JP2008217658A - Personal information user-limited providing system, personal information user limited providing method, and personal information user limited providing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system, capable of making personal information not usable by persons other than a personal information user, and specifying a personal information outflow source in outflow of personal information user limited data. <P>SOLUTION: The personal information is provided to the personal information user as personal information user limited data that is data of a form in which use permitted persons are limited, whereby a personal information provider can permit and stop personal information use in personal information user units by his/her will. Even if the personal information is leaked by a personal information user, the personal information provider can invalidate the personal information by an invalidation setting means for invalidating the own personal information user limited data. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a personal information user limited provision system, a personal information user limited provision method, and a personal information utilization method that provide a limited number of persons who can use personal information such as name, address, telephone number, e-mail address, and credit number. Is related to the limited program.

  With the increase in communication speed of computer networks represented by the Internet and the progress of computerization of office work, you can shop on the Internet while you are indoors, or trade stocks on your mobile phone while riding a train. An environment where users can access a computer network and use various services “anytime, anywhere” is being prepared. On the other hand, in order to receive various services, it is indispensable to register personal information such as name, address, telephone number, e-mail address, and credit number on the computer network.

  In recent years, there have been a series of incidents in which a large amount of personal information such as customer information leaks onto a computer network. In addition, due to the frequent loss of large-capacity recording media with personal information recorded, there are strict eyes on the leakage of personal information in society and the establishment of legal systems such as the Personal Information Protection Law. Information leaks in systems that handle personal information It is necessary to spend a great deal of cost and time on countermeasures and to pay close attention. Furthermore, even if personal information providers are not aware of it, the leakage of personal information to third parties has led to social problems such as sending unwanted e-mails, unnecessary direct mail, telephone solicitation, and unauthorized use of credit cards. Yes.

  In addition, as a technique for preventing personal information leakage, a method for managing the contents of personal information provided and access to personal information has been devised, and various personal information of the personal information provider (for example, name, address, year of birth) There is a system that provides personal information contents and access results that disclose personal information users (month, day, credit number, etc.). When these methods are used, it is possible to limit the personal information provided by the personal information provider to the personal information user. As a conventional technique of such a method, a technique described in Patent Document 1 is known.

Patent Document 1 discloses a system that provides personal information within a range of personal information reference authority for each registered user using a personal information disclosure server. Specifically, when the personal information provider sends an access code issuance request including personal information reference authority (information indicating what kind of personal information is provided) to the personal information disclosure server, the personal information disclosure server requests it. The access code corresponding to the personal information reference authority is generated, and the generated access code and the personal information reference authority are stored in the database in association with each other, and the access code is returned to the personal information provider. Then, the personal information provider who acquired the access code transmits the access code to the personal information user who permits the reference of the personal information, and the personal information user connects to the personal information disclosure server using the transmitted access code. This is a technique for acquiring personal information from a personal information disclosure server within a range of personal information reference authority associated with an access code.
Patent Publication 2002-229953

  Currently, systems that handle personal information encrypt the personal information and register it in the database, and technical measures to strengthen the authority to access the database, physical monitoring such as monitoring with a surveillance camera by limiting the devices that handle personal information Measures are taken. In addition, personal measures such as continuous education for persons in charge of handling personal information are taken to strengthen measures against personal information leakage.

  However, even if these latest technologies are used to limit access to personal information and adequately take measures against information leakage, it is not possible to prevent 100% of personal information leakage by unauthorized users or malicious internal users. Is possible. Moreover, since personal information leaks out without the knowledge of the personal information provider, the occurrence of damage will be discovered only after spam mail or direct mail that you do not know are sent to the personal information provider. There is currently no way to know if it has been leaked.

  Once personal information has leaked to the outside, it is virtually impossible to collect it once it has leaked onto a computer network via file exchange software, which has become a social problem in recent years. For companies that handle large amounts of personal information, When personal information such as customer information leaks onto a computer network, it threatens the continuation of the company itself, so an immediate response is required.

  An object of the present invention is to provide personal information to a personal information user as data in a format in which the personal information provider limits the authorized users (hereinafter referred to as “personal information user-limited data”). In addition to making it impossible for anyone other than information users to use it, it is possible to specify the source of personal information outflow when personal information user-limited data is leaked. Furthermore, another object is to provide a personal information user limited providing system, a personal information user limited providing method, and a personal information user limited providing program capable of invalidating the leaked personal information user limited data.

  In order to achieve the above object, a personal information user limited providing system according to the present invention includes a personal information management server having a function of managing various personal information of a personal information provider, and a user who uses the various personal information. A personal information user limited provision system in which a plurality of personal information user terminals used by the personal information provider and a plurality of personal information provider terminals used by the personal information provider are connected via a network so that they can communicate with each other The personal information management server processes various transmission data using personal information provider management unit for managing the various personal information and personal information user limited data which is data in a limited format of the authorized user. A transfer management unit, a storage unit in which a database in which the various types of personal information are registered is stored, and the personal information provider's own personal information user-limited data Characterized in that a disabling setting means for invalidating.

According to the personal information user limited providing system, personal information user limited providing method, and personal information user limited providing program of the present invention, there are the following effects.
The personal information provider provides information in the form of personal information user limited data, and the personal information user stores and manages personal information in the form of personal information user limited data. Therefore, the personal information provider is not directly handled by his / her personal information user.

-The personal information provider does not provide the personal information itself to the personal information user, but provides the personal information in the form of personal information user-limited data. Therefore, it is possible to permit and stop the use of personal information in units of personal information users at the will of the personal information provider.
-Even if personal information is leaked by a personal information user, the leaked personal information can be invalidated.

Hereinafter, an embodiment of a personal information user limited providing system to which the present invention is applied will be described.
As shown in FIG. 1, the personal information user limited provision system in this embodiment includes a personal information management server 11, a plurality of personal information user terminals 12, and a plurality of personal information provider terminals 13. The personal information management server 11, personal information user terminal 12, and personal information provider terminal 13 are connected to each other via the Internet 14 as a network.

