JPWO2016051790A1 - Usage control system, personal information management system, and terminal device - Google Patents

Abstract

The feature amount extraction unit 81 extracts a feature amount of the living body from the biological information acquired by the terminal device. The consent sign extraction means 82 is information acquired together with the biometric information of the person to be erased as identification information for instructing erasure of the person information from the biometric information, and is an agreement sign that is information other than the identification information of the person itself. To extract. The determination means 83 determines whether or not a consent sign has been extracted. When it is determined that the consent sign has been extracted, the control unit 84 cannot use the personal information that matches the extracted biological feature amount with respect to the recording medium that stores the biological feature amount as personal information. Control is performed.

Description

  The present invention relates to a usage control system, a personal information management system, a terminal device, a usage control method, a usage control instruction method, a personal information management method, a usage control program, and a usage control instruction program for controlling registered personal information to an unusable state. And a personal information management program.

  In recent years, in a place where a large number of unspecified persons come and go, these persons are sometimes photographed for the purpose of tracking a suspicious person, investigating traffic, and investigating consumer trends. Further, in order to reduce the amount of data and improve the convenience of data, a person is extracted from the captured image and a feature amount for identifying the person is also stored.

  On the other hand, when the target range of personal information targeted by the Personal Information Protection Law is expanded, not only the actually captured image but also the feature amount represented by a character string or the like may be a target to be protected. In many cases, such feature amounts are not managed in association with other information for identifying an individual such as a name. However, if there is an erasure request from the photographed person, the feature amount needs to be erased. This is because there is a possibility that an individual can be specified by analyzing feature values for a long period of time.

  For example, when there is a request for erasing facial feature data, it is conceivable to acquire the face image of the requester and erase the same facial feature data. However, in this case, a third party different from the person in which the facial feature amount data is registered can use the person's image without permission, and impersonate the person and make an erasure request.

  Patent Document 1 describes a method for allowing only a person who wants to delete personal information registered in a database to be deleted. In the method described in Patent Document 1, when a person's biometric information is registered in advance, and the biometric information matches the biometric information of the person and the biometric information is input in a designated pattern, the registration information of the person is registered. Is deleted.

JP 2007-328590 A

  By using the method described in Patent Document 1, it is possible to prevent impersonation by a third party. However, in the system described in Patent Document 1, in order to specify a person who requests deletion, it is necessary that person specifying information that can be specified from a car license or a health insurance card is registered in advance.

  However, it is not realistic to manage all the person specifying information that may be photographed. For example, when shooting a place where an unspecified number of persons come and go, it is difficult to collect all of the shot person identification information.

  In addition, since it is the individual's right to request the deletion of personal information, it is necessary to appropriately exclude the instruction even when a third party makes an impersonation request by impersonating improperly. Therefore, it is desirable that impersonation can be prevented and personal information of an individual can be controlled in an unusable state even if biometric information as personal identification information is not registered in advance.

  Even if a person who does not want to collect personal information makes a request to delete personal information, even if the biometric information of that person is collected again, the person does not receive a request for deletion again and automatically It is more desirable to be able to control the personal information of the individual so that it cannot be used.

  Therefore, the present invention suppresses reception of an instruction to disable the use of personal information by impersonation, and a usage control system, a personal information management system, a terminal device, a usage control method that can appropriately control the instructed personal information to an unusable state, It is an object to provide a usage control instruction method, a personal information management method, a usage control program, a usage control instruction program, and a personal information management program.

  A usage control system according to the present invention is a usage control system that accepts an instruction that disables the use of personal information from a terminal device, and includes a feature amount extraction unit that extracts a biological feature amount from biological information acquired by the terminal device; , Consent sign extracting means for extracting consent sign that is information acquired together with biometric information of the person to be erased as identification information for instructing erasure of the person information from the biometric information, and is information other than the identification information of the person himself / herself And means for determining whether or not the consent sign has been extracted; and when the consent sign is determined to be extracted, the extracted biometric features with respect to the recording medium that stores the biometric feature quantity as personal information And a control means for performing control that makes it impossible to use personal information that matches the amount.

  Another usage control system according to the present invention is a usage control system that accepts an instruction that disables the use of personal information from a terminal device, and the identification information that instructs to erase personal information from the biological information acquired by the terminal device As an agreement sign extraction means for extracting an agreement sign that is information acquired together with the biometric information of the person to be erased and other than the identification information of the person itself, and a determination means for determining whether or not the consent signature has been extracted When it is determined that the consent sign has been extracted, the use of the personal information that matches the biometric feature amount transmitted together with the instruction from the terminal device to the recording medium that stores the biometric feature amount as the personal information And a control means for performing control to make the operation impossible.

  A terminal device according to the present invention is a terminal device that gives an instruction to a usage control system that performs control to make it impossible to use personal information that matches a feature quantity of a biological body extracted from biological information. Biometric information acquisition means for acquiring information, and information acquired together with the biological information of the person to be erased as identification information for instructing erasure of the person information from the acquired biological information of the person, and the identification information of the person itself The consent sign extracting means for extracting the consent sign which is information other than the information, and when the consent sign is extracted from the biometric information, the biometric information, or the extraction result of the consent sign and the biometric information are transmitted to the usage control system. And a transmission means.

  Another terminal device according to the present invention is a terminal device that gives an instruction to a usage control system that performs control that makes it impossible to use personal information that matches a biological feature, and acquires the biological information of the person. Biometric information acquisition means, feature quantity extraction means for extracting biometric feature quantities from the biometric information, and information acquired from the biometric information together with the biometric information of the person to be erased as identification information for instructing erasure of the personal information. The consent sign extracting means for extracting the consent sign that is information other than the identification information of the person itself, and the transmission for transmitting the extracted biological feature amount to the usage control system when the consent sign is extracted from the biological information. Means.

  A personal information management system according to the present invention includes a terminal device that gives an instruction that makes it impossible to use personal information, and a usage control system that receives an instruction that makes it impossible to use personal information from the terminal device. A biometric information acquisition unit that acquires biometric information of a person, and a transmission unit that transmits the acquired biometric information to the usage control system, and the usage control system extracts a biometric feature amount from the biometric information acquired by the terminal device. A feature amount extraction means, and an identification sign that is information acquired together with the biological information of the person to be erased as identification information for instructing erasure of the person information from the biological information and is information other than the identification information of the person itself Extracting consent sign extraction means, determination means for determining whether or not an consent sign has been extracted, and when it is determined that an consent sign has been extracted, A recording medium for storing as information, and a control means for controlling to disable the use of personal information that matches the characteristic amount of the extracted biometric, comprising the.

  Another personal information management system according to the present invention includes a terminal device that gives an instruction to disable the use of personal information, and a usage control system that receives an instruction to make the use of personal information impossible from the terminal device. Information acquired by the apparatus together with biometric information of a person to be erased as biometric information acquisition means for acquiring biometric information of the person and identification information instructing erasure of the personal information from the acquired biometric information of the person The consent sign extraction means for extracting the consent sign that is information other than the identification information of the person itself, and the biometric information when the consent sign is extracted from the biometric information, or the extraction result of the consent sign and the biometric information, A transmission means for transmitting to the usage control system, wherein the usage control system extracts a feature quantity extracting means for extracting the biometric feature quantity from the received biometric information, and a biometric feature quantity. A recording medium for storing as object information, characterized in that it comprises a control means for controlling to disable the use of personal information that matches the characteristic amount of the extracted biometric.

  Still another person information management system according to the present invention includes a terminal device that gives an instruction that makes it impossible to use person information, and a use control system that receives an instruction that makes it impossible to use person information from the terminal device, The terminal device includes biometric information acquisition means for acquiring biometric information of a person, feature quantity extraction means for extracting biometric feature quantities from the biometric information, and identification information to be erased as identification information for instructing erasure of personal information from the biometric information. Information obtained together with the biometric information of the person and the consent sign extracting means for extracting the consent sign that is information other than the identification information of the person itself, and the extracted biometric when the consent sign is extracted from the biometric information A transmission means for transmitting the feature quantity of the living body to the usage control system, and the usage control system receives the biometric feature received from the recording medium that stores the biometric feature quantity as personal information. Characterized in that it comprises a control means for controlling to disable the use of personal information that matches the characteristic amount.

  Still another person information management system according to the present invention includes a terminal device that gives an instruction that makes it impossible to use person information, and a use control system that receives an instruction that makes it impossible to use person information from the terminal device, A terminal device for acquiring biometric information of a person, a feature amount extracting unit for extracting a biometric feature amount from the acquired biometric information, an extracted biometric feature quantity, and an acquired human biometric feature Transmission information that transmits information to the usage control system. The usage control system is information acquired together with the biological information of the person to be erased from the received biological information of the person as identification information for instructing deletion of the personal information. The consent sign extracting means for extracting the consent sign that is information other than the identification information of the person itself, and whether or not the consent sign is extracted from the received biological information When it is determined that the determination means and the consent sign have been extracted, it is impossible to use the personal information that matches the received biometric feature amount for the recording medium that stores the biometric feature amount as the personal information. Control means for performing control.

  The usage control method according to the present invention is a usage control method that accepts an instruction that disables the use of personal information from a terminal device, and extracts a feature quantity of the biological body from the biological information acquired by the terminal device, and from the biological information, Whether or not the consent sign is extracted by extracting the consent sign, which is information acquired together with the biometric information of the person to be deleted as the identification information for instructing the deletion of the person information, and is information other than the person's own identification information When it is determined that the consent sign has been extracted, it is impossible to use the personal information that matches the extracted biological feature amount with respect to the recording medium that stores the biological feature amount as personal information. Control is performed.

