JP2014063069A - Analysis method, analyzer, and analysis program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform analysis processing simply without using a cipher key when performing analysis processing with respect to encrypted data.SOLUTION: According to the analysis method, a computer acquires a plurality of pieces of encrypted data generated by arithmetic operation of random numbers and a plurality of pieces of original data, acquires an average value of the random numbers based on a parameter for random number generation set for a device that generates the plurality of pieces of encrypted data, and performs processing to calculate statistics with respect to the plurality of pieces of original data by using data after inverse operation of the average value in the arithmetic operation with respect to the plurality of pieces of encrypted data.

Description

  The technique disclosed in this specification relates to a technique for analyzing encrypted information.

  For the purpose of concealing communication contents with a third party, it is widely performed to exchange encrypted data. If the device that received the encrypted data is a legitimate device, the encrypted data is decrypted as necessary. The apparatus can execute various processes on the decoded data. For example, the apparatus decrypts the encrypted data and performs analysis processing such as statistical processing using plaintext data.

  On the other hand, when entrusting the analysis process to an external supplier, the encrypted data must be decrypted for the analysis process, so the plaintext data is acquired by the external supplier. In such a case, the security for the data is lowered.

  Thus, for example, there is a technique for performing statistical processing using the property of homomorphic encryption (Non-Patent Document 1). Specifically, the cloud receives purchase history data encrypted by the homomorphic encryption method from each of the A company and the B company. Then, the cloud generates encrypted tabulated data by processing the encrypted purchase history data as it is. Here, since the cloud does not have a secret key, the purchase history data and the encrypted total data cannot be decrypted.

  Next, the cloud transmits the encrypted aggregate data to the analyst. The analyst has a secret key and can use it to decrypt the encrypted total data and calculate the similarity from the encrypted total data.

Masaya Yasuda et al., Cloud Concealment of Purchasing History Data of Multiple Companies, Encryption and Information Security Symposium (SCIS 2012), January 2012

  Here, the homomorphic encryption has a problem that the processing load is high. Further, in the technique disclosed in Non-Patent Document 1, since the analyst is external to the A company and the B company, security concerns remain in that the secret key must be provided to the analyst.

  Therefore, an object of the present invention is to easily perform analysis processing on encrypted data without using an encryption key.

  In one aspect of the present invention, in the analysis method according to the present embodiment, a computer acquires a plurality of encrypted data generated by an arithmetic operation of a random number and a plurality of original data, and the plurality of encrypted data are obtained. An average value of random numbers based on a parameter for random number generation set in a generating device is acquired, and the plurality of encrypted data is obtained by using the data obtained by performing an inverse operation of the arithmetic operation on the average value. A process of calculating a statistic for the original data is performed.

  In one aspect of the present invention, it is possible to easily perform analysis processing on encrypted data without using an encryption key.

FIG. 1 is a diagram for explaining the flow of analysis of encrypted data according to the embodiment. FIG. 2 is a functional block diagram of the collection device 50. FIG. 3 is a diagram illustrating a data configuration example of the parameter information storage unit 55. FIG. 4 is a diagram illustrating a data configuration example of the encrypted data storage unit 56. FIG. 5 is a diagram illustrating a data configuration example of the key information storage unit 57. FIG. 6 is a functional block diagram of the sensor node. 7A and 7B are diagrams showing examples of the data configuration of the setting information storage unit 26. FIG. FIG. 8 is a functional block diagram of the terminal device 30. FIG. 9 is a functional block diagram of the analysis apparatus 10. FIG. 10 is a diagram illustrating a data configuration example of the parameter information storage unit 15 of the analysis apparatus 10. FIGS. 11A and 11B are diagrams illustrating an example of the data configuration of the analysis data storage unit 16. FIG. 12 is a flowchart of processing related to parameter setting. FIG. 13 is a flowchart of encryption processing in the sensor node 20 or the terminal device 30. FIG. 14 is a flowchart of the analysis process. FIG. 15 is a diagram for explaining the flow of analysis of encrypted data according to another embodiment. FIG. 16 is a diagram illustrating an example of the hardware configuration of the analysis apparatuses 10 and 100.

  Exemplary embodiments of an analysis method, an analysis apparatus, and an analysis program according to the present invention will be described below in detail with reference to the accompanying drawings.

  FIG. 1 is a diagram for explaining the flow of analysis of encrypted data according to the present embodiment. FIG. 1 shows a collection system that collects and manages data, and an analysis device that analyzes data collected by the collection system. The collection system includes a plurality of sensor nodes 20-1 to 20-4, terminal devices 30-1 and 30-2, a gateway device 40, and a collection device 50. The number of sensor nodes, terminal devices, gateway devices, etc. is not limited to the number shown in FIG. Further, both the sensor node and the terminal device may not be included.

    The sensor nodes 20-1 to 20-4 are devices that perform cryptographic processing. The sensor nodes 20-1 to 20-4 are devices that have a wireless communication function and detect predetermined data. The sensor nodes 20-1 to 20-4 may have a wired communication function. The sensor nodes 20-1 to 20-4 are hereinafter referred to as sensor nodes 20. The sensor node 20 may be a computer such as a portable terminal.

  In the present embodiment, the sensor node 20 encrypts the detection value detected by the sensor. Then, the sensor node 20 generates encrypted data by performing an arithmetic operation on the detected value using the random number generated by the random number generator. For example, the sensor node 20 arithmetically adds a random number to the detection value. The random number generator generates a random number according to a preset random number parameter. The random number parameter will be described later.

