JP2012095197A - Position information transmission system, terminal equipment, position information transmission method and position information transmission program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a user to freely use a service utilizing position information while protecting the privacy of the user.SOLUTION: A position information transmission system includes: position information transmission history storage means 501 for storing the history of the position information transmitted in response to the request of application software or service software together with the information of a request origin; risk tolerance storage means 502 for storing the privacy invasion risk tolerance of the user for convenience provided by the software; position information transmission risk calculation means 503 for capturing the degree of the possibility of recognizing the positional action information of the user by the transmission of the position information of this time as the degree of a privacy invasion risk, and calculating the evaluation value of the privacy invasion risk on the basis of the transmission history of the position information and the position information to be transmitted this time; and position information correction means 504 for correcting the position information on the basis of the calculated privacy invasion risk evaluation value and the privacy invasion risk tolerance of the user.

Description

  The present invention relates to a location information transmission system, a terminal device, a location information transmission method, and a location information transmission program for transmitting location information of a terminal while protecting the privacy of the terminal user.

  When a terminal device such as a portable terminal incorporates a GPS (Global Positioning System) receiver, an application that operates on the terminal device acquires location information of the terminal device or is connected to the terminal by a wireless or wired communication means. It has become possible to transmit to a server, and services utilizing terminal location information have become widespread.

  Examples of services include those that introduce nearby restaurants based on the current location information of the terminal device, and those that simultaneously send information on the current location when sending messages and images to the server.

  As for the terminal location information acquisition method, not only the location information is passed to the application or server running on the terminal when the user gives an instruction, but also the application that is always running behind in the terminal is acquired spontaneously. In some cases, the position information is acquired by an instruction of a content description language such as an HTML (HyperText Markup Language) language or a script language displayed on a browser operating on the terminal, and transmitted to the server.

  By utilizing location information for services in this way, users can use services tailored to their own situations, but on the other hand, service providers are informed of their current location and movement history. Privacy infringement risk.

  Examples of techniques for avoiding and reducing this privacy infringement include the following. One is to declare that the GPS function is used at the time of application installation, and to make the corresponding function available only when the user approves it. For example, an equivalent mechanism is implemented in an i-appli (registered trademark) service provided by NTT DocoMo and an Android (registered trademark) application provided by Google. In both cases, a list of functions used by the application is described in the file describing the application information, and the user operates to confirm the use of these functions when installing the application.

  As another technique, there is a technique that prevents the service provider from grasping the accurate position of the user by changing the accuracy of the position information transmitted to the application or the server. For example, Patent Document 1 describes a technology that makes it difficult to specify the location of a terminal from the server by sending only location information with sufficiently low accuracy to the server.

JP 2002-048561 A

  However, in the method in which the application declares the right to use the function to the user and the method is made available only when the user approves, it takes time and effort for the user to approve. In addition, if the use of the function, in this case, the use of the position information acquisition function is not approved, the user cannot use the corresponding service, and there is a problem that the convenience of the user is impaired.

  Further, in the method of transmitting the position information with a low accuracy as described in Patent Document 1, the accuracy of various information provided by the service is lowered as the accuracy of the position information decreases, and as a result. However, there is a problem that the service quality is unsatisfactory for the user.

  For example, if you want to acquire information on nearby restaurants according to the current location information, if you reduce the accuracy of the location information to be transmitted, the restaurant that is far away from the actual user location There is a possibility of recommending it as a nearby one.

  An object of the present invention is to provide a location information transmission system, a terminal device, a location information transmission method, and a location information transmission program that enable a user to use a service utilizing location information without inconvenience while protecting the privacy of the user. There is to do.

  The location information transmission system according to the present invention determines the location of a terminal device in response to a request for application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network. A position information transmission system for transmitting position information to indicate, a position information transmission history storage means for storing a history of position information transmitted in response to a request of application software or service software together with information of a request source, and application software or service Risk tolerance storage means for storing the privacy infringement risk tolerance allowed by the user for the convenience provided by the software, and the degree of possibility of grasping the user's positional behavior information by transmitting the current location information Privacy infringement The degree of possibility is determined based on the position information transmitted so far indicated by the position information history stored in the position information transmission history storage means and the position information transmitted this time. Position information transmission risk calculation means calculated as an infringement risk evaluation value, privacy infringement risk evaluation value calculated by the position information transmission risk calculation means, and the user's privacy infringement risk tolerance stored in the risk tolerance storage means And position information correction means for correcting the position information transmitted this time.

