JP2018128913A - Data distribution mediation device, data distribution mediation system, and data distribution mediation method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce a risk for a data owner and a data analyzer, when disclosing data to the data analyzer by the data owner.SOLUTION: A data distribution mediation device according to an embodiment has a data processing part for performing deterioration processing to data on the basis of a data deterioration condition definition file in which a condition on deterioration of the data and a disclosure condition of the data to be deteriorated are defined, and retrieves processed data which match a data disclosure request from a data reception device, transmits the data to the data reception device if the data match the disclosure condition, transmits the data in which the retrieved data has processed to match the disclosure condition, to a data registration transmission device, receives a determination result on the acceptance/rejection of the disclosure from a data owner from the data registration transmission device, and notifies the data reception device of the result.SELECTED DRAWING: Figure 1

Description

  Embodiments described herein relate generally to a data distribution mediation apparatus, a data distribution mediation system, and a data distribution mediation method.

  As a technology for providing IoT (Internet of Things) data including sensor data, for example, a technology (Non-Patent Document 1) aiming to realize autonomous distributed interconnection not depending on the model and device, and a user who needs data And a technique (Non-patent Document 2) for constructing a transaction market that matches data holders who may provide data and enables exchange of necessary sensing data when necessary.

Everysense Japan Co., Ltd., “IoT Data Exchange Market Business Introduction”, Data Distribution Environment Improvement Study Group, November 25, 2016, Internet <http://www.kantei.go.jp/jp/singi/it2/ senmon_bunka / data_ryutsuseibi / detakatsuyo_wg_dai5 / siryou1.pdf>, [searched January 23, 2017] OMRON Corporation, “Importance of the IoT World in Sensing Data Distribution Market”, Liberal Democratic Party IT Strategy Special Mission Committee Materials, March 24, 2016, Internet <http://www.skill.or.jp/activities/ IoT-bukai / 9th / jimin_it-toku_document_20160324.pdf>, [Search January 23, 2017]

  However, IoT data including the above sensor data is usually collected and analyzed by the owner (hereinafter referred to as data owner) even if the data value is high for other analysts (hereinafter referred to as data analysts). However, it was limited to use and disclosed to data analysts.

  To date, when data owners disclose data to data analysts, the scope of use of the disclosed data and the determination of consideration for the disclosure have been made through direct negotiations and contracts between the parties. And other costs were high.

For data owners, (1) information leakage due to data disclosure, data owner's own know-how implicitly included in the data, or (2) unauthorized use by the data analyst, There were various risks, such as not knowing whether value could be gained through disclosure.
In addition, it has been difficult for data analysts to receive the contents of the data before a formal contract because of the risks inherent in the data owner.

  Therefore, for data analysts, (1) it is impossible to estimate what value the data can generate, (2) it is impossible to determine the data analysis method, and (3) the equipment and personnel necessary for the analysis There were risks such as being unable to make decisions, and (4) not being able to evaluate the pros and cons of doing the analysis determined by these.

  An object of the present invention is to provide a data distribution intermediary device, a data distribution intermediation system, and a data distribution that can reduce the risk of the data owner and the data analyst when the data owner discloses data to the data analyst. It is to provide an intermediary method.

  In order to achieve the above object, the first aspect of the data distribution intermediary device according to the embodiment of the present invention is the data registration and transmission device used by the data owner from the data, the condition of the deterioration of the data, and the deterioration of the data Receives a data degradation condition definition file that defines disclosure conditions, and based on the data degradation condition definition file, saves data processed by the data processing section and a data processing section that processes the data for deterioration And when the data disclosure request is received from the data receiving device used by the data analyst, the data that matches the disclosure request is retrieved from the processed data storage unit and the retrieved If the data meets the disclosure conditions defined in the data deterioration condition definition file, the data meets the disclosure conditions. If the retrieved data does not match the disclosure conditions, the retrieved data is processed so that the data matches the disclosure conditions. Is provided to the data registration / transmission apparatus, and the data registration / transmission apparatus receives a determination result of whether or not disclosure is possible by the data owner, and notifies the data reception apparatus of the result.

  According to a second aspect of the data distribution mediating apparatus configured as described above, there is provided the apparatus according to the first aspect, wherein the data deterioration by the data processing unit includes correction of the data and extraction of a feature amount of the data.

  According to a third aspect of the data distribution mediating apparatus configured as described above, in the first aspect, the data deterioration condition includes the data quantization, the data discretization, the data averaging, and the data frequency. An apparatus including at least one of conversion, application of noise to the data, and anonymization of the data is provided.

  According to a fourth aspect of the data distribution mediating apparatus configured as described above, in the first aspect, the disclosure condition of the deteriorated data includes a use purpose by the data analyst, a condition for limiting the disclosure content to the data analyst, An apparatus is provided that includes at least one of the number of disclosures to the data analyst.

  An aspect of the data distribution mediation system according to the embodiment of the present invention includes a data registration / transmission device used by a data owner, a data reception device used by a data analyst, and information exchange between the data registration / transmission device and the data reception device. A data distribution mediating system having a data distribution mediating apparatus that mediates data, wherein the data distribution mediating apparatus defines data from the data registration and transmission apparatus, conditions for deterioration of the data, and disclosure conditions for the degraded data Receiving a data degradation condition definition file, and based on the data degradation condition definition file, a data processing unit that performs processing for degrading the data, and processed data storage that stores data processed by the data processing unit And receiving a data disclosure request from the data receiving device. Data that matches the disclosure requirement is searched from the processed data storage unit, and if the searched data matches the disclosure condition defined in the data deterioration condition definition file, the data that matches the disclosure condition When the searched data does not match the disclosure conditions, the data that has been processed for the data to match the disclosure conditions is processed with respect to the searched data. There is provided a system for transmitting to a data registration / transmission apparatus, receiving a determination result of disclosure permission / inhibition by the data owner from the data registration / transmission apparatus, and notifying the data reception apparatus of the result.

  An aspect of a data distribution mediation method according to an embodiment of the present invention is a method applied to a data distribution mediation device, which is used by a data owner and is used for data from the data registration and transmission device and the data degradation condition and the degradation. Receives a data degradation condition definition file that defines data disclosure conditions, performs processing for degrading the data based on the data degradation condition definition file, and stores the processed data in a processed data storage device When receiving the data disclosure request from the data receiving device used by the data analyst, the data that matches the disclosure request is searched from the processed data storage device, and the searched data is the data deterioration condition definition file. If the data meets the disclosure conditions defined in (2), the data receiving device If the retrieved data does not meet the disclosure conditions, the data registered and transmitted to the retrieved data is processed so that the data meets the disclosure conditions. There is provided a method of transmitting and receiving from the data registration / transmission device a determination result of whether or not disclosure is possible by the data owner and notifying the data reception device of the result.

