JP6342094B1 - Information processing system, information processing method, and program - Google Patents

Abstract

An information processing system, an information processing method, and a program for preventing personal information from being leaked to a person having an unauthorized purpose. According to an embodiment of the present invention, an information processing system having a management device operated by a user and an information processing terminal operated by the user is related to the user from the information processing terminal and an external device. From an acquisition unit that acquires personal data, a protection unit that performs protection processing to protect the personal data, a learning unit that learns the type of protection processing that was specified when the user operated previously, and the external device Accepting a request for use of the personal data to be disclosed, disclosed, corrected or used for the personal data protected by the protection process, and when the external device satisfies a preset condition, A permission unit that permits, and a management unit that, when permitted, outputs the personal data to the external device or allows access to the personal data from the external device. , And a monitoring unit for monitoring the use of the personal data by the external device. [Selection] Figure 1

Description

  The present invention relates to an information processing system, an information processing method, and a program.

  Conventionally, methods such as PDS (Personal Data Service or Personal Data Store) are known.

  For example, an individual such as an employee first deposits personal data such as life log data of each person to a server that is an “information bank” via a network. When the individual consents, personal data is disclosed to a predetermined company. Next, when personal data is disclosed, for example, the company analyzes personal data, predicts a service according to each person's life stage, and provides information. A technique for constructing such a business model is known (see, for example, Non-Patent Document 1).

"Started demonstration experiment of information bank using personal data", [online], July 14, 2017, Fujitsu Limited, AEON Financial Service, Ltd., [December 22, 2017], Internet <URL : Http://pr.fujitsu.com/jp/news/2017/07/14.html>

  However, the conventional method is premised on that the information processing apparatus that deposits data can ensure sufficient security. Therefore, in the conventional method, personal information or the like may be leaked to a person having an unauthorized purpose.

  In view of the above problems, an object of the present invention is to provide an information processing system, an information processing method, and a program for preventing personal information and the like from leaking to a person having an unauthorized purpose.

In view of the above problems, according to an embodiment of the present invention,
An information processing system having a management device operated by a user and an information processing terminal operated by the user,
An acquisition unit for acquiring personal data relating to the user from the information processing terminal and the external device;
A protection unit for performing a protection process for protecting the personal data;
A learning unit that learns the type of the protection process specified when the user operated previously;
A receiving unit that accepts a request for use of the personal data to be published, disclosed, corrected, or used from the external device, the personal data protected by the protection process;
When the external device satisfies a preset condition, a permission unit that permits the request;
With the permission, a management unit that outputs the personal data to the external device or enables access to the personal data from the external device;
And a monitoring unit that monitors the use of the personal data by the external device.

  It is possible to provide an information processing system, an information processing method, and a program that prevent leakage of personal information or the like to a person having an unauthorized purpose.

1 is a schematic diagram illustrating an example of the overall configuration of an information processing system according to an embodiment of the present invention. It is a block diagram which shows the hardware structural example of the information processing apparatus which concerns on one Embodiment of this invention. It is a sequence diagram which shows the example of the whole process by the information processing system which concerns on one Embodiment of this invention. It is the schematic which shows the structural example of VRM by the information processing system which concerns on one Embodiment of this invention. It is a functional block diagram which shows the function structural example of the information processing system which concerns on one Embodiment of this invention. It is the schematic which shows the example of whole structure of the information processing system of 2nd Embodiment which concerns on one Embodiment of this invention. It is a sequence diagram which shows the example of the whole process by the information processing system of 2nd Embodiment which concerns on one Embodiment of this invention. It is the schematic which shows the example of whole structure of the information processing system of 3rd Embodiment which concerns on one Embodiment of this invention.

  Hereinafter, a specific example according to an embodiment of the present invention will be described with reference to the drawings.

<First Embodiment>
<Example of overall configuration>
FIG. 1 is a schematic diagram illustrating an example of the overall configuration of an information processing system according to an embodiment of the present invention. For example, the information processing system 10 is configured to include an information processing terminal 101 and a management apparatus 102 as illustrated. The information processing terminal 101 and the management apparatus 102 are connected via a network or the like, and can exchange data with each other by using the network or the like.