  As shown in FIG. 2, the personal information management server 11 includes a personal information provider management unit 15, a transfer management unit 16, and a hard disk 17 as a storage unit in which various data and a database are stored. Further, the personal information management server 11 includes a computer / network transmission / reception unit 18 (for example, corresponding to a Web server or a mail server) that controls input / output from the Internet 14, and a credit card that controls input / output from the credit card settlement network. A settlement network transmission / reception unit 19, a public line network transmission / reception unit 20 that controls input / output from the public line network, and a mailing destination information reading / granting unit 21 for assigning a mailing address to a mailed item such as direct mail are provided.

As shown in FIG. 2, the personal information provider management unit 15 includes a personal information data registration unit 22, a personal information data update unit 23, a personal information user limited data creation / update unit 24, and a personal information use history reference unit 25. It has.
The personal information data registration unit 22 has a function of registering various personal information such as a personal information provider's name, address, telephone number, e-mail address, and credit number in the database in the hard disk 17 as personal information data. The personal information data updating unit 23 has a function of changing or updating various personal information registered in the database in the hard disk 17.

  The personal information user limited data creation / update unit 24 creates personal information user limited data to be transmitted to the designated personal information user terminal 12 and stores the personal information user limited data in the hard disk 17. Has a function of recording (updating if it is already created data). The personal information usage history reference unit 25 has a function of referring to the history of personal information user-limited data used by the personal information management server 11 in the past by the personal information user.

As shown in FIG. 2, the transfer management unit 16 includes an e-mail transfer management unit 26, a telephone line transfer management unit 27, a credit settlement information transfer management unit 28, and a mailing destination information transfer management unit 29.
The e-mail transfer management unit 26 checks whether there is a problem with the e-mail address that is transmitted from the personal information user terminal 12 and converted into personal information user-limited data. Specifically, for example, it is checked whether the e-mail address is forged. If it is determined that there is no problem with the e-mail address, the e-mail address is converted into an original e-mail address and transferred to the personal information provider terminal 13 used by the personal information provider. Further, personal information use history data is added to the hard disk 17.

The telephone line transfer management unit 27 checks whether there is a problem with the telephone number converted from the personal information user-limited data transmitted from the personal information user terminal 12. Specifically, for example, it is checked whether the telephone number is forged. If it is determined that there is no problem with the telephone number, it is transferred to the original personal information provider's telephone number. Further, personal information use history data is added to the hard disk 17.
The credit settlement information transfer management unit 28 checks the credit number that is transmitted from the personal information user terminal 12 and is converted into personal information user limited data. Specifically, for example, it is checked whether or not a credit number is camouflaged. If it is determined that there is no problem with the credit number, the credit number is converted into the original personal information provider's credit number and transferred. Further, personal information use history data is added to the hard disk 17.

  The mailing address information transfer management unit 29 checks mailing address data converted from personal information user-limited data transmitted from the personal information user terminal 12. Specifically, for example, it is checked whether or not the mailing address data is camouflaged. If it is determined that there is no problem with the mail address data, the mail address data is converted into mail data of the original personal information provider and transferred. Further, personal information use history data is added to the hard disk 17.

As shown in FIG. 2, personal information data 30, user registration data 31, personal information use history data 32, and created personal information user limited data 33 are recorded in the hard disk 17 as a database.
The personal information data 30 is created in the personal information data registration unit 22 of the personal information management server 11 on the basis of various kinds of personal information input from the personal information provider terminal 13 by the personal information provider. The created personal information data 30 is registered in a database in the hard disk 17. The personal information data 30 updated by the personal information data update unit 23 is also registered in the database in the hard disk 17.

As shown in FIG. 3, personal information data 30 includes a personal information provider number for uniquely identifying a personal information provider, a name, address, telephone number, e-mail address, and credit card as personal information registration information. It consists of number data.
The user registration data 31 stores information notified in advance from a personal information user who uses the personal information management server 11. As shown in FIG. 4, the user registration data 31 is an electronic information that is a personal information user number, personal information user name, personal information user address, and personal information use permission registration information that uniquely identifies a personal information user. It consists of mail address and phone number data. Multiple e-mail addresses and telephone numbers can be registered as necessary.

  The personal information use history data 32 stores the history of personal information converted by the e-mail transfer management unit 26 of the personal information management server 11 based on the personal information user limited data. As shown in FIG. 5, the personal information use history data 32 includes a personal information user number obtained by converting personal information from personal information user-limited data, and an information use year obtained by converting personal information from personal information user-limited data. It is composed of information on the date of use, information usage time, information usage classification indicating what kind of personal information is converted into information usage details data, and information user data using personal information user limited data.

  The created personal information user limited data 33 is created in the personal information user limited data creation / update unit 24 of the personal information management server 11. The created personal information user limited data 33 that has been created is registered in a database in the hard disk 17. The created personal information user limited data 33 updated by the personal information user limited data creating / updating unit 24 is also registered in the database in the hard disk 17. As shown in FIG. 6, the created personal information user limited data 33 includes the personal information user number used when creating the personal information user limited data, the personal information of the personal information provider who created the personal information user limited data. It is composed of an e-mail address, a telephone number, a credit card number, and address information, which are provider number, personal information user limited data.

The mailing address information reading / giving unit 21 has a function of reading mailing address information for mailing direct mail and outputting the mailing address information to the direct mail, an address sticker attached to the direct mail, or the like.
The personal information user terminal 12 includes a personal information user limited data management unit (not shown). The personal information user terminal 12 acquires the personal information user limited data transmitted from the personal information provider terminal 13 and stores / saves it in the personal information user limited data management unit as necessary.