  ADVANTAGE OF THE INVENTION According to this invention, when a data owner discloses data to a data analyst, it becomes possible to reduce the risk of a data owner and a data analyst.

1 is an overall configuration diagram showing an overview of an information mediation system according to an embodiment of the present invention. The figure which shows an example of the flow of the process regarding the data registration by the information mediation system which concerns on embodiment of this invention, transmission, and a process. The flowchart which shows an example of the data registration process in the data registration transmission apparatus of the information mediation system which concerns on one Embodiment of this invention. The figure which shows an example of the sensor data accumulate | stored in sensor data DB of the information mediation system which concerns on one Embodiment of this invention, raw data DB, and processed data DB. The figure which shows an example of the data degradation condition definition file which the information mediation system which concerns on one Embodiment of this invention handles. The flowchart which shows an example of the data transmission to the mediation system apparatus in the data registration transmission apparatus of the information mediation system which concerns on one Embodiment of this invention, and a registration process. The figure which shows an example of the structure of the data sent to the mediation system data receiving part from the transmission side data transmission part of the information mediation system which concerns on one Embodiment of this invention. The flowchart which shows an example of the data processing in the mediation system apparatus of the information mediation system which concerns on one Embodiment of this invention. The flowchart which shows an example of the data request process in the data receiver of the information mediation system concerning one embodiment of the present invention. The figure which shows an example of the structure of the data sent to the disclosure request reception part from the data disclosure request part of the information mediation system which concerns on one Embodiment of this invention. The figure which shows an example of the structure of the data stored in the disclosure request log | history DB of the information mediation system which concerns on one Embodiment of this invention. The flowchart which shows an example of the process of a data degradation status confirmation and disclosure approval in the data registration transmission apparatus of the information mediation system which concerns on one Embodiment of this invention. The flowchart which shows an example of the procedure of the data degradation status confirmation and degradation degree registration in the mediation system apparatus of the information mediation system which concerns on one Embodiment of this invention. The figure which shows an example of the structure of the data sent from the mediation system data transmission part of the information mediation system which concerns on one Embodiment of this invention to the degradation condition confirmation part of a data registration transmission apparatus. The flowchart which shows an example of the reception process of this operation data by the information mediation system which concerns on one Embodiment of this invention.

  The present invention degrades data in accordance with the conditions specified by the data owner (hereinafter, data degradation definition), enables the data owner to check the data degradation status, and leaks information and leaks know-how from the data owner. To reduce the risk.

  Further, the present invention limits the unintended use of data by the data analyst and reduces the risk by applying a data degradation method so that the correct result is returned only by the means of analysis designated by the data analyst. .

  In addition, the present invention discloses data to a data analyst through means for safely disclosing data by reducing the risk of the data owner as described above, and what value can be obtained within the limitation. By providing a means for confirming, the risk of the data owner not knowing what value can be gained from the disclosure of the data is reduced.

  Furthermore, the present invention estimates the value that can be created by the data analyst obtaining data disclosed by the above means in advance, because the data analyst cannot obtain the data in advance. Reduce risks such as inability to determine data analysis methods, inability to determine equipment and personnel required for analysis, and inability to assess the pros and cons of performing analysis determined by these.

  The data recipient can confirm the value of the data by receiving and trying the data with the authority obtained with a minimum price (or no price). If necessary, you can receive higher quality data by paying additional consideration.

  Embodiments of the present invention will be described below with reference to the drawings. However, the description of each configuration described below should be appropriately changed according to the system configuration to which the invention is applied and various conditions, and the scope of the present invention is not limited to the following description.

  FIG. 1 is an overall configuration diagram showing an overview of an information mediation system according to an embodiment of the present invention. As shown in FIG. 1, the data distribution mediation system according to an embodiment of the present invention includes a data registration transmission device 1, a mediation system device (data distribution mediation device) 100, and a data reception device 200.

  The data registration / transmission device 1 is a device used by a data owner, and registers and transmits data by performing input or output with the sensor device 2, the sender-side input device 3, and the sender-side display device 4. To do.

  The data registration / transmission apparatus 1 includes a data registration unit 10, a sensor data DB (database) 11, a sender-side data transmission unit 20, a degradation status confirmation unit 30, and a disclosure approval unit 40. A data degradation condition is stored in a storage device (not shown). A definition file 31 can be stored.

  The mediation system apparatus 100 includes a mediation system data receiving unit 110, a raw data DB 111, a data processing unit 120, a processed data DB 127, a disclosure request receiving unit 130, a transaction history DB 131, a disclosure request history DB 132, a recipe generation unit 140, and a recipe presentation unit. 150, an intermediary system data transmission unit 160, a disclosure DB 171, and a price adjustment unit 180.

  The data processing unit 120 includes a cleansing function unit 121, a feature amount extraction function unit 122, a data degradation function unit 123, a traceability information addition unit 124, a substitute data creation unit 125, and a degradation status confirmation unit 126.

  The data receiving device 200 is a device used by a data analyst (sometimes called a receiver or a user), and includes a receiver-side input device 201, a receiver-side display device 202, a receiver-side data receiver 210, data It has a disclosure request unit 220, a recipe receiving unit 230, and a recipe request unit 240. Each operation will be described later.

  The sensor data DB (database) 11, raw data DB 111, processed data DB 127, transaction history DB 131, disclosure request history DB 132, and disclosure DB 171 can be realized by a storage medium such as a nonvolatile memory.

  The data registration / transmission device 1, the mediation system device 100, and the data reception device 200 are each provided with a storage device such as an HDD or a temporary storage device such as a memory, and can record information and hold information at an arbitrary timing. . Further, the data registration / transmission device 1, the mediation system device 100, and the data reception device 200 are provided with a central processing unit (CPU) and execute processing of each unit. Further, for example, hardware such as an image processing device (GPU) or a field programmable gate array (FPGA) is added to the data registration transmission device 1, the mediation system device 100, and the data reception device 200, and a part of processing is processed at high speed. Therefore, it can be implemented in place of the CPU.

  The data registration and transmission device 1 and the mediation system device 100, and the mediation system device 100 and the data reception device 200 are connected via a network such as the Internet. A communication device (not shown) included in each device stores data. It shall operate in cooperation by transmitting and receiving.

  Moreover, the data distribution mediation system in this embodiment uses a database (DB). The DB stores (1) storage of input data (hereinafter may be simply referred to as “addition”), and (2) return of stored data that matches a specified search condition (hereinafter simply referred to as “search”). (3) Deletion of stored data (hereinafter sometimes simply referred to as “deletion”).