  As illustrated, the information processing terminal 101 and the management apparatus 102 are both information processing apparatuses operated by the user UR. Note that the information processing terminal 101 and the management apparatus 102 may be a single information processing apparatus. Hereinafter, as illustrated, an example in which the information processing system 10 is configured by two information processing devices, the information processing terminal 101 and the management device 102, will be described, but the number of information processing devices may be other than two.

  For example, the management apparatus 102 is operated by the user UR via the network from the information processing terminal 101 or the like. On the other hand, the information processing terminal 101 is operated by an input device or the like. Note that the operation method of the management apparatus 102 may be an operation using an input device or the like.

  The management apparatus 102 manages data relating to the user UR (hereinafter referred to as “personal data D1”). For example, the personal data D1 is transmitted from the information processing terminal 101 via a network or the like.

  The personal data D1 is, for example, personal information ("Personal information" defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information (Act No. 57 of May 30, 2003)). Specifically, personal data D1 includes contact information such as address, bank account number, life insurance / non-life insurance content, credit card number, points on various point cards (sometimes called "miles", etc.) ), Accounting information, household account book information, information on vehicles owned, ID (Identification), password, personal number (so-called “My Number”, use of a number to identify a specific individual in administrative procedures, etc. Law on May 31, 2013 (Law No. 27, 2013) “Personal number” prescribed in Article 2.5, etc.) or a combination thereof.

  In addition, the personal data D1 may be data such as a so-called life log. Specifically, the personal data D1 is data indicating physical information such as respiration, heart rate, number of steps, or a combination thereof. That is, the personal data D1 may be data indicating information that can identify the user UR, personal circumstances or characteristics related to the user UR, and the like. For example, there may be data indicating a photograph or a record of life.

  Hereinafter, all personal data D1 is stored in the management apparatus 102, and an example in which the management apparatus 102 performs centralized management will be described. Note that all or part of the personal data D1 may be stored in another information processing apparatus, and the management apparatus 102 may manage the information processing apparatus that stores the personal data D1.

  As shown in the figure, with permission, personal data D1 is obtained from government offices, utility bills, banks, credit sales companies, airlines, point card operators, insurance companies, real estate companies, cloud service providers, etc. It is used for "companies").

  For example, personal data D1 includes address registration in various documents, service reservations, creation of contract documents, accommodation reservations, transportation reservations, purchases of various goods, sales of various goods, payment of fees, Used to receive charges or a combination of these. The personal data D1 may be used for marketing or statistical processing. That is, using the personal data D1, a company or the like performs various procedures or business activities.

  Hereinafter, as shown in the figure, an example in which there are a first trader C1, a second trader C2, a third trader C3, etc., which are companies or the like will be described. In this example, it is assumed that the first trader C1, the second trader C2, and the third trader C3 want to use the personal data D1 to construct their respective databases. In addition, it is assumed that the range in which the company can use the personal data D1 is a permitted range. In this example, each database is assumed to be operated by the first external device 103, the second external device 104, and the third external device 105 that are operated by each database.

  On the other hand, it is assumed that the personal data D1 is managed by the management apparatus 102 as illustrated. Note that the information serving as the personal data D1 includes at least information input by the user UR and information provided by a company or the like. The personal data D1 may include information other than information input by the user UR and information provided by a company or the like.

  In addition, the usage method of the personal data D1 is not restricted to the form shown in figure. In other words, a company or the like may have a plurality of databases and copy and use personal data D1 in each database. A company or the like may operate a plurality of external devices. Furthermore, a company or the like may jointly operate one database among a plurality of companies.

  Accordingly, in this example, the personal data D1 is disclosed, disclosed, corrected, used, or a combination thereof by the first external device 103, the second external device 104, the third external device 105, and the like. The use of the personal data D1 includes a case where the personal data D1 is used together with other people's data or the data format is changed.

  Hereinafter, a configuration as illustrated will be described as an example. The information processing system 10 is not limited to the overall configuration illustrated. For example, the information processing system 10 may have an overall configuration that further includes an information processing apparatus.

