same, it is determined that the verification is successful. If it is determined that the verification is successful (Yes), the data included in the corresponding data package 60 and the program included in the corresponding program package 81 are linked (hereinafter also referred to as “bind”), and the process proceeds to step S107. If it is determined that the verification has failed (No), the process proceeds to step S110.

  In step S107, the DKP verification unit 42 illustrated in FIG. 2 verifies the reception DKP 71. For example, verification of whether the expiration date of the received DKP 71 has expired (hereinafter also referred to as “first verification”), as shown in FIG. 14, the public key certificate 80 of the received DKP 71 and the public key certificate of the corresponding data package 60 Verification of the identity of the certificate 67 (hereinafter also referred to as “second verification”) and verification of the digital signature 79 of the received DKP 71 using the public key certificate 80 (hereinafter also referred to as “third verification”). If it is determined that the first to third verifications are successful, it is determined that the verification of the reception DKP 71 is successful. In the second verification, it is confirmed whether the data provider terminal 2 (see FIG. 1) that created the reception DKP 71 and the data provider terminal 2 that created the corresponding data package 60 are the same. In addition, the third verification confirms whether or not the received DKP 71 has been tampered with, and confirms the integrity and validity of the received DKP 71. If it is determined that the verification of the received DKP 71 is successful (Yes), the process proceeds to step S108. If it is determined that the verification of the received DKP 71 has failed (No), the process returns to step S101.

  In step S108, the PKP verification unit 43 illustrated in FIG. 2 verifies the corresponding PKP 92. For example, verification of whether the corresponding PKP 92 has expired (hereinafter also referred to as “fourth verification”), as shown in FIG. 15, the public key certificate 101 of the corresponding PKP 92 and the program package 81 corresponding to the corresponding PKP 92 Verification of whether the public key certificate 88 (hereinafter also referred to as “corresponding program package 81”) is the same (hereinafter also referred to as “fifth verification”), digital signature of the corresponding PKP 92 using the public key certificate 101 When 100 verifications (hereinafter also referred to as “sixth verification”) are performed and it is determined that the fourth to sixth verifications are successful, it is determined that the corresponding PKP 92 has been successfully verified. By the fifth verification, it is confirmed whether the program provider terminal 3 (see FIG. 1) that created the corresponding PKP 92 and the program provider terminal 3 that created the corresponding program package 81 are the same. In addition, it is confirmed by the sixth verification whether the corresponding PKP 92 has been tampered with, and the completeness / validity of the corresponding PKP 92 is confirmed. If it is determined that the verification of the corresponding PKP 92 has been successful (Yes), the process proceeds to step S111. If it is determined that the verification of the corresponding PKP 92 has failed (No), the process proceeds to step S109.

In step S109, the PKP verification unit 43 illustrated in FIG. 2 deletes the corresponding PKP 92 from the storage 32, and then proceeds to step S110.
In step S110, the PKP verification unit 43 illustrated in FIG. 2 stores the received DKP 71 in the storage 32, and then returns to step S101.

  On the other hand, in step S111, the data / program verification unit 44 shown in FIG. 2 verifies the corresponding data package 60 and the corresponding program package 81. For example, verification of the hash value 65 of the XML file “* hash.xml” 64 of the corresponding data package 60 (hereinafter also referred to as “seventh verification”), and “* hash.xml” 64 using the public key certificate 67 The digital signature 66 is verified (hereinafter also referred to as “eighth verification”). In the seventh verification, it is confirmed whether the corresponding data package 60 has been tampered with. Further, it is confirmed whether or not the hash value 65 of “* hash.xml” 64 has been falsified by the eighth verification. That is, the integrity of the data included in the corresponding data package 60 is verified by the seventh and eighth verifications.

  Also, for example, verification of the hash value 86 of the XML file “* hash.xml” 85 of the corresponding program package 81 (hereinafter also referred to as “ninth verification”), “* hash.xml” using the public key certificate 88 85 digital signatures 87 are verified (hereinafter also referred to as “tenth verification”). In the ninth verification, it is confirmed whether the corresponding program package 81 has been tampered with. Further, the tenth verification confirms whether the hash value 86 of “* hash.xml” 85 has been tampered with. That is, the integrity of the program included in the corresponding program package 81 is verified by the ninth and tenth verifications. When it is determined that the seventh, eighth, ninth, and tenth verifications are successful, it is determined that the corresponding data package 60 and the corresponding program package 81 are successfully verified. If it is determined that the verification of the corresponding data package 60 and the corresponding program package 81 has been successful (Yes), the process proceeds to step S112. If it is determined that the verification has failed (No), the process returns to step S101.

  In step S112, the data decryption key decryption unit 45 shown in FIG. 2 decrypts the encrypted data decryption key 77 included in the reception DKP 71 with the private key 102 of the data processing device 5, as shown in FIG. A data decryption key 103 is obtained. In addition, the program decryption key decryption unit 46 decrypts the encrypted program decryption key 98 included in the corresponding PKP 92 with the private key 102 of the data processing device 5 to obtain the program decryption key 104. Each of the encrypted data decryption key 77 and the program decryption key 98 is decrypted with the private key 102 of the data processing device 5, that is, the private key corresponding to the public key used for encryption. Authentication can be performed.

  Subsequently, the process proceeds to step S113, and the data decoding unit 47 and the program decoding unit 48 illustrated in FIG. 2 store the data and program bound in step S106 in the storage 32. For example, the data decrypting unit 47 shown in FIG. 2 receives encrypted data 61 included in the corresponding data package 60 among the plurality of data packages stored in the data storage unit 30 as shown in FIG. The data decryption key 103 decrypted in step S112 is decrypted, and the decrypted data 105 is stored in the storage 32 as bound data. By storing the decrypted data 105 in the storage 32, the data ID determined to be the same in step S106, that is, the data ID 75 of the corresponding data included in the received DKP 71 or the data ID 99 of the counterpart data included in the corresponding PKP is designated. The data 105 to be stored can be stored.