  The raw data DB 111, the processed data DB 127, and the disclosure DB 171 may be provided in the data registration / transmission apparatus 1 instead of the mediation system apparatus 100. In that case, the mediation system apparatus 100 transmits / receives necessary data from the data registration / transmission apparatus 1 via the network as necessary.

An example of the operation when each device operates or cooperates alone is shown below.
FIG. 2 is a diagram illustrating an example of a flow of processing related to data registration, transmission, and processing by the information mediation system according to the embodiment of the present invention.
FIG. 3 is a flowchart showing an example of data registration processing in the data registration / transmission apparatus of the information mediation system according to the embodiment of the present invention.
FIG. 4 is a diagram showing an example of sensor data stored in the sensor data DB, raw data DB, and processed data DB of the information mediation system according to the embodiment of the present invention.
FIG. 5 is a diagram showing an example of a data deterioration condition definition file handled by the information mediation system according to the embodiment of the present invention.

(Operation A1)
When the data registration unit 10 of the data registration / transmission device 1 receives an input of sensor data measured and recorded by the sensor device 2 from the sensor device 2 connected to the data registration / transmission device 1, the data registration / transmission device 1 The included attribute information is registered in the sensor data DB 11 (step S101, step S102). The attribute information includes, for example, the type of value detected by the sensor device 2, the position information (latitude and longitude) of the sensor device 2, the date, the unit name of the sensor device 2, and the measured value, as shown in FIG.

  When a plurality of sensor devices 2 are connected, the data registration unit 10 handles sensor data separately for each sensor device identifier by assigning a sensor device identifier for each sensor device.

  The sensor device identifier may be expressed in a hierarchical structure. For example, by adding a higher-order identifier such as a group ID, a plurality of sensor devices 2 belonging to the same group can be collectively handled in the same manner as in the case of a single sensor device 2. Further, the data registration unit 10 may assign the same sensor device identifier to different sensor devices 2 and handle them as a single device.

(Operation A2)
The data registration / transmission apparatus 1 receives a data registration instruction (however, the data deterioration condition definition file 31 is not included) from the transmission side input apparatus 3 in response to an operation on the transmission side input apparatus 3 by the data provider. When received (NO in step S104), this instruction is stored in the storage device of the data registration / transmission apparatus 1, and the registration instruction is transmitted via the sender-side data transmission unit 20 together with the sensor data registered in the sensor data DB 11 in step S102. To the mediation system apparatus 100.

Upon receiving the registration instruction and sensor data, the mediation system data receiving unit 110 of the mediation system apparatus 100 registers the sensor data in the raw data DB 111.
When transmitting data to the mediation system apparatus 100, the data registration / transmission apparatus 1 can register the disclosure conditions (data disclosure conditions) such as the disclosure range and the disclosure period before S104 (step S103).

  When there are a plurality of data registration / transmission apparatuses 1, the intermediary system apparatus 100 handles the process separately for each transmission apparatus identifier by assigning a transmission apparatus identifier to each data registration / transmission apparatus 1. The same applies to the subsequent operations.

  The transmitting device identifier may be expressed in a hierarchical structure. For example, by adding an upper identifier such as a region ID, a plurality of data registration / transmission devices 1 belonging to the same region can be collectively handled in the same manner as in the case of a single data registration / transmission device 1. Furthermore, the mediation system apparatus 100 may assign the same identifier to different sensor devices 2 and handle them as a single apparatus.

  When there are a plurality of data degradation condition definition files 31, the mediation system apparatus 100 handles each process separately for each definition file identifier by assigning a definition file identifier to each definition file. The same applies to the subsequent operations.

  When the data registration instruction is stored in the storage device of the data registration / transmission device 1 and the data registration unit 10 receives input of sensor data, the data on the sender side is automatically transmitted at any timing such as sequentially or at regular intervals. You may transmit to the mediation system data receiver 110 from the transmitter 20.

(Operation A3)
When receiving a data registration instruction (including the data degradation condition definition file 31 lacking data disclosure conditions) from the sender-side input apparatus 3 (YES in step S104), the data registration transmission apparatus 1 receives the registration instruction. Is stored in the storage device of the data registration / transmission device 1, and the data deterioration condition definition file 31 is sent to the sender-side data transmission unit 20 (step S105).

FIG. 6 is a flowchart showing an example of data transmission and registration processing to the mediation system apparatus in the data registration / transmission apparatus of the information mediation system according to the embodiment of the present invention.
Upon receiving the data deterioration condition definition file 31, the sender-side data transmission unit 20 accesses the sensor data DB 11 and combines the data registered in the sensor data DB 11 and the data deterioration condition definition file 31 to the mediation system apparatus 100. (Step S201).

FIG. 7 is a diagram illustrating an example of a structure of data transmitted from the transmission-side data transmission unit of the information mediation system according to the embodiment of the present invention to the mediation system data reception unit.
As shown in FIG. 7, the data sent from the sender-side data transmitter 20 to the mediation system data receiver 110 includes sensor data attributes (see FIG. 4), data deterioration condition definition file 31 (see FIG. 5), and data. Includes a body (see FIG. 4).

  When receiving data (including the data deterioration condition definition file 31) from the data registration and transmission device 1 (step S202), the mediation system data receiving unit 110 of the mediation system device 100 adds this data to the raw data DB 111 ( In step S203), the data deterioration condition definition file 31 in the data is stored in the storage device of the mediation system apparatus 100, and the data deterioration condition definition file 31 is sent to the data processing unit 120.

FIG. 8 is a flowchart showing an example of data processing in the mediation system device of the information mediation system according to the embodiment of the present invention. Step S305 shown in FIG. 8 is not performed here.
When the data degradation condition definition file 31 is received from the mediation system data receiving unit 110, the data processing unit 120 registers in the raw data DB 111 and sends it to the data processing unit 120 (step S301). The target data of the data deterioration condition to be searched is retrieved, and the cleansing function unit 121 is called as necessary (YES in step S302), and the retrieved target data is cleansed (step S303). Cleansing includes, for example, at least one of the following (B1) to (B5).

(B1) Completion of missing values (B2) Deletion of outliers (B3) Resampling (B4) Unification of notation (B5) Data correction The data processing unit 120 calls the feature quantity extraction function unit 122 as necessary. The feature amount of the searched target data is calculated (step S304). The feature amount includes, for example, at least one of the following (C1) to (C5).

