JP2002132721A - Method and system for providing service and recording medium recording service providing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a service, for which personal information is utilized, while protecting the privacy of an individual. SOLUTION: An individual client 11 holds a profile composed of individual specification information (address) B1 and contents B2 of the information. A broker server 12 can know only the contents B2 and based on these contents, a service requested from a service provider is transmitted to an optimal individual client. A supervisor server 13 can know only the address B1 and mediates the negotiation of the supervisor server 13 and the broker server 12. An executor server 14 can know only the address B1 and performs the provision and settlement of the service.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a service providing method and system using personal information of an individual.

[0002]

2. Description of the Related Art In a conventional service providing system, for example, when a personal information use policy is presented on a homepage and it is stated that the user accepts it, personal information is transmitted from a personal PC to a partner server. At this time, the transmitted personal information includes a name, an address, and the like, which are information that can identify the individual, and information about the individual, for example, preference, action history, and the like.

FIG. 21 shows a model of personal information. Using personal information as a “profile”, the information is divided into personal specific information (address) and personal information (content).

FIG. 22 shows a conceptual diagram of a conventional service using personal information.

[0005] The individual client 61 holds a profile composed of personal identification information (address) A1 and information contents (contents) A2. The individual who desires the service transmits the profile 64 to the mediation server 62.
On the other hand, the service provider client 63 transmits to the mediation server 62 the condition of the partner who wants to provide the service and, in some cases, the service itself 65. Mediation server 6
In step 2, the two are matched and the service 66 is provided to the individual client 61.

In the conventional service shown in FIG. 22,
The mediation server 62 has both the personal identification information A1 and the information content A2, which constitute a personal profile.

[0007] The P3P standard of the personal information utilizing technology under consideration at present is a system in which an individual can decide whether or not to provide personal information according to the individual's credibility with respect to a website. Websites that comply with this method describe and maintain a privacy protection policy in a predetermined format in advance, present the privacy policy when a user visits the site, and, if the user accepts the conditions, Personal information is provided to the site.

[0008]

However, such a conventional system has the following problems.

1. The service provider can acquire both the personal specific information (name, address, mail address, etc.) and the content of personal information (preference, behavior history, purchase history, etc.). It cannot technically prevent the use of personal information for purposes contrary to the will of the individual.

[0010] 2. The service provider must pay a great deal of effort in handling the personal information held. For example, protection of the contents of the personal information to be held, update, appropriateness at the request of the individual, etc. In other words, regarding the handling of personal information once provided, there is no other way to expect the other party to comply with the usage policy, and there is a possibility that the personal information may be used unintentionally as a practical matter. In fact, individuals refuse to provide their personal information due to such concerns, and the efficiency and convenience brought about by using personal information have not been realized.

An object of the present invention is to provide a service providing method and system for providing a service using personal information while protecting the privacy of an individual, and a recording medium recording a service providing program.

[0012]

According to the present invention, first, personal information is separated into specific information specified by the individual and content information which is the content of the information. In the system, an auditor server, a broker server, and an executor server are interposed between the individual client and the service provider. Auditor server is a server that can know only specific information of individuals,
Mediates negotiations between individual clients and broker servers. At this time, the individual identification information is converted into temporary identification information and passed to the broker server, thereby making it impossible for the broker server to identify the individual. The broker server is a server capable of knowing only the content information of the individual client, performs marketing, and associates the service requested by the service provider with the content information (temporary specific information) matching the service. The executor server is a server capable of knowing only individual specific information, and converts temporary specific information sent from the broker server into individual specific information,
Perform service provision to the appropriate individuals.

[0013] Therefore, the service provider cannot acquire both the specific information of the individual and the contents of the personal information, and cannot use the personal information for a use contrary to the will of the individual. In addition, the service provider must be provided with personal information from the individual in providing the service, and does not hold the personal information, so that the labor required to pay for personal information is reduced.

[0014]

Next, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a configuration diagram of a service providing system according to an embodiment of the present invention. The present system can know only the individual client 11 holding a profile composed of personal identification information (address) B1 and information content (content) B2, and the content B2, and from the service provider 16 based on it. An broker server 12 that transmits the requested service to the optimal individual client, and an auditor server 13 that can know only the address B1 and mediates negotiations between the individual client 11 and the broker server 12.
And an address B1, and an executor server 14 for providing and paying for services, and a certification authority server 15
It is composed of

The auditor server 13 and the executor server 14 can know only the address B1, and convert the address B1 into a temporary address. The broker server 12 receives the temporary address from the auditor server 13 and
Marketing is performed based on B2, and an information usage fee and a temporary address are passed to the executor server 14 according to the service and service conditions. The executor server 14 converts the temporary address to the original address, and passes the information usage fee to the individual client 11 depending on the service and conditions. As described above, in the present system, only the individual client 11 can know the personal identification information (address) B1 and the content (content) B2 of the information at the same time, and the auditor server 13 and the executor server 14 use the used encryption. Content
B2 cannot be known, and the broker server 12 cannot also know the address B1. Here, a one-time use method of personal information is realized, and the personal client 1
1 can control how the information is used in every case.