When the personal information user terminal 12 uses the personal information user limited data transmitted from the personal information provider terminal 13, the personal information user terminal 12 is connected to the personal information management server 11 via the Internet 14. Then, the personal information provider terminal 13 is connected via the personal information management server 11. A mailed item such as a direct mail is mailed to a personal information provider via a mail network via a mailing address information reading / giving unit 21 of the personal information management server 11.
Specifically, the personal information provider terminal 13 is a device provided with communication means such as a personal computer or a mobile phone, and is operated by the personal information provider. That is, the personal information provider accesses the personal information management server 11 through the personal information provider terminal 13 connected to the Internet 14.

  Next, an example of a document used for a personal information user to acquire personal information user-limited data will be described. As shown in FIG. 7, in a document 40 sent from a personal information user to a personal information provider, such as a questionnaire or sweepstakes, a text 41 indicating that the personal information management server 11 can be described with personal information user-limited data. Is displayed. Further, personal information user information 42 necessary for creating personal information user-limited data such as a personal information user number is clearly described, and an entry field 43 for personal information user-specific data is provided.

  Next, an example of a Web screen used for a personal information user to acquire personal information user-limited data will be described. As shown in FIG. 8, on the Web screen 44 prepared by a personal information user such as Internet shopping, a sentence 45 indicating that the personal information user limited data of the personal information management server 11 can be input is displayed. Has been. In addition, personal information user information 46 necessary for creating personal information user limited data such as a personal information user number is clearly described, and a personal information user limited data input field 47 is provided.

  Next, using this system, the personal information cannot be used by anyone other than the personal information user, and when the personal information user-limited data is leaked, the source of the personal information can be specified A method and a method of invalidating the leaked personal information user limited data will be described. The following processing is executed under the control of a CPU (Central Processing Unit), which is a control means, based on a program stored in a memory (not shown) or the like in the personal information management server 11.

First, the flow until the personal information provider transmits the personal information user limited data to the personal information user will be described.
As shown in FIG. 9, the personal information provider obtains the personal information user number by the means shown in FIGS. 7 and 8, and the personal information from the personal information provider terminal 13 connected to the Internet 14. The personal information data registration unit 22 of the management server 11 is connected (step S91), and the personal information provider's personal information is registered in the personal information data 30 in the hard disk 17 (step S92). It should be noted that this process is omitted when personal information has already been registered in the personal information management server 11.

  Next, the personal information provider connects the personal information provider terminal 13 to the personal information user limited data creation / update unit 24 of the personal information management server 11 (step S93), as shown in FIGS. The personal information user number acquired by the means is selected to create personal information user limited data (step S94). If the personal information user limited data has already been created with the same personal information user number, the update is performed and the created personal information user limited data is displayed.

  Next, the personal information provider acquires the personal information user limited data from the personal information provider terminal 13 from the display contents of the created personal information user limited data (step S95). The personal information provider transmits the personal information user limited data to the personal information user by means shown in FIGS. 7 and 8 (step S96), and the personal information user acquires the personal information user limited data. (Step S97).

  The personal information user limited data thus created in the personal information management server 11 is displayed on the Web screen. The Web screen is displayed on a display means such as a liquid crystal display (not shown) provided in the personal information provider terminal 13. As shown in FIG. 10, the personal information user limited data 48 is created / updated by the personal information provider in the personal information user limited data creating / updating unit 24 of the personal information management server 11, and then the Web screen 49. Above, it is displayed together with personal information user information 50 such as a personal information user number and a personal information user name. The items constituting the created personal information user limited data 48 include address information, a telephone number, an e-mail address, and a credit card number.

  Next, a specific example of creating personal information user limited data will be described. As shown in FIG. 11, first, a value (candidate data) that can be personal information user-limited data is created (step S111). The value created at this time is a value that is completely unrelated to the information of the personal information provider (registered personal information) in order to prevent personal information from leaking due to reverse generation from the personal information user limited data. As for the e-mail address, the candidate data obtained is assigned with the mail server domain name of the personal information management server 11 added. For example, when the acquired candidate data is “ZZZZZZ” and the mail server domain name of the personal information management server 11 is “eee.ffffffffff.jp”, the e-mail address is “ZZZZZZ@eee.ffffffffffff. jp ".

  Next, it is checked whether or not a value (candidate data) that can be personal information user-limited data has already been registered (step S112). The content of the check is the created item (if it is a credit card number, only for the created personal information user for the data having the personal information user number used for creation in the created personal information user limited data 33 Whether or not the same value already exists in the credit card number) of the data 33 is searched. If the same value already exists, the candidate data is recreated again. On the other hand, if the same value does not exist, the personal information user limited data is confirmed (step S113).

Next, a flow until the personal information user transmits an e-mail to the personal information provider terminal 13 using the personal information user limited data will be described.
As shown in FIG. 12, the personal information user uses the personal information user terminal 12 to send the email address in the personal information user-limited data format acquired from FIGS. An e-mail is transmitted using the registered e-mail address (step S121).

  The mail server of the computer network transmission / reception unit 18 of the personal information management server 11 receives the transmitted e-mail (step S122), and whether the received e-mail is data to be transferred by the e-mail transfer management unit 26 or not. The transfer check, transfer email editing, and transfer destination email address setting are performed (step S123). After the processing, the information is transmitted from the mail server of the computer / network transmitting / receiving unit 18 to the personal information provider terminal 13 (step S124), and the personal information provider terminal 13 receives the email (step S125).

Next, a transfer check and transfer destination e-mail address setting method performed in the e-mail transfer management unit 26 of the personal information management server 11 will be described.
As shown in FIG. 13, first, it is searched whether or not the transmission source address of the e-mail is registered in the user registration data 31 (step S131). If it is not registered, the e-mail is discarded because it is a person who is not permitted to use the personal information user limited providing system in the first place (step S132). On the other hand, if the e-mail is registered, the personal information user number in which the e-mail address of the transmission source is registered in the user registration data 31 is acquired, and the created personal information user limited data 33 is obtained. It is searched whether or not the e-mail address designated as the transmission destination is registered with the personal information user number acquired in step S133.