(C1) Data field name (C2) Data unit and unit dimension (C3) Object recognition in image (C4) Speech recognition in speech (C5) Morphological analysis of text It is assumed that it is repeatedly executed as many times as necessary, including calculating a further feature amount by regarding the feature amount of the data as data, such as morphological analysis of the text that has been performed.
Further, the data processing unit 120 registers the results processed by the cleansing function unit 121 and the feature amount extraction function unit 122 in the processed data DB 127 (step S304 → step S306).
(Operation A4)
This operation A4 is an operation when the deterioration process is performed after the cleansing and the feature amount calculation described in the operation A3. Upon receiving data from the sender-side data transmission unit 20, the mediation system data reception unit 110 of the mediation system device 100 registers the received data in the raw data DB 111 and extracts related data from the raw data DB 111. The data is sent to the data processing unit 120 (step S301). It is assumed that the data to be sent includes a data deterioration condition definition file 31.

  Then, after steps S303 and S304 described in operation A3, the data processing unit 120 calls the data deterioration function unit 123 according to the definition of the data deterioration condition definition file 31 as necessary, and performs the above step S304. The processed data is degraded (step S305). The deterioration includes, for example, at least one of the following (D1) to (D12).

(D1) Quantization including grouping, categorization, coarse-graining, etc. (D2) Discretization (D3) Averaging (D4) Frequency conversion (D5) Applying addition noise / multiplication noise (D6) Deleting identifiers, hashing, etc. Anonymization (D7) k anonymization, pk anonymization (D8) skip gram
(D9) LDA (Latent Dirichlet Allocation)
(D10) Simple data deletion (sampling)
(D11) Conversion to signal power such as conversion of sound into volume (D12) Value for base after base conversion such as principal component analysis or orthogonal transform

Moreover, the deterioration conditions include disclosure conditions such as at least one of the following (E1) to (E5).
(E1) Acceptable use purpose of requester (conditions of use purpose by data receiver)
(E2) Whether or not to limit the processing contents of the requester (Conditions for limiting the contents disclosed to the data receiver)
(E3) Number of disclosures to the same requester (E4) Total number of disclosures (E5) Parameters for each method of degradation Also, the data processing unit 120 includes a cleansing function unit 121, a feature quantity extraction function unit 122, and a data degradation function unit 123. The processing result and the disclosure condition are registered in the processed data DB 127 (step S306).

Next, the change of the deterioration condition definition by the sender will be described.
When receiving a data deterioration condition change instruction including the data deterioration condition definition file 31 (a plurality of data here) from the sender-side input device 3, the data registration transmission device 1 receives the received deterioration condition change instruction from the data registration transmission device 1. The degradation condition change instruction is transmitted to the mediation system apparatus 100 via the sender-side data transmission unit 20.

  When the mediation system data receiving unit 110 of the mediation system apparatus 100 receives the above-described deterioration condition change instruction, the data registration transmission apparatus 1 performs the processed data DB 127 based on the definition file identifier of the change source included in the deterioration condition change instruction. The related data is searched from and deleted, and then the data deterioration condition definition file 31 is changed according to the deterioration condition change instruction. The data registration / transmission apparatus 1 processes the result of processing using the cleansing function unit 121, the feature amount extraction function unit 122, and the data deterioration function unit 123 in the data processing unit 120 based on the changed data deterioration condition definition file 31. Register again in the processed data DB 127.

(Operation A5)
Upon receiving an operation for a data disclosure request by a data analyst, the receiver-side input device 201 of the data receiving device 200 stores the disclosure request in the storage device of the data receiving device 200 and a data disclosure request unit 220. Send a disclosure request to Upon receiving the disclosure request, the data disclosure request unit 220 transmits this disclosure request to the disclosure request receiving unit 130 of the mediation system device 100 (step S2001).

  Here, the disclosure request is information on data degradation such as at least one type of (F1) to (F5) below, or data deterioration such as at least one type of (F6) to (F12) below. Contains information that limits the degree.

(F1) Data field name (F2) Data unit and unit dimension (F3) Object recognition in image (F4) Speech recognition in speech (F5) Morphological analysis of text (F6) Grouping, categorization, coarse-graining, etc. (F7) Degree of discretization (sampling rate)
(F8) Accuracy after application of addition noise / multiplication noise (dispersion)
(F9) k for anonymization
(F10) n-gram frequency of skip gram (F11) Topic of LDA (F12) Deletion of simple data The disclosure request is a disclosure request such as at least one of the following (G1) to (G3). The authority information of the issued data receiving device 200 is included.

(G1) Requester name or identifier (G2) Requester's purpose of use (G3) Analysis process performed by the requester In addition, the disclosure request includes disclosure request handling restriction information such as the following (G4).

(G4) Disclosure Request Disclosure FIG. 9 is a flowchart showing an example of a data request process in the data receiving apparatus of the information mediation system according to the embodiment of the present invention.
FIG. 10 is a diagram illustrating an example of a structure of data transmitted from the data disclosure request unit to the disclosure request reception unit in the information mediation system according to the embodiment of the present invention.
FIG. 11 is a diagram showing an example of the structure of data stored in the disclosure request history DB of the information mediation system according to an embodiment of the present invention.
When receiving the disclosure request (see FIG. 10) from the data disclosure requesting unit 220, the disclosure request receiving unit 130 of the intermediary system apparatus 100 discloses the disclosure request as a disclosure request history together with the data body stored in the processed data DB 127. Registration in the request history DB 132 (see FIG. 11) (step S2002).
The disclosure request receiving unit 130 searches the processed data DB 127 for data that matches the information that limits the data of the disclosure request (step S2003).

  In step S2003, the disclosure request receiving unit 130 of the mediation system apparatus 100 searches whether the data disclosure authority for the requester is registered in the disclosure DB 171. If there is no authority, the disclosure request receiving unit 130 returns that fact to the data disclosure requesting unit 220. When there is an authority, the disclosure request receiving unit 130 searches the processed data DB 127 for data that matches the data limiting information included in the disclosure request.

(I) A process when there is no data matching the information limiting data (NO in step S2003) will be described.
The disclosure request receiving unit 130 sends a processing result (null) indicating that there is no matching data to the mediation system data transmitting unit 160. Upon receiving this processing result (null), the mediation system data transmission unit 160 transmits null to the receiver-side data reception unit 210 of the data reception device 200.

Further, the mediation system apparatus 100 can register a data request with the data registration / transmission apparatus 1 (step S2005).
The disclosure request receiving unit 130 registers a disclosure request for the mediation system apparatus 100 in the disclosure request history DB 132 (step S2006), and sends a data disclosure request to the data registration transmitting apparatus 1 (step S2007). The data registration / transmission apparatus 1 that holds data corresponding to the request performs data registration along the above-described steps S101 to S105 (step S2008).