  The terminal device according to the present invention determines the location of the terminal device in response to a request for application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network. Position information transmission means for transmitting position information to be indicated, position information transmission history storage means for storing a history of position information transmitted in response to a request from application software or service software, together with information of a request source, and application software or service software Privacy tolerance storage means for storing the tolerance of privacy infringement risk allowed by the user for the convenience to be provided, and the degree of possibility of grasping the positional behavior information of the user by transmitting the current location information Degree of infringement risk Based on the position information transmitted so far indicated by the position information history stored in the position information transmission history storage means and the position information transmitted this time, the degree of possibility is determined as the privacy infringement risk. Based on position information transmission risk calculation means calculated as an evaluation value, privacy infringement risk evaluation value calculated by the position information transmission risk calculation means, and user's privacy infringement risk tolerance stored in the risk tolerance storage means And position information correcting means for correcting the position information transmitted this time.

  The location information transmitting method according to the present invention determines the location of a terminal device in response to a request for application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network. A location information transmission method applied to a location information transmission system that transmits location information to be stored, and a history of location information transmitted in response to a request from application software or service software is stored in a predetermined storage device together with request source information The degree of possibility of grasping the user's position behavior information by transmitting the position information this time is regarded as the degree of privacy infringement risk, and sent so far as indicated by the history of position information stored in the storage device Based on the received location information and the location information transmitted this time. The degree of privacy infringement is calculated as a privacy infringement list evaluation value, and the user's privacy infringement is an acceptable degree of privacy infringement risk allowed by the user for the convenience provided by the application software or service software. The position information transmitted this time is corrected based on the risk tolerance.

  The location information transmission program according to the present invention is provided in response to a request for application software that operates on a terminal device or service software that operates on a server device connected to the terminal device via a communication network. Location information transmission processing for transmitting location information indicating a location, location information transmission history storage processing for storing a history of location information transmitted in response to a request from application software or service software in a predetermined storage device together with request source information, Positions sent so far indicated by the history of location information stored in the storage device, regarding the degree of possibility of grasping the user's location behavior information by sending location information this time as the degree of privacy infringement risk Information and the location information sent this time Location information transmission risk calculation processing for calculating the degree of possibility as a privacy infringement list evaluation value, and the privacy infringement risk evaluation value thus calculated and the privacy allowed by the user for the convenience provided by the application software or service software Based on the user's privacy infringement risk tolerance that is an infringement risk tolerance, a position information correction process for correcting the position information to be transmitted this time is executed.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible for a user to use the service using a positional information without inconvenience, protecting a user's privacy.

It is a block diagram which shows the structural example of 1st Embodiment. It is a flowchart which shows the operation example of 1st Embodiment. It is a sequence diagram which shows the operation example of 1st Embodiment. It is explanatory drawing which shows the positional infomation history before and after implementation of positional information correction. It is a block diagram which shows the structural example of 2nd Embodiment. It is a block diagram which shows the structural example of 3rd Embodiment. It is a block diagram which shows the outline | summary of this invention. It is a block diagram which shows the other structural example of the positional infomation transmission system by this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

Embodiment 1. FIG.
First, the outline | summary of the positional infomation transmission system of this embodiment is demonstrated. The location information transmission system of the present embodiment acquires the location information of the terminal device using a GPS device included in the terminal device held by the user in response to a request for an application or service, and transmits the location information to the request source (here, (Including when it is sent to other devices via an application in the device), this time's position information should be transmitted taking into account the information in the position information transmission history database storing the previous position information transmission record Risk calculating means for calculating the privacy risk according to the information, and risk reducing means for correcting the value of the position information to be transmitted based on the calculated privacy risk value in order to reduce the risk to an allowable range or less. .

  When there is a location information acquisition request from an application or service, the risk calculation means confirms the requesting application and service, and acquires the location information history sent to the application or service from the location information transmission history database. Then, the privacy infringement risk value is calculated by transmitting the current position information, including the transmission history. The risk reducing unit corrects the position information based on the calculated privacy infringement risk value so as to reduce it to a user's risk allowable range or less.

  Then, the location information corrected according to the privacy infringement risk is passed to the application or service that requested the location information acquisition.

  Specifically, when the privacy infringement risk is low or the risk tolerance range of the user is wide, the location information is not corrected, and an accurate user location is transmitted to the application or service side. As a result, the user can receive highly accurate and high-quality information from applications and services.

  On the other hand, when the privacy infringement risk is high or the user's risk tolerance is narrow, the position information is corrected, and the position information shifted from the exact location of the user is transmitted to the application or service side. As a result, the user can obtain only low-quality and low-quality information from the application and service, but the privacy of the user is protected.

  FIG. 1 is a block diagram illustrating a configuration example of a position information transmission system according to the present embodiment. The system shown in FIG. 1 includes a terminal device 100 and a server 200. The terminal device 100 and the server 200 are connected via a wireless or wired communication network.

  The terminal device 100 includes a GPS receiver 110, a position information transmission history database (DB) 120, a risk calculation means 130, a risk reduction means 140, a position information acquisition interface (IF) 150, application software 160, a request Original reliability confirmation means 170 and risk allowable value storage means 180 are included. Server 200 also includes service software 210.