  Then, the sensor node 20 transmits a data packet including encrypted data, device ID, totaling information, and data type ID to the gateway device 40. The data packet further includes an initial vector used at the time of generating a random number so that the collecting device 50 can decrypt the encrypted data.

  The device ID is information for identifying each sensor node 20. The aggregation information is information for identifying a target related to the encrypted data. The aggregation information may be simply referred to as an identifier. For example, the totaling information is position information of a place where the detection value is detected. Further, the totaling information may include time information when the detection value is detected.

  The data type ID is information for identifying the type of original data to be encrypted. Encrypted data having a common data type ID is regarded as encrypted data of the same data series. A plurality of encrypted data corresponding to a common data type ID constitutes one encrypted data group.

  The sensor node 20 may transmit a data packet to the gateway device 40 via the ad hoc network 60 as shown in FIG. In other words, the sensor nodes 20-1 to 20-4 perform the multi-hop communication of the data packet according to the transfer path, so that the data packet is delivered to the gateway device 40.

  The terminal devices 30-1 and 30-2 are devices that perform cryptographic processing. The terminal devices 30-1 and 30-2 are computers having a communication function. The terminal devices 30-1 and 30-2 are hereinafter referred to as a terminal device 30. For example, the terminal device 30 temporarily manages data to be collected in the collection system. For example, the data to be collected is data input by the user or data obtained by performing some processing on the data input by the user.

  Similarly to the sensor node 20, the terminal device 30 encrypts data to be collected to generate encrypted data. Then, the terminal device 30 transmits provided data including encrypted data, device ID, totaling information, and data type ID to the gateway device 40.

  The gateway device 40 is connected to the analysis device 10 and the terminal device 30 via a normal network 61 such as the Internet, LAN, or WAN. When the sensor node 20 performs ad hoc communication, the gateway device 40 performs protocol conversion of information between the ad hoc network 60 and the normal network 61. Then, data such as encrypted data received from the sensor node 20 or the terminal device 30 is transmitted to the collection device 50. Further, the gateway device 40 duplicates data such as encrypted data received from the sensor node 20 or the terminal device 30 and transmits it to the analysis device 10.

  The collection device 50 is a computer that collects and manages encrypted data. The collection device 50 owns information on encryption keys used in the encryption processing in the sensor node 20 and the terminal device 30. Therefore, the collection device 50 can decrypt the encrypted data as necessary.

  Next, the analysis device 10 is a computer that performs analysis processing. Here, in the present embodiment, as an analysis process, the analysis device 10 calculates various statistics. The analysis device 10 does not have a key for decrypting the encrypted data. Therefore, the analysis device 10 does not decrypt the encrypted data.

  The analysis device 10 receives from the gateway device 40 data associated with encrypted data, device ID, totaling information, and data type ID. The analysis device 10 uses the random number generation parameters set in each sensor node 20 and each terminal device 30 to calculate a statistic relating to the encrypted data. The parameter information for random number generation set in each sensor node 20 and each terminal device 30 is acquired from the collection device 50 prior to the statistical processing. Although details will be described later, the parameter information is information for controlling the distribution of the generated random numbers, and is distributed to each sensor node 20 and each terminal device 30 under the control of the collection device 50. .

  The analysis device 10 performs various statistic computations that exclude the effect of random numbers, using a random number average calculated from random number generation parameters. Here, excluding the effect of random numbers means that, for example, when encrypted data is generated by arithmetic addition of random numbers, the average value of random numbers is subtracted from the encrypted data.

  The various statistics calculated by the analysis device 10 are, for example, the total value, average value, variance, and standard deviation of the original data of the encrypted data related to a certain series.

  Also, the analysis device 10 associates a plurality of series of encrypted data with each other using the totaling information. When the summation information received from a certain sensor node 20 and the summation information received from a certain terminal device 30 are the same or related, the encrypted data received from the node 20 and the encryption received from the terminal device 30 Associate data. For example, a plurality of series of encrypted data related to the same position information is associated and managed. In this case, the analysis device 10 calculates the covariance and correlation coefficient of the original data by processing the encrypted data regarding the two associated sequences.

  The analysis device 10 transmits the calculated statistic as an analysis result to a predetermined destination such as the collection device 50 or the terminal device 30.

  As described above, the analysis device 10 can perform an analysis process without decrypting the encrypted data and easily calculate various statistics. The collection system can obtain approximate statistics without providing information regarding the encryption key to the outside of the collection system. Here, the statistic calculated by the analysis apparatus 10 is an approximate value. However, in order to grasp the overall trend, even an approximate statistic is useful for the user on the collection system side.

  Next, the functional configuration of the collection device 50 will be described. FIG. 2 is a functional block diagram of the collection device 50. The collection device 50 includes a communication unit 51, a control unit 52, a parameter information storage unit 55, an encrypted data storage unit 56, and a key information storage unit 57.

  The communication unit 51 is a processing unit that communicates with other devices. For example, the communication unit 51 transmits a random number generation parameter to the analysis device 10. The analysis result is received from the analysis device 10.

  The control unit 52 is a processing unit that controls various processes in the collection device 50. The control unit 52 according to the present embodiment includes, for example, a generation unit 53 and a management unit 54. The generation unit 53 is a processing unit that generates a parameter for generating random numbers. The management unit 54 is a processing unit that stores data in various storage units. For example, parameter information related to parameters for random number generation is stored in the parameter information storage unit 55. Further, the encrypted data is stored in the encrypted data storage unit 56.