<Hardware configuration example>
FIG. 2 is a block diagram illustrating a hardware configuration example of the information processing apparatus according to the embodiment of the present invention. For example, the information processing terminal 101, the management device 102, the first external device 103, the second external device 104, and the third external device 105 have the same hardware configuration. Hereinafter, the information processing terminal 101 will be described as an example, and description of the management device 102, the first external device 103, the second external device 104, and the third external device 105 will be omitted.

  For example, the information processing terminal 101 has a hardware configuration including a CPU (Central Processing Unit) 200, a communication device 201, an interface 202, a storage device 203, an input device 204, and an output device 205. .

  The CPU 200 is an example of an arithmetic device and a control device.

  The communication device 201 is a device that communicates with an external device in a wired or wireless manner. For example, the communication device 201 is a network card or the like.

  The interface 202 is a device that transmits and receives data to and from the outside. For example, the interface 202 is a connector or the like.

  The storage device 203 is, for example, a main storage device. Note that the storage device 203 may include an auxiliary storage device such as a hard disk.

  The input device 204 is a device that inputs a user operation. For example, the input device 204 is a keyboard, a mouse, or a combination thereof.

  The output device 205 is a device that outputs processing results and the like to the user. For example, the output device 205 is a display or the like.

  As illustrated, the information processing terminal 101, the management device 102, the first external device 103, the second external device 104, and the third external device 105 are, for example, a PC (Personal Computer), a server, a notebook PC, a smartphone, or these Such as a combination.

  Note that the hardware configuration is not limited to the illustrated configuration. For example, the information processing terminal 101, the management device 102, the first external device 103, the second external device 104, and the third external device 105 may have different hardware configurations. In addition, there may be a plurality of hardware configurations of each information processing apparatus outside or inside the information processing apparatus.

<Example of desirable hardware configuration of management device>
The management apparatus 102 is preferably hardware having an electronic circuit such as an IC (Integrated Circuit) that performs processing for protecting the personal data D1 (hereinafter referred to as “protection processing”, details will be described later). Specifically, the management apparatus 102 preferably has an ASIC (Application Specific Integrated Circuit) for protection processing.

  The IC may be PLD (Programmable Logic Device) such as FPGA (Field-Programmable Gate Array) or a combination thereof.

  With such a hardware configuration, since the protection process is performed by an electronic circuit, the processing load on the CPU 200 is small. Further, since the processing performed by the electronic circuit is faster than the processing performed by the CPU 200, that is, software, the time for performing the protection processing can be shortened.

  Note that it is desirable that biometric authentication such as genome authentication and fingerprint authentication is performed for the protection process. When performing such authentication, it is desirable that the management apparatus 102 has an authentication sensor. The sensor may be included in another device, and an authentication result or a detection result of the sensor may be transmitted to the management device 102.

<Example of overall processing>
FIG. 3 is a sequence diagram showing an example of overall processing by the information processing system according to the embodiment of the present invention. First, the information processing system 10 performs “learning” before each “operation” process to be described later. The learning process is, for example, a process including step S01 and step S02 described below. The learning process only needs to be performed before the operation, and the learning process and the operation process do not need to be performed continuously. Hereinafter, assuming that the first external device 103, the second external device 104, and the third external device 105 perform the same processing, the processing performed by the first external device 103 will be described as an example.

<Example of learning process>
<Specification example of the type of protection processing to be executed> (step S01)
In step S01, the information processing terminal 101 transmits to the management apparatus 102 a command that specifies the type of protection processing to be performed on the data. It is assumed that data to be protected is input to the management apparatus 102 in advance.

  First, it is assumed that the management apparatus 102 is in a state where a plurality of types of protection processing can be performed by installing software, mounting peripheral devices, or a combination thereof. For example, the protection processing is encryption by AES (Advanced Encryption Standard) or the like, approval by a block chain type autonomous distributed format, EI (Emotional Intelligence) for reading a facial expression or a gesture, genome authentication, or a combination thereof. The protection process may be any process as long as the contents of the personal data D1 are not easily read against unauthorized access.