  Each of these means generally operates as follows. When the application software 160 or the service software 210 tries to acquire the position information by the GPS receiver 110 via the position information acquisition IF 150, the risk calculation unit 130 stores the request source stored in the position information transmission history database 120. The position information history (transmission history) previously output for the software is acquired. Further, the request source reliability confirmation unit 170 is used to acquire the reliability of the request source software (in this case, the application software 160 or the service software 210). Based on the reliability, the transmission history, and the position information output this time, the privacy infringement risk of the user by transmitting the current position information is calculated.

  Based on the privacy infringement risk value calculated by the risk calculation unit 150 and the user risk tolerance stored in the risk tolerance storage unit 180, the risk reduction unit 140 may be within the user risk tolerance range. In order to reduce the privacy infringement risk, the position information transmitted this time is corrected. The risk tolerance storage unit 180 stores the user's risk tolerance.

  In response to the request, the position information acquisition IF 150 returns (transmits or outputs) the position information corrected for risk reduction to the requesting software. The GPS receiver 110 is a GPS system receiver, and obtains position information (latitude / longitude) indicating the current location of the terminal device 100 from the received information.

  The location information transmission history DB 120 accumulates the location information output so far in response to requests from the application software 160 and the service software 210 together with the output destination (request source) information. For example, the position information transmission history DB 120 is actually notified by the position information acquisition IF 150 at the timing of returning to the request source software (here, the position information after performing correction processing for risk reduction). May be registered.

  The request source reliability confirmation unit 170 acquires the reliability of the request source software.

  The application software 160 is software that operates on the terminal device 100. The service software 210 is software that operates on the server 200. In any case, the service content does not matter. In the present embodiment, it is assumed that the software provides some service to the user using the location information of the terminal device.

  In the present embodiment, the position information transmission history DB 120 and the risk allowable value storage unit 180 are realized by a storage device such as a memory. In addition, the position information acquisition IF 150, the risk calculation unit 130, the risk reduction unit 140, and the request source reliability confirmation unit 170 are realized by an information processing apparatus such as a CPU that operates according to a program.

  Next, the overall operation of the present embodiment will be described in detail with reference to the flowchart of FIG. 2 and the sequence diagram of FIG. FIG. 2 is a flowchart showing an example of the operation of the present embodiment, and FIG. 3 is a sequence diagram showing an example of the operation of the present embodiment.

  First, the application software 160 operating on the terminal device 100 or the service software 210 operating on the server 200 makes an acquisition request for the location information of the terminal device 100 obtained by the GPS receiver 110 via the location information acquisition IF 150. (Step A1 in FIGS. 2 and 3).

  A specific form of the position information acquisition IF 150 may be implemented as an application programming interface (API) that can be called in a function format for application software (for example, application software 160) running on a terminal. It is also possible to implement a function call and a corresponding data return using a communication method such as UDP (User Datagram Protocol) or TCP (Transmission Control Protocol). In this case, the corresponding function can be used not only from the application software that operates on the terminal, but also from the software that operates on another device connected via the communication network (for example, the service software 201 that operates on the server 200). It becomes.

  Specific examples of software that requests location information include a restaurant recommendation application that provides information on restaurants near the acquired location information, and support for moving to the user's destination based on the current location information. Navigation applications that perform the above. In addition, it is used for services that allow users to confirm where the corresponding message originated by adding current location information to messages that are sent and registered to communication services such as blogs, social networking services (SNS), and various message services. There is also software.

  It also collects and analyzes user behavior history by acquiring location information periodically and delivering information related to that area when the user visits a certain area, or by acquiring location information for a long period of time. Some software is used for services used for marketing and product recommendation. As described above, there are two types of services that use position information, such as those based on current position information and those using a history of position information collected continuously and periodically.

  In the next step, the risk calculation means 130 first acquires the current position information from the GPS receiver 110 (step A2 in FIGS. 2 and 3). Next, the risk calculation means 130 determines the reliability of the request source software using the request source reliability confirmation means 170 in order to calculate the privacy infringement risk value (step A3 in FIGS. 2 and 3).

  As the reliability evaluation value, for example, a predetermined-level evaluation value format such as high, medium, or low may be used. As a determination method (evaluation value acquisition method), a determination list prepared in advance in the terminal device 100 or a determination list prepared in advance in an arbitrary server connected to the terminal device 100 may be used. . For example, the determination list may be written in the terminal device 100 by the terminal vendor or the like at the initial shipment stage by the terminal vendor or the like. When prepared on the server, the terminal vendor, carrier, etc. may hold and manage the list, and may be updated as appropriate. In such a case, the request source reliability confirmation unit 170 may access the list held and managed by the corresponding terminal vendor or carrier via the network and read the reliability of the corresponding software. The judgment list includes, for example, the name of the application software and service software or the developer and distributor information described in the digital certificate attached to each name, and the name of each software or developer and distributor. The evaluation value of reliability may be included.