As shown in FIG. 2, the auditor server 13 includes a data receiving unit 21, a data transmitting unit 22, an ID converting unit 23 for converting an address of an individual, an address DB 24, and a policy for searching for a desired policy. A selection unit 25, a policy DB 26 for storing the collected personal policies, a negotiation unit 27 for providing a place for negotiations, and a negotiation DB 28 for recording the results of the negotiations
And encryption / signature / data encryption / signature / authentication
An authentication unit 29 is provided.

As shown in FIG. 3, the executor server 14 includes a data receiving unit 31, a data transmitting unit 32, a negotiation DB 33 in which a result of the negotiation is recorded, and an encryption for performing data encryption, signature, and authentication. It has a signature / authentication unit 34.

As shown in FIG. 4, the personal client 11
Is a data receiving unit 41, a data transmitting unit 42, a negotiation DB 43 in which the result of the negotiation is recorded, a personal information DB 44 in which personal information is recorded, and an encryption / signature / data encryption / signature / authentication unit. An authentication unit 45 is provided.

As shown in FIG. 5, the broker server 15 includes a data receiving unit 51, a data transmitting unit 52, a negotiation DB 53 in which a result of negotiation is recorded, and an encryption / signature for performing data encryption, signature, and authentication. It has a signature / authentication unit 54.

First Embodiment Next, FIGS. 6 to 10 show sequence diagrams of the present system.

Encryption and signature in this system are performed using a public key cryptosystem unless otherwise specified. 6 to 1
At 0, En # A () indicates that the parentheses are to be encrypted with the secret key of A, and Sig # A () indicates that the parentheses are to be digitally signed with the secret key of A. The abbreviation of the nth individual is P # n, the CA server 15 is CA, the auditor server 13 is Su, the executor server 14 is Ex, the nth broker server 12 is Br # n, and the advertiser 16 is Co. , Respectively. The arrow between the members indicates the direction of the message.

In FIG. 6, all members are authenticated by the certificate authority server 15, and a public key and a secret key in the public key cryptosystem are generated.

A: The auditor server 13 goes around the personal client 11 and collects policies indicating disclosure policies for information of each category (step 10).
1). Based on this, the number Pn # ID corresponding to the n-th individual client and the individual's policy are transferred to the auditor server 1.
3 in the policy database 26 (step 10).
2). On the other hand, the broker server 12 that has received the request for the marketing research from the advertiser (step 103) makes a marketing plan and determines a category in which necessary information is present (step 104).

B: The broker server 12 requests the individual client 11 having a policy to open the required category to the auditor server 13 (step 105). Upon receiving the request from the broker server 12, the auditor server 13 searches the database 26 for an individual having a suitable policy (step 106).
After the ID is converted (provisional ID is generated), the provisional ID is returned to the broker server 12 together with the policy list and the contract number (step 107), and is recorded in the own database 26 (step 108).

In FIG. 7, C: the broker server 12 sends the converted ID (temporary ID), contract number, and negotiating agent of the individual client 11 to negotiate to the auditor server 13 (step 1).
11).

The auditor server 13 calls the requested individual client 11 for negotiation (step 112). The individual client 11 sends the ID and the negotiation agent to the auditor server 13 (step 113). The negotiation agent transmitted from the individual client 11 and the negotiation agent transmitted from the broker server 12 negotiate to determine a price (step 114). We decide two prices in this negotiation. There are two types, "amount to be paid to a person having the content requested by the broker server 12" and "amount to pay to a person who does not".

D: With respect to the collective negotiation, the auditor server 13 transmits the contract number and the price to the individual client 11 and the broker server 12 (steps 115 and 11).
6). The result of the negotiation (the ID of the negotiation creator, the temporary ID, the price,
The auditor server 13 transmits the contract number) to the executor server 14 (step 117). The broker server 12 transmits the temporary ID, price, and contract number of the bargaining party to the executor server 14 (step 118). Individual client 11
Sends the contract number, price and broker name to the executor server 14 (step 119). The executor server 14 collates the contents sent from the auditor server 13, the broker server 12, and the individual client 11, and records the contents in the own database 33 if the contents match (step 12).
0).

In FIG. 8, E: the individual client 11 generates a bit trust from the content to be transmitted to the broker server 12 by the bit trust method, and uses the secret key of the shared key cryptosystem used for the return from the broker server 12. A key "Temp_Key" is generated, and both are encrypted with the contract number using the public key of the broker server 12 and transmitted to the auditor server 13 together with the contract number (step 121). After converting the ID (step 122), the auditor server 13 transmits the ID to the broker server 12 (step 123).

F: The broker server 12 encrypts the content of the desired category and the contract number with the secret key “Temp_Key” of the shared key cryptosystem, and transmits it to the auditor server 13 (step 124). After converting the ID, the auditor server 13 transmits the desired content to the individual client 11 (step 125).

In FIG. 9, G: the individual client 11 decrypts the content and the contract number with the secret key "Temp # Key", reads the desired content of the broker server 12, and if the content matches the content of the client, the bit entrustment method. If the keys do not match, the key is encrypted with the public key of the broker server 12 together with the contract number, and then transmitted to the auditor server 13 with the contract number (step 131). After converting the ID, the auditor server 13 transmits the ID to the broker server 12 (step 1).
32). The broker server 12 opens the transmitted bit commission and confirms whether the content is the one desired and the content (step 133).