  If the destination e-mail address is not registered, the reply e-mail is edited (step S134), and the e-mail is returned to the source (step S135). On the other hand, when the transmission destination e-mail address is registered, the transfer e-mail is edited (step S136), and the personal information provider number (transmission) of the created personal information user limited data 33 corresponding to step S133 is applied. The personal information data 30 is searched using a personal information provider created by using the previous e-mail address as personal information user-limited data. Then, the e-mail is transferred to the e-mail address of the corresponding record (step S137).

  Here, an example of the transfer e-mail edited in step S136 in FIG. 13 will be described. As shown in FIG. 14, a sentence 52 indicating that the transfer processing has been performed in the personal information management server 11 is added to the head of the body of the e-mail for transfer on the Web screen 51. In addition, personal information user information 53 such as a personal information user number and a personal information user name is also added. Processing date and time when the e-mail is transferred, source e-mail address, destination e-mail An address is also added. Furthermore, a separator from the mail body that is the transfer source is also added.

  In this way, the transfer e-mail is “clearly stated that the transfer process has been performed”, “clearly specifies the user of the personal information”, and “clearly specifies the destination and the e-mail address of the transmission source”, and returns to the personal information provider terminal 13 The following points can be given as the effects of the transfer. That is, when the personal information user-limited data stored and managed in the personal information user terminal 12 leaks to a third party without the knowledge of the personal information user, the e-mail address used at the source is changed. If it is sent as a sender, it will be forwarded.

  On the other hand, in the present embodiment, it is personal information user-limited data whose source is known, and information such as that shown in FIG. Information 53) has been added, so if it is used to send information other than “personal information users” such as advertisement emails, a third party other than “personal information users” who clearly authorized the use of personal information It can be easily determined whether or not the user is impersonated. It is also possible to know that the information leaking source is the “personal information user” of the forwarded mail.

  An example of the transfer e-mail edited in step S134 in FIG. 13 will be described. As shown in FIG. 15, a sentence 55 indicating that the return processing has been performed in the personal information management server 11 is added to the head of the body of the return e-mail on the Web screen 54. In addition, personal information user information 56 such as a personal information user number and a personal information user name is also added. The processing date and time, the transmission source e-mail address, and the transmission destination e-mail of this e-mail return process. An address is also added. In addition, a separator from the mail body that is the return source is also added.

  In this way, the individual who is the sender of the e-mail by performing “specify that the return process has been performed”, “specify the user of the personal information”, and “specify the destination and source e-mail address” in the return e-mail The following points can be given as the effect of returning to the information user terminal 12. In other words, if a destination is created at random and sent as a sender of spam (spam emails) such as advertisements and fraudulent acts, it will be forwarded to some personal information users. However, since most of the destinations are not registered, they are returned to the personal information user who is impersonated.

  Therefore, users of personal information who have received a large number of return emails can know the fact that their email address is impersonated, and spam emails such as advertisements and fraudulent acts can be forwarded Therefore, it is possible to take necessary measures such as sending an e-mail alerting registered personal information providers.

  Next, a process until the personal information user connects the telephone line to the personal information provider terminal 13 using the personal information user limited data will be described. As shown in FIG. 16, the personal information user connects the telephone line from the public line network to the personal information management server 11 by the personal information user terminal 12, and the personal information user's telephone number and personal information user-limited data Is transmitted (step S161). As a specific method, the telephone number transmission function is enabled and connected to the representative telephone number of the personal information management server 11. After connection, there is a method of transmitting a telephone number of personal information user-limited data in the form of an extension number.

  The public line network transmission / reception unit 20 (such as a public line transmission / reception apparatus having a telephone line transfer function) of the personal information management server 11 receives the telephone line (step S162), and the received telephone line is the telephone line transfer of the personal information management server 11 The management unit 27 checks whether the data is to be transferred and sets a transfer destination telephone number (step S163). Thereafter, the telephone line is transferred from the telephone line transfer device of the public line network transmitting / receiving unit 20 to the personal information provider terminal 13 (step S164), and the personal information provider terminal 13 receives the telephone line (step S165).

Next, a transfer check and transfer destination telephone number setting method performed in the telephone line transfer management unit 27 of the personal information management server 11 will be described.
First, as shown in FIG. 17, it is searched whether or not the transmission source telephone number of the telephone line is registered in the user registration data 31 (step S171). If the source telephone number is not registered, the telephone line is disconnected because the person who is not permitted to use the personal information user limited provision system itself (step S172). On the other hand, when the transmission source telephone number is registered, the personal information user number in which the transmission source telephone line is registered in the user registration data 31 is acquired, and the created personal information user limited data 33 is acquired. A search is performed as to whether the telephone number designated as the transmission destination is registered with the acquired personal information user number (step S173).

  If the destination telephone line is not registered in step S173, a message indicating that the connection destination is not registered is reproduced (step S174). On the other hand, if the telephone number of the transmission destination is registered, the personal information provider number (the telephone number of the transmission destination is used as the personal information user limited data) of the created personal information user limited data 33 corresponding in step S173. The personal information data 30 is retrieved using the created personal information provider), and the telephone line is transferred to the telephone number of the corresponding record (step S175).

  Next, a process in which a personal information user performs credit settlement using personal information user-limited data will be described. As shown in FIG. 18, the personal information user transmits the credit settlement information from the personal information user terminal 12 to the personal information management server 11 using the credit card number of the personal information user limited data (step S181). . Here, the credit settlement information is a personal information user number and a credit card number of the personal information user-limited data in various information (credit card expiration date, etc.) necessary for performing a credit settlement other than the credit card number. Include information.