(Ii) Processes (a) and (b) in the case where data matching the data limiting information can be found (YES in step S2003 → step S2004) will be described.
(A) When the data that matches the data limiting information satisfies the disclosure condition, the disclosure request receiving unit 130 sends the disclosure request and the matching data to the data processing unit 120.

  When receiving the sent data and the disclosure request, the data processing unit 120 calls the traceability information adding unit 124. The traceability information adding unit 124 embeds a specific pattern such as a pseudo random number generated for each data disclosing person in the transmitted data. The data processing unit 120 stores the embedded result in the transaction history DB 131 together with information indicating the authority of the data receiving apparatus that has issued the disclosure request among the above disclosure requests, and stores the corresponding records that are the stored information. Return to the disclosure request receiver 130. Subsequently, the disclosure request receiving unit 130 issues a disclosure permission code, and sends the disclosure permission code, the above disclosure request, and the above record to the mediation system data transmitting unit 160.

  When the mediation system data transmission unit 160 receives the disclosure permission code from the disclosure request reception unit 130, the mediation system data transmission unit 160 transmits the disclosure request and the record received together with the disclosure permission code to the receiver side data reception unit 210 of the data reception device 200. To do.

  (B) When it is not possible to determine that the data that matches the data limiting information satisfies the disclosure condition, the following processes (b-1) and (b-2) are performed.

(B-1)
For example, if the matching data is data related to disclosure conditions that require evaluation for each disclosure request, such as the following (H1) and (H2), the disclosure request receiving unit 130 Is sent to the data processing unit 120.

(H1) Whether to limit processing contents (H2) Parameters for each method of degradation When receiving a disclosure request from the disclosure request receiving unit 130, the data processing unit 120 sets the data degradation function unit 123 to satisfy the disclosure request. call.
For example, when the processing content included in the disclosure request is calculation of an average value, the data degradation function unit 123 adds periodic addition noise having an average value of 0 so that the average value of all sections of the disclosure request does not change. Add. Thereby, the data can be degraded so that various processing results such as dispersion and frequency analysis do not match the raw data.

  Further, for example, when the disclosure request is data only for Tokyo with respect to data that is a disclosure condition in which k of anonymization is 100, the data degradation function unit 123 only uses data for Tokyo instead of all data. Data is degraded by deleting all gender fields so that k anonymization = 100 is established.

Subsequently, as in (a) above, the data processing unit 120 calls the traceability information adding unit 124. The traceability information assigning unit 124 embeds a specific pattern such as the above-described pseudo random number in the transmitted data, and embeds the result of the embedding of the data reception device that has issued the disclosure request among the above disclosure requests. The information indicating the authority is stored in the public DB 171, and the corresponding record as the stored information is returned to the disclosure request receiving unit 130.
Subsequently, when a record is returned from the data processing unit 120, the disclosure request receiving unit 130 sends this record and the above disclosure request to the mediation system data transmission unit 160.

When the mediation system data transmission unit 160 receives the disclosure request and the record from the disclosure request reception unit 130, the mediation system data transmission unit 160 transmits them to the degradation status confirmation unit 30 of the data registration transmission device 1.
When the disclosure request and the record are received from the mediation system data transmission unit 160 of the mediation system device 100, the deterioration status confirmation unit 30 of the data registration transmission device 1 sends the information to the sender side display device 4 along with whether or not disclosure is possible. An input screen for judging

(B-2)
For example, when the disclosure conditions that do not require calculation for each disclosure request (for example, at least one of the following (I1) to (I3)) are not satisfied, the same processing as the above (i) is performed.

(I1) Permitted requester's purpose of use (I2) Number of disclosures to the same requester (I3) Total number of disclosures The disclosure request receiving unit 130 of the mediation system device 100 and the mediation request for the disclosure request from the data reception device 200 The processing result by the system apparatus 100 is recorded in the transaction history DB 131.

  When there are a plurality of data receiving apparatuses 200, the disclosure request receiving unit 130 can handle each operation separately for each receiving apparatus identifier by giving each receiving apparatus identifier a receiving apparatus identifier. The same applies to the subsequent operations.

  When there are a plurality of disclosure requests, the disclosure request receiving unit 130 can handle each operation separately for each disclosure request identifier by assigning a disclosure request identifier to each disclosure request. The same applies to the subsequent operations.

  When the disclosure request receiving unit 130 receives the disclosure request and there is no data disclosure authority in the disclosure DB 171, the disclosure request receiving unit 130 pauses the process and adds it from the sender side input device 3. You may wait for the data disclosure authority to be granted.

(Operation A6)
This operation A6 is an operation for notifying whether or not to disclose data. FIG. 12 is a flowchart showing an example of data degradation status confirmation and disclosure approval processing in the data registration / transmission apparatus of the information mediation system according to the embodiment of the present invention. The operation A6 corresponds to the operation after step S1003 in FIG.

  When the data registration / transmission apparatus 1 receives information indicating whether or not data disclosure is possible from the sender-side input apparatus 3, the data registration / transmission apparatus 1 stores this information in the storage device of the data registration / transmission apparatus 1 and information indicating whether disclosure is possible (hereinafter referred to as “disclosure”) , Disclosure permission / inhibition) is sent to the disclosure approval unit 40.

When the disclosure approval unit 40 receives disclosure permission / inhibition, the disclosure approval unit 40 sends the disclosure permission / inhibition to the sender-side data transmission unit 20. Upon receiving the disclosure permission, the sender-side data transmission unit 20 determines whether this disclosure permission indicates “data disclosure OK” or “disclosure NG” (step S1003).
When the disclosure permission indicates “data disclosure OK” (YES in step S1003), the sender-side data transmission unit 20 transmits “data disclosure OK” to the mediation system apparatus 100 (step S1004). When the disclosure permission indicates “disclosure NG” (NO in step S1003), the sender-side data transmission unit 20 transmits “disclosure NG” to the mediation system apparatus 100 (step S1007).

  When the mediation system data receiving unit 110 of the mediation system device 100 receives the disclosure permission from the data registration and transmission device 1, the disclosure availability indicates that disclosure is possible (“data disclosure OK”) as in step S1004 above. Newly registers authority information in the public DB 171 (step S1005).

  Next, the mediation system data receiving unit 110 searches the authority information from the disclosure DB 171 and sends the disclosure permission code, the disclosure request, and the record of the authority information corresponding to the disclosure DB 171 to the mediation system data transmission unit 160. . When the mediation system data transmission unit 160 receives the disclosure permission code and the record, the mediation system data transmission unit 160 transmits the disclosure request and the record to the data reception unit 210 receiver side data reception unit 210 (step S1006).