As a result, the content is transferred to the broker server 12 in a manner that cannot identify an individual, and the
No. 3 is as difficult to know the content as the encryption strength.

In FIG. 10, H: the broker server 12 transmits the personal client 11 to which the advertisement is to be transmitted, the contract number, and the advertisement to the executor server 14 (step 141). The executor server 14 transmits the converted advertisement to the personal client 11 (step 142). In some cases, "Temp # Key" encrypts the advertisement. Further, the information fee from the broker server 12 is transferred to a personal account or the like. The actor server 14 confirms that all existing contracts are fulfilled, so that the auditor server 13 creates a fake individual,
Prevent the estimation of the content of real individuals.

FIGS. 11 and 12 are flowcharts showing the processing of the inspector server 13 in the sequence diagrams of FIGS.

First, authentication is performed by the certificate authority server 14,
A public key is registered (step 201). The policy is received from the individual client 11 (step 202).

The encryption / signature / authentication unit 24 determines whether or not the individual client is a known individual client (step 203). If the individual client is not a known individual client, an individual public key is obtained from the certificate authority server 15 (step 20).
4), authenticate the individual (step 205). Next, the policy selection unit 25 searches the policy DB 26 to determine whether the received policy is the latest (step 206). If not the latest, after updating the policy DB 26 (step 20)
7) Wait (step 208).

The data receiving unit 21 receives a request for a policy conformer from the broker server 12 (step 21).
1). The encryption / signature / authentication unit 29 uses the broker server 1
2 is a known broker server (step 2
12) If it is not a known broker server 12, obtain the public key of the broker from the certificate authority server 15 (step 213), and then authenticate the broker (step 214).
Next, the policy selection unit 25 extracts policy conformers from the policy DB 26 (step 215). Next, the ID conversion unit 23
Converts the personal ID into a temporary ID using a random number or the like, and records the correspondence in the address DB 24 (step 21).
6). Next, the negotiation section 27 stores the contract number x in the negotiation DB 28,
The usage method, personal number (ID), and temporary personal number (temporary ID) are recorded (step 217). Next, the encryption / signature / authentication unit 24 sends the temporary ID, the contract number x, and the policy to the auditor server 13.
Digital signature, encrypted with the public key of the broker server 12,
The data is transmitted to the broker server 12 (step 218).

The data receiving section 21 receives a request from a negotiation partner from the broker server 12 (step 22).
0). First, the broker server 12 is authenticated and a negotiation agent is received (step 221). Next, Negotiator 2
7 searches the negotiation DB 28 for the contract number x and the temporary ID (step 222). Next, it requests negotiation of the personal ID with the personal client 11 via the data transmitting unit 22 (step 223). It temporarily waits for a reply from the personal client 11 (steps 224, 225). After authenticating the individual client 11 and receiving the negotiation agent (step 226), the negotiation unit 27 audits the negotiation of the price between the individual client 11 and the broker server 12 (step 227). Here, two types of prices are determined. It is determined whether the negotiation has been agreed (step 229), and if not, "negotiation failed" is transmitted to the individual client 11, the broker server 12, and the executor server 14 (step 228). If the negotiations are agreed, the negotiation unit 27 determines the contract number y, the method of use (accessing the individual directly based on the content information, using as statistical data), the ID,
The temporary ID, price, and broker name are recorded in the negotiation DB 28 (step 230).

The data transmission unit 22 includes a contract number y, a temporary ID,
The price is transmitted to the broker server 12, the contract number, the price, the broker name, and the requested category are transmitted to the individual client 11, the contract number y, the usage method, the ID, the temporary ID, the price, and the broker name to the executor server 14 ( Step 23
1).

When a reply is received from the individual client 11,
The individual is authenticated by the encryption / signature / authentication unit 29 and the negotiation unit 27
Searches the negotiation DB 28 from the ID to see if there is negotiation with the contract number of the individual client and the broker name from the ID,
In step 3, the ID is replaced with the temporary ID and transmitted from the data transmission unit 22 to the broker server 12 (steps 241 to 243).

When a reply is received from the broker server 12, the broker server 12 is authenticated by the encryption / signature / authentication unit 29, and the negotiation unit 27 uses the contract number y and the temporary ID to negotiate the negotiation DB 28
The ID conversion unit 23 replaces the temporary ID with the ID and transmits the ID to the personal client 11 from the data transmission unit 22 (steps 244 to 246). When a reply is received from the personal client 11, the personal client 11 is authenticated by the encryption / signature / authentication unit 29, the negotiation unit 27 searches the negotiation DB 28 from the contract number y and the temporary ID, and the ID conversion unit 23 outputs the temporary ID. The replacement is transmitted to the broker server 12 (steps 247 to 247).
249).

FIG. 13 is a flowchart showing the processing of the executor server 14.

Upon receiving authentication from the certificate authority server 14, the public key is registered (step 251). Waiting for negotiation records from the auditor server 13, the individual client 11, and the broker server 12, the encryption / signature unit 34 confirms the consistency of all the three negotiation records (steps 252 to 254). If there is a match, they are recorded in the negotiation DB 33 and the broker server 1
2 and waits for transmission (step 255). If there is no consistency, the auditor server 13, the individual client 11,
The invalidation of the negotiation is notified to the broker server 12 (step 256).