  Further, for example, the program decryption unit 48 illustrated in FIG. 2 decrypts the encrypted program 82 included in the corresponding program package 81 among the plurality of program packages stored in the program storage unit 31 in step S112. The program decrypted with the program decryption key 104 is stored in the storage 32 as the program bound in step S106. By storing the decrypted program 106 in the storage 32, the program ID determined to be the same in step S106, that is, the program ID 78 of the counterpart program included in the received DKP 71 or the program ID 96 of the corresponding program included in the corresponding PKP 92 is designated. The program to be stored can be stored in the storage 32.

  Subsequently, the process proceeds to step S114, and the process execution unit 49 shown in FIG. 2 generates processed data using the data and program bound in step S106. For example, the data 105 stored in the storage 32 is processed by the program 106 stored in the storage 32, and the processing result is processed data. By using the data 105 and the program 106 stored in the storage 32, the data specified by the data ID determined to be the same in step S106 is specified by the program ID determined to be the same in the same step. Process it with a program. That is, in steps S113 and S114, the data (data to be processed) specified by the data ID 75 of the corresponding data included in the reception DKP 71 among the plurality of data stored in the data storage unit 30 is stored in the program storage unit 31. Among the plurality of programs stored in the received DKP 71, causes the process execution unit 49 to execute an instruction to be processed by the program specified by the program ID 78 of the partner program included in the received DKP 71.

  At this time, the processed data includes, for example, data that has been subjected to statistical processing or the like on the data 105 stored in the storage 32 to reveal the potential value of the data 105 or personal information included in the data 105. Data in which the value of the data 105 is limited by anonymization is generated.

Subsequently, the process proceeds to step S115, and the processed data encryption unit 50 shown in FIG. 2 encrypts the processed data generated in step S114 with an arbitrary common key. Subsequently, the common key used for encryption is encrypted with the public key of the public key certificate of the user terminal 4 added to the reception DKP 71.
Subsequently, the process proceeds to step S116, and the decrypted data erasure unit 51 shown in FIG. 2 erases the data 105 and the program 106 from the storage 32.
Subsequently, the process proceeds to step S117, and the decrypted data erasure unit 51 shown in FIG. 2 erases the corresponding PKP 92 from the storage 32.
Subsequently, the process proceeds to step S118, where the processed data transmission unit 52 shown in FIG. 2 uses the processed data encrypted in step S115 to the user terminal 4 corresponding to the host name added to the reception DKP 71. After transmitting to (see FIG. 1), the calculation process is terminated. The common key encrypted in step S115 is added to the encrypted processed data.

  On the other hand, in step S119, the program package registration determination unit 38 shown in FIG. 2 corresponds to the program package 81 (hereinafter referred to as “corresponding program package 81”) corresponding to the PKP 92 received in step S102 (hereinafter also referred to as “reception PKP 92”). Call) is already registered in the data processing device 5. For example, when it is determined that the program package 81 including the same program ID 96 as the corresponding program ID 96 included in the received PKP 92 is stored in the program storage unit 31, it is determined that the corresponding program package 81 has been registered. If it is determined that the corresponding program package 81 has been registered (Yes), the process proceeds to step S120. If it is determined that the corresponding program package 81 has not been registered (No), the process returns to step S101.

  In step S120, the DKP storage state determination unit 40 shown in FIG. 2 determines whether or not the storage 32 stores the DKP 71 corresponding to the reception PKP 92 (hereinafter also referred to as “corresponding DKP 71”). For example, when it is determined that the storage 32 stores the DKP 71 including the same data ID as the data ID of the counterpart data included in the reception PKP 92, it is determined that the corresponding DKP 71 is stored in the storage 32. If it is determined that the storage 32 is stored (Yes), the process proceeds to step S121. If it is determined that the storage 32 is not stored (No), the process proceeds to step S125.

  In step S121, the correspondence verification unit 41 shown in FIG. 2 includes the data ID 99 of the counterpart data included in the received PKP 92 and the program ID 96 of the corresponding program, the data ID 75 of the corresponding data included in the corresponding DKP 71, and the program ID 78 of the counterpart program. Verify the correspondence. For example, the data ID 75 of the corresponding data included in the corresponding DKP 71 and the data ID 99 of the counterpart data included in the received PKP 92 are the same, and the program ID 78 of the counterpart program included in the corresponding DKP 71 and the program ID 96 of the corresponding program included in the received PKP 92 are included. Are determined to be the same as each other, it is determined that the verification is successful. If it is determined that the verification is successful (Yes), the data included in the corresponding data package 60 and the program included in the corresponding program package 81 are linked, that is, bound, and the process proceeds to step S122. If it is determined that the process has failed (No), the process proceeds to step S125.

  In step S122, the PKP verification unit 43 shown in FIG. 2 verifies the received PKP 92. For example, verification of whether the expiration date of the received PKP 92 has expired (hereinafter also referred to as “eleventh verification”), the public key certificate 101 of the received PKP 92 and the public key certificate 88 of the corresponding program package 81 are the same. Verification (hereinafter also referred to as “twelfth verification”), verification of the digital signature 100 of the received PKP 92 using the public key certificate 101 (hereinafter also referred to as “thirteenth verification”), and When it is determined that the verification of the received PKP 92 is successful, it is determined that the verification of the received PKP 92 is successful. In the twelfth verification, it is confirmed whether the program provider terminal 3 (see FIG. 1) that created the reception PKP 92 and the program provider terminal 3 that created the corresponding program package 81 are the same. Further, in the thirteenth verification, it is confirmed whether the received PKP 92 has been tampered with, and the completeness / validity of the received PKP 92 is confirmed. If it is determined that the received PKP 92 has been successfully verified (Yes), the process proceeds to step S123. If it is determined that the verification has failed (No), the process returns to step S101.