  The parameter information storage unit 55 is a storage unit that stores parameter information for generating random numbers. FIG. 3 is a diagram illustrating a data configuration example of the parameter information storage unit 55. The parameter information storage unit 55 stores the parameter ID, the center value, the lower limit value, the upper limit value, the distribution type, the random number average value, the average value of the square of the random number, the device ID, and the data type ID in association with each other. The center value, the lower limit value, the upper limit value, and the distribution type control the distribution of random numbers generated by each sensor node 20 or the like.

  Here, the upper limit value and the lower limit value are set in the parameter information in a range including at least the range of the predicted value of the original data. That is, the range of random numbers defined by the lower limit value and the upper limit value includes the range of predicted values of the original data. This is to prevent the concealment of the original data from becoming insufficient when the influence of the random number is small with respect to the original data. For example, when the value of the original data is predicted to be 50 to 100, for example, the lower limit value −127 to the upper limit value +127 are set.

  It is desirable that the range of random numbers is not too large with respect to the range of predicted values of the original data. In the analysis process described later, the analysis apparatus 10 calculates a statistic by eliminating the influence of random numbers on the encrypted data. Here, a statistical quantity with higher accuracy can be obtained by statistically processing more encrypted data according to the law of large numbers. Accordingly, the accuracy of the obtained statistic is calculated from the set parameter information of the random number and the number of obtained encrypted data.

  On the other hand, if the range of random numbers is too large relative to the range of predicted values of the original data, more encrypted data is required to calculate a statistic that can be expected to have a certain accuracy. Therefore, it is possible to determine the range of random numbers for the range of predicted values of the original data according to the size of the collection system, that is, the number of encrypted data that can be collected.

  The parameter ID is information uniquely given for each random number distribution. The center value is a value that is the center of the distribution of random numbers. Note that the approximate center value may be stored. The lower limit value is a value that becomes the lower limit of the distribution of random numbers. The upper limit value is a value that is the upper limit of the distribution of random numbers.

  The distribution type is information for identifying the shape of the random number distribution. For example, information such as a uniform distribution and a normal distribution is stored. The random number average value is an average value of random numbers generated by a plurality of random number generations. The random number average value is determined according to the center value, the lower limit value, the upper limit value, and the distribution type. The average value of the square value of the random number is an average value of the square value of the random number generated by a plurality of random number generations. The average value of the square value of the random number is determined according to the center value, the lower limit value, the upper limit value, and the distribution type.

  The device ID stores the device ID of the device in which the parameter corresponding to the parameter ID is set. For example, in the example of FIG. 3, it is indicated that the parameter with the parameter ID “1” is set to the sensor node “N20”, “N21”, or the like. Note that the parameters to be set for each device are specified by the administrator of the collection system.

  The data type ID stores the data type ID of the data type to which the random number generation parameter corresponding to the parameter ID is applied. In the present embodiment, when data of a certain data type is encrypted, a random number generated based on the same parameter is applied. The administrator of the collection system specifies parameters to be applied to a certain data series. That is, the administrator of the collection system specifies sensor nodes and terminal devices that detect or acquire data of the same data type, and distributes the same parameters to the specified sensor nodes and terminal devices.

  Next, the encrypted data storage unit 56 is a storage unit that stores encrypted data together with various types of information. FIG. 4 is a diagram illustrating a data configuration example of the encrypted data storage unit 56. The encrypted data storage unit 56 stores totaling information, device ID, encrypted data, and initial vector for each data type ID. For example, FIG. 4 shows an example of the data type ID “X1”.

  When the collection device 50 receives the aggregation information “0001”, the device ID “N20”, the encrypted data “m0001”, the initial vector “V1”, and the data type ID “X1” from the gateway device 40, the management unit 54 The totaling information “0001”, the device ID “N20”, the encrypted data “m0001”, and the initial vector “V1” are stored in association with the data type ID “X1”.

  The key information storage unit 57 is a storage unit that stores key information. The key information is key information used in encryption processing in the sensor node 20 or the terminal device 30. It is shared between the collection device 50 and the sensor node 20 or the terminal device 30 in advance.

  FIG. 5 is a diagram illustrating a data configuration example of the key information storage unit 57. The key information storage unit 57 stores the device ID and the key information in association with each other. For example, the sensor node 20 having the device ID “N20” indicates that the key information KEY_N20 is shared.

  When the collection device 50 decrypts the encrypted data, the control unit 52 acquires a device ID corresponding to the encrypted data to be decrypted from the encrypted data storage unit 56. Then, the control unit 52 acquires key information corresponding to the acquired device ID from the key information storage unit 57. The control unit 52 can decrypt the encrypted data using the key information and the initial vector. In this embodiment, the analysis process is performed by the analysis apparatus 10, and therefore the collection apparatus 50 performs a decryption process as necessary.

  Next, the functional configuration of the sensor node 20 will be described. FIG. 6 is a functional block diagram of the sensor node. The sensor node 20 includes a communication unit 21, a control unit 22, and a setting information storage unit 26.

  The communication unit 21 is a processing unit that communicates with other devices. For example, the data packet is transmitted to the gateway device 40.