  Another usage control method according to the present invention is a usage control method for accepting an instruction to disable the use of personal information from a terminal device, and identifying information for instructing erasure of personal information from biological information acquired by the terminal device The consent sign that is acquired together with the biometric information of the person to be erased and that is information other than the person's own identification information is determined, whether or not the consent sign is extracted, and the consent sign is extracted When it is determined, control is performed to make it impossible to use personal information that matches the biometric feature amount transmitted together with an instruction from the terminal device with respect to a recording medium that stores the biometric feature amount as personal information. It is characterized by that.

  The usage control instruction method according to the present invention is a usage control instruction method for giving an instruction to a usage control system that performs control to make it impossible to use personal information that matches a feature amount of a biological body extracted from biological information. The information obtained by acquiring the biometric information of the person and the biometric information of the person to be erased as the identification information instructing the erasure of the personal information from the acquired biometric information of the person other than the identification information of the person itself When the consent sign is extracted from the biometric information, the biometric information, or the extraction result of the consent sign and the biometric information are transmitted to the usage control system.

  Another usage control instruction method according to the present invention is a usage control instruction method for giving an instruction to a usage control system that performs control that makes it impossible to use personal information that matches a biological feature, Information is obtained, biometric features are extracted from the biometric information, and is acquired from the biometric information together with the biometric information of the person to be erased as identification information for instructing erasure of the person information. The consent sign which is information other than information is extracted, and when the consent sign is extracted from the biological information, the extracted feature quantity of the living body is transmitted to the usage control system.

  The person information management method according to the present invention acquires a person's biometric information, extracts a biometric feature from the acquired biometric information, and uses the biometric information as identification information for instructing erasure of the person information. When it is determined that the consent sign is extracted by extracting the consent sign that is information acquired together with the biometric information and is information other than the identification information of the person itself, determining whether the consent sign is extracted, Control is performed on a recording medium that stores biometric feature values as personal information so that the use of personal information that matches the extracted biometric feature values is impossible.

  The usage control program according to the present invention is a usage control program applied to a computer that accepts an instruction to disable the use of personal information from a terminal device, and the biological feature amount from the biological information acquired by the terminal device to the computer. A feature sign extraction process for extracting information from the biometric information, which is information acquired together with the biometric information of the person to be erased as identification information for instructing erasure of the person information, and is an information other than the identification information of the person itself A sign processing for extracting a sign, a determination process for determining whether or not a consent sign has been extracted, and a recording medium that stores biometric feature quantities as personal information when it is determined that a consent sign has been extracted. Then, a control process for performing control to make it impossible to use the person information that matches the extracted feature quantity of the living body is executed.

  Another usage control program according to the present invention is a usage control program applied to a computer that accepts an instruction to disable the use of personal information from a terminal device. Consent sign extraction process for extracting consent sign, which is information acquired together with biometric information of a person to be erased as identification information for instructing erasure of information other than the identification information of the person itself, and a consent sign is extracted And the biometric feature transmitted together with the instruction from the terminal device to the recording medium that stores the biometric feature quantity as personal information when it is determined that the consent sign has been extracted. Control processing for performing control to make it impossible to use personal information that matches the amount is executed.

  The usage control instruction program according to the present invention is a usage control applied to a computer that gives an instruction to a usage control system that performs control that makes it impossible to use personal information that matches a feature quantity of a biological body extracted from biological information. An instruction program, which is acquired together with biometric information of a person to be erased as identification information for instructing erasure of personal information from a biometric information acquisition process for acquiring biometric information of a person in a computer. Consent sign extraction process that extracts consent sign that is information other than the person's own identification information, and if the consent sign is extracted from the biometric information, extract the biometric information or consent sign A transmission process for transmitting the result and the biological information to the usage control system is executed.

  Another usage control instruction program according to the present invention is a usage control instruction program applied to a computer that gives an instruction to a usage control system that performs control that makes it impossible to use personal information that matches a biological feature. The biometric information acquiring process for acquiring the biometric information of the person to the computer, the feature quantity extracting process for extracting the biometric feature quantity from the biometric information, and the person to be erased as identification information for instructing the erasure of the personal information from the biometric information Information obtained together with the biometric information of the person, and the consent sign extraction process for extracting the consent sign that is information other than the identification information of the person himself / herself, and when the consent sign is extracted from the biometric information, It is characterized in that a transmission process for transmitting the feature quantity to the usage control system is executed.

  A personal information management program according to the present invention includes a computer for acquiring biometric information of a person, biometric information acquisition processing for extracting biometric feature values from the acquired biometric information, and deleting personal information from the biometric information. Consent sign extraction process for extracting consent sign, which is information acquired together with biometric information of the person to be erased as identification information that indicates information other than the identification information of the person itself, whether or not the consent sign has been extracted When it is determined that a determination process for determining and a consent signature has been extracted, use of personal information that matches the extracted feature value of the living body is performed on a recording medium that stores the feature value of the living body as personal information. A control process for performing the control to be impossible is executed.

  According to the present invention, it is possible to suppress reception of an instruction to disable the use of personal information due to impersonation and appropriately control the instructed personal information to an unusable state.

It is a block diagram which shows the structural example of 1st Embodiment of the person information management system by this invention. It is explanatory drawing which shows the example of the method of controlling a person information to an unusable state. It is explanatory drawing which shows the other example of the method of controlling a person information to an unusable state. It is a sequence diagram which shows the operation example of the person information management system of 1st Embodiment. It is a block diagram which shows the modification of the person information management system of 1st Embodiment. It is a block diagram which shows the structural example of 2nd Embodiment of the person information management system by this invention. It is a sequence diagram which shows the operation example of the person information management system of 2nd Embodiment. It is a block diagram which shows the modification of the person information management system of 2nd Embodiment. It is a block diagram which shows the structural example of 3rd Embodiment of the person information management system by this invention. It is a sequence diagram which shows the operation example of the person information management system of 3rd Embodiment. It is a block diagram which shows the modification of the person information management system of 3rd Embodiment. It is a block diagram which shows the structural example of 4th Embodiment of the person information management system by this invention. It is a sequence diagram which shows the operation example of the person information management system of 4th Embodiment. It is a block diagram which shows the modification of the person information management system of 4th Embodiment. It is a block diagram which shows the structural example of 5th Embodiment of the person information management system by this invention. It is a sequence diagram which shows the operation example of the person information management system of 5th Embodiment. It is a block diagram which shows the modification of the person information management system of 5th Embodiment. It is explanatory drawing which shows the example of a consent sign. It is explanatory drawing which shows the specific example using a utilization stop master. It is a block diagram which shows the outline | summary of the utilization control system by this invention. It is a block diagram which shows the other outline | summary of the utilization control system by this invention. It is a block diagram which shows the outline | summary of the terminal device by this invention. It is a block diagram which shows the other outline | summary of the terminal device by this invention. It is a block diagram which shows the outline | summary of the person information management system by this invention. It is a block diagram which shows the outline | summary of the person information management system by this invention. It is a block diagram which shows the outline | summary of the person information management system by this invention. It is a block diagram which shows the outline | summary of the person information management system by this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

Embodiment 1. FIG.
FIG. 1 is a block diagram showing a configuration example of a first embodiment of a person information management system according to the present invention. The personal information management system of this embodiment includes a terminal device 10, a usage control system 20, and a storage system 30. The usage control system 20 is connected to the terminal device 10 and the storage system 30. The storage system 30 is connected to the person information collection system 40 and stores the person information collected by the person information collection system 40 as needed.

  The person information registration instruction means 41 of the person information collection system 40 detects a person from an image taken by a camera installed in a store, for example, extracts the detected person's feature quantity, and transmits it to the storage system 30. . In the following description, a case where the extracted feature value is a human feature value is exemplified, but the extracted feature value can be said to be a general biological feature value.

  The storage system 30 stores personal information. The person information includes, for example, various information such as the feature amount of the person, the visit time of the person, and the place of visit. That is, the person information can be said to be information that combines the feature quantity of the person and various information (visit time, place of visit, etc.) associated with the feature quantity. The storage system 30 is realized by a general recording medium, for example.

  The storage system 30 includes a person information database 31 (hereinafter referred to as a person information DB 31) and database management means 32 (hereinafter referred to as a DB management means 32). The person information DB 31 stores information (that is, person information) in which a feature amount of a person is associated with various types of information such as a store visit time. That is, the person information DB 31 stores the feature amount of the person transmitted from the person information collection system 40 and information such as the location and time at which the feature amount is collected in association with each other. The contents of the DB management unit 32 will be described later. Examples of the feature amount of a person include a face feature amount and a voiceprint.

  In the present embodiment, the type of data (biological information) that can be acquired by the terminal device 10 and the type of data stored in the storage system 30 (specifically, the feature amount of a person) have asymmetry. . This can be said, for example, that the type of data held by an individual who is a user of the terminal device 10 and the type of data held by a company using the storage system 30 have asymmetry.

  In the present embodiment, it is assumed that there is no correspondence table between data that can be acquired by the terminal device 10 and data stored in the storage system 30. That is, in this embodiment, it is assumed that there is no information that associates biometric information with a person's feature amount.

  The terminal device 10 makes a request to the usage control system 20 to make it impossible to use the personal information registered in the storage system 30. This request includes an erasure request for requesting erasure of personal information registered in the storage system 30, and a request to make the personal information unavailable (that is, stop using) while leaving the personal information. It is. In the following description, a request or an instruction from the terminal device 10 is referred to as an unusable request or an unusable instruction except when processing is performed by distinguishing an erasure request and a use suspension request.