  In step S123, the DKP verification unit 42 illustrated in FIG. 2 verifies the corresponding DKP 71. For example, verification of whether the expiration date of the corresponding DKP 71 has expired (hereinafter also referred to as “14th verification”), the public key certificate 80 of the corresponding DKP 71 and the data package 60 corresponding to the corresponding DKP 71 (hereinafter “corresponding data package 60”). (Hereinafter also referred to as “fifteenth verification”), verification of the digital signature 79 of the corresponding DKP 71 using the public key certificate 80 (hereinafter referred to as “first”). If the 14th to 16th verifications are determined to be successful, it is determined that the verification of the corresponding DKP 71 is successful. In the fifteenth verification, it is confirmed whether the data provider terminal 2 (see FIG. 1) that created the corresponding DKP 71 and the data provider terminal 2 that created the corresponding data package 60 are the same. In addition, the sixth verification confirms whether the corresponding DKP 71 has been tampered with, and confirms the completeness / validity of the corresponding PKP 92. If it is determined that the corresponding DKP 71 has been successfully verified (Yes), the process proceeds to step S126. If it is determined that the corresponding DKP 71 has not been verified (No), the process proceeds to step S124.

In step S124, the DKP verification unit 42 shown in FIG. 2 deletes the corresponding DKP 71 from the storage 32, and then proceeds to step S125.
In step S125, the DKP verification unit 42 illustrated in FIG. 2 stores the received PKP 92 in the storage 32, and then returns to step S101.

  On the other hand, in step S 126, the data / program verification unit 44 shown in FIG. 2 verifies the corresponding data package 60 and the corresponding program package 81. For example, verification of the hash value 65 of the XML file “* hash.xml” 64 of the corresponding data package 60 (hereinafter also referred to as “17th verification”), and “* hash.xml” 64 using the public key certificate 67 The digital signature is verified (hereinafter also referred to as “18th verification”). In the seventeenth verification, it is confirmed whether the corresponding data package 60 has been tampered with. Further, it is confirmed whether or not the hash value 65 of “* hash.xml” 64 has been falsified by the eighteenth verification. That is, the integrity of the data included in the corresponding data package 60 is verified by the 17th and 18th verifications.

  Further, for example, verification of the hash value 86 of the XML file “* hash.xml” 85 of the corresponding program package 81 (hereinafter also referred to as “19th verification”), “* hash.xml” using the public key certificate 88 85 digital signatures 87 are verified (hereinafter also referred to as “20th verification”). In the nineteenth verification, it is confirmed whether the corresponding program package 81 has been tampered with. In addition, it is confirmed whether or not the hash value 86 of “* hash.xml” 85 has been falsified by the 20th verification. That is, the integrity of the program included in the corresponding program package 81 is verified by the 19th and 20th verifications. When it is determined that the 17th to 20th verifications have been successful, it is determined that the corresponding data package 60 and the corresponding program package 81 have been successfully verified. If it is determined that the verification of the corresponding data package 60 and the corresponding program package 81 is successful (Yes), the process proceeds to step S127. If it is determined that the verification fails (No), the process returns to step S101.

  In step S127, the data decryption key decryption unit 45 shown in FIG. 2 decrypts the encrypted data decryption key 77 included in the corresponding DKP 71 with the private key 102 of the data processing device 5 to obtain the data decryption key 103. Further, the program decryption key decryption unit 46 decrypts the encrypted program decryption key 98 included in the received PKP 92 with the private key 102 of the data processing device 5 to obtain the program decryption key 104. Each of the encrypted data decryption key 77 and the program decryption key 98 is decrypted with the private key 102 of the data processing device 5, that is, the private key corresponding to the public key used for encryption. Authentication can be performed.

  Subsequently, the process proceeds to step S128, and the data decoding unit 47 and the program decoding unit 48 illustrated in FIG. 2 store the data and program bound in step S121 in the storage 32. For example, the data decryption unit 47 illustrated in FIG. 2 decrypts the encrypted data 61 included in the corresponding data package 60 among the plurality of data packages stored in the data storage unit 30 in step S127. Decrypted with the key 103 and the decrypted data 105 is stored in the storage 32 as bound data. By storing the decrypted data 105 in the storage 32, the data ID determined to be the same in step S121, that is, the data ID 99 of the counterpart data included in the received PKP 92 or the data ID 75 of the corresponding data included in the corresponding DKP 71 is designated. Data can be stored in the storage 32.

  For example, the program decryption unit 48 illustrated in FIG. 2 decrypts the encrypted program 82 included in the corresponding program package 81 among the plurality of program packages stored in the program storage unit 31 in step S127. The program decrypted with the program decryption key 104 is stored in the storage 32 as the program bound in step S121. By storing the decrypted program 106 in the storage 32, the program ID determined to be the same in step S121, that is, the program ID 78 of the counterpart program included in the received PKP 92 or the program ID 96 of the corresponding program included in the corresponding DKP 71 is designated. The program to be stored can be stored in the storage 32.

  Subsequently, the process proceeds to step S129, and the process execution unit 49 illustrated in FIG. 2 generates processed data using the data and program bound in step S121. For example, the data 105 stored in the storage 32 is processed by the program 106 stored in the storage 32, and the processing result is processed data. By using the data 105 and the program 106 stored in the storage 32, the data specified by the data ID determined to be the same in step S121 is specified by the program ID determined to be the same in the same step. Process it with a program. That is, in steps S128 and S129, the program storage unit 31 stores the data (processing target data) specified by the data ID 99 of the partner data included in the reception PKP 92 among the plurality of data stored in the data storage unit 30. The process execution unit 49 is caused to execute an instruction to be processed by a program specified by the program ID 96 of the corresponding program included in the reception PKP 91 among the plurality of stored programs.

  At this time, the processed data includes, for example, data that has been subjected to statistical processing or the like on the data 105 stored in the storage 32 to reveal the potential value of the data 105 or personal information included in the data 105. Data in which the value of the data 105 is limited by anonymization is generated.