  The user UR specifies the type of protection processing to be performed on the personal data D1 among the above types, and instructs the management apparatus 102 to execute it. Therefore, the specified type is a type that can be executed by the management apparatus 102 and is a type that the user UR considers optimal.

<Learning example> (step S02)
In step S02, the management apparatus 102 learns the type of protection process. That is, the management apparatus 102 learns the type of protection processing that has been designated and executed in step S01.

  Note that learning is preferably performed repeatedly. That is, it is desirable that the management apparatus 102 learns the type of protection processing based on step S01 performed previously.

  In many cases, the user UR designates the type to be trusted in step S01. Therefore, when learning a previously designated type, the management apparatus 102 can identify the type that the user UR trusts. For example, the type that is often specified may be specified as the type that the user UR trusts. Therefore, it is desirable that the learning be performed in a state where the process of step S01 has been performed several times.

<Operation example>
<Example of obtaining personal data> (Step S03)
In step S03, the management apparatus 102 acquires personal data D1 from the information processing terminal 101, the first external apparatus 103, and the like. As shown in the figure, the personal data D1 is composed of information provided from both the user UR and a company. Thereafter, the management apparatus 102 manages the personal data D1.

  Even the personal data D1 includes information generated by a company or the like. For example, information generated by a company or the like is purchase information or the like. Specifically, when there is a commercial transaction between the user UR and a company, the company, etc. may record the date, content, target product name, or a combination thereof as purchase information, etc. Many. For example, such information is negotiated so that the user UR provides information to companies in advance. After the negotiation is established, the company or the like transmits purchase information or the like as personal data D1 to the management apparatus 102. With such a configuration, the user UR can centrally manage the personal data D1 not on the company side but on the user side.

  The personal data D1 is not limited to one time and may be transmitted any number of times. For example, when life log data or the like is included in the personal data D1, the personal data D1 may be added or updated regularly or irregularly.

<Protection processing example> (step S04)
In step S04, the management apparatus 102 performs a protection process on the personal data D1. Therefore, the management apparatus 102 is in a state where personal data D1 to be managed can be protected from so-called unauthorized access.

  The type of protection process executed in step S04 is the type learned in the learning process. Accordingly, after step S04, the personal data D1 is less likely to be leaked even if there is unauthorized access or the like.

<Example of request for use of personal data> (Step S05)
In step S <b> 05, the first external device 103 transmits a use request for personal data D <b> 1 to the information processing terminal 101. For example, the first external device 103 transmits a signal indicating a use request to the information processing terminal 101. The transmission format of the usage request may be another transmission format. The use request may be operated by a person.

<Use permission example> (step S06)
In step S06, the information processing terminal 101 permits the first external device 103 to use personal data D1. Specifically, when the user UR receives the use request in step S05, the user UR investigates what kind of company the first trader C1 is. The survey method may take any form. Then, based on the survey result, the user UR determines whether or not the person correctly handles personal information and the like. That is, if the first trader C1 is not a reliable person, there is a high possibility that the personal data D1 is illegally used or personal information is leaked.

  The permission may be conditioned. That is, the use of the personal data D1 may be permitted when a preset condition is satisfied.

  For example, it is assumed that the condition can be set in advance by the user UR.

  Specifically, among the data included in the personal data D1, the type of data permitted to be used may be specified. For example, it is assumed that the personal data D1 includes “contact information” information and “bank account” information. Next, in the information processing terminal 101, it is assumed that the use of “contact address” is set to “permitted” and the use of “bank account” is set to “impossible” in advance. In the case of such a condition, if there is a use request for “contact” in step S05, the information processing terminal 101 determines that the condition is satisfied and permits the use. On the other hand, if there is a use request for “bank account” in step S05, the information processing terminal 101 determines that the condition is not satisfied and does not permit the use.

  In addition, the condition may specify a permitted partner. For example, assume that the information processing terminal 101 is set in advance to “use” for “office” and “impossible” to use for “private enterprise”. In the case of such a condition, if there is a use request for “office” as the transmission source in step S05, the information processing terminal 101 determines that the condition is satisfied and permits the use. On the other hand, if there is a use request of “private company” in step S05, the information processing terminal 101 determines that the condition is not satisfied and does not permit the use.