When there is an incoming call from the broker server 12,
The encryption / signature unit 34 authenticates the broker server 12 (step 262), and searches the negotiation DB 33 from the contract number y and the temporary ID (step 263). If there is negotiation record, temporary ID is ID
, And transmits the contract number and the advertisement to the personal client 11 (step 264).

FIG. 14 is a flowchart showing the processing of the personal client 11.

Upon receiving authentication from the certificate authority server 15, the public key is registered (step 271).

The policy is registered in the auditor server 13 (step 272).

It is determined whether an individual ID and a request from a negotiation agent are received from the auditor server 13 (step 2).
73). If not received, the invalidation is notified to the auditor server 13 (step 274). If you receive a request,
The personal ID and the negotiation agent are transmitted to the auditor server 13 (step 275).

Next, it is determined whether the result of the negotiation (contract number, price, request category, broker name) is received from the auditor server 13 (step 276). If not received, the invalidation is notified to the auditor server 13 (step 2).
77). If the reception is accepted, the contract number, price, category, and broker name are recorded in the negotiation DB 43 (step 278). The contract number y, price, and broker name are transmitted to the executor server 14 (step 279).

A key used for bit entrustment is generated, a bit entrustment is generated from the contents of the requested category by the bit entrustment method, a temporary shared secret key “Temp_Key” to be passed to the broker server 12 is generated, "Temp # Ke
y ", the contract number y is encrypted with the public key of the broker server 12, and transmitted to the auditor server 13 together with the contract number (step 280). These are recorded in the negotiation DB 43, and the transmission from the executor server 14 is waited (step 281). The contract number y and the reply from the broker server 12 are received from the executor server 14, and it is determined whether there is a contract corresponding to the contract number y in the negotiation DB 43 (step 282). If not, discard it (step 283). If so, the reply (contract number y, desired content encrypted with the shared secret key) from the broker server 12 is decrypted (step 28).
4). If the content desired by the broker server 12 is the same as its own content, the key of the bit consignment and the contract number y are encrypted with the public key of the broker server 12, and the contract number y
To the auditor server 13 and the negotiation DB 4
3 (steps 285, 286). If the desired content of the broker server 12 is not the same as its own content, it is "different from the desired content" and the contract number y is encrypted with the public key of the broker server 12 and transmitted to the auditor server 13 together with the contract number y. And records it in the negotiation DB 43 (Step 287).

The contract number y and the service are received from the executor server 14, and it is determined whether or not there is a contract corresponding to the contract number y in the negotiation DB 43 (step 288).
It is recorded in the negotiation DB 43 (step 290), and is discarded if it is not found (step 289).

FIG. 15 is a flowchart showing the processing of the broker server 12.

The authentication is performed by the certificate authority server 15 and the public key is registered (step 291).

The broker server 12 requests the auditor server 13 for a list of personal clients having a policy for using the required information category (step 292). A list of policy conformers, the policy and the contract number x are received from the auditor server 13 (step 29).
3), and record it in the negotiation DB 53 (step 294).

If negotiation is not desired, the invalidation is notified to the auditor server 13 (steps 295 and 296).
If negotiation is desired, the negotiation or the list of the other party, the contract number x, and the negotiation agent are transmitted to the auditor server 13.

It is determined whether the result of the negotiation is received from the auditor server 13 (step 298). If received, the contract number y, price, category, and temporary ID are stored in the negotiation DB 53.
Is recorded (step 300). The contract number y, price, and temporary ID are transmitted to the executor server 14 (step 301).

The reply of the contract number y and the temporary ID is received from the inspector server 13, and it is determined whether or not there is a contract corresponding to the contract number y in the negotiation DB 53 (step 302). If any, Auditor Server 1
3 to obtain the encrypted bit entrustment, the temporary shared secret key "Temp # Key", and the contract number y, and record them in the negotiation DB 53 (step 304). The content desired by the broker server 12 is encrypted with the shared secret key “Temp # Key”, and
The ID and the contract number y are transmitted to the auditor server 13 and recorded in the negotiation DB 53 (step 305). Upon receiving a reply of the contract number y and the temporary ID from the auditor server 13, the negotiation DB 53
It is determined whether or not there is a contract corresponding to the contract number y (step 306). If not, discard it (Step 30)
7) If there is, obtain a bit entrustment key and a contract number y, which are keys for bit entrustment, and record them in the negotiation DB 53 (step 3)
08). Open (decrypt) bit commission (Step 3)
09).

If access to the individual client 11 is desired, a temporary access to the executer server 14 is desired.
The ID, the contract number y, and the service (advertisement) are transmitted (steps 310 and 311).

Second Embodiment FIGS. 16 and 17 are sequence diagrams when the present system is realized as an electronic store system.

In the present embodiment, the broker server 12 is replaced with an electronic store 12. Here, in FIGS. 16 and 17,
A, C, D, and H have exactly the same contents as those of the same reference numerals in FIGS.

The certification authority server 15 authenticates all members, and generates a public key and a secret key in the public key cryptosystem.

The individual client 11 sends the personal ID, the policy, and the name of the electronic store to be accessed to the auditor server 13 (step 151). After converting the ID, the auditor server 13 stores the converted ID, contract number, and policy in the online store 1
2 (step 152).