Subsequently, the process proceeds to step S130, and the processed data encryption unit 50 illustrated in FIG. 2 encrypts the processed data generated in step S129 with an arbitrary common key. Subsequently, the common key used for encryption is encrypted with the public key of the public key certificate of the user terminal 4 attached to the corresponding DKP 71.
Subsequently, the process proceeds to step S131, and the decrypted data erasure unit 51 shown in FIG. 2 erases the data 105 and the program 106 from the storage 32.
Subsequently, the process proceeds to step S132, and the decrypted data erasure unit 51 shown in FIG.
Subsequently, the process proceeds to step S133, where the processed data transmission unit 52 shown in FIG. 2 uses the processed data encrypted in step S130 as the user terminal 4 corresponding to the host name added to the corresponding DKP 71. After transmitting to (see FIG. 1), the calculation process is terminated. To the encrypted processed data, the common key encrypted in step S130 is added.

(Operation other)
Next, the operation of the data providing system 1 according to the embodiment of the present invention will be described.
First, each data provider operates its own data provider terminal 2 and encrypts data to be provided (for example, big data, voice assistant voice data, SNS user data) with a data encryption key, as shown in FIG. As shown, the data package 60 including the encrypted data 61 is created and transmitted to the data processing device 5 (step S201). When the data package 60 is transmitted, the data processing device 5 receives the transmitted data package 60 and stores it in the data storage unit 30 (step S202). Each program provider operates its own program provider terminal 3 to provide a program to be provided, that is, a plurality of programs capable of processing a plurality of data stored in the data processing device 5 (data storage unit 30). The program package 81 is encrypted with the program encryption key and includes the encrypted program 82, and is transmitted to the data processing apparatus 5 (step S203). When the program package 81 is transmitted, the data processing device 5 receives the transmitted program package 81 and stores it in the program storage unit 31 (step S204). Then, by repeating the above flow, the data processing device 5 causes the data storage unit 30 to store a plurality of data, shares the plurality of data, and causes the program storage unit 31 to store a plurality of programs.

  After the storage of a plurality of data in the data storage unit 30 and the storage of a plurality of programs in the program storage unit 31, the video distribution company (data user) selects works to be distributed to the viewers. In order to operate the user terminal 4 owned by itself, the execution result request for requesting the provision of processed data representing the evaluation of each work age group, etc. is sent to the movie review site operator (data provider) data. It is assumed that the message is transmitted to the provider terminal 2 (step S205). The host name of the user terminal 4 and the public key certificate are added to the execution result request. Then, the operator of the movie review site uses the received execution result request to obtain movie review data (data to be processed) that is big data including the gender, age, work evaluation, etc. of the reviewer and the processing program. Select and operate its own data provider terminal 2 to specify the data ID 75 (data ID 75 of the corresponding data) that specifies the data to be processed, and the program ID 78 (the partner program) that specifies the program for the selected processing DKP 71 including the program ID 78) is generated and transmitted to the data processing device 5 (step S206). The host name of the user terminal 4 and the public key certificate added to the execution result request are added to the DKP 71.

  Here, the data to be processed is selected from the data provided by the movie review site operator among the data stored in the data storage unit 30. The processing program is selected from the programs stored in the program storage unit 31. That is, in the data processing device 5, the program storage unit 31 stores data from the data provider side (movie review site operator side) that provided the data to be processed among the data stored in the data storage unit 30. DKP 71 that designates a program for processing data to be processed among the programs being processed is transmitted. Further, the PKP request is transmitted to the program provider terminal 3 of the program provider who provided the selected program (step S207).

  When the DKP 71 is transmitted from the data provider terminal 2, the data processing device 5 receives the transmitted DKP 71 (step S208), and the corresponding data package 60 corresponding to the received DKP 71 (reception DKP 71) is the data storage unit 30. If it is stored, the corresponding data package 60 is determined to have been registered (step S209). Further, it is determined that the storage 32 does not store the PKP 92 (corresponding PKP 92) corresponding to the reception DKP 71 (step S210), and the reception DKP 71 is stored in the storage 32 (step S211).

  When the PKP request is transmitted from the data provider terminal 2, the program provider terminal 3 performs data processing on the PKP 92 including the data ID 75 and the program ID 78 of the corresponding program included in the DKP 71 and the program ID 78 of the counterpart program. It transmits to the apparatus 5 (step S212). When the PKP 92 is transmitted, the data processing device 5 receives the transmitted PKP 92 (step S213), and the program package 81 (corresponding program package 81) corresponding to the received PKP 92 (received PKP 92) is stored in the program storage unit 31. If stored, it is determined that the corresponding program package 81 has been registered (step S214). Further, the storage 32 is referred to, and it is determined that the storage 32 stores the DKP 71 (corresponding DKP 71) corresponding to the reception PKP 92 (step S215).

  Further, the data processing device 5 verifies the correspondence between the data ID 99 of the counterpart data included in the received PKP 92 and the program ID 96 of the corresponding program, and the data ID 75 of the corresponding data included in the corresponding DKP 71 and the program ID 78 of the counterpart program. If successful, the data included in the corresponding data package 60 and the program included in the corresponding program package 81 are bound (step S216). Also, the received PKP 92 is verified (step S217), and the corresponding DKP 71 is verified (step S218). Further, when the corresponding data package 60 and the corresponding program package 81 are successfully verified (step S219), the encrypted data decryption key 77 included in the corresponding DKP 71 and the encrypted program decryption key 98 included in the received PKP 92 are obtained. Each is decrypted with the private key 102 of the data processing device 5 to obtain the data decryption key 103 and the program decryption key 104 (step S220).

  Further, the data processing device 5 decrypts the encrypted data 61 included in the corresponding data package 60 with the decrypted data decryption key 77, and stores the decrypted data 105 in the storage 32 as the bound data in step S216. Further, the encrypted program 82 included in the corresponding program package 81 is decrypted with the decrypted program decryption key 104, and the decrypted program 106 is stored in the storage 32 as a bound program (step S221). Further, the data 105 stored in the storage 32 is processed by the program 106 stored in the storage 32 to generate processed data (step S222). As the processed data, for example, statistical processing or the like is performed on the data 105 to reveal the potential value of the data 105, and data representing an evaluation or the like for each age group of the work is generated. The generated processed data is encrypted with an arbitrary common key, and the common key used for encryption is encrypted with the public key of the public key certificate of the user terminal 4 attached to the corresponding DKP 71 (step S223). ). Further, the data 105, the program 106, and the corresponding DKP 71 are deleted from the storage 32 (step S224). Further, the data processing device 5 transmits the encrypted processed data to the user terminal 4 of the moving picture distribution business operator (data user) corresponding to the host name added to the corresponding DKP 71 (step S225). ). The common key encrypted in step S223 is added to the encrypted processed data.