  The control unit 22 is a processing unit that controls various processes in the sensor node 20. In the present embodiment, the control unit 22 includes an acquisition unit 23, an encryption processing unit 24, and a packet generation unit 25. The acquisition unit 23 is a processing unit that acquires a detection value. For example, the acquisition unit 23 acquires a detection value from the sensor. The acquired detection value may be temporarily stored in a storage unit (not shown). The communication unit 21 may transmit a data packet every time the acquisition unit 22 acquires an acquired value, or may transmit a plurality of data packets when a certain number of acquired values are detected. .

  The encryption processing unit 24 encrypts the detection value and generates encrypted data. For example, a parameter-set random number generator generates a random number based on an initial vector and key information. Here, the parameters are set based on distribution parameter information described later. Therefore, random numbers having a certain distribution controlled by the collecting device 50 are generated.

  The encryption processing unit 24 generates encrypted data by adding a random number to the detection value. In the present embodiment, the function of the random number generator is assumed to be performed by the cryptographic processing unit.

  The packet generator 25 generates a data packet. Specifically, the packet generation unit 25 adds a device ID, totaling information, and a data type ID to the encrypted data. In addition, header information including destination information and the like is generated. The communication unit 21 transmits a data packet based on the header information.

  The setting information storage unit 26 stores setting information. The setting information includes key information distributed to the sensor node and distribution parameter information distributed for setting the random number generator. The distribution parameter information is information including at least a part of the parameter information described above. In this embodiment, it is assumed that at least the center value, the lower limit value, the upper limit value, and the distribution type among the parameter information are distributed to each sensor node as distribution parameter information.

  7A and 7B are diagrams showing examples of the data configuration of the setting information storage unit 26. FIG. FIG. 7A shows key information in the setting information. The key information related to the encryption key distributed to the own apparatus is stored. The example of FIG. 7A shows an example of key information stored in the sensor node “N20”.

  FIG. 7B shows distribution parameter information. As in the example illustrated in FIG. 7B, the center value, the lower limit value, the upper limit value, and the distribution type are stored in the setting information storage unit 26. In the example of FIG. 7B, the center value “A1”, the lower limit value “B1”, the upper limit value “C1”, and the distribution type “uniform distribution” are set to the sensor node “N20” as parameters of the random number generator. Show.

  Next, the functional configuration of the terminal device 30 will be described. FIG. 8 is a functional block diagram of the terminal device 30. The terminal device 30 includes a communication unit 31, a control unit 32, and a setting information storage unit 36.

  The communication unit 31 is a processing unit that communicates with other devices. For example, the provided data is transmitted to the gateway device 40.

  The control unit 32 is a processing unit that controls various processes in the terminal device 30. The control unit 32 includes an acquisition unit 33, an encryption processing unit 34, and a provided data generation unit 35. The acquisition unit 33 is a processing unit that acquires data to be collected. For example, the acquisition unit 33 acquires data to be collected by user input. The acquired data may be stored in a storage unit (not shown). Further, every time data is acquired, provided data to be described later may be transmitted, or when a certain number of data is acquired, it may be transmitted collectively.

  The encryption processing unit 34 encrypts data to be collected and generates encrypted data. For example, a parameter-set random number generator generates a random number based on an initial vector and key information. Here, the parameters are set based on distribution parameter information described later. Therefore, random numbers having a certain distribution controlled by the collecting device 50 are generated.

  The encryption processing unit 34 generates encrypted data by adding a random number to the detection value. In the present embodiment, the function of the random number generator is assumed to be performed by the cryptographic processing unit.

  The provided data generation unit 35 generates provided data. Specifically, the provided data generation unit 35 adds a device ID, totaling information, and a data type ID to the encrypted data. In addition, header information including destination information and the like is generated. Note that the communication unit 31 transmits the provision data based on the header information.

  The setting information storage unit 36 stores setting information. Note that. The setting information stored in the terminal device 30 is the same as the setting information stored in the sensor node shown in FIG.

  Next, a functional configuration of the analysis apparatus 10 will be described. FIG. 9 is a functional block diagram of the analysis apparatus 10. The analysis device 10 includes a communication unit 11, a control unit 12, a parameter information storage unit 15, and an analysis data storage unit 16.

  The communication unit 11 is a processing unit that communicates with other devices. For example, the gateway device 40 receives encrypted data, device ID, totaling information, and data corresponding to the data type ID. Further, the communication unit 11 transmits the analysis result to a predetermined destination such as the collection device 50.

  The control unit 12 is a processing unit that controls various processes in the analysis apparatus 10. The control unit 12 includes a management unit 13 and an analysis unit 14.

  The management unit 13 is a processing unit that stores data in various storage units. For example, the parameter information is stored in the parameter information storage unit 15. Further, the analysis data including the encrypted data is stored in the analysis data storage unit 16. Note that the analysis data is information in which the encrypted data, the device ID of the device that generated the encrypted data, and the aggregation information are associated with each other for each data type.

  The analysis unit 14 calculates various statistics based on the analysis data and the parameter information. For example, various statistics are calculated by inversely calculating the average value of random numbers from the encrypted data. The inverse operation here is an inverse operation with respect to the operation at the time of generating encrypted data. For example, when cryptographic processing is performed by arithmetic addition of random numbers to the original data, the average value of random numbers is subtracted from the encrypted data.

  For example, the analysis unit 14 calculates the total value, average value, variance, and standard deviation of the original data for a certain series of encrypted data. Hereinafter, the analysis part 14 demonstrates the calculation method of the various statistics calculated.