The individual client 11 encrypts the contents to be transmitted and the contract number with the public key of the online store 12, and transmits them to the auditor server 13 (step 161). After converting the ID, the auditor server 13 transmits the ID to the online shopping mall 12 (step 162).

FIG. 18 is a flowchart showing the processing of the inspector server 13. A, C, and D are the same as those shown in FIG. 11 and FIG.

The authentication is performed by the certificate authority server 15 and the public key is registered (step 320).

A request for access to the broker server 12 is received from the individual client 11 (step 3).
21). Generate a temporary personal number (ID) using random numbers, etc.
The address DB 24 is updated (the correspondence between the ID and the temporary ID is recorded) (step 322). Contract number x in negotiation DB 28,
Usage method (access to electronic store 12), personal number (I
D) The temporary personal number (temporary ID) is recorded in the negotiation DB 28 (step 323). The temporary ID, the contract number x, and the policy are encrypted with the electronic signature of the auditor server 13 and the public key of the electronic store 12, and transmitted to the electronic store 12 (step 324).

The system waits for a certain period of time until a reply is received from the personal client 11 (steps 331 and 332). When the reply comes, the personal client 11 is authenticated and the contract number is
y, the negotiation DB 28 is searched from the ID, the ID is replaced with the temporary ID, and transmitted to the online shopping mall 12 (step 333).

The processing of the executor server 14 is the same as that shown in FIG.

FIG. 19 is a flowchart showing the processing of the personal client 11. The contents of A, C, and DH are the same as the contents of A, C, D, and H in FIG.

The authentication is performed by the certificate authority server 15 and the public key is registered (step 340). To the auditor server 13
D, access destination, and policy are transmitted (step 34)
1). The content of the requested category is encrypted with the public key of the electronic store 12 together with the contract number y (step 35).
1), the contract number y, the ID, and the encrypted content are transmitted to the auditor server 13 (step 352).

FIG. 20 is a flowchart showing the processing of the electronic store 12. The processing of A, C, D, and H in FIG.
Since the processing is the same as the processing of A, C, D, and H, the description is omitted.

The authentication is performed by the certificate authority server 15 and the public key is registered (step 60). From the auditor server 13,
Receives temporary ID, policy and contract number x (step 36)
1). The contract number y, the temporary ID, and the encrypted content are received from the auditor server 13, and it is determined whether the negotiation DB 53 has a contract corresponding to the contract number y (step 371). If there is, the content is decrypted and recorded in the negotiation DB 53 (step 373). If not, the received content and the like are discarded.

11 and 12, FIG. 13, FIG.
Each of the processes shown in FIGS. 15, 18, 19, and 20 can be stored as a program on a recording medium such as a floppy disk, CD-ROM, or magneto-optical disk, and can be executed on a computer such as a personal computer.

[0074]

As described above, the present invention provides a service using personal information while protecting the privacy of the individual by creating a situation in which only the individual himself / herself can have personal information in a complete form. It can be performed.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a service providing system according to an embodiment of the present invention.

FIG. 2 is a configuration diagram of an auditor server 13.

FIG. 3 is a configuration diagram of an executor server 14;

FIG. 4 is a configuration diagram of a personal client 11;

FIG. 5 is a configuration diagram of a broker server 12;

FIG. 6 is a sequence diagram (1) as the advertisement distribution system of the embodiment shown in FIG. 1;

FIG. 7 is a sequence diagram (2) as the advertisement distribution system of the embodiment shown in FIG. 1;

FIG. 8 is a sequence diagram (3) as the advertisement distribution system of the embodiment shown in FIG. 1;

FIG. 9 is a sequence diagram (4) as the advertisement distribution system according to the embodiment shown in FIG. 1;

FIG. 10 is a sequence diagram (5) as the advertisement distribution system of the embodiment shown in FIG. 1;

FIG. 11 is a flowchart (1) showing a process of the inspector server 13;

FIG. 12 is a flowchart (2) showing a process of the inspector server 13;

FIG. 13 is a flowchart showing processing of the executor server 14;

FIG. 14 is a flowchart showing processing of the personal client 11;

FIG. 15 is a flowchart showing processing of the broker server 15;

FIG. 16 is a sequence diagram (1) as the electronic store system of the embodiment shown in FIG. 1;

FIG. 17 is a sequence diagram (2) as the electronic store system of the embodiment shown in FIG. 1;

FIG. 18 is a flowchart showing processing of the inspector server 13;

FIG. 19 is a flowchart showing processing of the personal client 11;

FIG. 20 is a flowchart showing a process of the electronic store 12.

FIG. 21 is a diagram showing a model of personal information.