  When the encrypted processed data is transmitted from the data processing device 5, the user terminal 4 receives the encrypted processed data (step S226) and adds it to the received encrypted processed data. The encrypted common key is decrypted with a secret key corresponding to the public key of the user terminal 4, that is, a secret key corresponding to the public key of the own device. Further, the encrypted processed data is decrypted with the decrypted common key to obtain the processed data that has been decrypted (step S227).

  As described above, in the data processing device 5 according to the embodiment of the present invention, the program storage unit 31 is provided from the data provider side that provided the data to be processed among the data stored in the data storage unit 30. Of the stored programs, a file receiving unit 35 that receives a DKP 71 that specifies a processing program for processing target data, and a data processing unit that processes the processing target data using a program specified by the received DKP 71 36. Therefore, since the DKP 71 that specifies the processing program for the data to be processed is received from the data provider side, the data provider can limit the use of the data.

  Therefore, the data processing apparatus 5 can prevent the data from being used for an unintended use of the data provider while enabling efficient use of the data, and can protect the data provider's data ownership. Can be provided. Also, for example, unlike the method of limiting the use of data only by a contract between the data provider and the data user, the use of the data can be technically restricted, so that the use of the data is more reliably limited. Can do. In addition, since the data provider's data ownership is protected, the data provider can be prompted to provide data to the data processing device 5, and data sharing by the data processing device 5 can be promoted.

In addition, since data sharing is realized using the data processing device 5, for example, data confidentiality and integrity are relatively ensured as compared with a method of holding data in a data provider company. Data sharing can be realized at low cost. Furthermore, it is not necessary for the data provider to perform management or the like, and human errors of the data provider can be suppressed.
Furthermore, by processing the data with a program, the potential value of the data can be revealed. By providing data users with data whose value has become obvious in this way, that is, processed data, it is expected that new value will be created and that a rich future society will be created. Further, the data provider does not need to pass the data itself to the data user, and can provide only a part of various values possessed by the data while maintaining the ownership of the data. Furthermore, the data user can use the data more easily than the method in which the data is provided as it is.

Incidentally, for example, according to the conventional method of specifying a program by the extension of data, only one program can be specified for one data. Therefore, the program cannot be specified in accordance with the processing result desired from the data, that is, the potential value desired to be manifested.
On the other hand, since the data processing apparatus 5 according to the embodiment of the present invention can specify a program with the program ID 78 included in the DKP 71, an arbitrary program can be specified for one piece of data. Therefore, the program can be specified according to the potential value to be manifested.

  Further, in the data processing device 5 according to the embodiment of the present invention, the DKP 71 has a data ID 75 (data ID 75 of the corresponding data) that specifies data to be processed and a program ID 78 that specifies a program that processes the data to be processed. (Data ID 75 included in the DKP 71 (received DKP 71) received by the file receiving unit 35 among the plurality of data stored in the data storage unit 30 is included in the data processing unit 36. The designated data is processed by the program designated by the program ID 78 included in the reception DKP 71 among the plurality of programs stored in the program storage unit 31. Therefore, the data to be processed and the processing program can be selected relatively easily.

  In the data processing device 5 according to the embodiment of the present invention, each of the plurality of data is encrypted with the data encryption key, and the DKP 71 uses the data decryption key 77 that can decrypt the encrypted data 61. I included it. The process execution unit 49 also decrypts the data specified by the data ID 75 included in the reception DKP 71 with the data decryption key 77 included in the reception DKP 71 among the plurality of data stored in the data storage unit 30. I was prepared to. Therefore, the data can be protected more reliably, and the outflow of data from the data processing device 5 can be prevented more reliably.

Furthermore, in the data processing device 5 according to the embodiment of the present invention, the data encryption key and the data decryption key 77 are common keys of the data provider. Therefore, for example, compared with a method using a public key, the amount of calculation can be reduced, and the time required for encryption and decryption can be shortened.
In the data processing device 5 according to the embodiment of the present invention, the data decryption key 77 is encrypted with the public key of the data processing device 5, and the process execution unit 49 corresponds to the data decryption key as the public key. A data decryption key decrypting unit 45 for decrypting with the secret key is provided. Therefore, it is possible to authenticate the data processing device 5 that performs data decryption, processing, and the like.

  Furthermore, the data processing device 5 according to the embodiment of the present invention has the data stored in the data storage unit from the program provider side that provides the processing program among the programs stored in the program storage unit 31. Among them, a file receiving unit 35 that receives a PKP 92 that specifies data to be processed by a processing program from the program provider side, and a data processing unit 36 that processes the data specified by the received PKP 92 by a processing program. And was prepared. Therefore, since the PKP 92 that specifies data to be processed by the processing program is received from the program provider side, the program provider can limit the use of the program. Therefore, the data processing apparatus 5 can prevent the program from being used for an unintended use of the program provider and can protect the ownership of the program provider's program while enabling efficient use of the data. Can provide. Further, since the program provider's ownership of the program is protected, it is possible to prompt the program provider to provide the program to the data processing device 5. As a result, data sharing by the data processing device 5 can be promoted.

  In the data processing device 5 according to the embodiment of the present invention, the file receiving unit 35 receives a PKP 92 including a program ID 96 that specifies a processing program and a data ID 99 that specifies data to be processed by the program. Receive from. The process execution unit 49 also determines whether the data ID 75 included in the DKP 71 and the data ID 99 included in the PKP 92 are the same, and whether the program ID 78 included in the DKP 71 and the program ID 96 included in the PKP 92 are the same. When the unit 41 and the correspondence verification unit 41 determine that the data IDs are the same and the program IDs are the same, the data specified by the data IDs determined to be the same are the same. And a process execution unit 49 that processes the program specified by the program ID determined to be present.