The analysis unit 14 calculates an approximate value of the total value S (m) of the original data based on the following equation (1). L is the total number of encrypted data. M _k is encrypted data. E (r) is an average value of random numbers.

  The analysis unit 14 calculates an approximate value of the average value E (m) of the original data based on the following equation (2).

The analysis unit 14 calculates an approximate value of the variance V (m) of the original data based on the following equation (3). Note that E (r ² ) is an average value of the squares of random numbers.

  The analysis unit 14 calculates an approximate value of the standard deviation σ (m) of the original data based on the following equation (4).

  The analysis unit 14 also associates the first series of encrypted data groups with the second series of encrypted data groups based on the aggregation information. Then, the analysis unit 14 calculates a covariance and a correlation coefficient between the two series of data groups corresponding to each other based on the parameter information.

The analysis unit 14 calculates an approximate value of the covariance C (m, n) between the two series data based on the following equation (5). M _k is the first series of encrypted data. E (r) is an average value of random numbers used for encryption of the first series of data. N _k is the second series of encrypted data. E (s) is an average value of random numbers used for encryption of the second series of data. In addition, the approximate value of the average value E (m) of the first series of data and the approximate value of the average value E (n) of the second series of data are obtained by Equation 2.

  The analysis unit 14 calculates an approximate value of the correlation coefficient c (m, n) between the two series data based on the following equation (6).

  The analysis unit 14 calculates an approximate value of the inner product I (mn) between the two series data based on the following equation (7).

  In the present embodiment, under the control of the collection device 50, the same parameter is set for each sensor node 20 or each terminal device 30 that encrypts data belonging to the same series. Therefore, in the above equation, parameter information applied to the sequence to be analyzed is used.

  As described above, the analysis unit 14 calculates a statistic based on various expressions. The analysis unit 14 may calculate a statistic specified from the collection system side, or may calculate all the above-mentioned statistics.

  Here, a large number of laws can be used when statistically analyzing a large amount of data of a certain series. Therefore, by using an average value of random numbers or an average value of squares of random numbers, a statistic can be calculated without decrypting encrypted data. Note that, according to the law of large numbers, as the number of data in a certain series increases, a statistic closer to the true value can be calculated.

  Further, in the above-described prior art, since the types of operations that can be cryptographically operated while maintaining the homomorphism are limited, for example, it is not possible to analyze a correlation coefficient involving square root calculation. However, according to the present embodiment, various statistics such as a correlation coefficient can be calculated while the encrypted data is kept secret.

  Next, the parameter information storage unit 15 is a storage unit that stores parameter information. FIG. 10 is a diagram illustrating a data configuration example of the parameter information storage unit 15 of the analysis apparatus 10.

  The parameter information storage unit 15 stores the parameter ID, the center value, the lower limit value, the upper limit value, the distribution type, the random number average value, the average value of the square of the random number, the device ID, and the data type ID in association with each other. The parameter information storage unit 15 in the analysis device 10 has the same configuration as the parameter information storage unit 55 of the collection device 50. In this embodiment, parameter information is provided from the collection device 50 to the analysis device 10.

  The analysis data storage unit 16 is a storage unit that stores analysis data. FIGS. 11A and 11B are diagrams illustrating an example of the data configuration of the analysis data storage unit 16.

  The analysis data storage unit 16 stores the aggregation information, the device ID, and the encrypted data in association with each other for each data type. For example, FIG. 11A shows analysis data relating to the data type ID “X1”. For example, FIG. 11B shows analysis data relating to the data type ID “X3”.

  Here, when calculating the statistic between the two series data, the analysis unit 14 associates the two analysis data based on the totaling information. That is, since the aggregation information is information for identifying a target related to the original data of each encrypted data, the analysis unit 14 associates the encrypted data related to the similar target using the totaling information. Can do.

  For example, when the analysis unit 14 calculates the correlation coefficient between the data series “X1” and the data series “X3”, the encrypted data of the data series “X1” corresponding to the same tabulation information and the data series The encrypted data “X2” is linked. For example, when the totaling information is position information, a plurality of encrypted data related to the same position information can be linked.

  In the examples of FIGS. 11A and 11B, it has been described that the analysis data is managed by a different table for each data type. However, the analysis data storage unit 16 aggregates encrypted data of a plurality of data types. Based on the business information, the information may be stored in association with each other.

  Next, processing of each apparatus according to the present embodiment will be described. FIG. 12 is a flowchart of processing related to parameter setting.

  The collection base generation unit 53 generates parameter information (Op. 1). Specifically, when a center value, a lower limit value, an upper limit value, and a distribution type are received from the administrator, a new parameter ID is assigned. Furthermore, the generation unit 53 generates a random number average value and an average value of the square of the random number based on the average value, the lower limit value, the upper limit value, and the distribution type. Also, the random number average value and the average value of the square of the random number may be input by the administrator.

  Furthermore, the generation unit 53 accepts designation of a device ID that is a target for setting the parameter information. Furthermore, designation of a data type ID of a data series to which a random number based on the parameter information is applied is also accepted. The generation unit 53 generates parameter information in association with the parameter ID, the center value, the lower limit value, the upper limit value, the distribution type, the random number average value, the average value of the square of the random number, the device ID, and the data type ID.