  For example, the risk calculation unit 130 uses the determination list, the name of the software that requested the location information acquisition using the current location information acquisition IF 150, and the developer and distribution source information described in the attached digital certificate. First, the reliability of the request source software is determined.

  Further, the risk calculation means 130 acquires from the position information transmission history database 120 the position information history (transmission history) output so far for the software requesting the current position information (FIGS. 2 and 3). Step A4).

  Then, the risk calculation means 130 calculates the contribution rate to grasping the positional behavior information of the user with respect to transmitting the position information acquired from the GPS receiver 110 this time based on the transmission history of the position information acquired in step A4. Calculate (step A5 in FIGS. 2 and 3).

  The user's positional behavior information is user's behavior information estimated from the history information of the position where the user stayed, and is information such as the user's address, work location, nearest station, frequently visited location, and the like. In particular, among the services that use location information, in the type of service that collects and uses location information continuously and periodically, the user's address, work location, and stop-by location are analyzed by analyzing the collected location information history. It becomes possible to guess the user's behavior information, and the possibility of the privacy infringement of the user occurs. In addition, even for a type of service that searches nearby store information based on the current location information, it is possible to grasp the same user behavior by using it frequently or for a long time, and there is a possibility of privacy infringement. Exists. The privacy infringement risk referred to in the present invention refers to grasping of behavior information of a user by a service provider, which occurs when position information is transmitted for service use.

  In step A5, how much the transmission of the current position information contributes to grasping the user's positional action information, that is, the possibility of grasping the user's positional action by transmitting the current position information. Calculate the degree. In order to be able to guess the positional behavior information such as the user's address, work place, and frequently visited place as described above, it is necessary to transmit the positional information corresponding to the location more than a certain number of times. In other words, when the location information group transmitted for a certain service is concentrated in one or more specific areas, it is possible to estimate that the area is a place where the user frequently performs activities, It will lead to the identification of the place of work, stopover, and stopover. In the calculation of the contribution rate for grasping the positional behavior information in step A5, is the current position information transmitted increasing the number of times position information is transmitted for a specific area (a specific position and a range in the vicinity thereof)? Evaluate whether.

  As an example of a specific calculation method, position information registered in the position information history before and after transmission of the current position information (more specifically, position information transmitted to the request source software of this time) The entropy value and the statistical variance value are calculated and compared for the position indicated by. Here, compared to the entropy and dispersion value before transmission of the current position information, the decrease in entropy and dispersion value after transmission means that the transmission of position information indicating a specific area is concentrated. It means that the contribution rate to behavior information grasping is high, that is, the risk of privacy infringement is increased. Note that the entropy value and the variance value for the position transmitted from the terminal device 110 to the outside so far may be obtained without distinguishing depending on the requesting software, thereby determining the contribution rate to grasping behavior information. .

  As another example, in the transmitted location information history, the number of location information within the fixed distance range of the location information to be transmitted this time is counted, and if the number increases, location information transmission within a specific area is performed. Since the service side knows that there are a large number of cases, and leads to grasping behavior information, a value proportional to the number of cases may be used as the contribution rate to grasping behavior information.

  Based on the reliability of the request source software acquired in step A4 and the contribution rate of the positional information transmitted this time calculated in step A5 to grasping the positional behavior information of the user, the risk calculating unit 130 The privacy infringement risk evaluation value for the current location information transmission is calculated (step A6 in FIGS. 2 and 3).

  For example, risk evaluation value = reliability × contribution rate may be obtained. Here, the reliability value is weighted so that the value is small when the reliability of the software distributor and developer is high, and is large when the reliability is low. On the other hand, the value of the contribution rate increases if there is a high possibility that it will lead to grasping behavior information, and the value decreases if the possibility is low. By multiplying them, it is possible to obtain a privacy infringement risk value as a value that takes into account the influences of both the reliability and the contribution rate to grasping the behavior. In other words, even if the risk of grasping the behavior is high, it is determined that the corresponding information is transmitted to a service with high reliability. On the other hand, even if the risk of grasping the behavior is low, the position information is corrected if the reliability is low. It is possible to make a determination that the data is transmitted.

  The risk calculation means 130 compares the privacy infringement risk value calculated here with the user risk tolerance stored in the risk tolerance storage means 180 (step A7 in FIGS. 2 and 3), and the risk value is If the value is less than the allowable value, the position information acquired from the GPS receiver 110 is not corrected and returned to the requesting software via the position information acquisition IF 150 (step A11 in FIGS. 2 and 3).

  In this case, since the position information is not corrected, accurate position information is transmitted to the application software 160 or the service software 210. Therefore, the services provided by these software can be used without deterioration in accuracy or quality. It becomes possible to receive.