  Therefore, for example, when a data provider processes data provided by itself with a program provided by another, it is necessary to cause the program provider to transmit the PKP 92. Therefore, the program can be prevented from being used without the permission of the program provider, and the ownership of the program provider's program can be more reliably protected. Further, for example, when a program provider processes data provided by another person with its own program, it is necessary to cause the data provider to transmit the DKP 71. Therefore, it is possible to prevent the data from being used without the permission of the data provider, and it is possible to protect the data provider's data ownership more reliably.

  In the data processing device 5 according to the embodiment of the present invention, each of the plurality of programs is encrypted with the program encryption key, and the PKP 92 uses the program decryption key 98 that can decrypt the encrypted program 82. I included it. Further, the process execution unit 49 decrypts a program specified by the program ID 96 included in the reception PKP 92 among the plurality of programs stored in the program storage unit 31 with the program decryption key 98 included in the reception PKP 92. I was prepared to. Therefore, the program can be protected more reliably, and the outflow of the program (algorithm) from the data processing device 5 can be prevented more reliably.

Furthermore, in the data processing device 5 according to the embodiment of the present invention, the program encryption key and the program decryption key 98 are common keys of the program provider. Therefore, for example, compared with a method using a public key, the amount of calculation can be reduced, and the time required for encryption and decryption can be shortened.
In the data processing device 5 according to the embodiment of the present invention, the program decryption key 98 is encrypted with the public key of the data processing device 5, and the process execution unit 49 corresponds to the program decryption key 98 as a public key. A program decryption key decryption unit 46 for decrypting with the secret key to be decrypted is provided. Therefore, authentication of the data processing device 5 that performs processing can be performed.

  In the data processing device 5 according to the embodiment of the present invention, the storage 32 storing the data 105 decrypted by the data decryption unit 47 and the program 106 decrypted by the program decryption unit 48 and the processing by the processing execution unit 49 are finished. Later, a decrypted data erasure unit 51 for erasing the decrypted data 105 and the program 106 from the storage 32 is provided. Therefore, theft of data and programs can be prevented, and the data and programs can be protected more reliably.

  Further, in the data processing device 5 according to the embodiment of the present invention, the processed data that is the processing result of the processing performed by the data processing unit 36 is encrypted with the common key, and the execution result request is transmitted with the common key. The user terminal 4 is encrypted with the public key of the user terminal 4, that is, the public key of the user terminal 4 that requests the provision of processed data. Therefore, for example, the amount of calculation can be reduced and the time required for encryption and decryption can be shortened as compared with a method using a public key for encryption of processed data. Further, since the processed data cannot be decrypted by anyone other than the data user who transmitted the execution result request, it is possible to prevent the processed data from being stolen.

  Further, in the data processing device 5 according to the embodiment of the present invention, the program is a program that reveals the potential value of data or a program that limits the value of data. Therefore, a part of various values possessed by the data can be acquired as a processing result (processed data).

(Modification)
(1) In the data providing system 1 according to the embodiment of the present invention, an example is shown in which big data, voice assistant voice data, and SNS user data are used as processing target data, but other configurations are adopted. You can also For example, it is good also as a structure which uses the video data of a surveillance camera. When using video data of a surveillance camera, a program ID 78 for specifying a statistical information generation program (a program that reveals the potential value of data) for generating statistical information from the video data is included in the DKP 71, and the program ID 78 included in the DKP 71 The video data may be processed by a statistical information generation program specified by. In addition, a program ID 78 that specifies an image processing program (a program that reveals the potential value of data) that performs image processing such as extracting a person from video data is included in the DKP 71, and the program ID 78 included in the DKP 71 specifies it. The video data may be processed by an image processing program.

(2) Also, for example, when the voice assistant voice data is used as the processing target data, anonymization program for anonymizing personal information included in the voice data (the value of the data is set for privacy protection). A program ID 78 specifying a program to be limited may be included in the DKP 71, and the voice data may be processed by the anonymization program specified by the program ID 78 included in the DKP 71. In addition, for example, in the case of using SNS user data (for example, profile data, user hobby data, preference data) as processing target data, personal information included in the user data for privacy protection The program ID 78 for specifying the anonymization program (the program for limiting the value of data) for anonymizing is included in the DKP 71, and the user data is processed by the program for anonymization specified by the program ID 78 included in the DKP 71. Good.
When providing processed data with anonymized personal information, there is a possibility that personal information may be leaked from the provided processed data. Can be clarified. In addition, by adopting a configuration in which a third-party organization authorizes the anonymization program, it is possible to clarify the anonymization standard that has been vague in the past.

(3) In addition, for example, in the case of using automobile data including a lot of information such as position information and sensor information collected by a car as data to be processed, only a part of information included in the car data is used. A program ID 78 that specifies an information extraction program to be extracted (a program that limits the value of data) may be included in the DKP 71, and the vehicle data may be processed by the information extraction program specified by the program ID 78 included in the DKP 71.
(4) Furthermore, in the data providing system 1 according to the embodiment of the present invention, an example of generating processed movie review data from movie review data using a program, that is, an example of generating processed data of original data is shown. However, other configurations can be employed. For example, it is good also as a structure which produces | generates the application which can browse original data, without processing original data.

(5) In the data providing system 1 according to the embodiment of the present invention, the example in which the encrypted data 61 is stored in the data storage unit 30 has been shown, but other configurations may be employed. For example, it may be configured to store unencrypted data. When storing unencrypted data, a file obtained by removing the data decryption key 77 from the DKP 71 may be used.
Furthermore, although the example which memorize | stores the encrypted program 82 in the program memory | storage part 31 was shown, another structure can also be employ | adopted. For example, an unencrypted program may be stored. When storing an unencrypted program, a file obtained by removing the program decryption key 98 from the PKP 92 may be used instead of the PKP 92.