  In the present invention, as identification information (hereinafter referred to as consent sign) indicating consent for disabling personal information, it is information acquired together with biometric information of the person to be erased, Use information other than identification information. There may be one or more consent signs.

  Examples of the biometric information of the person include the appearance of the person and the voice of the person. For example, an image of a person can be acquired as biometric information from an image obtained by photographing the person. In this case, for example, the facial feature amount is identification information of the person, but the consent sign is, for example, a gesture (gesture) performed by the person, a background or a mark acquired together with the person.

  For example, a person's voice can be acquired as biometric information from the voice data. In this case, for example, the voiceprint is identification information of the person, but the consent sign is, for example, a sound effect or back music collected together with the voice, a spoken word, or the like.

  The terminal device 10 issues an instruction to erase personal information using biometric information including a predetermined consent sign or an consent sign specified by another system.

  The terminal device 10 includes a biological information acquisition unit 11 and a transmission unit 12.

  The biometric information acquisition unit 11 acquires biometric information of a person represented by the person information to be deleted from the person information DB 31. Specifically, the biometric information acquisition unit 11 acquires an image or sound of a target person as the biometric information of the person. For example, when acquiring an image of a person, the biological information acquisition unit 11 is realized by a camera, a camera control program, and the like. In this case, the image may be a still image or a moving image. Further, for example, when acquiring the voice of a person, the biometric information acquisition unit 11 is realized by a microphone, a microphone control program, and the like.

  This embodiment demonstrates the case where the biometric information acquisition means 11 acquires a person's image or audio | voice as biometric information. However, the biometric information acquisition unit 11 may acquire a fingerprint or the like as biometric information. The biometric information acquired by the biometric information acquisition unit 11 includes the consent sign described above.

  The transmission unit 12 transmits the biometric information acquired by the biometric information acquisition unit 11 to the usage control system 20 and gives an instruction to make it impossible to use the personal information of the person having the biometric information. Specifically, the transmission unit 12 transmits the biological information including the consent sign to the usage control system 20.

  The usage control system 20 receives an instruction from the terminal device 10 that the personal information cannot be used. The usage control system 20 includes a signature storage unit 21, a signature extraction unit 22, a feature amount extraction unit 23, and a control unit 24.

  The sign storage means 21 stores information indicating the content of the consent sign (hereinafter referred to as consent sign definition information). For example, when a gesture of a person photographed in an image is used as the consent sign, the sign storage unit 21 may store a feature amount indicating the gesture as consent sign definition information. Further, for example, when back music recorded in voice data is used as the consent sign, the sign storage unit 21 may store a feature amount indicating the back music, voice data, and the like as the consent sign definition information.

  The sign extraction means 22 extracts a consent sign from the received biological information. The method by which the sign extraction means 22 extracts the consent sign from the biological information is arbitrary, and a widely known general method is used. For example, the sign extraction unit 22 may extract the consent sign by determining whether the biometric information includes information that matches or is similar to the consent sign definition information stored in the sign storage unit 21.

  The feature amount extraction unit 23 extracts a feature amount of a person from the received biological information. The method by which the feature quantity extraction unit 23 extracts the feature quantity is the same as the method by which the person information collection system 40 extracts the feature quantity. That is, the feature amount extraction unit 23 extracts a feature amount having the same content as the person information stored in the person information DB 31 from the biological information.

  For example, when a person's face feature value is stored as person information in the person information DB 31, the feature value extracting unit 23 detects a person's face part from an image obtained by capturing biometric information, and the person's face is detected from that part. Extract features. The same applies to voice.

  Note that the signature extraction unit 22 or the feature amount extraction unit 23 may determine whether the received biological information includes information on a plurality of persons. If it is determined that the information of a plurality of persons is included, the signature extraction unit 22 or the feature amount extraction unit 23 may stop the subsequent processing. By doing so, it is possible to prevent erasing of personal information of an unintended person, and it is possible to prevent a third party from intentionally erasing the personal information of another person.

  Moreover, the order of the process which extracts a consent sign from the received biometric information and the process which extracts a feature-value is arbitrary. The feature amount extraction unit 23 may extract the feature amount when the consent sign is extracted from the biological information. By performing processing in such an order, unnecessary feature amount extraction processing can be reduced.

  The control means 24 determines whether or not a consent sign has been extracted from the biological information. When the control unit 24 determines that the consent sign has been extracted from the biometric information, the control unit 24 performs control for the storage system 30 to make it impossible to use the personal information that matches the extracted feature amount of the person. . Specifically, the control unit 24 instructs the storage system 30 to delete the personal information or to stop using the personal information as a control that disables the use of the personal information.

  The DB management unit 32 registers the feature amount of the person transmitted from the person information collection system 40 in the person information DB 31 as person information. Further, the DB management unit 32 returns the corresponding person information in response to a search request for person information registered in the person information DB 31. Further, when the DB management unit 32 receives an instruction from the control unit 24 to disable the use of personal information, the personal information that matches the received personal information among the personal information stored in the personal information DB 31 cannot be used. Control to the state.

  Here, controlling the personal information to the unusable state means deleting the personal information itself from the personal information DB 31 and leaving the personal information in the personal information DB 31 so that the personal information cannot be used from other systems. Including. As a method for preventing the personal information from being used, for example, identification information (hereinafter referred to as a use stop flag) indicating that the target personal information is in a use stop state can be set.

  The DB management unit 32 determines whether to delete the person information or to set the use stop state. For example, when it is fixedly set whether to delete the personal information or set to the use suspension state, the DB management unit 32 deletes the person information or sets the use suspension state according to the setting contents. You may decide. Further, the DB management unit 32 may determine whether to delete the personal information or to set the use stop state in response to a request from the terminal device 10. Further, the DB management unit 32 may select whether to delete the personal information or to set the use suspended state according to an arbitrary condition or the like determined on the usage control system 20 side.

  FIG. 2 is an explanatory diagram illustrating an example of a method for controlling the person information to the unusable state. For example, it is assumed that the person information DB 31 stores the person information illustrated in FIG. 2 in the person information master M1. When receiving an instruction to disable the use of the personal information indicated by the feature quantity “1011010101000” from the control means 24, the DB management means 32, as exemplified in the person information master M2 in FIG. It may be deleted.

  Further, as exemplified in the person information master M3 in FIG. 2, the DB management unit 32 may set “1” in the use stop flag of the person information instructed to be unavailable. Thereafter, the DB management unit 32 only needs to exclude the person information in which “1” is set in the use stop flag from the search target and set only the person information in which “0” is set in the use stop flag. .

  In this way, the registered person information itself is not deleted, and the identification information (use stop flag) indicating that the registered person information cannot be used is set in association with the person information, so that the person mistakenly deleted Information can be revived (ie made available).

  In addition, when the DB management unit 32 is requested to register personal information that is the same as or similar to the personal information for which the use stop flag is set to “1”, when the personal information is registered in the personal information DB 31, “1” may be set in the information use stop flag. In this way, even if a person who does not want to collect personal information makes a request to delete personal information, even if the biometric information of that person is collected again, the person receives a request for deletion again. Therefore, the personal information of the individual can be automatically controlled to be unavailable.

  For example, in a scene where a large number of unspecified persons are photographed, personal information of the individual may be collected at another timing even after an erasure request is issued for the personal information of the individual. Sending an erasure request every time a picture is taken is a heavy burden for that individual. However, in the present embodiment, the use stop flag is used, and the person information that cannot be used can be specified. Therefore, the burden on the individual can be reduced and the person information can be controlled to be unavailable.

  In addition, the DB management unit 32 may separately create a master (hereinafter referred to as a “usage stop master”) in which person information to be used from other systems is stopped. FIG. 3 is an explanatory diagram illustrating another example of a method for controlling the person information to the unusable state.

  The DB management unit 32 deletes the person information for which the use prohibition instruction has been received from the person information master M1, and also uses a use stop master M4 (also referred to as an opt-out master M4) that summarizes the features of the deleted person. You may create it. In this way, by creating the use suspension master M4 that summarizes the feature quantities of the person whose use is to be stopped, the use suspension master M4 can be used in other than the person information management system of the present embodiment. You will be able to centrally manage people you don't want to be.

  In addition, by enabling a third party organization or the like to centrally manage such a use suspension master M4, once a person who refuses to use personal information makes an unusable request, other companies are also integrated. It is possible to stop using the person information. For example, once an unusable request is issued, it is possible to prevent the corresponding data from being collected and tracked thereafter.

  Since the feature amount of the person may include noise, the DB management unit 32 has not only a target that completely matches the person information that has been instructed to be unavailable, but also the person information has a certain degree of similarity. The target may be a search, update, or deletion target.

  The biometric information acquisition unit 11 and the transmission unit 12 are realized by a CPU of a computer that operates according to a program (usage control instruction program). For example, the program may be stored in a storage unit (not shown) of the terminal device 10, and the CPU may read the program and operate as the biological information acquisition unit 11 and the transmission unit 12 according to the program. Further, the biometric information acquisition unit 11 and the transmission unit 12 may be realized by dedicated hardware, respectively.

  The sign extraction unit 22, the feature amount extraction unit 23, and the control unit 24 are realized by a CPU of a computer that operates according to a program (usage control program). For example, the program is stored in a storage unit (not shown) of the usage control system 20, and the CPU reads the program and operates as the signature extraction unit 22, the feature amount extraction unit 23, and the control unit 24 according to the program. Also good.

  In addition, the sign extraction unit 22, the feature amount extraction unit 23, and the control unit 24 may each be realized by dedicated hardware. The signature storage means 21 is realized by a memory or a magnetic disk device, for example.