  In addition, the condition may specify whether the use is “paid” or “free”. Note that “paid” is a condition in which a predetermined fee is paid as a usage fee for the personal data D1 from the first trader C1 to the user UR when the use is permitted. On the other hand, “free of charge” is a condition in which the usage fee of the personal data D1 is not paid to the user UR from the first trader C1 when the use is permitted. The fee may be a consideration other than money, such as points.

  Therefore, in the information processing terminal 101, for example, if the usage request is “paid”, the usage is permitted to be set in advance. In such a condition, if there is a “paid” usage request in step S05, the information processing terminal 101 determines that the condition is satisfied and permits the use. On the other hand, if there is a “free” use request in step S05, the information processing terminal 101 determines that the condition is not satisfied and does not permit the use.

  The conditions may be other than the above items. For example, the condition may specify whether to allow or not depending on the purpose to be used. The purpose is, for example, advertising or market research. In such a case, a condition may be set such that a request for advertising is not permitted. In this way, it is assumed that the item can be selected as the condition.

<Example of sending personal data> (Step S07)
In step S07, the management apparatus 102 transmits personal data D1 to the first external apparatus 103. That is, the first external device 103 can use the personal data D1 after step S07. Therefore, when step S07 is performed, use of the personal data D1 by the first trader C1 is started.

  The personal data D1 only needs to be in a usable state in step S07. Therefore, for example, when it is sufficient that the first trader C1 can browse the personal data D1, the personal data D1 does not have to be transmitted to the first external device 103. For example, the management apparatus 102 may allow access to the personal data D1 on the management apparatus 102 from the first external apparatus 103. After the access, the first external device 103 refers to or processes the personal data D1 on the management device 102.

<Monitoring Example> (Step S08)
In step S08, the management apparatus 102 monitors the use of the personal data D1. It is desirable that monitoring is performed periodically.

  For example, the monitoring checks the position of the personal data D1. For example, the personal data D1 is preliminarily attached with a program or the like for transmitting the location where the data is stored. In this way, the management apparatus 102 can track what external apparatus the personal data D1 is used after allowing. That is, the monitoring is realized by a so-called traceability function or the like. For monitoring, it is only necessary to know where the personal data D1 is used. For example, the management device 102 includes, for example, a URL (Uniform Resource Locator) of a home page where information indicated by the personal data D1 is described. Or a document name etc. may be conveyed.

  In addition, the monitoring may check, for example, whether data outside the permitted range has been published or disclosed, or check whether the data has been used beyond the permitted period. The monitoring may be performed by a person. Further, the data to be monitored is not limited to the personal data D1, and may include data generated based on the personal data D1 or data indicating related contents.

<Notification Example of Use> (Step S09)
In addition, after the permission, the first external device 103 desirably performs notification when the personal data D1 is actually used or when permission is given.

  In step S09, the first external device 103 notifies the information processing terminal 101 that the use of the personal data D1 is used. For example, when the personal data D1 is used, the user UR can be set in advance to notify the used form. When such a setting is made, for example, data generated based on the personal data D1 is transmitted to the information processing terminal 101. In this way, the user UR can know how the personal data D1 is specifically used. Therefore, for example, the case where the 1st contractor C1 used the usage different from conditions can be discovered early by such notification.

<About VRM (Vendor Relationship Management)>
With the above configuration, the information processing system 10 preferably configures a VRM under the management of the user.

  FIG. 4 is a schematic diagram illustrating a configuration example of a VRM by the information processing system according to the embodiment of the present invention. As illustrated, the information processing system 10 can manage personal data D1 on the user side by information provided from both the user UR and a company. The information processing system 10 may be applied to PLR (Personal Life Repository) and the like.

  In CRM (Customer Relationship Management) or the like, data such as personal information is managed by a company or the like. On the other hand, in VRM or PLR, data is managed by an individual or a household.