  Next, the credit card settlement network transmission / reception unit 19 of the personal information management server 11 receives the credit settlement information (step S182), and whether the received credit settlement information is data to be transferred by the credit settlement information transfer management unit 28 or not. Transfer check, transfer credit settlement information editing, and credit card number setting are performed (step S183). Thereafter, the credit card settlement network transmission / reception unit 19 transmits the credit settlement network to the credit settlement network (step S184).

Next, a transfer check and credit card number setting method performed in the credit settlement information transfer management unit 28 of the personal information management server 11 will be described.
As shown in FIG. 19, first, it is searched whether or not the personal information user number of the credit settlement information transmission source is registered in the user registration data 31 (step S191). If the personal information user number is not registered, the credit settlement information is discarded because the person is not permitted to use the personal information user limited providing system in the first place (step S192). On the other hand, when the personal information user number is registered, the credit card in the personal information user limited data format included in the credit settlement information with the personal information user number for the created personal information user limited data 33 It is searched whether or not the number is registered (step S193).

  In step S193, if a credit card number in the personal information user-limited data format is not registered, the return credit settlement information is edited (step S194), and the credit settlement information is returned to the transmission source (step S195). ). On the other hand, if a credit card number in the personal information user limited data format is registered in step S193, the transfer credit settlement information is edited (step S196), and the created personal information used in step S193 is used. Personal information data 30 is searched using the personal information provider number of the person-limited data 33 (the personal information provider who created the credit card number in the personal information user-limited data format), and the credit card of the corresponding record The number is edited into credit settlement information and transferred to the credit settlement network (step S197).

Next, a process until the personal information user transmits a mailed matter to the personal information provider using the personal information user limited data will be described.
As shown in FIG. 20, first, the personal information user handles the personal information user number and the address information in the personal information user-limited data format acquired by the personal information user from FIGS. Bring it to the personal information management server 11 in the form that it was made (step S201). As a specific method, there is a method of bringing a personal information user number and address information (hereinafter referred to as mailing destination information) in a personal information user-limited data format in a printed form.

  Next, the mail address information reading / giving unit 21 of the personal information management server 11 takes in the mail address information of the mailed matter to the personal information management server 11 (use of an automatic reading device, manual operation by an operator, etc.) (step S202), The fetched mail address information is checked by the mail address information transfer management unit 29 to determine whether it is a mail to be transferred, and the mail address information is edited (step S203). Thereafter, the mail address information reading / giving unit 21 prints the mail address information on the mailed matter and mails it to the personal information provider (step S204), and the personal information provider receives the mailed matter (step S205).

Next, a transfer check and mail address setting method performed in the mail address information reading / giving unit 21 of the personal information management server 11 will be described.
As shown in FIG. 21, first, it is searched whether or not the personal information user number of the mailing address information is registered in the user registration data 31 (step S211). If the personal information user number is not registered, the mail is discarded because it is a person who is not permitted to use the personal information user limited providing system in the first place (step S212). On the other hand, when the personal information user number is registered, the personal information user limited data 33 of the mailing address information is used in the personal information user limited data format of the mailing address information with respect to the created personal information user limited data 33. It is searched whether address information is registered (step S213).

  If the address information in the personal information user-only data format of the mailing address information is not registered in step S213, the address information for return is edited (step S214), and the mailed item is returned to the mailing source (step S215). ). On the other hand, if the address information in the personal information user-only data format of the mailing address information is registered in step S213, the transfer address information is edited (step S216), and the created personal information corresponding to step S213 is created. Using the personal information provider number of the user limited data 33 (the personal information provider that created the address information in the personal information user limited data format of the mailing address information of the mailing address as the personal information user limited data), The personal information data 30 is searched, and the mailed matter is transferred to the address of the corresponding record (step S217).

  Here, an example (document) of a mailed item that the personal information user brings into the personal information management server 11 will be described. As shown in FIG. 22, on a document 57 sent from a personal information user such as a questionnaire or a guide, the personal information user number 58 of the mailing source and the address information 59 in the personal information user limited data format of the mailing destination are printed. Has been. If the automatic reading device can be used, the personal information user number 58 of the mailing source and the address information 59 in the personal information user-limited data format of the mailing destination can be processed by the automatic reading device. Print with.

Next, a method for editing the forwarding address information performed in step S216 of FIG. 21 in the personal information management server 11 will be described.
As shown in FIG. 23, a text to the effect that transfer processing has been performed in the personal information management server 11 is added to the head of the mail address information column of the mail 61, and mail address information, personal information users Information (personal information user name, personal information user address, etc.) is also added. As described above, the effects obtained by mailing to the personal information provider by “specifying that the transfer process has been performed” and “specifying the user of the personal information” on the mailed mail are as follows.

  As in the case of the e-mail shown in FIG. 14, when the personal information user-limited data stored and managed by the personal information user leaks without the knowledge of the personal information user, the personal information usage is known. Because it is limited data, it will be transferred if the personal information user number used at the outflow source is disguised (spoofed) and mailed, but since information as shown in FIG. 23 is added at the time of transfer, When used for sending information other than "personal information users" such as direct mail, it is easy to determine whether a third party other than "personal information users" who are clearly allowed to use personal information has been impersonated. . Further, it is possible to know that the information leaking source is “personal information user” of the personal information user information.

Next, the method for editing the return address information performed in step S214 in FIG. 21 in the personal information management server 11 will be described.
As shown in FIG. 24, a text indicating that the return processing has been performed in the personal information management server 11 is added to the head of the text in the mailing address information column of the mailed item 62, and mailing address information and personal information users are also sent. Information (personal information user name, personal information user address, etc.) is also added. As described above, the effects of returning “to the personal information user who is the mail source” after specifying “return processing has been performed” and “specifying the user of personal information” on the returned mail are as follows: Can be given.