  Here, as a risk tolerance setting and storage method, for example, using the setting UI on the terminal device 100, the user is allowed to select the risk tolerance from high, medium, and low, and the result is the risk tolerance. You may memorize | store in the value storage means 180 previously. For example, the user may be registered using a predetermined setting application before using the service. In addition, for users who actively use various services based on the application operation history on the user's terminal device 100, the frequency of additional installation of application software from the server 200, the frequency of use of server services provided by the server 200, and the like. On the other hand, the risk allowable value may be automatically set high, and the risk allowable value may be automatically set low for users who are reluctant to use the service. In this case, the software on the terminal sets the user's usage history.

  Here, the high risk tolerance means that even if the privacy infringement risk is high, the use of the corresponding service is allowed, and the convenience of the service is given priority over the risk.

  On the other hand, if the risk value exceeds the user's allowable risk value in step A7, the risk reduction unit 140 corrects the position information so that the risk value is less than the allowable risk value (steps of FIGS. 2 and 3). A8).

  As an example of the correction method, the contribution rate of grasping positional behavior information by the calculation method in step A5 is the lowest within a certain radius centered on the accurate position information acquired from the GPS receiver 110. The position may be corrected. By this correction, it is possible to prevent the location information history transmitted to an arbitrary application or service from being concentrated on a specific area (location information). As a result, user behavior information by collecting location information The privacy infringement risk accompanying the grasp can be reduced.

  Here, the distance of a certain radius when correcting the position information may be changed according to the degree of deviation between the risk value and the risk allowable value. In that case, when the degree of deviation is large, the constant radius is also a large distance. However, if the distance of the radius is increased too much, the difference from the current position of the user increases, and it is necessary to set the distance in consideration of that point. As another correction method, the position information may be corrected randomly so as to be included within a certain radius.

  After causing the risk reduction unit 140 to correct the position information, the risk calculation unit 130 again compares the risk value with the risk allowable value (step A9 in FIGS. 2 and 3), and the risk value is less than the risk allowable value. If it is reduced, the corrected position information is returned to the requesting software (step A11 in FIGS. 2 and 3).

  On the other hand, in step A9, if the risk value is not reduced below the allowable risk value even though the position information is corrected, the request source software may be notified that the acquisition process has failed (see FIG. 2 and FIG. 2). Step A10 in FIG. At this time, since the privacy infringement risk is high, the user may be notified using a display such as a dialog window that the position information transmission processing has been blocked.

  FIG. 4 schematically shows a history of location information accumulated in an application or service before and after the introduction of the mechanism of the present embodiment. In FIG. 4A, which is a schematic diagram when the position information control (correction) method according to the present embodiment is not introduced, the position information is repeatedly transmitted to a place where the user stays for a long time or frequently. You can see that the location information is concentrated. In such a case, there is a risk that it may lead to grasping the positional action information of the user.

  On the other hand, in FIG. 4B, which is a schematic diagram when this method is introduced, the position information about the region where the position information is concentrated when transmitted without correction is corrected so that the respective positions vary. By concentrating transmission position information within a narrow range, it is possible to prevent a situation where a long-time or frequent staying place of a user is accurately identified. In addition, regarding the position where the transmission position information is not concentrated, the position information is transmitted without correction, so that the accuracy and quality of the original service can be maintained.

  As described above, according to the present embodiment, it is possible to minimize the degradation of service quality and accuracy associated with prevention of grasping while preventing grasping of user behavior information from position information that leads to privacy infringement. The reason is that the risk calculating means 130 calculates the privacy infringement risk by transmitting the position information every time the position information is transmitted to the application or service, and the risk reducing means 140 is configured to reduce the risk. This is because, by correcting and transmitting the position information, the operation of the position information is changed according to the privacy infringement risk. This reduces the accuracy of location information only when the risk of privacy infringement is high and sends it to applications and services. In other cases, it sends the location information with high accuracy, so that the user receives the application, service quality, A decrease in accuracy can be minimized.

Embodiment 2. FIG.
Next, a second embodiment of the present invention will be described. FIG. 5 is a block diagram illustrating a configuration example of the position information transmission system according to the second embodiment. The system shown in FIG. 5 is different from the first embodiment shown in FIG. 1 in that the terminal device 100 further includes a priority correction position storage unit 190.

  The present embodiment is the same as the first embodiment except for the prior correction position registration processing in the prior correction position storage unit 190 and the calculation process of the contribution rate at the time of position information transmission. Only the processing of a certain part will be described.

  In the priority correction position storage unit 190, a position where position information is corrected preferentially, that is, a position where it is desired to prevent transmission of position information indicating the position from being concentrated is registered in advance as a priority correction position. Multiple registrations are possible, and the user's address, work location, frequently visited location, etc., that can be used to grasp the positional behavior of the user are registered. For example, the user himself / herself may set and register a location that the user does not want to know from the viewpoint of privacy protection that he / she has stopped at that location.