FIG. 22 is a conceptual diagram showing a conventional service using the personal information of FIG. 21.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 11 Individual client 12 Broker server, electronic store 13 Auditor server 14 Executor server 15 Certification authority server 16 Service provider 21, 31, 41, 51 Data receiving part 22, 32, 42, 52 Data transmitting part 23 ID conversion part 24 Address DB 25 Policy selection unit 26 Policy DB 27 Negotiation unit 29,45,54 Encryption / signature / authentication unit 28,33,43,53 Negotiation DB 34 Encryption / signature unit 44 Personal information DB 61 Individual client 62 Mediation server 63 Service providing client 64 Profile 65,66 Service 101-108,111-125,131-133,14
1,142 steps 151,152,161,162 steps 201-208, 211-218, 220-231,24
1-249,251-256 steps 261-264,271-311,320-324,33
1-333 steps 340,341,351,352,360,361,370
373 steps

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification code FI Theme coat ゛ (Reference) H04L 9/00 601E 673A 675D F-term (Reference) 5B017 AA03 BA07 CA16 5B085 AA01 AA08 AE00 AE29 5J104 AA01 AA07 AA16 EA06 EA19 JA21 KA01 MA02 NA02 NA03

Claims (31)

[Claims] 1. A service providing method for providing a service via a network using personal information, wherein the personal information is separated into specific information specifying an individual and content information which is the content of the personal information. The first server converts the specific information into provisional specific information and passes it to a second server. The second server generates service information by linking the service requested by a service provider and the content information, The third specific server passes the temporary specific information to the original specific information together with the temporary specific information, and transmits the service information to the individual client indicated by the specific information. How to provide services. 2. A service providing system for providing a service via a network using personal information, wherein a profile comprising specific information for specifying an individual and content information which is the content of the personal information is stored. It is possible to know only one or more individual clients and specific information of individual clients,
An auditor server for converting the specific information transmitted from the individual client into temporary specific information, and a service requested by the service provider, which can know only the content information of the individual client and receive the temporary specific information It is possible to know only the specific information of the individual client and the broker server that generates service information by linking
A service providing apparatus having an executor server that receives the temporary identification information and the service information from the broker server, converts the temporary identification information into original identification information, and transmits the service information to an individual client indicated by the identification information. system. 3. A certificate authority server authenticates all of an individual client, an auditor server, an executor server, and a broker server, and generates a public key and a secret key in a public key cryptosystem. Patrol the individual client,
Gathering policies that indicate the disclosure policy for each category of information, storing the ID and policy of the individual client in its own database, and the broker server having a policy that is willing to publish the categories it needs Requesting the individual client that is to the auditor server, the auditor server searches for an individual client with a matching policy from its own database, converts the ID to a temporary ID,
Returning the temporary ID to the broker server together with the policy and the contract number, and recording the temporary ID in the own database; Transmitting; the auditor server invoking the requested individual client for negotiation; the individual client transmitting a negotiation agent to the auditor server; and the auditor server comprising: Giving a neutral negotiation opportunity to the individual client, the broker server and the executor server, and transmitting the temporary ID and the contract number from the broker server to the executor server. And the individual client contacts the performer server. Transmitting the name and the number of the broker server; the performer server collating the contents sent from the auditor server, the broker server, and the individual client, and recording the result in its own database; An individual client generates a bit trust from the content to be transmitted to the broker server by a bit trust method, generates a secret key of a common key cryptosystem used for return from the broker server, and combines both with the contract number along with the broker. Encrypting with a public key of a server, transmitting the ID together with a contract number to the auditor server, the auditor server converting an ID, and transmitting the converted ID to the broker server; and The content of the desired category and the contract number are encrypted with the secret key, Transmitting the desired content encrypted with the received contract number and secret key to the personal client after the auditor server has converted the ID; and Is decrypted with the secret key, and if it matches the content of the user, the key of the bit consignment is encrypted.If the key does not match, it is encrypted with the contract number and the public key of the broker server.
Transmitting to the auditor server together with the contract number; step of the broker server opening and confirming the bit entrustment; and temporary ID to which the broker server wants to transmit service information.
A service information providing method for transmitting the service information to the individual client after the temporary server converts the temporary ID to the original ID. 4. A means for creating a policy database from a policy of a personal client, a means for recording correspondence between a personal ID which is information for specifying a personal client, and a temporary ID which is temporary specifying information; Request for provisional ID from
Alternatively, the provisional I of the policy conformer is obtained from the policy database.
Means for providing the temporary ID to the broker server by extracting D, means for providing a neutral negotiation opportunity to the broker negotiation agent and the individual negotiation agent, means for recording the result of the negotiation, and notifying the related parties; An auditor server having means for mediating communication between the client and the broker server. 5. A means for creating a policy database,
5. The auditor server according to claim 4, further comprising: means for receiving a policy from an individual client, and means for newly creating a policy database or updating the policy database after authenticating the individual client. 6. A means for recording a correspondence between a personal ID, which is information for specifying a personal client, and a temporary ID, which is temporary specifying information, a request for provision of a temporary ID from the personal client itself, or a policy database. By extracting the temporary ID of the policy conformer, the means for providing the temporary ID to the broker server includes a means for receiving a request of the policy conformer from the broker server and a means for authenticating the broker server, and A policy conformer is extracted from the database, and the corresponding personal ID, the relevant temporary ID,