  The management unit 54 stores the parameter information in the parameter information storage unit 55 (Op.2). When the already registered parameter information is applied to a new device, the device ID of the new device may be additionally updated to the device ID of the parameter information.

  The communication unit 51 transmits distribution parameter information, which is part of the parameter information, to each sensor node and terminal device under the control of the control unit 52 (Op. 3). Specifically, the communication unit 51 transmits the center value, the lower limit value, the upper limit value, and the distribution type to the device ID defined in the parameter information. Note that the communication unit 51 also transmits parameter information to the analysis device under the control of the control unit 52.

  The communication unit 21 of the sensor node 20 or the communication unit 31 of the terminal device 30 receives the distribution parameter information (Op. 4). Hereinafter, the processing of the sensor node 20 will be described. The control unit 22 sets the parameters of the random number generator based on the received distribution parameter information (Op. 5). Further, the distribution parameter information is stored in the setting information storage unit 26. The communication unit 21 transmits a setting completion notification to the collection device 50 under the control of the control unit 22 (Op.6). The setting completion notification is information notifying that the setting has been completed, and is information including the device ID of the sensor node 20.

  The communication unit 51 of the collection device 50 receives the setting completion notification (Op. 7). If a setting completion notification is not received after a certain time has elapsed, processing such as retransmission of distribution parameters may be performed.

  Through the above processing, the random number generation parameters are distributed to each sensor node 20 and the terminal device 30, and the parameters are set in the random number generator. The parameters may be distributed to various sensor nodes without going through the network.

  Next, encryption processing in the sensor node 20 or the terminal device 30 will be described. FIG. 13 is a flowchart of encryption processing in the sensor node 20 or the terminal device 30. In the following, the encryption process in the sensor node 20 will be described, but the same applies to the terminal device 30. In addition, although it is described that the encryption process is executed every time the detection value is acquired, the present invention is not limited to this. For example, encryption processing may be performed at regular intervals in response to a command from the collection device 50 or when a predetermined number of detection values are acquired.

  The acquisition unit 23 acquires a detection value from the sensor (Op. 10). In the case of a terminal device, for example, data to be provided is acquired.

  The cryptographic processing unit 24 generates a random number using a random number generator (Op. 11). Here, the key information stored in the setting information storage unit 26 and the initial vector are used. Next, the cryptographic processing unit 24 selects Op. A random number is arithmetically added to the detected value acquired at 10 (Op. 12).

  Next, the packet generator 25 generates a data packet (Op.13). Specifically, the packet generation unit 25 generates a data packet including encrypted data, a device ID, a data type ID, and an initial vector, in which the destination of the data packet is set in the header information. In the terminal device 30, the provision data generation unit 25 generates provision data.

  Next, under the control of the control unit 22, the communication unit 21 transmits a data packet (Op.14). The transmitted data packet is received by the collection device 50 and the analysis device 10 via the gateway device 40.

  Through the above processing, the detected value or the data to be provided is encrypted with a random number based on the set random parameter. That is, encryption is performed in the sensor node 20 or the terminal device 30 so that the analysis process can be easily executed in the subsequent analysis process.

  Next, analysis processing in the analysis apparatus 10 will be described. FIG. 14 is a flowchart of the analysis process. Prior to the processing of FIG. 14, the communication unit 11 of the analysis device 10 receives from the gateway device 40 data associated with encrypted data, device ID, totaling information, and data type ID. The management unit 13 stores the data as analysis data in the analysis data storage unit 16.

  The analysis apparatus 10 waits until the communication unit 11 receives an analysis instruction from the collection apparatus 50 (Op. 20 No). The analysis instruction is information including the type of statistic to be calculated and the data type ID to be analyzed. Note that a predetermined analysis process may be performed every predetermined time without receiving an analysis instruction.

  When the communication unit 11 receives the analysis instruction (Op. 20 Yes), the analysis unit 14 acquires the analysis data of the analysis target data type ID from the analysis data storage unit 16 based on the analysis instruction. (Op. 21). Note that only encrypted data in the analysis data may be acquired.

  When the analysis instruction instructs the calculation of the statistic between the two series data (Op. 22 Yes), the analysis unit 14 acquires the data for analysis of the data type ID of the second series (Op. 23). ). Then, the analysis unit 14 associates the two series of encrypted data based on the totaling information (Op. 24).

  On the other hand, when the analysis instruction does not instruct the calculation of the statistic between the two series data (Op. 22 No), the control unit 12 does not change the Op. The process proceeds to 25. Based on the data type ID to be analyzed, the analysis unit 14 acquires the applied parameter information from the parameter information storage unit 15 (Op. 25).

  Op. In 25, when there are a plurality of data type IDs to be analyzed, a plurality of parameter information is acquired. Here, only parameter information necessary for calculating a specified statistic may be acquired from the parameter information. For example, when calculating an average value as a statistic, only a random number average value may be acquired.

  The analysis unit 14 calculates a specified statistic based on the encrypted data included in the acquired analysis data and the acquired parameter information (Op. 26). Specifically, the random number average is subtracted from the encrypted data, and the statistics are calculated using the data.

  Next, the communication unit 11 transmits the analysis result to a predetermined destination under the control of the control unit 12 (Op. 27).

  The analysis result is calculated by the above processing. The analysis device 10 can perform analysis without decrypting the encrypted data. Further, by analyzing more encrypted data, a more accurate analysis result can be obtained.