If the disclosure is not possible (“disclosure NG”) as in step S1007, the mediation system data receiving unit 110 deletes the data from the disclosure DB 171 (step S1008) and determines whether the disclosure is possible. Both the disclosure request that is the object and the disclosure availability are stored in the transaction history DB 131.
In addition, the mediation system data reception unit 110 sends a processing result (null) indicating that disclosure is not possible to the mediation system data transmission unit 160 (step S1009). When receiving the null, the mediation system data transmission unit 160 transmits null to the receiver-side data reception unit 210 of the data reception device 200 (step S1010).

  Further, the mediation system apparatus 100 may receive the data deterioration condition definition file 31 from the data registration / transmission apparatus 1 and add the data processed using the data processing unit 120 to the processed data DB 127 as necessary.

  If a disclosure request that is additionally registered in the public DB 171 and that matches the authority information of the receiving device and whose disclosure is suspended is returned to the disclosure request receiving unit 130, the disclosure request is suspended. The state may be canceled and the process may proceed.

(Operation A7)
When the data receiving apparatus 200 receives a request for a recipe (a history including a disclosure request and information indicating whether disclosure is possible) from the receiver-side input apparatus 201, the data receiving apparatus 200 stores the request in the storage device of the data receiving apparatus 200. The recipe request is sent to the recipe request unit 240. When receiving the request for the recipe, the recipe request unit 240 transmits this request to the recipe presenting unit 150 of the mediation system device 100.

Upon receiving a recipe request, the recipe presenting unit 150 of the mediation system apparatus 100 stores the request in the storage device of the mediation system apparatus 100 and searches the disclosure request history DB 132 to obtain a history (recipe) of the disclosure request. Then, this recipe is transmitted to the recipe receiving unit 230 of the data receiving device 200.
When receiving the recipe, the recipe receiving unit 230 of the data receiving device 200 sends the recipe to the receiver-side display device 202 so that the receiver can check the recipe.

  In the embodiment of the present invention, a condition (recipe request condition) can be specified in a recipe request. The recipe request conditions include, for example, at least one of the following (J1) to (J5).

(J1) Data field name (J2) Data unit and unit dimension (J3) Name of recognized object in image (J4) Speech recognized text in speech (J5) Character string for searching text data When receiving the recipe request and the recipe request condition from the receiver-side input device 201, the data receiving apparatus 200 stores them in the storage device of the data receiving apparatus 200, and also sends the recipe request and the recipe search condition. Send to recipe request unit 240. Upon receiving the recipe request and the recipe search condition, the recipe request unit 240 transmits the recipe request and the recipe search condition to the recipe presenting unit 150 of the mediation system apparatus 100.

Upon receiving the recipe request and the recipe search condition, the recipe presentation unit 150 of the mediation system apparatus 100 saves them in the storage device of the mediation system apparatus 100 and searches the disclosure request history DB 132 according to the recipe search condition. A recipe that matches the search conditions is acquired, and the acquired recipe is transmitted to the recipe receiving unit 230 of the data receiving apparatus 200.
When receiving the recipe, the recipe receiving unit 230 of the data receiving device 200 sends the recipe to the receiver-side display device 202 so that the receiver can check the recipe.

(Operation A8)
When receiving a recipe selected from the receiver-side input device 201 by the receiver's operation on the receiver-side input device 201, the data receiving device 200 receives this recipe as a disclosure request to the storage device of the data receiving device 200. The data is stored and sent to the data disclosure request unit 220. Subsequent operations are the same as those in the operation A4.

(Operation A9)
This operation is an operation for the data provider to delete the data.
When the data registration / transmission device 1 receives an instruction to delete data from the sender-side input device 3, the data registration / transmission device 1 stores this instruction in the storage device of the data registration / transmission device 1, and via the sender-side data transmission unit 20, the mediation system Transmit to device 100.

  When receiving the deletion instruction, the broker system data receiving unit 110 of the broker system apparatus 100 deletes the data instructed by the deletion instruction from the raw data DB 111 and the processed data DB 127.

  Further, when the sender-side data transmission unit 20 receives the deletion instruction, the sender-side data transmission unit 20 may automatically delete the data instructed by the deletion instruction from the sensor data DB 11.

  Further, the sender-side data transmission unit 20 may detect that the data instructed by the deletion instruction is deleted from the sensor data DB 11 and automatically transmit the data deletion instruction to the mediation system data reception unit 110. good.

(Operation A10)
This operation is an operation for the data provider to delete the data deterioration condition definition.
When the data registration / transmission device 1 receives a data degradation condition deletion instruction from the sender-side input device 3, the data registration / transmission device 1 stores this instruction in the storage device of the data registration / transmission device 1 and mediates via the sender-side data transmission unit 20. It transmits to the system apparatus 100.

  When the broker system data receiving unit 110 of the broker system apparatus 100 receives the instruction to delete the deterioration condition definition, it deletes the data instructed from the processed data DB 127 by the instruction to delete the deterioration condition definition.

(Operation A11)
This operation is an operation for the data provider to stop the data disclosure.
When the data registration / transmission device 1 receives a data disclosure stop instruction from the sender-side input device 3, the data registration / transmission device 1 stores this instruction in the storage device of the data registration / transmission device 1 and mediates via the sender-side data transmission unit 20. It transmits to the system apparatus 100.

  When the mediation system data receiving unit 110 of the mediation system device 100 receives the disclosure stop instruction, the mediation system data receiving unit 110 sets a secret flag in the raw data DB 111 and the processed data DB 127. In the subsequent processing, data with the non-public flag set is treated as not existing.

  When the mediation system data receiving unit 110 receives the disclosure stop instruction, the mediation system data receiving unit 110 may register the data instructed by the disclosure stop instruction as a black list in the disclosure request receiving unit 130 or the mediation system data transmitting unit 160. . In this case, when the disclosure request receiving unit 130 or the mediation system data transmitting unit 160 receives a request or data registered in the black list in subsequent operations, the request or data registered in the black list is filtered. Treat as not.

(Operation A12)
This operation is an operation for the data provider to resume the release of the data that has been released in operation A11.
When the data registration / transmission device 1 receives an instruction to resume data disclosure from the sender-side input device 3, the data registration / transmission device 1 stores this instruction in the storage device of the data registration / transmission device 1 and mediates via the sender-side data transmission unit 20. It transmits to the system apparatus 100.

  When the mediation system data receiving unit 110 of the mediation system apparatus 100 receives the above disclosure resumption instruction, the brokerage system data receiving unit 110 resets the non-disclosure flag set in the raw data DB 111 and the processed data DB 127 according to this instruction, To be able to handle the data.