  The DB management unit 32 is realized by a CPU of a computer that operates according to a program (person management program). For example, the program may be stored in a storage unit (not shown) of the storage system 30, and the CPU may read the program and operate as the DB management unit 32 according to the program. The person information DB 31 is realized by, for example, a magnetic disk.

  Next, the operation of the person information management system of this embodiment will be described. FIG. 4 is a sequence diagram showing an operation example of the person information management system of the present embodiment. First, the biometric information acquisition unit 11 of the terminal device 10 acquires biometric information of a person (step S11), and the transmission unit 12 transmits the acquired biometric information to the usage control system 20 (step S12).

  When the usage control system 20 receives the biometric information, the sign extracting unit 22 extracts the consent sign from the received biometric information, and the control unit 24 determines whether or not the consent sign is extracted (step S13). When the consent sign is not included in the biological information (No in step S13), the usage control system 20 ends the process without performing the subsequent processes.

  On the other hand, when the consent sign is included in the biometric information (Yes in step S13), the feature amount extracting unit 23 extracts the feature amount of the person from the biometric information including the consent sign (step S14). Then, the control unit 24 instructs the storage system 30 to make it impossible to use the person information that matches the extracted feature amount of the person (step S15).

  When the storage system 30 receives an instruction that disables the use of personal information, the DB management unit 32 controls the personal information received based on the instruction to an unusable state (step S16). The DB management unit 32 may delete the personal information itself that has been instructed, or may set a use stop flag corresponding to the personal information.

  In this operation example, after it is determined whether or not the biometric information includes the consent sign, the feature amount extraction unit 23 extracts the feature amount of the person from the biometric information. However, the biometric information includes the consent sign. Before the determination, the feature amount extraction unit 23 may extract the feature amount of the person from the biological information.

  As described above, in the present embodiment, the biological information acquisition unit 11 acquires the biological information of a person, and transmits the biological information acquired by the transmission unit 12 to the usage control system 20. Further, the feature quantity extraction unit 23 extracts a person's feature quantity from the biometric information, and the sign extraction unit 22 extracts a consent sign from the biometric information. Then, the control unit 24 determines whether or not the consent sign has been extracted, and if it is determined that the consent sign has been extracted, the control unit 24 stores the personal information that matches the extracted feature amount of the person with respect to the storage system 30. Control to make it impossible to use. Therefore, it is possible to suppress reception of an unusable instruction due to impersonation and appropriately control the instructed person information to an unusable state.

  In the present embodiment, an image including a predetermined mark or an image including a predetermined background can be used as the consent sign. As a result, for example, even an elderly person or a user who has a physical disability and is difficult to perform a predetermined gesture can be instructed to disable use.

  Further, in the present embodiment, an unusable instruction is performed using a captured image or collected audio data. This makes it possible for a user who makes an unusable request to make an unusable request for personal information without going to a predetermined location.

  For example, it is assumed that an individual uses the terminal device 10 of the present embodiment and a company uses the usage control system 20. In this case, in the opt-out application process from the individual to the company, the face image data including the consent sign is sent from the individual to the company.

  Next, a modification of the first embodiment will be described. In the first embodiment, the case where the storage system 30 and the usage control system 20 are realized by different systems has been described. However, the usage control system 20 may include the storage system 30.

  FIG. 5 is a block diagram illustrating a modification of the person information management system according to the first embodiment. The person information management system illustrated in FIG. 5 includes a terminal device 10 and a usage control system 20a. The configuration of the terminal device 10 is the same as that of the first embodiment.

  The usage control system 20a includes a sign storage means 21, a sign extraction means 22, a feature amount extraction means 23, a control means 24a, and a person information DB 31. The contents of the sign storage means 21, the sign extraction means 22, the feature quantity extraction means 23, and the person information DB 31 are the same as those in the first embodiment.

  The control means 24a controls the person information stored in the person information DB 31 so that the person information of the person that matches the extracted feature amount is unavailable. As shown in the first embodiment, the control unit 24a may delete the person information itself from the person information DB 31, and leave the person information in the person information DB 31 and set a use stop flag for the person information. It may be set.

  The control unit 24a is realized by a CPU of a computer that operates according to a program (usage control program), for example.

  As described above, in the present modification, the control unit 24a included in the usage control system 20a puts the person information of the person that matches the extracted feature amount out of the person information stored in the person information DB 31 into an unusable state. Control. Even with such a configuration, the same effects as those of the first embodiment can be obtained.

Embodiment 2. FIG.
Next, a second embodiment of the person information management system will be described. In the first embodiment, the case where the usage control system analyzes whether or not the consent sign is included in the biological information has been described. This embodiment demonstrates the case where a terminal device analyzes whether a consent sign is contained in biometric information.

  FIG. 6 is a block diagram showing a configuration example of the second embodiment of the person information management system according to the present invention. The personal information management system of this embodiment includes a terminal device 10b, a usage control system 20b, and a storage system 30. The storage system 30 is connected to the person information collection system 40. The contents of the storage system 30 and the person information collection system 40 are the same as those in the first embodiment.

  The terminal device 10b includes a biological information acquisition unit 11, a sign extraction unit 13, a transmission unit 12b, and an output unit 14. The contents of the biometric information acquisition unit 11 are the same as those in the first embodiment.

  The sign extraction means 13 extracts a consent sign from the acquired person's biometric information. The method by which the sign extracting unit 13 extracts the consent sign is the same as the method by which the sign extracting unit 22 of the first embodiment extracts the consent sign. The terminal device 10b may include a storage unit (not shown) similar to the signature storage unit 21 of the first embodiment.

  The output means 14 outputs a sine analysis result. Note that the output means 14 may output the consent sign definition information so that the user can grasp the contents of the consent sign. For example, when an image is used for the consent sign, the output unit 14 may display an image indicated by the designated consent sign definition information. When voice is used for the consent sign, the output unit 14 may output the voice indicated by the designated consent sign definition information.

  When the consent sign is extracted from the biological information, the transmitting unit 12b transmits the biological information to the usage control system 20b.

  The usage control system 20 b includes a feature amount extraction unit 23 b and a control unit 24. The contents of the control means 24 are the same as in the first embodiment.

  The feature quantity extraction unit 23b extracts a person's feature quantity from the received biological information. The feature amount extraction method is the same as in the first embodiment.

  The biometric information acquisition unit 11, the sign extraction unit 13, and the transmission unit 12b are realized by a CPU of a computer that operates according to a program (use control instruction program). The feature amount extraction unit 23b and the control unit 24 are realized by a CPU of a computer that operates according to a program (usage control program).

  Next, the operation of the person information management system of this embodiment will be described. FIG. 7 is a sequence diagram illustrating an operation example of the person information management system of the present embodiment. First, the biological information acquisition unit 11 of the terminal device 10b acquires human biological information (step S11). Next, the sign extraction unit 13 extracts a consent sign from the acquired biometric information, and the transmission unit 12b determines whether or not the consent sign is extracted from the biometric information (step S21).

  When the consent sign is not included in the biological information (No in step S21), the terminal device 10b ends the process without performing the subsequent processes. On the other hand, when the consent sign is included in the biological information (Yes in step S21), the transmission unit 12b transmits the acquired biological information to the usage control system 20b (step S12). Thereafter, when the usage control system 20b receives the biological information, the same processing as in steps S14 to S16 in FIG. 4 is performed.

  As described above, in the present embodiment, the biometric information acquisition unit 11 acquires the biometric information of the person, and the sign extraction unit 13 extracts the consent sign from the acquired biometric information of the person. When the consent sign is extracted from the biological information, the transmitting unit 12b transmits the biological information to the usage control system 20b. In addition, the feature amount extraction unit 23b extracts the feature amount of the person from the received biometric information, and the control unit 24 performs control to make it impossible to use the person information that matches the extracted feature amount of the biometric storage system. 30.

  Therefore, the same effect as the first embodiment can be obtained. Moreover, in this embodiment, since the biometric information that does not include the consent sign is not transmitted, unnecessary communication with the usage control system 20b is suppressed.

  Next, a modification of the second embodiment will be described. In the second embodiment, the case where the storage system 30 and the usage control system 20b are realized by different systems has been described. However, similarly to the modification of the first embodiment, the usage control system 20b may include the storage system 30.

  FIG. 8 is a block diagram illustrating a modification of the person information management system according to the second embodiment. The person information management system illustrated in FIG. 8 includes a terminal device 10b and a usage control system 20b '. The configuration of the terminal device 10b is the same as that of the second embodiment.

  The usage control system 20b 'includes a feature amount extraction unit 23b, a control unit 24', and a person information DB 31. The contents of the feature quantity extraction unit 23b and the person information DB 31 are the same as those in the second embodiment. The control unit 24 ′ controls the person information of the person that matches the extracted feature amount among the person information stored in the person information DB 31 to be in an unusable state. Even with such a configuration, the same effect as in the second embodiment can be obtained.

  Next, another modification of this embodiment will be described. In the second embodiment, when the biometric information includes the consent sign, the transmission unit 12b transmits the biometric information including the consent sign to the usage control system 20b. On the other hand, even if the consent sign is not included in the biometric information, the transmission unit 12b may transmit the consent sign extraction result and the biometric information to the usage control system 20b. Then, the feature amount extraction unit 23b may extract the feature amount when receiving the extraction result indicating that the consent sign is included. According to such a configuration, the load on the usage control system side is reduced.

Embodiment 3. FIG.
Next, a third embodiment of the person information management system will be described. In the first embodiment and the second embodiment, the case where the consent sign is determined in advance has been described. In the present embodiment, the case where the consent sign is determined based on a predetermined rule will be described.