  Further, the calculation method of the contribution rate for the position information transmission in the present embodiment is as follows. When calculating the contribution rate, the risk calculation unit 130 acquires the priority correction position from the priority correction position storage unit 190. Thereafter, the contribution rate to grasping the positional behavior is calculated by the same method as in the first embodiment. Here, when the position information transmitted this time is within a certain range of the priority correction position, the contribution rate value is increased in proportion to the distance between the position information transmitted this time and the priority correction position.

  By performing such processing, the privacy infringement risk value calculated by the risk calculation means 130 increases when position information in the vicinity of the priority correction position is transmitted. Therefore, for example, by registering information on a place that the user does not particularly want to know as a priority correction position, correction of the position information is performed preferentially, and as a result, the privacy of the user is more effective. Can be protected.

Embodiment 3. FIG.
Next, a third embodiment of the present invention will be described. FIG. 6 is a block diagram illustrating a configuration example of the position information transmission system according to the third embodiment. The system shown in FIG. 6 differs from the first embodiment shown in FIG. 1 in that the terminal device 100 further includes a required accuracy notification unit 1100.

  This embodiment is the same as the first embodiment except for the location information acquisition request processing for the location information acquisition IF 150 from the application software 160 or the service software 210 and the location information correction processing for risk reduction. Only the processing of a certain part will be described.

  In this embodiment, the application software 160 or the service software 210 expects the application software 160 or the service software 210 using the request accuracy notification unit 1100 when making a position information acquisition request to the position information acquisition IF 150. Set the accuracy of location information.

  For example, the requesting software may operate to call the required accuracy notification unit 1100 and specify the required accuracy. In such a case, the required accuracy notification unit 110 may be implemented as an API (for example, an accuracy setting function). The request source software may call the accuracy setting function by specifying the accuracy required by the software. Further, for example, the required accuracy can be included in the interface between the request source software and the position information acquisition IF 150. In such a case, the request accuracy notification unit 110 is called through the position information acquisition IF 150.

  As an example of the set value, the accuracy may be specified as high, medium, or low, and the accuracy may be specified as a distance such as 10 km or 5 km. For example, when highly accurate position information is required in a service provided by software, a setting value such as accuracy = high or accuracy = 500 m is set using the required accuracy notification unit 1100. The level of accuracy required by the request source software may be set on the development side. Further, the request accuracy notification means 1100 may use a value registered in advance when the accuracy of the position information is not set from the request source software.

  In the first embodiment, as a correction method of position information performed by the risk reduction unit 140, the contribution rate of grasping positional behavior information is within a certain radius with the accurate position information acquired from the GPS receiver 110 as a central point. Although an example in which the position is corrected to the minimum has been described, the risk reduction unit 140 according to the present embodiment sets the distance of the constant radius to a value corresponding to the accuracy set in the required accuracy notification unit 1100. For example, when the distance is directly specified as the accuracy, it is used. Further, for example, if a value indicating a step height such as high, medium, or low is specified, the radius is set to be larger as the accuracy is lower in proportion to the step.

  As another method, the reliability of the requesting software may be taken into consideration. That is, this radius may be a value that takes into account the influence of both the reliability acquired by the request source reliability confirmation unit 170 and the accuracy set by the request accuracy notification unit 1100. Specifically, if the reliability is higher than a predetermined threshold, the radius determined by the value (accuracy) set in the required accuracy notification unit 1100 is used as it is. On the other hand, if the reliability is low, the radius is set larger than the radius determined by the value (accuracy) set in the required accuracy notification means 1100 according to the low reliability.

  By performing such processing, it is possible to realize position information correction processing that also considers the accuracy of position information requested by the application 160 or the service software 210.

  In each of the above embodiments, the position indicating the location of the terminal device in response to a request for application software that operates on the terminal device or service software that operates on the server device connected to the terminal device via a communication network. Although correction of position information performed when transmitting information has been described as an example, the position information correction processing according to the present invention is not necessarily transmitted in response to a request every time, and is periodically transmitted after installation once. It can also be implemented in some cases.

  The outline of the present invention will be described below. FIG. 7 is an explanatory diagram showing an outline of the present invention. The position information transmission system 500 shown in FIG. 7 includes position information transmission history storage means 501, risk tolerance storage means 502, position information transmission risk calculation means 503, and position information correction means 504.

  The location information transmission history storage unit 501 (for example, the location information transmission history DB 120) responds to a request for application software that operates on a terminal device or service software that operates on a server device connected to the terminal device via a communication network. The history of the position information transmitted in this way is stored together with the request source information.

  The risk tolerance storage means 502 (for example, the risk tolerance value storage means 180) indicates the degree of privacy infringement risk allowed by the user for the convenience provided by the application software or service software that is the request source of the location information. Remember.