  When the mediation system data receiving unit 110 has registered the information instructed by the disclosure stop instruction as a black list in the disclosure request receiving unit 130 or the mediation system data transmitting unit 160, the information is deleted from the black list, and thereafter In this process, data can be handled as usual.

(Operation A13)
This operation is an operation for the data provider to register the data disclosure authority.
When the data registration / transmission device 1 receives the data disclosure authority registration instruction from the sender-side input device 3, the data registration / transmission device 1 stores the instruction in the storage device of the data registration / transmission device 1 and also via the sender-side data transmission unit 20. It transmits to the mediation system apparatus 100.

  When the mediation system data receiving unit 110 of the mediation system apparatus 100 receives the above-described disclosure authority registration instruction, the authority instructed by the disclosure authority registration instruction is registered in the disclosure DB 171. Here, the authority information includes, for example, a disclosure destination such as an IP and a receiver ID, a period, a column name, consideration information received from the receiver, and the like.

(Operation A14)
This operation is an operation for deleting the data disclosure authority registered by the data provider in operation A13.
When the data registration / transmission device 1 receives a data disclosure authority deletion instruction from the sender-side input device 3, the data registration / transmission device 1 stores this instruction in the storage device of the data registration / transmission device 1 and also via the sender-side data transmission unit 20. It transmits to the mediation system apparatus 100.

  When the mediation system data receiving unit 110 of the mediation system apparatus 100 receives the above-described publication authority deletion instruction, the agency system data receiving unit 110 deletes the publication authority data instructed by the publication authority deletion instruction from the publication DB 171.

(Operation A15)
This operation is an operation for the data intermediary or provider to confirm the data degradation state. FIG. 13 is a flowchart showing an example of a procedure for checking the data degradation status and registering the degradation level in the mediation system apparatus of the information mediation system according to the embodiment of the present invention.
FIG. 14 is a diagram illustrating an example of the structure of data sent from the mediation system data transmission unit of the information mediation system according to the embodiment of the present invention to the degradation status confirmation unit of the data registration transmission device.

The mediation system data transmission unit 160 of the mediation system apparatus 100 causes the degradation status confirmation unit 126 to acquire raw data and processed data from the raw data DB 111 and the processed data DB 127, respectively, and send them to the degradation status confirmation unit 126 (step). S401, S402). The degradation status confirmation unit 126 measures the degradation level of the data by comparing the transmitted data (step S403).
For example, the measurement of the degree of deterioration indicates a result of comparing a statistically processed value such as an average, median, variance, maximum, or minimum with an original value.

Here, the degradation status confirmation unit 126 has the data degradation definition of the data sender (YES in step S404), and the degradation status confirmation unit 126 determines that the processed data satisfies this definition (step S405). YES), the measurement result of the deterioration degree is registered in the processed data DB 127 (step S407).
If the data sender's data degradation definition does not exist (NO in step S404), the degradation status confirmation unit 126 proceeds to step S407.
If the processed data does not satisfy the data deterioration definition (NO in step S404), the process proceeds to reprocessing in the data deterioration function unit 203 (step S406), and the process returns to step S401.
The deterioration status confirmation process may be performed by the sender-side input device 3.

(Operation A16)
This operation is an operation for requesting raw data from the data provider after the data user confirms the processed data. FIG. 15 is a flowchart showing an example of the operation data reception process by the information mediation system according to the embodiment of the present invention.
When the data receiving device 200 confirms the processed data (step S2011), and the data receiver is willing to exchange raw data (YES in step S2012), the data disclosure requesting unit 220 of the data receiving device 200 receives the mediation system device. The raw data disclosure request and the desired price of raw data are sent (presented) to the disclosure request receiving unit 130 of 100 (step S2013).

  When receiving the disclosure request, the disclosure request receiving unit 130 registers the inquiry history in the disclosure request history DB 132 and sends the disclosure request to the disclosure approval unit 40 of the sender side input device 3. A request for disclosure of raw data and a desired price are presented on the sender-side display device 4 of the sender (step S2014).

  When the data provider (sender) and the user (receiver) have agreed to exchange raw data, that is, an operation indicating price agreement and raw data exchange OK is performed on the sender-side input device 3 (in step S2015). YES), the disclosure request receiving unit 130 of the mediation system device 100 sends the data disclosure requesting unit 220 of the data receiving device 200 as a result of this operation.

  In addition, the data processing unit 120 adds traceability information by the traceability information adding unit 124 (step S2016), and sends the added result to the data receiving apparatus 200 (step S2017).

  On the other hand, when an operation is performed on the sender-side input device 3 to indicate that the sender has not agreed to the price (NO in step S2015), the process returns to step S2014, and the price adjustment unit 180 of the mediation system device 100. Will make adjustments until the provider and the two parties agree.

(Operation A17)
This operation is an operation for generating a recipe.
The recipe generation unit 140 associates (1) a data disclosure request, (2) a data use purpose, and (3) a determination result of whether or not the data registration / transmission device 1 can disclose a data disclosure request with respect to the data disclosure request. The recipe is generated, and this recipe is transmitted to the disclosure request history DB 132 via the recipe presentation unit 150.

(Operation A18)
This operation is an operation for searching for alternative data.
In the case where there is a data disclosure request from the data receiving device 200 and there is no data registration / transmission device 1 that holds data in accordance with the request, the intermediary system device 100 uses the similar data (in accordance with the data disclosure request). For example, search the processed data DB 127 for data whose degree of discretization (sampling rate) is rougher than the disclosure request, data other than the file format that satisfies the disclosure request, and data acquisition period that satisfies only part of the disclosure request), This retrieved data is used as substitute data.

(Operation A19)
This operation is an operation for determining whether or not data disclosure is possible, and is an operation before the operation A6.
When the degradation status confirmation unit 30 of the data registration transmission device 1 receives the processed data from the mediation system data transmission unit 160 of the mediation system device 100 (step S1001), the processing data satisfies the criteria of the data degradation condition definition file 31. (Step S1002), it is determined whether disclosure is possible (step S1003). The subsequent operations are the same as those in the operation A6.

  However, the intermediary system apparatus 100 may serve as the function of the degradation status confirmation unit 30. In this case, the sender-side display device 4 is physically or logically connected to the deterioration status confirmation unit 30 in the mediation system device 100.