  In addition, with the configuration as described above, use of data related to individuals and the like is easily promoted. Furthermore, it becomes easier for companies to establish a system that gives so-called points or the like as consideration for using data related to individuals. With such a system, it becomes easier for companies to collect information.

<Functional configuration>
FIG. 5 is a functional block diagram showing a functional configuration example of the information processing system according to the embodiment of the present invention. For example, the information processing system 10 has a functional configuration including a reception unit 10F1, a permission unit 10F2, a management unit 10F3, a monitoring unit 10F4, an acquisition unit 10F5, a learning unit 10F6, a protection unit 10F7, and the like. The functional configuration shown in the figure will be described below as an example.

  The reception unit 10F1 performs a reception procedure for receiving a request REQ for use of the data to be disclosed, disclosed, corrected, or used from the external device. For example, the reception unit 10F1 is realized by the communication device 201, the input device 204, or the like.

  The permission unit 10F2 performs a permission procedure for permitting the request REQ when the request REQ received by the reception unit 10F1 satisfies a preset condition CQ. For example, the permission unit 10F2 is realized by the communication device 201, the output device 205, or the like.

  When the permission unit 10F2 permits, the management unit 10F3 outputs a personal data D1 to an external device or performs a management procedure that enables access to the personal data D1 from the external device. For example, the management unit 10F3 is realized by the CPU 200 or the like.

  The monitoring unit 10F4 performs a monitoring procedure for monitoring the use of the personal data D1 by the external device after the permission unit 10F2 permits. For example, the monitoring unit 10F4 is realized by the communication device 201 or the like.

  The acquisition unit 10F5 performs an acquisition procedure for acquiring personal data D1 related to the user UR from both the information processing terminal 101 and the external device. For example, the acquisition unit 10F5 is realized by the communication device 201, the input device 204, or the like.

  The learning unit 10F6 performs a learning procedure for learning the type of protection processing designated when the user operated previously. For example, the learning unit 10F6 is realized by the CPU 200 or the like.

  The protection unit 10F7 performs a protection procedure for performing protection processing on the personal data D1. For example, the protection unit 10F7 is realized by the CPU 200 or the like.

<Effect>
With the functional configuration as described above, the personal data D1 indicating important information such as personal information is protected by the protection process, and leakage due to unauthorized access or the like can be prevented. On the other hand, if a company or the like transmits a request REQ to the receiving unit 10F1, if the condition CQ is satisfied, the company or the like can use the personal data D1 that has been subjected to protection processing with permission from the permission unit 10F2. In this way, companies and the like can easily collect personal information and the like. In addition, since the use of the personal data D1 is monitored by the monitoring unit 10F4 even after the permission, it is possible to prevent the personal data D1 from being used illegally and leaking personal information and the like.

  The configuration of the prior literature is based on the premise that the information processing apparatus that deposits personal information to some extent is a company that can ensure sufficient security. On the other hand, the information processing terminal 101 is often a general personal computer or a PC used at home. In such an information processing apparatus, sufficient security may not be ensured. And there is a person who tries to use personal information illegally. Therefore, when the management apparatus 102 as in the present embodiment is inserted and managed, information leakage or the like can be prevented.

Second Embodiment
Hereinafter, a description will be given focusing on differences from the first embodiment. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals and description thereof is omitted.

<Example of overall configuration>
FIG. 6 is a schematic diagram showing an example of the overall configuration of the information processing system according to the second embodiment of the present invention. For example, in the second embodiment, the information processing system 10 has an overall configuration that further includes a substitute device 106.

  The proxy device 106 has, for example, the hardware configuration shown in FIG. As shown in the figure, the proxy device 106 is an information processing device operated by a proxy ACT.

  The agent ACT is a person different from the user UR and is a lawyer, a tax accountant, a certified public accountant, a judicial scrivener, a social insurance laborer, an administrative scrivener, a minor (miner), or an employee of these offices. That is, the agent ACT is a person who generates a contract document or the like on behalf of the user UR, for example. Therefore, the agent ACT is preferably a qualified person as described above.

  For example, the information processing system 10 according to the second embodiment performs the following overall processing.