  The position information transmission risk calculation means 503 (for example, the risk calculation means 130) regards the degree of possibility of grasping the positional action information of the user by transmitting the current position information as the degree of privacy infringement risk, Based on the position information transmitted so far indicated by the position information history stored in the transmission history storage unit 501 and the position information transmitted this time, the degree of possibility is calculated as an evaluation value of privacy infringement risk. To do.

  The location information correction unit 504 (for example, the risk reduction unit 140) is configured to accept the privacy infringement risk evaluation value calculated by the location information transmission risk calculation unit 503 and the privacy infringement risk tolerance stored in the risk tolerance storage unit 502. The position information transmitted this time is corrected based on the degree.

  In addition, for example, when the calculated privacy infringement risk evaluation value exceeds the user's privacy infringement risk tolerance, the position information correction unit 504 is configured so that the privacy infringement risk falls within the range of the user's privacy infringement risk tolerance or less. The position information transmitted this time may be corrected to a position different from the original location. This is because it is determined that the concentrated transmission of position information about a specific region leads to grasping the user's positional behavior and increases the privacy risk.

  Further, the position information transmission risk calculation means 503 transmits the position information transmitted so far to the request source software of the current position information indicated by the position information history stored in the position information transmission history storage means, and this time transmission. A value proportional to the degree of concentration of transmission of position information for a specific area indicated by the positional variation of position information obtained by statistical processing using position information may be calculated as a risk evaluation value.

  FIG. 8 is a block diagram showing another configuration example of the position information transmission system. As shown in FIG. 8, the position information transmission system 500 according to the present invention may further include a request source reliability acquisition unit 505, a priority correction position storage unit 506, and a request accuracy notification unit 507.

  The request source reliability acquisition unit 505 (for example, the request source reliability confirmation unit 170) acquires the reliability of the application software or service software that is the request source of the location information. The request source reliability acquisition unit 505 acquires the reliability of the request source software by accessing, for example, a list or database stored in the terminal device or the server device.

  In such a configuration, the position information transmission risk calculation unit 503 calculates the privacy infringement risk evaluation value if the reliability is high based on the reliability of the request source application software or service software. Weighting may be performed so that the evaluation value of the privacy infringement risk decreases and the evaluation value of the privacy infringement risk increases if the reliability is low.

  The priority correction position storage unit 506 (for example, the priority correction position storage unit 190) stores in advance, as a priority correction position, a position group for which position information is to be corrected with priority. In such a configuration, the position information transmission risk calculation unit 503 determines that the position indicated by the position information to be transmitted this time is within a certain range of the priority correction position stored in the priority correction position storage unit 506. The privacy infringement risk evaluation value may be increased in proportion to the distance between the position indicated by the position information transmitted this time and the priority correction position. By operating in this way, when the position information in the vicinity of the priority correction position is transmitted, the position information correction unit 504 corrects the position information with priority.

  Request accuracy notification means 507 (for example, request accuracy notification means 1100) notifies accuracy information, which is information related to the accuracy of position information required in a service provided by application software or service software that is a request source of position information. For example, notification may be made when requesting software requests location information. In addition, an interface for receiving accuracy information may be prepared on the terminal device side, and the position information correction unit 504 may be notified of what is acquired via such an interface.

  In the case of such a configuration, the position information correction unit 504 limits the correction region within a range corresponding to the accuracy indicated by the accuracy information notified by the required accuracy notification unit 507 when correcting the position information. Thus, the position information may be corrected. By operating in this way, the position information correction process for reducing the privacy infringement risk is performed in consideration of the accuracy of the position information required by the application software or service software.

  The present invention is not limited to a service system, and can be suitably applied to any system provided with an apparatus that performs some processing by utilizing location information of a terminal.

DESCRIPTION OF SYMBOLS 100 Terminal device 110 GPS receiver 120 Location information transmission history database 130 Risk calculation means 140 Risk reduction means 150 Location information acquisition interface 160 Application software 170 Request source reliability confirmation means 180 Risk tolerance value storage means 190 Priority correction position storage means 1100 Request Accuracy notification means 200 Server 210 Service software 500 Position information transmission system 501 Position information transmission history storage means 502 Risk tolerance storage means 503 Position information transmission risk calculation means 504 Position information correction means 505 Requester reliability acquisition means 506 Priority correction position storage Means 507 Request accuracy notification means

Claims (9)