  As in the case of the e-mail shown in Fig. 14, if a mailing address is randomly created and mailed as a mailing source for unwanted mail such as advertisements and fraudulent acts, the personal information user is impersonated (spoofed) and mailed. However, most of them are returned to personal information users who have been camouflaged (spoofed) because their mailing address is not registered. Personal information users who have received a large number of returned mailings can know the fact that their personal information user number is impersonated, and there is a possibility that annoying mailings such as advertisements and fraudulent acts were mailed It is possible to take necessary measures such as contacting the registered personal information provider for attention.

Next, an example in which personal information use history data of the personal information management server 11 is displayed on a Web screen will be described.
As shown in FIG. 25, the information usage recorded in the personal information usage history data 32 is displayed on the Web screen 63 on which the personal information provider displays the history in the personal information usage history reference unit 25 of the personal information management server 11. The date, information usage time, usage information, personal information user number, and personal information user name having the personal information user number are displayed. Therefore, the personal information provider who created the personal information user-limited data can know “when”, “what personal information”, and “who used it”.

  An example of the personal information user selection screen for invalidating the personal information user limited data of the personal information management server 11 will be described. The means for invalidating the personal information user limited data is realized by a CPU (not shown) of the personal information management server 11 that operates based on a program or the like.

  As shown in FIG. 26, the personal information provider selects a personal information user who invalidates the created personal information user limited data 33 in the personal information user limited data creation / update unit 24 of the personal information management server 11. On the screen 64, the personal information user number recorded in the created personal information user limited data 33 having the personal information provider number of the processing personal information provider (in the past, the personal information provider The personal information user number that created the user-limited data) and the information (personal information user name, personal information user address) of the personal information user having the personal information user number are displayed.

  Further, the Web screen 64 has a selection means (a check box, a radio button, etc.) for selecting a personal information user for whom invalidation setting is executed while the personal information provider confirms the information of the personal information user. The personal information user number selected here and the created personal information user limited data 33 having the personal information provider number of the personal information provider that is performing the processing are shown in steps S133 and 17 in FIG. It excludes from the check object data whether the transmission destination of step S173, step S193 of FIG. 19, and step S213 of FIG. 21 is registered.

  In this way, invalidation is realized by excluding from the check target data (excluded from the check target data at the time of checking, such as providing an invalidation flag in the data). After the created personal information user limited data 33 is invalidated, if the personal information user uses the created personal information user limited data 33, it is processed as “no corresponding person”, and as a result, the personal information It can no longer be used for sending e-mail to the provider, telephone connection, credit card payment, and mailing.

  Next, an example of a Web screen for updating personal information data of the personal information management server 11 will be described. As shown in FIG. 27, the personal information data 30 registered in the personal information data 30 is displayed on the Web screen 65 where the personal information provider updates the personal information data in the personal information data update unit 23 of the personal information management server 11. (Name, address, phone number, e-mail address, credit number, etc.) are displayed. In addition, an input field for personal information data (name, address, telephone number, mail address, credit number, etc.) to be updated is also displayed, and the personal information data 30 is updated with the value input in the input field.

  It will be used when the personal information user limited data 33 created after the personal information data update processing is processed by the personal information management server 11, for example, when the e-mail address is changed, it is changed in the past. Although the later e-mail address must be individually transmitted to the personal information user, when the personal information management server 11 is used, only the personal information data 30 need be changed.

As described above, according to the personal information user limited system of the present embodiment, the following effects can be obtained.
・ If personal information provider-only data is used by a person (other than a personal information user) who is not permitted to use the personal information provider, the personal information management server 11 will be excluded from the transfer process. Only personal information users who are allowed to use can use personal information user-limited data.

  ・ Personal information user-limited data can be used if impersonated (spoofed) and used as a personal information user, but the information shown in FIGS. 14 and 23 is added at the time of transfer to the personal information management server 11 Therefore, if it is used to send information other than “personal information users” such as advertisement emails, it is easy to see if a third party other than “personal information users” who has clearly permitted the use of personal information has been camouflaged (spoofed) Judgment is made. It is also possible to know that the information leakage source is the “personal information user” of the forwarded mail.

  ・ If you create a destination randomly and impersonate (spoof) a personal information user and send direct mail, advertising mail, or fraudulent information, some will be forwarded, but most of them will be sent to Since it is not registered, it is returned to the personal information user who is impersonated. Therefore, a personal information user who has received a large amount of return data (e-mail or mail) can know the fact that he / she is impersonating, and direct mail, advertising mail and fraudulent information are transferred. It is possible to take necessary measures such as calling a registered personal information provider who may have been registered.

  ・ Personal information user-specific data can be invalidated for each personal information user, so when using "other than the intended purpose", the personal information itself that has been "used for other than the intended purpose" in the conventional technology Changes (e-mail address, phone number change, address change, etc.) cannot be fundamentally resolved, and as a result, the personal information provider has a great disadvantage (to friends and related parties) associated with the change. Communication of changes, and financial and mental burdens associated with the changes. On the other hand, in this system, by using the personal information management server 11, the personal information usage history data is periodically monitored for personal information users who are using it without the knowledge of the personal information provider. However, if the personal information user who performed “use other than the purpose of use” as described in the description of FIGS. 14 and 23 is specified and invalidated, only the person who made “use other than the purpose of use” is invalidated. Can be

・ When a personal information provider determines that the purpose of using personal information user-limited data has been achieved, such as after the end of an Internet shopping transaction, it invalidates the personal information user who has completed the transaction, Can be prevented in advance by the personal information provider.
・ In the event that an outflow of personal information user-limited data stored and managed by a personal information user is detected, the personal information user number of the outflow source on the user registration data 31 of the personal information management server 11 is invalidated By excluding data from the data to be checked at the time of checking (for example, setting an invalidation flag in the data), all personal information user-limited data created with the personal information user number of the leaked source may be made unusable. it can.