6. The auditor server according to claim 4, further comprising: means for generating a contract number and recording the contract number in a negotiation database; and means for transmitting the temporary ID and the contract number to the broker server. 7. A means for recording a correspondence between a personal ID which is information for specifying a personal client and a temporary ID which is temporary specifying information, a request for provision of a temporary ID from the personal client itself, or a policy database. By extracting the temporary ID of the policy conformer, the means for providing the temporary ID to the broker server performs means for receiving a provision request of the temporary ID from the individual client to the broker server, and performs authentication of the individual client. And the temporary I
6. The auditor server according to claim 4, further comprising: means for generating a contract number with D and recording the contract number in a negotiation database; and means for transmitting the temporary ID and the contract number to the broker server. 8. A method for providing a neutral negotiation opportunity to a broker negotiation agent and a personal negotiation agent, recording a result of the negotiation, and notifying a stakeholder of the negotiation. Means for receiving, means for issuing a request for negotiation to the corresponding individual client, means for receiving a negotiation agent from the individual client, means for auditing the negotiation between the individual client and the broker server, The auditor server according to any one of claims 4 to 7, further comprising means for transmitting the broker server and an executor server. 9. The means for mediating communication between an individual client and a broker server includes means for transferring communication from the individual client to the broker server and communication from the broker server to the individual client, respectively. An auditor server according to any one of claims 4 to 8. 10. A means for confirming the consistency of negotiation notifications from an auditor server, an individual client, and a broker server, creating a negotiation database, and mediating the provision of services from the broker server to the individual clients. Performer server. 11. A means for confirming the consistency of the notification of negotiations from the auditor server, the individual client, and the broker server and creating a negotiation database includes the steps of: Upon receiving the notification, confirm the consistency of all three,
Means for recording the result of the negotiation in the negotiation database if the consistency is obtained, and means for mediating the provision of the service from the broker server to the individual client, wherein the means for requesting the individual client to provide the service from the broker server is provided. 11. The performer server according to claim 10, further comprising: means for receiving, replacing a temporary ID with an ID based on a record of the negotiation database, and transferring a service from the broker server to the individual client. 12. A means for registering a policy in the auditor server, a means for receiving a request for negotiation from the auditor server, or a means for transmitting a negotiation agent by indicating an intention of providing by the individual client itself, and a result of the negotiation Means for sharing the content with the auditor server and the performer server, and providing the content requested by the broker server to the broker server, or using the zero-knowledge proof to determine whether the individual client has the requested content. A personal client having means for indicating only whether or not the service is received, and means for receiving a service from the performer server. 13. The method according to claim 12, wherein the means for registering a policy with the auditor server includes means for receiving a policy registration request from the auditor server, and means for transmitting a policy to the auditor server. Individual client. 14. A means for transmitting a negotiation agent by receiving a request for negotiation from the auditor server or by indicating an intention of providing by the individual client itself, means for receiving a request for negotiation from the auditor server. , Including a means to send a negotiation agent if negotiating,
14. A personal client according to claim 12 or claim 13. 15. A means for transmitting a negotiation agent by receiving a request for negotiation from the auditor server, or indicating that the individual client intends to provide the negotiation agent, wherein the individual client specifies the broker server name which the individual client wishes to negotiate. 13. A means for transmitting to the auditor server, and means for transmitting a negotiation agent to the auditor server.
Or a personal client according to 13. 16. A means for sharing a negotiation result with the auditor server and the executor server, means for receiving the negotiation result from the auditor server, means for recording the negotiation result in a negotiation database, and 16. A personal client according to any one of claims 12 to 15, including means for transmitting to the performer server. 17. A means for providing the content requested by the broker server to the broker server, or using a zero-knowledge proof to indicate only whether the individual client has the requested content,
17. The personal client according to any one of claims 12 to 16, further comprising means for encrypting the requested content with a public key of the broker server and transmitting the encrypted content to an auditor server. 18. A means for providing the content requested by the broker server to the broker server, or using a zero-knowledge proof to indicate only whether the individual client has the requested content,
Means for generating a bit entrustment key by a bit entrustment method and generating a bit entrustment from requested content, means for generating a secret key of a common key cryptosystem, and publicizing the bit entrustment and the secret key to the broker server. Means for encrypting with the key and transmitting to the auditor server, means for receiving the encrypted content desired by the broker server from the auditor server, decrypting with the common secret key, and transmitting to the broker server If you can open the bit consignment, you can open the bit consignment key, if you can not open it,
17. The personal client according to any one of claims 12 to 16, further comprising means for encrypting with a public key of the broker server and transmitting the encrypted data to an auditor server. 19. The means for receiving a service from the performer server includes means for receiving the contract number and the service from the performer server and, if there is a corresponding record in the negotiation database, receiving the service. The personal client according to any one of items 1 to 18. 20. A means for receiving a temporary ID of an individual who is a candidate for negotiation and recording the ID in a negotiation database;
D, means for transmitting the negotiation agent of the broker server to the auditor server, means for receiving the negotiation result from the auditor server, recording the result in the negotiation database, and transmitting the result to the executor server; Means for receiving the desired content from, or means for knowing only whether or not the individual client has the content requested by using the zero-knowledge proof, and transmitting a service with the temporary ID to the executer server. A broker server having means for doing so. 21. A means for receiving a temporary ID of an individual who is a candidate for negotiation and recording the temporary ID in a negotiation database, wherein the broker server requests a list of policy conformers who have a policy desired by the broker server, Temporary I of the policy conformer