  FIG. 9 is a block diagram showing a configuration example of the third embodiment of the person information management system according to the present invention. The personal information management system of this embodiment includes a terminal device 10c, a usage control system 20c, and a storage system 30. The storage system 30 is connected to the person information collection system 40. The contents of the storage system 30 and the person information collection system 40 are the same as those in the first embodiment.

  The terminal device 10 c includes a biological information acquisition unit 11, a sign extraction unit 13, a transmission unit 12 c, and an output unit 14. The contents of the biometric information acquisition unit 11 and the signature extraction unit 13 are the same as those in the second embodiment.

  The transmission unit 12c requests the usage control system 20c for information indicating the contents of the consent sign (that is, consent sign definition information). Similarly to the second embodiment, the transmission unit 12c transmits the biometric information including the consent sign to the usage control system 20c when the biometric information includes the consent sign. In addition, as shown in the modification of 2nd Embodiment, the transmission means 12c may transmit the extraction result of consent sign and biometric information to the usage control system 20c.

  The output unit 14 outputs the consent sign definition information transmitted from the usage control system 20c. The method for outputting the consent sign definition information is the same as in the second embodiment.

  The usage control system 20 c includes a signature storage unit 21, a signature transmission unit 25, a feature amount extraction unit 23 c, and a control unit 24. The contents of the sign storage means 21 and the control means 24 are the same as in the first embodiment. Further, the contents of the feature quantity extracting unit 23c are the same as the feature quantity extracting unit 23b of the second embodiment.

  The sign transmission means 25 determines the consent sign used in the terminal device 10c, and transmits the consent sign definition information indicating the content of the consent sign to the terminal device 10c. The method for determining the consent signature is arbitrary. For example, the consent signature may be determined at random from the consent signature definition information stored in the signature storage means 21. For example, when an image is used as the consent sign, the sign transmission unit 25 may transmit consent sign definition information indicating the content of a predetermined mark, background image, or gesture. For example, when a voice is used as the consent sign, the sign transmission unit 25 may transmit consent sign definition information indicating sound effects, back music sound data, words to be uttered, and the like. Further, the sign transmission unit 25 may transmit the consent sign definition information in response to a request from the terminal device 10c, or may periodically transmit the consent sign definition information to the terminal device 10c.

  The biometric information acquisition unit 11, the sign extraction unit 13, and the transmission unit 12c are realized by a CPU of a computer that operates according to a program (use control instruction program). In addition, the sign transmission unit 25, the feature amount extraction unit 23c, and the control unit 24 are realized by a CPU of a computer that operates according to a program (usage control program).

  Next, the operation of the person information management system of this embodiment will be described. FIG. 10 is a sequence diagram illustrating an operation example of the person information management system of the present embodiment. The sign transmission means 25 transmits the consent sign definition information to the terminal device 10c (step S22). Subsequent processing is the same as in the second embodiment. In step S21, it is determined whether the consent sign specified by the received consent sign definition information is included in the acquired biometric information.

  As described above, in this embodiment, in addition to the configuration of the second embodiment, the sign transmission unit 25 transmits the consent sign definition information to the terminal device 10c. And the signature extraction means 13 extracts the consent signature specified by the consent signature definition information transmitted to the terminal device 10c from biometric information. With such a configuration, an effect similar to that of the second embodiment can be obtained. Furthermore, in this embodiment, since the consent sign definition information is notified from the usage control system 20c to the terminal device 10c, impersonation of a third party can be further suppressed.

  Next, a modification of the third embodiment will be described. In the third embodiment, the case where the storage system 30 and the usage control system 20c are realized by different systems has been described. However, similarly to the modification of the first embodiment, the usage control system 20c may include the storage system 30.

  FIG. 11 is a block diagram illustrating a modification of the person information management system according to the third embodiment. The person information management system illustrated in FIG. 11 includes a terminal device 10c and a usage control system 20c '. The configuration of the terminal device 10c is the same as that of the third embodiment.

  The usage control system 20c 'includes a signature storage unit 21, a signature transmission unit 25, a feature amount extraction unit 23c, a control unit 24', and a person information DB 31. The contents of the signature storage unit 21, the signature transmission unit 25, the feature amount extraction unit 23c, and the person information DB 31 are the same as those in the third embodiment. The contents of the control means 24 'are the same as in the modification of the second embodiment. Even with such a configuration, the same effect as in the third embodiment can be obtained.

  Next, another modification of this embodiment will be described. Similarly to the second embodiment, the transmission unit 12c of the third embodiment also uses the consent sign extraction result and the biometric information to the usage control system 20c even when the biometric information does not include the consent sign. You may send it. And the feature-value extraction means 23c may extract a feature-value, when the extraction result to the effect that the consent sign is included is received. According to such a configuration, the load on the usage control system side is reduced.

Embodiment 4 FIG.
Next, a fourth embodiment of the person information management system will be described. In the personal information management system according to the first to third embodiments, the usage control system performs a feature amount extraction process. In the present embodiment, a case will be described in which feature amount extraction processing is performed by a terminal device.

  FIG. 12 is a block diagram showing a configuration example of the fourth embodiment of the person information management system according to the present invention. The personal information management system of this embodiment includes a terminal device 10d, a usage control system 20d, and a storage system 30. The storage system 30 is connected to the person information collection system 40. The contents of the storage system 30 and the person information collection system 40 are the same as those in the first embodiment.

  The terminal device 10d includes a biological information acquisition unit 11, a signature extraction unit 13, a feature amount extraction unit 15, a transmission unit 12d, and an output unit 14. The contents of the biometric information acquisition unit 11, the sign extraction unit 13, and the output unit 14 are the same as those in the second embodiment.

  The feature amount extraction unit 15 extracts a feature amount of a person from the biological information acquired by the biological information acquisition unit 11. The method for extracting the feature amount of the person from the biological information is the same as the method for extracting the feature amount by the feature amount extraction means 23 of the first embodiment. Similarly to the first embodiment, the order of the process of extracting the consent sign from the acquired biometric information and the process of extracting the feature amount are arbitrary. The feature amount extraction unit 15 may extract the feature amount when the consent sign is extracted from the biological information. By performing processing in such an order, unnecessary processing is reduced.

  When the consent sign is extracted from the biological information, the transmission unit 12d transmits the feature amount of the person extracted from the biological information to the usage control system 20d.

  The usage control system 20d includes control means 24d.

  The control unit 24d controls the storage system 30 to stop using the person information of the person who matches the received feature amount.

  The biometric information acquisition unit 11, the signature extraction unit 13, the feature amount extraction unit 15, and the transmission unit 12d are realized by a CPU of a computer that operates according to a program (usage control instruction program). The control unit 24d is realized by a CPU of a computer that operates according to a program (usage control program).

  Next, the operation of the person information management system of this embodiment will be described. FIG. 13 is a sequence diagram illustrating an operation example of the person information management system of the present embodiment. First, the biometric information acquisition unit 11 of the terminal device 10d acquires biometric information of a person (step S11). Next, the sign extraction unit 13 extracts a consent sign from the acquired biometric information, and the transmission unit 12d determines whether or not the consent sign is extracted from the biometric information (step S21).

  When the consent sign is not included in the biological information (No in step S21), the terminal device 10d ends the process without performing the subsequent processes. On the other hand, when the consent sign is included in the biometric information (Yes in step S21), the feature amount extraction unit 15 extracts the feature amount of the person from the biometric information including the consent sign (step S23). And the transmission means 12d transmits the feature-value extracted from biometric information to the usage control system 20d (step S24).

  When the usage control system 20d receives the feature amount, the control unit 24d instructs the storage system 30 to make it impossible to use the person information of the person who matches the received feature amount (step S25). Thereafter, in the storage system 30, the process of step S16 illustrated in FIG. 4 is performed.

  As described above, in the present embodiment, the biometric information acquisition unit 11 acquires the biometric information of the person, the sign extraction unit 13 extracts the consent sign from the acquired biometric information of the person, and the feature amount extraction unit 15 acquires it. The feature amount of the person is extracted from the obtained biometric information. When the consent sign is extracted from the biological information, the transmission unit 12d transmits the extracted feature amount of the person to the usage control system 20d. Then, the control unit 24d performs control for the storage system 30 to make it impossible to use the person information that matches the received feature amount of the person.

  Therefore, the same effect as the first embodiment can be obtained. In the present embodiment, the terminal device 10d performs the consent sign extraction process and the feature quantity extraction process, and transmits only the extracted feature quantity to the usage control system 20d. The load on the usage control system 20d is reduced.

  For example, it is assumed that an individual uses the terminal device 10 of the present embodiment and a company uses the usage control system 20. In this case, in the opt-out application process from the individual to the company, the facial feature data including the consent sign is sent from the individual to the company.

  Note that the usage control system 20d of this embodiment may include the sign transmission unit 25 of the third embodiment. Then, the terminal device 10d may receive the consent sign definition information from the sign transmission means 25, and extract the consent sign specified from the consent sign definition information received by the sign extraction means 13 from the biological information.

  Next, a modification of the fourth embodiment will be described. In the fourth embodiment, a case has been described in which the storage system 30 and the usage control system 20d are realized by different systems. However, similarly to the modification of the first embodiment, the usage control system 20d may include the storage system 30.

  FIG. 14 is a block diagram illustrating a modification of the person information management system according to the fourth embodiment. The person information management system illustrated in FIG. 14 includes a terminal device 10d and a usage control system 20d '. The configuration of the terminal device 10d is the same as that of the fourth embodiment.