Here, it supplements about the various structures shown in FIG.
The sender-side input device 3 may be an apparatus integrated with the sender-side display device 4.
The receiver-side input device 201 may be an integrated device with the receiver-side display device 202.
The sender-side display device 4 may have the function of the data registration / transmission device 1. The receiver-side display device 202 may have the function of the data receiving device 200.
The data deterioration function unit 123 may be included in the data registration / transmission device 1, and in this case, the processed data is transmitted to the mediation system device 100.
In the data registration / transmission apparatus 1, the sensor device may also serve as its function.
The disclosure request history DB 132 may have the same function as the transaction history DB 131.

  As described above, the data distribution intermediary system according to the embodiment of the present invention is a system in which a data provider such as sensor data provides data to a data receiver, and the data provider has authority such as consideration paid by the data receiver. The value of the data can be protected by controlling the quality of the data to be provided. Further, the recipient of the data can determine the price to be paid after judging how much the data is worth.

  In addition, this invention is not limited to the said embodiment, In the implementation stage, it can change variously in the range which does not deviate from the summary. Further, the embodiments may be implemented in combination as appropriate, and in that case, the combined effect can be obtained. Furthermore, the present invention includes various inventions, and various inventions can be extracted by combinations selected from a plurality of disclosed constituent elements. For example, even if several constituent requirements are deleted from all the constituent requirements shown in the embodiment, if the problem can be solved and an effect can be obtained, the configuration from which the constituent requirements are deleted can be extracted as an invention.

  In addition, the method described in each embodiment is, for example, a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), optical disk (CD-ROM, etc.) as a program (software means) that can be executed by a computer (computer). It can be stored in a recording medium such as a DVD, MO, etc., semiconductor memory (ROM, RAM, flash memory, etc.), or transmitted and distributed by a communication medium. The program stored on the medium side includes a setting program that configures software means (including not only the execution program but also a table and data structure) in the computer. A computer that implements this apparatus reads a program recorded on a recording medium, constructs software means by a setting program as the case may be, and executes the above-described processing by controlling the operation by this software means. The recording medium referred to in this specification is not limited to distribution, but includes a storage medium such as a magnetic disk or a semiconductor memory provided in a computer or a device connected via a network.

  DESCRIPTION OF SYMBOLS 1 ... Data registration transmission apparatus, 2 ... Sensor device, 3 ... Sender side input apparatus, 4 ... Sender side display apparatus, 10 ... Data registration part, 11 ... Sensor data DB, 20 ... Sender side data transmission part, 30 Deterioration status confirmation unit 31 Data degradation condition definition file 40 Disclosure approval unit 100 Mediation system device 110 Mediation system data reception unit 111 Raw data DB 120 Data processing unit 121 Cleansing function , 122 ... feature quantity extraction function part, 123 ... data deterioration function part, 124 ... traceability information addition part, 125 ... alternative data creation part, 126 ... deterioration status confirmation part, 127 ... processed data DB, 130 ... disclosure request reception 131 ... Transaction history DB, 132 ... Disclosure request history DB, 140 ... Recipe generation unit, 150 ... Recipe presentation unit, 160 ... Mediation system Data transmission unit, 171 ... DB for disclosure, 180 ... price adjustment unit, 200 ... data receiving device, 201 ... receiver side input device, 202 ... receiver side display device, 210 ... receiver side data receiving unit, 220 ... data Disclosure request unit, 230 ... Recipe reception unit, 240 ... Recipe request unit.

Claims (6)

A data degradation condition definition file that defines data, a condition for degradation of the data, and a disclosure condition for the degraded data is received from a data registration and transmission device used by a data owner, and the data based on the data degradation condition definition file On the other hand, a data processing unit that performs processing for degrading,
A processed data storage unit for storing data processed by the data processing unit,
When receiving the data disclosure request from the data receiving device used by the data analyst, the data that matches the disclosure request is searched from the processed data storage unit, and the searched data is defined in the data deterioration condition definition file If the disclosed conditions are met, the data that meets the disclosed conditions is transmitted to the data receiving device,
If the retrieved data does not match the disclosure conditions, the data that has been processed for the retrieved data to match the disclosure conditions is transmitted to the data registration and transmission device, and A data distribution intermediary device that receives a determination result of whether or not disclosure is possible by a data owner from the data registration and transmission device and notifies the data reception device of the result. The deterioration of the data by the data processing unit is
The data distribution mediation apparatus according to claim 1, comprising correction of the data and extraction of a feature amount of the data. The condition for deterioration of the data is as follows:
The data according to claim 1, comprising at least one of quantization of the data, discretization of the data, averaging of the data, frequency conversion of the data, application of noise to the data, and anonymization of the data. Distribution mediation device. The disclosure condition of the degraded data is as follows:
The data distribution mediation apparatus according to claim 1, comprising at least one of a purpose of use by the data analyst, a condition for limiting contents to be disclosed to the data analyst, and the number of disclosures to the data analyst. A data distribution mediation system having a data registration and transmission device used by a data owner, a data reception device used by a data analyst, and a data distribution mediation device that mediates exchange of information between the data registration and transmission device and the data reception device. There,
The data distribution mediating device is:
A data deterioration condition definition file that defines data, a condition for deterioration of the data, and a disclosure condition for the deteriorated data is received from the data registration and transmission device, and the data is deteriorated based on the data deterioration condition definition file. A data processing unit for performing processing for
A processed data storage unit for storing data processed by the data processing unit,
Upon receiving the data disclosure request from the data receiving device, the data that matches the disclosure request is retrieved from the processed data storage unit, and the retrieved data is defined in the data deterioration condition definition file. If it matches, the data that matches the disclosure condition is transmitted to the data receiving device,
If the retrieved data does not match the disclosure conditions, the data that has been processed for the retrieved data to match the disclosure conditions is transmitted to the data registration and transmission device, and A data distribution mediation system that receives a determination result of whether or not disclosure is possible by a data owner from the data registration and transmission device and notifies the data reception device of the result. A method applied to a data distribution intermediary device, which is used by a data owner and receives a data deterioration condition definition file that defines data, a condition for deterioration of the data, and a disclosure condition for the deteriorated data from a data registration and transmission device Then, based on the data deterioration condition definition file, perform processing for deteriorating the data,
Save the processed data in a processed data storage device,
When receiving the data disclosure request from the data receiving device used by the data analyst, the data that matches the disclosure request is retrieved from the processed data storage device, and the retrieved data is defined in the data degradation condition definition file If the disclosed conditions are met, the data that meets the disclosed conditions is transmitted to the data receiving device,
If the retrieved data does not match the disclosure conditions, the data that has been processed for the retrieved data to match the disclosure conditions is transmitted to the data registration and transmission device, and A data distribution mediation method for receiving a determination result of whether or not disclosure is possible by a data owner from the data registration and transmission device and notifying the data reception device of the result.