21. The broker server of claim 20, further comprising means for receiving the list of D from the auditor server and recording the list in a negotiation database. 22. A means for receiving a temporary ID of an individual who is a candidate to negotiate and recording the temporary ID in a negotiation database, wherein the request for access to the broker server is made directly from the auditor server, and the temporary ID of the access requester is received 21. The broker server of claim 20, further comprising means for recording in a negotiation database. 23. A means for receiving desired content from the individual client or means for knowing only whether or not the individual client has the requested content using zero knowledge proof, A bit commission and a common secret key created by an individual corresponding to the temporary ID, which are encrypted with the public key of the broker server, are received from the server, decrypted, and the desired content of the broker server is decrypted with the common secret key. Encrypted and transmitted to the auditor server, from which the temporary I
D including a bit trust key, encrypted by the individual client corresponding to D with the public key of the broker server,
22. A broker server according to claim 20 or 21, comprising means for receiving and decrypting messages that do not or do not. 24. The means for receiving desired content from the individual client or means for knowing only whether or not the individual client has the requested content using zero knowledge proof, 23. The broker server according to claim 20, further comprising means for receiving from the server the content encrypted with the public key of the broker server and decrypting the content with the corresponding private key. 25. The broker according to claim 23, wherein the means for transmitting the service with the temporary ID to the performer server includes means for encrypting the service with the common secret key and transmitting the service to the performer server with the temporary ID. server. 26. A process of creating a policy database from a policy of a personal client, a process of recording correspondence between a personal ID that is information for specifying a personal client, and a temporary ID that is temporary specifying information, Request for provisional ID from
Alternatively, the provisional I of the policy conformer is obtained from the policy database.
A process of providing the temporary ID to the broker server by extracting D, a process of providing a neutral negotiation opportunity to the broker negotiation agent and the individual negotiation agent, recording the result of the negotiation, and notifying a related person; A recording medium recording an auditor server program for causing a computer to execute a process of mediating communication between a client and a broker server. 27. A computer that checks the consistency of negotiation notifications from an auditor server, an individual client, and a broker server, creates a negotiation database, and mediates the provision of a service from the broker server to the individual client. Recording medium storing an executor server program to be executed by a user. 28. A process for registering a policy in the auditor server, a process for receiving a request for negotiation from the auditor server, or transmitting a negotiation agent by indicating an intention of providing by the individual client itself. A process of sharing the result with the auditor server and the executor server; providing the content requested by the broker server to the broker server; or using the zero knowledge proof, the individual client holds the requested content. A recording medium that records a personal client program for causing a computer to execute a process only indicating whether or not the service is present and a process of receiving a service from the executor server. 29. A process of receiving authentication from a certificate authority, a process of registering a policy in an auditor server, and receiving a request for negotiation from the auditor server, or by showing an intention of the negotiation by the individual client itself. A process of transmitting a negotiation agent to a human server; a process of receiving a negotiation result from the auditor server, recording the negotiation result in a negotiation database, and transmitting the content to an executor server; and encrypting the requested content with the public key of the broker server And sends it to the auditor server, or generates a bit trust key by the extended bit trust method, generates a bit trust from the requested content, generates a common secret key, and contracts with the bit trust and the common secret key. A process of encrypting a number with the public key of the broker server and transmitting it to the auditor server; and encrypting the number from the auditor server. Received by the broker server, received by the broker server, decrypted with the common secret key, the bit commission key if the bit commission can be opened, and the public key of the broker server if the bit commission cannot be opened. A personal client program for encrypting and transmitting to the auditor server, and receiving a contract number and a service from the executor server and causing a computer to execute a receiving process if there is a corresponding one in the negotiation database are recorded. recoding media. 30. A process of receiving a temporary ID of an individual who is a candidate for negotiation and recording the ID in a negotiation database;
D, a process of transmitting a negotiation agent of a broker server to an auditor server; a process of receiving a negotiation result from the auditor server, recording the result in the negotiation database, and transmitting the result to an executor server; A process of receiving the desired content from the client, or a process of using the zero knowledge proof to know only whether or not the individual client has the requested content, and providing a service together with the temporary ID to the performer server. A recording medium on which a broker server program for causing a computer to execute a transmission process is recorded. 31. The broker server requests a list of policy conformers who have a desired policy from the auditor server, receives a list of temporary IDs of the policy conformers from the auditor server, and stores the list in the negotiation database. The process of recording, or the request for access to the broker server directly from the auditor server, the process of receiving the temporary ID of the access requester and recording it in the negotiation database, Negotiating Provisional I
D, a process of transmitting a negotiation agent of a broker server to the auditor server; a process of receiving a negotiation result from the auditor server, recording the negotiation result in the negotiation database, and transmitting the result to an executor server; Receives and decrypts the bit commission and the common secret key created by the individual client corresponding to the temporary ID, which are encrypted with the public key of the broker server from the auditor server, decrypts the content, and decrypts the content desired by the broker server. Encrypted with a private key and transmitted to the auditor server, from the auditor server by the individual corresponding to the temporary ID, with or without a bit entrusted key, encrypted with the broker server's public key A process of receiving and decrypting a message, or a process of encrypting a message encrypted with the public key of the broker server from the auditor server. Receiving the Ceiling, and the corresponding process of decrypting the secret key to the process sends a service with the temporary ID to the practitioner server, or encrypt the service in the common secret key,
A recording medium on which a broker server program for causing a computer to execute a process of transmitting to the executor server together with a temporary ID is recorded.