  The usage control system 20d 'includes a control unit 24d' and a person information DB 31. The contents of the person information DB 31 are the same as those in the fourth embodiment. The control unit 24d 'controls the person information stored in the person information DB 31 so that the person information of the person matching the extracted feature amount is unavailable. Even with such a configuration, the same effect as in the fourth embodiment can be obtained.

  Next, another modification of this embodiment will be described. In the fourth embodiment, when the biometric information includes the consent sign, the transmission unit 12d transmits the biometric information including the consent sign to the usage control system 20d. On the other hand, similarly to the second embodiment, the transmitting unit 12d may transmit the consent sign extraction result and the biological information to the usage control system 20d even when the biological information does not include the consent sign. .

Embodiment 5. FIG.
Next, a fifth embodiment of the person information management system will be described. In the personal information management system of the first embodiment, the usage control system performs the consent sign extraction process and the feature amount extraction process. Further, in the person information management system of the fourth embodiment, the terminal device performs consent sign extraction processing and feature amount extraction processing. In the present embodiment, a case will be described in which feature amount extraction processing is performed by a terminal device and consent sign extraction processing is performed by a usage control system.

  FIG. 15 is a block diagram showing a configuration example of the fifth embodiment of the person information management system according to the present invention. The personal information management system of this embodiment includes a terminal device 10e, a usage control system 20e, and a storage system 30. The storage system 30 is connected to the person information collection system 40. The contents of the storage system 30 and the person information collection system 40 are the same as those in the first embodiment.

  The terminal device 10e includes a biological information acquisition unit 11, a feature amount extraction unit 15e, a transmission unit 12e, and an output unit 14. The contents of the biometric information acquisition unit 11 and the output unit 14 are the same as those in the second embodiment.

  The feature quantity extraction unit 15e extracts the feature quantity of the person from the biological information regardless of whether or not the consent sign is included in the biological information. The method for extracting the feature amount of the person from the biological information is the same as the method for extracting the feature amount by the feature amount extraction means 23 of the first embodiment.

  The transmission unit 12e transmits the feature amount extracted from the biological information and the biological information acquired by the biological information acquisition unit 11 to the usage control system 20e.

  The usage control system 20e includes a sign extraction unit 22e and a control unit 24e.

  The sign extraction means 22e analyzes whether or not a consent sign is included in the received biological information. The method for analyzing whether or not the consent sign is included in the received biometric information is the same as the method for analyzing by the sign extracting means 22 of the first embodiment.

  If the consent information is included in the received biometric information, the control unit 24e performs control for the storage system 30 such that the personal information of the person who matches the feature amount received from the terminal device 10e cannot be used. .

  The biometric information acquisition unit 11, the feature amount extraction unit 15e, and the transmission unit 12e are realized by a CPU of a computer that operates according to a program (use control instruction program). The sign extraction unit 22e and the control unit 24e are realized by a CPU of a computer that operates according to a program (usage control program).

  Next, the operation of the person information management system of this embodiment will be described. FIG. 16 is a sequence diagram illustrating an operation example of the person information management system of the present embodiment. First, the biological information acquisition unit 11 of the terminal device 10e acquires the biological information of a person (Step S11). Next, the feature quantity extraction unit 15e extracts a person's feature quantity from the biological information (step S23). And the transmission means 12e transmits the feature-value extracted from biometric information, and the biometric information which the biometric information acquisition means 11 acquired to the utilization control system 20e (step S26).

  The sign extraction unit 22e extracts a consent sign from the received biometric information, and the control unit 24e determines whether or not a consent sign has been extracted (step S13). When the consent sign is not included in the biological information (No in Step S13), the usage control system 20e ends the process without performing the subsequent processes.

  On the other hand, when the consent sign is included in the biometric information (Yes in step S13), the control unit 24e makes it impossible for the storage system 30 to use the personal information that matches the received feature amount of the person. An instruction is given (step S15). Thereafter, in the storage system 30, the process of step S16 illustrated in FIG. 4 is performed.

  As described above, in the present embodiment, the biometric information acquisition unit 11 acquires biometric information of a person, the feature amount extraction unit 15e extracts a human feature amount from the acquired biometric information, and the transmission unit 12e The extracted feature amount of the person and the acquired biological information of the person are transmitted to the usage control system 20e. In addition, the sign extraction unit 22e extracts a consent sign from the received biological information. Then, the control unit 24e determines whether or not the consent sign has been extracted. When it is determined that the consent sign has been extracted, the control unit 24e uses the personal information that matches the received feature amount of the person to the storage system 30. Control to make it impossible.

  Even with such a configuration, the same effects as those of the first embodiment can be obtained. In the present embodiment, since the terminal device 10e performs the feature amount extraction process, the load on the usage control system 20e is reduced.

  Next, a modification of the fifth embodiment will be described. In the fifth embodiment, the case where the storage system 30 and the usage control system 20e are realized by different systems has been described. However, similarly to the modification of the first embodiment, the usage control system 20e may include the storage system 30.

  FIG. 17 is a block diagram illustrating a modification of the person information management system according to the fifth embodiment. The person information management system illustrated in FIG. 17 includes a terminal device 10e and a usage control system 20e '. The configuration of the terminal device 10e is the same as that of the fifth embodiment.

  The usage control system 20e 'includes a sign extraction unit 22e, a control unit 24e', and a person information DB 31. The contents of the sign extraction means 22e and the person information DB 31 are the same as in the fifth embodiment. The control means 24e 'controls the person information of the person who matches the extracted feature amount from the person information stored in the person information DB 31 to an unusable state. Even with such a configuration, the same effects as those of the fifth embodiment can be obtained.

  Next, a specific example using the person information management system of the present invention will be described. FIG. 18 is an explanatory diagram illustrating an example of a consent sign. In the example shown in FIG. 18, a gesture indicating a star mark or goo is designated as the consent sign. In addition, when the biometric information acquisition unit 11 captures biometric information, an agreement sign is displayed.

  In the example shown in FIG. 18A, a message “Please image with stars” is displayed. When the image exemplified in FIG. 18A is taken in this state, it is determined that the consent sign is included, and an instruction to disable the use of personal information of this person is performed.

  Similarly, in the example shown in FIG. 18B, a message “Please image with a goo” is displayed. When the image exemplified in FIG. 18B is taken in this state, it is determined that the consent sign is included, and an instruction to disable the use of personal information of this person is performed. On the other hand, when the image illustrated in FIG. 18C is taken in this state, it is not determined that the consent sign is included, and the unusable request is rejected.

  Next, another specific example using the person information management system of the present invention will be described. FIG. 19 is an explanatory diagram showing a specific example using a use stop master (opt-out master). In the example shown in FIG. 19, the mosaic processing is automatically performed on the video of the person registered in the opt-out master M4 among the persons photographed in the live broadcast. The opt-out master M4 illustrated in FIG. 19 is the same as the opt-out master M4 illustrated in FIG.

  For example, it is assumed that an image I1 of a person is captured live. When this image I1 is transmitted to the television station, the control device 50 extracts the facial feature amount of the person P1 present in the video, and inquires of the opt-out master M4 about the presence or absence of the facial feature amount of the person P1. When person information that matches the face feature amount of the person P1 is registered in the opt-out master M4, the control device 50 performs a mosaic process on the face portion of the person P1. Then, the television station distributes the image I2 that has been subjected to the mosaic process.

  In this way, the television station side (the control device 50) can automatically perform an unusable process (mosaic process) on a person who does not want to use the person information.

  Next, the outline of the present invention will be described. FIG. 20 is a block diagram showing an outline of a usage control system according to the present invention. The usage control system illustrated in FIG. 20 is an instruction (for example, an erasing instruction or a usage stop instruction) that makes it impossible to use personal information (for example, a facial feature quantity or voiceprint) from a terminal apparatus (for example, the terminal apparatus 10). Is a usage control system (e.g., usage control system 20) that receives a feature quantity extraction unit 81 (e.g., a feature quantity) that extracts a biological feature quantity from biological information (e.g., a person's image or voice) acquired by the terminal device. Information obtained from the biometric information together with the biometric information of the person to be erased as identification information for instructing the erasure of the person information, and an agreement sign that is information other than the identification information of the person itself An agreement sign extraction means 82 (for example, the sign extraction means 22) for extracting the same, and a determination means 83 (for example, the control means 24) for determining whether or not an agreement sign has been extracted When it is determined that the signature has been extracted, the recording medium (for example, the storage system 30) that stores the biometric feature amount as personal information is not allowed to use personal information that matches the extracted biometric feature amount. The control means 84 (for example, the control means 24) which performs control to enable is provided.

  With such a configuration, it is possible to suppress reception of an instruction to disable the use of personal information due to impersonation and appropriately control the instructed personal information to an unusable state.

  Further, the usage control system may include a recording medium (for example, the storage system 30 and the person information DB 31) that stores person information. The recording medium includes database management means (for example, DB management means 32, control means 24a) that controls the personal information to an unusable state in response to an instruction that the personal information cannot be used by the terminal device. You may go out.

  As described above, as the control for making the use of the person information impossible, it is possible to prevent the already collected person information from being used in the future by performing the process for deleting the person information. In addition, by setting the collected personal information to a use suspended state, it is possible to make it possible to use the personal information again even when an erasure instruction is mistakenly performed.

  Further, the consent sign extraction unit 82 may extract a predetermined gesture or a predetermined mark as a consent sign from a person image that is biometric information photographed by the terminal device.

  In addition, the usage control system may include a sign transmission unit (for example, a signature transmission unit 25) that transmits consent sign definition information indicating the content of the consent sign to the terminal device. Then, the consent sign extraction unit 82 may extract the consent sign specified by the consent sign definition information transmitted to the terminal device from the biological information transmitted from the terminal device. According to such a configuration, impersonation of a third party can be further suppressed.