  In the encryption process in each sensor node 20 or each terminal device 30, encrypted data is generated by arithmetically adding random numbers. Therefore, in the statistic calculation process, the analysis device 10 reverses the random number average from the encrypted data, thereby restoring the tendency of the original data as a whole of a plurality of encrypted data included in a certain data series. Can do.

  Hereinafter, application examples of the present embodiment will be described. For example, an example applied to farm growth management can be considered. When each sensor node 20 has a sensor that acquires the rainfall, the sensor node 20 encrypts the acquired detection value of the rainfall and transmits it to the gateway device 40. In addition, a data type ID indicating that the value is a detection value related to rainfall, a device ID of the sensor node that has performed the detection, information for aggregation, and the like are also transmitted. Note that the location information of the installation location is used as totaling information.

  On the other hand, it is assumed that data obtained by quantifying the growth state of the crop for each position is input to the terminal device 30 as a result of the operator observing the field. Further, the worker inputs position information indicating the position of the field to which the input data is related as the totaling information.

  Then, the data relating to the growth status is encrypted, and the totaling information indicating the position of the field where the growth status is related is transmitted to the gateway device 40. A data type ID indicating that the data is related to the growth status, a device ID for identifying the terminal device 30, and the like are also transmitted.

  The collection device 50 acquires a plurality of encrypted data from the gateway device 40 together with the totaling information, the device ID, the data type, and the like. The collection device 50 stores the encrypted data, the totaling information, the device ID, and the like in the encrypted data storage unit 56 for each data type ID.

  On the other hand, the analysis apparatus 10 acquires a plurality of pieces of encrypted data from the gateway apparatus 40 together with the totaling information, device ID, and data type. The analysis device 10 stores the encrypted data, the aggregation information, and the device ID in the analysis data storage unit 16 as analysis data for each data type ID.

  For example, the analysis device 10 calculates a correlation coefficient between the rainfall and the growth state based on the encrypted data and parameter information of each data series. Then, the calculated result is provided to the collection device 50. The sensor node may be a sensor node that measures sunshine amount, air temperature, soil temperature, humidity, and the like in addition to rainfall. In addition, the terminal device 30 may execute a program that applies existing technology and calculates a value indicating the growth status from an image taken by the worker. Then, the calculated value may be encrypted and transmitted to the gateway device 40 based on the present embodiment.

  As described above, the collection system can obtain an analysis result that is a general statistic by providing encrypted data and parameter information to an analysis device outside the collection system. In addition, the collection system can obtain various statistics without disclosing the encryption key.

  Next, the flow of analysis of encrypted data according to another embodiment will be described. FIG. 15 is a diagram for explaining the flow of analysis of encrypted data according to another embodiment.

  In other embodiments, there are multiple collection systems. The analysis apparatus 100 receives encrypted data from a plurality of collection systems and receives a request for analysis processing. For example, analysis data including encrypted data and parameter information are acquired from the collection device 500 in the first collection system and the collection device 510 in the second collection system.

  For example, a customer who has a point card that can be used in common at a plurality of stores makes a purchase at a store under the first collection system and uses the point card. In addition, the customer makes a purchase at a store under the second collection system and uses the point card.

  The collection device 500 or the terminal device 300 totals the customer identification information distributed to the customer for each point card and the purchase history of each customer. For example, when a certain customer purchases a certain product, “100” indicating the purchase is recorded. On the other hand, when a certain customer has not purchased a certain product, “50” indicating that the customer has not purchased is recorded.

  Then, the collection device 500 encrypts the tabulated purchase history of each customer. The collection device 500 transmits the encrypted purchase history information to the analysis device 100 together with the totaling information. Here, customer identification information is used as totaling information. In this case, as in the above-described embodiment, according to a random parameter set in advance, a random number based on the same parameter is applied to a certain data series, and encryption is performed.

  Note that although the collection device 500 performs aggregation and encryption of purchase histories, the encryption processing may be performed individually by the terminal device 300 or 310. Then, the analysis apparatus 100 may directly acquire encrypted purchase history information or customer identification information from the terminal apparatus 300 or 310.

  Similarly, the collection device 510 in the second collection system transmits encrypted purchase history information to the analysis device 100 together with customer identification information as totaling information.

  Then, the analysis apparatus 100 calculates various statistics based on the encrypted purchase history information. For example, the analysis apparatus 100 associates two series of encrypted data based on customer identification information. Then, a correlation coefficient between the two series data is calculated.

  The correlation coefficient between the two series of data is, for example, between the product X1 sold at the store under the first collection system and the product X2 sold at the store under the second collection system. It shows whether there is a correlation regarding purchasing behavior and what kind of correlation there is.

  As described above, according to the present embodiment, even if data is individually collected by different collection systems, the statistic can be calculated through the analysis device 100. Furthermore, since the analysis device 100 has the same function as the analysis device 10 in the previous embodiment, the analysis device 100 can perform analysis without decrypting the encrypted data.

  Next, the hardware configuration of the analysis apparatuses 10 and 100 will be described. FIG. 16 is a diagram illustrating an example of the hardware configuration of the analysis apparatuses 10 and 100.

  The analysis devices 10 and 100 are a CPU (Central Processing Unit) 1001, a ROM (Read Only Memory) 1002, a RAM (Random Access Memory) 1003, a communication device 1004, an HDD (Hard Disk Drive) 1005, an input device 1006, a display device 1007, and a display device 1007. A medium reading device 1009 is included, and each unit is connected to each other via a bus 1008. Data can be transmitted and received with each other under the control of the CPU 1001.