Location information that transmits location information indicating the location of the terminal device in response to a request from application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network A transmission system,
Location information transmission history storage means for storing a history of location information transmitted in response to a request from the application software or service software, together with request source information;
Risk tolerance storage means for storing a privacy infringement risk tolerance allowed by a user for convenience provided by the application software or service software;
The degree of possibility of grasping the user's position behavior information by transmitting the position information this time is regarded as the degree of privacy infringement risk, and this is indicated by the position information history stored in the position information transmission history storage means. Position information transmission risk calculating means for calculating the degree of possibility as an evaluation value of privacy infringement risk based on the position information transmitted until and the position information transmitted this time;
A position for correcting the position information to be transmitted this time based on the privacy infringement risk evaluation value calculated by the position information transmission risk calculating means and the user's privacy infringement risk tolerance stored in the risk tolerance storage means A position information transmission system comprising an information correction means. When the calculated privacy infringement risk evaluation value exceeds the user's privacy infringement risk tolerance, the position information correction means transmits the position to be transmitted this time so that the privacy infringement risk is within the range of the user's privacy infringement risk tolerance. The position information transmission system according to claim 1, wherein the information is corrected to a position different from the original location. The position information transmission risk calculation means includes the position information transmitted so far to the request source software of the current position information indicated by the position information history stored in the position information transmission history storage means, the position information to be transmitted this time, The position according to claim 1 or 2, wherein a value that is proportional to the degree of concentration of transmission of position information for a specific region indicated by the positional variation of position information obtained by statistical processing using is calculated as a risk evaluation value. Information transmission system. A request source reliability acquisition means for acquiring the reliability of application software or service software that is a request source of location information;
When calculating the privacy infringement risk evaluation value, the location information transmission risk calculation means decreases the privacy infringement risk evaluation value if the reliability is high, based on the reliability of the request source application software or service software. The position information transmission system according to any one of claims 1 to 3, wherein weighting is performed so that an evaluation value of a privacy infringement risk increases if the reliability is low. Preliminary correction position storage means for storing a position group where position information is to be corrected in advance as a priority correction position,
When the position indicated by the position information transmitted this time is within a certain range of the priority correction position stored in the priority correction position storage means, the position information transmission risk calculation means The position information transmission system according to any one of claims 1 to 4, wherein the evaluation value of the privacy infringement risk is increased in proportion to the distance between the priority correction positions. A request accuracy notification means for notifying accuracy information, which is information relating to accuracy of location information required in a service provided by application software or service software that is a request source of location information;
The position information correction unit corrects the position information by correcting a correction area within a range corresponding to the accuracy indicated by the accuracy information notified by the required accuracy notification unit when correcting the position information. The position information transmission system according to claim 1. A location that transmits location information indicating the location of the terminal device in response to a request from application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network Information transmission means;
Location information transmission history storage means for storing a history of location information transmitted in response to a request from the application software or service software, together with request source information;
Risk tolerance storage means for storing a privacy infringement risk tolerance allowed by a user for convenience provided by the application software or service software;
The degree of possibility of grasping the user's position behavior information by transmitting the position information this time is regarded as the degree of privacy infringement risk, and this is indicated by the position information history stored in the position information transmission history storage means. Position information transmission risk calculating means for calculating the degree of possibility as an evaluation value of privacy infringement risk based on the position information transmitted until and the position information transmitted this time;
A position for correcting the position information to be transmitted this time based on the privacy infringement risk evaluation value calculated by the position information transmission risk calculating means and the user's privacy infringement risk tolerance stored in the risk tolerance storage means Terminal equipment characterized by comprising information correction means. Location information that transmits location information indicating the location of the terminal device in response to a request from application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network A position information transmission method applied to a transmission system,
A history of location information transmitted in response to a request from the application software or service software is stored in a predetermined storage device together with request source information,
The degree of possibility of grasping the user's position behavior information by transmitting the position information this time is regarded as the degree of privacy infringement risk, and sent so far as indicated by the history of position information stored in the storage device Based on the location information and the location information to be transmitted this time, the degree of possibility is calculated as a privacy infringement list evaluation value,
Based on the calculated privacy infringement risk evaluation value and the user's privacy infringement risk tolerance, which is an acceptable degree of privacy infringement risk allowed by the user for the convenience provided by the application software or service software, A position information transmission method comprising correcting position information to be transmitted. On the computer,
Location information transmission for transmitting location information indicating the location of the terminal device in response to a request from application software that operates on the terminal device or service software that operates on a server device connected to the terminal device via a communication network processing,
Location information transmission history storage processing for storing a history of location information transmitted in response to a request from the application software or service software in a predetermined storage device together with request source information;
The degree of possibility of grasping the user's position behavior information by transmitting the position information this time is regarded as the degree of privacy infringement risk, and sent so far as indicated by the history of position information stored in the storage device Position information transmission risk calculation processing for calculating the degree of possibility as a privacy infringement list evaluation value based on the position information and the position information transmitted this time, the calculated privacy infringement risk evaluation value, and the application software Or, based on the user's privacy infringement risk tolerance, which is the degree of privacy infringement risk allowed by the user for the convenience provided by the service software, the position information correction processing for correcting the position information to be transmitted this time is executed. Location information transmission program.

Images