  FIG. 21 is a block diagram showing another outline of the usage control system according to the present invention. The usage control system illustrated in FIG. 21 is a usage control system (for example, the usage control system 20e) that accepts an instruction that makes it impossible to use personal information from a terminal device (for example, the terminal device 10e). Consent sign extraction for extracting consent sign, which is information acquired together with biometric information of a person to be erased as identification information for instructing erasure of personal information from the acquired biometric information and is information other than the identification information of the person itself When it is determined that the means 82e (for example, the sign extraction means 22e), the determination means 83e (for example, the control means 24e) for determining whether or not the consent sign has been extracted, and the consent sign has been extracted, Are transmitted together with instructions from the terminal device to a recording medium (for example, the storage system 30) that stores information as personal information. It comprises control means 84e that performs control to not use the personal information that matches the characteristic amount (e.g., control unit 24e) and.

  Even with such a configuration, it is possible to suppress reception of an instruction to disable the use of personal information by impersonation, and appropriately control the instructed personal information to an unusable state.

  FIG. 22 is a block diagram showing an outline of a terminal device according to the present invention. The terminal device illustrated in FIG. 22 gives an instruction to a usage control system (for example, usage control system 20b) that performs control to make it impossible to use personal information that matches the biological feature amount extracted from the biological information. The terminal device (for example, the terminal device 10b) to perform, the biometric information acquisition unit 91 (for example, the biometric information acquisition unit 11) that acquires the biometric information of the person, and the deletion of the personal information from the acquired biometric information of the person The consent sign extraction means 92 (for example, the signature analysis means 13) is a piece of information that is acquired together with the biological information of the person to be erased as the identification information for instructing, and extracts the consent sign that is information other than the identification information of the person itself. ), And when the consent sign is extracted from the biometric information, the biometric information, or the extraction result of the consent sign and the biometric information are transmitted to the usage control system. Transmission means 94 (e.g., transmitting means 12b) and a.

  Even with such a configuration, it is possible to suppress reception of an instruction to disable the use of personal information by impersonation, and appropriately control the instructed personal information to an unusable state.

  Moreover, the transmission means 94 may transmit the acquired biological information to the usage control system when the consent sign is included in the acquired biological information.

  FIG. 23 is a block diagram showing another outline of the terminal device according to the present invention. The terminal device illustrated in FIG. 23 is a terminal device (for example, an instruction) that instructs a usage control system (for example, the usage control system 20d) that performs control to make it impossible to use personal information that matches the biological feature. The terminal device 10d) is a biometric information acquisition unit 91 (for example, biometric information acquisition unit 11) that acquires biometric information of a person, and a feature amount extraction unit 93 (for example, a feature) that extracts a biometric feature amount from the biometric information. Information obtained together with the biometric information of the person to be erased from the biometric information as identification information for instructing erasure of the person information, and an agreement sign that is information other than the identification information of the person itself The consent sign extraction means 92 (for example, the sign analysis means 13) for extracting the feature quantity of the extracted living body when the consent sign is extracted from the biological information. And a transmission means 94d for transmitting (e.g., transmission means 12d) to.

  Even with such a configuration, it is possible to suppress reception of an instruction to disable the use of personal information by impersonation, and appropriately control the instructed personal information to an unusable state.

  24 to 27 are block diagrams showing an outline of the person information management system according to the present invention. The personal information management system illustrated in FIG. 24 issues a terminal device 90 (for example, the terminal device 10) that gives an instruction to disable the use of personal information, and an instruction to make it impossible to use personal information from the terminal device 90. The usage control system 80 (for example, the usage control system 20 and the usage control system 20a) to receive is provided.

  The terminal device 90 includes biometric information acquisition means 91 (for example, biometric information acquisition means 11) that acquires biometric information of a person, and transmission means 94 (for example, transmission means 12) that transmits the acquired biometric information to the usage control system 80. Including.

  The usage control system 80 includes feature amount extraction means 81, consent sign extraction means 82, determination means 83, and control means 84. The contents of the usage control system 80 are the same as those of the usage control system illustrated in FIG.

  The person information management system may include a recording medium (for example, the storage system 30 and the person information DB 31) that stores person information. The recording medium is provided with database management means (for example, DB management means 32, control means 24a) that controls the personal information to an unusable state in response to an instruction that the personal information cannot be used by the terminal device 90. May be included.

  The person information management system illustrated in FIG. 25 includes a terminal device 90b (for example, the terminal device 10b) and a usage control system 80b (for example, the usage control system 20b).

  The terminal device 90 b includes biometric information acquisition means 91, consent sign extraction means 92, and transmission means 94. The content of the terminal device 90b is the same as that of the terminal device illustrated in FIG.

  The usage control system 80b includes a feature amount extraction unit 81b (for example, a feature amount extraction unit 23b) that extracts a feature amount of a living body from received biological information, and a control unit 84. The contents of the control means 84 are the same as the control means 84 illustrated in FIG.

  In addition, the usage control system 80b (for example, the usage control system 20c) may include a signature transmission unit (for example, the signature transmission unit 25) that transmits an agreement sign to the terminal device 90b. And the consent sign extraction means 92 of the terminal device 90b may extract the received consent sign from biometric information.

  The person information management system illustrated in FIG. 26 includes a terminal device 90d (for example, the terminal device 10d) and a usage control system 80d (for example, the usage control system 20d).

  The terminal device 90d includes a biological information acquisition unit 91, a feature amount extraction unit 93, a consent sign extraction unit 92, and a transmission unit 94d. The content of the terminal device 90d is the same as that of the terminal device illustrated in FIG.

  The usage control system 80d performs control for making it impossible to use personal information that matches the received biometric feature with respect to a recording medium (for example, the storage system 30) that stores the biometric feature as personal information. Control means 84d (for example, control means 24d).

  The person information management system illustrated in FIG. 27 includes a terminal device 90e (for example, the terminal device 10e) and a usage control system 80e (for example, the usage control system 20e).

  The terminal device 90e includes a biological information acquisition unit 91, a feature amount extraction unit 93e (for example, a feature amount extraction unit 15e) that extracts a biological feature amount from the acquired biological information, and the extracted biological feature amount and acquisition. A transmission unit 94e (for example, transmission unit 12e) that transmits the biometric information of the person to the usage control system 80e.

  Further, the usage control system 80e includes a consent sign extraction unit 82e, a determination unit 83e, and a control unit 84e. The content of the usage control system 80e is the same as that of the usage control system illustrated in FIG.

  Also with these configurations, it is possible to suppress reception of an instruction to disable the use of personal information due to impersonation, and appropriately control the instructed personal information to an unusable state.

  Although the present invention has been described with reference to the embodiments and examples, the present invention is not limited to the above embodiments and examples. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

  This application claims the priority on the basis of the JP Patent application 2014-199717 for which it applied on September 30, 2014, and takes in those the indications of all here.

10, 10b, 10c, 10d, 10e Terminal device 11 Biometric information acquisition means 12, 12b, 12c, 12d, 12e Transmission means 13 Sign extraction means 14 Output means 15, 15e Feature quantity extraction means 20, 20a, 20b, 20c, 20d , 20e usage control system 21 signature storage means 22, 22e signature extraction means 23, 23b, 23c feature quantity extraction means 24, 24a, 24d, 24e control means 25 signature transmission means 30 storage system 31 personal information DB
32 DB management means 40 Person information collection system 41 Person information registration instruction means I1, I2 Image 50 Controller M4 Opt-out master

Claims (23)