<Example of overall processing>
FIG. 7 is a sequence diagram illustrating an example of overall processing by the information processing system according to the second embodiment of the present invention. Compared with the first embodiment, the second embodiment is different in that the processing after step S21 is added. In the following, different processes will be mainly described. As shown in FIG. 6, it is assumed that the personal data D1 is also copied to the first external device 103 with permission.

<Example of sending personal data> (Step S21)
In step S <b> 21, the first external device 103 transmits the personal data D <b> 1 to the proxy device 106. For example, it is assumed that a sales contract or the like is concluded between the user UR and the first trader C1. It is assumed that a contract document or the like needs to be created for the contract. Furthermore, it is assumed that items described in the contract document are items indicated by the personal data D1. In such a case, personal data D1 permitted to be used in advance is transmitted from the first external device 103 to the proxy device 106 as a material for creating a contract document. Note that step S21 may be such that personal data D1 can be viewed from the proxy device 106.

  In addition, the contract is not limited to a sales contract or the like, and may be a contract renewal that has been made in advance. Furthermore, the contract is not limited to a sales contract or the like, and may be any procedure using the personal data D1.

<Example of generating a document based on personal data> (step S22)
In step S22, the proxy device 106 generates a document or the like based on the personal data D1. For example, when the name or the like of the user UR is input to the personal data D1, the proxy device 106 generates a document or the like that describes the name of the user UR. Note that human operations may be involved in the generation of documents and the like.

<Recommend Notification Example> (Step S23)
In step S23, the proxy device 106 notifies the recommendation. That is, the proxy device 106 notifies the user UR that a contract or the like that should be made has occurred. For example, it is assumed that a contract with a contract deadline is made in advance between the user UR and the first trader C1. When the date when the contract expires is approaching, the proxy device 106 notifies the user to generate a document or the like necessary for the procedure for continuing the contract.

  The notification may not be set by the user UR. For example, the user UR sets the proxy device 106 so as to continue with the same contents in advance in the case of updating or the like. In such a case, the proxy device 106 may automatically generate a document or the like based on the personal data D1 without notification.

  Further, the notification may further indicate an incidental contract or a condition that the agent ACT thinks should be accompanied.

<Notification Example of Accepting Recommendation> (Step S24)
In step S <b> 24, the information processing terminal 101 notifies the proxy device 106 of accepting the recommendation. That is, when the user UR approves the contract shown in step S23, the information processing terminal 101 notifies the proxy device 106 to generate a document and make a contract. Note that when there is a request for change or the like, the information processing terminal 101 may further notify the request or the like by the user UR.

<Example of monitoring by proxy device> (step S25)
In step S25, the proxy device 106 monitors the use of the personal data D1. Note that step S25 is not limited to after step S24, and may be performed at another timing.

  For example, the monitoring is a process of performing the same content as step S08 independently of the management apparatus 102. In this way, a so-called double check system in which the monitoring by the management apparatus 102 and the monitoring by the proxy apparatus 106 are performed in duplicate can be achieved. Therefore, even if there is a fraud by the management apparatus 102, a monitoring mistake or a permission mistake, the leakage of personal information or the like can be discovered at an early stage by the monitoring by the proxy apparatus 106. Therefore, such a system can further prevent leakage of personal information and the like.

<Third Embodiment>
FIG. 8 is a schematic diagram illustrating an example of the overall configuration of an information processing system according to the third embodiment of the present invention. For example, in the third embodiment, the information processing system 10 is realized by an information processing apparatus and overall processing having the same hardware configuration as that of the first embodiment.

  Compared with the first embodiment, the data to be monitored is different in the third embodiment.

  Further, the management apparatus 102 also monitors data generated based on the personal data D1 (hereinafter referred to as “derived data D2”).

  The derived data D2 is data generated using personal information of the user UR and the like. For example, the derived data D2 is a material in which personal information of the user UR is described. When such data is derived, the management apparatus 102 monitors the use of the personal data D1. The management apparatus 102 may request a company or the like to add the derived data D2 to the personal data D1. In this way, VRM is easier to realize.