  -By updating the personal information data 30 of the personal information management server 11, it is possible to change the personal information without individually telling the contents of the change to the personal information user who uses the personal information user-limited data. it can. For example, when an e-mail address is changed, conventionally, it has been necessary to individually transmit the changed e-mail address to a personal information user. On the other hand, in this system, when the personal information management server 11 is used, only the personal information data 30 need be changed.

The embodiment described above may be modified as follows.
In the above embodiment, the name, address, telephone number, e-mail address, and credit number have been described as examples of personal information. However, personal information (account number, basic pension) that can be handled as personal information user-limited data Needless to say, it can be applied in the same way as long as the number, basic resident register number, health insurer number).

  In this embodiment, the personal information provider uses the Internet 14 as a means for connecting to the personal information management server 11, but it is written, verbal (including communication by telephone), FAX, dedicated terminal, mobile phone It goes without saying that any type of information can be used as long as it can transmit information necessary for creating personal information user-limited data to the personal information management server 11 such as a telephone. Furthermore, it may be a computer network such as a LAN (Local Area Network) or a WAN (Wide Area Network), a dedicated credit card settlement network, or a plurality of these lines may be mixed.

1 is a system configuration diagram showing an embodiment of the present invention. The block block diagram of a personal information management server. An example of storing personal information data in the personal information management server. An example of storing user registration data of a personal information management server. An example of storing personal information use history data of a personal information management server. An example of storage of created personal information user-limited data in the personal information management server. An example of a personal information user's personal data user limited data acquisition method. An example of a personal information user's personal data user limited data acquisition method. Processing example until the personal information provider transmits personal information user limited data to the personal information user. An example of the personal information user limited data display method of a personal information user limited system. The flowchart which shows the personal information user limited data creation system example of a personal information management server. Processing example until the personal information user sends an e-mail to the personal information provider using the personal information user limited data. The flowchart which shows the example of the system of the transfer check performed in the email transfer management part of a personal information management server, and a forwarding destination email address setting. An example of the method of editing a transfer e-mail executed by the personal information management server. An example of a method for editing a return e-mail executed by the personal information management server. Processing example until the personal information user connects the telephone line to the personal information provider using the personal information user limited data. The flowchart which shows the example of a system of the transfer check performed in the telephone line transfer management part of a personal information management server, and a transfer destination telephone number setting. Processing example until the personal information user makes a credit card payment using the personal information user limited data. The flowchart which shows the example of a method of the transfer check performed in the credit settlement information transfer management part of a personal information management server, and a credit card number setting. Processing example until a personal information user sends a mail to a personal information provider using personal information user-limited data. The flowchart which shows the example of the system of the transfer check performed in the mail address information reading and provision part of a personal information management server, and mail address setting. An example of a method in which a personal information user brings mailing address information to a personal information management server in a form corresponding to a mailed item. An example of the transfer address information editing method executed by the personal information management server. An example of the method of editing the return address information executed by the personal information management server. An example of a personal information use history data display method. An example of the personal information user selection screen which invalidates personal information user limited data. An example of the personal information data update method.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 11 ... Personal information management server, 12 ... Personal information user terminal, 13 ... Personal information provider terminal, 14 ... Internet as a network, 15 ... Personal information provider management part, 16 ... Transfer management part, 17 ... As storage part Personal information data registration unit, 23 ... personal information data update unit, 24 ... personal information user limited data creation / update unit, 25 ... personal information use history reference unit, 26 ... e-mail transfer management unit, 27 ... telephone line transfer management unit, 28 ... credit settlement information transfer management unit.

Claims (11)