(6) Further, in the data providing system 1 according to the embodiment of the present invention, the data provider terminal 2 of the data provider adds the host name of the user terminal 4 and the public key certificate to the DKP 71. Although an example of designating a data user as a destination of processed data has been shown, other configurations can be adopted. For example, the program provider terminal 3 of the program provider may be configured to designate a data user, or both the data provider terminal 2 of the data provider and the program provider terminal 3 of the program provider are data users. It is good also as a structure which designates.

  For example, when the program provider designates a data user, the data provider terminal 2 of the data user transmits an execution request to the program provider terminal 3 of the program provider, and the execution request itself ( The public key certificate of the data provider terminal 2) is added. Then, the program provider terminal 3 of the program provider adds the host name of the user terminal 4 and the public key certificate to the PKP 92 and transmits it to the data processing device 5. The data processing device 5 processes the data to be processed, encrypts the processed data with the common key, and then uses the common key used for the encryption to verify the public key of the user terminal 4 attached to the PKP 92. Encrypt with the public key of the certificate. Then, the data processing device 5 adds the encrypted common key to the encrypted processed data, and transmits it to the user terminal 4 having the host name added to the PKP 92.

  On the other hand, when both the data provider and the program provider specify a data user, the data user terminal 4 of the data user provides the data provider terminal 2 of the data provider and the program provider of the program provider. An execution request is transmitted to both the user terminal 3 and the public key certificate of itself (data provider terminal 2) is sent to the execution request. The data provider terminal 2 of the data provider and the program provider terminal 3 of the program provider add the host name and the public key certificate of the user terminal 4 to the DKP 71 and the PKP 92, respectively, and the data processing device Send to 5. The data processing device 5 processes the data to be processed, encrypts the processed data with a common key, and then adds the public key certificate of the user terminal 4 attached to the DKP 71 and the PKP. It is determined whether or not the public key certificate of the user terminal 4 matches. If it is determined that they match, the common key used to encrypt the processed data is encrypted with the public key of the public key certificate of the user terminal 4 added to either the DKP 71 or the PKP 92. Then, the data processing device 5 adds the encrypted common key to the encrypted processed data, and transmits it to the user terminal 4 having the host name added to the DKP 71 and PKP 92.

(7) In the data providing system 1 according to the embodiment of the present invention, when the data file size increases, the processing time in the data processing device 5 increases linearly according to the file size. Examples of processing that increases the processing time depending on the file size include verification of the hash value 65 included in the XML file “* hash.xml” 64 of the data package 60, decryption of the encrypted data 61, Generation of processed data.
In order to solve this problem, for example, verification of the hash value 65 included in the XML file “* hash.xml” 64 of the data package 60, decryption of the encrypted data 61, and generation of processed data from the data 105 are performed. A method of performing distributed processing of the three processes in the data processing device 5 may be used. In other words, this is a technique in which data to be processed is divided into a plurality of blocks, the divided blocks are processed by different threads, and the processing results are finally combined. For example, when processing 1 [GB] data, the data is divided into 10 units in units of 100 [MB], each of the divided data is simultaneously processed by different threads, and finally the processing results are combined in order. Then, processed data is generated. In this way, processed data can be obtained in a shorter time than directly processing 1 [GB] data.

  As an application example of this method, the processing time can be expected to be shortened by extracting and processing only necessary portions from data having a large file size such as big data. Generally, when data (file) is used, locality is generated at the place where the data is used. In other words, when the target data is considered as one huge byte string, the places to be used are often concentrated in a close part of the byte string. Therefore, it is possible to realize a reduction in processing time by not decoding all huge data but decoding only necessary portions and processing only the combined portions.

  DESCRIPTION OF SYMBOLS 1 ... Data provision system, 2 ... Data provider terminal, 3 ... Program provider terminal, 4 ... User terminal, 5 ... Data processing apparatus (activation server), 6 ... Communication network, 7 ... Communication part, 8 ... Processor , 9 ... Data package generation unit, 10 ... Data package transmission unit, 11 ... Request reception unit, 12 ... DKP generation unit, 13 ... DKP transmission unit, 14 ... Request transmission unit, 15 ... Communication unit, 16 ... Processor, 17 ... Program package generation unit, 18 ... program package transmission unit, 19 ... request reception unit, 20 ... PKP generation unit, 21 ... PKP transmission unit, 22 ... communication unit, 23 ... processor, 24 ... request transmission unit, 25 ... processed data Receiving unit, 26 ... processed data decoding unit, 27 ... communication unit, 28 ... storage device, 29 ... processor, 30 ... data storage unit, DESCRIPTION OF SYMBOLS 1 ... Program memory | storage part, 32 ... Storage, 33 ... Data package receiving part, 34 ... Program package receiving part, 35 ... File receiving part, 36 ... Data processing part, 37 ... Data package registration determination part, 38 ... Program package registration determination 39 ... PKP storage state determination unit, 40 ... DKP storage state determination unit, 41 ... corresponding verification unit, 42 ... DKP verification unit, 43 ... PKP verification unit, 44 ... data / program verification unit, 45 ... data decryption key decryption , 46 ... Program decryption key decryption unit, 47 ... Data decryption unit, 48 ... Program decryption unit, 49 ... Process execution unit, 50 ... Processed data encryption unit, 51 ... Decrypted data erasure unit, 52 ... Processed data transmission Part 60 ... data package 61 ... encrypted data 62 ... ASSETMAP.xml 63 ... * info.xml 64 ... * hash.xml 65 ... 65 ... Digital signature, 67 ... Public key certificate, 68, 69, 70 ... Data ID, 71 ... DKP, 72 ... UUID of DKP, 73 ... Date and time of issue of DKP, 74 ... Expiration date of DKP, 75 ... Data ID of corresponding data, 76 ... File name of corresponding data, 77 ... Encrypted data decryption key, 78 ... Program ID of partner program, 79 ... Digital signature, 80 ... Public key certificate, 81 ... Program package , 82 ... encrypted program, 83 ... ASSETMAP.xml, 84 ... * info.xml, 85 ... * hash.xml, 86 ... hash value, 87 ... digital signature, 88 ... public key certificate, 89, 90, 91 ... Program ID, 92 ... PKP, 93PKP UUID, 94 ... PKP issue date, 95 ... PKP expiration date, 96 ... Program ID of the corresponding program, 9 7 ... File name of corresponding program, 98 ... Encrypted program decryption key, 99 ... Data ID of partner data, 100 ... Digital signature, 101 ... Public key certificate, 102 ... Private key, 103 ... Data decryption key, 104 ... Program decryption key, 105 ... Data, 106 ... Program