<Other embodiments>
Each device may not be realized by one device. That is, each device may be composed of a plurality of devices. For example, each device may include a plurality of information processing devices and perform each process in a distributed, parallel, or redundant manner.

  Note that all or a part of each processing according to the present invention is described in a low-level language such as an assembler or a high-level language such as an object-oriented language, and may be realized by a program for causing a computer to execute an information processing method. Good. That is, the program is a computer program for causing a computer such as an information processing apparatus or an information processing system to execute each process.

  Therefore, when the information processing method is executed based on the program, the calculation device and the control device included in the computer perform calculation and control based on the program in order to execute each process. In addition, a storage device included in the computer stores data used for processing based on a program in order to execute each processing.

  The program can be recorded and distributed on a computer-readable recording medium. The recording medium is a medium such as a magnetic tape, a flash memory, an optical disk, a magneto-optical disk, or a magnetic disk. Furthermore, the program can be distributed through a telecommunication line.

  As mentioned above, although preferable embodiment of this invention was explained in full detail, this invention is not limited to embodiment etc. which were demonstrated above. Therefore, various modifications or changes can be made to the embodiments within the scope of the gist of the present invention described in the claims.

10 Information Processing System UR User D1 Personal Data D2 Derived Data 101 Information Processing Terminal 102 Management Device 103 First External Device 104 Second External Device 105 Third External Device

Claims (9)

An information processing system having a management device operated by a user and an information processing terminal operated by the user,
An acquisition unit for acquiring personal data relating to the user from the information processing terminal and the external device;
A protection unit for performing a protection process for protecting the personal data;
A learning unit that learns the type of the protection process specified when the user operated previously;
A receiving unit that accepts a request for use of the personal data to be published, disclosed, corrected, or used from the external device, the personal data protected by the protection process;
When the external device satisfies a preset condition, a permission unit that permits the request;
With the permission, a management unit that outputs the personal data to the external device or enables access to the personal data from the external device;
An information processing system including a monitoring unit that monitors use of the personal data by the external device.   The information processing system according to claim 1, wherein the personal data includes personal information of the user.   The information processing system according to claim 1, wherein the monitoring unit further monitors derived data generated based on the personal data or adds the derived data to the personal data.   The information processing system according to any one of claims 1 to 3, wherein a VRM based on the personal data is realized under the management of the user.   The information processing system according to claim 1, wherein the protection unit encrypts at least the personal data with an electronic circuit. A proxy device different from the management device;
The proxy device is:
The information processing system according to claim 1, wherein a document is generated based on the personal data.   The information processing system according to claim 6, wherein the proxy device further monitors the personal data separately from the management device. An information processing method performed by an information processing system having a management device operated by a user and an information processing terminal operated by the user,
An information processing system obtains personal data relating to the user from the information processing terminal and an external device;
A protection procedure in which an information processing system performs a protection process for protecting the personal data;
A learning procedure in which the information processing system learns the type of the protection process specified when the user has operated previously;
An information processing system that receives from the external device a request for use of the personal data to be published, disclosed, corrected, or used for the personal data protected by the protection process;
When the information processing system satisfies a preset condition for the external device, a permission procedure for permitting the request;
When the information processing system has the permission, the management procedure for outputting the personal data to the external device or allowing access to the personal data from the external device;
An information processing method, wherein the information processing system includes a monitoring procedure for monitoring use of the personal data by the external device. A program for causing a computer having a management device operated by a user and an information processing terminal operated by the user to execute an information processing method,
An acquisition procedure in which a computer acquires personal data relating to the user from the information processing terminal and an external device;
A protection procedure in which a computer performs a protection process for protecting the personal data;
A learning procedure in which the computer learns the type of the protection process specified when the user operated previously,
An acceptance procedure for accepting a request for use of the personal data to be published, disclosed, corrected or used by the computer from the external device, the personal data protected by the protection process;
A permission procedure for allowing the request when the computer satisfies a preset condition of the external device;
A management procedure for allowing the computer to output the personal data to the external device or to access the personal data from the external device if the permission is given;
A program for causing a computer to execute a monitoring procedure for monitoring use of the personal data by the external device.

Images