  A program related to the analysis processing is recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include an HDD, a flexible disk (FD), and a magnetic tape (MT). In addition, programs related to various processes described in the embodiments are recorded on a computer-readable recording medium.

  Examples of the optical disc include a DVD (Digital Versatile Disc), a DVD-RAM, a CD-ROM (Compact Disc-Read Only Memory), and a CD-R (Recordable) / RW (ReWriteable). Magneto-optical recording media include MO (Magneto-Optical disk). When this program is distributed, for example, a portable recording medium such as a DVD or CD-ROM in which the program is recorded may be sold.

  In the analysis apparatuses 10 and 100, for example, the medium reader 1009 reads the program from a recording medium on which various programs are recorded. The CPU 1001 stores the read program in the HDD 1005, the ROM 1002, or the RAM 1003.

  The CPU 1001 is a central processing unit that controls the overall operation of the analysis apparatuses 10 and 100. The HDD 1005 stores, for example, a program that causes the computer to execute each process shown in FIG. 14 as a program that causes the computer to perform the same functions as the analysis apparatuses 10 and 100 described in the above embodiments.

  The CPU 1001 reads out and executes the program from the HDD 1005, thereby functioning as the control unit 12 in the analysis apparatus 10 illustrated in FIG. Various programs may be stored in the ROM 1002 or the RAM 1003 accessible to the CPU 1001.

  Further, the HDD 1005 functions as at least part of the parameter information storage unit 15 and the analysis data storage unit 16 under the control of the CPU 1001. Similar to the program, information in the storage unit may be stored in the ROM 1002 or the RAM 1003 accessible to the CPU 1001. The ROM 1002 or the RAM 1003 also stores information temporarily generated during the process.

  The display device 1007 displays each screen as necessary. The communication device 1004 receives a signal from another device via the network and passes the content of the signal to the CPU 1001. Further, the communication device 1004 transmits a signal to another device via a network in response to an instruction from the CPU 1001. Note that the communication device 1004 functions as the communication unit 11 in the analysis device 10 illustrated in FIG. 9. The input device 1006 accepts input of information from the user as necessary.

DESCRIPTION OF SYMBOLS 10 Analysis apparatus 20, 20-1, 20-2, 20-3, 20-4 Sensor node 30, 30-1, 30-2 Terminal apparatus 40 Gateway apparatus 50 Collection apparatus 11 Communication part 12 Control part 13 Management part 14 Analysis Unit 15 parameter information storage unit 16 analysis data storage unit 21 communication unit 22 control unit 23 acquisition unit 24 encryption processing unit 25 packet generation unit 26 setting information storage unit 31 communication unit 32 control unit 33 acquisition unit 34 encryption processing unit 35 provided data Generation unit 36 Setting information storage unit 51 Communication unit 52 Control unit 53 Generation unit 54 Management unit 55 Parameter information storage unit 56 Encrypted data storage unit 57 Key information storage unit 100 Analysis device 300, 310, 320, 330 Terminal device 500, 510 Collection device 1001 CPU
1002 ROM
1003 RAM
1004 Communication device 1005 HDD
1006 Input device 1007 Display device 1008 Bus 1009 Medium reader

Claims (5)

Computer
Obtain multiple encrypted data generated by arithmetic operations of random numbers and multiple original data,
Obtaining an average value of random numbers based on a random number generation parameter set in the device that generates the plurality of encrypted data;
An analysis method, wherein a process for calculating a statistic for the plurality of original data is performed on the plurality of encrypted data using data obtained by performing an inverse operation on the average value in the arithmetic operation. The computer is
In the process of acquiring the plurality of encrypted data, together with the plurality of encrypted data, an identifier for identifying a target related to the plurality of encrypted data is acquired;
When the plurality of encrypted data is acquired as a first encrypted data group, a second encrypted data group different from the first encrypted data group is acquired together with the identifier,
In the process of obtaining the random number average,
A first random number average value based on a first random number generation parameter set in the device for generating the first encrypted data group, and a first random number set in the device for generating the second encrypted data group. Obtain a second random number average value based on the second random number generation parameter,
In the process of calculating the statistic,
Based on the first encrypted data group and the second encrypted data group, the first random number average value, and the second random number average value associated with each other based on the identifier, 2. The analysis method according to claim 1, wherein a process of calculating a correlation coefficient between the original data group of the encrypted data group and the original data group of the second encrypted data group is executed. The parameter includes a lower limit value and an upper limit value for the distribution of the random numbers,
The analysis method according to claim 1 or 2, wherein the range of the random number defined by the lower limit value and the upper limit value includes a range of predicted values of the plurality of original data. A communication unit that receives a plurality of encrypted data generated by an arithmetic operation of a random number and a plurality of original data;
An average value of random numbers based on a random number generation parameter set in the device that generates the plurality of encrypted data is obtained, and the average value is inversely calculated with respect to the plurality of encrypted data. And an analysis unit that calculates statistics for a plurality of original data including the original data using data. On the computer,
Obtain multiple encrypted data generated by arithmetic operations of random numbers and multiple original data,
Obtaining an average value of random numbers based on a random number generation parameter set in the device that generates the plurality of encrypted data;
An analysis program for executing a process for calculating a statistic for the plurality of original data using data obtained by performing an inverse operation on the average value with respect to the plurality of encrypted data.