A personal information management server having a function of managing various personal information of the personal information provider;
A plurality of personal information user terminals used by users who use the various personal information;
A personal information user limited providing system in which a plurality of personal information provider terminals used by the personal information provider are communicably connected via a network,
The personal information management server includes:
A personal information provider management unit for managing the various personal information;
A transfer management unit for processing various types of transmission data using personal information user-limited data, which is data in a limited format of authorized users;
A storage unit storing a database in which the various personal information is registered;
A personal information user limited providing system, comprising: an invalidation setting means for invalidating the personal information user limited data of the personal information provider. The personal information provider management unit
A personal information data registration unit for registering the various personal information as personal information data;
A personal information data update unit for executing changes and updates of the registered personal information;
A personal information user limited data creating / updating unit that creates personal information user limited data for a specified personal information user and registers or updates the created personal information user limited data;
The personal information use history reference unit that refers to a history of personal information user-limited data used by a personal information user limited provision system by a personal information user in the past. Personal information users limited provision system. The transfer management unit
There is no problem in the e-mail address by checking the e-mail address addressed to the personal information provider using the e-mail address converted from the personal information user terminal and transmitted from the personal information user terminal. If it is determined, the e-mail address converted to the personal information user-limited data is converted to the original e-mail address and transferred to the personal information provider terminal, and the addition of personal information use history data is executed. An email transfer manager to
The telephone number addressed to the personal information provider using the telephone number that has been converted to the personal information user-limited data sent from the personal information user terminal was checked, and it was determined that there was no problem with the telephone number. In this case, the telephone number of the personal information user-limited data is transferred to the original personal information provider's telephone number, and the telephone line transfer management unit executes addition of personal information usage history data;
The credit number that is transmitted from the personal information user terminal and converted into personal information user limited data is checked. If it is determined that there is no problem with the credit number, the personal information user limited data is converted into data. A credit settlement information transfer management unit that converts a credit number of a personal information provider into a credit number of an original personal information provider, transfers the credit number to the network, and executes addition of personal information use history data. The personal information user limited providing system according to claim 1 or claim 2. A personal information management server having a function of managing various personal information of the personal information provider;
A plurality of personal information user terminals used by users who use the various personal information;
A personal information user limited providing method using a personal information user limited providing system in which a plurality of personal information provider terminals used by the personal information provider are communicably connected via a network,
The personal information provider terminal obtaining a personal information user number;
Connecting the personal information provider terminal to a personal information registration unit of the personal information management server via the network;
Registering personal information of a personal information provider in personal information data stored in a storage unit of the personal information management server;
Connecting the personal information provider terminal to the personal information user-limited data creating / updating unit of the personal information management server and selecting the personal information user number to execute creation of personal information user-limited data When,
Displaying the created personal information user-limited data on the display means of the personal information provider terminal;
The personal information provider terminal acquiring personal information user limited data based on the display content of the personal information user limited data;
The personal information provider terminal transmitting the personal information user limited data to a personal information user terminal;
The personal information user terminal providing method, wherein the personal information user terminal includes the step of acquiring the personal information user limited data. A personal information management server having a function of managing various personal information of the personal information provider;
A plurality of personal information user terminals used by users who use the various personal information;
A personal information user limited providing method using a personal information user limited providing system in which a plurality of personal information provider terminals used by the personal information provider are communicably connected via a network,
Using the e-mail address registered in the user registration data stored in the storage unit of the personal information management server, using the e-mail address in the personal information user-limited data format acquired by the personal information user terminal as the transmission destination Sending an e-mail,
Receiving an e-mail at the personal information management server;
Executing a transfer check as to whether or not the data is to be transferred in the e-mail transfer management unit of the personal information management server, editing a transfer e-mail, and setting a transfer destination e-mail address;
Sending the edited email to the personal information provider terminal;
The personal information provider terminal providing method wherein the personal information provider terminal receives the edited electronic mail. A personal information management server having a function of managing various personal information of the personal information provider;
A plurality of personal information user terminals used by users who use the various personal information;
A personal information user limited providing method using a personal information user limited providing system in which a plurality of personal information provider terminals used by the personal information provider are communicably connected via a network,
The personal information user terminal is connected to a telephone line from a public network to the personal information management server, and the personal information user is a limited format data of the telephone number of the personal information user terminal and the authorized person Sending a phone number included in the limited data;
Receiving a telephone line at a public line network transmission / reception unit of the personal information management server;
A step of executing a transfer check and setting of a transfer destination telephone number as to whether or not the received telephone line is data to be transferred by the telephone line transfer management unit of the personal information management server;
Transferring a telephone line from the telephone line transfer device of the public line network transceiver to the personal information provider terminal;
The personal information provider limited providing method comprising: a step of receiving a telephone line by the personal information provider terminal. A personal information management server having a function of managing various personal information of the personal information provider;
A plurality of personal information user terminals used by users who use the various personal information;
A personal information user limited providing method using a personal information user limited providing system in which a plurality of personal information provider terminals used by the personal information provider are communicably connected via a network,
The personal information user terminal transmitting credit settlement information using a credit card number included in personal information user-limited data, which is data in a limited format of authorized users;
Receiving the credit payment information at a credit card payment network transmission / reception unit of the personal information management server;
A transfer check as to whether or not the received credit settlement information is data to be transferred by a credit settlement information transfer management unit of the personal information management server, editing the credit settlement information, and setting a credit card number;
And providing the credit card settlement network transmission / reception unit with the credit settlement information to the credit settlement network. Means for creating candidate data that can be personal information user limited data that has nothing to do with personal information registered by the personal information provider in order to prevent personal information from leaking due to reverse generation from the personal information user limited data; ,
In the created personal information user-limited data, the data having the personal information user number used for creation is searched for whether the same value already exists in the created item, and the personal information user-limited Means for checking whether candidate data that can be data has already been registered,
If the same value already exists in the creation item, means for re-creating candidate data again,
A computer-readable personal information user limited providing program, characterized by executing means for determining the personal information user limited data. Means for searching whether the e-mail sender address is registered in the user registration data;
If not, means for discarding the email;
Acquire the personal information user number in which the sender's e-mail address is registered in the previous period user registration data, and specify it as the destination with the personal information user number acquired for the created personal information user-only data Means for searching whether or not a registered e-mail address is registered,
If the destination email address is not registered, means for editing the reply email;
A means of performing an e-mail return to the sender;
If the destination e-mail address is registered, means for editing the forwarding e-mail;
The personal information data is searched using the personal information provider number of the corresponding created personal information user-limited data, and means for transferring the e-mail to the e-mail address of the corresponding record is executed. A computer-readable personal information user limited program. Means for searching for whether the telephone source telephone number is registered in the user registration data;
If not registered, a means for disconnecting the telephone line;
If it is registered, the personal information user number obtained for the created personal information user-limited data is acquired as well as acquiring the personal information user number in which the sender telephone line is registered in the user registration data. A means for performing a search to determine whether or not the telephone number designated as the destination by the number is registered,
If the destination telephone number is not registered, means for playing a message that the connection destination is not registered,
When the destination telephone number is registered, the personal information data is searched using the personal information provider number of the corresponding created personal information user-limited data, and the telephone line is connected to the telephone number of the corresponding record. And a computer-readable personal information user limited providing program, characterized by executing the means for transferring. Means for searching whether or not the personal information user number of the sender of the credit settlement information is registered in the user registration data;
If not registered, a means for discarding credit payment information;
If registered, whether or not a credit card number in the personal information user limited data format included in the credit settlement information is registered with the personal information user number for the created personal information user limited data. Means for searching;
If a credit card number in the personal information user-only data format is not registered, means for executing editing of the return credit settlement information;
Means for returning credit payment information to the sender;
When a credit card number in the personal information user-only data format is registered, a means for editing the credit settlement information for transfer,
Means for searching personal information data using the personal information provider number of the created personal information user-limited data and editing the credit card number of the corresponding record into credit settlement information;
And a means for transferring the credit settlement information to a credit settlement network.

Images