Claims (17)

A data storage unit storing a plurality of data;
A program storage unit storing a plurality of programs;
A program for processing the data to be processed among the programs stored in the program storage unit from the data provider side that provided the data to be processed among the data stored in the data storage unit A file receiving unit for receiving a first file designating
A data processing apparatus comprising: a data processing unit that processes the data to be processed by a program specified by the first file received by the file receiving unit. The first file includes a data ID that specifies the data to be processed, and a program ID that specifies a program for processing the data to be processed.
The data processing unit includes, among the data stored in the data storage unit, the data specified by the data ID included in the first file, of the program stored in the program storage unit, 2. The data processing apparatus according to claim 1, wherein the processing is performed by a program specified by a program ID included in the first file. Each of the plurality of data is encrypted with a data encryption key,
The first file includes a data decryption key capable of decrypting encrypted data;
The data processing unit includes a data decryption unit that decrypts data specified by a data ID included in the first file received by the file reception unit with the data decryption key included in the first file. The data processing apparatus according to claim 1 or 2, characterized in that   The data processing apparatus according to claim 3, wherein the data encryption key and the data decryption key are a common key of a data provider. The data decryption key is encrypted with the public key of the data processing device,
5. The data processing apparatus according to claim 3, wherein the data processing unit includes a data decryption key decryption unit that decrypts the data decryption key with a secret key corresponding to the public key. The file receiving unit receives a second file including a program ID for designating a processing program and a data ID for designating data to be processed by the program from the program provider side,
The data processing unit
The data ID included in the first file and the data ID included in the second file are the same, and the program ID included in the first file and the program ID included in the second file are mutually A correspondence verification unit that determines whether or not they are the same;
When the correspondence verification unit determines that the data IDs are the same and the program IDs are the same, the data specified by the data IDs determined to be the same are determined to be the same. The data processing apparatus according to claim 2, further comprising: a processing execution unit that performs processing using a program specified by the program ID. Each of the plurality of programs is encrypted with a program encryption key,
The second file includes a program decryption key capable of decrypting an encrypted program,
The said data processing part is provided with the program decoding part which decodes the program which the program ID which the said 2nd file contains specifies with the program decryption key which the said 2nd file contains. Data processing equipment.   The data processing apparatus according to claim 7, wherein the program encryption key and the program decryption key are a common key of a program provider. The program decryption key is encrypted with the public key of the data processing device,
9. The data processing apparatus according to claim 7, wherein the data processing unit includes a program decryption key decryption unit that decrypts the program decryption key with a secret key corresponding to the public key. The data storage unit encrypts and stores each of the plurality of data,
The first file includes a data decryption key capable of decrypting encrypted data;
The data processing unit includes, among the data stored in the data storage unit, the data specified by the data ID included in the first file received by the file receiving unit, the data included in the first file. A data decryption unit for decrypting with a decryption key;
A decoded data storage unit for storing the data decoded by the data decoding unit and the program decoded by the program decoding unit;
The decoded data erasing unit for erasing the data and the program decoded from the decoded data storage unit after the data processing unit finishes processing the data, further comprising: The data processing device according to any one of claims. A data storage unit storing a plurality of data;
A program storage unit storing a plurality of programs;
Data to be processed by the processing program out of the data stored in the data storage unit from the program provider side that provided the processing program among the programs stored in the program storage unit A file receiver for receiving a second file to be designated;
A data processing apparatus comprising: a data processing unit that processes data specified by the second file received by the file receiving unit with the processing program.   The data processing apparatus according to any one of claims 1 to 11, wherein the program is a program that reveals the potential value of data or a program that limits the value of data.   Processing for encrypting processed data, which is a processing result of processing performed in the data processing unit, with a common key, and encrypting the common key with a public key of a user terminal that requests provision of the processed data The data processing apparatus according to claim 1, further comprising a completed data encryption unit. From the data provider side that provided the data to be processed among the data stored in the data storage unit storing a plurality of data, among the programs stored in the program storage unit storing a plurality of programs, A processor receiving a first file designating a program for processing the data to be processed;
A data processing method comprising: a data processing unit of the processor processing the data to be processed with a program specified by the received first file. Of the data stored in the data storage unit storing a plurality of data, from the program provider side that provided the processing program among the programs stored in the program storage unit storing a plurality of programs, A processor receiving a second file designating data to be processed by the processing program;
A data processing method comprising: a data processing unit of the processor processing data specified by the received second file with the processing program. From the data provider side that provided the data to be processed among the data stored in the data storage unit storing a plurality of data, among the programs stored in the program storage unit storing a plurality of programs, An instruction that causes a processor to receive a first file that specifies a program for processing the data to be processed;
Causing the data processing unit of the processor to execute a series of processing including an instruction for causing the data processing unit of the processor to process the data to be processed by the program specified by the received first file. A data processing program characterized by that. Of the data stored in the data storage unit storing a plurality of data, from the program provider side that provided the processing program among the programs stored in the program storage unit storing a plurality of programs, An instruction for causing a processor to receive a second file designating data to be processed by the processing program;
Causing the data processing unit of the processor to execute a series of processing including an instruction to cause the data processing unit of the processor to process the data specified by the received second file with the processing program. A data processing program characterized by that.

Images