A usage control system that accepts an instruction to disable the use of personal information from a terminal device,
Feature quantity extraction means for extracting the biometric feature quantity from the biometric information acquired by the terminal device;
Consent sign extraction means for extracting, from the biometric information, consent sign that is information acquired together with the biometric information of the person to be erased as identification information for instructing erasure of personal information, and is information other than the identification information of the person itself When,
Determining means for determining whether or not the consent sign has been extracted;
When it is determined that the consent sign has been extracted, control is performed to make it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. And a control means for performing the use control system. A recording medium for storing personal information;
The usage control system according to claim 1, wherein the recording medium includes a database management unit that controls the personal information to an unusable state in response to an instruction that the personal information cannot be used by the terminal device. The usage control system according to claim 1, wherein the consent sign extraction unit extracts a predetermined gesture or a predetermined mark as a consent sign from a person image that is biometric information photographed by the terminal device. Including a sign transmission means for transmitting consent sign definition information indicating the contents of the consent sign to the terminal device,
The consent sign extraction means extracts the consent sign specified by the consent sign definition information transmitted to the terminal device from the biological information transmitted from the terminal device. The usage control system described. A usage control system that accepts an instruction to disable the use of personal information from a terminal device,
Extracted from the biometric information acquired by the terminal device is an agreement sign that is acquired together with the biometric information of the person to be erased as identification information for instructing deletion of the personal information, and is information other than the identification information of the person itself Consent sign extraction means to
Determining means for determining whether or not the consent sign has been extracted;
When it is determined that the consent sign has been extracted, use of personal information that matches the biometric feature amount transmitted together with an instruction from the terminal device to a recording medium that stores the biometric feature amount as personal information And a control means for performing control to make the operation impossible. A terminal device that gives an instruction to a usage control system that performs control to make it impossible to use personal information that matches a feature amount of a biological body extracted from biological information,
Biometric information acquisition means for acquiring biometric information of a person;
From the acquired biometric information of the person, the consent sign that is information acquired together with the biometric information of the person to be erased as identification information instructing erasure of the personal information and is information other than the identification information of the person itself is extracted. Consent sign extraction means;
A terminal device comprising: a transmission unit configured to transmit the biometric information or the extraction result of the biometric sign and biometric information to the usage control system when the consent sign is extracted from the biometric information. The terminal device according to claim 6, wherein the transmission unit transmits the acquired biometric information to the usage control system when the acquired biometric information includes a consent sign. A terminal device that gives instructions to a usage control system that performs control to make it impossible to use personal information that matches a feature quantity of a living body,
Biometric information acquisition means for acquiring biometric information of a person;
Feature amount extraction means for extracting a feature amount of a living body from the biological information;
Consent sign extraction means for extracting, from the biometric information, consent sign that is information acquired together with the biometric information of the person to be erased as identification information for instructing erasure of personal information, and is information other than the identification information of the person itself When,
A terminal device, comprising: a transmission unit configured to transmit the extracted feature quantity of the living body to the usage control system when the consent sign is extracted from the biological information. A terminal device that gives an instruction to make it impossible to use personal information;
A usage control system that accepts an instruction to disable the use of personal information from the terminal device,
The terminal device
Biometric information acquisition means for acquiring biometric information of a person;
Transmitting means for transmitting the acquired biological information to the usage control system,
The usage control system includes:
Feature quantity extraction means for extracting the biometric feature quantity from the biometric information acquired by the terminal device;
Consent sign extraction means for extracting, from the biometric information, consent sign that is information acquired together with the biometric information of the person to be erased as identification information for instructing erasure of personal information, and is information other than the identification information of the person itself When,
Determining means for determining whether or not the consent sign has been extracted;
When it is determined that the consent sign has been extracted, control is performed to make it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. A personal information management system comprising a control means for performing the control. A terminal device that gives an instruction to make it impossible to use personal information;
A usage control system that accepts an instruction to disable the use of personal information from the terminal device,
The terminal device
Biometric information acquisition means for acquiring biometric information of a person;
From the acquired biometric information of the person, the consent sign that is information acquired together with the biometric information of the person to be erased as identification information instructing erasure of the personal information and is information other than the identification information of the person itself is extracted. Consent sign extraction means;
A transmission means for transmitting the biometric information when the consent sign is extracted from the biometric information, or the extraction result of the consent sign and the biometric information to the usage control system,
The usage control system includes:
Feature quantity extraction means for extracting the biometric feature quantity from the received biometric information;
Personal information, comprising: a control unit that performs control for making it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. Management system. The usage control system includes sign transmission means for transmitting consent sign definition information indicating the contents of the consent sign to the terminal device,
The personal information management system according to claim 10, wherein the consent sign extraction unit of the terminal device extracts the consent sign specified by the received consent sign definition information from the biological information. A terminal device that gives an instruction to make it impossible to use personal information;
A usage control system that accepts an instruction to disable the use of personal information from the terminal device,
The terminal device
Biometric information acquisition means for acquiring biometric information of a person;
Feature amount extraction means for extracting a feature amount of a living body from the biological information;
Consent sign extraction means for extracting, from the biometric information, consent sign that is information acquired together with the biometric information of the person to be erased as identification information for instructing erasure of personal information, and is information other than the identification information of the person itself When,
A transmission means for transmitting the extracted feature quantity of the living body to the usage control system when the consent sign is extracted from the biological information;
The usage control system includes:
A personal information management system comprising: a control unit that performs control for making it impossible to use personal information that matches a received biometric feature with respect to a recording medium that stores the biometric feature as personal information . A terminal device that gives an instruction to make it impossible to use personal information;
A usage control system that accepts an instruction to disable the use of personal information from the terminal device,
The terminal device
Biometric information acquisition means for acquiring biometric information of a person;
Feature quantity extraction means for extracting the feature quantity of the living body from the acquired biological information;
Transmitting means for transmitting the extracted feature quantity of the living body and the acquired biological information of the person to the usage control system,
The usage control system includes:
Consent to extract consent sign, which is information acquired together with the biometric information of the person to be erased as the identification information for instructing the erasure of personal information from the received biometric information of the person and is information other than the identification information of the person itself Sign extraction means;
A determination means for determining whether or not a consent sign is extracted from the received biometric information;
When it is determined that the consent sign has been extracted, control is performed to disable use of personal information that matches the received biometric feature with respect to a recording medium that stores the biometric feature as human information. A personal information management system comprising a control means. A usage control method for accepting an instruction to disable use of personal information from a terminal device,
Extracting biological features from the biological information acquired by the terminal device,
From the biometric information, extract the consent sign that is information acquired together with the biometric information of the person to be erased as identification information instructing erasure of the personal information and is information other than the identification information of the person itself,
Determine whether the consent sign has been extracted;
When it is determined that the consent sign has been extracted, control is performed to make it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. The usage control method characterized by performing. A usage control method for accepting an instruction to disable use of personal information from a terminal device,
Extracted from the biometric information acquired by the terminal device is an agreement sign that is acquired together with the biometric information of the person to be erased as identification information for instructing deletion of the personal information, and is information other than the identification information of the person itself And
Determine whether the consent sign has been extracted;
When it is determined that the consent sign has been extracted, use of personal information that matches the biometric feature amount transmitted together with an instruction from the terminal device to a recording medium that stores the biometric feature amount as personal information The usage control method is characterized by performing control to make it impossible. A usage control instruction method for instructing a usage control system that performs control that makes it impossible to use personal information that matches a feature amount of a biological body extracted from biological information,
Get the biometric information of the person,
Extracted from the acquired biometric information of the person is an agreement sign that is acquired together with the biometric information of the person to be erased as identification information for instructing deletion of the personal information and is information other than the identification information of the person itself ,
When the consent sign is extracted from the biometric information, the biometric information, or the extraction result of the consent sign and the biometric information are transmitted to the usage control system. A usage control instruction method for instructing a usage control system that performs control that makes it impossible to use personal information that matches a biological feature,
Get the biometric information of the person,
Extracting biological features from the biological information,
From the biometric information, extract the consent sign that is information acquired together with the biometric information of the person to be erased as identification information instructing erasure of the personal information and is information other than the identification information of the person itself,
When the consent sign is extracted from biological information, the extracted feature quantity of the living body is transmitted to the usage control system. Get the biometric information of the person,
Extract biometric features from the acquired biometric information,
From the biometric information, extract the consent sign that is information acquired together with the biometric information of the person to be erased as identification information instructing erasure of the personal information and is information other than the identification information of the person itself,
Determine whether the consent sign has been extracted;
When it is determined that the consent sign has been extracted, control is performed to make it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. A personal information management method characterized by: A usage control program applied to a computer that accepts an instruction to disable the use of personal information from a terminal device,
In the computer,
A feature amount extraction process for extracting a feature amount of a living body from biological information acquired by the terminal device;
Consent sign extraction processing for extracting consent sign, which is information acquired together with biometric information of a person to be erased as identification information for instructing erasure of personal information from the biometric information and is information other than the identification information of the person himself / herself ,
A determination process for determining whether or not the consent sign has been extracted; and
When it is determined that the consent sign has been extracted, control is performed to make it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. Use control program to execute the control process to be performed. A usage control program applied to a computer that accepts an instruction to disable the use of personal information from a terminal device,
In the computer,
Extracted from the biometric information acquired by the terminal device is an agreement sign that is acquired together with the biometric information of the person to be erased as identification information for instructing deletion of the personal information, and is information other than the identification information of the person itself Consent sign extraction process,
A determination process for determining whether or not the consent sign has been extracted; and
When it is determined that the consent sign has been extracted, use of personal information that matches the biometric feature amount transmitted together with an instruction from the terminal device to a recording medium that stores the biometric feature amount as personal information A usage control program for executing control processing that makes control impossible. A usage control instruction program applied to a computer that gives instructions to a usage control system that performs control that makes it impossible to use personal information that matches a biological feature extracted from biological information,
In the computer,
Biometric information acquisition processing for acquiring biometric information of a person,
From the acquired biometric information of the person, the consent sign that is information acquired together with the biometric information of the person to be erased as identification information instructing erasure of the personal information and is information other than the identification information of the person itself is extracted. Consent sign extraction process, and
A usage control instruction program for executing a transmission process for transmitting the biometric information, or the extraction result of the consent sign and the biometric information to the usage control system when the consent sign is extracted from the biometric information. A usage control instruction program applied to a computer that gives instructions to a usage control system that performs control that makes it impossible to use personal information that matches a biological feature,
In the computer,
Biometric information acquisition processing for acquiring biometric information of a person,
A feature amount extraction process for extracting a feature amount of a living body from the biological information;
Consent sign extraction processing for extracting consent sign, which is information acquired together with biometric information of a person to be erased as identification information for instructing erasure of personal information from the biometric information and is information other than the identification information of the person himself / herself ,and,
A usage control instruction program for executing a transmission process of transmitting the extracted feature quantity of the biological body to the usage control system when the consent sign is extracted from the biological information. On the computer,
Biometric information acquisition processing for acquiring biometric information of a person,
Feature amount extraction processing for extracting feature values of a living body from acquired biological information;
Consent sign extraction processing for extracting consent sign, which is information acquired together with biometric information of a person to be erased as identification information for instructing erasure of personal information from the biometric information and is information other than the identification information of the person himself / herself ,
A determination process for determining whether or not the consent sign has been extracted; and
When it is determined that the consent sign has been extracted, control is performed to make it impossible to use personal information that matches the extracted biological feature amount with respect to a recording medium that stores the biological feature amount as personal information. A person information management program for executing the control processing to be performed.

Images